PR:

Submitted by: maintainer Reviewed by: Approved by: Obtained from: MFC after: Add two patches to solve the following problems: patch-ab - resolves a problem with a mbuf-tag in 5.1 - Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr> patch-ac - pulls in two critical fixes from OpenBSD patch branch - Obtained from: OpenBSD Change BROKEN to IGNORE tag in Makefile, suggested by: kris@ && bump PORTREVISION.
svn path=/head/; revision=83225
2024-11-28 01:06:17 +00:00 · 2003-06-18 04:46:34 +00:00 · 2003-06-18 04:46:34 +00:00 · d2ff3920b8 · 2021-03-31 03:12:20 +00:00
commit d2ff3920b8
parent 5be853e5bd
3 changed files with 102 additions and 3 deletions
--- a/security/pf/Makefile
+++ b/security/pf/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	pf_freebsd
 PORTVERSION=	1.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
@ -47,12 +47,12 @@ PLIST_SUB+=	WITH_ALTQ="@comment "
 .include <bsd.port.pre.mk>

 .if ${OSVERSION} < 500000
-BROKEN=	"Only for 5.0 and above"
+IGNORE=		"Only for 5.0 and above"
 .endif

 .if !exists(${SRC_BASE}/sys/Makefile) && \
    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile)
-BROKEN=	"Kernel source files required"
+IGNORE=		"Kernel source files required"
 .endif

 .if !defined(WITH_ALTQ) || (${WITH_ALTQ} != "yes")
--- a/security/pf/files/patch-ab
+++ b/security/pf/files/patch-ab
@ -0,0 +1,70 @@
+--- pf/pf_support.h	Mon Apr 14 05:54:15 2003
+++ pf/pf_support.h	Tue Jun 17 14:26:33 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
+#if defined(PACKET_TAG_MACLABEL)
+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
+#else
+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
+#endif
+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+--- pfaltq/pf_support.h	Mon Apr 14 06:04:19 2003
+++ pfaltq/pf_support.h	Tue Jun 17 14:26:34 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
+#if defined(PACKET_TAG_MACLABEL)
+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
+#else
+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
+#endif
+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+--- pfctl/pf_support.h	Mon Apr 14 05:55:07 2003
+++ pfctl/pf_support.h	Tue Jun 17 14:26:34 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
+#if defined(PACKET_TAG_MACLABEL)
+#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
+#else
+#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
+#endif
+#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
+#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
+#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
+#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
+#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+
--- a/security/pf/files/patch-ac
+++ b/security/pf/files/patch-ac
@ -0,0 +1,29 @@
+--- pf/pf.c	Wed May  7 09:33:21 2003
+++ pf/pf.c	Tue Jun 17 17:02:08 2003
+@@ -2837,6 +2837,7 @@
+ 		/* check incoming packet for BINAT/RDR */
+ 		if ((rdr = pf_get_translation(PF_IN, ifp, pd->proto,
+ 		    saddr, 0, daddr, 0, &naddr, NULL, af)) != NULL) {
+			PF_ACPY(&baddr, daddr, af);
+ 			switch (af) {
+ #ifdef INET
+ 			case AF_INET:
+@@ -3179,7 +3180,7 @@
+ 	    /* Retrans: not more than one window back */
+ 	    (ackskew >= -MAXACKWINDOW) &&
+ 	    /* Acking not more than one window back */
+-	    (ackskew <= MAXACKWINDOW)) {
+	    (ackskew <= (MAXACKWINDOW << sws))) {
+ 	    /* Acking not more than one window forward */
+ 
+ 		(*state)->packets++;
+@@ -3346,7 +3347,7 @@
+ 			    SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) ?
+ 			    ' ': '2',
+ 			    (ackskew >= -MAXACKWINDOW) ? ' ' : '3',
+-			    (ackskew <= MAXACKWINDOW) ? ' ' : '4',
+			    (ackskew <= (MAXACKWINDOW << sws)) ? ' ' : '4',
+ 			    SEQ_GEQ(src->seqhi + MAXACKWINDOW, end) ?' ' :'5',
+ 			    SEQ_GEQ(seq, src->seqlo - MAXACKWINDOW) ?' ' :'6');
+ 		}
+