KAME-IPSEC has already supports TCP_SIGNATURE(IPv4)

svn path=/head/; revision=140033
2005-01-11 04:24:17 +00:00 · 2005-01-11 04:24:17 +00:00 · 017bee7424 · 2020-12-20 02:59:44 +00:00
commit 017bee7424
parent 5e4470116c
1 changed files with 2 additions and 2 deletions
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -696,8 +696,8 @@ options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
 # carried in TCP option 19. This option is commonly used to protect
 # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
 # This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
-# This requires the use of 'device crypto', 'options FAST_IPSEC', and
-# 'device cryptodev' as it depends on the non-KAME IPSEC SADB code.
+# This requires the use of 'device crypto', 'options FAST_IPSEC' or 'options
+# IPSEC', and 'device cryptodev'.
 #options 	TCP_SIGNATURE		#include support for RFC 2385

 # DUMMYNET enables the "dummynet" bandwidth limiter.  You need IPFIREWALL