FreeBSD NAT-T patch integration [CFR/CFT]

Fri Jul 18 14:08:29 UTC 2008

> On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote:
> 
>  > This adds only the kernel portion of the NAT-T support; you must provide
>  > the user-level code from another place.
> 
> Note for people who are interested:
> user-level code comes from ipsec-tools, as for previous versions of
> the NAT-T patch.
> 
> Sam's changes have only impacts on the kernel itself, so if you are
> already running a FreeBSD kernel+userland with NAT-T patchset, you'll
> only need to repatch/rebuild your kernel, rebuilding world (at least
> includes) and ipsec-tools is NOT needed.
> 
> Of course, if you're running a FreeBSD host which actually does know
> NOTHING about NAT-T, you'll need to apply the patch, rebuild your
> kernel, at least rebuild includes (or ipsec-tools won't detect NAT-T
> support), then rebuild ipsec-tools.
> 

For anyone trying to install ipsec-tools to test this patch, its worth 
mentioning that the port has a build issues on CURRENT. This has been 
corrected in cvs and the 7-branch of ipsec-tools. As a quick remedy, a 
patch is attached that can be applied to the port work sources.

-Matthew
-------------- next part --------------
Index: src/racoon/crypto_openssl.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
retrieving revision 1.11.6.1
diff -u -r1.11.6.1 crypto_openssl.c

--- src/racoon/crypto_openssl.c	18 Dec 2006 10:18:10 -0000	1.11.6.1
+++ src/racoon/crypto_openssl.c	18 Jul 2008 13:45:05 -0000
@@ -675,7 +675,7 @@
 		{
 			plog(LLV_ERROR, LOCATION, NULL,
 				 "data is not terminated by NUL.");
-			hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
+			racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
 			goto end;
 		}
 		
Index: src/racoon/eaytest.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/eaytest.c,v
retrieving revision 1.7.6.1
diff -u -r1.7.6.1 eaytest.c
--- src/racoon/eaytest.c	6 Jun 2007 15:36:38 -0000	1.7.6.1
+++ src/racoon/eaytest.c	18 Jul 2008 13:45:05 -0000
@@ -65,7 +65,7 @@
 
 #include "package_version.h"
 
-#define PVDUMP(var) hexdump((var)->v, (var)->l)
+#define PVDUMP(var) racoon_hexdump((var)->v, (var)->l)
 
 /*#define CERTTEST_BROKEN */
 
Index: src/racoon/misc.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.c,v
retrieving revision 1.4
diff -u -r1.4 misc.c
--- src/racoon/misc.c	9 Sep 2006 16:22:09 -0000	1.4
+++ src/racoon/misc.c	18 Jul 2008 13:45:05 -0000
@@ -73,7 +73,7 @@
 #endif
 
 int
-hexdump(buf0, len)
+racoon_hexdump(buf0, len)
 	void *buf0;
 	size_t len;
 {
Index: src/racoon/misc.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.h,v
retrieving revision 1.4
diff -u -r1.4 misc.h
--- src/racoon/misc.h	9 Sep 2006 16:22:09 -0000	1.4
+++ src/racoon/misc.h	18 Jul 2008 13:45:05 -0000
@@ -42,7 +42,7 @@
 #define LOCATION        debug_location(__FILE__, __LINE__, NULL)
 #endif
 
-extern int hexdump __P((void *, size_t));
+extern int racoon_hexdump __P((void *, size_t));
 extern char *bit2str __P((int, int));
 extern void *get_newbuf __P((void *, size_t));
 extern const char *debug_location __P((const char *, int, const char *));
Index: src/racoon/racoonctl.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v
retrieving revision 1.7
diff -u -r1.7 racoonctl.c
--- src/racoon/racoonctl.c	2 Oct 2006 07:12:26 -0000	1.7
+++ src/racoon/racoonctl.c	18 Jul 2008 13:45:06 -0000
@@ -303,7 +303,7 @@
 		err(1, "kmpstat");
 
 	if (loglevel)
-		hexdump(combuf, ((struct admin_com *)combuf)->ac_len);
+		racoon_hexdump(combuf, ((struct admin_com *)combuf)->ac_len);
 
 	com_init();
 
