Module Name:	pkgsrc
Committed By:	peter
Date:		Sat Dec  4 15:01:55 UTC 2004

Modified Files:
	pkgsrc/security/pflkm: Makefile distinfo

Log Message:
Changes up to 20041204:

* improved cleanup routines to make sure that no memory is leaking.
* applied patch to pf.c from OPENBSD_3_6 branch:
    fix a bug that leads to a crash when binat rules of the form
    'binat from ... to ... -> (if)' are used, where the interface is dynamic.
* added (unsigned char) casts to ctype functions.
* added experimental patch for ALTQ support.
* applied patch to pfctl_parser.c from OPENBSD_3_6 branch:
    do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h
* applied patch to pf.c from OPENBSD_3_6 branch:
    The flag to re-filter pf-generated packets was set wrong by synproxy
    for ACKs. It should filter the ACK replayed to the server, instead of
    of the one to the client.
* applied patch to pf.c from OPENBSD_3_6 branch:
    For RST generated due to state mismatch during handshake, don't set
    th_flags TH_ACK and leave th_ack 0, just like the RST generated by
    the stack in this case. Fixes the Raptor workaround.
* applied patch to pf_lkm.c from NetBSD HEAD:
    pfil4_wrapper, pfil6_wrapper:
    ensure that mbufs are writable beforehand as pf assumes it.
* applied patch to pf.c from OPENBSD_3_6 branch:
    reset anchor pointer to NULL when stepping back into the main ruleset,
    fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr
    showing wrong state counters for anchor rules.


To generate a diff of this commit:
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/pflkm/Makefile \
    pkgsrc/security/pflkm/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.