summaryrefslogtreecommitdiff
path: root/etc/security
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2000-07-07 14:47:55 +0000
committerbrian <brian@cvs.openbsd.org>2000-07-07 14:47:55 +0000
commitcac590774c6243713f544d2ad4b7b9e4d79d8232 (patch)
treed4c34fe95c9ceb8c62ab109a77462673ff083a11 /etc/security
parent87c1d2af938e8acac68a66db936cbdef2a42fe61 (diff)
o Log the (payload/size) of all packet types, not just TCP packets
o If the new ``filter-decapsulation'' is enabled, delve into UDP packets that contain 0xff 0x03 as the first two bytes, and if we recognise it as PROTO_IP, decapsulate it for the purpose of filter checking. If we recognise it as PROTO_<anything else> mention this for logging purposes only. This change is aimed at people running PPPoUDP where the UDP traffic is being sent over another PPP link. It's desireable to have the top level link connected all the time, but to have the bottom level link capable of decapsulating the traffic and comparing the payload against the filters, thus allowing ``set filter dial ...'' to work in tunnelled environments. The caveat here is that the top ppp cannot employ any compression layers without making the data unreadable for the bottom ppp. ``disable deflate pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
Diffstat (limited to 'etc/security')
0 files changed, 0 insertions, 0 deletions