From ast@marabu.ch  Tue Sep 23 04:00:06 2003
Return-Path: <ast@marabu.ch>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 55CA416A4BF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Sep 2003 04:00:06 -0700 (PDT)
Received: from oneplusone.ch (oneplusone.ch [212.55.208.170])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E27A643F93
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Sep 2003 04:00:04 -0700 (PDT)
	(envelope-from ast@marabu.ch)
Received: from oneplusone.ch (localhost [127.0.0.1])
	by oneplusone.ch (8.12.8p2/8.12.8) with ESMTP id h8NB02vo009807;
	Tue, 23 Sep 2003 13:00:02 +0200 (MEST)
	(envelope-from ast@marabu.ch)
Received: (from uucp@localhost)
	by oneplusone.ch (8.12.8p2/8.12.3/Submit) with UUCP id h8NB02Y5009806;
	Tue, 23 Sep 2003 13:00:02 +0200 (MEST)
Received: from nano.marabu.ch (localhost [127.0.0.1])
	by nano.marabu.ch (8.12.9/8.12.9) with ESMTP id h8NAwhuv063488;
	Tue, 23 Sep 2003 12:58:43 +0200 (MEST)
	(envelope-from ast@nano.marabu.ch)
Received: (from ast@localhost)
	by nano.marabu.ch (8.12.9/8.12.9/Submit) id h8NAwgn8063487;
	Tue, 23 Sep 2003 12:58:42 +0200 (MEST)
	(envelope-from ast)
Message-Id: <200309231058.h8NAwgn8063487@nano.marabu.ch>
Date: Tue, 23 Sep 2003 12:58:42 +0200 (MEST)
From: Adrian Steinmann <ast@marabu.ch>
Reply-To: Adrian Steinmann <ast@marabu.ch>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Luigi Rizzo <rizzo@icir.org>
Subject: Comment to IPSEC_FILTERGIF in LINT is now misleading
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         57125
>Category:       conf
>Synopsis:       Comment to IPSEC_FILTERGIF in LINT is now misleading
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 23 04:00:33 PDT 2003
>Closed-Date:    Sun Apr 03 12:03:19 GMT 2005
>Last-Modified:  Sun Apr 03 12:03:19 GMT 2005
>Originator:     Adrian Steinmann
>Release:        FreeBSD 4.8-STYX-20030912 i386
>Organization:
Webgroup Consulting AG
>Environment:
System: FreeBSD nano.marabu.ch 4.8-STYX-20030912 FreeBSD 4.8-STYX-20030912 #0: Fri Sep 12 23:38:08 GMT 2003 root@rumori.com:/usr/src/sys/compile/STYX i386
>Description:
	ipfw now has the ipsec keyword which should work when
	options IPSEC_FILTERGIF is enabled in kernel. LINT still
	seems to imply that this feature cannot be used like in
	openbsd, yet this is no longer true.
>How-To-Repeat:
	Read /usr/src/sys/i386/conf/LINT:

options IPSEC_FILTERGIF
# Note that enabling this can be problematic as there are no mechanisms
# in place for distinguishing packets coming out of a tunnel (e.g. no
# encX devices as found on openbsd).

and read 'man ipsec':
...
     ipsec   Matches packets that have IPSEC history associated with them
             (i.e. the packet comes encapsulated in IPSEC, the kernel has
             IPSEC support and IPSEC_FILTERGIF option, and can correctly
             decapsulate it).
...


>Fix:

remove comment from LINT, or mention ipfw ipsec keyword there.

Adrian
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: bms 
State-Changed-When: Tue Jun 22 22:02:53 GMT 2004 
State-Changed-Why:  
An appropriate update has been committed to NOTES in -CURRENT. 


Responsible-Changed-From-To: freebsd-i386->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue Jun 22 22:02:53 GMT 2004 
Responsible-Changed-Why:  
I'll take this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57125 

From: Matteo Riondato <rionda@gufi.org>
To: bug-followup@freebsd.org
Cc: freebsd-bugs@freebsd.org
Subject: Re: conf/57125: Comment to IPSEC_FILTERGIF in LINT is now misleading
Date: Wed, 30 Mar 2005 20:10:32 +0200

 --YNEMMPJXay2VNSoy
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Patch was committed and MFCed.
 I think this PR can be closed
 Best Regards
 --=20
 Rionda aka Matteo Riondato
 Disinformato per default
 G.U.F.I. Staff Member (http://www.gufi.org)
 FreeSBIE Developer (http://www.freesbie.org)
 
 --YNEMMPJXay2VNSoy
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.0 (FreeBSD)
 
 iD8DBQFCSuuY2Mp4pR7Fa+wRAlyuAKDU98648udCi9kkVK5KzueJcKfI3wCeL5oB
 KSZDyfiwXtZCJeIhZ3zYw7Y=
 =osc6
 -----END PGP SIGNATURE-----
 
 --YNEMMPJXay2VNSoy--
State-Changed-From-To: patched->closed 
State-Changed-By: bms 
State-Changed-When: Sun Apr 3 12:02:57 GMT 2005 
State-Changed-Why:  
Committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57125 
>Unformatted:
