From owner-freebsd-net@FreeBSD.ORG Fri Jul 13 08:00:07 2007 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 453BA16A400 for ; Fri, 13 Jul 2007 08:00:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 00C6013C4A5 for ; Fri, 13 Jul 2007 08:00:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 898D441C5BC; Fri, 13 Jul 2007 10:00:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id mbMwyyBUve-u; Fri, 13 Jul 2007 10:00:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 2DC3641C5B0; Fri, 13 Jul 2007 10:00:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0A7E9444885; Fri, 13 Jul 2007 07:55:14 +0000 (UTC) Date: Fri, 13 Jul 2007 07:55:14 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: net@freebsd.org In-Reply-To: <20070713072657.GA13945@zen.inc> Message-ID: <20070713074530.A31116@maildrop.int.zabbadoz.net> References: <20070713053534.D31116@maildrop.int.zabbadoz.net> <20070713072657.GA13945@zen.inc> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: VANHULLEBUS Yvan Subject: Re: FAST_IPSEC is now IPSEC, please be advised... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 08:00:07 -0000 On Fri, 13 Jul 2007, VANHULLEBUS Yvan wrote: (taking the thread to net@ only as it does not affect current@ but is more a port@ thing) > On Fri, Jul 13, 2007 at 05:41:04AM +0000, Bjoern A. Zeeb wrote: >> On Thu, 12 Jul 2007, gnn@freebsd.org wrote: >>> At Wed, 11 Jul 2007 13:49:37 +0200, >>> Peter Blok wrote: > > Hi all. > > [KAME's IPSec removal and ipsec-tools] >> I have a preliminary hackish patch. The problem is that I have other >> patches in there as well. I'll have to disunite them. >> >> I was hoping that ipsec-tools would release earlier so that the gcc4 >> compile issues would have been solved already only leaving us with the >> directory changes for the #inlcude files... > > Ipsec-tools 0.7.0 Release (which includes gcc4 fixes) should have been > released this week. > We did NOT release it until now for various reasons, including the > fact that I hoped we could fix this include problem for 0.7.0 release. > > But if it is quite simple to fix for -HEAD, which now only have > netipsec/ipsec.h, it is harder to solve cleanly for older versions, > which have both netinet6/ipsec.h and netipsec/ipsec.h, and on which I > just don't know how to guess which one we should use. > > I think I'll commit today a patch to detect the case where we only > have netipsec/ipsec.h (so it will compile again on -HEAD), and we'll > keep the netinet6/ipsec.h Vs netipsec/ipsec.h problem as an open issue > until someone gives me a clean way to decide which one we should use > when we found both. Ahh... The best way to detect this would be along these lines... (if on FreeBSD, autoconf knows that already) echo -n "checking for cleaned up IPSEC on FreeBSD 7 and later.." #include #if defined(__FreeBSD_version) && (__FreeBSD_version<700049) #error "Old FreeBSD" #endif (or having main() and return 0 and 1). I would have done that for configure but the autotools framework on FreeBSD is not really happy atm. The other and maybe simpler version would be to conditionally include an extra patch for the FreeBSD port from the port's Makefile for this release (based on the same criteria). This might also be less intrusive for ispec-tools at that stage of release. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.