From owner-freebsd-stable Sun Feb 23 9:47: 8 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70F2537B401 for ; Sun, 23 Feb 2003 09:47:06 -0800 (PST) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBF2643FBD for ; Sun, 23 Feb 2003 09:47:05 -0800 (PST) (envelope-from sam@errno.com) Received: from melange (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.5/8.12.1) with ESMTP id h1NHl5nN064127 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Sun, 23 Feb 2003 09:47:05 -0800 (PST)?g (envelope-from sam@errno.com)œ X-Authentication-Warning: ebb.errno.com: Host melange.errno.com [66.127.85.82] claimed to be melange Message-ID: <1a5401c2db63$945db690$52557f42@errno.com> From: "Sam Leffler" To: Subject: iHEADS UP: ipsec packet filtering change Date: Sun, 23 Feb 2003 09:47:05 -0800 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This may affect your ipfw/ipf rules. If you are happy with the current behaviour then add IPSEC_FILTERGIF to your kernel config file. Sam ----- Original Message ----- From: "Sam Leffler" To: ; ; Sent: Sunday, February 23, 2003 9:45 AM Subject: cvs commit: src/sys/conf options src/sys/netinet ip_input.c src/sys/i386/conf LINT > sam 2003/02/23 09:45:29 PST > > Modified files: (Branch: RELENG_4) > sys/conf options > sys/netinet ip_input.c > sys/i386/conf LINT > Log: > MFC: IPSEC_FILTERGIF config option > > Add a new config option IPSEC_FILTERGIF to control whether or not > packets coming out of a GIF tunnel are re-processed by ipfw, et. al. > By default they are not reprocessed. With the option they are. > > This reverts 1.214. Prior to that change packets were not re-processed. > After they were which caused problems because packets do not have > distinguishing characteristics (like a special network if) that allows > them to be filtered specially. > > PR: 48159 > Reviewed by: Guido van Rooij > Approved by: re (jhb, murray) > > Revision Changes Path > 1.191.2.47 +1 -0 src/sys/conf/options > http://cvsweb.FreeBSD.org/src/sys/conf/options.diff?r1=1.191.2.46&r2=1.191.2 .47 > 1.749.2.136 +11 -0 src/sys/i386/conf/LINT > http://cvsweb.FreeBSD.org/src/sys/i386/conf/LINT.diff?r1=1.749.2.135&r2=1.74 9.2.136 > 1.130.2.48 +7 -0 src/sys/netinet/ip_input.c > http://cvsweb.FreeBSD.org/src/sys/netinet/ip_input.c.diff?r1=1.130.2.47&r2=1 .130.2.48 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message