From 936b40e834a76420e1cdf1fb5883932ff7ee0ba2 Mon Sep 17 00:00:00 2001 From: suz Date: Tue, 11 Jan 2005 04:24:17 +0000 Subject: KAME-IPSEC has already supports TCP_SIGNATURE(IPv4) --- sys/conf/NOTES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/conf/NOTES b/sys/conf/NOTES index f143273..ca91c22 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -696,8 +696,8 @@ options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. # This is enabled on a per-socket basis using the TCP_MD5SIG socket option. -# This requires the use of 'device crypto', 'options FAST_IPSEC', and -# 'device cryptodev' as it depends on the non-KAME IPSEC SADB code. +# This requires the use of 'device crypto', 'options FAST_IPSEC' or 'options +# IPSEC', and 'device cryptodev'. #options TCP_SIGNATURE #include support for RFC 2385 # DUMMYNET enables the "dummynet" bandwidth limiter. You need IPFIREWALL -- cgit v1.1