Bug 57125

Summary: Comment to IPSEC_FILTERGIF in LINT is now misleading
Product: Base System Reporter: Adrian Steinmann <ast>
Component: confAssignee: Bruce M Simpson <bms>
Status: Closed FIXED    
Severity: Affects Only Me CC: rizzo
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Adrian Steinmann 2003-09-23 12:00:33 UTC 
	ipfw now has the ipsec keyword which should work when
	options IPSEC_FILTERGIF is enabled in kernel. LINT still
	seems to imply that this feature cannot be used like in
	openbsd, yet this is no longer true.

Fix: 

remove comment from LINT, or mention ipfw ipsec keyword there.

Adrian
How-To-Repeat: 	Read /usr/src/sys/i386/conf/LINT:

options IPSEC_FILTERGIF
# Note that enabling this can be problematic as there are no mechanisms
# in place for distinguishing packets coming out of a tunnel (e.g. no
# encX devices as found on openbsd).

and read 'man ipsec':
...
     ipsec   Matches packets that have IPSEC history associated with them
             (i.e. the packet comes encapsulated in IPSEC, the kernel has
             IPSEC support and IPSEC_FILTERGIF option, and can correctly
             decapsulate it).
...
Comment 1 Bruce M Simpson freebsd_committer freebsd_triage 2004-06-22 23:02:53 UTC 
State Changed
From-To: open->patched

An appropriate update has been committed to NOTES in -CURRENT.
Comment 2 Bruce M Simpson freebsd_committer freebsd_triage 2004-06-22 23:02:53 UTC 
Responsible Changed
From-To: freebsd-i386->bms

I'll take this
Comment 3 Matteo Riondato 2005-03-30 19:10:32 UTC 
Patch was committed and MFCed.
I think this PR can be closed
Best Regards
-- 
Rionda aka Matteo Riondato
Disinformato per default
G.U.F.I. Staff Member (http://www.gufi.org)
FreeSBIE Developer (http://www.freesbie.org)
Comment 4 Bruce M Simpson freebsd_committer freebsd_triage 2005-04-03 13:02:57 UTC 
State Changed
From-To: patched->closed

Committed