On 2019-05-10 08:44, Slawa Olhovchenkov wrote:
pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT
(netpfil/pf/if_pfsync.c).
Thanks for pointing this out. It seems like IPSEC_SUPPORT would work
for this. I've made a patch, and it compiles and the pf module loads.
However, I have no knowledge of how to test it. Is this something
that you use, and which you can test?
Thanks,
Drew
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 45b1e090f95c..cc06637b862e 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -308,7 +308,7 @@ static void pfsync_bulk_update(void *);
static void pfsync_bulk_fail(void *);
static void pfsync_detach_ifnet(struct ifnet *);
-#ifdef IPSEC
+#ifdef IPSEC_SUPPORT
static void pfsync_update_net_tdb(struct pfsync_tdb *);
#endif
static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *,
@@ -1228,7 +1228,7 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
int len = count * sizeof(struct pfsync_tdb);
-#if defined(IPSEC)
+#if defined(IPSEC_SUPPORT)
struct pfsync_tdb *tp;
struct mbuf *mp;
int offp;
@@ -1249,7 +1249,7 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
return (len);
}
-#if defined(IPSEC)
+#if defined(IPSEC_SUPPORT)
/* Update an in-kernel tdb. Silently fail if no tdb is found. */
static void
pfsync_update_net_tdb(struct pfsync_tdb *pt)
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
