From c68eed82a3dcadf0c826e9e150f59769f4c44f24 Mon Sep 17 00:00:00 2001
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Wed, 24 Apr 2024 13:36:43 -0700
Subject: accf_tls: accept filter that waits for TLS handshake header

---
 sys/conf/NOTES   | 1 +
 sys/conf/files   | 1 +
 sys/conf/options | 1 +
 3 files changed, 3 insertions(+)

(limited to 'sys/conf')

diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index cdeee4eb7fd6..216a96c2073c 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -1066,6 +1066,7 @@ options 	MBUF_PROFILING
 options 	ACCEPT_FILTER_DATA
 options 	ACCEPT_FILTER_DNS
 options 	ACCEPT_FILTER_HTTP
+options		ACCEPT_FILTER_TLS
 
 # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are
 # carried in TCP option 19. This option is commonly used to protect
diff --git a/sys/conf/files b/sys/conf/files
index 59d99b9f832b..29c02a503027 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -4299,6 +4299,7 @@ netgraph/ng_vlan_rotate.c	optional netgraph_vlan_rotate
 netinet/accf_data.c		optional accept_filter_data inet
 netinet/accf_dns.c		optional accept_filter_dns inet
 netinet/accf_http.c		optional accept_filter_http inet
+netinet/accf_tls.c		optional accept_filter_tls inet
 netinet/if_ether.c		optional inet ether
 netinet/igmp.c			optional inet
 netinet/in.c			optional inet
diff --git a/sys/conf/options b/sys/conf/options
index 4e9d8a5b0741..fcab21ad7e78 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -425,6 +425,7 @@ ISP_FCTAPE_OFF		opt_isp.h
 ACCEPT_FILTER_DATA
 ACCEPT_FILTER_DNS
 ACCEPT_FILTER_HTTP
+ACCEPT_FILTER_TLS
 ALTQ			opt_global.h
 ALTQ_CBQ		opt_altq.h
 ALTQ_CDNR		opt_altq.h
-- 
cgit v1.2.3