Age | Commit message (Collapse) | Author |
|
vlan link0 was replaced with IFCAP_VLAN_HWTAGGING in 2001.
prompted by a mail from Insan Praja. ok deraadt@
|
|
|
|
ifconfig <if> inet6 used to print all inet6 addresses, and last not least
the installer relies on that behaviour. so don't. to turn inet6 on again
you have to assign any inet6 address or run rtsol.
nobody happy about this asymmetry, but that is the best we could come up
with for now.
|
|
|
|
sync peers are able to get the states before the replies. previously there
was a race where the reply could hit a partner firewall before it had the
state for it, which caused the reply to get processed by the ruleset which
probably would drop it.
this behaviour is off by default because it does delay packets, which is
only wanted in active-active firewalls or when an upstream router is slow
to learn that you're moved the active member of the pfsync cluster. it also
uses memory keeping the packets in the kernel.
use "ifconfig pfsync0 defer" to enable it, "ifconfig pfsync0 -defer" to
disable.
tested by sthen@ who loves it. he's got manpage changes coming up for me.
|
|
ok claudio@
|
|
|
|
|
|
|
|
inet6/-inet6
|
|
ifconfig em0 -inet6
deletes all v6 addresses including link-local and prevents new ones from
being added.
ifconfig em0 inet6 <addr>
re-enables v6, brings the link local back and adds optional <addr>
ok theo reyk
|
|
ok sthen
|
|
Tested by many, thanks.
Put it in" deraadt@
|
|
by damien;
|
|
networks in the wpapsk section of the page.
ok deraadt@ henning@
|
|
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.
discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@
|
|
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.
|
|
and fix typo while here.
ok canacar@
|
|
|
|
OK deraadt@
|
|
|
|
OK brad@
|
|
immediately obvious from reading the main text or the wireless pages;
i killed the "ifconfig gif1 destroy" example to do this, since i want to
keep EXAMPLES relatively short, and we already provide an example of
how to create an interface;
|
|
|
|
|
|
initial getinfo(), and remove a few superfluous warnings there.
ok deraadt@
|
|
(I am sure jmc will make this even betterer)
|
|
flows export data gathered from pf states.
initial implementation by Joerg Goltermann <jg@osn.de>, guidance and many
changes by me. 'put it in' theo
|
|
|
|
|
|
- chan argument is n, not id
|
|
argument after that command, check if it is a keyword, and if it is,
that means the original command really has no argument. Get it?
Now.. replace -m with media (no options), and -M with chan (no options).
Try 'ifconfig -a media chan' on a wireless & ethernet machine after this.
ok henning, reyk, thanks for the comments from others
|
|
|
|
|
|
ok mbalmer@
|
|
Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.
OK deraadt@
|
|
|
|
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4).
This is still work in progress. Tested with a HP ProCurve 3500.
OK reyk@
|
|
even the unicast address of the remote carp peer. this especially
helps when the multicast carp advertisements are causing problems in
the network (some crappy switches don't do well with multicast), there
are conflicts with VRRP, or the policy of the network does not allow
multicast (most Internet eXchange points didn't allow carped OpenBGP
routers because of the multicast advertisements).
discussed with many
ok mpf@
|
|
as host byte order in userland. ifconfig didn't get this and always printed
the pfsync syncpeer on little endian machines because the check to prevent
printing the default address assumed the wrong byte order.
ok claudio@ rainer@
|
|
|
|
|
|
in ifconfig(8). The man pages reference mpls(8) which doesn't exist,
but claudio promises it will follow shortly.
a thumb up and ok from claudio@
|
|
in progress and some bits need to be cleaned up but will be in-tree for
convenience.
ok claudio@, norby@
|
|
|
|
pointed out by drahn@
|
|
- one more passphrase tweak
|
|
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@
ok deraadt@
|
|
ok mpf@, chl@
"i agree with the diagnosis" oga@
|
|
based on a diff originally from bsd openbsd rutgers edu
|