FAST_IPSEC NAT-T support

Scott Ullrich sullrich at gmail.com
Thu Sep 14 18:43:47 PDT 2006


On 9/14/06, Larry Baird <lab at gta.com> wrote:
> Please find attached two patches for adding FAST_IPSEC NAT-T support to
> FreeBSD 6.x.  The patch "freebsd6-fastipsec-natt.diff" is dependent
> upon Yvan's IPSEC NAT-T patch "freebsd6-natt.diff" which can be found at
> http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/.  The second
> patch "freebsd6-ipsec-fastipsec-natt.diff" is a cumulative patch
> combining both patches together.

This is great!   It compiles on FreeBSD 6.1 when you include options
      IPSEC_NAT_T but when you fail to include this item "options
IPSEC_NAT_T" in addition to including "options FAST_IPSEC" you end up
with:

cc -c -O -pipe  -Wall -Wredundant-decls -Wnested-externs
-Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith -Winline
-Wcast-qual  -fformat-extensions -std=c99 -g -nostdinc -I-  -I.
-I/usr/src/sys -I/usr/src/sys/contrib/altq
-I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf
-I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd
-I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -D_KERNEL
-DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common
-finline-limit=8000 --param inline-unit-growth=100 --param
large-function-growth=1000  -mno-align-long-strings
-mpreferred-stack-boundary=2  -mno-mmx -mno-3dnow -mno-sse -mno-sse2
-ffreestanding -Werror  /usr/src/sys/netipsec/key.c
/usr/src/sys/netipsec/key.c: In function `key_spdadd':
/usr/src/sys/netipsec/key.c:1867: error: `isr' undeclared (first use
in this function)
/usr/src/sys/netipsec/key.c:1867: error: (Each undeclared identifier
is reported only once
/usr/src/sys/netipsec/key.c:1867: error: for each function it appears in.)
*** Error code 1

Stop in /usr/obj/usr/src/sys/pfSense.6.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.

Meanwhile I have a new version of pfSense out asking for testing.   We
seem to have a large base of users requesting this option so hopefully
I can get some meaningful testing information for you soon.

Thanks again!

Scott


More information about the freebsd-net mailing list