diff options
author | bz <bz@FreeBSD.org> | 2007-08-05 16:16:15 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2007-08-05 16:16:15 +0000 |
commit | 3793d89229b35eb423617b68199d0d05bced154b (patch) | |
tree | 5dbf6d16651fa5f4766b06925544da591a2f99c8 /sys/conf | |
parent | 2e613b81275b754323270ba112f9d73a553d837a (diff) | |
download | FreeBSD-src-3793d89229b35eb423617b68199d0d05bced154b.zip FreeBSD-src-3793d89229b35eb423617b68199d0d05bced154b.tar.gz |
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.
Also rename the related functions in a similar way.
There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.
With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007
Best new name suggested by: rwatson
Reviewed by: rwatson
Approved by: re (bmah)
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 8 | ||||
-rw-r--r-- | sys/conf/options | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 2daa91a..6303c0b 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -501,15 +501,15 @@ options INET6 #IPv6 communications protocols options IPSEC #IP security (requires device crypto) #options IPSEC_DEBUG #debug for IP security # -# Set IPSEC_FILTERGIF to force packets coming through a gif tunnel -# to be processed by any configured packet filtering (ipfw, ipf). -# The default is that packets coming from a tunnel are _not_ processed; +# Set IPSEC_FILTERTUNNEL to force packets coming through a tunnel +# to be processed by any configured packet filtering twice. +# The default is that packets coming out of a tunnel are _not_ processed; # they are assumed trusted. # # IPSEC history is preserved for such packets, and can be filtered # using ipfw(8)'s 'ipsec' keyword, when this option is enabled. # -#options IPSEC_FILTERGIF #filter ipsec packets from a tunnel +#options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel options IPX #IPX/SPX communications protocols diff --git a/sys/conf/options b/sys/conf/options index 633cdbb..337bd2a 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -362,7 +362,7 @@ INET opt_inet.h INET6 opt_inet6.h IPSEC opt_ipsec.h IPSEC_DEBUG opt_ipsec.h -IPSEC_FILTERGIF opt_ipsec.h +IPSEC_FILTERTUNNEL opt_ipsec.h IPDIVERT DUMMYNET opt_ipdn.h IPFILTER opt_ipfilter.h |