From owner-freebsd-current Sun Jun 18 17:34: 6 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id EF79237B6A2; Sun, 18 Jun 2000 17:34:02 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id RAA89457; Sun, 18 Jun 2000 17:34:02 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 18 Jun 2000 17:34:02 -0700 (PDT) From: Kris Kennaway To: current@freebsd.org Cc: snap-users@kame.net Subject: Latest KAME integrated with 5.0-CURRENT Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've updated the KAME code in FreeBSD 5.0-CURRENT to sync it with the latest from the KAME repository. The diffs are rather large (1.5MB) but some of the code in FreeBSD was quite old, and this also now includes everything that's in KAME (for better or for worse - it was far too difficult for me to try and separate changes in different areas). As a nice bonus, that also includes ALTQ for IPv4 and IPv6. Itojun suggests that there are a couple of things which shouldn't go into FreeBSD yet, such as the RFC2292bis code which is still pre-RFC - after Usenix I'll take a look at removing this stuff from my patched code. So far the merged kernel is working nicely and interoperates with the current FreeBSD KAME code - I've been running it since yesterday and so far the only problem I've seen is a hung NFS mount when I was running NFS over IPSec (hung in state nfsrcvlk) - I haven't replicated this yet or determined whether it happens with regular NFS mounts also. Other remaining issues: * ALTQ has not been tested beyond checking that LINT compiles with it in * the ipfw module doesn't compile (missing opt_foo.h headers - should be easy to fix) * I didn't resolve one patch to the tx driver yet, so it doesn't work * For some reason the stf.h header isn't being generated by config(8) when you include "device stf", so you have to put "#define NSTF 1" or "... 0" in stf.h in your kernel build dir by hand * There's a lot of whitespace diffs and twisty little ifdef mazes which would need to be cleaned up before an eventual FreeBSD import The userland from the latest KAME snapshot works fine: racoon also compiles, but I haven't tested it yet (I need to update my other machine to an official freebsd4 KAME snap) I'll be away at Usenix most of this week (from Tuesday), but when I return I'll keep working on this to get it commit-ready. I'd like to hear any problems people have with the patches: you can find them at http://www.freebsd.org/~kris/kame.diff.gz Kris P.S. Note that the patches are based on the latest -current, which means you have to jump through the config(8) hoops as described on freebsd-current. -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message