diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index 750787db7e79..0472c274ab63 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.389.2.3 2004/04/10 09:38:19 brad Exp $ */
+/*	$OpenBSD: pf.c,v 1.389.2.4 2004/04/30 23:27:57 brad Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -4553,17 +4553,14 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	if (ifp == NULL)
 		goto bad;
 
-	mtag = m_tag_find(m0, PACKET_TAG_PF_ROUTED, NULL);
-	if (mtag == NULL) {
-		struct m_tag *mtag;
+	if (m_tag_find(m0, PACKET_TAG_PF_ROUTED, NULL) != NULL)
+		goto bad;
+	mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 0, M_NOWAIT);
+	if (mtag == NULL)
+		goto bad;
+	m_tag_prepend(m0, mtag);
 
-		mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 0, M_NOWAIT);
-		if (mtag == NULL)
-			goto bad;
-		m_tag_prepend(m0, mtag);
-	}
-
-	if (oifp != ifp && mtag == NULL) {
+	if (oifp != ifp) {
 		if (pf_test(PF_OUT, ifp, &m0) != PF_PASS)
 			goto bad;
 		else if (m0 == NULL)
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c
index 76fb8b80ce3f..8ac098381cfd 100644
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.81.2.1 2004/03/28 01:34:15 brad Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.81.2.2 2004/04/30 23:28:58 brad Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -73,7 +73,7 @@ void			 pfattach(int);
 int			 pfopen(dev_t, int, int, struct proc *);
 int			 pfclose(dev_t, int, int, struct proc *);
 struct pf_pool		*pf_get_pool(char *, char *, u_int32_t,
-			    u_int8_t, u_int8_t, u_int8_t, u_int8_t, u_int8_t);
+			    u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t);
 int			 pf_get_ruleset_number(u_int8_t);
 void			 pf_init_ruleset(struct pf_ruleset *);
 void			 pf_mv_pool(struct pf_palist *, struct pf_palist *);
@@ -170,7 +170,7 @@ pfclose(dev_t dev, int flags, int fmt, struct proc *p)
 
 struct pf_pool *
 pf_get_pool(char *anchorname, char *rulesetname, u_int32_t ticket,
-    u_int8_t rule_action, u_int8_t rule_number, u_int8_t r_last,
+    u_int8_t rule_action, u_int32_t rule_number, u_int8_t r_last,
     u_int8_t active, u_int8_t check_ticket)
 {
 	struct pf_ruleset	*ruleset;
diff --git a/sys/contrib/pf/net/pf_norm.c b/sys/contrib/pf/net/pf_norm.c
index 02b81985f2e4..19c532666156 100644
--- a/sys/contrib/pf/net/pf_norm.c
+++ b/sys/contrib/pf/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.75 2003/08/29 01:49:08 dhartmei Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.75.2.1 2004/04/30 23:28:36 brad Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1355,8 +1355,8 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd,
 				}
 				/* FALLTHROUGH */
 			default:
-				hlen -= opt[1];
-				opt += opt[1];
+				hlen -= MAX(opt[1], 2);
+				opt += MAX(opt[1], 2);
 				break;
 			}
 		}
@@ -1464,8 +1464,8 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,
 				}
 				/* FALLTHROUGH */
 			default:
-				hlen -= opt[1];
-				opt += opt[1];
+				hlen -= MAX(opt[1], 2);
+				opt += MAX(opt[1], 2);
 				break;
 			}
 		}