Where is IPSec NAT-T support?

Scott Ullrich sullrich at gmail.com
Mon Sep 4 10:45:39 PDT 2006 

On 9/4/06, Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net> wrote:
> It does apply and compile to RELENG_6_1 and RELENG_6 of some days ago
> (unless you do not enable the option after applying the patch).
> At least it did for me.
> I am partly fine with the "does not work" (in all cases). I am
> currently debugging this.

I should know better to make statements like this and not backup my
claim with hard data :)

The problem is that after applying the patch and building a kernel,
the kernel build errors out with this:

cc -c -O -pipe  -Wall -Wredundant-decls -Wnested-externs
-Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith -Winline
-Wcast-qual  -fformat-extensions -std=c99 -g -nostdinc -I-  -I.
-I/usr/src/sys -I/usr/src/sys/contrib/altq
-I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf
-I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd
-I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -D_KERNEL
-DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common
-finline-limit=8000 --param inline-unit-growth=100 --param
large-function-growth=1000  -mno-align-long-strings
-mpreferred-stack-boundary=2  -mno-mmx -mno-3dnow -mno-sse -mno-sse2
-ffreestanding -Werror  /usr/src/sys/netinet/udp_usrreq.c
In file included from /usr/src/sys/netinet6/ipsec.h:46,
                 from /usr/src/sys/netinet/udp_usrreq.c:88:
/usr/src/sys/netkey/keydb.h:54: error: redefinition of `struct secasindex'
/usr/src/sys/netkey/keydb.h:64: error: redefinition of `struct secashead'
/usr/src/sys/netkey/keydb.h:74: error: redefinition of `struct _satree'
/usr/src/sys/netkey/keydb.h:86: error: redefinition of `struct secasvar'
/usr/src/sys/netkey/keydb.h:127: error: redefinition of `struct secreplay'
/usr/src/sys/netkey/keydb.h:137: error: redefinition of `struct secreg'
/usr/src/sys/netkey/keydb.h:145: error: redefinition of `struct secacq'
/usr/src/sys/netkey/keydb.h:169: warning: redundant redeclaration of
'keydb_newsecpolicy'
/usr/src/sys/netipsec/keydb.h:172: warning: previous declaration of
'keydb_newsecpolicy' was here
/usr/src/sys/netkey/keydb.h:171: warning: redundant redeclaration of
'keydb_delsecpolicy'
/usr/src/sys/netipsec/keydb.h:173: warning: previous declaration of
'keydb_delsecpolicy' was here
/usr/src/sys/netkey/keydb.h:175: warning: redundant redeclaration of
'keydb_newsecashead'
/usr/src/sys/netipsec/keydb.h:175: warning: previous declaration of
'keydb_newsecashead' was here
/usr/src/sys/netkey/keydb.h:176: warning: redundant redeclaration of
'keydb_delsecashead'
/usr/src/sys/netipsec/keydb.h:176: warning: previous declaration of
'keydb_delsecashead' was here
/usr/src/sys/netkey/keydb.h:178: warning: redundant redeclaration of
'keydb_newsecasvar'
/usr/src/sys/netipsec/keydb.h:178: warning: previous declaration of
'keydb_newsecasvar' was here
/usr/src/sys/netkey/keydb.h:181: warning: redundant redeclaration of
'keydb_newsecreplay'
/usr/src/sys/netipsec/keydb.h:182: warning: previous declaration of
'keydb_newsecreplay' was here
/usr/src/sys/netkey/keydb.h:182: warning: redundant redeclaration of
'keydb_delsecreplay'
/usr/src/sys/netipsec/keydb.h:183: warning: previous declaration of
'keydb_delsecreplay' was here
