cvs commit: src/share/man/man4 enc.4 src/sys/net if_enc.c src/sys/netipsec ipsec.h ipsec_input.c ipsec_output.c xform.h xform_ipip.c

Bjoern A. Zeeb bz at FreeBSD.org
Sun Oct 5 17:44:31 UTC 2008


bz          2008-10-05 17:41:46 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    share/man/man4       enc.4 
    sys/net              if_enc.c 
    sys/netipsec         ipsec.h ipsec_input.c ipsec_output.c 
                         xform.h xform_ipip.c 
  Log:
  SVN rev 183630 on 2008-10-05 17:41:46Z by bz
  
  MFC:
     rev. 1.7 net/if_enc.c
     rev. 1.14 netipsec/ipsec.h, 1.20 netipsec/ipsec_input.c
     rev. 1.17 netipsec/ipsec_output.c
     rev. 1.4 netipsec/xform.h, 1.16 netipsec/xform_ipip.c
     SVN r174054, 174055
  
    Add sysctls to if_enc(4) to control whether the firewalls or
    bpf will see inner and outer headers or just inner or outer
    headers for incoming and outgoing IPsec packets.
  
    This is useful in bpf to not have over long lines for debugging
    or selcting packets based on the inner headers.
    It also properly defines the behavior of what the firewalls see.
  
    Last but not least it gives you if_enc(4) for IPv6 as well.
  
    [ As some auxiliary state was not available in the later
      input path we save it in the tdbi. That way tcpdump can give a
      consistent view of either of (authentic,confidential) for both
      before and after states. ]
  
    Note: The defaults were not changed but you may want to do that.
          See the the man page for more details.
  
  PR:             kern/127785
  Approved by:    re (gnn)
  
  Revision  Changes    Path
  1.5.2.1   +52 -7     src/share/man/man4/enc.4
  1.6.2.3   +74 -11    src/sys/net/if_enc.c
  1.13.2.2  +9 -2      src/sys/netipsec/ipsec.h
  1.19.2.2  +21 -2     src/sys/netipsec/ipsec_input.c
  1.16.2.3  +24 -2     src/sys/netipsec/ipsec_output.c
  1.3.2.1   +3 -0      src/sys/netipsec/xform.h
  1.15.2.1  +15 -1     src/sys/netipsec/xform_ipip.c


More information about the cvs-all mailing list