- Remove bogus file from patches

PR: 58354 Submitted by: maintainer No cookie for: edwin
author: Kirill Ponomarev <krion@FreeBSD.org> 2003-10-21 23:08:50 +0000
committer: Kirill Ponomarev <krion@FreeBSD.org> 2003-10-21 23:08:50 +0000
commit: b8e7204389a63fc449d6f86529e99d5444739880 (patch)
tree: 057adf811218a9efe157530a5bac8495e4939380 /security
parent: - Mark broken on alpha-5.x (diff)
1 files changed, 0 insertions, 1523 deletions
diff --git a/security/pf/files/pf-port.diff b/security/pf/files/pf-port.diff
deleted file mode 100644
index 94d44631cab7..000000000000
--- a/security/pf/files/pf-port.diff
+++ /dev/null
@@ -1,1523 +0,0 @@
-diff -ruN /usr/ports/security/pf/Makefile pf/Makefile
---- /usr/ports/security/pf/Makefile	Fri Aug 29 05:14:03 2003
-+++ pf/Makefile	Sat Sep 27 14:32:18 2003
-@@ -6,8 +6,7 @@
- #
- 
- PORTNAME=	pf_freebsd
--PORTVERSION=	1.0
--PORTREVISION=	7
-+PORTVERSION=	1.65
- CATEGORIES=	security ipv6
- MASTER_SITES=	http://pf4freebsd.love2party.net/
- .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
-@@ -24,11 +23,12 @@
- 
- STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/pf.sh.sample
- SAMPLE_CONFIG=  ${PREFIX}/etc/pf.conf.default
-+SAMPLE_PFOS=	${PREFIX}/etc/pf.os
- 
- MAN1=		pftcpdump.1
- MAN4=		pf.4 pflog.4 pfsync.4
--MAN5=		pf.conf.5
--MAN8=		ftp-proxy.8 pfctl.8 pflogd.8 pftop.8
-+MAN5=		pf.conf.5 pf.os.5
-+MAN8=		ftp-proxy.8 pfctl.8 pflogd.8
- 
- MANCOMPRESSED=	maybe
- 
-@@ -57,54 +57,72 @@
- 
- .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
- pre-fetch:
--	@${ECHO_CMD} "======================================================="
--	@${ECHO_CMD} "* If you have ALTQ support from:                      *"
--	@${ECHO_CMD} "*   http://www.rofug.ro/projects/freebsd-altq/        *"
--	@${ECHO_CMD} "* You can may define WITH_ALTQ=yes to make use of it  *"
--	@${ECHO_CMD} "* Please define SYS_ALTQ to point to the patched src  *"
--	@${ECHO_CMD} "*                                                     *"
--	@${ECHO_CMD} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=${SRC_BASE}/sys.altq *"
--	@${ECHO_CMD} "*                                                     *"
--	@${ECHO_CMD} "======================================================="
-+	@${ECHO_MSG} "======================================================="
-+	@${ECHO_MSG} "* If you have ALTQ support from:                      *"
-+	@${ECHO_MSG} "*   http://www.nipsi.de/altq/index.html               *"
-+	@${ECHO_MSG} "* You can may define WITH_ALTQ=yes to make use of it  *"
-+	@${ECHO_MSG} "* Please define SYS_ALTQ to point to the patched src  *"
-+	@${ECHO_MSG} "*                                                     *"
-+	@${ECHO_MSG} "* e.g.: make WITH_ALTQ=yes SYS_ALTQ=/usr/src/sys.altq *"
-+	@${ECHO_MSG} "*                                                     *"
-+	@${ECHO_MSG} "======================================================="
- 	@sleep 2
- .endif
- 
--pre-install:
-+post-patch:
-+	@${CP} ${WRKSRC}/pfctl/pfctl_parser.h \
-+		${WRKSRC}/pfctl/pfctl_parser.h.orig
-+	@${SED} -e 's!%%PREFIX%%!${PREFIX}!' 		\
-+		${WRKSRC}/pfctl/pfctl_parser.h.orig > 	\
-+		${WRKSRC}/pfctl/pfctl_parser.h
-+pre-su-install:
- 	${MKDIR} ${KMODDIR}
- 	${MKDIR} ${PREFIX}/include/pf
- 	${MKDIR} ${PREFIX}/include/pf/net
-+.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
-+	${MKDIR} ${PREFIX}/include/pf/altq
-+.endif
- .if !defined(BATCH) && !defined(PACKAGE_BUILDING)
- 	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
- .endif
- 
- post-install:
--	${ECHO} "Installing include files ..."
-+	${ECHO_MSG} "Installing include files ..."
- 	${INSTALL_DATA} ${WRKSRC}/include/net/pfvar.h 			\
--	${PREFIX}/include/pf/net
-+		${PREFIX}/include/pf/net
- 	${INSTALL_DATA} ${WRKSRC}/include/net/if_pflog.h 		\
--	${PREFIX}/include/pf/net
-+		${PREFIX}/include/pf/net
- 	${INSTALL_DATA} ${WRKSRC}/include/net/if_pfsync.h 		\
--	${PREFIX}/include/pf/net
-+		${PREFIX}/include/pf/net
-+.if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
-+	${INSTALL_DATA} ${WRKSRC}/include/altq/*.h			\
-+		${PREFIX}/include/pf/altq
-+.endif
- 	@if [ -f ${WRKSRC}/man/pf.4.gz ]; then				\
--		${ECHO} "Installing pftcpdump(1) man page.";		\
-+		${ECHO_MSG} "Installing pftcpdump(1) man page.";	\
- 		${GZIP_CMD} -cn ${WRKSRC}/freebsd_tcpdump/tcpdump.1 >	\
- 			 ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz ;	\
- 		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1.gz	\
--		${PREFIX}/man/man1/pftcpdump.1.gz ;			\
-+			${PREFIX}/man/man1/pftcpdump.1.gz ;		\
- 	else								\
--		${ECHO} "Installing pftcpdump(1) man page.";		\
-+		${ECHO_MSG} "Installing pftcpdump(1) man page.";	\
- 		${INSTALL_MAN} ${WRKSRC}/freebsd_tcpdump/tcpdump.1	\
--		${PREFIX}/man/man1/pftcpdump.1 ;			\
-+			${PREFIX}/man/man1/pftcpdump.1 ;		\
- 	fi
- 	@if [ ! -f ${STARTUP_SCRIPT} ]; then				\
--		${ECHO} "Installing ${STARTUP_SCRIPT} startup file." ;	\
-+		${ECHO_MSG} "Installing ${STARTUP_SCRIPT} startup file." ; \
- 		${INSTALL_SCRIPT} ${FILESDIR}/pf.sh.sample		\
--		${STARTUP_SCRIPT} ;					\
-+			${STARTUP_SCRIPT} ;				\
- 	fi
- 	@if [ ! -f ${SAMPLE_CONFIG} ]; then				\
--		${ECHO} "Installing ${SAMPLE_CONFIG} config file." ;	\
-+		${ECHO_MSG} "Installing ${SAMPLE_CONFIG} config file." ; \
- 		${INSTALL_DATA} ${FILESDIR}/pf.conf.default		\
--		${SAMPLE_CONFIG};					\
-+			${SAMPLE_CONFIG};				\
-+	fi
-+	@if [ ! -f ${SAMPLE_PFOS} ]; then				\
-+		${ECHO_MSG} "Installing ${SAMPLE_PFOS} config file.";	\
-+		${INSTALL_DATA} ${FILESDIR}/pf.os.default		\
-+			${SAMPLE_PFOS};					\
- 	fi
- 	${SED} -e 's!%%PREFIX%%!${PREFIX}!' ${PKGMESSAGE}
- 
-diff -ruN /usr/ports/security/pf/distinfo pf/distinfo
---- /usr/ports/security/pf/distinfo	Fri Jun 13 03:09:29 2003
-+++ pf/distinfo	Sat Sep 27 13:31:03 2003
-@@ -1 +1 @@
--MD5 (pf_freebsd_1.0.tar.gz) = 66b573f0f6884b61f41240111425b93e
-+MD5 (pf_freebsd_1.65.tar.gz) = 6956f275a7b971ab07f4ee8e0bdd83e0
-diff -ruN /usr/ports/security/pf/files/patch-aa pf/files/patch-aa
---- /usr/ports/security/pf/files/patch-aa	Mon Jun 16 05:14:27 2003
-+++ pf/files/patch-aa	Sat Sep 27 10:18:08 2003
-@@ -1,32 +1,11 @@
----- freebsd_tcpdump/print-pflog.c.orig	Fri Jun 13 18:14:50 2003
--+++ freebsd_tcpdump/print-pflog.c	Fri Jun 13 18:15:39 2003
--@@ -64,7 +64,9 @@
-- 	u_int length = h->len;
-- 	u_int caplen = h->caplen;
-- 	const struct ip *ip;
--+#ifdef INET6
-- 	const struct ip6_hdr *ip6;
--+#endif
-- 	const struct pfloghdr *hdr;
-- 	u_short res;
-- 	char reason[128], *why;
--@@ -129,13 +131,16 @@
-- 		if (xflag)
-- 			default_print((const u_char *)ip,
-- 			    caplen - PFLOG_HDRLEN);
---	} else {
--+	} 
--+#ifdef INET6
--+	else {
-- 		ip6 = (struct ip6_hdr *)(p + PFLOG_HDRLEN);
-- 		ip6_print((const u_char *)ip6, length);
-- 		if (xflag)
-- 			default_print((const u_char *)ip6,
-- 			    caplen - PFLOG_HDRLEN);
-- 	}
--+#endif
-+--- Makefile.orig	Sat Sep 27 10:17:32 2003
-++++ Makefile	Sat Sep 27 10:17:46 2003
-+@@ -6,7 +6,7 @@
-+ SUBDIR= libpcap
-+ .endif
-+ 
-+-SUBDIR+= pfctl authpf ftp-proxy man pf pflog pfsync
-++SUBDIR+= pfctl ftp-proxy man pf pflog pfsync
-+ 
-+ .include "include/mk/util.mk"
-  
-- out:
-- 	putchar('\n');
--
--
-diff -ruN /usr/ports/security/pf/files/patch-ab pf/files/patch-ab
---- /usr/ports/security/pf/files/patch-ab	Wed Jun 18 06:46:34 2003
-+++ pf/files/patch-ab	Sat Sep 27 10:41:00 2003
-@@ -1,70 +1,11 @@
----- pf/pf_support.h	Mon Apr 14 05:54:15 2003
--+++ pf/pf_support.h	Tue Jun 17 14:26:33 2003
--@@ -16,10 +16,16 @@
--  * Original numbers changed from 11, 12, 13.
