Date: Sun, 21 Aug 2016 22:08:40 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r304572 - in head: sbin/ipfw sys/conf sys/netinet sys/netinet6 Message-ID: <20160821190840.GT22212@zxy.spb.ru> In-Reply-To: <201608211855.u7LItUo1028201@repo.freebsd.org> References: <201608211855.u7LItUo1028201@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 21, 2016 at 06:55:30PM +0000, Bjoern A. Zeeb wrote: > Author: bz > Date: Sun Aug 21 18:55:30 2016 > New Revision: 304572 > URL: https://svnweb.freebsd.org/changeset/base/304572 > > Log: > Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated > more than 7 years ago in favour of a sysctl in r192648. Need note to UPDAING. > Modified: > head/sbin/ipfw/ipfw.8 > head/sys/conf/NOTES > head/sys/conf/options > head/sys/netinet/ip_ipsec.c > head/sys/netinet6/ip6_ipsec.c > > Modified: head/sbin/ipfw/ipfw.8 > ============================================================================== > --- head/sbin/ipfw/ipfw.8 Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sbin/ipfw/ipfw.8 Sun Aug 21 18:55:30 2016 (r304572) > @@ -1,7 +1,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd August 13, 2016 > +.Dd August 21, 2016 > .Dt IPFW 8 > .Os > .Sh NAME > @@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence fi > .It Cm ipsec > Matches packets that have IPSEC history associated with them > (i.e., the packet comes encapsulated in IPSEC, the kernel > -has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly > -decapsulate it). > +has IPSEC support, and can correctly decapsulate it). > .Pp > Note that specifying > .Cm ipsec > > Modified: head/sys/conf/NOTES > ============================================================================== > --- head/sys/conf/NOTES Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/conf/NOTES Sun Aug 21 18:55:30 2016 (r304572) > @@ -626,17 +626,6 @@ options TCP_OFFLOAD # TCP offload supp > options IPSEC #IP security (requires device crypto) > #options IPSEC_DEBUG #debug for IP security > # > -# #DEPRECATED# > -# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets > -# coming through a tunnel to be processed by any configured packet filtering > -# twice. The default is that packets coming out of a tunnel are _not_ processed; > -# they are assumed trusted. > -# > -# IPSEC history is preserved for such packets, and can be filtered > -# using ipfw(8)'s 'ipsec' keyword, when this option is enabled. > -# > -#options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel > -# > # Set IPSEC_NAT_T to enable NAT-Traversal support. This enables > # optional UDP encapsulation of ESP packets. > # > > Modified: head/sys/conf/options > ============================================================================== > --- head/sys/conf/options Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/conf/options Sun Aug 21 18:55:30 2016 (r304572) > @@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE opt_ipfw.h > IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h > IPSEC opt_ipsec.h > IPSEC_DEBUG opt_ipsec.h > -IPSEC_FILTERTUNNEL opt_ipsec.h > IPSEC_NAT_T opt_ipsec.h > IPSTEALTH > KRPC > > Modified: head/sys/netinet/ip_ipsec.c > ============================================================================== > --- head/sys/netinet/ip_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/netinet/ip_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) > @@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$"); > > extern struct protosw inetsw[]; > > -#ifdef IPSEC_FILTERTUNNEL > -static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1; > -#else > static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0; > -#endif > #define V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel) > > SYSCTL_DECL(_net_inet_ipsec); > > Modified: head/sys/netinet6/ip6_ipsec.c > ============================================================================== > --- head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) > @@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$"); > > extern struct protosw inet6sw[]; > > -#ifdef IPSEC_FILTERTUNNEL > -static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1; > -#else > static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0; > -#endif > #define V_ip6_ipsec6_filtertunnel VNET(ip6_ipsec6_filtertunnel) > > SYSCTL_DECL(_net_inet6_ipsec6); > _______________________________________________ > svn-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160821190840.GT22212>