From owner-freebsd-ipfw@FreeBSD.ORG  Thu Nov  6 13:47:57 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A5C9F16A4CE
	for <freebsd-ipfw@freebsd.org>; Thu,  6 Nov 2003 13:47:57 -0800 (PST)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7110C4400F
	for <freebsd-ipfw@freebsd.org>; Thu,  6 Nov 2003 13:47:56 -0800 (PST)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from localhost (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id 488F21FF90C; Thu,  6 Nov 2003 22:47:54 +0100 (CET)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id BA72C1FF8FA; Thu,  6 Nov 2003 22:47:52 +0100 (CET)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id 01469154E2; Thu,  6 Nov 2003 21:47:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id EAE4C15329; Thu,  6 Nov 2003 21:47:44 +0000 (UTC)
Date: Thu, 6 Nov 2003 21:47:44 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: freebsd-ipfw@freebsd.org
Message-ID: <Pine.BSF.4.53.0311062137160.653@e0-0.zab2.int.zabbadoz.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS snapshot-20020300
cc: Luigi Rizzo <rizzo@icir.org>
cc: patch@zabbadoz.net
cc: Hajimu UMEMOTO <ume@mahoroba.org>
Subject: HEAD ip_fw2 ipsec b0rked
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Nov 2003 21:47:57 -0000

Hi,

1) when someone fixes the
	panic: ipsec_gethist: obsolete API
   in netinet/ip_fw2.c


2) can you please also add the opt_ipsec.h from
	http://www.freebsd.org/cgi/query-pr.cgi?pr=58899


resp. review this __untested__ patch:


--- compile-crisco-20031106-1650/sys/netinet/ip_fw2.c.orig	Thu Nov  6 16:58:59 2003
+++ compile-crisco-20031106-1650/sys/netinet/ip_fw2.c	Thu Nov  6 21:45:03 2003
@@ -37,6 +37,7 @@
 #include "opt_ipdn.h"
 #include "opt_ipdivert.h"
 #include "opt_inet.h"
+#include "opt_ipsec.h"
 #ifndef INET
 #error IPFIREWALL requires INET.
 #endif /* INET */
@@ -1938,7 +1939,7 @@
 				    PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
 #endif
 #ifdef IPSEC
-				match = (ipsec_gethist(m, NULL) != NULL);
+				match = (ipsec_getnhist(m) != NULL);
 #endif
 				/* otherwise no match */
 				break;
@@ -2548,7 +2549,9 @@
 		case O_TCPOPTS:
 		case O_ESTAB:
 		case O_VERREVPATH:
+#if defined(IPSEC) || defined(FAST_IPSEC)
 		case O_IPSEC:
+#endif
 			if (cmdlen != F_INSN_SIZE(ipfw_insn))
 				goto bad_size;
 			break;

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/