--  * sys/mbuf.h
--  */
---#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
---#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
---#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
---#define PACKET_TAG_PF_QID		22 /* PF queue id */
--+#if defined(PACKET_TAG_MACLABEL)
--+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
--+#else
--+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
--+#endif
--+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
--+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
--+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
--+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
--+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
-+--- pfctl/pfctl_parser.h.orig	Sat Sep 27 10:39:47 2003
-++++ pfctl/pfctl_parser.h	Sat Sep 27 10:40:21 2003
-+@@ -33,7 +33,7 @@
-+ #ifndef _PFCTL_PARSER_H_
-+ #define _PFCTL_PARSER_H_
-  
-- /*
--  * sys/limits.h
----- pfaltq/pf_support.h	Mon Apr 14 06:04:19 2003
--+++ pfaltq/pf_support.h	Tue Jun 17 14:26:34 2003
--@@ -16,10 +16,16 @@
--  * Original numbers changed from 11, 12, 13.
--  * sys/mbuf.h
--  */
---#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
---#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
---#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
---#define PACKET_TAG_PF_QID		22 /* PF queue id */
--+#if defined(PACKET_TAG_MACLABEL)
--+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
--+#else
--+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
--+#endif
--+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
--+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
--+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
--+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
--+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
-+-#define PF_OSFP_FILE		"/etc/pf.os"
-++#define PF_OSFP_FILE		"%%PREFIX%%/etc/pf.os"
-  
-- /*
--  * sys/limits.h
----- pfctl/pf_support.h	Mon Apr 14 05:55:07 2003
--+++ pfctl/pf_support.h	Tue Jun 17 14:26:34 2003
--@@ -16,10 +16,16 @@
--  * Original numbers changed from 11, 12, 13.
--  * sys/mbuf.h
--  */
---#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
---#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
---#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
---#define PACKET_TAG_PF_QID		22 /* PF queue id */
--+#if defined(PACKET_TAG_MACLABEL)
--+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
--+#else
--+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
--+#endif
--+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
--+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
--+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
--+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
--+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
-- 
-- /*
--  * sys/limits.h
--
-+ #define PF_OPT_DISABLE		0x0001
-+ #define PF_OPT_ENABLE		0x0002
-diff -ruN /usr/ports/security/pf/files/patch-ac pf/files/patch-ac
---- /usr/ports/security/pf/files/patch-ac	Wed Jun 18 06:46:34 2003
-+++ pf/files/patch-ac	Sun Sep 28 14:04:09 2003
-@@ -1,29 +1,24 @@
----- pf/pf.c	Wed May  7 09:33:21 2003
--+++ pf/pf.c	Tue Jun 17 17:02:08 2003
--@@ -2837,6 +2837,7 @@
-- 		/* check incoming packet for BINAT/RDR */
-- 		if ((rdr = pf_get_translation(PF_IN, ifp, pd->proto,
-- 		    saddr, 0, daddr, 0, &naddr, NULL, af)) != NULL) {
--+			PF_ACPY(&baddr, daddr, af);
-- 			switch (af) {
-- #ifdef INET
-- 			case AF_INET:
--@@ -3179,7 +3180,7 @@
-- 	    /* Retrans: not more than one window back */
-- 	    (ackskew >= -MAXACKWINDOW) &&
-- 	    /* Acking not more than one window back */
---	    (ackskew <= MAXACKWINDOW)) {
--+	    (ackskew <= (MAXACKWINDOW << sws))) {
-- 	    /* Acking not more than one window forward */
-- 
-- 		(*state)->packets++;
--@@ -3346,7 +3347,7 @@
-- 			    SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) ?
-- 			    ' ': '2',
-- 			    (ackskew >= -MAXACKWINDOW) ? ' ' : '3',
---			    (ackskew <= MAXACKWINDOW) ? ' ' : '4',
--+			    (ackskew <= (MAXACKWINDOW << sws)) ? ' ' : '4',
-- 			    SEQ_GEQ(src->seqhi + MAXACKWINDOW, end) ?' ' :'5',
-- 			    SEQ_GEQ(seq, src->seqlo - MAXACKWINDOW) ?' ' :'6');
-- 		}
--
-+--- pf/pf_ioctl.c.orig	Sun Sep 28 15:00:08 2003
-++++ pf/pf_ioctl.c	Sun Sep 28 15:00:16 2003
-+@@ -201,7 +201,7 @@
-+ 	/* psize */	nopsize,
-+ 	/* flags */	0,
-+ 	/* kqfilter */	nokqfilter,
-+-#else
-++#elif (__FreeBSD_version < 501109)
-+ 	.d_open =	pfopen,
-+ 	.d_close =	pfclose,
-+ 	.d_read =	noread,
-+@@ -215,6 +215,12 @@
-+ 	.d_dump =	nodump,
-+ 	.d_flags =	0,
-+ 	.d_kqfilter =	nokqfilter,
-++#else
-++	.d_open =	pfopen,
-++	.d_close =	pfclose,
-++	.d_ioctl =	pfioctl,
-++	.d_name =	PF_NAME,
-++	.d_flags =	0,
-+ #endif
-+ };
-+ #endif /* __FreeBSD__ */
-diff -ruN /usr/ports/security/pf/files/patch-ad pf/files/patch-ad
---- /usr/ports/security/pf/files/patch-ad	Thu Jun 26 18:20:13 2003
-+++ pf/files/patch-ad	Thu Jan  1 01:00:00 1970
-@@ -1,161 +0,0 @@
----- pfctl/pfctl.c	Sat Jun 21 17:29:45 2003
--+++ pfctl/pfctl.c	Sat Jun 21 18:31:19 2003
--@@ -46,6 +46,7 @@
-- #include <err.h>
-- #include <errno.h>
-- #include <fcntl.h>
--+#include <inttypes.h>
-- #include <limits.h>
-- #include <netdb.h>
-- #include <stdio.h>
--@@ -565,8 +566,8 @@
-- 		    rule->qname, rule->qid, rule->pqname, rule->pqid);
-- 	}
-- 	if (opts & PF_OPT_VERBOSE)
---		printf("[ Evaluations: %-8llu  Packets: %-8llu  "
---			    "Bytes: %-10llu  States: %-6u]\n\n",
--+		printf("[ Evaluations: %-8"PRIu64"  Packets: %-8"PRIu64"  "
--+			    "Bytes: %-10"PRIu64"  States: %-6u]\n\n",
-- 			    rule->evaluations, rule->packets,
-- 			    rule->bytes, rule->states);
-- }
--@@ -630,7 +631,7 @@
-- 		case 1:
-- 			if (pr.rule.label[0]) {
-- 				printf("%s ", pr.rule.label);
---				printf("%llu %llu %llu\n",
--+				printf("%"PRIu64" %"PRIu64" %"PRIu64"\n",
-- 				    pr.rule.evaluations, pr.rule.packets,
-- 				    pr.rule.bytes);
-- 			}
--@@ -662,7 +663,7 @@
-- 		case 1:
-- 			if (pr.rule.label[0]) {
-- 				printf("%s ", pr.rule.label);
---				printf("%llu %llu %llu\n",
--+				printf("%"PRIu64" %"PRIu64" %"PRIu64"\n",
-- 				    pr.rule.evaluations, pr.rule.packets,
-- 				    pr.rule.bytes);
-- 			}
----- pfctl/pfctl_parser.c	Sat Jun 21 17:29:45 2003
