diff options
| author | danger <danger@FreeBSD.org> | 2006-08-24 17:07:19 +0000 |
|---|---|---|
| committer | danger <danger@FreeBSD.org> | 2006-08-24 17:07:19 +0000 |
| commit | 9c7584b81f0e3be6a8aaff77c856f1948cee3f1d (patch) | |
| tree | f4f2b0386d3f873bec93e08d99b91ca8b0b2abb4 /share | |
| parent | bf45440613f3fd9e190d786e0a1d1228eb524aa7 (diff) | |
| download | FreeBSD-src-9c7584b81f0e3be6a8aaff77c856f1948cee3f1d.zip FreeBSD-src-9c7584b81f0e3be6a8aaff77c856f1948cee3f1d.tar.gz | |
- add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know
that it is not possible to use Fast IPsec in conjuction with KAME IPsec
- add available kernel options to ipsec(4)
- add reference for fast_ipsec(4) to ipsec(4)
Reviewed by: trhodes (mentor), keramida (mentor)
Approved by: keramida (mentor)
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man4/fast_ipsec.4 | 14 | ||||
| -rw-r--r-- | share/man/man4/ipsec.4 | 7 |
2 files changed, 19 insertions, 2 deletions
diff --git a/share/man/man4/fast_ipsec.4 b/share/man/man4/fast_ipsec.4 index e792cd9..c743eab 100644 --- a/share/man/man4/fast_ipsec.4 +++ b/share/man/man4/fast_ipsec.4 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 20, 2003 +.Dd August 24, 2006 .Dt FAST_IPSEC 4 .Os .Sh NAME @@ -32,6 +32,7 @@ .Nd hardware-accelerated IP Security Protocols .Sh SYNOPSIS .Cd "options FAST_IPSEC" +.Cd "options IPSEC_FILTERGIF" .Cd "device crypto" .Pp .Bl -item -compact @@ -69,6 +70,11 @@ This documentation concentrates on differences from that software. The user should refer to .Xr ipsec 4 for basic information on setting up and using these protocols. +Note that it is not currently possible to use +.Nm +in conjuction with the +.Tn "KAME IPsec" +implementation. .Pp System configuration requires the .Xr crypto 4 @@ -83,6 +89,12 @@ The packets can be passed to a virtual interface, .Dq enc0 , to perform packet filtering before outbound encryption and after decapsulation inbound. +.Pp +To properly filter +.Xr gif 4 +tunnels with firewalls, add +.Cd "options IPSEC_FILTERGIF" +to the kernel configuration file. .Sh DIAGNOSTICS To be added. .Sh SEE ALSO diff --git a/share/man/man4/ipsec.4 b/share/man/man4/ipsec.4 index c4e4a0b..461b188 100644 --- a/share/man/man4/ipsec.4 +++ b/share/man/man4/ipsec.4 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 14, 2006 +.Dd August 24, 2006 .Dt IPSEC 4 .Os .Sh NAME @@ -39,6 +39,10 @@ .In sys/types.h .In netinet/in.h .In netinet6/ipsec.h +.Cd "options IPSEC" +.Cd "options IPSEC_DEBUG" +.Cd "options IPSEC_ESP" +.Cd "options IPSEC_FILTERGIF" .Sh DESCRIPTION .Nm is a security protocol implemented within the Internet Protocol layer @@ -253,6 +257,7 @@ routines from looking into the IP payload. .Xr ioctl 2 , .Xr socket 2 , .Xr ipsec_set_policy 3 , +.Xr fast_ipsec 4 , .Xr icmp6 4 , .Xr intro 4 , .Xr ip6 4 , |
