Approved by: maintainer

Reformat pkg-install & pkg-message, and add 64-bit platform fix.
Note: pf now register its user as proxy:proxy which uid/gid is 62:62.

5 files changed, 187 insertions, 21 deletions

diff --git a/security/pf/Makefile b/security/pf/Makefile
index 918ed8202ada..2434f5c4a51a 100644
--- a/security/pf/Makefile
+++ b/security/pf/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	pf_freebsd
 PORTVERSION=	1.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
diff --git a/security/pf/files/patch-ad b/security/pf/files/patch-ad
new file mode 100644
index 000000000000..a9ec79cc117c
--- /dev/null
+++ b/security/pf/files/patch-ad
@@ -0,0 +1,161 @@
+--- pfctl/pfctl.c	Sat Jun 21 17:29:45 2003
++++ pfctl/pfctl.c	Sat Jun 21 18:31:19 2003
+@@ -46,6 +46,7 @@
+ #include <err.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <inttypes.h>
+ #include <limits.h>
+ #include <netdb.h>
+ #include <stdio.h>
+@@ -565,8 +566,8 @@
+ 		    rule->qname, rule->qid, rule->pqname, rule->pqid);
+ 	}
+ 	if (opts & PF_OPT_VERBOSE)
+-		printf("[ Evaluations: %-8llu  Packets: %-8llu  "
+-			    "Bytes: %-10llu  States: %-6u]\n\n",
++		printf("[ Evaluations: %-8"PRIu64"  Packets: %-8"PRIu64"  "
++			    "Bytes: %-10"PRIu64"  States: %-6u]\n\n",
+ 			    rule->evaluations, rule->packets,
+ 			    rule->bytes, rule->states);
+ }
+@@ -630,7 +631,7 @@
+ 		case 1:
+ 			if (pr.rule.label[0]) {
+ 				printf("%s ", pr.rule.label);
+-				printf("%llu %llu %llu\n",
++				printf("%"PRIu64" %"PRIu64" %"PRIu64"\n",
+ 				    pr.rule.evaluations, pr.rule.packets,
+ 				    pr.rule.bytes);
+ 			}
+@@ -662,7 +663,7 @@
+ 		case 1:
+ 			if (pr.rule.label[0]) {
+ 				printf("%s ", pr.rule.label);
+-				printf("%llu %llu %llu\n",
++				printf("%"PRIu64" %"PRIu64" %"PRIu64"\n",
+ 				    pr.rule.evaluations, pr.rule.packets,
+ 				    pr.rule.bytes);
+ 			}
+--- pfctl/pfctl_parser.c	Sat Jun 21 17:29:45 2003
++++ pfctl/pfctl_parser.c	Sat Jun 21 18:32:00 2003
+@@ -49,6 +49,7 @@
+ #include <stdarg.h>
+ #include <errno.h>
+ #include <err.h>
++#include <inttypes.h>
+ #include <ifaddrs.h>
+ 
+ #if defined(__FreeBSD__)
+@@ -503,29 +504,29 @@
+ 	if (s->ifname[0] != 0) {
+ 		printf("Interface Stats for %-16s %5s %16s\n",
+ 		    s->ifname, "IPv4", "IPv6");
+-		printf("  %-25s %14llu %16llu\n", "Bytes In",
++		printf("  %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes In",
+ 		    s->bcounters[0][0], s->bcounters[1][0]);
+-		printf("  %-25s %14llu %16llu\n", "Bytes Out",
++		printf("  %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes Out",
+ 		    s->bcounters[0][1], s->bcounters[1][1]);
+ 		printf("  Packets In\n");
+-		printf("    %-23s %14llu %16llu\n", "Passed",
++		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Passed",
+ 		    s->pcounters[0][0][PF_PASS],
+ 		    s->pcounters[1][0][PF_PASS]);
+-		printf("    %-23s %14llu %16llu\n", "Blocked",
++		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Blocked",
+ 		    s->pcounters[0][0][PF_DROP],
+ 		    s->pcounters[1][0][PF_DROP]);
+ 		printf("  Packets Out\n");
+-		printf("    %-23s %14llu %16llu\n", "Passed",
++		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Passed",
+ 		    s->pcounters[0][1][PF_PASS],
+ 		    s->pcounters[1][1][PF_PASS]);
+-		printf("    %-23s %14llu %16llu\n\n", "Blocked",
++		printf("    %-23s %14"PRIu64" %16"PRIu64"\n\n", "Blocked",
+ 		    s->pcounters[0][1][PF_DROP],
+ 		    s->pcounters[1][1][PF_DROP]);
+ 	}
+ 	printf("%-27s %14s %16s\n", "State Table", "Total", "Rate");
+ 	printf("  %-25s %14u %14s\n", "current entries", s->states, "");
+ 	for (i = 0; i < FCNT_MAX; i++) {
+-		printf("  %-25s %14lld ", pf_fcounters[i],
++		printf("  %-25s %14"PRId64" ", pf_fcounters[i],
+ 			    s->fcounters[i]);
+ 		if (runtime > 0)
+ 			printf("%14.1f/s\n",
