| Age | Commit message (Collapse) | Author |
|---|
|
"sure" marco@
|
|
|
|
large on very large filesystems; reported by Benny Lofgren; partly
from FreeBSD. ok deraadt@ beck@ millert@
|
|
version of his diff to tech@ committed);
|
|
OpenBSD MBR partition does not span from sector 1 after MBR partition
data is re-initialized.
written with lot of good advice from deraadt@ and jmc@
ok deraadt@
|
|
returning a magic value that is not even handled as such by the caller
ok krw@
|
|
|
|
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.
Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.
Written by claudio@, criticized^Wcritiqued by me
|
|
printing, both of inline anchors and when requested explicitly with a '*'
in the anchor.
- Correct recursive printing of wildcard anchors (recurse into child anchors
rather than rules, which don't exist)
- Print multi-part anchor paths correctly (pr6065)
- Fix comments and prevent users from specifying multi-component names for
inline anchors.
tested by phessler
ok henning
|
|
will be getting cleaned up soon.
ok henning
|
|
|
|
|
|
|
|
|
|
ok maja@
|
|
that value, print an error message and repost the question
ok krw@ deraadt@
|
|
E.g. if we have a /dev/wskbd1 keyboard1 will show up when doing a -a.
wsconsctl keyboard1 will now show you all variables for keyboard1.
feedback and ok miod@. -moj
|
|
ok mcbride
|
|
supported.
ok marco@
|
|
|
|
ok miod@. -moj
|
|
tell the kernel to send all IPsec traffic for derived SAs to the
specified enc(4) interface instead of enc0.
|
|
|
|
ok krw@ jsing@
|
|
block boundary. In most modern (i.e. 'faked' geometry) situations
this will start it at (0-based) block[64] rather than block[63] as
now. This should help performance on disks which really have 4K
sectors but report 512-byte sectors.
Power of 2 idea from deraadt@.
ok toby@ deraadt@
|
|
ok krw@
|
|
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.
manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@
|
|
alternative to X.509 CA verification. this will be needed to support public
key authentication like isakmpd does; a few bits are still missing.
|
|
the smaller implementation from iked that is using libcrypto instead.
This allows to remove a lot of code (which is always good), get rid of
some custom crypto code by using libcrypto, theoretically adds
support for many new MODP and EC2N/ECP modes (but it is not configurable
yet), and allows to share the dh.c/dh.h code in different codebases
(it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
|
|
|
ok henning@ krw@
|
|
|
|
- 'make -Fi' reset ALL the interface statistics
can be restricted with -i ifname
- 'make -Fa -i ifname' fail (it's meaningless)
- get rid of a silly little struct that's only used for one thing
ok henning
|
|
That isn't the case. eg thorn, Cyrillic_CHE, L2_tcedilla, L5_scedilla and
L7_zcaron has the same (0xfe). So you have a 20% chance to get the right
output from wsconsctl.
Use the ksym name to decide which ksyms isn't Latin-1. Store that information
in the ksym tables. The use the keyboard encoding to make an educated guess
of which character to return.
Let say your encoding is pl. You have Latin-2 characters in the map.
Then check first for Latin-2 characters if none found try Latin-1.
ok miod@
-moj
|
|
|
|
ok claudio@
|
|
lookup a cert from /etc/iked/certs/ that is signed by a requested CA.
As a second step we also compare the subjectAltName of any found
certificate now to match the local srcid; this allows to have multiple
certs for the same CA but different srcids in the certs/ directory but
enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
|
|
|
|
|
peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it
with the certificate subjectName (DN). This prevents the peer from
using an arbitrary peer Id (it is signed by the CA in the cert) and
qualifies the optional pf tag.
|
|
parsing routines directly, first parse the message and save the parsed
elements in the temporary message struct before validating the
information and taking any other actions on the actual SA. This needs
more testing, but is the cleaner and better approach.
|
|
|
|
|
|
the similar changes to dhcpd.
|
|
|
|
previous parse.y change.
|
|
OK deraadt, reyk
|
|
|
|
kernel, just like isakmpd does it. In difference to isakmpd, the Id
type is printed in capital letters, eg. FQDN/foo.example.com, because
it is using the existing print_map() API. For consistency, rename a
few Id types in grammar and code from the RFC-names to the
OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just
IPV4, DER_ASN1_DN to ASN1_DN etc.
|
|
while here, change ping6 to use strtonum instead of strtol.
OK claudio@
|
