Project

General

Profile

Actions

Todo #5370

closed

Review usage of IPsec-related sysctl OIDs in GUI and backend code

Added by Jim Pingle almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
11/03/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

2.3 will have less sysctl OIDs with the various changes made to FreeBSD along the way. We need to review the sysctls modified by the IPsec code in various places (e.g. /etc/inc/vpn.inc) to make sure they still exist or are necessary. In particular, net.inet.ip.ipsec_in_use and net.inet.ip.fastforwarding should not be present or used on 2.3

Actions #1

Updated by Luiz Souza almost 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

2.3 code was reviewed, no further use cases were found.

Actions #2

Updated by Chris Buechler almost 6 years ago

  • Status changed from Feedback to Assigned

I removed fastforwarding from config upgrade code. Looks like that was the last remnant of these.

We need config upgrade code to unset $config['sysctl']['item'][x]['tunable'] = "net.inet.ip.fastforwarding"
to remove it from upgraded configs.

Actions #3

Updated by Luiz Souza almost 6 years ago

  • Status changed from Assigned to Resolved

Added the upgrade code to unset "net.inet.ip.fastforwarding" when necessary.

fe4b5548

Actions

Also available in: Atom PDF