/usr/src/sys/netkey/keydb.h:184: warning: redundant redeclaration of
'keydb_newsecreg'
/usr/src/sys/netipsec/keydb.h:185: warning: previous declaration of
'keydb_newsecreg' was here
/usr/src/sys/netkey/keydb.h:185: warning: redundant redeclaration of
'keydb_delsecreg'
/usr/src/sys/netipsec/keydb.h:186: warning: previous declaration of
'keydb_delsecreg' was here
In file included from /usr/src/sys/netinet/udp_usrreq.c:88:
/usr/src/sys/netinet6/ipsec.h:56: error: redefinition of `struct secpolicyindex'
/usr/src/sys/netinet6/ipsec.h:71: error: redefinition of `struct secpolicy'
/usr/src/sys/netinet6/ipsec.h:111: error: redefinition of `struct ipsecrequest'
/usr/src/sys/netinet6/ipsec.h:126: error: redefinition of `struct inpcbpolicy'
/usr/src/sys/netinet6/ipsec.h:141: error: redefinition of `struct secspacq'
/usr/src/sys/netinet6/ipsec.h:212: error: redefinition of `struct ipsecstat'
/usr/src/sys/netinet6/ipsec.h:302: error: redefinition of `struct
ipsec_output_state'
/usr/src/sys/netinet6/ipsec.h:309: error: redefinition of `struct ipsec_history'
/usr/src/sys/netinet6/ipsec.h:314: warning: redundant redeclaration of
'ipsec_debug'
/usr/src/sys/netipsec/ipsec.h:332: warning: previous declaration of
'ipsec_debug' was here
/usr/src/sys/netinet6/ipsec.h:318: error: conflicting types for 'ip4_def_policy'
/usr/src/sys/netipsec/ipsec.h:335: error: previous declaration of
'ip4_def_policy' was here
/usr/src/sys/netinet6/ipsec.h:318: error: conflicting types for 'ip4_def_policy'
/usr/src/sys/netipsec/ipsec.h:335: error: previous declaration of
'ip4_def_policy' was here
/usr/src/sys/netinet6/ipsec.h:319: warning: redundant redeclaration of
'ip4_esp_trans_deflev'
/usr/src/sys/netipsec/ipsec.h:336: warning: previous declaration of
'ip4_esp_trans_deflev' was here
/usr/src/sys/netinet6/ipsec.h:320: warning: redundant redeclaration of
'ip4_esp_net_deflev'
/usr/src/sys/netipsec/ipsec.h:337: warning: previous declaration of
'ip4_esp_net_deflev' was here
/usr/src/sys/netinet6/ipsec.h:321: warning: redundant redeclaration of
'ip4_ah_trans_deflev'
/usr/src/sys/netipsec/ipsec.h:338: warning: previous declaration of
'ip4_ah_trans_deflev' was here
/usr/src/sys/netinet6/ipsec.h:322: warning: redundant redeclaration of
'ip4_ah_net_deflev'
/usr/src/sys/netipsec/ipsec.h:339: warning: previous declaration of
'ip4_ah_net_deflev' was here
/usr/src/sys/netinet6/ipsec.h:323: warning: redundant redeclaration of
'ip4_ah_cleartos'
/usr/src/sys/netipsec/ipsec.h:340: warning: previous declaration of
'ip4_ah_cleartos' was here
/usr/src/sys/netinet6/ipsec.h:324: warning: redundant redeclaration of
'ip4_ah_offsetmask'
/usr/src/sys/netipsec/ipsec.h:341: warning: previous declaration of
'ip4_ah_offsetmask' was here
/usr/src/sys/netinet6/ipsec.h:325: warning: redundant redeclaration of
'ip4_ipsec_dfbit'
/usr/src/sys/netipsec/ipsec.h:342: warning: previous declaration of
'ip4_ipsec_dfbit' was here
/usr/src/sys/netinet6/ipsec.h:326: warning: redundant redeclaration of
'ip4_ipsec_ecn'
/usr/src/sys/netipsec/ipsec.h:343: warning: previous declaration of
'ip4_ipsec_ecn' was here
/usr/src/sys/netinet6/ipsec.h:327: warning: redundant redeclaration of
'ip4_esp_randpad'
/usr/src/sys/netipsec/ipsec.h:344: warning: previous declaration of
'ip4_esp_randpad' was here
In file included from /usr/src/sys/netinet/udp_usrreq.c:88:
