From 01c3818b6b668c0adfaeb655ee0a7ab2a7b9f890 Mon Sep 17 00:00:00 2001
From: henning <henning@openbsd.org>
Date: Tue, 30 May 2017 08:10:01 +0000
Subject: [PATCH] teach pf_build_tcp() about SACK, ok & with sashan

---
 sys/net/pf.c    | 18 +++++++++++++-----
 sys/net/pfvar.h |  4 ++--
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 35482602050..c2ec6b85762 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1031 2017/05/29 14:18:32 mpi Exp $ */
+/*	$OpenBSD: pf.c,v 1.1032 2017/05/30 08:10:01 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -2693,7 +2693,7 @@ pf_build_tcp(const struct pf_rule *r, sa_family_t af,
     const struct pf_addr *saddr, const struct pf_addr *daddr,
     u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
     u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
-    u_int16_t rtag, u_int rdom)
+    u_int16_t rtag, u_int sack, u_int rdom)
 {
 	struct mbuf	*m;
 	int		 len, tlen;
@@ -2708,6 +2708,8 @@ pf_build_tcp(const struct pf_rule *r, sa_family_t af,
 	tlen = sizeof(struct tcphdr);
 	if (mss)
 		tlen += 4;
+	if (sack)
+		tlen += 2;
 
 	switch (af) {
 	case AF_INET:
@@ -2782,12 +2784,18 @@ pf_build_tcp(const struct pf_rule *r, sa_family_t af,
 	th->th_flags = flags;
 	th->th_win = htons(win);
 
+	opt = (char *)(th + 1);
 	if (mss) {
-		opt = (char *)(th + 1);
 		opt[0] = TCPOPT_MAXSEG;
 		opt[1] = 4;
 		mss = htons(mss);
 		memcpy((opt + 2), &mss, 2);
+		opt += 4;
+	}
+	if (sack) {
+		opt[0] = TCPOPT_SACK_PERMITTED;
+		opt[1] = 2;
+		opt += 2;
 	}
 
 	return (m);
@@ -2800,10 +2808,10 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
     u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag,
     u_int16_t rtag, u_int rdom)
 {
-	struct mbuf     *m;
+	struct mbuf	*m;
 
 	if ((m = pf_build_tcp(r, af, saddr, daddr, sport, dport, seq, ack,
-	     flags, win, mss, ttl, tag, rtag, rdom)) == NULL)
+	    flags, win, mss, ttl, tag, rtag, 0, rdom)) == NULL)
 		return;
 
 	switch (af) {
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index afa3650049e..a8ba6f1394e 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.454 2017/05/28 16:43:45 bluhm Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.455 2017/05/30 08:10:01 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1881,7 +1881,7 @@ struct mbuf *		 pf_build_tcp(const struct pf_rule *, sa_family_t,
 			    const struct pf_addr *, const struct pf_addr *,
 			    u_int16_t, u_int16_t, u_int32_t, u_int32_t,
 			    u_int8_t, u_int16_t, u_int16_t, u_int8_t, int,
-			    u_int16_t, u_int);
+			    u_int16_t, u_int, u_int);
 void			 pf_send_tcp(const struct pf_rule *, sa_family_t,
 			    const struct pf_addr *, const struct pf_addr *,
 			    u_int16_t, u_int16_t, u_int32_t, u_int32_t,
-- 
2.20.1