From owner-freebsd-net@FreeBSD.ORG Fri Jul 18 14:08:29 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A77B6106564A for ; Fri, 18 Jul 2008 14:08:29 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from shrew.net (shrew.net [206.223.169.85]) by mx1.freebsd.org (Postfix) with ESMTP id 68F2B8FC1C for ; Fri, 18 Jul 2008 14:08:29 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from localhost (wm-ca.hub.org [206.223.169.82]) by shrew.net (Postfix) with ESMTP id 7941D79E30A for ; Fri, 18 Jul 2008 09:08:29 -0500 (CDT) Received: from shrew.net ([206.223.169.85]) by localhost (mx1.hub.org [206.223.169.82]) (amavisd-new, port 10024) with ESMTP id 43529-06 for ; Fri, 18 Jul 2008 14:08:29 +0000 (UTC) Received: from hole.shrew.net (cpe-70-113-206-103.austin.res.rr.com [70.113.206.103]) by shrew.net (Postfix) with ESMTP id BCF4A79E26A for ; Fri, 18 Jul 2008 09:08:28 -0500 (CDT) Received: from [10.22.200.30] ([10.22.200.30]) by hole.shrew.net (8.14.2/8.14.2) with ESMTP id m6IE8QIl044015 for ; Fri, 18 Jul 2008 09:08:26 -0500 (CDT) (envelope-from mgrooms@shrew.net) Message-ID: <4880A3D7.5020300@shrew.net> Date: Fri, 18 Jul 2008 09:08:23 -0500 From: Matthew Grooms User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4880973B.2010200@shrew.net> In-Reply-To: <4880973B.2010200@shrew.net> Content-Type: multipart/mixed; boundary="------------020802050609030006070708" Subject: Re: FreeBSD NAT-T patch integration [CFR/CFT] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 14:08:29 -0000 This is a multi-part message in MIME format. --------------020802050609030006070708 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit > On Wed, Jul 16, 2008 at 09:10:18PM -0700, Sam Leffler wrote: > > > This adds only the kernel portion of the NAT-T support; you must provide > > the user-level code from another place. > > Note for people who are interested: > user-level code comes from ipsec-tools, as for previous versions of > the NAT-T patch. > > Sam's changes have only impacts on the kernel itself, so if you are > already running a FreeBSD kernel+userland with NAT-T patchset, you'll > only need to repatch/rebuild your kernel, rebuilding world (at least > includes) and ipsec-tools is NOT needed. > > Of course, if you're running a FreeBSD host which actually does know > NOTHING about NAT-T, you'll need to apply the patch, rebuild your > kernel, at least rebuild includes (or ipsec-tools won't detect NAT-T > support), then rebuild ipsec-tools. > For anyone trying to install ipsec-tools to test this patch, its worth mentioning that the port has a build issues on CURRENT. This has been corrected in cvs and the 7-branch of ipsec-tools. As a quick remedy, a patch is attached that can be applied to the port work sources. -Matthew --------------020802050609030006070708 Content-Type: text/plain; name="ipsec-tools-fbsd8.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipsec-tools-fbsd8.diff" Index: src/racoon/crypto_openssl.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v retrieving revision 1.11.6.1 diff -u -r1.11.6.1 crypto_openssl.c --- src/racoon/crypto_openssl.c 18 Dec 2006 10:18:10 -0000 1.11.6.1 +++ src/racoon/crypto_openssl.c 18 Jul 2008 13:45:05 -0000 @@ -675,7 +675,7 @@ { plog(LLV_ERROR, LOCATION, NULL, "data is not terminated by NUL."); - hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); + racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); goto end; } Index: src/racoon/eaytest.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/eaytest.c,v retrieving revision 1.7.6.1 diff -u -r1.7.6.1 eaytest.c --- src/racoon/eaytest.c 6 Jun 2007 15:36:38 -0000 1.7.6.1 +++ src/racoon/eaytest.c 18 Jul 2008 13:45:05 -0000 @@ -65,7 +65,7 @@ #include "package_version.h" -#define PVDUMP(var) hexdump((var)->v, (var)->l) +#define PVDUMP(var) racoon_hexdump((var)->v, (var)->l) /*#define CERTTEST_BROKEN */ Index: src/racoon/misc.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.c,v retrieving revision 1.4 diff -u -r1.4 misc.c --- src/racoon/misc.c 9 Sep 2006 16:22:09 -0000 1.4 +++ src/racoon/misc.c 18 Jul 2008 13:45:05 -0000 @@ -73,7 +73,7 @@ #endif int -hexdump(buf0, len) +racoon_hexdump(buf0, len) void *buf0; size_t len; { Index: src/racoon/misc.h =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/misc.h,v retrieving revision 1.4 diff -u -r1.4 misc.h --- src/racoon/misc.h 9 Sep 2006 16:22:09 -0000 1.4 +++ src/racoon/misc.h 18 Jul 2008 13:45:05 -0000 @@ -42,7 +42,7 @@ #define LOCATION debug_location(__FILE__, __LINE__, NULL) #endif -extern int hexdump __P((void *, size_t)); +extern int racoon_hexdump __P((void *, size_t)); extern char *bit2str __P((int, int)); extern void *get_newbuf __P((void *, size_t)); extern const char *debug_location __P((const char *, int, const char *)); Index: src/racoon/racoonctl.c =================================================================== RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v retrieving revision 1.7 diff -u -r1.7 racoonctl.c --- src/racoon/racoonctl.c 2 Oct 2006 07:12:26 -0000 1.7 +++ src/racoon/racoonctl.c 18 Jul 2008 13:45:06 -0000 @@ -303,7 +303,7 @@ err(1, "kmpstat"); if (loglevel) - hexdump(combuf, ((struct admin_com *)combuf)->ac_len); + racoon_hexdump(combuf, ((struct admin_com *)combuf)->ac_len); com_init(); --------------020802050609030006070708--