--+++ pfctl/pfctl_parser.c	Sat Jun 21 18:32:00 2003
--@@ -49,6 +49,7 @@
-- #include <stdarg.h>
-- #include <errno.h>
-- #include <err.h>
--+#include <inttypes.h>
-- #include <ifaddrs.h>
-- 
-- #if defined(__FreeBSD__)
--@@ -503,29 +504,29 @@
-- 	if (s->ifname[0] != 0) {
-- 		printf("Interface Stats for %-16s %5s %16s\n",
-- 		    s->ifname, "IPv4", "IPv6");
---		printf("  %-25s %14llu %16llu\n", "Bytes In",
--+		printf("  %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes In",
-- 		    s->bcounters[0][0], s->bcounters[1][0]);
---		printf("  %-25s %14llu %16llu\n", "Bytes Out",
--+		printf("  %-25s %14"PRIu64" %16"PRIu64"\n", "Bytes Out",
-- 		    s->bcounters[0][1], s->bcounters[1][1]);
-- 		printf("  Packets In\n");
---		printf("    %-23s %14llu %16llu\n", "Passed",
--+		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Passed",
-- 		    s->pcounters[0][0][PF_PASS],
-- 		    s->pcounters[1][0][PF_PASS]);
---		printf("    %-23s %14llu %16llu\n", "Blocked",
--+		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Blocked",
-- 		    s->pcounters[0][0][PF_DROP],
-- 		    s->pcounters[1][0][PF_DROP]);
-- 		printf("  Packets Out\n");
---		printf("    %-23s %14llu %16llu\n", "Passed",
--+		printf("    %-23s %14"PRIu64" %16"PRIu64"\n", "Passed",
-- 		    s->pcounters[0][1][PF_PASS],
-- 		    s->pcounters[1][1][PF_PASS]);
---		printf("    %-23s %14llu %16llu\n\n", "Blocked",
--+		printf("    %-23s %14"PRIu64" %16"PRIu64"\n\n", "Blocked",
-- 		    s->pcounters[0][1][PF_DROP],
-- 		    s->pcounters[1][1][PF_DROP]);
-- 	}
-- 	printf("%-27s %14s %16s\n", "State Table", "Total", "Rate");
-- 	printf("  %-25s %14u %14s\n", "current entries", s->states, "");
-- 	for (i = 0; i < FCNT_MAX; i++) {
---		printf("  %-25s %14lld ", pf_fcounters[i],
--+		printf("  %-25s %14"PRId64" ", pf_fcounters[i],
-- 			    s->fcounters[i]);
-- 		if (runtime > 0)
-- 			printf("%14.1f/s\n",
--@@ -535,7 +536,7 @@
-- 	}
-- 	printf("Counters\n");
-- 	for (i = 0; i < PFRES_MAX; i++) {
---		printf("  %-25s %14lld ", pf_reasons[i],
--+		printf("  %-25s %14"PRId64" ", pf_reasons[i],
-- 		    s->counters[i]);
-- 		if (runtime > 0)
-- 			printf("%14.1f/s\n",
----- pfctl/pfctl_qstats.c	Sat Jun 21 17:29:45 2003
--+++ pfctl/pfctl_qstats.c	Sat Jun 21 18:32:19 2003
--@@ -40,6 +40,7 @@
-- #include <arpa/inet.h>
-- 
-- #include <err.h>
--+#include <inttypes.h>
-- #include <stdio.h>
-- #include <stdlib.h>
-- #include <string.h>
--@@ -280,8 +281,8 @@
-- {
-- 	double	interval;
-- 
---	printf("[ pkts: %10llu  bytes: %10llu  "
---	    "dropped pkts: %6llu bytes: %6llu ]\n",
--+	printf("[ pkts: %10"PRIu64"  bytes: %10"PRIu64"  "
--+	    "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n",
-- 	    cur.data.cbq_stats.xmit_cnt.packets,
-- 	    cur.data.cbq_stats.xmit_cnt.bytes,
-- 	    cur.data.cbq_stats.drop_cnt.packets,
--@@ -306,8 +307,8 @@
-- {
-- 	double	interval;
-- 
---	printf("[ pkts: %10llu  bytes: %10llu  "
---	    "dropped pkts: %6llu bytes: %6llu ]\n",
--+	printf("[ pkts: %10"PRIu64"  bytes: %10"PRIu64"  "
--+	    "dropped pkts: %6"PRIu64" bytes: %6"PRIu64" ]\n",
-- 	    cur.data.priq_stats.xmitcnt.packets,
-- 	    cur.data.priq_stats.xmitcnt.bytes,
-- 	    cur.data.priq_stats.dropcnt.packets,
----- pfctl/pfctl_table.c	Sat Jun 21 17:29:45 2003
--+++ pfctl/pfctl_table.c	Sat Jun 21 18:32:36 2003
--@@ -42,6 +42,7 @@
-- #include <ctype.h>
-- #include <err.h>
-- #include <errno.h>
--+#include <inttypes.h>
-- #include <netdb.h>
-- #include <stdarg.h>
-- #include <stdio.h>
--@@ -363,11 +364,11 @@
-- 	printf("\tAddresses:   %d\n", ts->pfrts_cnt);
-- 	printf("\tReferences:  %d\n", ts->pfrts_refcnt);
-- 	printf("\tCleared:     %s", ctime(&time));
---	printf("\tEvaluations: [ NoMatch: %-18llu Match: %-18llu ]\n",
--+	printf("\tEvaluations: [ NoMatch: %-18"PRIu64" Match: %-18"PRIu64" ]\n",
-- 	    ts->pfrts_nomatch, ts->pfrts_match);
-- 	for (dir = 0; dir < PFR_DIR_MAX; dir++)
-- 		for (op = 0; op < PFR_OP_TABLE_MAX; op++)
---			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
--+			printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n",
-- 			    stats_text[dir][op],
-- 			    ts->pfrts_packets[dir][op],
-- 			    ts->pfrts_bytes[dir][op]);
--@@ -541,7 +542,7 @@
-- 	printf("\tCleared:     %s", ctime(&time));
-- 	for (dir = 0; dir < PFR_DIR_MAX; dir++)
-- 		for (op = 0; op < PFR_OP_ADDR_MAX; op++)
---			printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
--+			printf("\t%-12s [ Packets: %-18"PRIu64" Bytes: %-18"PRIu64" ]\n",
-- 			    stats_text[dir][op],
-- 			    as->pfras_packets[dir][op],
-- 			    as->pfras_bytes[dir][op]);
--
-diff -ruN /usr/ports/security/pf/files/patch-ae pf/files/patch-ae
---- /usr/ports/security/pf/files/patch-ae	Fri Jul  4 03:28:53 2003
-+++ pf/files/patch-ae	Thu Jan  1 01:00:00 1970
-@@ -1,13 +0,0 @@
----- pf/pf_norm.c	7 Apr 2003 15:31:41 -0000	1.2
--+++ pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
--@@ -747,6 +747,9 @@
-- 				 */
-- #if defined(__FreeBSD__)
-- 				*m0 = m_dup(m, M_NOWAIT);
--+				/* From KAME Project : We have missed this! */
--+				m_adj(*m0, (h->ip_hl << 2) -
--+				    (*m0)->m_pkthdr.len);
-- #else
-- 				*m0 = m_copym2(m, 0, h->ip_hl << 2, M_NOWAIT);
-- #endif
--
-diff -ruN /usr/ports/security/pf/files/patch-af pf/files/patch-af
---- /usr/ports/security/pf/files/patch-af	Fri Jul 18 03:51:24 2003
-+++ pf/files/patch-af	Thu Jan  1 01:00:00 1970
-@@ -1,19 +0,0 @@
----- pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
--+++ pf/pf_norm.c	14 Jul 2003 07:11:17 -0000	1.2.16.2
--@@ -1050,12 +1050,12 @@
-- 		goto bad;
-- 	}
-- 
---	max = fragoff + ip_len;
-- 	/* Respect maximum length */
---	if (max > IP_MAXPACKET) {
---		DPFPRINTF(("max packet %d\n", max));
--+	if (fragoff + ip_len > IP_MAXPACKET) {
--+		DPFPRINTF(("max packet %d\n", fragoff + ip_len));
-- 		goto bad;
-- 	}
--+	max = fragoff + ip_len;
-- 
-- 	if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) {
-- 		/* Fully buffer all of the fragments */
--
-diff -ruN /usr/ports/security/pf/files/patch-ag pf/files/patch-ag
---- /usr/ports/security/pf/files/patch-ag	Fri Aug 29 05:14:03 2003
-+++ pf/files/patch-ag	Thu Jan  1 01:00:00 1970
-@@ -1,383 +0,0 @@
----- pf/pf_norm.c	Fri Aug 29 03:31:24 2003
--+++ pf/pf_norm.c	Fri Aug 29 03:40:58 2003
