Add a pseudo interface for packet filtering IPSec connections before or after

encryption. There are two functions, a bpf tap which has a basic header with the SPI number which our current tcpdump knows how to display, and handoff to pfil(9) for packet filtering. Obtained from: OpenBSD Based on: kern/94829 No objections: arch, net MFC after: 1 month
author: thompsa <thompsa@FreeBSD.org> 2006-06-26 22:30:08 +0000
committer: thompsa <thompsa@FreeBSD.org> 2006-06-26 22:30:08 +0000
commit: 320c8e5164d793a94bf5d538add0abe0d4f665ca (patch)
tree: ad08e122ba3a5390ec867d258e80d618c4727731 /share/man/man4/fast_ipsec.4
parent: f0555f2de979cc15b2f5899edf00461f6d7ead98 (diff)
download: FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.zip
FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/share/man/man4/fast_ipsec.4 b/share/man/man4/fast_ipsec.4
index 503ef60..e792cd9 100644
--- a/share/man/man4/fast_ipsec.4
+++ b/share/man/man4/fast_ipsec.4
@@ -78,10 +78,16 @@ When the
 protocols are configured for use, all protocols are included in the system.
 To selectively enable/disable protocols, use
 .Xr sysctl 8 .
+.Pp
+The packets can be passed to a virtual interface,
+.Dq enc0 ,
+to perform packet filtering before outbound encryption and after decapsulation
+inbound.
 .Sh DIAGNOSTICS
 To be added.
 .Sh SEE ALSO
 .Xr crypto 4 ,
+.Xr enc 4 ,
 .Xr ipsec 4 ,
 .Xr setkey 8 ,
 .Xr sysctl 8
author	thompsa <thompsa@FreeBSD.org>	2006-06-26 22:30:08 +0000
committer	thompsa <thompsa@FreeBSD.org>	2006-06-26 22:30:08 +0000
commit	320c8e5164d793a94bf5d538add0abe0d4f665ca (patch)
tree	ad08e122ba3a5390ec867d258e80d618c4727731 /share/man/man4/fast_ipsec.4
parent	f0555f2de979cc15b2f5899edf00461f6d7ead98 (diff)
download	FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.zip FreeBSD-src-320c8e5164d793a94bf5d538add0abe0d4f665ca.tar.gz