Date: Fri, 18 Jul 2008 09:08:23 -0500 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-net@freebsd.org Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] Message-ID: <4880A3D7.5020300@shrew.net> In-Reply-To: <4880973B.2010200@shrew.net> References: <4880973B.2010200@shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------020802050609030006070708 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit > On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote: > > > This adds only the kernel portion of the NAT-T support; you must provide > > the user-level code from another place. > > Note for people who are interested: > user-level code comes from ipsec-tools, as for previous versions of > the NAT-T patch. > > Sam's changes have only impacts on the kernel itself, so if you are > already running a FreeBSD kernel+userland with NAT-T patchset, you'll > only need to repatch/rebuild your kernel, rebuilding world (at least > includes) and ipsec-tools is NOT needed. > > Of course, if you're running a FreeBSD host which actually does know > NOTHING about NAT-T, you'll need to apply the patch, rebuild your > kernel, at least rebuild includes (or ipsec-tools won't detect NAT-T > support), then rebuild ipsec-tools. > For anyone trying to install ipsec-tools to test this patch, its worth mentioning that the port has a build issues on CURRENT. This has been corrected in cvs and the 7-branch of ipsec-tools. As a quick remedy, a patch is attached that can be applied to the port work sources. -Matthew --------------020802050609030006070708 Content-Type: text/plain; name="ipsec-tools-fbsd8.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipsec-tools-fbsd8.diff" Index: src/racoon/crypto_openssl.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v retrieving revision 1.11.6.1 diff -u -r1.11.6.1 crypto_openssl.c --- src/racoon/crypto_openssl.c 18 Dec 2006 10:18:10 -0000 1.11.6.1 +++ src/racoon/crypto_openssl.c 18 Jul 2008 13:45:05 -0000 @@ -675,7 +675,7 @@ { plog(LLV_ERROR, LOCATION, NULL, "data is not terminated by NUL."); - hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); + racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); goto end; } Index: src/racoon/eaytest.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/eaytest.c,v retrieving revision 1.7.6.1 diff -u -r1.7.6.1 eaytest.c --- src/racoon/eaytest.c 6 Jun 2007 15:36:38 -0000 1.7.6.1 +++ src/racoon/eaytest.c 18 Jul 2008 13:45:05 -0000 @@ -65,7 +65,7 @@ #include "package_version.h" -#define PVDUMP(var) hexdump((var)->v, (var)->l) +#define PVDUMP(var) racoon_hexdump((var)->v, (var)->l) /*#define CERTTEST_BROKEN */ Index: src/racoon/misc.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.c,v retrieving revision 1.4 diff -u -r1.4 misc.c --- src/racoon/misc.c 9 Sep 2006 16:22:09 -0000 1.4 +++ src/racoon/misc.c 18 Jul 2008 13:45:05 -0000 @@ -73,7 +73,7 @@ #endif int -hexdump(buf0, len) +racoon_hexdump(buf0, len) void *buf0; size_t len; { Index: src/racoon/misc.h =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.h,v retrieving revision 1.4 diff -u -r1.4 misc.h --- src/racoon/misc.h 9 Sep 2006 16:22:09 -0000 1.4 +++ src/racoon/misc.h 18 Jul 2008 13:45:05 -0000 @@ -42,7 +42,7 @@ #define LOCATION debug_location(__FILE__, __LINE__, NULL) #endif -extern int hexdump __P((void *, size_t)); +extern int racoon_hexdump __P((void *, size_t)); extern char *bit2str __P((int, int)); extern void *get_newbuf __P((void *, size_t)); extern const char *debug_location __P((const char *, int, const char *)); Index: src/racoon/racoonctl.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v retrieving revision 1.7 diff -u -r1.7 racoonctl.c --- src/racoon/racoonctl.c 2 Oct 2006 07:12:26 -0000 1.7 +++ src/racoon/racoonctl.c 18 Jul 2008 13:45:06 -0000 @@ -303,7 +303,7 @@ err(1, "kmpstat"); if (loglevel) - hexdump(combuf, ((struct admin_com *)combuf)->ac_len); + racoon_hexdump(combuf, ((struct admin_com *)combuf)->ac_len); com_init(); --------------020802050609030006070708--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4880A3D7.5020300>