| Age | Commit message (Collapse) | Author |
|---|
|
|
|
the multi-line banner announcing that the MBR is being changed.
Also the listing of the partition table in 'fdisk -u'. Display a
consistant message when the MBR is written.
While here cleanup and shrink code without changing any semantics.
Started with a diff posted on tech@ by Tobias Ulmer.
"I like it" marco@ ok jsing@
|
|
updates to follow;
|
|
and fix typo while here.
ok canacar@
|
|
ok claudio@ laurent@
|
|
|
|
jmc@ has provided a complete list of manual pages to be fixed,
and suggested using uppercase (i.e., Point-to-Point) when discussing
the protocol, and lowercase (point-to-point) otherwise.
ok jmc@
|
|
"ike" rules in ipsec.conf, the default peer is used. In theory
ipsecctl -f ipsec.conf can configure the default peer for each "ike"
entry. As isakmpd only supports one default peer, the last "ike"
rule that uses a default peer wins. This configuration is then
significant for all "ike" rules that use the default peer.
Now a warning is printed if a later rule in ipsec.conf changes the
configuration of the original default peer. This should be an error
but that would break existing user configs. So only a warning is
printed.
ok hshoexer@, todd@
|
|
lines later. No functional change.
ok grunk@, hshoexer@
|
|
|
|
This is also consistent with mplslabel in ifconfig(8).
OK claudio@ laurent@
|
|
- in ipsec_delete_spi_list() a log_verbose is added, when a remote peer
sends us a delete message for an SA. However, to avoid spamming the log
when SAs are deleted during re-keying, I only log_verbose, when the soft
timeout of the SA is not expired yet. Thus only deletion of live SAs
gets logged.
- in ipsec_decode_ids() I remove the additonal printing of IP-Adresses in
hex as the addresses are already printed in CIDR.
- while there, apply some KNF
ok todd@, mpf@, bluhm@
|
|
|
|
keyword as argument for the peer parameter will do that. An ike
without peer creates the peer-default config. A flow without peer
acquires a host-to-host SA.
tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
|
|
|
|
socket dhclient will get.
ja ja claudio@
|
|
|
|
for easier debugging.
ok grunk@, hshoexer@, todd@
|
|
M and m were already taken. OK henning@
|
|
make source code fit on 80-column displays; while here, remove superfluous
comment sign.
ok krw@
|
|
|
|
different source network than we have negotiated with a peer.
This enables us to do nat/binat on the enc(4) interface.
Very useful to work around rfc 1918 collisions.
Manpage and testing by Mitja Muzenic. Thanks!
OK hshoexer@, markus@. "I like it" todd@
|
|
in bytes; this allows us to get rid of many off_t casts, and ensures
proper operation on very large swap partitions on 32 bit machines.
From Pierre Riteau.
|
|
the bounds of the OpenBSD area. Should prevent users from shooting themselves
in the feet.
ok krw@
|
|
binaries to stop working.
OK krw@, michele@, henning@, dlg@
|
|
ok claudio@
|
|
built-in blurb in STANDARDS; we did once have a COMPATIBILITY section
which we merged with STANDARDS, so i think this is appropriate. it
certainly feels better than adding single sentences randomly to the
end of text bodies.
|
|
on certain shells; do not try to document changes between the
implementations, but at least warn of their existence;
diff from Ingo Schwarze
|
|
ok jmc@
|
|
|
|
wsconsctl)
|
|
negative and cause SEGVs. Handle this the same as an out of range
blockno. ok jsg@ (also victim) pedro@ thib@
|
|
|
|
This avoids warnings about already existing manual flows when
ipsec.conf is reloaded. From Mitja Muzenic <mitja at muzenic dot
net>, thanks!
|
|
|
|
hardcoded values used here before were incorrect.
ok claudio@
|
|
and operations are now stored in rt_flags.
This also simplify a lot the syntax.
ok claudio@ laurent@
|
|
|
|
OK deraadt@
|
|
implied sizeof(struct rt_msghdr). Makes code more robust when userland and
kernel are out of sync.
|
|
ok krw millert
|
|
ok millert
|
|
e.g. "0.5g".
|
|
returning an error, just reprompt. If there is an error reading
from stdin, use the old (default) value.
Shrinks fdisk a few bytes!
OK deraadt.
|
|
Muzenic (mitja at muzenic dot net), many thanks!
|
|
dirty on the way out so that users are forced to run fsck afterwards. The
manpage politely suggested that the filesystem be checked after growing it;
change it to say that fsck is required.
|
|
|
|
OK brad@
|
|
(IPV4_ADDR_SUBNET) when they contain a '/'.
This allows to choose between IPV4_ADDR and IPV4_ADDR_SUBNET by adding
"/32", ie. "a.b.c.d" vs. "a.b.c.d/32". This helps to interop with other
IKE implementations.
From Mitja Muzenic <mitja at muzenic dot net>, thanks!
Idea supported by markus@ and jdixon@.
|
|
- keep the examples in this page and fstab(5) in sync
- give an equivalent fstab(5) entry to show how options are specified
these changes are necessary because of the differing ways we pass
options to mount.
while here, zap some .Tn
ok otto
|
