summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ip6_ipsec.h
Commit message (Collapse)AuthorAgeFilesLines
* MFC r266800 by vanhu:ae2014-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled Code logic inspired from NetBSD. PR: kern/169438 MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800. MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header. MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions. PR: 194761
* #if 0 out a currently unsued (and incomplete) function: ip6_ipsec_mtu().bz2008-03-141-1/+3
| | | | | | | | No need to compile 'dead' code. I am leaving it in because we will have to review the concept and should use the common function in various places. MFC after: 5 days
* Clean up VCS Ids.obrien2007-12-101-1/+1
|
* Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.bz2007-08-051-1/+1
| | | | | | | | | | | | | | | | | | | | | Also rename the related functions in a similar way. There are no functional changes. For a packet coming in with IPsec tunnel mode, the default is to only call into the firewall with the "outer" IP header and payload. With this option turned on, in addition to the "outer" parts, the "inner" IP header and payload are passed to the firewall too when going through ip_input() the second time. The option was never only related to a gif(4) tunnel within an IPsec tunnel and thus the name was very misleading. Discussed at: BSDCan 2007 Best new name suggested by: rwatson Reviewed by: rwatson Approved by: re (bmah)
* Commit IPv6 support for FAST_IPSEC to the tree.gnn2007-07-011-0/+41
This commit includes only the kernel files, the rest of the files will follow in a second commit. Reviewed by: bz Approved by: re Supported by: Secure Computing
OpenPOWER on IntegriCloud