FreeBSD-src - Raptor Engineering's fork of pfsense FreeBSD src with pfSense changes

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove ifdefed out part of code, which seems to have originated a decade ago	trasz	2009-11-09	1	-2/+1
\| \| \| \| \| \| \| \| \|	in OpenBSD. As it is now, there is no way for this to be useful, since IPsec is free to forward packets via whatever interface it wants, so checking capabilities of the interface passed from ip_output (fetched from the routing table) serves no purpose. Discussed with: sam@
*	Only four out of nine arguments for ip_ipsec_output() are actually used.	pjd	2009-06-05	1	-2/+1
\| \| \| \| \|	Kill unused arguments except for 'ifp' as it might be used in the future for detecting IPsec-capable interfaces.
*	Take the route mtu into account, if available, when sending an	bz	2008-04-09	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	ICMP unreach, frag needed. Up to now we only looked at the interface MTU. Make sure to only use the minimum of the two. In case IPSEC is compiled in, loop the mtu through ip_ipsec_mtu() to avoid any further conditional maths. Without this, PMTU was broken in those cases when there was a route with a lower MTU than the MTU of the outgoing interface. PR: kern/122338 Tested by: Mark Cammidge mark peralex.com Reviewed by: silence on net@ MFC after: 2 weeks
*	Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.	bz	2007-08-05	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Also rename the related functions in a similar way. There are no functional changes. For a packet coming in with IPsec tunnel mode, the default is to only call into the firewall with the "outer" IP header and payload. With this option turned on, in addition to the "outer" parts, the "inner" IP header and payload are passed to the firewall too when going through ip_input() the second time. The option was never only related to a gif(4) tunnel within an IPsec tunnel and thus the name was very misleading. Discussed at: BSDCan 2007 Best new name suggested by: rwatson Reviewed by: rwatson Approved by: re (bmah)
*	Move the IPSEC related code blocks to their own file to unclutter	andre	2006-02-01	1	-0/+42
	and signifincantly improve the readability of ip_input() and ip_output() again. The resulting IPSEC hooks in ip_input() and ip_output() may be used later on for making IPSEC loadable. This move is mostly mechanical and should preserve current IPSEC behaviour as-is. Nothing shall prevent improvements in the way IPSEC interacts with the IPv4 stack. Discussed with: bz, gnn, rwatson; (earlier version)