diff options
author | trhodes <trhodes@FreeBSD.org> | 2008-07-20 17:51:58 +0000 |
---|---|---|
committer | trhodes <trhodes@FreeBSD.org> | 2008-07-20 17:51:58 +0000 |
commit | b3b4a4830825f4530464460e6f3d8283b39ef889 (patch) | |
tree | 1a1177eac1acff20a9f06fa0ed84a3d32ecb0739 | |
parent | 00653a63b3d7b26afb7e99a88041d111fba5048f (diff) | |
download | FreeBSD-src-b3b4a4830825f4530464460e6f3d8283b39ef889.zip FreeBSD-src-b3b4a4830825f4530464460e6f3d8283b39ef889.tar.gz |
Document a few sysctls. While here, remove dead code
related to ip4_esp_randpad.
Reviewed by: gnn, bz (older version)
Approved by: gnn
Tested with: make universe
-rw-r--r-- | sys/netipsec/ipsec.c | 50 | ||||
-rw-r--r-- | sys/netipsec/ipsec6.h | 1 |
2 files changed, 24 insertions, 27 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 869fcc5..b3cc76a 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -126,31 +126,31 @@ SYSCTL_DECL(_net_inet_ipsec); /* net.inet.ipsec */ SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, ""); + def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "IPsec default policy."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip4_esp_trans_deflev, 0, ""); + CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "Default ESP transport mode level"); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip4_esp_net_deflev, 0, ""); + CTLFLAG_RW, &ip4_esp_net_deflev, 0, "Default ESP tunnel mode level."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip4_ah_trans_deflev, 0, ""); + CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "AH transfer mode default level."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip4_ah_net_deflev, 0, ""); + CTLFLAG_RW, &ip4_ah_net_deflev, 0, "AH tunnel mode default level."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS, - ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, ""); + ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, + "If set clear type-of-service field when doing AH computation."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, - ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, ""); + ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, + "If not set clear offset field mask when doing AH computation."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT, - dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, ""); + dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "Do not fragment bit on encap."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, ""); + ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, "Explicit Congestion Notification handling."); SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, ""); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ESP_RANDPAD, - esp_randpad, CTLFLAG_RW, &ip4_esp_randpad, 0, ""); + debug, CTLFLAG_RW, &ipsec_debug, 0, "Enable IPsec debugging output when set."); SYSCTL_INT(_net_inet_ipsec, OID_AUTO, - crypto_support, CTLFLAG_RW, &crypto_support,0, ""); + crypto_support, CTLFLAG_RW, &crypto_support,0, "Crypto driver selection."); SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, - ipsecstats, CTLFLAG_RD, &ipsec4stat, ipsecstat, ""); + ipsecstats, CTLFLAG_RD, &ipsec4stat, ipsecstat, "IPsec IPv4 statistics."); #ifdef REGRESSION /* @@ -176,33 +176,31 @@ int ip6_esp_net_deflev = IPSEC_LEVEL_USE; int ip6_ah_trans_deflev = IPSEC_LEVEL_USE; int ip6_ah_net_deflev = IPSEC_LEVEL_USE; int ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */ -int ip6_esp_randpad = -1; SYSCTL_DECL(_net_inet6_ipsec6); /* net.inet6.ipsec6 */ #ifdef COMPAT_KAME SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD, - 0,0, compat_ipsecstats_sysctl, "S", ""); + 0,0, compat_ipsecstats_sysctl, "S", "IPsec IPv6 statistics."); #endif /* COMPAT_KAME */ SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, ""); + def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "IPsec default policy."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip6_esp_trans_deflev, 0, ""); + CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "Default ESP transport mode level."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip6_esp_net_deflev, 0, ""); + CTLFLAG_RW, &ip6_esp_net_deflev, 0, "Default ESP tunnel mode level."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip6_ah_trans_deflev, 0, ""); + CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "AH transfer mode default level."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip6_ah_net_deflev, 0, ""); + CTLFLAG_RW, &ip6_ah_net_deflev, 0, "AH tunnel mode default level."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, ""); + ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, + "Explicit Congestion Notification handling."); SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, ""); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD, - esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, ""); + debug, CTLFLAG_RW, &ipsec_debug, 0, "Enable IPsec debugging output when set."); SYSCTL_STRUCT(_net_inet6_ipsec6, IPSECCTL_STATS, - ipsecstats, CTLFLAG_RD, &ipsec6stat, ipsecstat, ""); + ipsecstats, CTLFLAG_RD, &ipsec6stat, ipsecstat, "IPsec IPv6 statistics."); #endif /* INET6 */ static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb)); diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h index 1d31d6c..9b23f4e 100644 --- a/sys/netipsec/ipsec6.h +++ b/sys/netipsec/ipsec6.h @@ -47,7 +47,6 @@ extern int ip6_esp_net_deflev; extern int ip6_ah_trans_deflev; extern int ip6_ah_net_deflev; extern int ip6_ipsec_ecn; -extern int ip6_esp_randpad; struct inpcb; |