--@@ -117,10 +117,10 @@
-- void			 pf_flush_fragments(void);
-- void			 pf_free_fragment(struct pf_fragment *);
-- struct pf_fragment	*pf_find_fragment(struct ip *, struct pf_frag_tree *);
---struct mbuf		*pf_reassemble(struct mbuf **, struct pf_fragment *,
--+struct mbuf		*pf_reassemble(struct mbuf **, struct pf_fragment **,
-- 			    struct pf_frent *, int);
-- struct mbuf		*pf_fragcache(struct mbuf **, struct ip*,
---			    struct pf_fragment *, int, int, int *);
--+			    struct pf_fragment **, int, int, int *);
-- u_int16_t		 pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t);
-- int			 pf_normalize_tcp(int, struct ifnet *, struct mbuf *,
-- 			    int, int, void *, struct pf_pdesc *);
--@@ -385,7 +385,7 @@
-- }
-- 
-- struct mbuf *
---pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
--+pf_reassemble(struct mbuf **m0, struct pf_fragment **frag,
--     struct pf_frent *frent, int mff)
-- {
-- 	struct mbuf	*m = *m0, *m2;
--@@ -397,10 +397,10 @@
-- 	u_int16_t	 max = ip->ip_len + off;
-- 
-- #if defined(__FreeBSD__)
---	KASSERT((frag == NULL || BUFFER_FRAGMENTS(frag)),
---	    ("! (frag == NULL || BUFFER_FRAGMENTS(frag)): %s", __FUNCTION__));
--+	KASSERT((*frag == NULL || BUFFER_FRAGMENTS(*frag)),
--+	    ("! (*frag == NULL || BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__));
-- #else
---	KASSERT(frag == NULL || BUFFER_FRAGMENTS(frag));
--+	KASSERT(*frag == NULL || BUFFER_FRAGMENTS(*frag));
-- #endif
-- 
-- 	/* Strip off ip header */
--@@ -408,38 +408,38 @@
-- 	m->m_len -= hlen;
-- 
-- 	/* Create a new reassembly queue for this packet */
---	if (frag == NULL) {
--+	if (*frag == NULL) {
-- #if defined(__FreeBSD__)
---		frag = uma_zalloc(pf_frag_pl, M_NOWAIT);
--+		*frag = uma_zalloc(pf_frag_pl, M_NOWAIT);
-- #else
---		frag = pool_get(&pf_frag_pl, PR_NOWAIT);
--+		*frag = pool_get(&pf_frag_pl, PR_NOWAIT);
-- #endif
---		if (frag == NULL) {
--+		if (*frag == NULL) {
-- 			pf_flush_fragments();
-- #if defined(__FreeBSD__)
---			frag = uma_zalloc(pf_frag_pl, M_NOWAIT);
--+			*frag = uma_zalloc(pf_frag_pl, M_NOWAIT);
-- #else
---			frag = pool_get(&pf_frag_pl, PR_NOWAIT);
--+			*frag = pool_get(&pf_frag_pl, PR_NOWAIT);
-- #endif
---			if (frag == NULL)
--+			if (*frag == NULL)
-- 				goto drop_fragment;
-- 		}
-- 
---		frag->fr_flags = 0;
---		frag->fr_max = 0;
---		frag->fr_src = frent->fr_ip->ip_src;
---		frag->fr_dst = frent->fr_ip->ip_dst;
---		frag->fr_p = frent->fr_ip->ip_p;
---		frag->fr_id = frent->fr_ip->ip_id;
--+		(*frag)->fr_flags = 0;
--+		(*frag)->fr_max = 0;
--+		(*frag)->fr_src = frent->fr_ip->ip_src;
--+		(*frag)->fr_dst = frent->fr_ip->ip_dst;
--+		(*frag)->fr_p = frent->fr_ip->ip_p;
--+		(*frag)->fr_id = frent->fr_ip->ip_id;
-- #if defined(__FreeBSD__)
---		frag->fr_timeout = time_second;
--+		(*frag)->fr_timeout = time_second;
-- #else
---		frag->fr_timeout = time.tv_sec;
--+		(*frag)->fr_timeout = time.tv_sec;
-- #endif
---		LIST_INIT(&frag->fr_queue);
--+		LIST_INIT(&(*frag)->fr_queue);
-- 
---		RB_INSERT(pf_frag_tree, &pf_frag_tree, frag);
---		TAILQ_INSERT_HEAD(&pf_fragqueue, frag, frag_next);
--+		RB_INSERT(pf_frag_tree, &pf_frag_tree, *frag);
--+		TAILQ_INSERT_HEAD(&pf_fragqueue, *frag, frag_next);
-- 
-- 		/* We do not have a previous fragment */
-- 		frep = NULL;
--@@ -450,7 +450,7 @@
-- 	 * Find a fragment after the current one:
-- 	 *  - off contains the real shifted offset.
-- 	 */
---	LIST_FOREACH(frea, &frag->fr_queue, fr_next) {
--+	LIST_FOREACH(frea, &(*frag)->fr_queue, fr_next) {
-- 		if (frea->fr_ip->ip_off > off)
-- 			break;
-- 		frep = frea;
--@@ -503,41 +503,41 @@
-- 
--  insert:
-- 	/* Update maximum data size */
---	if (frag->fr_max < max)
---		frag->fr_max = max;
--+	if ((*frag)->fr_max < max)
--+		(*frag)->fr_max = max;
-- 	/* This is the last segment */
-- 	if (!mff)
---		frag->fr_flags |= PFFRAG_SEENLAST;
--+		(*frag)->fr_flags |= PFFRAG_SEENLAST;
-- 
-- 	if (frep == NULL)
---		LIST_INSERT_HEAD(&frag->fr_queue, frent, fr_next);
--+		LIST_INSERT_HEAD(&(*frag)->fr_queue, frent, fr_next);
-- 	else
-- 		LIST_INSERT_AFTER(frep, frent, fr_next);
-- 
-- 	/* Check if we are completely reassembled */
---	if (!(frag->fr_flags & PFFRAG_SEENLAST))
--+	if (!((*frag)->fr_flags & PFFRAG_SEENLAST))
-- 		return (NULL);
-- 
-- 	/* Check if we have all the data */
-- 	off = 0;
---	for (frep = LIST_FIRST(&frag->fr_queue); frep; frep = next) {
--+	for (frep = LIST_FIRST(&(*frag)->fr_queue); frep; frep = next) {
-- 		next = LIST_NEXT(frep, fr_next);
-- 
-- 		off += frep->fr_ip->ip_len;
---		if (off < frag->fr_max &&
--+		if (off < (*frag)->fr_max &&
-- 		    (next == NULL || next->fr_ip->ip_off != off)) {
-- 			DPFPRINTF(("missing fragment at %d, next %d, max %d\n",
-- 			    off, next == NULL ? -1 : next->fr_ip->ip_off,
---			    frag->fr_max));
--+			    (*frag)->fr_max));
-- 			return (NULL);
-- 		}
-- 	}
---	DPFPRINTF(("%d < %d?\n", off, frag->fr_max));
---	if (off < frag->fr_max)
--+	DPFPRINTF(("%d < %d?\n", off, (*frag)->fr_max));
--+	if (off < (*frag)->fr_max)
-- 		return (NULL);
-- 
-- 	/* We have all the data */
---	frent = LIST_FIRST(&frag->fr_queue);
--+	frent = LIST_FIRST(&(*frag)->fr_queue);
-- #if defined(__FreeBSD__)
-- 	KASSERT((frent != NULL), ("frent == NULL: %s", __FUNCTION__));
-- #else
--@@ -545,7 +545,8 @@
-- #endif
-- 	if ((frent->fr_ip->ip_hl << 2) + off > IP_MAXPACKET) {
-- 		DPFPRINTF(("drop: too big: %d\n", off));
---		pf_free_fragment(frag);
--+		pf_free_fragment(*frag);
--+		*frag = NULL;
-- 		return (NULL);
-- 	}
-- 	next = LIST_NEXT(frent, fr_next);
--@@ -575,11 +576,12 @@
-- 		m_cat(m, m2);
-- 	}
-- 
---	ip->ip_src = frag->fr_src;
---	ip->ip_dst = frag->fr_dst;
--+	ip->ip_src = (*frag)->fr_src;
--+	ip->ip_dst = (*frag)->fr_dst;
-- 
-- 	/* Remove from fragment queue */
---	pf_remove_fragment(frag);
--+	pf_remove_fragment(*frag);
--+	*frag = NULL;
-- 
-- 	hlen = ip->ip_hl << 2;
-- 	ip->ip_len = off + hlen;
--@@ -611,7 +613,7 @@
-- }
-- 
-- struct mbuf *
---pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment *frag, int mff,
--+pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
--     int drop, int *nomem)
-- {
-- 	struct mbuf		*m = *m0;
--@@ -622,27 +624,27 @@
-- 	int			 hosed = 0;
-- 
-- #if defined(__FreeBSD__)
---	KASSERT((frag == NULL || !BUFFER_FRAGMENTS(frag)),
---	    ("!(frag == NULL || !BUFFER_FRAGMENTS(frag)): %s", __FUNCTION__));
--+	KASSERT((*frag == NULL || !BUFFER_FRAGMENTS(*frag)),
--+	    ("!(*frag == NULL || !BUFFER_FRAGMENTS(*frag)): %s", __FUNCTION__));
-- #else
---	KASSERT(frag == NULL || !BUFFER_FRAGMENTS(frag));
--+	KASSERT(*frag == NULL || !BUFFER_FRAGMENTS(*frag));
-- #endif
-- 
-- 	/* Create a new range queue for this packet */
---	if (frag == NULL) {
--+	if (*frag == NULL) {
-- #if defined(__FreeBSD__)
---		frag = uma_zalloc(pf_cache_pl, M_NOWAIT);
--+		*frag = uma_zalloc(pf_cache_pl, M_NOWAIT);
-- #else
---		frag = pool_get(&pf_cache_pl, PR_NOWAIT);
--+		*frag = pool_get(&pf_cache_pl, PR_NOWAIT);
-- #endif
---		if (frag == NULL) {
--+		if (*frag == NULL) {
-- 			pf_flush_fragments();
-- #if defined(__FreeBSD__)
---			frag = uma_zalloc(pf_cache_pl, M_NOWAIT);
--+			*frag = uma_zalloc(pf_cache_pl, M_NOWAIT);
-- #else
---			frag = pool_get(&pf_cache_pl, PR_NOWAIT);
--+			*frag = pool_get(&pf_cache_pl, PR_NOWAIT);
-- #endif
---			if (frag == NULL)
--+			if (*frag == NULL)
-- 				goto no_mem;
-- 		}
-- 
--@@ -654,33 +656,34 @@
-- #endif
-- 		if (cur == NULL) {
-- #if defined(__FreeBSD__)
---			uma_zfree(pf_cache_pl, frag);
--+			uma_zfree(pf_cache_pl, *frag);
-- #else
---			pool_put(&pf_cache_pl, frag);
--+			pool_put(&pf_cache_pl, *frag);
-- #endif
--+			*frag = NULL;
-- 			goto no_mem;
-- 		}
-- 		pf_ncache++;
-- 
---		frag->fr_flags = PFFRAG_NOBUFFER;
---		frag->fr_max = 0;
---		frag->fr_src = h->ip_src;
---		frag->fr_dst = h->ip_dst;
---		frag->fr_p = h->ip_p;
---		frag->fr_id = h->ip_id;
--+		(*frag)->fr_flags = PFFRAG_NOBUFFER;
--+		(*frag)->fr_max = 0;
--+		(*frag)->fr_src = h->ip_src;
--+		(*frag)->fr_dst = h->ip_dst;
--+		(*frag)->fr_p = h->ip_p;
--+		(*frag)->fr_id = h->ip_id;
-- #if defined(__FreeBSD__)
---		frag->fr_timeout = time_second;
--+		(*frag)->fr_timeout = time_second;
-- #else
---		frag->fr_timeout = time.tv_sec;
--+		(*frag)->fr_timeout = time.tv_sec;
-- #endif
-- 
-- 		cur->fr_off = off;
-- 		cur->fr_end = max;
---		LIST_INIT(&frag->fr_cache);
---		LIST_INSERT_HEAD(&frag->fr_cache, cur, fr_next);
--+		LIST_INIT(&(*frag)->fr_cache);
--+		LIST_INSERT_HEAD(&(*frag)->fr_cache, cur, fr_next);
-- 
---		RB_INSERT(pf_frag_tree, &pf_cache_tree, frag);
---		TAILQ_INSERT_HEAD(&pf_cachequeue, frag, frag_next);
--+		RB_INSERT(pf_frag_tree, &pf_cache_tree, *frag);
--+		TAILQ_INSERT_HEAD(&pf_cachequeue, *frag, frag_next);
-- 
-- 		DPFPRINTF(("fragcache[%d]: new %d-%d\n", h->ip_id, off, max));
-- 
--@@ -692,7 +695,7 @@
-- 	 *  - off contains the real shifted offset.
-- 	 */
-- 	frp = NULL;
---	LIST_FOREACH(fra, &frag->fr_cache, fr_next) {
--+	LIST_FOREACH(fra, &(*frag)->fr_cache, fr_next) {
-- 		if (fra->fr_off > off)
-- 			break;
-- 		frp = fra;
--@@ -929,21 +932,22 @@
-- 
--  pass:
-- 	/* Update maximum data size */
---	if (frag->fr_max < max)
---		frag->fr_max = max;
--+	if ((*frag)->fr_max < max)
--+		(*frag)->fr_max = max;
-- 
-- 	/* This is the last segment */
-- 	if (!mff)
---		frag->fr_flags |= PFFRAG_SEENLAST;
--+		(*frag)->fr_flags |= PFFRAG_SEENLAST;
-- 
-- 	/* Check if we are completely reassembled */
---	if ((frag->fr_flags & PFFRAG_SEENLAST) &&
---	    LIST_FIRST(&frag->fr_cache)->fr_off == 0 &&
---	    LIST_FIRST(&frag->fr_cache)->fr_end == frag->fr_max) {
--+	if (((*frag)->fr_flags & PFFRAG_SEENLAST) &&
--+	    LIST_FIRST(&(*frag)->fr_cache)->fr_off == 0 &&
--+	    LIST_FIRST(&(*frag)->fr_cache)->fr_end == (*frag)->fr_max) {
-- 		/* Remove from fragment queue */
-- 		DPFPRINTF(("fragcache[%d]: done 0-%d\n", h->ip_id,
---		    frag->fr_max));
---		pf_free_fragment(frag);
--+		    (*frag)->fr_max));
--+		pf_free_fragment(*frag);
--+		*frag = NULL;
-- 	}
-- 
-- 	return (m);
--@@ -952,8 +956,8 @@
-- 	*nomem = 1;
-- 
-- 	/* Still need to pay attention to !IP_MF */
---	if (!mff && frag)
---		frag->fr_flags |= PFFRAG_SEENLAST;
--+	if (!mff && *frag != NULL)
--+		(*frag)->fr_flags |= PFFRAG_SEENLAST;
-- 
-- 	m_freem(m);
-- 	return (NULL);
--@@ -961,15 +965,15 @@
--  drop_fragment:
-- 
-- 	/* Still need to pay attention to !IP_MF */
---	if (!mff && frag)
---		frag->fr_flags |= PFFRAG_SEENLAST;
--+	if (!mff && *frag != NULL)
--+		(*frag)->fr_flags |= PFFRAG_SEENLAST;
-- 
-- 	if (drop) {
-- 		/* This fragment has been deemed bad.  Don't reass */
---		if ((frag->fr_flags & PFFRAG_DROP) == 0)
--+		if (((*frag)->fr_flags & PFFRAG_DROP) == 0)
-- 			DPFPRINTF(("fragcache[%d]: dropping overall fragment\n",
-- 			    h->ip_id));
---		frag->fr_flags |= PFFRAG_DROP;
--+		(*frag)->fr_flags |= PFFRAG_DROP;
-- 	}
-- 
-- 	m_freem(m);
--@@ -1085,12 +1089,12 @@
-- 
-- 		/* Might return a completely reassembled mbuf, or NULL */
-- 		DPFPRINTF(("reass frag %d @ %d-%d\n", h->ip_id, fragoff, max));
---		*m0 = m = pf_reassemble(m0, frag, frent, mff);
--+		*m0 = m = pf_reassemble(m0, &frag, frent, mff);
-- 
-- 		if (m == NULL)
-- 			return (PF_DROP);
-- 
---		if (frag && (frag->fr_flags & PFFRAG_DROP))
--+		if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
-- 			goto drop;
-- 
-- 		h = mtod(m, struct ip *);
--@@ -1119,7 +1123,7 @@
-- 			goto bad;
-- 		}
-- 
---		*m0 = m = pf_fragcache(m0, h, frag, mff,
--+		*m0 = m = pf_fragcache(m0, h, &frag, mff,
-- 		    (r->rule_flag & PFRULE_FRAGDROP) ? 1 : 0, &nomem);
-- 		if (m == NULL) {
-- 			if (nomem)
--@@ -1135,7 +1139,7 @@
-- 				goto no_mem;
-- 			m_tag_prepend(m, mtag);
-- 		}
---		if (frag && (frag->fr_flags & PFFRAG_DROP))
--+		if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
-- 			goto drop;
-- 		goto fragment_pass;
-- 	}
-diff -ruN /usr/ports/security/pf/files/pf.conf.default pf/files/pf.conf.default
---- /usr/ports/security/pf/files/pf.conf.default	Fri Jun 13 03:09:29 2003
-+++ pf/files/pf.conf.default	Sat Sep 27 09:51:28 2003
-@@ -1,4 +1,4 @@
--#	$OpenBSD: pf.conf,v 1.19 2003/03/24 01:47:28 ian Exp $
-+#	$OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
- #
- # See pf.conf(5) and /usr/share/pf for syntax and examples.
- # Required order: options, normalization, queueing, translation, filtering.
-@@ -15,17 +15,19 @@
- #table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
- 
- # Options: tune the behavior of pf, default values are given.
