diff options
| author | Foxfair Hu <foxfair@FreeBSD.org> | 2003-06-18 04:46:34 +0000 |
|---|---|---|
| committer | Foxfair Hu <foxfair@FreeBSD.org> | 2003-06-18 04:46:34 +0000 |
| commit | d2ff3920b864db822f0b8b79edd53f5fd366602c (patch) | |
| tree | d05a7a20fc5aa3513c3389b12bb303257ab8e763 /security/pf | |
| parent | Add patch forgotten with last commit. (diff) | |
PR:
Submitted by: maintainer
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add two patches to solve the following problems:
patch-ab
- resolves a problem with a mbuf-tag in 5.1
- Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr>
patch-ac
- pulls in two critical fixes from OpenBSD patch branch
- Obtained from: OpenBSD
Change BROKEN to IGNORE tag in Makefile, suggested by: kris@
&& bump PORTREVISION.
Notes
Notes:
svn path=/head/; revision=83225
Diffstat (limited to 'security/pf')
| -rw-r--r-- | security/pf/Makefile | 6 | ||||
| -rw-r--r-- | security/pf/files/patch-ab | 70 | ||||
| -rw-r--r-- | security/pf/files/patch-ac | 29 |
3 files changed, 102 insertions, 3 deletions
diff --git a/security/pf/Makefile b/security/pf/Makefile index 264337e12747..918ed8202ada 100644 --- a/security/pf/Makefile +++ b/security/pf/Makefile @@ -7,7 +7,7 @@ PORTNAME= pf_freebsd PORTVERSION= 1.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= http://pf4freebsd.love2party.net/ .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") @@ -47,12 +47,12 @@ PLIST_SUB+= WITH_ALTQ="@comment " .include <bsd.port.pre.mk> .if ${OSVERSION} < 500000 -BROKEN= "Only for 5.0 and above" +IGNORE= "Only for 5.0 and above" .endif .if !exists(${SRC_BASE}/sys/Makefile) && \ (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile) -BROKEN= "Kernel source files required" +IGNORE= "Kernel source files required" .endif .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes") diff --git a/security/pf/files/patch-ab b/security/pf/files/patch-ab new file mode 100644 index 000000000000..0355d57ac1cd --- /dev/null +++ b/security/pf/files/patch-ab @@ -0,0 +1,70 @@ +--- pf/pf_support.h Mon Apr 14 05:54:15 2003 ++++ pf/pf_support.h Tue Jun 17 14:26:33 2003 +@@ -16,10 +16,16 @@ + * Original numbers changed from 11, 12, 13. + * sys/mbuf.h + */ +-#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ +-#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ +-#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ +-#define PACKET_TAG_PF_QID 22 /* PF queue id */ ++#if defined(PACKET_TAG_MACLABEL) ++#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) ++#else ++#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) ++#endif ++#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) ++#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) ++#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) ++#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) ++#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) + + /* + * sys/limits.h +--- pfaltq/pf_support.h Mon Apr 14 06:04:19 2003 ++++ pfaltq/pf_support.h Tue Jun 17 14:26:34 2003 +@@ -16,10 +16,16 @@ + * Original numbers changed from 11, 12, 13. + * sys/mbuf.h + */ +-#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ +-#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ +-#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ +-#define PACKET_TAG_PF_QID 22 /* PF queue id */ ++#if defined(PACKET_TAG_MACLABEL) ++#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) ++#else ++#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) ++#endif ++#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) ++#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) ++#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) ++#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) ++#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) + + /* + * sys/limits.h +--- pfctl/pf_support.h Mon Apr 14 05:55:07 2003 ++++ pfctl/pf_support.h Tue Jun 17 14:26:34 2003 +@@ -16,10 +16,16 @@ + * Original numbers changed from 11, 12, 13. + * sys/mbuf.h + */ +-#define PACKET_TAG_PF_GENERATED 19 /* PF generated, pass always */ +-#define PACKET_TAG_PF_ROUTED 20 /* PF routed, no route loops */ +-#define PACKET_TAG_PF_FRAGCACHE 21 /* PF fragment cached */ +-#define PACKET_TAG_PF_QID 22 /* PF queue id */ ++#if defined(PACKET_TAG_MACLABEL) ++#define PACKET_TAG_FB_END (PACKET_TAG_MACLABEL) ++#else ++#define PACKET_TAG_FB_END (PACKET_TAG_IPFORWARD) ++#endif ++#define PACKET_TAG_PF_GENERATED (PACKET_TAG_FB_END+1) ++#define PACKET_TAG_PF_ROUTED (PACKET_TAG_FB_END+2) ++#define PACKET_TAG_PF_FRAGCACHE (PACKET_TAG_FB_END+3) ++#define PACKET_TAG_PF_QID (PACKET_TAG_FB_END+4) ++#define PACKET_TAG_PF_TAG (PACKET_TAG_FB_END+5) + + /* + * sys/limits.h + diff --git a/security/pf/files/patch-ac b/security/pf/files/patch-ac new file mode 100644 index 000000000000..a239c523bf08 --- /dev/null +++ b/security/pf/files/patch-ac @@ -0,0 +1,29 @@ +--- pf/pf.c Wed May 7 09:33:21 2003 ++++ pf/pf.c Tue Jun 17 17:02:08 2003 +@@ -2837,6 +2837,7 @@ + /* check incoming packet for BINAT/RDR */ + if ((rdr = pf_get_translation(PF_IN, ifp, pd->proto, + saddr, 0, daddr, 0, &naddr, NULL, af)) != NULL) { ++ PF_ACPY(&baddr, daddr, af); + switch (af) { + #ifdef INET + case AF_INET: +@@ -3179,7 +3180,7 @@ + /* Retrans: not more than one window back */ + (ackskew >= -MAXACKWINDOW) && + /* Acking not more than one window back */ +- (ackskew <= MAXACKWINDOW)) { ++ (ackskew <= (MAXACKWINDOW << sws))) { + /* Acking not more than one window forward */ + + (*state)->packets++; +@@ -3346,7 +3347,7 @@ + SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) ? + ' ': '2', + (ackskew >= -MAXACKWINDOW) ? ' ' : '3', +- (ackskew <= MAXACKWINDOW) ? ' ' : '4', ++ (ackskew <= (MAXACKWINDOW << sws)) ? ' ' : '4', + SEQ_GEQ(src->seqhi + MAXACKWINDOW, end) ?' ' :'5', + SEQ_GEQ(seq, src->seqlo - MAXACKWINDOW) ?' ' :'6'); + } + |