Date: Thu, 14 Sep 2006 21:43:38 -0400 From: "Scott Ullrich" <sullrich@gmail.com> To: "Larry Baird" <lab@gta.com> Cc: freebsd-net@freebsd.org Subject: Re: FAST_IPSEC NAT-T support Message-ID: <d5992baf0609141843t5b81cf77w4d35a3a36beced1c@mail.gmail.com> In-Reply-To: <20060914093034.A83805@gta.com> References: <20060914093034.A83805@gta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/14/06, Larry Baird <lab@gta.com> wrote: > Please find attached two patches for adding FAST_IPSEC NAT-T support to > FreeBSD 6.x. The patch "freebsd6-fastipsec-natt.diff" is dependent > upon Yvan's IPSEC NAT-T patch "freebsd6-natt.diff" which can be found at > http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/. The second > patch "freebsd6-ipsec-fastipsec-natt.diff" is a cumulative patch > combining both patches together. This is great! It compiles on FreeBSD 6.1 when you include options IPSEC_NAT_T but when you fail to include this item "options IPSEC_NAT_T" in addition to including "options FAST_IPSEC" you end up with: cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf -I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -ffreestanding -Werror /usr/src/sys/netipsec/key.c /usr/src/sys/netipsec/key.c: In function `key_spdadd': /usr/src/sys/netipsec/key.c:1867: error: `isr' undeclared (first use in this function) /usr/src/sys/netipsec/key.c:1867: error: (Each undeclared identifier is reported only once /usr/src/sys/netipsec/key.c:1867: error: for each function it appears in.) *** Error code 1 Stop in /usr/obj/usr/src/sys/pfSense.6. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. Meanwhile I have a new version of pfSense out asking for testing. We seem to have a large base of users requesting this option so hopefully I can get some meaningful testing information for you soon. Thanks again! Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf0609141843t5b81cf77w4d35a3a36beced1c>