From owner-svn-src-all@freebsd.org Sun Aug 21 18:55:32 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D24DBC009B; Sun, 21 Aug 2016 18:55:32 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 076BB1ABA; Sun, 21 Aug 2016 18:55:31 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7LItVPu028206; Sun, 21 Aug 2016 18:55:31 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7LItUo1028201; Sun, 21 Aug 2016 18:55:30 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201608211855.u7LItUo1028201@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sun, 21 Aug 2016 18:55:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r304572 - in head: sbin/ipfw sys/conf sys/netinet sys/netinet6 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2016 18:55:32 -0000 Author: bz Date: Sun Aug 21 18:55:30 2016 New Revision: 304572 URL: https://svnweb.freebsd.org/changeset/base/304572 Log: Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated more than 7 years ago in favour of a sysctl in r192648. Modified: head/sbin/ipfw/ipfw.8 head/sys/conf/NOTES head/sys/conf/options head/sys/netinet/ip_ipsec.c head/sys/netinet6/ip6_ipsec.c Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Sun Aug 21 18:37:21 2016 (r304571) +++ head/sbin/ipfw/ipfw.8 Sun Aug 21 18:55:30 2016 (r304572) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 13, 2016 +.Dd August 21, 2016 .Dt IPFW 8 .Os .Sh NAME @@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence fi .It Cm ipsec Matches packets that have IPSEC history associated with them (i.e., the packet comes encapsulated in IPSEC, the kernel -has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly -decapsulate it). +has IPSEC support, and can correctly decapsulate it). .Pp Note that specifying .Cm ipsec Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/conf/NOTES Sun Aug 21 18:55:30 2016 (r304572) @@ -626,17 +626,6 @@ options TCP_OFFLOAD # TCP offload supp options IPSEC #IP security (requires device crypto) #options IPSEC_DEBUG #debug for IP security # -# #DEPRECATED# -# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets -# coming through a tunnel to be processed by any configured packet filtering -# twice. The default is that packets coming out of a tunnel are _not_ processed; -# they are assumed trusted. -# -# IPSEC history is preserved for such packets, and can be filtered -# using ipfw(8)'s 'ipsec' keyword, when this option is enabled. -# -#options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel -# # Set IPSEC_NAT_T to enable NAT-Traversal support. This enables # optional UDP encapsulation of ESP packets. # Modified: head/sys/conf/options ============================================================================== --- head/sys/conf/options Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/conf/options Sun Aug 21 18:55:30 2016 (r304572) @@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h IPSEC opt_ipsec.h IPSEC_DEBUG opt_ipsec.h -IPSEC_FILTERTUNNEL opt_ipsec.h IPSEC_NAT_T opt_ipsec.h IPSTEALTH KRPC Modified: head/sys/netinet/ip_ipsec.c ============================================================================== --- head/sys/netinet/ip_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/netinet/ip_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) @@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$"); extern struct protosw inetsw[]; -#ifdef IPSEC_FILTERTUNNEL -static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1; -#else static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0; -#endif #define V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel) SYSCTL_DECL(_net_inet_ipsec); Modified: head/sys/netinet6/ip6_ipsec.c ============================================================================== --- head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:37:21 2016 (r304571) +++ head/sys/netinet6/ip6_ipsec.c Sun Aug 21 18:55:30 2016 (r304572) @@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$"); extern struct protosw inet6sw[]; -#ifdef IPSEC_FILTERTUNNEL -static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1; -#else static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0; -#endif #define V_ip6_ipsec6_filtertunnel VNET(ip6_ipsec6_filtertunnel) SYSCTL_DECL(_net_inet6_ipsec6);