Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 May 2019 09:37:12 -0400
From:      Andrew Gallatin <gallatin@cs.duke.edu>
To:        Kristof Provost <kp@FreeBSD.org>
Cc:        Slawa Olhovchenkov <slw@zxy.spb.ru>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r347410 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/i386/conf sys/powerpc/conf sys/riscv/conf sys/sparc64/conf
Message-ID:  <0c6911b6-6fa0-74cd-8999-c628bc3b2a9d@cs.duke.edu>
In-Reply-To: <3884905F-0593-496D-8BAD-67C468C92AF2@FreeBSD.org>
References:  <201905092238.x49McFCO015665@repo.freebsd.org> <20190510124458.GB65054@zxy.spb.ru> <0842eef5-5f1f-c25a-a470-a424c536f1ed@cs.duke.edu> <3884905F-0593-496D-8BAD-67C468C92AF2@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2019-05-10 11:50, Kristof Provost wrote:
> On 10 May 2019, at 8:31, Andrew Gallatin wrote:
> 
>     On 2019-05-10 08:44, Slawa Olhovchenkov wrote:
> 
>         pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT
>         (netpfil/pf/if_pfsync.c).
> 
>     Thanks for pointing this out. It seems like IPSEC_SUPPORT would work
>     for this. I've made a patch, and it compiles and the pf module loads.
>     However, I have no knowledge of how to test it. Is this something
>     that you use, and which you can test?
> 
> I suspect this code has not actually been enabled for a long time.
> gettdb() doesn’t actually appear to be defined anywhere, so I wouldn’t 
> expect it to ever compile.
> 
> gettdb() does exist in OpenBSD, so my current guess is that this is just 
> an import artefact, and we should |#ifdef OPENBSD| it or something, or 
> just remove it completely.
> 
> For completeness, and because I never shut up about this: to test pf 
> |kldload pfsync|, |cd /usr/tests/sys/netpfil/pf| and |sudo kyua test|
> 
> There’s more information in the current edition of the FreeBSD journal.
> 
> Regards,
> Kristof
> 

Thanks, you are correct.  Including options_ipsec.h reveals that the 
code does not even compile (cannot find gettdb(), which does not appear 
to be defined anywhere in our tree).

Given that it is dead code, I'd rather just not touch it.

Drew

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0c6911b6-6fa0-74cd-8999-c628bc3b2a9d>