Age | Commit message (Collapse) | Author | |
---|---|---|---|
2009-11-25 | Move the -p option to the correct place. | Joel Sing | |
ok jmc@ | |||
2009-11-24 | Preserve rawmode when setting scale. ok miod@, oga@. | Matthieu Herrb | |
2009-11-24 | put -P in the right place; | Jason McIntyre | |
2009-11-24 | Allow the passphrase to be changed on softraid crypto volumes. Ensure that | Joel Sing | |
you backup your data and lock up your pets prior to using this. Tested by todd@ ok marco@ | |||
2009-11-23 | since "nat/rdr pass" are history natpass can go | Henning Brauer | |
2009-11-23 | rewrite the bridge "rule" option for clarity; tweaks/ok deraadt | Jason McIntyre | |
2009-11-23 | correct bridge rule descriptions | Theo de Raadt | |
2009-11-22 | brconfig(8) functionality is now in ifconfig(8) | Theo de Raadt | |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer | |
NAT, filter). now we only have one. no need for an array any more. simplifies the code quite a bit. in the process fix the abuse of PF_RULESET_* by (surprise, isn't it) the table code. written at the filesystem hackathon in stockholm, committed from the hardware hackathon in portugal. ok gcc and jsing | |||
2009-11-22 | The spanning priority is conflicting with the interface priority so it | Claudio Jeker | |
got renamed to spanpriority. | |||
2009-11-22 | Move information describing the bridge and brconfig behaviour into | Theo de Raadt | |
the relevant manual pages. Functionality is described in the (4) pages, controlling the functionality in ifconfig(8), and the hostname.if gains the old bridgename.if(5) functionality. ok claudio jmc | |||
2009-11-22 | Merge brconfig into ifconfig. It is annoying that it is impossible to do | Claudio Jeker | |
ifconfig bridge0 add em0 add gif0 add vether0 up instead you need to ifconfig bridge0 create brconfig bridge0 add em0 add gif0 add vether0 up This is working for everything now but we may do some changes when needed. Manpages and startup scripts are following soon. OK deraadt@, henning@ | |||
2009-11-22 | Fix ifconfig -a vs. ifconfig -A and make ifconfig without any arg behave | Claudio Jeker | |
like ifconfig -a by setting the aflag to 1. Found with and OK deraadt@ | |||
2009-11-21 | tweak previous; | Jason McIntyre | |
2009-11-21 | Add new option tunneldomain to ifconfig to specify the routing table | Claudio Jeker | |
to be used for sending out gre/gif encoded packets. OK deraadt@, henning@ | |||
2009-11-16 | pflogd no longer needs libutil; ok deraadt@ | Otto Moerbeek | |
2009-11-15 | vether(4) interfaces can be created too; ok deraadt | Jason McIntyre | |
2009-11-13 | fix a few memory leaks found by parfait; ok hshoexer | Theo de Raadt | |
2009-11-13 | Don't use [] in function arguments when dealing with arrays | Jonathan Gray | |
we don't know the size of, otherwise gcc >= 4 will error. ok markus@ deraadt@ | |||
2009-11-12 | free flagsp if flags variable indicates it was not used, found by parfait; ↵ | Theo de Raadt | |
ok millert | |||
2009-11-12 | 4 memory leaks found by parfait; ok millert | Theo de Raadt | |
2009-11-12 | reading off the end of table bug, found by parfait | Theo de Raadt | |
2009-11-12 | memory leak found by parfait; ok jsg | Theo de Raadt | |
2009-11-12 | Make sure we have enough space for the trailing \0 on prepend/append | Jonathan Gray | |
of dhcp options. found by parfait. ok krw@ | |||
2009-11-09 | pfsync devices can be dynamically created too; from vladimir kirillov | Jason McIntyre | |
ok henning | |||
2009-11-09 | A few more places to be updated for the route pool change. | Jonathan Gray | |
expanded version of a diff from Vadim Zhukov. ok henning@ claudio@ | |||
2009-11-05 | IPv6 support for divert sockets. | Michele Marchetto | |
