diff options
| author | bz <bz@FreeBSD.org> | 2007-08-05 16:16:15 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2007-08-05 16:16:15 +0000 |
| commit | 3793d89229b35eb423617b68199d0d05bced154b (patch) | |
| tree | 5dbf6d16651fa5f4766b06925544da591a2f99c8 /sys/netinet6/ip6_ipsec.c | |
| parent | 2e613b81275b754323270ba112f9d73a553d837a (diff) | |
| download | FreeBSD-src-3793d89229b35eb423617b68199d0d05bced154b.zip FreeBSD-src-3793d89229b35eb423617b68199d0d05bced154b.tar.gz | |
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.
Also rename the related functions in a similar way.
There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.
With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007
Best new name suggested by: rwatson
Reviewed by: rwatson
Approved by: re (bmah)
Diffstat (limited to 'sys/netinet6/ip6_ipsec.c')
| -rw-r--r-- | sys/netinet6/ip6_ipsec.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet6/ip6_ipsec.c b/sys/netinet6/ip6_ipsec.c index 12b43f2..5e13241 100644 --- a/sys/netinet6/ip6_ipsec.c +++ b/sys/netinet6/ip6_ipsec.c @@ -77,11 +77,11 @@ extern struct protosw inet6sw[]; * 1 = jump over firewall, 0 = packet goes through firewall. */ int -ip6_ipsec_filtergif(struct mbuf *m) +ip6_ipsec_filtertunnel(struct mbuf *m) { -#if defined(IPSEC) && !defined(IPSEC_FILTERGIF) +#if defined(IPSEC) && !defined(IPSEC_FILTERTUNNEL) /* - * Bypass packet filtering for packets from a tunnel (gif). + * Bypass packet filtering for packets from a tunnel. */ if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL) return 1; |
