From 68c3a2644020ab168aab434e62557e65bfbfe932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=C3=A7i?= Date: Tue, 4 Nov 2008 22:38:00 +0000 Subject: Disable bpf(4) abilities on enc0 by default its too much overhead to be on by default. If one wishes to look up the ipsec traffic through tcpdump they can set the sysctl themselves with explanations here: http://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+8-current&format=html --- etc/inc/system.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 03204f4..878d37e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -40,9 +40,9 @@ function activate_sysctls() { mwexec("sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\""); - exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000002"); + exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000000"); - exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000001"); + exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000"); exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000001"); } -- cgit v1.1