--#set timeout { interval 30, frag 10 }
-+#set timeout { interval 10, frag 30 }
- #set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
- #set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
- #set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
- #set timeout { icmp.first 20, icmp.error 10 }
- #set timeout { other.first 60, other.single 30, other.multiple 60 }
-+#set timeout { adaptive.start 0, adaptive.end 0 }
- #set limit { states 10000, frags 5000 }
- #set loginterface none
- #set optimization normal
- #set block-policy drop
- #set require-order yes
-+#set fingerprints "/etc/pf.os"
- 
- # Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
- #scrub in all
-diff -ruN /usr/ports/security/pf/files/pf.os.default pf/files/pf.os.default
---- /usr/ports/security/pf/files/pf.os.default	Thu Jan  1 01:00:00 1970
-+++ pf/files/pf.os.default	Sat Sep 27 09:50:08 2003
-@@ -0,0 +1,551 @@
-+# $OpenBSD: pf.os,v 1.10 2003/09/06 01:37:07 frantzen Exp $
-+# passive OS fingerprinting
-+# -------------------------
-+#
-+# SYN signatures. Those signatures work for SYN packets only (duh!).
-+#
-+# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
-+# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
-+#
-+#  Permission to use, copy, modify, and distribute this software for any
-+#  purpose with or without fee is hereby granted, provided that the above
-+#  copyright notice and this permission notice appear in all copies.
-+#
-+#  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+#  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+#  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+#  ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+#  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+#  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+#  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+#
-+#
-+# This fingerprint database is adapted from Michal Zalewski's p0f passive
-+# operating system package.
-+#
-+#
-+# Each line in this file specifies a single fingerprint. Please read the
-+# information below carefully before attempting to append any signatures
-+# reported as UNKNOWN to this file to avoid mistakes.
-+#
-+# We use the following set metrics for fingerprinting:
-+#
-+# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
-+#   performance control (max. amount of data to be sent without ACK).
-+#   Some systems use a fixed value for initial packets. On other
-+#   systems, it is a multiple of MSS or MTU (MSS+40). In some rare
-+#   cases, the value is just arbitrary.
-+#
-+#   NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
-+#   appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
-+#   means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
-+#   value of nn is not fixed (unlikely), just copy the Snn or Tnn token
-+#   literally. If you know this device has a simple stack and a fixed
-+#   MTU, you can however multiply S value by MSS, or T value by MSS+40,
-+#   and put it instead of Snn or Tnn.
-+#
-+#   If WSS otherwise looks like a fixed value (for example a multiple
-+#   of two), or if you can confirm the value is fixed, please quote
-+#   it literally. If there's no apparent pattern in WSS chosen, you
-+#   should consider wildcarding this value.
-+#
-+# - Overall packet size - a function of all IP and TCP options and bugs.
-+#
-+#   NEW SIGNATURE: Copy this value literally.
-+#
-+# - Initial TTL - We check the actual TTL of a received packet. It can't
-+#   be higher than the initial TTL, and also shouldn't be dramatically
-+#   lower (maximum distance is defined as 40 hops).
-+#
-+#   NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
-+#   You need to determine the initial TTL. The best way to do it is to
-+#   check the documentation for a remote system, or check its settings.
-+#   A fairly good method is to simply round the observed TTL up to
-+#   32, 64, 128, or 255, but it should be noted that some obscure devices
-+#   might not use round TTLs (in particular, some shoddy appliances use
-+#   "original" initial TTL settings). If not sure, you can see how many
-+#   hops you're away from the remote party with traceroute or mtr.
-+#
-+# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
-+#   discovery. Others do not bother.
-+#
-+#   NEW SIGNATURE: Copy this value literally.
-+#
-+# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
-+#   uses it to determine link type of the remote host.
-+#
-+#   NEW SIGNATURE: Always wildcard this value, except for rare cases when
-+#   you have an appliance with a fixed value, know the system supports only
-+#   a very limited number of network interface types, or know the system
-+#   is using a value it pulled out of nowhere.  Specific unique MSS
-+#   can be used to tell Google crawlbots from the rest of the population.
-+#
-+# - Window scaling (WSCALE) - this feature is used to scale WSS.
-+#   It extends the size of a TCP/IP window to 32 bits. Some modern
-+#   systems implement this feature.
-+#
-+#   NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
-+#   to zero or other low value. There's usually no need to wildcard this
-+#   parameter.
-+#
-+# - Timestamp - some systems that implement timestamps set them to
-+#   zero in the initial SYN. This case is detected and handled appropriately.
-+#
-+# - Selective ACK permitted - a flag set by systems that implement
-+#   selective ACK functionality.
-+#
-+# - The sequence of TCP all options (MSS, window scaling, selective ACK
-+#   permitted, timestamp, NOP). Other than the options previously
-+#   discussed, p0f also checks for timestamp option (a silly
-+#   extension to broadcast your uptime ;-), NOP options (used for
-+#   header padding) and sackOK option (selective ACK feature).
-+#
-+#   NEW SIGNATURE: Copy the sequence literally.
-+#
-+# To wildcard any value (except for initial TTL or TCP options), replace
-+# it with '*'. You can also use a modulo operator to match any values
-+# that divide by nnn - '%nnn'.
-+#
-+# Fingerprint entry format:
-+#
-+# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
-+#
-+# wwww     - window size (can be *, %nnn, Snn or Tnn).  The special values
-+#            "S" and "T" which are a multiple of MSS or a multiple of MTU
-+#            respectively.
-+# ttt      - initial TTL
-+# D        - don't fragment bit (0 - not set, 1 - set)
-+# ss       - overall SYN packet size
-+# OOO      - option value and order specification (see below)
-+# OS       - OS genre (Linux, Solaris, Windows)
-+# Version  - OS Version (2.0.27 on x86, etc)
-+# Subtype  - OS subtype or patchlevel (SP3, lo0)
-+# details  - Generic OS details
-+#
-+# If OS genre starts with '*', p0f will not show distance, link type
-+# and timestamp data. It is useful for userland TCP/IP stacks of
-+# network scanners and so on, where many settings are randomized or
-+# bogus.
-+#
-+# If OS genre starts with @, it denotes an approximate hit for a group
-+# of operating systems (signature reporting still enabled in this case).
-+# Use this feature at the end of this file to catch cases for which
-+# you don't have a precise match, but can tell it's Windows or FreeBSD
-+# or whatnot by looking at, say, flag layout alone.
-+#
-+# Option block description is a list of comma or space separated
-+# options in the order they appear in the packet:
-+#
-+# N	   - NOP option
-+# Wnnn	   - window scaling option, value nnn (or * or %nnn)
-+# Mnnn	   - maximum segment size option, value nnn (or * or %nnn)
-+# S	   - selective ACK OK
-+# T 	   - timestamp
-+# T0 	   - timestamp with a zero value
-+#
-+# To denote no TCP options, use a single '.'.
-+#
-+# Please report any additions to this file, or any inaccuracies or
-+# problems spotted, to the maintainers: lcamtuf@coredump.cx,
-+# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
-+# capture of the relevant SYN packet(s)
-+#
-+# WARNING WARNING WARNING
-+# -----------------------
-+#
-+# Do not add a system X as OS Y just because NMAP says so. It is often
-+# the case that X is a NAT firewall. While nmap is talking to the
-+# device itself, p0f is fingerprinting the guy behind the firewall
-+# instead.
-+#
-+# When in doubt, use common sense, don't add something that looks like
-+# a completely different system as Linux or FreeBSD or LinkSys router.
-+# Check DNS name, establish a connection to the remote host and look
-+# at SYN+ACK - does it look similar?
-+#
-+# Some users tweak their TCP/IP settings - enable or disable RFC1323
-+# functionality, enable or disable timestamps or selective ACK,
-+# disable PMTU discovery, change MTU and so on. Always compare a new rule
-+# to other fingerprints for this system, and verify the system isn't
-+# "customized" before adding it. It is OK to add signature variants
-+# caused by a commonly used software (personal firewalls, security
-+# packages, etc), but it makes no sense to try to add every single
-+# possible /proc/sys/net/ipv4 tweak on Linux or so.
-+#
-+# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
-+# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
-+# normalize packets. Signatures will not correspond to the originating
-+# system (and probably not quite to the firewall either).
-+#
-+# NOTE: Try to keep this file in some reasonable order, from most to
-+# least likely systems. This will speed up operation. Also keep most
-+# generic and broad rules near the end.
-+#
-+
-+##########################
-+# Standard OS signatures #
-+##########################
-+
-+# ----------------- AIX ---------------------
-+
-+# AIX is first because its signatures are close to NetBSD, MacOS X and
-+# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
-+# This is a shoddy hack, though.
