Age | Commit message (Collapse) | Author |
|
|
|
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
rc.conf.local to utilize this feature.
OK deraadt@
|
|
- show a demo of a strong random string for psk, for some types of
configuration psk makes sense. the previous example hinted at.not
using it.
- change the EAP MSCHAPv2 example so that more than one client can
connect (previous used address config but with only a single address not
a pool), and use the newer keywords to show how to route all traffic
from dynamic-ip clients over the tunnel
ok tobhe@
|
|
|
|
|
|
|
|
|
|
|
|
OK deraadt@
|
|
|
|
|
|
ok deraadt@ miod@
|
|
is now garbled, and in the future xonly univirse you'll have poor success
downloading it or libc to know where gadgets are.
ok djm
|
|
|
|
ok yasuoka@
|
|
Otherwise it will unconditionally print an empty line in case relinking
is disabled.
Reported by kettenis
Feedback OK tb
OK florian
|
|
|
|
While netstart is busy setting up the network and waiting for a
default route we can already start with reordering libraries since
this does not depend on running network, speeding things up.
Idea & input deraadt
Input & OK kn
|
|
Reported by Andreas Bartelt on bugs@
|
|
vifscreate() always creates all virtual interfaces up-front.
To check whether a given interface exists, ifstart() uses ifcreate()
which tries to create nonexistent ones.
Virtual ones are guaranteed to be present and physical ones cannot be
created, so replace the ifcreate() call with a simpler ifconfig test and
clarify the comment.
OK martijn afresh1
|
|
|
|
When needed, lladdr is more precise and enduring.
Suggested by deraadt@
Many improvments and OK kn@
|
|
Original implementation by martijn@
Feedback and suggestions from kn@, sthen@, claudio@, florian@, and deraadt@.
ok deraadt
|
|
|
|
When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time. For my example, my G4
PowerMac booting from USB 1.1 takes a full minute to reorder the
libraries.
Let's print the name of each library before it is relinked. This
gives the operator a better sense of what the machine is doing. In
particular, it signals to the operator that the machine did not hang.
With input from kn@, deraadt@. Positive feedback from sthen@.
Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2
ok kn@
|
|
|
|
Noticed by kn@
ok millert@
|
|
|
|
ok kn@ deraadt@
|
|
ok kn@ deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
Possible now that IP6KERNERL is hoisted.
This also improves readability and zaps double negation logic.
|
|
1. only do so when running without -n
2. move code to own wait_dad() helper like wait_autoconf_default() has it
3. use local _count as usual in both functions rather than the global count
Feedback OK claudio
|
|
Keep adding IPv6 routes after lo0 got an addres like before, meant to be
committed together with r1.223.
|
|
sys/netinet6/in6_ifattach.c r1.114 limited it to SLAAC addresses in 2019.
|
|
The mixed use of upper and lower case variables is neither obvious nor
consistent.
PRINT_ONLY is local to netstart.
ip6kernel is local to netstart.
multicast gets sourced from rc.subr(8).
1. uppercase ip6kernel as is common for global variables in base scripts
2. use the simpler true/false idiom and default with the rest of
netstart-only variables, making it clearer that only `multicast=YES/NO'
comes from the rc environment
3. hoist kernel feature detection such that a later diff can load the SOII
key conditionally
4. zap obvious comment
OK aja
|
|
If there is no default route but some interface has AUTOCONF, printing
what would be done still waits for... nothing to happen.
OK tb
|
|
Contrary to other scripts in base like rc.d(8) or MAKEDEV(8), netstart(8)
itself is not executable and must be passed as file to sh(1):
$ man -h netstart
/etc/netstart [-n] [interface ...]
$ /etc/netstart
ksh: /etc/netstart: cannot execute - Permission denied
Fix usage and synopsis to provide required usage:
$ man -h netsart
sh /etc/netstart [-n] [interface ...]
OK jmc
|
|
From Brad
|
|
ok phessler
|
|
|
|
interferes with programs using shm_open(3) which uses them as backing
files.
Problem pointed out by jeremy@ in relation to PostgreSQL.
Suggestion/ok tb@.
|
|
prodded by jsg@
|
|
OK florian
|
|
OK florian
|
|
OK solene
|