| Age | Commit message (Collapse) | Author |
|---|
|
for scoped address (unlikely due to the deployed codebase...).
|
|
into proper sockaddr_in6.
|
|
|
|
specified in this cases.
ok pb@, dhartmei@, kjell@
|
|
you can use interface names instead of an IP in most places. However, until
now, it was only expanded to the interface's first IPv4 address if existant
(and address family unset or inet) and the first IPv6 address otherwise.
this diff changes that. the interface is proper expanded to all IPs, IPv4
_and_ IPv6, now.
it also cleans up the lookup procedures (well, in fact, they are replaced by
a new one), there's no need for different procedures for IPv4 and IPv6. we
now just have one list of interfaces (AF_LINK) and one list with IPs
(AF_INET and AF_INET6) with corresponding lookup functions, ifa_exists and
ifa_lookup.
nat, rdr & friends now use the new function ifa_pick_ip to get the IP in
rules like
nat on $interface from $whatever to any -> $interface
ifa_pick_ip tries to be smart.
if the interface has only one IP address and the nat rule doesn't specify an
address family (or it matches with this address), take this one.
If the address family is specified in the nat rule and there is only one IP
for the given address family, this one is used. if the address family is not
specified and there is more than one IP pfctl throws an error. The same
applies for multiple IPs per address family.
This causes regression tests 18 and 20 to fail because the address family
isn't specified there; diff for those coming.
also fix some prototypes while I'm here.
pb@ found another problem while testing that we must have introduced somewhat
after 3.1.
$cat t
nat on ne3 from any to any -> 213.128.133.5
$pfctl -nvf t
nat on ne3 all -> ?
it's only a representation bug as far as I've checked, nontheless it should
be fixed. as a nat/rdr rule always nats/redirects to one IP only we can just
steal its target's IP af and set the rule's af accordingly. then inet_ntop
does play nice.
binat rules already enforce having an address family set always and thus are
not affected.
ok dhartmei@, pb@, kjell@
"It looks good" frantzen@
|
|
|
|
|
|
|
|
it was linked
|
|
|
|
|
|
|
|
|
|
|
|
|
|
to malloc(). opendir() requires a stable sort so we rig the compare
routine to never return 0. From Lars J. Buitinck
|
|
as far as key setups go).
|
|
corresponding enable bits... they are always on... dain bramage).
|
|
o ANSI function headers
o return (foo) not return foo
o add -oi to sendmail flags
o update email address in man pages
o make some strings const
o completely remove globbing cruft from popen.c
o whitespace changes
o add DOW_STAR to flags for "monthly", "weekly", and "daily" cron entries
|
|
the copying, initial idea is from freebsd (not fully
implemented there, apparently).
this also makes bcopy/memcpy a tiny little bit faster.
|
|
|
|
japan fix due to emperor change (1988) - 4/29 is now called greenary day,
12/23 is the new emperor's birthday.
|
|
|
|
|
|
|
|
|
|
jolan@norm.encryptedemail.net
|
|
--
Idea from: Chad Loder <cloder@acm.org> via PR 2800
Ok'd by: deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Found the hard way by pvalchev@
|
|
access to devices I/O ports from userland. Only BWX machines supported
for now. Added a man page.
Ok deraadt@, miod@.
|
|
|
|
|
|
|
|
in comments.
|
|
a) Eliminate single invocation here document functions
not_going_to_install(), congrats() by putting the here
document at the point of invocation.
b) Make (deliberately) global variables consistantly upper case and
with no leading '_'. Many variables that could be local are still
creating globals.
c) Make all get_* functions names conform to a convention of
get_<global variable name>, where the <global_variable_name>
is the global variable set by the function, or whose new
value is returned by the function.
d) Change _IFS to IFDEVS to be consistant with CDDEVS and DKDEVS,
and initialize it at the same place.
e) Handle bare '+', '-' in same place other selections are parsed
rather than in a separate case statement.
f) eliminate '[ "$var" ] || var=value' constructs with ': ${var:=value}'
constructs.
g) Rename local_sets_dir -> SETSDIR.
h) Rework logic around ftp passwords to eliminate duplications
and ensure a new password is asked for each time.
i) Some minor cosmetic adjustments.
|
|
|
|
|
|
|
|
|
|
always use the pfctl in path.
|
|
|
|
back to pfctl in path otherwise.
will save my ass sooner or later.
ok millert@, pb@
|
|
being found for install/upgrade.
|
|
From Alexander Yurchenko <grange@rt.mipt.ru>
Approved by csapuntz@ and me.
|
