- add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know

that it is not possible to use Fast IPsec in conjuction with KAME IPsec
- add available kernel options to ipsec(4)
- add reference for fast_ipsec(4) to ipsec(4)

Reviewed by: trhodes (mentor), keramida (mentor)
Approved by: keramida (mentor)

share/man/man4/fast_ipsec.4

@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 20, 2003
+.Dd August 24, 2006
 .Dt FAST_IPSEC 4
 .Os
 .Sh NAME
@@ -32,6 +32,7 @@
 .Nd hardware-accelerated IP Security Protocols
 .Sh SYNOPSIS
 .Cd "options FAST_IPSEC"
+.Cd "options IPSEC_FILTERGIF"
 .Cd "device crypto"
 .Pp
 .Bl -item -compact
@@ -69,6 +70,11 @@ This documentation concentrates on differences from that software.
 The user should refer to
 .Xr ipsec 4
 for basic information on setting up and using these protocols.
+Note that it is not currently possible to use
+.Nm
+in conjuction with the
+.Tn "KAME IPsec"
+implementation.
 .Pp
 System configuration requires the
 .Xr crypto 4
@@ -83,6 +89,12 @@ The packets can be passed to a virtual interface,
 .Dq enc0 ,
 to perform packet filtering before outbound encryption and after decapsulation
 inbound.
+.Pp
+To properly filter 
+.Xr gif 4
+tunnels with firewalls, add
+.Cd "options IPSEC_FILTERGIF"
+to the kernel configuration file.
 .Sh DIAGNOSTICS
 To be added.
 .Sh SEE ALSO

share/man/man4/ipsec.4

@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd February 14, 2006
+.Dd August 24, 2006
 .Dt IPSEC 4
 .Os
 .Sh NAME
@@ -39,6 +39,10 @@
 .In sys/types.h
 .In netinet/in.h
 .In netinet6/ipsec.h
+.Cd "options IPSEC"
+.Cd "options IPSEC_DEBUG"
+.Cd "options IPSEC_ESP"
+.Cd "options IPSEC_FILTERGIF"
 .Sh DESCRIPTION
 .Nm
 is a security protocol implemented within the Internet Protocol layer
@@ -253,6 +257,7 @@ routines from looking into the IP payload.
 .Xr ioctl 2 ,
 .Xr socket 2 ,
 .Xr ipsec_set_policy 3 ,
+.Xr fast_ipsec 4 ,
 .Xr icmp6 4 ,
 .Xr intro 4 ,
 .Xr ip6 4 ,