Date: Sat, 22 Feb 2003 16:47:07 -0800 (PST) From: Sam Leffler <sam@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_input.c src/sys/conf NOTES options Message-ID: <200302230047.h1N0l7OV000260@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
sam 2003/02/22 16:47:07 PST
Modified files:
sys/netinet ip_input.c
sys/conf NOTES options
Log:
Add a new config option IPSEC_FILTERGIF to control whether or not
packets coming out of a GIF tunnel are re-processed by ipfw, et. al.
By default they are not reprocessed. With the option they are.
This reverts 1.214. Prior to that change packets were not re-processed.
After they were which caused problems because packets do not have
distinguishing characteristics (like a special network if) that allows
them to be filtered specially.
This is really a stopgap measure designed for immediate MFC so that
4.8 has consistent handling to what was in 4.7.
PR: 48159
Reviewed by: Guido van Rooij <guido@gvr.org>
MFC after: 1 day
Revision Changes Path
1.1129 +11 -0 src/sys/conf/NOTES
1.374 +1 -0 src/sys/conf/options
1.226 +7 -0 src/sys/netinet/ip_input.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302230047.h1N0l7OV000260>