On 2019-05-10 08:44, Slawa Olhovchenkov wrote:
pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT (netpfil/pf/if_pfsync.c).
Thanks for pointing this out. It seems like IPSEC_SUPPORT would work for this. I've made a patch, and it compiles and the pf module loads.
However, I have no knowledge of how to test it. Is this something that you use, and which you can test? Thanks, Drew
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 45b1e090f95c..cc06637b862e 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -308,7 +308,7 @@ static void pfsync_bulk_update(void *); static void pfsync_bulk_fail(void *); static void pfsync_detach_ifnet(struct ifnet *); -#ifdef IPSEC +#ifdef IPSEC_SUPPORT static void pfsync_update_net_tdb(struct pfsync_tdb *); #endif static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *, @@ -1228,7 +1228,7 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { int len = count * sizeof(struct pfsync_tdb); -#if defined(IPSEC) +#if defined(IPSEC_SUPPORT) struct pfsync_tdb *tp; struct mbuf *mp; int offp; @@ -1249,7 +1249,7 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) return (len); } -#if defined(IPSEC) +#if defined(IPSEC_SUPPORT) /* Update an in-kernel tdb. Silently fail if no tdb is found. */ static void pfsync_update_net_tdb(struct pfsync_tdb *pt)
_______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"