From owner-cvs-src@FreeBSD.ORG  Wed Nov 28 22:33:53 2007
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 615EF16A41A;
	Wed, 28 Nov 2007 22:33:53 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 60BD013C468;
	Wed, 28 Nov 2007 22:33:53 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id lASMXrva052783;
	Wed, 28 Nov 2007 22:33:53 GMT (envelope-from bz@repoman.freebsd.org)
Received: (from bz@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id lASMXrmm052782;
	Wed, 28 Nov 2007 22:33:53 GMT (envelope-from bz)
Message-Id: <200711282233.lASMXrmm052782@repoman.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Wed, 28 Nov 2007 22:33:53 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sys/net if_enc.c src/sys/netipsec ipsec.h
 ipsec_input.c ipsec_output.c xform.h xform_ipip.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2007 22:33:53 -0000

bz          2007-11-28 22:33:53 UTC

  FreeBSD src repository

  Modified files:
    sys/net              if_enc.c 
    sys/netipsec         ipsec.h ipsec_input.c ipsec_output.c 
                         xform.h xform_ipip.c 
  Log:
  Add sysctls to if_enc(4) to control whether the firewalls or
  bpf will see inner and outer headers or just inner or outer
  headers for incoming and outgoing IPsec packets.
  
  This is useful in bpf to not have over long lines for debugging
  or selcting packets based on the inner headers.
  It also properly defines the behavior of what the firewalls see.
  
  Last but not least it gives you if_enc(4) for IPv6 as well.
  
  [ As some auxiliary state was not available in the later
    input path we save it in the tdbi. That way tcpdump can give a
    consistent view of either of (authentic,confidential) for both
    before and after states. ]
  
  Discussed with: thompsa (2007-04-25, basic idea of unifying paths)
  Reviewed by:    thompsa, gnn
  
  Revision  Changes    Path
  1.7       +74 -11    src/sys/net/if_enc.c
  1.14      +9 -2      src/sys/netipsec/ipsec.h
  1.20      +21 -2     src/sys/netipsec/ipsec_input.c
  1.17      +24 -2     src/sys/netipsec/ipsec_output.c
  1.4       +3 -0      src/sys/netipsec/xform.h
  1.16      +15 -1     src/sys/netipsec/xform_ipip.c