/usr/src/sys/netinet6/ipsec.h:330:1: "ipseclog" redefined
In file included from /usr/src/sys/netinet/udp_usrreq.c:79:
/usr/src/sys/netipsec/ipsec.h:347:1: this is the location of the
previous definition
/usr/src/sys/netinet6/ipsec.h:345: error: conflicting types for
'ipsec_get_reqlevel'
/usr/src/sys/netipsec/ipsec.h:372: error: previous declaration of
'ipsec_get_reqlevel' was here
/usr/src/sys/netinet6/ipsec.h:345: error: conflicting types for
'ipsec_get_reqlevel'
/usr/src/sys/netipsec/ipsec.h:372: error: previous declaration of
'ipsec_get_reqlevel' was here
/usr/src/sys/netinet6/ipsec.h:347: warning: redundant redeclaration of
'ipsec4_set_policy'
/usr/src/sys/netipsec/ipsec.h:375: warning: previous declaration of
'ipsec4_set_policy' was here
/usr/src/sys/netinet6/ipsec.h:348: warning: redundant redeclaration of
'ipsec4_get_policy'
/usr/src/sys/netipsec/ipsec.h:377: warning: previous declaration of
'ipsec4_get_policy' was here
/usr/src/sys/netinet6/ipsec.h:350: warning: redundant redeclaration of
'ipsec4_delete_pcbpolicy'
/usr/src/sys/netipsec/ipsec.h:379: warning: previous declaration of
'ipsec4_delete_pcbpolicy' was here
/usr/src/sys/netinet6/ipsec.h:351: warning: redundant redeclaration of
'ipsec4_in_reject'
/usr/src/sys/netipsec/ipsec.h:380: warning: previous declaration of
'ipsec4_in_reject' was here
/usr/src/sys/netinet6/ipsec.h:356: warning: redundant redeclaration of
'ipsec_chkreplay'
/usr/src/sys/netipsec/ipsec.h:384: warning: previous declaration of
'ipsec_chkreplay' was here
/usr/src/sys/netinet6/ipsec.h:357: warning: redundant redeclaration of
'ipsec_updatereplay'
/usr/src/sys/netipsec/ipsec.h:385: warning: previous declaration of
'ipsec_updatereplay' was here
/usr/src/sys/netinet6/ipsec.h:359: warning: redundant redeclaration of
'ipsec4_hdrsiz'
/usr/src/sys/netipsec/ipsec.h:387: warning: previous declaration of
'ipsec4_hdrsiz' was here
/usr/src/sys/netinet6/ipsec.h:360: warning: redundant redeclaration of
'ipsec_hdrsiz_tcp'
/usr/src/sys/netipsec/ipsec.h:388: warning: previous declaration of
'ipsec_hdrsiz_tcp' was here
/usr/src/sys/netinet6/ipsec.h:364: warning: redundant redeclaration of
'ipsec_logsastr'
/usr/src/sys/netipsec/ipsec.h:392: warning: previous declaration of
'ipsec_logsastr' was here
/usr/src/sys/netinet6/ipsec.h:366: warning: redundant redeclaration of
'ipsec_dumpmbuf'
/usr/src/sys/netipsec/ipsec.h:394: warning: previous declaration of
'ipsec_dumpmbuf' was here
/usr/src/sys/netinet6/ipsec.h:372: warning: redundant redeclaration of
'ipsec_copypkt'
/usr/src/sys/netipsec/ipsec.h:409: warning: previous declaration of
'ipsec_copypkt' was here
In file included from /usr/src/sys/netinet/udp_usrreq.c:89:
/usr/src/sys/netinet6/esp.h:101: warning: redundant redeclaration of
'esp4_input'
/usr/src/sys/netipsec/ipsec.h:399: warning: previous declaration of
'esp4_input' was here
/usr/src/sys/netinet/udp_usrreq.c: In function `udp_append':
/usr/src/sys/netinet/udp_usrreq.c:492: warning: implicit declaration
of function `udp4_espinudp'
/usr/src/sys/netinet/udp_usrreq.c:492: warning: nested extern
declaration of `udp4_espinudp'
*** Error code 1

Stop in /usr/obj/usr/src/sys/pfSense.6.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
builder#

Scott

More information about the freebsd-net mailing list