git: 0896bbff7ff3 - stable/13 - ip(4): Mention IP_IPSEC_POLICY ip-level socket option

[Konstantin Belousov]

The branch stable/13 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=0896bbff7ff3799688574a0393791277d770cc6c

commit 0896bbff7ff3799688574a0393791277d770cc6c
Author:     Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-08-09 11:07:18 +0000
Commit:     Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-08-13 09:34:42 +0000

    ip(4): Mention IP_IPSEC_POLICY ip-level socket option
    
    (cherry picked from commit 4a5a67fe679d6b29957bf87dbf2e7c08ff97bb30)
---
 share/man/man4/ip.4 | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index c53cd3d5aeda..24b06846e66f 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/ip.4
@@ -28,7 +28,7 @@
 .\"     @(#)ip.4	8.2 (Berkeley) 11/30/93
 .\" $FreeBSD$
 .\"
-.Dd May 24, 2020
+.Dd August 9, 2021
 .Dt IP 4
 .Os
 .Sh NAME
@@ -109,6 +109,15 @@ int ttl = 60;                   /* max = 255 */
 setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
 .Ed
 .Pp
+.Dv IP_IPSEC_POLICY
+controls IPSec policy for sockets.
+For example,
+.Bd -literal
+const char *policy = "in ipsec ah/transport//require";
+char *buf = ipsec_set_policy(policy, strlen(policy));
+setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf));
+.Ed
+.Pp
 .Dv IP_MINTTL
 may be used to set the minimum acceptable TTL a packet must have when
 received on a socket.