diff options
author | suz <suz@FreeBSD.org> | 2005-01-11 04:24:17 +0000 |
---|---|---|
committer | suz <suz@FreeBSD.org> | 2005-01-11 04:24:17 +0000 |
commit | 936b40e834a76420e1cdf1fb5883932ff7ee0ba2 (patch) | |
tree | 08e288e36625290ab9d2bc7a81a629684b88e448 | |
parent | 9afac30e3786f2cea88ab48a36e2e61947be728f (diff) | |
download | FreeBSD-src-936b40e834a76420e1cdf1fb5883932ff7ee0ba2.zip FreeBSD-src-936b40e834a76420e1cdf1fb5883932ff7ee0ba2.tar.gz |
KAME-IPSEC has already supports TCP_SIGNATURE(IPv4)
-rw-r--r-- | sys/conf/NOTES | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index f143273..ca91c22 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -696,8 +696,8 @@ options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. # This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -# This requires the use of 'device crypto', 'options FAST_IPSEC', and -# 'device cryptodev' as it depends on the non-KAME IPSEC SADB code. +# This requires the use of 'device crypto', 'options FAST_IPSEC' or 'options +# IPSEC', and 'device cryptodev'. #options TCP_SIGNATURE #include support for RFC 2385 # DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL |