ports/59548: [Maintainer-update:] security/pf - fix build for __FreeBSD_version > 501114

Max Laier max at love2party.net
Fri Nov 21 13:50:20 UTC 2003 

>Number:         59548
>Category:       ports
>Synopsis:       [Maintainer-update:] security/pf - fix build for __FreeBSD_version > 501114
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 21 05:50:17 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Max Laier
>Release:        FreeBSD 5.1-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #1: Sun Oct 5 17:38:55 CEST 2003 root at router.laiers.local:/usr/obj/usr/src/sys/ALTQ i386


	
>Description:
	Supersedes ports/59442 and fixes the following:
	 - Build with __FreeBSD_version > 501114 (see bms commit)
	 - Build with new route.h (no RTF_PRCLONING)
	 - Don't use hardware assistance on framentation when DF is set.
	 - Allow pftcpdump -w to be used with pfsync.
	
	Found-by: bento / Pyun YongHyeon
>How-To-Repeat:
	
>Fix:
	Please remove intermediate patch!!! i.e. back-out bms' commit!
	

--- pf-port.diff begins here ---
diff -ruN pf.orig/Makefile pf/Makefile
--- pf.orig/Makefile	Fri Nov 21 14:31:34 2003
+++ pf/Makefile	Fri Nov 21 14:42:15 2003
@@ -7,6 +7,7 @@
 
 PORTNAME=	pf_freebsd
 PORTVERSION=	2.00
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://pf4freebsd.love2party.net/
 .if defined(WITH_ALTQ) && (${WITH_ALTQ} == "yes")
diff -ruN pf.orig/files/patch-ac pf/files/patch-ac
--- pf.orig/files/patch-ac	Thu Jan  1 01:00:00 1970
+++ pf/files/patch-ac	Fri Nov 21 14:34:24 2003
@@ -0,0 +1,98 @@
+--- pf/pf.c.orig	Fri Nov 21 14:32:14 2003
++++ pf/pf.c	Fri Nov 21 14:32:33 2003
+@@ -1250,8 +1250,10 @@
+ 	struct tcphdr	*th;
+ #if defined(__FreeBSD__)
+ 	struct ip 	*ip;
++#if (__FreeBSD_version < 501114)
+ 	struct route 	 ro;
+ #endif
++#endif
+ 	char *opt;
+ 
+ 	/* maximum segment size tcp option */
+@@ -1366,7 +1368,6 @@
+ 		h->ip_ttl = ttl ? ttl : ip_defttl;
+ 		h->ip_sum = 0;
+ #if defined(__FreeBSD__)
+-		bzero(&ro, sizeof(ro));
+ 		ip = mtod(m, struct ip *);
+ 		/*
+ 		 * XXX
+@@ -1376,6 +1377,8 @@
+ 		 */
+ 		NTOHS(ip->ip_len);
+ 		NTOHS(ip->ip_off);
++#if (__FreeBSD_version < 501114)
++		bzero(&ro, sizeof(ro));
+ 		ip_rtaddr(ip->ip_dst, &ro);
+ 		PF_UNLOCK();
+ 		ip_output(m, (void *)NULL, &ro, 0, (void *)NULL,
+@@ -1384,7 +1387,13 @@
+ 		if(ro.ro_rt) {
+ 			RTFREE(ro.ro_rt);
+ 		}
+-#else
++#else /* __FreeBSD_version >= 501114 */
++		PF_UNLOCK();
++		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
++			(void *)NULL);
++		PF_LOCK();
++#endif
++#else /* ! __FreeBSD__ */
+ 		ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL,
+ 		    (void *)NULL);
+ #endif
+@@ -2354,8 +2363,12 @@
+ 		dst->sin_len = sizeof(*dst);
+ 		dst->sin_addr = addr->v4;
+ #if defined(__FreeBSD__)
++#ifdef RTF_PRCLONING
+ 		rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING));
+-#else
++#else /* !RTF_PRCLONING */
++		rtalloc_ign(&ro, RTF_CLONING);
++#endif
++#else /* ! __FreeBSD__ */
+ 		rtalloc_noclone(&ro, NO_CLONING);
+ #endif
+ 		rt = ro.ro_rt;
+@@ -2370,9 +2383,13 @@
+ 		dst6->sin6_len = sizeof(*dst6);
+ 		dst6->sin6_addr = addr->v6;
+ #if defined(__FreeBSD__)
++#ifdef RTF_PRCLONING
+ 		rtalloc_ign((struct route *)&ro6,
+ 		    (RTF_CLONING | RTF_PRCLONING));
+-#else
++#else /* !RTF_PRCLONING */
++		rtalloc_ign((struct route *)&ro6, RTF_CLONING);
++#endif
++#else /* ! __FreeBSD__ */
+ 		rtalloc_noclone((struct route *)&ro6, NO_CLONING);
+ #endif
+ 		rt = ro6.ro_rt;
+@@ -4731,8 +4748,12 @@
+ 	dst->sin_len = sizeof(*dst);
+ 	dst->sin_addr = addr->v4;
+ #if defined(__FreeBSD__)
++#ifdef RTF_PRCLONING
+ 	rtalloc_ign(&ro, (RTF_CLONING|RTF_PRCLONING));
+-#else
++#else /* !RTF_PRCLONING */
++	rtalloc_ign(&ro, RTF_CLONING);
++#endif
++#else /* ! __FreeBSD__ */
+ 	rtalloc_noclone(&ro, NO_CLONING);
+ #endif
+ 
+@@ -5044,7 +5065,8 @@
+ 	m0->m_pkthdr.csum_flags &= ifp->if_hwassist;
+ 
+ 	if (ntohs(ip->ip_len) <= ifp->if_mtu ||
+-		ifp->if_hwassist & CSUM_FRAGMENT) {
++	    (ifp->if_hwassist & CSUM_FRAGMENT &&
++		((ip->ip_off & htons(IP_DF)) == 0))) {
+ 		/*
+ 		 * ip->ip_len = htons(ip->ip_len);
+ 		 * ip->ip_off = htons(ip->ip_off);
diff -ruN pf.orig/files/patch-ad pf/files/patch-ad
--- pf.orig/files/patch-ad	Thu Jan  1 01:00:00 1970
+++ pf/files/patch-ad	Fri Nov 21 14:36:15 2003
@@ -0,0 +1,23 @@
+--- freebsd_libpcap/savefile.c.orig	Fri Nov 21 14:35:34 2003
++++ freebsd_libpcap/savefile.c	Fri Nov 21 14:35:46 2003
+@@ -178,6 +178,9 @@
+ #define LINKTYPE_HDLC		112		/* NetBSD HDLC framing */
+ #define LINKTYPE_IPFILTER	116		/* IP Filter capture files */
+ #define LINKTYPE_PFLOG		117		/* OpenBSD DLT_PFLOG */
++#if defined(DLT_PFSYNC)
++#define LINKTYPE_PFSYNC		DLT_PFSYNC
++#endif
+ 
+ static struct linktype_map {
+ 	int	dlt;
+@@ -271,6 +274,10 @@
+ 	 *	defining DLT_* values that collide with those
+ 	 *	LINKTYPE_* values, either).
+ 	 */
++	{ DLT_PFLOG,		LINKTYPE_PFLOG },
++#if defined(DLT_PFSYNC)
++	{ DLT_PFSYNC,		LINKTYPE_PFSYNC },
++#endif
+ 	{ -1,			-1 }
+ };
+ 
--- pf-port.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list