* improved cleanup routines to make sure that no memory is leaking.
* applied patch to pf.c from OPENBSD_3_6 branch:
fix a bug that leads to a crash when binat rules of the form
'binat from ... to ... -> (if)' are used, where the interface is dynamic.
* added (unsigned char) casts to ctype functions.
* added experimental patch for ALTQ support.
* applied patch to pfctl_parser.c from OPENBSD_3_6 branch:
do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h
* applied patch to pf.c from OPENBSD_3_6 branch:
The flag to re-filter pf-generated packets was set wrong by synproxy
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client.
* applied patch to pf.c from OPENBSD_3_6 branch:
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround.
* applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper, pfil6_wrapper:
ensure that mbufs are writable beforehand as pf assumes it.
* applied patch to pf.c from OPENBSD_3_6 branch:
reset anchor pointer to NULL when stepping back into the main ruleset,
fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr
showing wrong state counters for anchor rules.
4a76ff1004