From 13a6cf24ac3cc966b773e07f38a9fdc6b321e29c Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Sat, 30 Oct 2010 18:52:44 +0000
Subject: [PATCH] Announce both IPsec and UDP Encap (NAT-T) if available for
 feature_present(3) checks.

This will help to run-time detect and conditionally handle specific
optionas of either feature in user space (i.e. in libipsec).

Descriptions read by:	rwatson
MFC after:		2 weeks
---
 sys/netipsec/ipsec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 1f48dd6c3da6..712040f43aeb 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -126,6 +126,11 @@ VNET_DEFINE(int, ip4_esp_randpad) = -1;
  */
 VNET_DEFINE(int, crypto_support) = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
 
+FEATURE(ipsec, "Internet Protocol Security (IPsec)");
+#ifdef IPSEC_NAT_T
+FEATURE(ipsec_natt, "UDP Encapsulation of IPsec ESP Packets ('NAT-T')");
+#endif
+
 SYSCTL_DECL(_net_inet_ipsec);
 
 /* net.inet.ipsec */