CVS Update: src

[Dan Brosemer <odin@akbar.cleannorth.org>]

CVSROOT:	/cvs
Module name:	src
Repository:	src/sys/net/
Changes by:	odin@akbar.cleannorth.org.	05/01/12 18:12:10

Modified files:
	src/sys/net/: pf.c 

Log message:
	From OPENBSD_3_6
	
	MFC:
	Fix by dhartmei@
	
	fix a bug that leads to a crash when binat rules of the form
	'binat from ... to ... -> (if)' are used, where the interface
	is dynamic. reported by kos(at)bastard(dot)net, analyzed by
	Pyun YongHyeon
	
	ok deraadt@
	
	MFC:
	Fix by mcbride@
	
	Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
	prevents a possible endless loop in pf_get_sport() with 'static-port'
	
	Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging
	by dhartmei@
	
	ok mcbride@ dhartmei@ deraadt@ henning@
	
	MFC:
	Fix by dhartmei@
	
	IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
	header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
	the header chain. In the case where headers are skipped, the protocol
	checksum verification used the wrong length (included the skipped headers),
	leading to incorrectly mismatching checksums. Such IPv6 packets with
	headers were silently dropped. Reported by Bernhard Schmidt.
	
	ok deraadt@ dhartmei@ mcbride@
	
	MFC:
	Fix by dhartmei@
	
	ICMP state entries use the ICMP ID as port for the unique state key. When
	checking for a usable key, construct the key in the same way. Otherwise,
	a colliding key might be missed or a state insertion might be refused even
	though it could be inserted. The second case triggers the endless loop
	fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
	Report and test data by Srebrenko Sehic.
	
	ok deraadt@