ports/57452: Fix port: security/pf

[Max Laier]

>Number:         57452
>Category:       ports
>Synopsis:       Fix port: security/pf
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 01 06:10:14 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Max Laier
>Release:        FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.1-RELEASE FreeBSD 5.1-RELEASE #1: Tue Aug 5 13:21:55 CEST 2003 mlaier at router.laiers.local:/usr/local/pfsys/freebsd/src/sys/i386/compile/SMP i386


	
>Description:
	Invalid use of atomic_set_int leads to wrong semantics. This can
	make pf disfunctional when it is enabled and disabled quickly.
>How-To-Repeat:
	#pfctl -e -f /etc/pf.conf;pfctl -d; pfctl -e
	After that, pf does not work anywore.
>Fix:
	Replace existing patch-ac (against pf/pf_ioctl.c) with this:

--- patch-ac begins here ---
--- pf/pf_ioctl.c.orig	Wed Sep 24 13:47:55 2003
+++ pf/pf_ioctl.c	Wed Oct  1 13:54:05 2003
@@ -201,7 +201,7 @@
 	/* psize */	nopsize,
 	/* flags */	0,
 	/* kqfilter */	nokqfilter,
-#else
+#elif (__FreeBSD_version < 501110)
 	.d_open =	pfopen,
 	.d_close =	pfclose,
 	.d_read =	noread,
@@ -215,6 +215,12 @@
 	.d_dump =	nodump,
 	.d_flags =	0,
 	.d_kqfilter =	nokqfilter,
+#else
+	.d_open =	pfopen,
+	.d_close =	pfclose,
+	.d_ioctl =	pfioctl,
+	.d_name =	PF_NAME,
+	.d_flags =	0,
 #endif
 };
 #endif /* __FreeBSD__ */
@@ -3249,7 +3255,7 @@
 #endif
 #endif /* __FreeBSD_version >= 501108 */
 
-	atomic_set_int(&pf_pfil_hooked, 1);
+	pf_pfil_hooked = 1;
 	return (0);
 }
 
@@ -3298,7 +3304,7 @@
 #endif
 #endif /* __FreeBSD_version >= 501108 */
 
-	atomic_set_int(&pf_pfil_hooked, 0);
+	pf_pfil_hooked = 0;
 	return (0);
 }
 
--- patch-ac ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: