summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
- queue packets from pf(4) to a userspace application - reinject packets from the application into the kernel stack. The divert socket can be bound to a special "divert port" and will receive every packet diverted to that port by pf(4). The pf syntax is pretty simple, e.g.: pass on em0 inet proto tcp from any to any port 80 divert-packet port 1 A lot of discussion have happened since my last commit that resulted in many changes and improvements. I would *really* like to thank everyone who took part in the discussion especially canacar@ who spotted out which are the limitations of this approach. OpenBSD divert(4) is meant to be compatible with software running on top of FreeBSD's divert sockets even though they are pretty different and will become even more with time. discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@ tested by reyk@ and myself ok reyk@ claudio@ beck@ manpage help and ok by jmc@
2009-10-04When IKE is operating in dynamic mode and no srcid is given, the hostnameJoel Sing
is used as the srcid, however the srcid type is not specified. Rectify this by explicitly setting the srcid type to FQDN after successfully retrieving the hostname. This worked prior to the addition of IPV4_ADDR/IPV6_ADDR support since get_id_type() returned ID_FQDN even when presented with a null pointer. Issue reported by Mikolaj Kucharski.
2009-10-01There is no -F flag, it is -f; spotted by tasm.devil@googlemailTheo de Raadt
2009-09-29sort usage();Jason McIntyre
2009-09-28add -S and -L options to store and load the pf state table from a file.David Gwynne
inspired by the short reboot times on an rb600a provided by stephan rickauer. testing and bugfixing by sthen@ ok mcbride@ sthen@
2009-09-27Build on armish. Since wsconscfg is built on palm build wsconsctl too. -mojMats O Jansson
2009-09-27Show fbinfo if it exists. ok mglocker@ -mojMats O Jansson
2009-09-15also ignore boundaries when checking if the disklabel was modified when -eFederico G. Schwindt
is used. discussed and ok krw@
2009-09-14Switch get_linkstate() to use the new LINK_STATE_DESCRIPTIONS insteadClaudio Jeker
of the if_media dance. Simplifies the code nicely. OK henning, sthen, michele, deraadt
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
Sorry.
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
- queue packets from pf(4) to a userspace application - reinject packets from the application into the kernel stack. The divert socket can be bound to a special "divert port" and will receive every packet diverted to that port by pf(4). The pf syntax is pretty simple, e.g.: pass on em0 inet proto tcp from any to any port 80 divert-packet port 8000 test, bugfix and ok by reyk@ manpage help and ok by jmc@ no objections from many others.
2009-09-07implement binat-to as a macro-like rule: a rule using the new binat-toReyk Floeter
syntax will be expanded by the parser to a nat-to+rdr-to combination to be loaded into the kernel. this simplifies the migration from old binat rules and is less error-prone. feedback from many, manpage bits from jmc@ ok henning@
2009-09-03remove -N from usage();Jason McIntyre
2009-09-03this time i commit the right diff that wasReyk Floeter
ok henning@ (sorry)
2009-09-03fix two route-to vs. rdr-to conflicts.Reyk Floeter
found by sthen@ ok henning@
2009-09-03remove NAT specific command line optionsPeter Hessler
noticed by Wiktor Izdebski OK henning@
2009-09-02all the new *-to options are part of the "filteropts" section at theReyk Floeter
end of a pf rule (nat-to, divert-to, rdr-to, ...). take the historical chance to upgrade the grammar and move the route options to the filteropts section as well. for example, pass in on em0 route-to (em1 192.168.1.1) from 10.1.1.1 becomes pass in on em0 from 10.1.1.1 route-to (em1 192.168.1.1) many people like this including pyr@ mk@ kettenis@ todd@ and others ok henning@
2009-09-01the diff theo calls me insanae for:Henning Brauer
rewrite of the NAT code, basically. nat and rdr become actions on regular rules, seperate nat/rdr/binat rules do not exist any more. match in on $intf rdr-to 1.2.3.4 match out on $intf nat-to 5.6.7.8 the code is capable of doing nat and rdr in any direction, but we prevent this in pfctl for now, there are implications that need to be documented better. the address rewrite happens inline, subsequent rules will see the already changed addresses. nat / rdr can be applied multiple times as well. match in on $intf rdr-to 1.2.3.4 match in on $intf to 1.2.3.4 rdr-to 5.6.7.8 help and ok dlg sthen claudio, reyk tested too
2009-08-21remove the ``;'' at the end of INDENT() macro definition usingAlexandre Ratchov
the ``do { ... } while (0)'' construct. ok henning, from Frederic Culuot <frederic _at_ culot.org>
2009-08-15remove superfluous .Ar macro before ellipsis.Igor Sobrado
2009-08-13remove description of link0 for vlan interfaces; this part missed whenStuart Henderson
vlan link0 was replaced with IFCAP_VLAN_HWTAGGING in 2001. prompted by a mail from Insan Praja. ok deraadt@
2009-08-12Crank the /usr sizes in the large configurationTheo de Raadt
ok krw otto
2009-08-12Add support for SENSOR_WATTS.Mark Kettenis
ok deraadt@, oga@
2009-08-09document fat permissions a little better, based on some notes from martynasJason McIntyre
feedback/ok sobrado martynas
2009-08-07sets modes for dirs; too. ok sobrado@ & jmc@.Martynas Venckus
2009-08-07if buffers overlap; result will be undefined. ok claudio@, michele@Martynas Venckus
2009-08-07move editor_allocspace & mpsave out to extern.h so that disklabel.cMartynas Venckus
gets the declarations it uses. ok krw@
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
given as an IPv4 or IPv6 address, rather than treating the IP address as a FQDN. ok hshoexer@ markus@ todd@
2009-07-31Allow hotspares to be added to bio devices rather than requiring an sdJoel Sing
device. "Yeah!" marco@
2009-07-31bioctl.8 should not try to keep track of all devices which can use it;Jason McIntyre
ok marco cnst
2009-07-30Xr cac(4) && mpi(4); ok marcoConstantine A. Murenin
2009-07-28Bring back rev. 1.560:Claudio Jeker
Make it possible to use DiffServ Code Point in the TOS fields. Requested by deraadt@
2009-07-27When will people learn to commit their .h file changes?Theo de Raadt
2009-07-27As is already the case for ffs, do not allow creation of msdos file systemsAlexander Hall
on block devices ok marco@
2009-07-27Make it possible to use DiffServ Code Point in the TOS fields. Names likeClaudio Jeker
af11, cs6 and ef will now be mapped to the coresponding TOS value. OK henning@, sthen@, mcbride@
2009-07-27add a section on automatic disk allocation, to give an idea ofJason McIntyre
how -A and A will carve up your disk; help/ok krw deraadt
2009-07-24properly sanitize the default value in ask_num(...)Alexander Hall
2009-07-23Always print interface names, not just ifindex, even when -n isStuart Henderson
specified. Most people want -n to avoid reverse DNS lookups, and it's stupid not to print a useful interface name just for that. YES PLEASE! Ok claudio@
2009-07-23Only print unknown in RTM_IFINFO messages when the link is inClaudio Jeker
LINK_STATE_UNKOWN. In the other case use LINK_STATE_IS_UP() to print either "up" or "down". OK henning@, sthen@
2009-07-19if variable has a NOAUTO flag set; skip printing.Martynas Venckus
requested & diff tested by david@ ok miod@
2009-07-19use addr_eq() where we can; ok krw@Kevin Steves
2009-07-15now that set print is in one place; it is possible to suppress varMartynas Venckus
making n flag work as expected for set. ok miod@
2009-07-15for rw query and print value that has actually been set in theMartynas Venckus
similar way that mixerctl does. so that info for setting things like brightness makes sense (since we scale, like, 8 values to per-cent). also, it consistifies get/put, shrinks code since we don't need to do that in every single 'driver'. ok miod@
2009-07-09repair -xHenning Brauer
since all this stuff is transactional now we need to wrap that into DIOCXBEGIN/COMMIT. bad henning forgot to commit this chunk at c2k9
2009-07-03Add a wsdisplay type for an upcoming driver for the Sun XVR-100 framebuffer.Mark Kettenis
ok deraadt@
2009-06-27Mark MPLS routes with T (tagged) in route output.Michele Marchetto
suggested by dlg@, ok claudio@, laurent@, blambert@
2009-06-26since nitems() is not yet fit for userland consumption, provide itTheo de Raadt
ourselves ok krw
2009-06-25Add a missing RTM_VERSION check.Claudio Jeker
Tested and OK sthen@, OK henning@
2009-06-25Add missing RTM_VERSION check. This is needed before accessing other dataClaudio Jeker
from routing messages retrieved via routing socket or sysctl. Tested and OK sthen@, OK henning@
2009-06-25Document how to add static MPLS labels.Michele Marchetto
input jmc@, ok claudio@