After applying FreeBSD-SA-24:05.pf, a problem with ICMP ECHO passing through PF NAT was raised: two or more Windows workstations cannot ping the same destination address at the same time. More precisely, only one workstation pings normally, while the pings of the others are rejected by the packet filter. The thing is that Windows always uses the same ICMP ID (1). Therefore, the state is created only for the workstation that started pinging earlier. In the pf_get_sport() function, we compare *nport with the ICMP_ECHO constant, while icmptype (virtual_type actually) is passed in the pd->ndport parameter. MFC after: 2 weeks Reviewed by: kp (cherry picked from commit e7abf8829d8d496a8753946f67fb2016851b4f7c)