+@@ -535,7 +536,7 @@
+ 	}
+ 	printf("Counters\n");
+ 	for (i = 0; i < PFRES_MAX; i++) {
+-		printf("  %-25s %14lld ", pf_reasons[i],
++		printf("  %-25s %14"PRId64" ", pf_reasons[i],
+ 		    s->counters[i]);
+ 		if (runtime > 0)
+ 			printf("%14.1f/s\n",
+--- pfctl/pfctl_qstats.c	Sat Jun 21 17:29:45 2003
++++ pfctl/pfctl_qstats.c	Sat Jun 21 18:32:19 2003
+@@ -40,6 +40,7 @@
+ #include <arpa/inet.h>
+ 
+ #include <err.h>
++#include <inttypes.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -280,8 +281,8 @@
+ {
+ 	double	interval;
+ 
+-	printf("[ pkts: %10llu  bytes: %10llu  "
+-	    "dropped pkts: %6llu bytes: %6llu ]\n",
++	printf("[ pkts: %10"PRIu64"  bytes: %10"PRIu64"  "
++	    "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n",
+ 	    cur.data.cbq_stats.xmit_cnt.packets,
+ 	    cur.data.cbq_stats.xmit_cnt.bytes,
+ 	    cur.data.cbq_stats.drop_cnt.packets,
+@@ -306,8 +307,8 @@
+ {
+ 	double	interval;
+ 
+-	printf("[ pkts: %10llu  bytes: %10llu  "
+-	    "dropped pkts: %6llu bytes: %6llu ]\n",
++	printf("[ pkts: %10"PRIu64"  bytes: %10"PRIu64"  "
++	    "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n",
+ 	    cur.data.priq_stats.xmitcnt.packets,
+ 	    cur.data.priq_stats.xmitcnt.bytes,
+ 	    cur.data.priq_stats.dropcnt.packets,
+--- pfctl/pfctl_table.c	Sat Jun 21 17:29:45 2003
++++ pfctl/pfctl_table.c	Sat Jun 21 18:32:36 2003
+@@ -42,6 +42,7 @@
+ #include <ctype.h>
+ #include <err.h>
+ #include <errno.h>
++#include <inttypes.h>
+ #include <netdb.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+@@ -363,11 +364,11 @@
+ 	printf("\tAddresses:   %d\n", ts->pfrts_cnt);
+ 	printf("\tReferences:  %d\n", ts->pfrts_refcnt);
+ 	printf("\tCleared:     %s", ctime(&time));
+-	printf("\tEvaluations: [ NoMatch: %-18llu Match: %-18llu ]\n",
++	printf("\tEvaluations: [ NoMatch: %-18"PRIu64" Match: %-18"PRIu64" ]\n",
+ 	    ts->pfrts_nomatch, ts->pfrts_match);
+ 	for (dir = 0; dir < PFR_DIR_MAX; dir++)
+ 		for (op = 0; op < PFR_OP_TABLE_MAX; op++)
+-			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
++			printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n",
+ 			    stats_text[dir][op],
+ 			    ts->pfrts_packets[dir][op],
+ 			    ts->pfrts_bytes[dir][op]);
+@@ -541,7 +542,7 @@
+ 	printf("\tCleared:     %s", ctime(&time));
+ 	for (dir = 0; dir < PFR_DIR_MAX; dir++)
+ 		for (op = 0; op < PFR_OP_ADDR_MAX; op++)
+-			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
++			printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n",
+ 			    stats_text[dir][op],
+ 			    as->pfras_packets[dir][op],
+ 			    as->pfras_bytes[dir][op]);
+
diff --git a/security/pf/pkg-descr b/security/pf/pkg-descr
index 2693841e8996..5c07b5310fa5 100644
--- a/security/pf/pkg-descr
+++ b/security/pf/pkg-descr
@@ -1,13 +1,12 @@
-This is a port of OpenBSD's pf (packet filter) to FreeBSD as a loadable
-kernel module ported by Pyun YongHyeon. Information about pf can be found 
-at: http://www.benzedrine.cx/pf.html the website of Daniel Hartmeier the
-original author of pf.
-You have to have:
-=========================================================================
-options		PFIL_HOOKS
-options		RANDOM_IP_ID	# Recommend, but may work without
-=========================================================================
-in your kernel in order to use pf.
+Packet Filter (from here on referred to as PF) is OpenBSD's system for 
+filtering TCP/IP traffic and doing Network Address Translation. PF is also 
+capable of normalizing and conditioning TCP/IP traffic and providing bandwidth
+control and packet prioritization. 
+
+Information about pf can be found at the website of Daniel Hartmeier, the
+original author of PF: http://www.benzedrine.cx/pf.html and OpenBSD PF FAQ: 
+
+http://www.openbsd.org/faq/pf/
 
