Date: Fri, 18 Jul 2008 09:08:23 -0500 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-net@freebsd.org Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] Message-ID: <4880A3D7.5020300@shrew.net> In-Reply-To: <4880973B.2010200@shrew.net> References: <4880973B.2010200@shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------020802050609030006070708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
> On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote:
>
> > This adds only the kernel portion of the NAT-T support; you must provide
> > the user-level code from another place.
>
> Note for people who are interested:
> user-level code comes from ipsec-tools, as for previous versions of
> the NAT-T patch.
>
> Sam's changes have only impacts on the kernel itself, so if you are
> already running a FreeBSD kernel+userland with NAT-T patchset, you'll
> only need to repatch/rebuild your kernel, rebuilding world (at least
> includes) and ipsec-tools is NOT needed.
>
> Of course, if you're running a FreeBSD host which actually does know
> NOTHING about NAT-T, you'll need to apply the patch, rebuild your
> kernel, at least rebuild includes (or ipsec-tools won't detect NAT-T
> support), then rebuild ipsec-tools.
>
For anyone trying to install ipsec-tools to test this patch, its worth
mentioning that the port has a build issues on CURRENT. This has been
corrected in cvs and the 7-branch of ipsec-tools. As a quick remedy, a
patch is attached that can be applied to the port work sources.
-Matthew
--------------020802050609030006070708
Content-Type: text/plain;
name="ipsec-tools-fbsd8.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ipsec-tools-fbsd8.diff"
Index: src/racoon/crypto_openssl.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
retrieving revision 1.11.6.1
diff -u -r1.11.6.1 crypto_openssl.c
--- src/racoon/crypto_openssl.c 18 Dec 2006 10:18:10 -0000 1.11.6.1
+++ src/racoon/crypto_openssl.c 18 Jul 2008 13:45:05 -0000
@@ -675,7 +675,7 @@
{
plog(LLV_ERROR, LOCATION, NULL,
"data is not terminated by NUL.");
- hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
+ racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
goto end;
}
Index: src/racoon/eaytest.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/eaytest.c,v
retrieving revision 1.7.6.1
diff -u -r1.7.6.1 eaytest.c
--- src/racoon/eaytest.c 6 Jun 2007 15:36:38 -0000 1.7.6.1
+++ src/racoon/eaytest.c 18 Jul 2008 13:45:05 -0000
@@ -65,7 +65,7 @@
#include "package_version.h"
-#define PVDUMP(var) hexdump((var)->v, (var)->l)
+#define PVDUMP(var) racoon_hexdump((var)->v, (var)->l)
/*#define CERTTEST_BROKEN */
Index: src/racoon/misc.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.c,v
retrieving revision 1.4
diff -u -r1.4 misc.c
--- src/racoon/misc.c 9 Sep 2006 16:22:09 -0000 1.4
+++ src/racoon/misc.c 18 Jul 2008 13:45:05 -0000
@@ -73,7 +73,7 @@
#endif
int
-hexdump(buf0, len)
+racoon_hexdump(buf0, len)
void *buf0;
size_t len;
{
Index: src/racoon/misc.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.h,v
retrieving revision 1.4
diff -u -r1.4 misc.h
--- src/racoon/misc.h 9 Sep 2006 16:22:09 -0000 1.4
+++ src/racoon/misc.h 18 Jul 2008 13:45:05 -0000
@@ -42,7 +42,7 @@
#define LOCATION debug_location(__FILE__, __LINE__, NULL)
#endif
-extern int hexdump __P((void *, size_t));
+extern int racoon_hexdump __P((void *, size_t));
extern char *bit2str __P((int, int));
extern void *get_newbuf __P((void *, size_t));
extern const char *debug_location __P((const char *, int, const char *));
Index: src/racoon/racoonctl.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v
retrieving revision 1.7
diff -u -r1.7 racoonctl.c
--- src/racoon/racoonctl.c 2 Oct 2006 07:12:26 -0000 1.7
+++ src/racoon/racoonctl.c 18 Jul 2008 13:45:06 -0000
@@ -303,7 +303,7 @@
err(1, "kmpstat");
if (loglevel)
- hexdump(combuf, ((struct admin_com *)combuf)->ac_len);
+ racoon_hexdump(combuf, ((struct admin_com *)combuf)->ac_len);
com_init();
--------------020802050609030006070708--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4880A3D7.5020300>