-+
-+16384:64:0:44:M512:		AIX:4.3:2-3:AIX 4.3.2 and earlier
-+
-+16384:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-+16384:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-+32768:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-+32768:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-+65535:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-+65535:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-+65535:64:0:64:M*,N,W1,N,N,T,N,N,S:	AIX:5.3:ML1:AIX 5.3 ML1
-+
-+# ----------------- Linux -------------------
-+
-+512:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x
-+16384:64:0:44:M*:		Linux:2.0:3x:Linux 2.0.3x
-+
-+# Endian snafu! Nelson says "ha-ha":
-+2:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
-+64:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
-+
-+
-+S4:64:1:60:M1360,S,T,N,W0:	Linux:google::Linux (Google crawlbot)
-+
-+S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4 (big boy)
-+S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:18-21:Linux 2.4.18 and newer
-+S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6
-+S4:64:1:60:M*,S,T,N,W0:		Linux:2.6::Linux 2.4/2.6
-+
-+S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5
-+S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
-+
-+S20:64:1:60:M*,S,T,N,W0:	Linux:2.2:20-25:Linux 2.2.20 and newer
-+S22:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
-+S11:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
-+
-+# Popular cluster config scripts disable timestamps and
-+# selective ACK:
-+S4:64:1:48:M1460,N,W0:		Linux:2.4:cluster:Linux 2.4 in cluster
-+
-+# This needs to be investigated. On some systems, WSS
-+# is selected as a multiple of MTU instead of MSS. I got
-+# many submissions for this for many late versions of 2.4:
-+T4:64:1:60:M1412,S,T,N,W0:	Linux:2.4::Linux 2.4 (late, uncommon)
-+
-+# This happens only over loopback, but let's make folks happy:
-+32767:64:1:60:M16396,S,T,N,W0:	Linux:2.4:lo0:Linux 2.4 (local)
-+S8:64:1:60:M3884,S,T,N,W0:	Linux:2.2:lo0:Linux 2.2 (local)
-+
-+# Opera visitors:
-+16384:64:1:60:M*,S,T,N,W0:	Linux:2.2:Opera:Linux 2.2 (Opera?)
-+32767:64:1:60:M*,S,T,N,W0:	Linux:2.4:Opera:Linux 2.4 (Opera?)
-+
-+# Some fairly common mods:
-+S4:64:1:52:M*,N,N,S,N,W0:	Linux:2.4:ts:Linux 2.4 w/o timestamps
-+S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
-+
-+
-+# ----------------- FreeBSD -----------------
-+
-+16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.1
-+16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.1
-+16384:64:1:44:M*:		FreeBSD:4.0-4.1::FreeBSD 2.0-4.1
-+16384:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
-+
-+1024:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
-+
-+57344:64:1:44:M*:		FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
-+57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.8::FreeBSD 4.6-4.8
-+
-+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
-+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
-+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.9::FreeBSD 4.7-5.1
-+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.7-5.1
-+
-+# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
-+
-+# ----------------- NetBSD ------------------
-+
-+65535:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6:opera:NetBSD 1.6 (Opera)
-+16384:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6::NetBSD 1.6
-+16384:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6:df:NetBSD 1.6 (DF)
-+16384:64:0:60:M*,N,W0,N,N,T:	NetBSD:1.3::NetBSD 1.3
-+65535:64:1:60:M*,N,W1,N,N,T0:	NetBSD:1.6::NetBSD 1.6W-current (DF)
-+
-+# ----------------- OpenBSD -----------------
-+
-+16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-+16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.4::OpenBSD 3.0-3.4
-+16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df)
-+57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-3.4::OpenBSD 3.3-3.4
-+57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df)
-+
-+65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera)
-+
-+# ----------------- Solaris -----------------
-+
-+S17:64:1:64:N,W3,N,N,T0,N,N,S,M*:	Solaris:8:RFC1323:Solaris 8 RFC1323
-+S17:64:1:48:N,N,S,M*:			Solaris:8::Solaris 8
-+S17:255:1:44:M*:			Solaris:2.5-2.7::Solaris 2.5 to 7
-+
-+S6:255:1:44:M*:				Solaris:2.6-2.7::Solaris 2.6 to 7
-+S23:255:1:44:M*:			Solaris:2.5:1:Solaris 2.5.1
-+S34:64:1:48:M*,N,N,S:			Solaris:2.9::Solaris 9
-+S44:255:1:44:M*:			Solaris:2.7::Solaris 7
-+
-+# ----------------- IRIX --------------------
-+
-+49152:64:0:44:M*:			IRIX:6.4::IRIX 6.4
-+61440:64:0:44:M*:			IRIX:6.2-6.5::IRIX 6.2-6.5
-+49152:64:0:52:M*,N,W2,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
-+49152:64:0:52:M*,N,W3,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
-+
-+61440:64:0:48:M*,N,N,S:			IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
-+49152:64:0:48:M*,N,N,S:			IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
-+
-+# ----------------- Tru64 -------------------
-+
-+32768:64:1:48:M*,N,W0:			Tru64:4.0::Tru64 4.0
-+32768:64:0:48:M*,N,W0:			Tru64:5.0::Tru64 5.0
-+8192:64:0:44:M1460:			Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
-+
-+# This looks awfully Linuxish :/
-+# S22:64:0:60:M*,S,T,N,W0:		Tru64:5.0:a:Tru64 5.0a
-+
-+61440:64:0:48:M*,N,W0:			Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
-+
-+
-+# ----------------- OpenVMS -----------------
-+
-+6144:64:1:60:M*,N,W0,N,N,T:		OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
-+
-+# ----------------- MacOS -------------------
-+
-+16616:255:1:48:M*,W0:			MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-+16616:255:1:48:M*,W0:			MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-+32768:255:1:48:M*,W0,N:			MacOS:9.1-9.2::MacOS 9.1/9.2
-+32768:64:0:60:M*,N,W0,N,N,T:		MacOS:X:10.2:MacOS X 10.2
-+
-+# ----------------- Windows -----------------
-+
-+# Windows 95 - need more:
-+
-+8192:32:1:44:M*:			Windows:95::Windows 95 (low TTL)
-+
-+# Windows 98 - plenty of silly signatures:
-+S44:32:1:48:M*,N,N,S:			Windows:98::Windows 98 (low TTL)
-+8192:32:1:48:M*,N,N,S:			Windows:98::Windows 98 (low TTL)
-+
-+%8192:64:1:48:M*,N,N,S:			Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL)
-+S4:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-+S6:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-+S12:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-+32767:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-+37300:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-+46080:64:1:52:M*,N,W3,N,N,S:		Windows:98:RFC1323:Windows 98 (RFC1323)
-+65535:64:1:44:M*:			Windows:98:noSACK:Windows 98 (no sack)
-+
-+S16:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-+S16:128:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:98::Windows 98
-+S26:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-+T30:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-+32767:128:1:52:M*,N,W0,N,N,S:		Windows:98::Windows 98
-+60352:128:1:48:M*,N,N,S:		Windows:98::Windows 98
-+60352:128:1:64:M*,N,W2,N,N,T0,N,N,S:	Windows:98::Windows 98
-+
-+# Windows NT 4.0 - need more:
-+
-+64512:128:1:44:M1414:			Windows:NT:4.0:Windows NT 4.0 SP6a
-+8192:128:1:44:M*:			Windows:NT:4.0:Windows NT 4.0 (older)
-+6144:128:1:52:M*,W0,N,S,N,N:		Windows:NT:4.0:Windows NT 4.0 (RFC1323)
-+ 
-+# Windows XP and 2000. Most of the signatures that were
-+# either dubious or non-specific (no service pack data)
-+# were deleted and replaced with generics at the end.
-+
-+65535:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4, XP SP1
-+%8192:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4, XP SP1
-+S45:128:1:48:M*,N,N,S:			Windows:2000:SP4:Windows 2000 SP4
-+S6:128:1:48:M*,N,N,S:			Windows:2000:SP4:Windows XP SP1, 2000 SP4
-+S44:128:1:48:M*,N,N,S:			Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3
-+
-+S6:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows XP SP1, 2000 SP4
-+S44:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3
-+64512:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows XP SP1
-+32767:128:1:48:M1452,N,N,S:		Windows:XP:SP1:Windows XP SP1
-+65535:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP4, XP SP1
-+%8192:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP4, XP SP1
-+
-+# Odds, ends, mods:
-+
-+S52:128:1:48:M1260,N,N,S:		Windows:XP:Cisco:Windows XP/2000 via Cisco
-+S52:128:1:48:M1260,N,N,S:		Windows:2000:Cisco:Windows XP/2000 via Cisco
-+
-+# HUNT DOWN:
-+# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT)
-+
-+# ----------------- HP/UX -------------------
-+
-+32768:64:1:44:M*:			HP-UX:B.10.20::HP-UX B.10.20
-+32768:64:0:48:M*,W0,N:			HP-UX:11.0::HP-UX 11.0
-+32768:64:1:48:M*,W0,N:			HP-UX:11.10::HP-UX 11.0 or 11.11
-+32768:64:1:48:M*,W0,N:			HP-UX:11.11::HP-UX 11.0 or 11.11
-+
-+# Whoa. Hardcore WSS.
