Date: Sun, 21 Aug 2016 18:55:30 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r304572 - in head: sbin/ipfw sys/conf sys/netinet sys/netinet6 Message-ID: <201608211855.u7LItUo1028201@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Sun Aug 21 18:55:30 2016 New Revision: 304572 URL: https://svnweb.freebsd.org/changeset/base/304572 Log: Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated more than 7 years ago in favour of a sysctl in r192648. Modified: head/sbin/ipfw/ipfw.8 head/sys/conf/NOTES head/sys/conf/options head/sys/netinet/ip_ipsec.c head/sys/netinet6/ip6_ipsec.c Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Sun Aug 21 18:37:21 2016 (r304571) +++ head/sbin/ipfw/ipfw.8 Sun Aug 21 18:55:30 2016 (r304572) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 13, 2016 +.Dd August 21, 2016 .Dt IPFW 8 .Os .Sh NAME @@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence fi .It Cm ipsec Matches packets that have IPSEC history associated with them (i.e., the packet comes encapsulated in IPSEC, the kernel -has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly -decapsulate it). +has IPSEC support, and can correctly decapsulate it). .Pp Note that specifying .Cm ipsec Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/conf/NOTES Sun Aug 21 18:55:30 2016 (r304572) @@ -626,17 +626,6 @@ options TCP_OFFLOAD # TCP offload supp options IPSEC #IP security (requires device crypto) #options IPSEC_DEBUG #debug for IP security # -# #DEPRECATED# -# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets -# coming through a tunnel to be processed by any configured packet filtering -# twice. The default is that packets coming out of a tunnel are _not_ processed; -# they are assumed trusted. -# -# IPSEC history is preserved for such packets, and can be filtered -# using ipfw(8)'s 'ipsec' keyword, when this option is enabled. -# -#options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel -# # Set IPSEC_NAT_T to enable NAT-Traversal support. This enables # optional UDP encapsulation of ESP packets. # Modified: head/sys/conf/options ============================================================================== --- head/sys/conf/options Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/conf/options Sun Aug 21 18:55:30 2016 (r304572) @@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h IPSEC opt_ipsec.h IPSEC_DEBUG opt_ipsec.h -IPSEC_FILTERTUNNEL opt_ipsec.h IPSEC_NAT_T opt_ipsec.h IPSTEALTH KRPC Modified: head/sys/netinet/ip_ipsec.c ============================================================================== --- head/sys/netinet/ip_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/netinet/ip_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) @@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$"); extern struct protosw inetsw[]; -#ifdef IPSEC_FILTERTUNNEL -static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1; -#else static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0; -#endif #define V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel) SYSCTL_DECL(_net_inet_ipsec); Modified: head/sys/netinet6/ip6_ipsec.c ============================================================================== --- head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) @@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$"); extern struct protosw inet6sw[]; -#ifdef IPSEC_FILTERTUNNEL -static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1; -#else static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0; -#endif #define V_ip6_ipsec6_filtertunnel VNET(ip6_ipsec6_filtertunnel) SYSCTL_DECL(_net_inet6_ipsec6);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608211855.u7LItUo1028201>