 WWW: http://pf4freebsd.love2party.net/
 
diff --git a/security/pf/pkg-install b/security/pf/pkg-install
index 54c2701fa49b..b58135207a56 100644
--- a/security/pf/pkg-install
+++ b/security/pf/pkg-install
@@ -108,7 +108,7 @@ check_group() {
 	fi
     fi
     echo ""
-    echo "I was not able to add group 'proxy:*:71:' as pw reported:"
+    echo "I was not able to add group 'proxy:*:62:' as pw reported:"
     pw groupadd -g $id -n $name -N
     echo "Please correct this and try again!"
     echo ""
@@ -176,12 +176,12 @@ PRE-INSTALL)
 	echo "Adding sample entry for ftp-proxy to /etc/inetd.conf"
 	echo "#ftp-proxy stream tcp nowait root ${PKG_PREFIX}/libexec/ftp-proxy ftp-proxy" >> /etc/inetd.conf
     fi
-    if ! check_group proxy 71 ; then 
+    if ! check_group proxy 62 ; then 
 	exit 1
     fi
     groupid=`pw groupshow proxy | awk \
 		'{ split ($1,var,":"); print var[3] }' `
-    if ! check_user proxy 71 $groupid; then
+    if ! check_user proxy 62 $groupid; then
 	exit 1
     fi
     ;;
diff --git a/security/pf/pkg-message b/security/pf/pkg-message
index 8e55984e22c5..02f150ce6ffb 100644
--- a/security/pf/pkg-message
+++ b/security/pf/pkg-message
@@ -1,9 +1,15 @@
-===========================================================================
-Please set the folloing variables in /etc/rc.conf according to your needs:
+To use pf, please follow these steps:
 
-pf_enable 	= "Yes"
-pf_logd	  	= "Yes"
-pf_conf		= "%%PREFIX%%/etc/pf.conf"
+1. Add kernel options into your kernel config file and recompile kernel:
 
-They are used within %%PREFIX%%/etc/rc.d/pf.sh to bring pf up!
-===========================================================================
+device          bpf
+options         PFIL_HOOKS
+options         RANDOM_IP_ID
+
+2. Please set the following variables in /etc/rc.conf according to your needs:
+
+pf_enable="Yes"
+pf_logd="Yes"
+pf_conf="%%PREFIX%%/etc/pf.conf"
+
+3. Check %%PREFIX%%/etc/rc.d/pf.sh, it is the startup script for pf!