Hi, if you build the kernel without IPSEC it will run into several compiler and linker errors. This diff add some missing #ifdefs to fix this.
ok? bye, jan Index: net/if_pfsync.c =================================================================== RCS file: /mount/openbsd/cvs/src/sys/net/if_pfsync.c,v retrieving revision 1.305 diff -u -p -r1.305 if_pfsync.c --- net/if_pfsync.c 21 Apr 2022 15:22:49 -0000 1.305 +++ net/if_pfsync.c 2 Nov 2022 10:20:38 -0000 @@ -1576,7 +1576,9 @@ pfsync_grab_snapshot(struct pfsync_snaps int q; struct pf_state *st; struct pfsync_upd_req_item *ur; +#if defined(IPSEC) struct tdb *tdb; +#endif sn->sn_sc = sc; @@ -1602,6 +1604,7 @@ pfsync_grab_snapshot(struct pfsync_snaps } TAILQ_INIT(&sn->sn_tdb_q); +#if defined(IPSEC) while ((tdb = TAILQ_FIRST(&sc->sc_tdb_q)) != NULL) { TAILQ_REMOVE(&sc->sc_tdb_q, tdb, tdb_sync_entry); TAILQ_INSERT_TAIL(&sn->sn_tdb_q, tdb, tdb_sync_snap); @@ -1611,6 +1614,7 @@ pfsync_grab_snapshot(struct pfsync_snaps SET(tdb->tdb_flags, TDBF_PFSYNC_SNAPPED); mtx_leave(&tdb->tdb_mtx); } +#endif sn->sn_len = sc->sc_len; sc->sc_len = PFSYNC_MINPKT; @@ -1630,7 +1634,9 @@ pfsync_drop_snapshot(struct pfsync_snaps { struct pf_state *st; struct pfsync_upd_req_item *ur; +#if defined(IPSEC) struct tdb *t; +#endif int q; for (q = 0; q < PFSYNC_S_COUNT; q++) { @@ -1652,6 +1658,7 @@ pfsync_drop_snapshot(struct pfsync_snaps pool_put(&sn->sn_sc->sc_pool, ur); } +#if defined(IPSEC) while ((t = TAILQ_FIRST(&sn->sn_tdb_q)) != NULL) { TAILQ_REMOVE(&sn->sn_tdb_q, t, tdb_sync_snap); mtx_enter(&t->tdb_mtx); @@ -1660,6 +1667,7 @@ pfsync_drop_snapshot(struct pfsync_snaps CLR(t->tdb_flags, TDBF_PFSYNC); mtx_leave(&t->tdb_mtx); } +#endif } int @@ -1748,7 +1756,6 @@ pfsync_sendout(void) struct pfsync_subheader *subh; struct pf_state *st; struct pfsync_upd_req_item *ur; - struct tdb *t; int offset; int q, count = 0; @@ -1842,7 +1849,10 @@ pfsync_sendout(void) sn.sn_plus = NULL; /* XXX memory leak ? */ } +#if defined(IPSEC) if (!TAILQ_EMPTY(&sn.sn_tdb_q)) { + struct tdb *t; + subh = (struct pfsync_subheader *)(m->m_data + offset); offset += sizeof(*subh); @@ -1865,6 +1875,7 @@ pfsync_sendout(void) subh->len = sizeof(struct pfsync_tdb) >> 2; subh->count = htons(count); } +#endif /* walk the queues */ for (q = 0; q < PFSYNC_S_COUNT; q++) { @@ -2486,6 +2497,7 @@ pfsync_q_del(struct pf_state *st) pf_state_unref(st); } +#if defined(IPSEC) void pfsync_update_tdb(struct tdb *t, int output) { @@ -2540,7 +2552,9 @@ pfsync_update_tdb(struct tdb *t, int out CLR(t->tdb_flags, TDBF_PFSYNC_RPL); mtx_leave(&t->tdb_mtx); } +#endif +#if defined(IPSEC) void pfsync_delete_tdb(struct tdb *t) { @@ -2576,6 +2590,7 @@ pfsync_delete_tdb(struct tdb *t) tdb_unref(t); } +#endif void pfsync_out_tdb(struct tdb *t, void *buf) Index: netinet/ip_ipsp.c =================================================================== RCS file: /mount/openbsd/cvs/src/sys/netinet/ip_ipsp.c,v retrieving revision 1.273 diff -u -p -r1.273 ip_ipsp.c --- netinet/ip_ipsp.c 6 Aug 2022 15:57:59 -0000 1.273 +++ netinet/ip_ipsp.c 2 Nov 2022 12:09:22 -0000 @@ -1081,7 +1081,7 @@ tdb_free(struct tdb *tdbp) tdbp->tdb_xform = NULL; } -#if NPFSYNC > 0 +#if NPFSYNC > 0 && defined(IPSEC) /* Cleanup pfsync references */ pfsync_delete_tdb(tdbp); #endif