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@ | |||
2009-11-05 | adding an interface if it already is added should be successful, not give a | Todd T. Fries | |
bogus and misleading error, this permits re-running bridgename.if(5) files etc without confusion prodded/found by deraadt@ ok deraadt@ phessler@ henning@ stsp@ | |||
2009-11-04 | tweak previous; | Jason McIntyre | |
2009-11-04 | tweak previous; | Jason McIntyre | |
2009-11-03 | Lies. We no longer support this magic netmask at the end of the line | Claudio Jeker | |
compatibility. | |||
2009-11-03 | Get rid of pflogd.pid because the privsep child cannot delete the pidfile; | Theo de Raadt | |
use pkill(1) in /etc/newsyslog.conf instead together with otto and suggestions from tedu | |||
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker | |
tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@ | |||
2009-11-02 | s/hz/Hz/ on multiples of the SI unit hertz other than MHz. | Igor Sobrado | |
reminded by STeve Andre. | |||
2009-11-02 | Print the route metrics in monitor mode if -v is used. This info can be | Claudio Jeker | |
useful from time to time and it is easer then deciphering ktrace output. While there kill the no longer needed msec macro. OK henning | |||
2009-11-02 | Use strtonum instead of atoi, this allows to do basic range checking. | Claudio Jeker | |
While there remove some very old compat code supporting a syntax that no one still knows or uses. OK henning@, deraadt@ | |||
2009-10-31 | If the nmea(4) or endrun(4) timing disciplines are selected ignore status | Chris Kuethe | |
lines; this prevents poll(2) from saying the fd has data to be read, when it only had a status line change. Prevents ldattach from exiting when relaying data to gpsd while being driven by a gps with 1PPS. ok deraadt | |||
2009-10-30 | The script that generates keywords.h wasn't updated when | Jonathan Gray | |
mplslabel label was added, fix. | |||
2009-10-28 | Add a dedicated pf pool for route options as suggested by henning, | Jonathan Gray | |
which unbreaks ie route-to after the recent pf changes. With much help debugging and pointing out of missing bits from claudio@ ok claudio@ "looks good" henning@ | |||
2009-10-28 | route_host initializes the netmask to a /128 no matter what af is used so | Claudio Jeker | |
that the load balancing code does not freak out but because of this check_netmask() is now complaining. So set the addr.type to PF_ADDR_DYNIFTL so check_netmask() is fixing up the netmask for IPv4 and stops complaining. This is a partial fix for the failing regress test 13. found with jsg, looks good henning | |||
2009-10-28 | Correct function name in err and errx. | Claudio Jeker | |
2009-10-28 | poll events must be reinitialized after each call to poll. fixes | Chris Kuethe | |
ldattach exiting when relaying (nmea to gpsd, for example). ok deraadt@ | |||
2009-10-28 | rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and | Theo de Raadt | |
unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms | |||
2009-10-25 | Somehow during my testing I missed a test case where an existing crypto | Marco Peereboom | |
volume could no longer be brought up. Found by Pedro la Peu <pedro@am-gen.org>, thanks for the report. | |||
2009-10-22 | tweak previous; ok marco | Jason McIntyre | |
2009-10-22 | use the UNIX-related macros (.At and .Ux) where appropriate. | Igor Sobrado | |
ok jmc@ | |||
2009-10-21 | Add delete example since it has come up several times. | Marco Peereboom | |
2009-10-21 | Add passphrase file for crypto volume bring-up. Proded and ok deraadt | Marco Peereboom | |
2009-10-21 | nat -> match...nat-to in example PF rule. ok mpf@ | Stuart Henderson | |
2009-10-11 | Enable kbd on landisk and socppc. -moj ok miod@ | Mats O Jansson | |