diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-09 23:42:38 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-09 23:42:38 +0000 |
| commit | a6003b87fb334668a4dfd89f046ccc0909b3db7a (patch) | |
| tree | 15e1e3818c0d9582cb092c449c269a0640a0bb83 /sys/netinet/ip_esp.h | |
| parent | 8711db1a766b04b5a2affbddd77484ac2f1c1639 (diff) | |
Add ingress ACL for IPsec: after being processed, IPsec packets are
matched against a list of acceptable packet classes, if
sysctl variable net.inet.ip.ipsec-acl is set to 1.
Diffstat (limited to 'sys/netinet/ip_esp.h')
| -rw-r--r-- | sys/netinet/ip_esp.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/ip_esp.h b/sys/netinet/ip_esp.h index 578764a2451..a4dc7ce5786 100644 --- a/sys/netinet/ip_esp.h +++ b/sys/netinet/ip_esp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.h,v 1.28 1999/12/31 22:19:43 itojun Exp $ */ +/* $OpenBSD: ip_esp.h,v 1.29 2000/01/09 23:42:37 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -62,6 +62,7 @@ struct esp_new struct espstat { u_int32_t esps_hdrops; /* packet shorter than header shows */ + u_int32_t esps_nopf; /* Protocol family not supported */ u_int32_t esps_notdb; u_int32_t esps_badkcr; u_int32_t esps_qfull; |