MFC:
Fix by dhartmei@
fix a bug that leads to a crash when binat rules of the form
'binat from ... to ... -> (if)' are used, where the interface
is dynamic. reported by kos(at)bastard(dot)net, analyzed by
Pyun YongHyeon.
MFC:
Fix by dhartmei@
The flag to re-filter pf-generated packets was set wrong by synproxy
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client.
MFC:
Fix by dhartmei@
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround.
> ----------------------------
> revision 1.58
> date: 2004/06/23 04:34:17; author: mcbride; state: Exp; lines: +5 -3
> pfr_commit_ktable calls functions that can result in the current
> ktable being destroyed, which makes it unsafe in a SLIST_FOREACH.
>
> Fix from Chris Pascoe
> ----------------------------
> revision 1.56
> date: 2004/06/11 05:21:20; author: mcbride; state: Exp; lines: +5 -3
> Eliminate a dereference after pool_put when an inactive/no-longer referenced
> table is destroyed in pfr_setflags_ktable.
>
> Fix from Chris Pascoe
> ----------------------------
- pfsync (due to protocol # assignment issues)
- carp (not really a PF portion, but thought important to mention)
- PF and ALTQ are mutually-exclusive. this will be sorted out when
kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween)
reviewed by matt, christos, perry
torture-test is very welcomed.