| #
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| #
242691 |
|
07-Nov-2012 |
kevlo |
Nm ipsec
|
| #
211406 |
|
16-Aug-2010 |
joel |
Put parentheses around a few macros to prevent mdoc warnings.
|
| #
199950 |
|
29-Nov-2009 |
bz |
Correct typo.
Reported by: gabor
MFC after: 5 days
|
| #
199947 |
|
29-Nov-2009 |
bz |
Enable IPcomp by default.
PR: kern/123587
MFC after: 5 days
|
| #
192648 |
|
23-May-2009 |
bz |
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL
kernel option.
This also permits tuning of the option per virtual network stack, as
well as separately per inet, inet6.
The kernel option is left for a transition period, marked deprecated,
and will be removed soon.
Initially requested by: phk (1 year 1 day ago)
MFC after: 4 weeks
|
| #
171732 |
|
05-Aug-2007 |
bz |
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL.
Also rename the related functions in a similar way.
There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is
to only call into the firewall with the "outer" IP header and
payload.
With this option turned on, in addition to the "outer" parts,
the "inner" IP header and payload are passed to the
firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within
an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007
Best new name suggested by: rwatson
Reviewed by: rwatson
Approved by: re (bmah)
|
| #
171696 |
|
02-Aug-2007 |
bz |
Remove the last entries to fast_ipsec.
Merge in parts of the old fast_ipsec.4 man page to ipsec.4 and
start updating ipsec.4 man page.
Reviewed by: brueffer, sam (slightly earlier versions), bmah
Approved by: re (bmah)
|
| #
162404 |
|
18-Sep-2006 |
ru |
Markup fixes.
|
| #
161581 |
|
24-Aug-2006 |
danger |
- add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know
that it is not possible to use Fast IPsec in conjuction with KAME IPsec
- add available kernel options to ipsec(4)
- add reference for fast_ipsec(4) to ipsec(4)
Reviewed by: trhodes (mentor), keramida (mentor)
Approved by: keramida (mentor)
|
| #
155676 |
|
14-Feb-2006 |
gnn |
A little extra cleaning up.
MFC after: 1 week
|
| #
155673 |
|
14-Feb-2006 |
gnn |
Clean up some descriptions and remove ambiguities in the language.
Add explanations to the examples.
MFC after: 1 week
|
| #
141851 |
|
13-Feb-2005 |
ru |
Expand contractions.
|
| #
141580 |
|
09-Feb-2005 |
ru |
Fixed the misplaced $FreeBSD$.
|
| #
140083 |
|
11-Jan-2005 |
trhodes |
List RFCs under SEE ALSO.
PR: 46918
|
| #
84306 |
|
01-Oct-2001 |
ru |
mdoc(7) police: Use the new .In macro for #include statements.
|
| #
81251 |
|
07-Aug-2001 |
ru |
mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
|
| #
79454 |
|
09-Jul-2001 |
dd |
mdoc(7) police: remove extraneous .Pp before and/or after .Sh.
|
| #
78892 |
|
27-Jun-2001 |
ume |
clarify problem with inbound AH.
spdadd A B -P in ipsec esp/tunnel/C-D/use ah/tunnel/C-D/require;
does not work due to 1-bit validation bit we are using with inbound
policy checking.
Submitted by: itojun
Obtained from: KAME
MFC after: 1 week
|
| #
78064 |
|
11-Jun-2001 |
ume |
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
|
| #
77761 |
|
05-Jun-2001 |
sobomax |
Correct cross-references:
setsockopt.3 --> setsockopt.2
syslog.8 --> syslogd.8
tcpdump.8 --> tcpdump.1
MFC after: 1 week
|
| #
70466 |
|
29-Dec-2000 |
ru |
Prepare for mdoc(7)NG.
|
| #
68962 |
|
20-Nov-2000 |
ru |
mdoc(7) police: use the new features of the Nm macro.
|
| #
63291 |
|
17-Jul-2000 |
itojun |
bring in latest kame doc. talk about ah tunnel caveat.
|
| #
58413 |
|
21-Mar-2000 |
shin |
Remove references to man pages that don't exist.
PR: docs/17506
|
| #
57934 |
|
12-Mar-2000 |
shin |
Merge from KAME. Basically man doc improvement and contents fix.
Obtained from: KAME project
|
| #
56194 |
|
17-Jan-2000 |
asmodai |
Change .Os macro to an empty one to denote that the KAME files are
not FreeBSD specific.
Made happy: sheldonh
|
| #
55505 |
|
06-Jan-2000 |
shin |
libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|