diff options
Diffstat (limited to 'share/man/man4/ipsec.4')
| -rw-r--r-- | share/man/man4/ipsec.4 | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/share/man/man4/ipsec.4 b/share/man/man4/ipsec.4 index c5c9ed863385..9fd6207c2f14 100644 --- a/share/man/man4/ipsec.4 +++ b/share/man/man4/ipsec.4 @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 6, 2017 +.Dd March 4, 2025 .Dt IPSEC 4 .Os .Sh NAME @@ -182,7 +182,7 @@ is synonymous with which requires that a security association must exist for the packets to move, and not be dropped. These terms are defined in -.Xr ipsec_set_policy 8 . +.Xr ipsec_set_policy 3 . .Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx .It Sy "Name Type Changeable" .It "net.inet.ipsec.esp_trans_deflev integer yes" @@ -239,6 +239,7 @@ for tweaking the kernel's IPsec behavior: .It "net.inet.ipsec.debug integer yes" .It "net.inet.ipsec.natt_cksum_policy integer yes" .It "net.inet.ipsec.check_policy_history integer yes" +.It "net.inet.ipsec.random_id integer yes" .It "net.inet6.ipsec6.ecn integer yes" .It "net.inet6.ipsec6.debug integer yes" .El @@ -298,6 +299,9 @@ have been decrypted and authenticated. If this variable is set to a non-zero value, each packet handled by IPsec is checked against the history of IPsec security associations. The IPsec security protocol, mode, and SA addresses must match. +.It Li ipsec.random_id +Enables randomization of encapsulated IPv4 packets ID. +By default, ID randomization is not enabled. .El .Pp Variables under the @@ -333,8 +337,8 @@ routines from looking into the IP payload. .Xr ipsec_set_policy 3 , .Xr crypto 4 , .Xr enc 4 , -.Xr if_ipsec 4 , .Xr icmp6 4 , +.Xr if_ipsec 4 , .Xr intro 4 , .Xr ip6 4 , .Xr setkey 8 , |