Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated

more than 7 years ago in favour of a sysctl in r192648.
svn path=/head/; revision=304572
2024-11-27 03:11:52 +01:00 · 2016-08-21 18:55:30 +00:00 · 2016-08-21 18:55:30 +00:00 · 77ecef378a · 2020-12-20 02:59:44 +00:00
commit 77ecef378a
parent a6ae9251b4
5 changed files with 2 additions and 23 deletions
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 13, 2016
+.Dd August 21, 2016
 .Dt IPFW 8
 .Os
 .Sh NAME
@ -1588,8 +1588,7 @@ Matches IPv4 packets whose precedence field is equal to
 .It Cm ipsec
 Matches packets that have IPSEC history associated with them
 (i.e., the packet comes encapsulated in IPSEC, the kernel
-has IPSEC support and IPSEC_FILTERTUNNEL option, and can correctly
-decapsulate it).
+has IPSEC support, and can correctly decapsulate it).
 .Pp
 Note that specifying
 .Cm ipsec
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -626,17 +626,6 @@ options 	TCP_OFFLOAD		# TCP offload support.
 options 	IPSEC			#IP security (requires device crypto)
 #options 	IPSEC_DEBUG		#debug for IP security
 #
-# #DEPRECATED#
-# Set IPSEC_FILTERTUNNEL to change the default of the sysctl to force packets
-# coming through a tunnel to be processed by any configured packet filtering
-# twice. The default is that packets coming out of a tunnel are _not_ processed;
-# they are assumed trusted.
-#
-# IPSEC history is preserved for such packets, and can be filtered
-# using ipfw(8)'s 'ipsec' keyword, when this option is enabled.
-#
-#options 	IPSEC_FILTERTUNNEL	#filter ipsec packets from a tunnel
-#
 # Set IPSEC_NAT_T to enable NAT-Traversal support.  This enables
 # optional UDP encapsulation of ESP packets.
 #
--- a/sys/conf/options
+++ b/sys/conf/options
@ -424,7 +424,6 @@ IPFIREWALL_VERBOSE	opt_ipfw.h
 IPFIREWALL_VERBOSE_LIMIT	opt_ipfw.h
 IPSEC			opt_ipsec.h
 IPSEC_DEBUG		opt_ipsec.h
-IPSEC_FILTERTUNNEL	opt_ipsec.h
 IPSEC_NAT_T		opt_ipsec.h
 IPSTEALTH
 KRPC
--- a/sys/netinet/ip_ipsec.c
+++ b/sys/netinet/ip_ipsec.c
@ -68,11 +68,7 @@ __FBSDID("$FreeBSD$");

 extern	struct protosw inetsw[];

-#ifdef IPSEC_FILTERTUNNEL
-static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 1;
-#else
 static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0;
-#endif
 #define	V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel)

 SYSCTL_DECL(_net_inet_ipsec);
--- a/sys/netinet6/ip6_ipsec.c
+++ b/sys/netinet6/ip6_ipsec.c
@ -79,11 +79,7 @@ __FBSDID("$FreeBSD$");

 extern	struct protosw inet6sw[];

-#ifdef IPSEC_FILTERTUNNEL
-static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 1;
-#else
 static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0;
-#endif
 #define	V_ip6_ipsec6_filtertunnel	VNET(ip6_ipsec6_filtertunnel)

 SYSCTL_DECL(_net_inet6_ipsec6);