[src/trunk]: src/share/man/man4 describe more sysctl variables.

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c09ef79b42df
branches:  trunk
changeset: 487879:c09ef79b42df
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Jun 14 13:06:30 2000 +0000

description:
describe more sysctl variables.

diffstat:

 share/man/man4/ipsec.4 |  68 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 66 insertions(+), 2 deletions(-)

diffs (82 lines):

diff -r ea912340f0af -r c09ef79b42df share/man/man4/ipsec.4
--- a/share/man/man4/ipsec.4    Wed Jun 14 12:36:11 2000 +0000
+++ b/share/man/man4/ipsec.4    Wed Jun 14 13:06:30 2000 +0000
@@ -1,5 +1,5 @@
-.\"    $NetBSD: ipsec.4,v 1.8 2000/06/14 12:36:11 itojun Exp $
-.\"    $KAME: ipsec.4,v 1.11 2000/06/14 12:35:02 itojun Exp $
+.\"    $NetBSD: ipsec.4,v 1.9 2000/06/14 13:06:30 itojun Exp $
+.\"    $KAME: ipsec.4,v 1.12 2000/06/14 13:05:29 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 .\" All rights reserved.
@@ -173,6 +173,70 @@
 .It net.inet6.ipsec6.def_policy        integer yes
 .El
 .\"
+.Ss Miscellaneous sysctl variables
+The following variables are accessible via
+.Xr sysctl 8 ,
+for tweaking kernel IPsec behavior:
+.Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx
+.It Sy Name    Type    Changeable
+.It net.inet.ipsec.inbound_call_ike    integer yes
+.It net.inet.ipsec.ah_cleartos integer yes
+.It net.inet.ipsec.ah_offsetmask       integer yes
+.It net.inet.ipsec.dfbit       integer yes
+.It net.inet.ipsec.ecn integer yes
+.It net.inet.ipsec.debug       integer yes
+.It net.inet6.ipsec6.inbound_call_ike  integer yes
+.It net.inet6.ipsec6.ecn       integer yes
+.It net.inet6.ipsec6.debug     integer yes
+.El
+.Pp
+The variables are interpreted as follows:
+.Bl -tag -width "123456"
+.It Li ipsec.inbound_call_ike
+Obsolete.
+.It Li ipsec.ah_cleartos
+If set to non-zero, the kernel clears type-of-service field in the IPv4 header
+during AH authentication data computation.
+The variable is for tweaking AH behavior to interoperate with devices that
+implement RFC1826 AH.
+It should be set to non-zero
+.Pq clear the type-of-service field
+for RFC2402 conformance.
+.It Li ipsec.ah_offsetmask
+During AH authentication data computation, the kernel will include
+16bit fragment offset field
+.Pq including flag bits
+in IPv4 header, after computing logical AND with the variable.
+The variable is for tweaking AH behavior to interoperate with devices that
+implement RFC1826 AH.
+It should be set to zero
+.Pq clear the fragment offset field during computation
+for RFC2402 conformance.
+.It Li ipsec.dfbit
+The variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation.
+If set to 0, DF bit on the outer IPv4 header will be cleared.
+1 means that the outer DF bit is set regardless from the inner DF bit.
+2 means that the DF bit is copied from the inner header to the outer.
+The variable is supplied to conform to RFC2403 chapter 6.1.
+.It Li ipsec.ecn
+If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will
+be friendly to ECN
+.Pq explicit congestion notification ,
+as documented in
+.Li draft-ietf-ipsec-ecn-02.txt .
+.Xr gif 4
+talks more about the behavior.
+.It Li ipsec.debug
+If set to non-zero, debug messages will be generated via
+.Xr syslog 3 .
+.El
+.Pp
+Variables under
+.Li net.inet6.ipsec6
+tree has similar meaning as the
+.Li net.inet.ipsec
+counterpart.
+.\"
 .Sh PROTOCOLS
 The
 .Nm