-+0:64:0:48:M*,W0,N:			HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
-+
-+
-+# ----------------- RiscOS ------------------
-+
-+# We don't yet support the ?12 TCP option
-+#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12:	RISCOS:3.70-4.36::RISC OS 3.70-4.36
-+
-+# ----------------- BSD/OS ------------------
-+
-+# Once again, power of two WSS is also shared by MacOS X with DF set
-+8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
-+8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
-+
-+
-+# ---------------- NewtonOS -----------------
-+
-+4096:64:0:44:M1420:		NewtonOS:2.1::NewtonOS 2.1
-+
-+# ---------------- NeXTSTEP -----------------
-+
-+S8:64:0:44:M512:		NeXTSTEP:3.3::NeXTSTEP 3.3
-+
-+# ------------------ BeOS -------------------
-+
-+1024:255:0:48:M*,N,W0:		BeOS:5.0-5.1::BeOS 5.0-5.1
-+12288:255:0:44:M1402:		BeOS:5.0::BeOS 5.0.x
-+
-+# ------------------ OS/400 -----------------
-+
-+8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR4::OS/400 VR4/R5
-+8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR5::OS/400 VR4/R5
-+4096:64:1:60:M1440,N,W0,N,N,T:	OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
-+
-+
-+# ------------------ ULTRIX -----------------
-+
-+16384:64:0:40:.:		ULTRIX:4.5::ULTRIX 4.5
-+
-+# ------------------- QNX -------------------
-+
-+S16:64:0:44:M512:		QNX:::QNX demodisk
-+
-+# ------------------ Novell -----------------
-+
-+16384:128:1:44:M1460:		Novell:NetWare:5.0:Novel Netware 5.0
-+6144:128:1:44:M1460:		Novell:IntranetWare:4.11:Novell IntranetWare 4.11
-+
-+# ----------------- SCO ------------------
-+S17:64:1:44:M1460:			SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
-+S17:64:1:44:M1460:			SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
-+S3:64:1:60:M1460,N,W0,N,N,T:		SCO:UnixWare:7.1:SCO UnixWare 7.1
-+
-+# ------------------- DOS -------------------
-+
-+2048:255:0:44:M536:		DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
-+
-+###########################################
-+# Appliance / embedded / other signatures #
-+###########################################
-+
-+# ---------- Firewalls / routers ------------
-+
-+S12:64:1:44:M1460:			@Checkpoint:::Checkpoint (unknown 1)
-+S12:64:1:48:N,N,S,M1460:		@Checkpoint:::Checkpoint (unknown 2)
-+4096:32:0:44:M1460:			ExtremeWare:4.x::ExtremeWare 4.x
-+60352:64:0:52:M1460,N,W2,N,N,S:		Clavister:7::Clavister firewall 7.x
-+
-+# ------- Switches and other stuff ----------
-+
-+4128:255:0:44:M*:			Cisco:::Cisco Catalyst 3500, 7500 etc
-+S8:255:0:44:M*:				Cisco:12008::Cisco 12008
-+60352:128:1:64:M1460,N,W2,N,N,T,N,N,S:	Alteon:ACEswitch::Alteon ACEswitch
-+64512:128:1:44:M1370:			Nortel:Contivity Client::Nortel Conectivity Client
-+
-+
-+# ---------- Caches and whatnots ------------
-+
-+S4:64:1:52:M1460,N,N,S,N,W0:		AOL:web cache::AOL web cache
-+
-+32850:64:1:64:N,W1,N,N,T,N,N,S,M*:	NetApp:5.x::NetApp Data OnTap 5.x
-+16384:64:1:64:M1460,N,N,S,N,W0,N:	NetApp:5.3:1:NetApp 5.3.1
-+65535:64:0:64:M1460,N,N,S,N,W3,N,N,T:	NetApp:5.3:1:NetApp 5.3.1
-+65535:64:0:60:M1460,N,W0,N,N,T:		NetApp:CacheFlow::NetApp CacheFlow
-+8192:64:1:64:M1460,N,N,S,N,W0,N,N,T:	NetApp:5.2:1:NetApp NetCache 5.2.1
-+
-+S4:64:0:48:M1460,N,N,S:			Cisco:Content Engine::Cisco Content Engine
-+
-+27085:128:0:40:.:			Dell:PowerApp cache::Dell PowerApp (Linux-based)
-+
-+65535:255:1:48:N,W1,M1460:		Inktomi:crawler::Inktomi crawler
-+S1:255:1:60:M1460,S,T,N,W0:		LookSmart:ZyBorg::LookSmart ZyBorg
-+
-+
-+16384:255:0:40:.:			Proxyblocker:::Proxyblocker (what's this?)
-+
-+# ----------- Embedded systems --------------
-+
-+S9:255:0:44:M536:			PalmOS:Tungsten:C:PalmOS Tungsten C
-+S5:255:0:44:M536:			PalmOS:3::PalmOS 3/4
-+S5:255:0:44:M536:			PalmOS:4::PalmOS 3/4
-+S4:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5
-+2948:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5.3 (Handera)
-+
-+S23:64:1:64:N,W1,N,N,T,N,N,S,M1460:	SymbianOS:7::SymbianOS 7
-+8192:255:0:44:M1460:			SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?)
-+8192:255:0:44:M536:			SymbianOS:::SymbianOS (on Nokia 9210?)
-+
-+
-+# Perhaps S4?
-+5840:64:1:60:M1452,S,T,N,W1:		Zaurus:3.10::Zaurus 3.10
-+
-+32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S:	PocketPC:2002::PocketPC 2002
-+
-+S1:255:0:44:M346:			Contiki:1.1:rc0:Contiki 1.1-rc0
-+
-+4096:128:0:44:M1460:			Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
-+
-+S12:64:0:44:M1452:			AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
-+
-+
-+
-+####################
-+# Fancy signatures #
-+####################
-+
-+1024:64:0:40:.:				*NMAP:syn scan:1:NMAP syn scan (1)
-+2048:64:0:40:.:				*NMAP:syn scan:2:NMAP syn scan (2)
-+3072:64:0:40:.:				*NMAP:syn scan:3:NMAP syn scan (3)
-+4096:64:0:40:.:				*NMAP:syn scan:4:NMAP syn scan (4)
-+
-+1024:64:0:60:W10,N,M265,T:		*NMAP:OS:1:NMAP OS detection probe (1)
-+2048:64:0:60:W10,N,M265,T:		*NMAP:OS:2:NMAP OS detection probe (2)
-+3072:64:0:60:W10,N,M265,T:		*NMAP:OS:3:NMAP OS detection probe (3)
-+4096:64:0:60:W10,N,M265,T:		*NMAP:OS:4:NMAP OS detection probe (4)
-+
-+#####################################
-+# Generic signatures - just in case #
-+#####################################
-+
-+#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
-+#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
-+
-+*:128:1:52:M*,N,W0,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-+*:128:1:52:M*,N,W0,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-+*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
-+*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
-+*:128:1:64:M*,N,W*,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP (RFC1323, w+)
-+*:128:1:48:M*,N,N,S:			@Windows:XP::Windows XP/2000
-+*:128:1:48:M*,N,N,S:			@Windows:2000::Windows XP/2000
-+
-+
-diff -ruN /usr/ports/security/pf/pkg-plist pf/pkg-plist
---- /usr/ports/security/pf/pkg-plist	Fri Jun 13 03:09:29 2003
-+++ pf/pkg-plist	Sat Sep 27 14:34:16 2003
-@@ -9,14 +9,26 @@
- sbin/pfctl
- sbin/pflogd
- sbin/pftcpdump
--sbin/pftop
- 
- etc/rc.d/pf.sh.sample
- etc/pf.conf.default
-+etc/pf.os
- 
- include/pf/net/pfvar.h
- include/pf/net/if_pflog.h
- include/pf/net/if_pfsync.h
-+%%WITH_ALTQ%%include/pf/altq/altq.h
-+%%WITH_ALTQ%%include/pf/altq/altq_cbq.h
-+%%WITH_ALTQ%%include/pf/altq/altq_cdnr.h
-+%%WITH_ALTQ%%include/pf/altq/altq_classq.h
-+%%WITH_ALTQ%%include/pf/altq/altq_hfsc.h
-+%%WITH_ALTQ%%include/pf/altq/altq_priq.h
-+%%WITH_ALTQ%%include/pf/altq/altq_red.h
-+%%WITH_ALTQ%%include/pf/altq/altq_rio.h
-+%%WITH_ALTQ%%include/pf/altq/altq_rmclass.h
-+%%WITH_ALTQ%%include/pf/altq/altq_rmclass_debug.h
-+%%WITH_ALTQ%%include/pf/altq/altq_var.h
-+%%WITH_ALTQ%%include/pf/altq/if_altq.h
- 
- @dirrm modules
- @dirrm include/pf/net
author	Kirill Ponomarev <krion@FreeBSD.org>	2003-10-21 23:08:50 +0000
committer	Kirill Ponomarev <krion@FreeBSD.org>	2003-10-21 23:08:50 +0000
commit	b8e7204389a63fc449d6f86529e99d5444739880 (patch)
tree	057adf811218a9efe157530a5bac8495e4939380 /security
parent	- Mark broken on alpha-5.x (diff)