From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Nov 21 05:50:20 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1679716A4CE for ; Fri, 21 Nov 2003 05:50:20 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D7A443FCB for ; Fri, 21 Nov 2003 05:50:18 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hALDoHFY037322 for ; Fri, 21 Nov 2003 05:50:17 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hALDoHCx037321; Fri, 21 Nov 2003 05:50:17 -0800 (PST) (envelope-from gnats) Resent-Date: Fri, 21 Nov 2003 05:50:17 -0800 (PST) Resent-Message-Id: <200311211350.hALDoHCx037321@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Max Laier Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3840416A4CE for ; Fri, 21 Nov 2003 05:47:39 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id E44E743F3F for ; Fri, 21 Nov 2003 05:47:37 -0800 (PST) (envelope-from mlaier@vampire.homelinux.org) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng6.kundenserver.de with esmtp (Exim 3.35 #1) id 1ANBdJ-0006Gq-00 for FreeBSD-gnats-submit@freebsd.org; Fri, 21 Nov 2003 14:47:37 +0100 Received: from [217.83.5.34] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1ANBdH-0007Q3-00 for FreeBSD-gnats-submit@freebsd.org; Fri, 21 Nov 2003 14:47:35 +0100 Received: (qmail 29184 invoked by uid 1001); 21 Nov 2003 13:50:38 -0000 Message-Id: <20031121135038.29183.qmail@vampire.homelinux.org> Date: 21 Nov 2003 13:50:38 -0000 From: Max Laier To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/59548: [Maintainer-update:] security/pf - fix build for __FreeBSD_version > 501114 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Max Laier List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 13:50:20 -0000 >Number: 59548 >Category: ports >Synopsis: [Maintainer-update:] security/pf - fix build for __FreeBSD_version > 501114 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Nov 21 05:50:17 PST 2003 >Closed-Date: >Last-Modified: >Originator: Max Laier >Release: FreeBSD 5.1-RELEASE-p10 i386 >Organization: >Environment: System: FreeBSD router.laiers.local 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #1: Sun Oct 5 17:38:55 CEST 2003 root@router.laiers.local:/usr/obj/usr/src/sys/ALTQ i386 >Description: Supersedes ports/59442 and fixes the following: - Build with __FreeBSD_version > 501114 (see bms commit) - Build with new route.h (no RTF_PRCLONING) - Don't use hardware assistance on framentation when DF is set. - Allow pftcpdump -w to be used with pfsync. Found-by: bento / Pyun YongHyeon >How-To-Repeat: >Fix: Please remove intermediate patch!!! i.e. back-out bms' commit! --- pf-port.diff begins here --- diff -ruN pf.orig/Makefile pf/Makefile --- pf.orig/Makefile Fri Nov 21 14:31:34 2003 +++ pf/Makefile Fri Nov 21 14:42:15 2003 @@ -7,6 +7,7 @@ PORTNAME= pf_freebsd PORTVERSION= 2.00 +PORTREVISION= 1 CATEGORIES= security ipv6 MASTER_SITES= http://pf4freebsd.love2party.net/ .