From owner-freebsd-net@FreeBSD.ORG Fri Sep 15 01:43:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 652E416A403 for ; Fri, 15 Sep 2006 01:43:47 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 671DD43D6D for ; Fri, 15 Sep 2006 01:43:39 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so153859uge for ; Thu, 14 Sep 2006 18:43:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Kf8jrPXd0m/NYc5BXUUUsMnhdkT3sx57QFrROriCuFG6h8WtslouBLXVwnTM1JKr6ZEzjVJSEpUZzITCuj7KK9xCdOGf1F1ovnK+HtSO5xalODprP7aHKFEsVmEqhCgJV9lwqno46/5v/uSsTYlhobprwmMvYDQ4TTDKooSahMI= Received: by 10.67.100.17 with SMTP id c17mr5176089ugm; Thu, 14 Sep 2006 18:43:38 -0700 (PDT) Received: by 10.67.105.8 with HTTP; Thu, 14 Sep 2006 18:43:38 -0700 (PDT) Message-ID: Date: Thu, 14 Sep 2006 21:43:38 -0400 From: "Scott Ullrich" To: "Larry Baird" In-Reply-To: <20060914093034.A83805@gta.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060914093034.A83805@gta.com> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2006 01:43:47 -0000 On 9/14/06, Larry Baird wrote: > Please find attached two patches for adding FAST_IPSEC NAT-T support to > FreeBSD 6.x. The patch "freebsd6-fastipsec-natt.diff" is dependent > upon Yvan's IPSEC NAT-T patch "freebsd6-natt.diff" which can be found at > http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/. The second > patch "freebsd6-ipsec-fastipsec-natt.diff" is a cumulative patch > combining both patches together. This is great! It compiles on FreeBSD 6.1 when you include options IPSEC_NAT_T but when you fail to include this item "options IPSEC_NAT_T" in addition to including "options FAST_IPSEC" you end up with: cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf -I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -ffreestanding -Werror /usr/src/sys/netipsec/key.c /usr/src/sys/netipsec/key.c: In function `key_spdadd': /usr/src/sys/netipsec/key.c:1867: error: `isr' undeclared (first use in this function) /usr/src/sys/netipsec/key.c:1867: error: (Each undeclared identifier is reported only once /usr/src/sys/netipsec/key.c:1867: error: for each function it appears in.) *** Error code 1 Stop in /usr/obj/usr/src/sys/pfSense.6. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. Meanwhile I have a new version of pfSense out asking for testing. We seem to have a large base of users requesting this option so hopefully I can get some meaningful testing information for you soon. Thanks again! Scott