netbsd-bugs: kern/8310: Kernel build with IPSEC

Subject: kern/8310: Kernel build with IPSEC_ESP fails
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dokas@cs.umn.edu>
List: netbsd-bugs
Date: 09/01/1999 19:07:42
>Number:         8310
>Category:       kern
>Synopsis:       Kernel build with IPSEC_ESP fails
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep  1 19:05:01 1999
>Last-Modified:
>Originator:     Paul Dokas
>Organization:
	University of Minnesota, Department of Computer Science
>Release:        NetBSD-current as of Sept 1, 1999
>Environment:
System: NetBSD caligula 1.4K NetBSD 1.4K (CTHULHU.v6) #0: Wed Sep 1 10:29:13 CDT 1999 root@caligula:/big/src/sys/arch/i386/compile/CTHULHU.v6 i386


>Description:

I've been copying GENERIC and GENERIC.v6, making appropriate changes
for my computer and tracking -current for quite some time now.  But
today, I realized that I was not building with IPSEC_ESP in GENERIC.v6,
so I uncommented it.  The kernel build fails with this:

.
.
.
sh ../../../../conf/newvers.sh
cc  -O2 -Werror -Wall -Wmissing-prototypes -Wstrict-prototypes  -Wpointer-arith -Wno-main -I. -I../../../../arch -I../../../.. -nostdinc -DLKM -DDIAGNOSTIC -DEXT2FS_SYSTEM_FLAGS -DMAXUSERS=32 -D_KERNEL -Di386  -c vers.c
rm -f netbsd
ld -Ttext F0100000 -e start -X -o netbsd ${SYSTEM_OBJ} vers.o
key.o: In function `key_setsaval':
key.o(.text+0x189f): undefined reference to `esp_algorithms'
key.o(.text+0x18a7): undefined reference to `esp_algorithms'
key.o: In function `key_mature':
key.o(.text+0x1c37): undefined reference to `esp_algorithms'
key.o(.text+0x1c41): undefined reference to `esp_algorithms'
key.o(.text+0x1c49): undefined reference to `esp_algorithms'
key.o(.text+0x1c62): more undefined references to `esp_algorithms' follow
in6_proto.o(.data+0x1e0): undefined reference to `esp6_input'
ipsec.o: In function `ipsec_hdrsiz':
ipsec.o(.text+0xf4e): undefined reference to `esp_hdrsiz'
ipsec.o: In function `ipsec4_output':
ipsec.o(.text+0x1cea): undefined reference to `esp4_output'
ipsec.o: In function `ipsec6_output_trans':
ipsec.o(.text+0x1ec1): undefined reference to `esp6_output'
ipsec.o: In function `ipsec6_output_tunnel':
ipsec.o(.text+0x22d4): undefined reference to `esp6_output'
in_proto.o(.data+0x144): undefined reference to `esp4_input'
*** Error code 1

Stop.


I have added:

  CRYPTOBASE= domestic

to /etc/mk.conf and even tried setting it to crypto-us and moving the
domestic directory to crypto-us.  It still doesn't work.

Also, I found this rather cryptic statement in options(4):


options IPSEC_ESP
     Includes support for IPsec ESP protocol.  See ipsec(4) for details.
     IPSEC_ESP will enable US-export controlled source code, so compiled bina-
     ry is subject to US-export restriction.  This option assumes IPSEC.  To
     use this option, you will need to combine cryptosrc/sys onto syssrc/sys
     tree somehow manually (symbolic link for example).


What the heck is this talking about?  I thought that bsd.crypto.mk made this
unnecessary?


Is anyone routinely building with IPSEC_ESP?  I'd really like to give it a
try.

>How-To-Repeat:

  Attempt to build a kernel with IPSEC_ESP

>Fix:

  Unknown
>Audit-Trail:
>Unformatted: