| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-11-28 | do not re-add existing entries; ok hshoexer | Markus Friedl | |
| 2006-11-28 | fix servicecurve check; no point in checking the same sc three times, it | Henning Brauer | |
| was obviously intended to check all three. has been wrong since the beginning, 4 years... noticed by Earl Lapus <earl.lapus@gmail.com>, Vasil Dimov <vd@FreeBSD.org> mailed me then, ok mcbride | |||
| 2006-11-27 | correct comment | Kevin Steves | |
| 2006-11-27 | Recognize when we are sending to a unicast destination IP address and | Kevin Steves | |
| instead of using BPF, which currently will always set the destination MAC to broadcast, send using a SOCK_RAW socket and sendmsg() so the frame has a unicast destination MAC. Fixes an issue when using a bootp forwarder where unicast DHCPREQUESTs are dropped at the router/gateway until we reach T2/REBINDING and change the destination IP to broadcast. ok henning@ (but doesn't like using a raw socket for this) | |||
| 2006-11-27 | remove invalid comment | Kevin Steves | |
| 2006-11-26 | repair missing DPADD requests | Theo de Raadt | |
| 2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
| phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
| 2006-11-24 | fix typo for remote port; from Brian Candler | Markus Friedl | |
| 2006-11-22 | sync dhclient and dhcpd parse.c areas where we can. | Kevin Steves | |
| mainly formatting, whitespace; ok henning@ | |||
| 2006-11-22 | fix some warning messages and comments in parse_date(); ok henning@ | Kevin Steves | |
| 2006-11-21 | remove spurious ; after bracket, no binary change | Kevin Steves | |
| 2006-11-21 | remove unused #defines, no binary change; ok henning@ | Kevin Steves | |
| 2006-11-21 | do not delete sections that might be shared with other connections | Markus Friedl | |
| however, this workaround might leak config entries in isakmpd; ok (for now) hshoexer | |||
| 2006-11-21 | introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). | Jun-ichiro itojun Hagino | |
| deraadt ok. manpage nit by jmc. | |||
| 2006-11-21 | re-order includes and eliminate duplicates, no binary change; ok henning@ | Kevin Steves | |
| 2006-11-20 | -K argument to kill source tracking nodes explicitly, behaves like the | Ryan Thomas McBride | |
| -k argument for killing states; From Berk D. Demir <bdd@mindcast.org> ok dhartmei henning | |||
| 2006-11-20 | knf: sizeof x -> sizeof(x) | Jun-ichiro itojun Hagino | |
| 2006-11-19 | Default snaplen has been 116 for a while now. | Joel Knight | |
| 2006-11-19 | Try DIOCGPDINFO before DIOCGDINFO when trying to determine the 'label' | Kenneth R Westerback | |
| geometry for a unit. DIOCGPDINFO avoids using the on-disk label or the cached copy of it and returns a 'spoofed' label that retains the geometry info placed in the label by the driver. Unfortunately DIOCGPDINFO is not universally implemented, though sd and wd do. This is what disklabel(8) does when it wants geometry so this makes fdisk a bit more consistant with disklabel. This fixes 'fdisk -i' and 'reinit' when trying to install from a miniroot on, e.g., landisk. i.e. no need to zero out the disklabel before doing 'fdisk -i'. 'get it in snaps' deraadt@ | |||
| 2006-11-17 | change semantics of ff01::/16 to interface local multicast | Jun-ichiro itojun Hagino | |
| (to sync up with more recent IPv6 spec) ok from: deraadt mcbride | |||
| 2006-11-16 | only look at routing table 0 (main one) | Henning Brauer | |
| 2006-11-16 | make RFC2292/3542 selection automagically happen. | Jun-ichiro itojun Hagino | |
| 2006-11-15 | remove KAME_SCOPEID #ifdef. | Jun-ichiro itojun Hagino | |
| __KAME__ should suffice (__KAME__ should be nuked too?) | |||
| 2006-11-14 | memory requirements are relevant only for mount_mfs; ok jmc@ | Otto Moerbeek | |
| 2006-11-13 | briefly describe phases 1 and 2, and use these terms more | Jason McIntyre | |
| consistently in the rest of the page; help/ok hshoexer | |||
| 2006-11-13 | previous was not quite right; | Jason McIntyre | |
| 2006-11-13 | fix a macro mistake; | Jason McIntyre | |
| 2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride | |
| ok msf@ | |||
| 2006-11-11 | Fix memory leak, from Charles Longeau, many okays | Pedro Martelletto | |
| 2006-11-11 | EXAMPLES was getting too lengthy, so trim some of the ones that were | Jason McIntyre | |
| either obscure, bordering on the duplicate, or referring to pseudo devices; if you want examples for pseudo devices, put them in their specific man page, please. ok jcs | |||
| 2006-11-10 | landisk has no kbd(8) | Theo de Raadt | |
| 2006-11-10 | Add -nwid command to allow wireless interfaces to not prefer a specific | Michael Knudsen | |
| access point. Does the same as nwid "" but since we have -nwkey for nwkey etc. this is nice for consistency. ok mbalmer reyk man stuff also ok jmc | |||
| 2006-11-10 | enable -g again | Alexander von Gernler | |
| help from millert@, ok deraadt@ pedro@ | |||
| 2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel | |
| fixes PR5262 ok hshoexer@ | |||
| 2006-11-10 | When using -vv, also show grouped SAs. | Hans-Joerg Hoexer | |
| 2006-11-10 | Fix grouping for SAs. Now all combinations of SAs are possible, | Hans-Joerg Hoexer | |
| not only ESP+AH (ie. ESP inside AH). | |||
| 2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer | |
| 2006-11-10 | Print the interface that each queue is bound to in the pfctl -sq output | Joel Knight | |
| ok henning@ | |||
| 2006-11-09 | trim SEE ALSO: there is no need to list every pseudo-device | Jason McIntyre | |
| 2006-11-09 | desireable -> desirable; | Jason McIntyre | |
| 2006-11-09 | support public keys w/o SubjectPublicKeyInfo (format: BEGIN RSA PUBLIC KEY) | Markus Friedl | |
| ok ho, hshoexer | |||
| 2006-11-09 | oops | Theo de Raadt | |
| 2006-11-08 | sh machines also have a /usr/mdec/mbr | Theo de Raadt | |
| 2006-11-08 | add a -y flag, for non-interactive use | Theo de Raadt | |
| 2006-11-07 | Only try to recursively print rules if they are actually anchors. | Ryan Thomas McBride | |
| 2006-11-07 | Unbreak authpf by handling non-inline anchors separately from the { } anchors | Ryan Thomas McBride | |
| as pf_find_or_create_ruleset() will mangle relative anchor names and wildcards. Also fixes some nits with nesting and printing inline anchors. ok deraadt@ | |||
| 2006-11-05 | Don't open a transaction for a ruleset unless it's a brace ruleset that | Ryan Thomas McBride | |
| contains rules. Fixes DIOCXCOMMIT: Device busy when multiple anchors with the same name are specified. reported by ckuethe@ and mkb@crypt.org.ru | |||
| 2006-11-03 | storing return value of strtol() in int variable was not safe, | Alexander von Gernler | |
| also strtol() result was not checked for under/overflow thus, rewrite getopt switch/cases with strtonum() and sensible bounds help from mickey@ millert@, ok millert@, no objections otto@ | |||
| 2006-11-03 | correctify example; | Jason McIntyre | |
| from a mail posted to misc@ from uwe dippel; ok otto | |||
| 2006-11-02 | Check for newline before truncating. | Ray Lai | |
| OK moritz@. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |