| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok deraadt
|
|
Lifetimes are extended from router advertisements within these limits.
From weerd@
|
|
i replaced the suggested Cm/Ql mix with simple Dq;
|
|
ifconfig(8)'s TRUNK (LINK AGGREGATION) nicely combines the two drivers, so
omit common stuff from the drives specific manuals.
This aids in the overall design of having options documented in ifconfig(8)
alone unless they're inherently driver specific, e.g. "trunkproto" which
stays in trunk(4).
OK jmc
|
|
|
|
Reminded by jmc
|
|
Add missing TPMR section to ifconfig(8) by moving the commands from the
driver's manual to it (copy/paste) and document the ioctl(2) interface in
tpmr(4).
Indenting tpmr's first EXAMPLE while here; from jmc.
OK jmc
|
|
Complete the synopsis while here.
Feedback OK jmc
|
|
|
|
|
|
|
|
|
|
|
|
note that this links ifconfig with libcrypto to get at base64
encoding and decoding routines. im looking at an alternative way
to do that, so hopefully this is temporary.
secondly, note that all the wireguard stuff is under ifndef SMALL,
so the special build of ifconfig for install media does include
wireguard support, and also does not need libcrypto.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
|
This flag restricts a wireless driver to MCS0 - MCS7 for both transmission
and reception. It can be set to work around packet loss in 11n mode caused
by unused antenna connectors on a MIMO-capable wireless network device.
man page tweak from tracey@
ok deraadt@
|
|
|
|
ok kevlo@
|
|
ok jmc deraadt
|
|
ok mlarkin
|
|
for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.
People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn
|
|
|
|
|
|
ifconfig set/unset it.
ok deraadt@ kmos@
|
|
sense on "join" lines;
|
|
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
|
list of ioctls in bridge(4).
OK ccardenas@ kn@ phessler@
|
|
|
|
|
|
|
|
|
|
only two older cards currently attempt to set this, and it
should not be neccessary anyway;
i've added in a some (commented) info to explain this;
discussed with and ok stsp
|
|
disable this), and provide a little more info on "duration";
some driver-specific notes hopefully to follow...
help/ok stsp
|
|
|
|
|
|
instead of an mpe and mpw section, have an MPLS section that talks
about mpe, mpw, and mpip.
|
|
if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
|
|
|
|
|
|
|
|
|
0 and 4095 are reserved IDs as per 802.1Q and vlan(4), setting them will
fail.
OK denis
|
|
OK stsp@
|
|
from Callum R. Davies, ok jmc@
|
|
|
|
The trunk driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only
has options for LACP:
* Mode - Active or Passive (default Active)
* Timeout - Fast or Slow (default Slow)
* System Priority - 1(high) to 65535(low) (default 32768/0x8000)
* Port Priority - 1(high) to 65535(low) (default 32768/0x8000)
* IFQ Priority - 0 to NUM_QUEUES (default 6)
At the moment, ifconfig only has options for lacpmode and lacptimeout
plumbed as those are the immediate need.
The approach taken for the options was to make them on a "trunk" vs a
"port" as what's typically seen on various NOSes (JunOS, NXOS, etc...)
as it's uncommon for a host to have one link "Passive" and the other
"Active" in a given trunk.
Just like on a NOS, when applying lacpmode or lacptimeout, the settings
are immediately applied to all existing ports in the trunk and to all
future ports brought into the trunk.
Tested by many on a plethora of NIC drivers and switches.
Ok remi@
|
|
|
|
Due to the way the parsing works, you cannot have an option that
accepts strings as argument or no argument, without side effects: for
example "join <nwid>" could only join networks that did not have a
nwid identical to another ifconfig option, i.e. "join mtu" or "join
join" would not work.
Solve this by making join always require an nwid. Listing all the
configured nwids for auto-join is moved to the new option "joinlist".
Removing _all_ auto-join configuration is moved to "-joinlist".
deraadt@ likes it and ok phessler@ stsp@
|
|
ok phessler@
|
|
|
