HEAD ip_fw2 ipsec b0rked
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Nov 6 13:47:57 PST 2003
Hi,
1) when someone fixes the
panic: ipsec_gethist: obsolete API
in netinet/ip_fw2.c
2) can you please also add the opt_ipsec.h from
http://www.freebsd.org/cgi/query-pr.cgi?pr=58899
resp. review this __untested__ patch:
--- compile-crisco-20031106-1650/sys/netinet/ip_fw2.c.orig Thu Nov 6 16:58:59 2003
+++ compile-crisco-20031106-1650/sys/netinet/ip_fw2.c Thu Nov 6 21:45:03 2003
@@ -37,6 +37,7 @@
#include "opt_ipdn.h"
#include "opt_ipdivert.h"
#include "opt_inet.h"
+#include "opt_ipsec.h"
#ifndef INET
#error IPFIREWALL requires INET.
#endif /* INET */
@@ -1938,7 +1939,7 @@
PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL);
#endif
#ifdef IPSEC
- match = (ipsec_gethist(m, NULL) != NULL);
+ match = (ipsec_getnhist(m) != NULL);
#endif
/* otherwise no match */
break;
@@ -2548,7 +2549,9 @@
case O_TCPOPTS:
case O_ESTAB:
case O_VERREVPATH:
+#if defined(IPSEC) || defined(FAST_IPSEC)
case O_IPSEC:
+#endif
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
break;
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
More information about the freebsd-ipfw
mailing list