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes") diff -ruN pf.orig/files/patch-ac pf/files/patch-ac --- pf.orig/files/patch-ac Thu Jan 1 01:00:00 1970 +++ pf/files/patch-ac Fri Nov 21 14:34:24 2003 @@ -0,0 +1,98 @@ +--- pf/pf.c.orig Fri Nov 21 14:32:14 2003 ++++ pf/pf.c Fri Nov 21 14:32:33 2003 +@@ -1250,8 +1250,10 @@ + struct tcphdr *th; + #if defined(__FreeBSD__) + struct ip *ip; ++#if (__FreeBSD_version < 501114) + struct route ro; + #endif ++#endif + char *opt; + + /* maximum segment size tcp option */ +@@ -1366,7 +1368,6 @@ + h->ip_ttl = ttl ? ttl : ip_defttl; + h->ip_sum = 0; + #if defined(__FreeBSD__) +- bzero(&ro, sizeof(ro)); + ip = mtod(m, struct ip *); + /* + * XXX +@@ -1376,6 +1377,8 @@ + */ + NTOHS(ip->ip_len); + NTOHS(ip->ip_off); ++#if (__FreeBSD_version < 501114) ++ bzero(&ro, sizeof(ro)); + ip_rtaddr(ip->ip_dst, &ro); + PF_UNLOCK(); + ip_output(m, (void *)NULL, &ro, 0, (void *)NULL, +@@ -1384,7 +1387,13 @@ + if(ro.ro_rt) { + RTFREE(ro.ro_rt); + } +-#else ++#else /* __FreeBSD_version >= 501114 */ ++ PF_UNLOCK(); ++ ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL, ++ (void *)NULL); ++ PF_LOCK(); ++#endif ++#else /* ! __FreeBSD__ */ + ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL, + (void *)NULL); + #endif +@@ -2354,8 +2363,12 @@ + dst->sin_len = sizeof(*dst); + dst->sin_addr = addr->v4; + #if defined(__FreeBSD__) ++#ifdef RTF_PRCLONING + rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING)); +-#else ++#else /* !RTF_PRCLONING */ ++ rtalloc_ign(&ro, RTF_CLONING); ++#endif ++#else /* ! __FreeBSD__ */ + rtalloc_noclone(&ro, NO_CLONING); + #endif + rt = ro.ro_rt; +@@ -2370,9 +2383,13 @@ + dst6->sin6_len = sizeof(*dst6); + dst6->sin6_addr = addr->v6; + #if defined(__FreeBSD__) ++#ifdef RTF_PRCLONING + rtalloc_ign((struct route *)&ro6, + (RTF_CLONING | RTF_PRCLONING)); +-#else ++#else /* !RTF_PRCLONING */ ++ rtalloc_ign((struct route *)&ro6, RTF_CLONING); ++#endif ++#else /* ! __FreeBSD__ */ + rtalloc_noclone((struct route *)&ro6, NO_CLONING); + #endif + rt = ro6.ro_rt; +@@ -4731,8 +4748,12 @@ + dst->sin_len = sizeof(*dst); + dst->sin_addr = addr->v4; + #if defined(__FreeBSD__) ++#ifdef RTF_PRCLONING + rtalloc_ign(&ro, (RTF_CLONING|RTF_PRCLONING)); +-#else ++#else /* !RTF_PRCLONING */ ++ rtalloc_ign(&ro, RTF_CLONING); ++#endif ++#else /* ! __FreeBSD__ */ + rtalloc_noclone(&ro, NO_CLONING); + #endif + +@@ -5044,7 +5065,8 @@ + m0->m_pkthdr.csum_flags &= ifp->if_hwassist; + + if (ntohs(ip->ip_len) <= ifp->if_mtu || +- ifp->if_hwassist & CSUM_FRAGMENT) { ++ (ifp->if_hwassist & CSUM_FRAGMENT && ++ ((ip->ip_off & htons(IP_DF)) == 0))) { + /* + * ip->ip_len = htons(ip->ip_len); + * ip->ip_off = htons(ip->ip_off); diff -ruN pf.orig/files/patch-ad pf/files/patch-ad --- pf.orig/files/patch-ad Thu Jan 1 01:00:00 1970 +++ pf/files/patch-ad Fri Nov 21 14:36:15 2003 @@ -0,0 +1,23 @@ +--- freebsd_libpcap/savefile.c.orig Fri Nov 21 14:35:34 2003 ++++ freebsd_libpcap/savefile.c Fri Nov 21 14:35:46 2003 +@@ -178,6 +178,9 @@ + #define LINKTYPE_HDLC 112 /* NetBSD HDLC framing */ + #define LINKTYPE_IPFILTER 116 /* IP Filter capture files */ + #define LINKTYPE_PFLOG 117 /* OpenBSD DLT_PFLOG */ ++#if defined(DLT_PFSYNC) ++#define LINKTYPE_PFSYNC DLT_PFSYNC ++#endif + + static struct linktype_map { + int dlt; +@@ -271,6 +274,10 @@ + * defining DLT_* values that collide with those + * LINKTYPE_* values, either). + */ ++ { DLT_PFLOG, LINKTYPE_PFLOG }, ++#if defined(DLT_PFSYNC) ++ { DLT_PFSYNC, LINKTYPE_PFSYNC }, ++#endif + { -1, -1 } + }; + --- pf-port.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: