Commit Graph

27 Commits

Author SHA1 Message Date
Kevin Lo
d92303b62c Nm ipsec 2012-11-07 06:53:44 +00:00
Joel Dahl
c913de0e06 Put parentheses around a few macros to prevent mdoc warnings. 2010-08-16 21:26:47 +00:00
Bjoern A. Zeeb
fbd69dff68 Correct typo.
Reported by:	gabor
MFC after:	5 days
2009-11-29 21:03:54 +00:00
Bjoern A. Zeeb
a77cb332ee Enable IPcomp by default.
PR:		kern/123587
MFC after:	5 days
2009-11-29 20:47:43 +00:00
Bjoern A. Zeeb
db2e47925e Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL
kernel option.
This also permits tuning of the option per virtual network stack, as
well as separately per inet, inet6.

The kernel option is left for a transition period, marked deprecated,
and will be removed soon.

Initially requested by:	phk (1 year 1 day ago)
MFC after:		4 weeks
2009-05-23 16:42:38 +00:00
Bjoern A. Zeeb
cc977adc71 Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.
Also rename the related functions in a similar way.
There are no functional changes.

For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.

With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.

The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.

Discussed at:			BSDCan 2007
Best new name suggested by:	rwatson
Reviewed by:			rwatson
Approved by:			re (bmah)
2007-08-05 16:16:15 +00:00
Bjoern A. Zeeb
e0c9263157 Remove the last entries to fast_ipsec.
Merge in parts of the old fast_ipsec.4 man page to ipsec.4 and
start updating ipsec.4 man page.

Reviewed by:	brueffer, sam (slightly earlier versions), bmah
Approved by:	re (bmah)
2007-08-02 08:04:48 +00:00
Ruslan Ermilov
81ae4b8da9 Markup fixes. 2006-09-18 15:24:20 +00:00
Daniel Gerzo
354a23892f - add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know
that it is not possible to use Fast IPsec in conjuction with KAME IPsec
- add available kernel options to ipsec(4)
- add reference for fast_ipsec(4) to ipsec(4)

Reviewed by: trhodes (mentor), keramida (mentor)
Approved by: keramida (mentor)
2006-08-24 17:07:19 +00:00
George V. Neville-Neil
0ae1d43205 A little extra cleaning up.
MFC after:	1 week
2006-02-14 13:20:09 +00:00
George V. Neville-Neil
108b9d8319 Clean up some descriptions and remove ambiguities in the language.
Add explanations to the examples.

MFC after:	1 week
2006-02-14 13:02:00 +00:00
Ruslan Ermilov
36a142c455 Expand contractions. 2005-02-13 23:45:54 +00:00
Ruslan Ermilov
6b806d21d1 Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
Tom Rhodes
a5254695a7 List RFCs under SEE ALSO.
PR:	46918
2005-01-11 21:08:39 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Hajimu UMEMOTO
d1b402ad6f clarify problem with inbound AH.
spdadd A B -P in ipsec esp/tunnel/C-D/use ah/tunnel/C-D/require;
does not work due to 1-bit validation bit we are using with inbound
policy checking.

Submitted by:	itojun
Obtained from:	KAME
MFC after:	1 week
2001-06-27 19:41:20 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Maxim Sobolev
1cdc139280 Correct cross-references:
setsockopt.3 --> setsockopt.2
  syslog.8 --> syslogd.8
  tcpdump.8 --> tcpdump.1

MFC after:	1 week
2001-06-05 12:50:33 +00:00
Ruslan Ermilov
3136363f3e Prepare for mdoc(7)NG. 2000-12-29 09:18:45 +00:00
Ruslan Ermilov
4b66483fd8 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 18:41:33 +00:00
Jun-ichiro itojun Hagino
9c77442e63 bring in latest kame doc. talk about ah tunnel caveat. 2000-07-17 02:22:18 +00:00
Yoshinobu Inoue
4c28393a52 Remove references to man pages that don't exist.
PR: docs/17506
2000-03-21 02:46:28 +00:00
Yoshinobu Inoue
25448059d2 Merge from KAME. Basically man doc improvement and contents fix.
Obtained from: KAME project
2000-03-12 16:37:25 +00:00
Jeroen Ruigrok van der Werven
12900fe317 Change .Os macro to an empty one to denote that the KAME files are
not FreeBSD specific.

Made happy:	sheldonh
2000-01-17 15:24:41 +00:00
Yoshinobu Inoue
9a4365d0e0 libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
2000-01-06 12:40:54 +00:00