Supersedes ports/59442 and previous hasty-fix, and fixes the following:

- Build with __FreeBSD_version > 501114 (see bms commit) - Build with new route.h (no RTF_PRCLONING) - Don't use hardware assistance on framentation when DF is set. - Allow pftcpdump -w to be used with pfsync. Found-by: bento / Pyun YongHyeon Submitted by: Max Laier PR: ports/59548
svn path=/head/; revision=94775
2003-11-25 14:08:02 +00:00 · 2003-11-25 14:08:02 +00:00 · 2830eb5a46 · 2021-03-31 03:12:20 +00:00
commit 2830eb5a46
parent f13a4b29b1
4 changed files with 122 additions and 26 deletions
--- a/security/pf/Makefile
+++ b/security/pf/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	pf_freebsd
 PORTVERSION=	2.00
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
@ -50,10 +51,6 @@ PLIST_SUB+=	WITH_ALTQ="@comment "
 IGNORE=		"Only for 5.0 and above"
 .endif

-.if ${OSVERSION} >= 501114
-EXTRA_PATCHES+=	${PATCHDIR}/extra-patch-pf::pf.c
-.endif
-
 .if !exists(${SRC_BASE}/sys/Makefile) && \
    (defined(WITH_ALTQ) && !exists(${SYS_ALTQ}/Makefile))
 IGNORE=		"Kernel source files required"
--- a/security/pf/files/extra-patch-pf::pf.c
+++ b/security/pf/files/extra-patch-pf::pf.c
@ -1,22 +0,0 @@
-Update pf to be more in line with current TCP stack behaviour at
-5.2 code freeze point after andre's initial commit to decouple
-protocol-level stats from routing. --  bms@FreeBSD.org
-
--- pf/pf.c.orig	Wed Nov 19 11:51:34 2003
-+++ pf/pf.c	Wed Nov 19 11:53:42 2003
-@@ -1376,14 +1376,10 @@
- 		 */
- 		NTOHS(ip->ip_len);
- 		NTOHS(ip->ip_off);
-		ip_rtaddr(ip->ip_dst, &ro);
- 		PF_UNLOCK();
-		ip_output(m, (void *)NULL, &ro, 0, (void *)NULL,
-+		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
- 			(void *)NULL);
- 		PF_LOCK();
-		if(ro.ro_rt) {
-			RTFREE(ro.ro_rt);
-		}
- #else
- 		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
- 		    (void *)NULL);
--- a/security/pf/files/patch-ac
+++ b/security/pf/files/patch-ac
@ -0,0 +1,98 @@
+--- pf/pf.c.orig	Fri Nov 21 14:32:14 2003
+++ pf/pf.c	Fri Nov 21 14:32:33 2003
+@@ -1250,8 +1250,10 @@
+ 	struct tcphdr	*th;
+ #if defined(__FreeBSD__)
+ 	struct ip 	*ip;
+#if (__FreeBSD_version < 501114)
+ 	struct route 	 ro;
+ #endif
+#endif
+ 	char *opt;
+ 
+ 	/* maximum segment size tcp option */
+@@ -1366,7 +1368,6 @@
+ 		h->ip_ttl = ttl ? ttl : ip_defttl;
+ 		h->ip_sum = 0;
+ #if defined(__FreeBSD__)
+-		bzero(&ro, sizeof(ro));
+ 		ip = mtod(m, struct ip *);
+ 		/*
+ 		 * XXX
+@@ -1376,6 +1377,8 @@
+ 		 */
+ 		NTOHS(ip->ip_len);
+ 		NTOHS(ip->ip_off);
+#if (__FreeBSD_version < 501114)
+		bzero(&ro, sizeof(ro));
+ 		ip_rtaddr(ip->ip_dst, &ro);
+ 		PF_UNLOCK();
