summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
This brings us close to 100% atomicity for a "pfctl -f pf.conf" command. (some splxxx work remain in the kernel). Basically, improvements are: - Anchors/Rulesets cannot disappear unexpectedly anymore. - No more leftover in the kernel if "pfctl -f" fail. - Commit is now done in a single atomic IOCTL. WARNING: The kernel code is fully backward compatible, but the new pfctl/authpf userland utilities will only run on a new kernel. The following ioctls are deprecated (i.e. will be deleted sooner or later, depending on how many 3rd party utilities use them and how soon they can be upgraded): - DIOCBEGINRULES - DIOCCOMMITRULES - DIOCBEGINALTQS - DIOCCOMMITALTQS - DIOCRINABEGIN - DIOCRINADEFINE They are replaced by the following ioctls (yes, PF(4) will follow) which operate on a vector of rulesets: - DIOCXBEGIN - DIOCXCOMMIT - DIOCXROLLBACK Ok dhartmei@ mcbride@
2003-09-26Walking up to a firewall box which had the console logged in, to seeTheo de Raadt
the entire screen full of "Reopened logfile" is CLEAR and OBVIOUS reason that that message is UTTERLY USELESS and is wiping important stuff off the screen.
2003-09-26check strdup failure; ok anil millertTheo de Raadt
2003-09-26Fix off-by-ones in format string for 's' specifier; millert@, deraadt@ okAaron Campbell
2003-09-26don't listen to INADDR_ANY if Listen-on is specified.Cedric Berger
patch from markus@, ok ho@
2003-09-26.Xr mount_ntfs;Jason McIntyre
2003-09-26realloc properly; ok jasonTheo de Raadt
2003-09-25Fix off-by-one out-of-bounds write; millert@ okAaron Campbell
2003-09-25Fix one case of set length before realloc. Fix another case ofChad Loder
foo = realloc(foo...) and avoid possible memory leaks. Avoid leaving things pointing to freed memory on failure.
2003-09-25realloc fixes; 3rd rev to make markus happierTheo de Raadt
2003-09-25do not crank size first, do not do p = realloc(p, ...Theo de Raadt
2003-09-25whack commons as wanted by hoTheo de Raadt
2003-09-25do not crank size before ereallocTheo de Raadt
2003-09-25p = realloc(p is not allowedTheo de Raadt
2003-09-24realloc fixTheo de Raadt
2003-09-24realloc fixes; ok hoTheo de Raadt
2003-09-24re-add AES, but without using EVP;Markus Friedl
patch from Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@ (interops with isakmpd+AES in OpenBSD 3.4)
2003-09-24back out EVP change; causes fd leaks; ok cedric@Markus Friedl
2003-09-24Fix realloc usage and make sure we don't increase buffer size on failure.Cedric Berger
ok henning@ mcbride@
2003-09-23use getaddrinfo for name-to-address resolution. mcbride@ okJun-ichiro itojun Hagino
2003-09-23fix a few strlcpyTheo de Raadt
2003-09-19an atexit handler to close a file descriptor? who wrote this crap..; millert okTheo de Raadt
2003-09-18Not all address types have a mask.Cedric Berger
ok henning@
2003-09-18fix early free (subtle); marius@monkey.orgTheo de Raadt
2003-09-18add .Bk/.Ek to SYNOPSIS;Jason McIntyre
2003-09-18add some space before lists;Jason McIntyre
2003-09-18replace NetBSD info with OBSD relevant stuff;Jason McIntyre
from brad@
2003-09-09slight cleanup of man page and sync usage();Jason McIntyre
2003-09-05socket leak on error paths. from Patrick Latifi. ok deraadt@ ho@Ted Unangst
2003-09-02Xref boot_mvme88kMiod Vallat
2003-09-02escape punctuation;Jason McIntyre
ok deraadt@
2003-09-02A couple of nits. deraadt@ ok.Hakan Olsson
2003-09-02Require ISAKMP_FLAGS_ENC on phase 2 messages. ok markus@, deraadt@.Hakan Olsson
2003-09-02For easier compilation on linux systems. Requested by Thomas Walpuski.Hakan Olsson
2003-09-01KNFHenning Brauer
2003-08-31add references to /etc/mygate in FILES and SEE ALSO;Jason McIntyre
from Han Boetes.
2003-08-29Document interactions between tables and anchors.Cedric Berger
Add a warning on global/anchor name clashes to help prevent mistakes from our users during the 3.3 -> 3.4 switch. ok henning@
2003-08-29exclude __sparc64__ since it can handle 16k blocks. from jason@Ted Unangst
2003-08-28sparcs cannot handle booting from > 8k block partitions, so set the rootTed Unangst
partition block size back down.
2003-08-28This change is busted. what's worse, REGRESSION TESTS WOULD HAVE CAUGHT IT!Kjell Wooding
You MUST test nework stack changes on BOTH BYTE-ORDERS. Someone can fix this later, but right now I need to get the damn firewall up. Grr.
2003-08-28support AES in phase 1, too. switch to OpenSSL EVP interface;Markus Friedl
with Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@
2003-08-28tweak;Jason McIntyre
ok frantzen@
2003-08-27kill dangling 'else'. fixes modulus in W and M TCP optionsMike Frantzen
2003-08-27typos from deraadt@;Jason McIntyre
2003-08-26catch port/user/group a <>/>< b with a >= b, from mpech@Daniel Hartmeier
2003-08-26mark cloned route with RTF_CLONED. remove RTF_CLONED route when clone parentJun-ichiro itojun Hagino
disappers. deraadt ok
2003-08-25rename struct dinode to ufs1_dinode. clears the namespace and makesTed Unangst
way for some future work. no function changes yet. help testing otto@ and markus@
2003-08-25catch return-rst ttl values > 255, from aaron@Daniel Hartmeier
2003-08-24Tweaks:Cedric Berger
- Make sure we allow only tables in round-robin pools for routing options, same as what we do for translation rules. - Don't reject rules like: "nat on sis0 -> <foo>" because "no address family is given". This is perfectly valid. ok henning@
2003-08-24don't print info about duplicate emuls. gives the illusion there is onlyTed Unangst
one linux emul and one freebsd emul. ok deraadt@
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-14 23:21:21 +0000