freebsd-skq/sys/netipsec
Bjoern A. Zeeb 19ad9831df Add sysctls to if_enc(4) to control whether the firewalls or
bpf will see inner and outer headers or just inner or outer
headers for incoming and outgoing IPsec packets.

This is useful in bpf to not have over long lines for debugging
or selcting packets based on the inner headers.
It also properly defines the behavior of what the firewalls see.

Last but not least it gives you if_enc(4) for IPv6 as well.

[ As some auxiliary state was not available in the later
  input path we save it in the tdbi. That way tcpdump can give a
  consistent view of either of (authentic,confidential) for both
  before and after states. ]

Discussed with:	thompsa (2007-04-25, basic idea of unifying paths)
Reviewed by:	thompsa, gnn
2007-11-28 22:33:53 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipip_var.h
ipsec6.h
ipsec_input.c Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00
ipsec_mbuf.c
ipsec_osdep.h
ipsec_output.c Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00
ipsec.c Adjust a comment that suggest that we might consider a panic. 2007-11-28 21:48:21 +00:00
ipsec.h Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00
key_debug.c
key_debug.h
key_var.h
key.c
key.h
keydb.h
keysock.c Move the priv check before the malloc call for so_pcb. 2007-11-16 22:35:33 +00:00
keysock.h
xform_ah.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
xform_esp.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
xform_ipcomp.c Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which 2007-08-06 14:26:03 +00:00
xform_ipip.c Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00
xform_tcp.c
xform.h Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00