On 10 May 2019, at 8:31, Andrew Gallatin wrote:
On 2019-05-10 08:44, Slawa Olhovchenkov wrote:
pf have ifdef for IPSEC, but don't have support IPSEC_SUPPORT
(netpfil/pf/if_pfsync.c).
Thanks for pointing this out. It seems like IPSEC_SUPPORT would work
for this. I've made a patch, and it compiles and the pf module loads.
However, I have no knowledge of how to test it. Is this something
that you use, and which you can test?
I suspect this code has not actually been enabled for a long time.
gettdb() doesn’t actually appear to be defined anywhere, so I
wouldn’t expect it to ever compile.
gettdb() does exist in OpenBSD, so my current guess is that this is just
an import artefact, and we should `#ifdef OPENBSD` it or something, or
just remove it completely.
For completeness, and because I never shut up about this: to test pf
`kldload pfsync`, `cd /usr/tests/sys/netpfil/pf` and `sudo kyua test`
There’s more information in the current edition of the FreeBSD
journal.
Regards,
Kristof
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"