svn commit: r304572 - in head: sbin/ipfw sys/conf sys/netinet sys/netinet6

Slawa Olhovchenkov slw at zxy.spb.ru
Sun Aug 21 19:08:45 UTC 2016 

On Sun, Aug 21, 2016 at 06:55:30PM +0000, Bjoern A. Zeeb wrote:

> Author: bz
> Date: Sun Aug 21 18:55:30 2016
> New Revision: 304572
> URL: https://svnweb.freebsd.org/changeset/base/304572
> 
> Log:
>   Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated
>   more than 7 years ago in favour of a sysctl in r192648.

Need note to UPDAING.

> Modified:
>   head/sbin/ipfw/ipfw.8
>   head/sys/conf/NOTES
>   head/sys/conf/options
>   head/sys/netinet/ip_ipsec.c
>   head/sys/netinet6/ip6_ipsec.c
> 
> Modified: head/sbin/ipfw/ipfw.8
> ==============================================================================
> --- head/sbin/ipfw/ipfw.8	Sun Aug 21 18:37:21 2016	(r304571)
> +++ head/sbin/ipfw/ipfw.8	Sun Aug 21 18:55:30 2016	(r304572)
> @@ -1,7 +1,7 @@
>  .\"
>  .\" $FreeBSD$
>  .\"
> -.Dd August 13, 2016
> +.Dd August 21, 2016
>  .Dt IPFW 8
>  .Os
>  .Sh NAME
> @@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence fi
>  .It Cm ipsec
>  Matches packets that have IPSEC history associated with them
>  (i.e., the packet comes encapsulated in IPSEC, the kernel
> -has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly
> -decapsulate it).
> +has IPSEC support, and can correctly decapsulate it).
>  .Pp
>  Note that specifying
>  .Cm ipsec
> 
> Modified: head/sys/conf/NOTES
> ==============================================================================
> --- head/sys/conf/NOTES	Sun Aug 21 18:37:21 2016	(r304571)
> +++ head/sys/conf/NOTES	Sun Aug 21 18:55:30 2016	(r304572)
> @@ -626,17 +626,6 @@ options 	TCP_OFFLOAD		# TCP offload supp
>  options 	IPSEC			#IP security (requires device crypto)
>  #options 	IPSEC_DEBUG		#debug for IP security
>  #
> -# #DEPRECATED#
> -# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets
> -# coming through a tunnel to be processed by any configured packet filtering
> -# twice. The default is that packets coming out of a tunnel are _not_ processed;
> -# they are assumed trusted.
> -#
> -# IPSEC history is preserved for such packets, and can be filtered
> -# using ipfw(8)'s 'ipsec' keyword, when this option is enabled.
> -#
> -#options 	IPSEC_FILTERTUNNEL	#filter ipsec packets from a tunnel
> -#
>  # Set IPSEC_NAT_T to enable NAT-Traversal support.  This enables
>  # optional UDP encapsulation of ESP packets.
>  #
> 
> Modified: head/sys/conf/options
> ==============================================================================
> --- head/sys/conf/options	Sun Aug 21 18:37:21 2016	(r304571)
> +++ head/sys/conf/options	Sun Aug 21 18:55:30 2016	(r304572)
> @@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE	opt_ipfw.h
>  IPFIREWALL_VERBOSE_LIMIT	opt_ipfw.h
>  IPSEC			opt_ipsec.h
>  IPSEC_DEBUG		opt_ipsec.h
> -IPSEC_FILTERTUNNEL	opt_ipsec.h
>  IPSEC_NAT_T		opt_ipsec.h
>  IPSTEALTH
>  KRPC
> 
> Modified: head/sys/netinet/ip_ipsec.c
> ==============================================================================
> --- head/sys/netinet/ip_ipsec.c	Sun Aug 21 18:37:21 2016	(r304571)
> +++ head/sys/netinet/ip_ipsec.c	Sun Aug 21 18:55:30 2016	(r304572)
> @@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$");
>  
>  extern	struct protosw inetsw[];
>  
> -#ifdef IPSEC_FILTERTUNNEL
> -static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1;
> -#else
>  static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0;
> -#endif
>  #define	V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel)
>  
>  SYSCTL_DECL(_net_inet_ipsec);
> 
> Modified: head/sys/netinet6/ip6_ipsec.c
> ==============================================================================
> --- head/sys/netinet6/ip6_ipsec.c	Sun Aug 21 18:37:21 2016	(r304571)
> +++ head/sys/netinet6/ip6_ipsec.c	Sun Aug 21 18:55:30 2016	(r304572)
> @@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$");
>  
>  extern	struct protosw inet6sw[];
>  
> -#ifdef IPSEC_FILTERTUNNEL
> -static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1;
> -#else
>  static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0;
> -#endif
>  #define	V_ip6_ipsec6_filtertunnel	VNET(ip6_ipsec6_filtertunnel)
>  
>  SYSCTL_DECL(_net_inet6_ipsec6);
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"

More information about the svn-src-all mailing list