Subject: Re: [HEADS-UP] IPsec NAT Traversal fixes
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Peter Eisch <peter@boku.net>
List: current-users
Date: 04/25/2005 22:44:57
Since this change, I can't compile a kernel with TCP_SIGNATURE enabled:
...
depending the kern library objects
depending the compat library objects
--- tcp_input.o ---
/builds/current/src/sys/netinet/tcp_input.c: In function
`tcp_signature_getsav':
/builds/current/src/sys/netinet/tcp_input.c:2711: error: too few arguments
to function `key_allocsa'
/builds/current/src/sys/netinet/tcp_input.c:2715: error: too few arguments
to function `key_allocsa'
*** [tcp_input.o] Error code 1
1 error
Do I need to use some other option flag or other IPSEC options? My config
is basically:
include "arch/i386/conf/GENERIC.MP"
options IPSEC # IP security
options IPSEC_ESP # IP security (encryption part; define
w/IPSEC)
options IPSEC_DEBUG # debug for IP security
options TCP_SIGNATURE # TCP MD5 Signatures, for BGP routing
sessions
options GATEWAY
no pseudo-device ppp
#no pseudo-device sl
no pseudo-device gre
no pseudo-device gif
pseudo-device ppp 12 # Point-to-Point Protocol
#pseudo-device sl 0 # Serial Line IP
#pseudo-device gre 0 # generic L3 over IP tunnel
pseudo-device gif 12 # IPv[46] over IPv[46] tunnel
(RFC1933)
options ALTQ # Manipulate network interfaces' output
queues
options ALTQ_BLUE # Stochastic Fair Blue
options ALTQ_CBQ # Class-Based Queueing
options ALTQ_CDNR # Diffserv Traffic Conditioner
options ALTQ_FIFOQ # First-In First-Out Queue
options ALTQ_FLOWVALVE # RED/flow-valve (red-penalty-box)
options ALTQ_HFSC # Hierarchical Fair Service Curve
options ALTQ_LOCALQ # Local queueing discipline
options ALTQ_PRIQ # Priority Queueing
options ALTQ_RED # Random Early Detection
options ALTQ_RIO # RED with IN/OUT
options ALTQ_WFQ # Weighted Fair Queueing
options SHMMAXPGS=8192
options MSGMNB=16384
options MSGSSZ=64
options MSGTQL=512
Thanks,
Peter