| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok otto@
|
|
domain 0.
OK phessler, henning, deraadt, stsp, benno
|
|
ok benno@
|
|
Diff from jsg, ok millert, benno
|
|
|
|
"vnetflowid" enables it on an interface, and "-vnetflowid" disables it.
a vnetid will be suffixed with + on the encap line if it an interface
reports that it is enabled.
|
|
solve that. Prevents bus error on armv7. ok naddy@ florian@
|
|
|
|
ifconfig will output "nodf" or "df" on tunnel interfaces that support
the ioctl., and accepts "tunneldf" and "-tunneldf" as options to
try and configure it.
|
|
ok millert
|
|
|
|
the interface's address and thus the cached configuration data becomes
invalid and must be discarded.
Issue found & fix tested by Christer Solskogen. Thanks!
|
|
name does not cause the lease to be rejected. It just causes the
containing option or field to be ignored.
|
|
Mkae 'ignore', 'request' and 'require' cumulative so all
options don't have to be jammed into one line.
|
|
OK naddy, sthen
|
|
OK naddy, sthen
man page bits input & OK jmc
|
|
strings.
this was part of a demo showing how to implement the kernel side of
sysctl(3) for setting Semantically Opaque Interface Identifier key
material (for RFC 7217), but it seems to be the most straightforward
path toward integrating soiikey handling and rc.
Originally written by dlg, who commited it some time ago on my request.
I then backed it out again, now it's time to put it back in.
ok florian@ sthen@ naddy@ tb@
Man page bits tweaked & OK jmc
|
|
to go_daemon() while waiting for the RTM_IFINFO message.
Problem spotted by Holger Mikolon.
|
|
Required by and ok otto@, ok jmc@
|
|
tunnelttl now accepts "copy" as an argument, and prints "copy" when
it sees -1.
ok claudio@
|
|
|
|
Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.
Members can be part of multiple protected domain making it possible to
create complex protected setups.
ok ccardenas@, claudio@, dlg@, henning@
|
|
syncookies are set to adaptive tunable, ok claudio benno
|
|
fix the accounting for the interval since we started the
process of getting a lease.
Fixes the 'no lease ... got lease' messaging at a minimum.
|
|
of a more appropriate place. ok claudio benno procter
|
|
compare that to the offered proposal to determine if there are any
changes to configure. Simpler, and fixes issue where using a recorded
lease meant the interface was continually being configured with the
same information.
|
|
|
|
into a function tick_msg(). Now both work the same way,
dot dot dotting as time passes until they 'sleep'.
Tested by tb@ as part of a larger diff.
|
|
to decide between unicast and broadcast for REQUEST.
|
|
the renewal time is in the past wait retry_interval before
trying to renew the lease.
|
|
messages with interface name.
Spotted by & ok tb@
|
|
behaviour.
Always go daemon after link_timeout seconds and complete lease
negotiations in the background if necessary. No hanging around in the
foreground for the full 64 seconds waiting for a server to appear.
Log a more relevant message when a default route can't be obtained via
RTM_GET. i.e. "no default route" rather than "No such process".
-q -> -v ok mpi@
|
|
dhclient was started with '-d'. Move the "yielding responsibility"
message to log_debug(). Stop logging duplicate "bound to ..."
messages now that one is guaranteed to be present when the address is
first bound. Thins out logs. Especially if you run with '-q'.
|
|
|
|
link status changes. Simplifies some logic.
|
|
|
|
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno
|
|
ok jca@ tb@
|
|
Requring WPA to be enabled separately via 'ifconfig if0 wpa' was confusing.
ok mlarkin phessler mpi
|
|
Ensures that we can use the check if the system clock is set backwards.
While here, move time retrieval into the child process in start_getty(),
and only get the time if se_started has been set.
ok millert@ tb@
|
|
This gives us more flexibilty for negotiating with other IKEv2 setups.
Tested by and ok sthen@
|
|
either the server IP/MAC or the name of the leases file.
Prompted by phessler@ and landry@ feedback to another diff.
ok phessler@
|
|
messages at startup. Reproducible situation found on
vnet(4) and fix tested by jca@.
|
|
instead of #if DEBUG.
|
|
appropriately. Fixes '-q' logging oddities.
Prompted by phessler@ plea for '-v'-like behaviour rather
than putting everything under DPRINTF()'s.
|
|
appropriate function to process a packet.
|
|
relevant.
|
|
#ifdef DEBUG/#endif blocks.
Suggestions on correct idiom (C99 vs gcc) from millert@
ok tom@
|
|
-- renewal in 300000 seconds" becomes simply "em0: bound to 1.2.3.4"
While here avoid setting timeouts before the current time.
ok florian@
|
