This may affect your ipfw/ipf rules. If you are happy with the current
behaviour then add IPSEC_FILTERGIF to your kernel config file.
Sam
----- Original Message -----
From: "Sam Leffler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Saturday, February 22, 2003 4:47 PM
Subject: cvs commit: src/sys/netinet ip_input.c src/sys/conf NOTES options
> sam 2003/02/22 16:47:07 PST
>
> Modified files:
> sys/netinet ip_input.c
> sys/conf NOTES options
> Log:
> Add a new config option IPSEC_FILTERGIF to control whether or not
> packets coming out of a GIF tunnel are re-processed by ipfw, et. al.
> By default they are not reprocessed. With the option they are.
>
> This reverts 1.214. Prior to that change packets were not re-processed.
> After they were which caused problems because packets do not have
> distinguishing characteristics (like a special network if) that allows
> them to be filtered specially.
>
> This is really a stopgap measure designed for immediate MFC so that
> 4.8 has consistent handling to what was in 4.7.
>
> PR: 48159
> Reviewed by: Guido van Rooij <[EMAIL PROTECTED]>
> MFC after: 1 day
>
> Revision Changes Path
> 1.1129 +11 -0 src/sys/conf/NOTES
> http://cvsweb.FreeBSD.org/src/sys/conf/NOTES.diff?r1=1.1128&r2=1.1129
> 1.374 +1 -0 src/sys/conf/options
> http://cvsweb.FreeBSD.org/src/sys/conf/options.diff?r1=1.373&r2=1.374
> 1.226 +7 -0 src/sys/netinet/ip_input.c
>
http://cvsweb.FreeBSD.org/src/sys/netinet/ip_input.c.diff?r1=1.225&r2=1.226
>
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
