commit f6eb52baa944180134f8d515007da159090fa5d2
from: smytht <smytht@users.noreply.github.com>
via: GitHub <noreply@github.com>
date: Fri Aug 11 09:58:05 2023 UTC

BUG-FIX Update sysctl.c to fix no ip ipsec-pfs command bug

Update sysctl.c to fix no ip ipsec-pfs command bug

ip ipsec-pfs 
and 
no ipipsec-pfs 
were broken and not having an effect on 
the 
net.inet.ip.ipsec-pfs

commit - e071ad386d88cfe4c5303487dabdbbac64e3ddcd
commit + f6eb52baa944180134f8d515007da159090fa5d2
blob - 304486bddec2e83fb32f5f1a1027947431f07cf7
blob + b987820def6eb3b7bc042da908ed72a34ef6a2fb
--- sysctl.c
+++ sysctl.c
@@ -146,7 +146,7 @@ struct ipsysctl ipsysctls[] = {
 { "ipsec-firstuse",	{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_FIRSTUSE, MIB_STOP, 0}, DEFAULT_IPSEC_FIRSTUSE, 0 },
 { "ipsec-soft-firstuse",{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_SOFT_FIRSTUSE, MIB_STOP, 0}, DEFAULT_IPSEC_SOFT_FIRSTUSE, 0 },
 { "ipsec-invalid-life",	{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_EMBRYONIC_SA_TIMEOUT, MIB_STOP, 0}, DEFAULT_IPSEC_INVALID_LIFE, 0 },
-{ "ipsec-pfs",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_REQUIRE_PFS, MIB_STOP, 0 },	1, 0 },
+{ "ipsec-pfs",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_REQUIRE_PFS, MIB_STOP, 0 },	0, 0 },
 { "portfirst",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_FIRSTAUTO, MIB_STOP, 0 },	DEFAULT_PORTFIRST, 0 },
 { "portlast",		{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_LASTAUTO, MIB_STOP, 0 },   DEFAULT_PORTLAST, 0 },
 { "porthifirst",	{ CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPPORT_HIFIRSTAUTO, MIB_STOP, 0 }, DEFAULT_PORTHIFIRST, 0 },