From owner-svn-src-all@freebsd.org Sun Aug 21 19:08:45 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67503BC03A9; Sun, 21 Aug 2016 19:08:45 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1938B1198; Sun, 21 Aug 2016 19:08:45 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bbY6q-000BWA-VU; Sun, 21 Aug 2016 22:08:40 +0300 Date: Sun, 21 Aug 2016 22:08:40 +0300 From: Slawa Olhovchenkov To: "Bjoern A. Zeeb" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r304572 - in head: sbin/ipfw sys/conf sys/netinet sys/netinet6 Message-ID: <20160821190840.GT22212@zxy.spb.ru> References: <201608211855.u7LItUo1028201@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201608211855.u7LItUo1028201@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2016 19:08:45 -0000 On Sun, Aug 21, 2016 at 06:55:30PM +0000, Bjoern A. Zeeb wrote: > Author: bz > Date: Sun Aug 21 18:55:30 2016 > New Revision: 304572 > URL: https://svnweb.freebsd.org/changeset/base/304572 > > Log: > Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated > more than 7 years ago in favour of a sysctl in r192648. Need note to UPDAING. > Modified: > head/sbin/ipfw/ipfw.8 > head/sys/conf/NOTES > head/sys/conf/options > head/sys/netinet/ip_ipsec.c > head/sys/netinet6/ip6_ipsec.c > > Modified: head/sbin/ipfw/ipfw.8 > ============================================================================== > --- head/sbin/ipfw/ipfw.8 Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sbin/ipfw/ipfw.8 Sun Aug 21 18:55:30 2016 (r304572) > @@ -1,7 +1,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd August 13, 2016 > +.Dd August 21, 2016 > .Dt IPFW 8 > .Os > .Sh NAME > @@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence fi > .It Cm ipsec > Matches packets that have IPSEC history associated with them > (i.e., the packet comes encapsulated in IPSEC, the kernel > -has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly > -decapsulate it). > +has IPSEC support, and can correctly decapsulate it). > .Pp > Note that specifying > .Cm ipsec > > Modified: head/sys/conf/NOTES > ============================================================================== > --- head/sys/conf/NOTES Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/conf/NOTES Sun Aug 21 18:55:30 2016 (r304572) > @@ -626,17 +626,6 @@ options TCP_OFFLOAD # TCP offload supp > options IPSEC #IP security (requires device crypto) > #options IPSEC_DEBUG #debug for IP security > # > -# #DEPRECATED# > -# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets > -# coming through a tunnel to be processed by any configured packet filtering > -# twice. The default is that packets coming out of a tunnel are _not_ processed; > -# they are assumed trusted. > -# > -# IPSEC history is preserved for such packets, and can be filtered > -# using ipfw(8)'s 'ipsec' keyword, when this option is enabled. > -# > -#options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel > -# > # Set IPSEC_NAT_T to enable NAT-Traversal support. This enables > # optional UDP encapsulation of ESP packets. > # > > Modified: head/sys/conf/options > ============================================================================== > --- head/sys/conf/options Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/conf/options Sun Aug 21 18:55:30 2016 (r304572) > @@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE opt_ipfw.h > IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h > IPSEC opt_ipsec.h > IPSEC_DEBUG opt_ipsec.h > -IPSEC_FILTERTUNNEL opt_ipsec.h > IPSEC_NAT_T opt_ipsec.h > IPSTEALTH > KRPC > > Modified: head/sys/netinet/ip_ipsec.c > ============================================================================== > --- head/sys/netinet/ip_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/netinet/ip_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) > @@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$"); > > extern struct protosw inetsw[]; > > -#ifdef IPSEC_FILTERTUNNEL > -static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1; > -#else > static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0; > -#endif > #define V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel) > > SYSCTL_DECL(_net_inet_ipsec); > > Modified: head/sys/netinet6/ip6_ipsec.c > ============================================================================== > --- head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) > +++ head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) > @@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$"); > > extern struct protosw inet6sw[]; > > -#ifdef IPSEC_FILTERTUNNEL > -static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1; > -#else > static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0; > -#endif > #define V_ip6_ipsec6_filtertunnel VNET(ip6_ipsec6_filtertunnel) > > SYSCTL_DECL(_net_inet6_ipsec6); > _______________________________________________ > svn-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"