summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2003-12-28zap bizarre log() prototype.Marc Espie
Doesn't even change the resulting binary (thank Ian Darwin for that idea)
2003-12-27Remove extra \n from pf_print_state().Ryan Thomas McBride
ok deraadt@ cedric@
2003-12-23automagically create pseudo-network interfaces; ok deraadt@Markus Friedl
2003-12-22use AES_BLOCK_SIZE only for USE_AES; report martti.kuparinen@iki.fi; ok ho@Markus Friedl
2003-12-20make disklabel docs more readable: more logical SYNOPSIS; sort options;Jason McIntyre
make internal editor help and usage() match the docs; make sure all the forms described in SYNOPSIS are explained; various other tweaks. input from millert@; ok deraadt;
2003-12-19i wrote much of these, assert my copyrightHenning Brauer
2003-12-19document hw.{cpuspeed,setperf} sysctls;Jason McIntyre
tweak and ok tedu@
2003-12-19assert copyright. i rewrite much of thisTheo de Raadt
2003-12-18Mention the exchange name when giving up on a message. Suggested byHakan Olsson
Michael Coulter.
2003-12-17cosmetics, ok mcbride@Daniel Hartmeier
2003-12-17Add support for -DSMALL that doesn't need -lkvm (no -g option)Todd C. Miller
2003-12-16quotes, spaces and bars do not need to be escaped within displays;Jason McIntyre
.Nm does not need an argument; dashes should be escaped;
2003-12-16- s/recieve/receiveJason McIntyre
- kill whitespace at EOL
2003-12-16Document new pfsync options (syncif, -syncif and maxupd).Ryan Thomas McBride
ok deraadt@
2003-12-16Check that max-src-states and max-src-nodes are not being set to 0.Ryan Thomas McBride
2003-12-16hostid is stored in network byte order, print in host byte order.Ryan Thomas McBride
2003-12-15Support for groups modp2048, modp3072, modp4096, modp6144 and modp8192 (IDs 14Hans-Joerg Hoexer
to 18). ok ho@
2003-12-15KNF here tooHenning Brauer
2003-12-15Whitespace.Ryan Thomas McBride
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
to: - Ensure that clients get a consistent IP mapping with load-balanced translation/routing rules - Limit the number of simultaneous connections a client can make - Limit the number of clients which can connect through a rule ok dhartmei@ deraadt@
2003-12-14Log the actual port for src and dst, don't assume it's always 500.Hakan Olsson
2003-12-14Make isakmpd work on big endian linux machines. From Sebastian Klemke.Hakan Olsson
Also, a few style nits and a better error message text.
2003-12-08make man page more closely match what's in /proc;Jason McIntyre
partly from PR 2101 (still open, since code needs fixed); ok tedu@
2003-12-08add IOCIFGCLONERS; ifconfig -C; from netbsd; ok henning, deraadtMarkus Friedl
2003-12-07ANSIMarkus Friedl
2003-12-07typo; lists-openbsd@2ls4agd.netTheo de Raadt
2003-12-06bit more flesh to the create and destroy; thanks jmcTheo de Raadt
2003-12-05Style nitsHakan Olsson
2003-12-05madvise() the mfs storage area as randomly accessed as mfs does it's own ↵Michael Shalayeff
clustering; tedu@ ok
2003-12-04Validate SPIs presented in DELETE messages of the informational exchange.Hans-Joerg Hoexer
ok markus@
2003-12-04TyposMiod Vallat
2003-12-04no, you cannot form a raid from wd0h and wd0h.Henning Brauer
found by Joel Knight
2003-12-03add support for ifconfig clone; from netbsd; ok deraadt, henningMarkus Friedl
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
ok deraadt@
2003-11-29allow ':' (range including boundaries) to be used whereever '><' (rangeDaniel Hartmeier
excluding boundaries) is legal. already supported by kernel, requires only removal of three error messages. ok henning@
2003-11-25- document interaction with SIGINFO, as observed by Franciszek Holop on misc@Jason McIntyre
- add some .Pp - typo
2003-11-22daniel stumbled over a broken regress test, and it turned out that I forgotHenning Brauer
to commit a diff from 11/6... do not insert the "block in on ! interface" rule for antispoof statements when the interface in question does not have any IP address, because that then expands to block in on ! interface all which is obviously bad. niklas@ found it, dhartmei@ ok, and I think some more ppl ok I don't remember
2003-11-21- standard SYNOPSISJason McIntyre
- sort OPTIONS - s/Dq/Sq when quoting single characters - sync usage() - simplify macros
2003-11-20remove -Werror from userland builds, to give us a chance toAnil Madhavapeddy
use more verbose warning options if desired. ok millert@, henning@, david@
2003-11-20use .Dv for AF_INET and AF_INET6 (kills ugly line break);Jason McIntyre
spotted by Alexey E. Suslikov; also kill some .Pp's before displays/lists for better PostScript output;
2003-11-16__attribute__((__packed__)) -> __packedAnil Madhavapeddy
2003-11-15fix savecore on big endian 64 bit arches. OK millert@Marco S Hyman
2003-11-15no dup header sys/types.h. from Andrey MatveevTed Unangst
2003-11-14in print_status:Henning Brauer
-print debuglevel "Loud", this was omitted before (catched by mpech@) -use the fine PF_DEBUG_* defines instead of magic numbers ok markus
2003-11-14allow the debuglevel to be set from pf.conf (set debug)Henning Brauer
ok cedric@
2003-11-09Unbreak printing of vlan interface information, commented out accidentallyRyan Thomas McBride
in CARP import.
2003-11-08typos from Jonathon Gray;Jason McIntyre
2003-11-08Add 'no-sync' state option to prevent state transition messages for statesRyan Thomas McBride
created by this rule from appearing on the pfsync(4) interface. e.g. pass in proto tcp to self flags S/SA keep state (no-sync) ok cedric@ henning@ dhartmei@
2003-11-07adress -> address, and a few more; all from Jonathon Gray;Jason McIntyre
(mvme68k/mvme88k) vs.c and (vax) if_le.c ok miod@ isakmpd ones ok ho@