From owner-svn-src-head@freebsd.org Sat May 11 13:37:15 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E9FF159D1B1; Sat, 11 May 2019 13:37:15 +0000 (UTC) (envelope-from gallatin@cs.duke.edu) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 14EBC89548; Sat, 11 May 2019 13:37:15 +0000 (UTC) (envelope-from gallatin@cs.duke.edu) Received: from [192.168.200.4] (c-71-56-186-158.hsd1.va.comcast.net [71.56.186.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: gallatin) by duke.cs.duke.edu (Postfix) with ESMTPSA id E99FF270011C; Sat, 11 May 2019 09:37:12 -0400 (EDT) DMARC-Filter: OpenDMARC Filter v1.3.1 duke.cs.duke.edu E99FF270011C DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cs.duke.edu; s=mail0816; t=1557581833; bh=XYUbn0nOP44CforZOd+hXJQz8deMnG506SxVvDM9++8=; h=Subject:To:From:Date:From; b=j+am2b8ovUmEfRHiqbEM6FVg6DWA+ZW6FQiLUNBX9g2bu54p+rp1vy6Rj5uy0bmrI q9enkRcxVc/aqFlE5bSaabKF+uQydcomyuwXbzz/3DL4/JPxrpUPM4CnnR7YQ/CVF4 6cN0IUXHf9/cUe/fnOHJztriTQoJLQGlt0WNoVuVTQgmPUdF4WP7Y0jdDWqGnlQZJo ROo0ekWIVzgOO3z+F0k7Bp2eueS+pgDUvN88FHvcKVW1+P2PLEBI2Gi3BGMNY7GN40 QPNnS1fpva5zd0q9BaDqJrQ5QshQ+IL2hr+ewaCaI2rNacMer4q5HC8XO/woOEvBnK GRPslhlby6wgQ== Subject: Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf To: Kristof Provost Cc: Slawa Olhovchenkov , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201905092238.x49McFCO015665@repo.freebsd.org> <20190510124458.GB65054@zxy.spb.ru> <0842eef5-5f1f-c25a-a470-a424c536f1ed@cs.duke.edu> <3884905F-0593-496D-8BAD-67C468C92AF2@FreeBSD.org> From: Andrew Gallatin Message-ID: <0c6911b6-6fa0-74cd-8999-c628bc3b2a9d@cs.duke.edu> Date: Sat, 11 May 2019 09:37:12 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <3884905F-0593-496D-8BAD-67C468C92AF2@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 14EBC89548 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.82 / 15.00]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.82)[-0.821,0]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 May 2019 13:37:15 -0000 On 2019-05-10 11:50, Kristof Provost wrote: > On 10 May 2019, at 8:31, Andrew Gallatin wrote: > > On 2019-05-10 08:44, Slawa Olhovchenkov wrote: > > pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT > (netpfil/pf/if_pfsync.c). > > Thanks for pointing this out. It seems like IPSEC_SUPPORT would work > for this. I've made a patch, and it compiles and the pf module loads. > However, I have no knowledge of how to test it. Is this something > that you use, and which you can test? > > I suspect this code has not actually been enabled for a long time. > gettdb() doesn’t actually appear to be defined anywhere, so I wouldn’t > expect it to ever compile. > > gettdb() does exist in OpenBSD, so my current guess is that this is just > an import artefact, and we should |#ifdef OPENBSD| it or something, or > just remove it completely. > > For completeness, and because I never shut up about this: to test pf > |kldload pfsync|, |cd /usr/tests/sys/netpfil/pf| and |sudo kyua test| > > There’s more information in the current edition of the FreeBSD journal. > > Regards, > Kristof > Thanks, you are correct. Including options_ipsec.h reveals that the code does not even compile (cannot find gettdb(), which does not appear to be defined anywhere in our tree). Given that it is dead code, I'd rather just not touch it. Drew