+ 		ip_output(m, (void *)NULL, &ro, 0, (void *)NULL,
+@@ -1384,7 +1387,13 @@
+ 		if(ro.ro_rt) {
+ 			RTFREE(ro.ro_rt);
+ 		}
+-#else
+#else /* __FreeBSD_version >= 501114 */
+		PF_UNLOCK();
+		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
+			(void *)NULL);
+		PF_LOCK();
+#endif
+#else /* ! __FreeBSD__ */
+ 		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
+ 		    (void *)NULL);
+ #endif
+@@ -2354,8 +2363,12 @@
+ 		dst->sin_len = sizeof(*dst);
+ 		dst->sin_addr = addr->v4;
+ #if defined(__FreeBSD__)
+#ifdef RTF_PRCLONING
+ 		rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING));
+-#else
+#else /* !RTF_PRCLONING */
+		rtalloc_ign(&ro, RTF_CLONING);
+#endif
+#else /* ! __FreeBSD__ */
+ 		rtalloc_noclone(&ro, NO_CLONING);
+ #endif
+ 		rt = ro.ro_rt;
+@@ -2370,9 +2383,13 @@
+ 		dst6->sin6_len = sizeof(*dst6);
+ 		dst6->sin6_addr = addr->v6;
+ #if defined(__FreeBSD__)
+#ifdef RTF_PRCLONING
+ 		rtalloc_ign((struct route *)&ro6,
+ 		    (RTF_CLONING | RTF_PRCLONING));
+-#else
+#else /* !RTF_PRCLONING */
+		rtalloc_ign((struct route *)&ro6, RTF_CLONING);
+#endif
+#else /* ! __FreeBSD__ */
+ 		rtalloc_noclone((struct route *)&ro6, NO_CLONING);
+ #endif
+ 		rt = ro6.ro_rt;
+@@ -4731,8 +4748,12 @@
+ 	dst->sin_len = sizeof(*dst);
+ 	dst->sin_addr = addr->v4;
+ #if defined(__FreeBSD__)
+#ifdef RTF_PRCLONING
+ 	rtalloc_ign(&ro, (RTF_CLONING|RTF_PRCLONING));
+-#else
+#else /* !RTF_PRCLONING */
+	rtalloc_ign(&ro, RTF_CLONING);
+#endif
+#else /* ! __FreeBSD__ */
+ 	rtalloc_noclone(&ro, NO_CLONING);
+ #endif
+ 
+@@ -5044,7 +5065,8 @@
+ 	m0->m_pkthdr.csum_flags &= ifp->if_hwassist;
+ 
+ 	if (ntohs(ip->ip_len) <= ifp->if_mtu ||
+-		ifp->if_hwassist & CSUM_FRAGMENT) {
+	    (ifp->if_hwassist & CSUM_FRAGMENT &&
+		((ip->ip_off & htons(IP_DF)) == 0))) {
+ 		/*
+ 		 * ip->ip_len = htons(ip->ip_len);
+ 		 * ip->ip_off = htons(ip->ip_off);
--- a/security/pf/files/patch-ad
+++ b/security/pf/files/patch-ad
@ -0,0 +1,23 @@
+--- freebsd_libpcap/savefile.c.orig	Fri Nov 21 14:35:34 2003
+++ freebsd_libpcap/savefile.c	Fri Nov 21 14:35:46 2003
+@@ -178,6 +178,9 @@
+ #define LINKTYPE_HDLC		112		/* NetBSD HDLC framing */
+ #define LINKTYPE_IPFILTER	116		/* IP Filter capture files */
+ #define LINKTYPE_PFLOG		117		/* OpenBSD DLT_PFLOG */
+#if defined(DLT_PFSYNC)
+#define LINKTYPE_PFSYNC		DLT_PFSYNC
+#endif
+ 
+ static struct linktype_map {
+ 	int	dlt;
+@@ -271,6 +274,10 @@
+ 	 *	defining DLT_* values that collide with those
+ 	 *	LINKTYPE_* values, either).
+ 	 */
+	{ DLT_PFLOG,		LINKTYPE_PFLOG },
+#if defined(DLT_PFSYNC)
+	{ DLT_PFSYNC,		LINKTYPE_PFSYNC },
+#endif
+ 	{ -1,			-1 }
+ };
+