summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2009-11-28remove unused variablesCharles Longeau
ok claudio@
2009-11-26Silence dhclient by immediately exiting if the interface doesn't existKenneth R Westerback
or can't return important flags via ioctl. Excess verbiage pointed out by deraadt@. ok henning@
2009-11-25Move the -p option to the correct place.Joel Sing
ok jmc@
2009-11-24Preserve rawmode when setting scale. ok miod@, oga@.Matthieu Herrb
2009-11-24put -P in the right place;Jason McIntyre
2009-11-24Allow the passphrase to be changed on softraid crypto volumes. Ensure thatJoel Sing
you backup your data and lock up your pets prior to using this. Tested by todd@ ok marco@
2009-11-23since "nat/rdr pass" are history natpass can goHenning Brauer
2009-11-23rewrite the bridge "rule" option for clarity; tweaks/ok deraadtJason McIntyre
2009-11-23correct bridge rule descriptionsTheo de Raadt
2009-11-22brconfig(8) functionality is now in ifconfig(8)Theo de Raadt
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
NAT, filter). now we only have one. no need for an array any more. simplifies the code quite a bit. in the process fix the abuse of PF_RULESET_* by (surprise, isn't it) the table code. written at the filesystem hackathon in stockholm, committed from the hardware hackathon in portugal. ok gcc and jsing
2009-11-22The spanning priority is conflicting with the interface priority so itClaudio Jeker
got renamed to spanpriority.
2009-11-22Move information describing the bridge and brconfig behaviour intoTheo de Raadt
the relevant manual pages. Functionality is described in the (4) pages, controlling the functionality in ifconfig(8), and the hostname.if gains the old bridgename.if(5) functionality. ok claudio jmc
2009-11-22Merge brconfig into ifconfig. It is annoying that it is impossible to doClaudio Jeker
ifconfig bridge0 add em0 add gif0 add vether0 up instead you need to ifconfig bridge0 create brconfig bridge0 add em0 add gif0 add vether0 up This is working for everything now but we may do some changes when needed. Manpages and startup scripts are following soon. OK deraadt@, henning@
2009-11-22Fix ifconfig -a vs. ifconfig -A and make ifconfig without any arg behaveClaudio Jeker
like ifconfig -a by setting the aflag to 1. Found with and OK deraadt@
2009-11-21tweak previous;Jason McIntyre
2009-11-21Add new option tunneldomain to ifconfig to specify the routing tableClaudio Jeker
to be used for sending out gre/gif encoded packets. OK deraadt@, henning@
2009-11-16pflogd no longer needs libutil; ok deraadt@Otto Moerbeek
2009-11-15vether(4) interfaces can be created too; ok deraadtJason McIntyre
2009-11-13fix a few memory leaks found by parfait; ok hshoexerTheo de Raadt
2009-11-13Don't use [] in function arguments when dealing with arraysJonathan Gray
we don't know the size of, otherwise gcc >= 4 will error. ok markus@ deraadt@
2009-11-12free flagsp if flags variable indicates it was not used, found by parfait; ↵Theo de Raadt
ok millert
2009-11-124 memory leaks found by parfait; ok millertTheo de Raadt
2009-11-12reading off the end of table bug, found by parfaitTheo de Raadt
2009-11-12memory leak found by parfait; ok jsgTheo de Raadt
2009-11-12Make sure we have enough space for the trailing \0 on prepend/appendJonathan Gray
of dhcp options. found by parfait. ok krw@
2009-11-09pfsync devices can be dynamically created too; from vladimir kirillovJason McIntyre
ok henning
2009-11-09A few more places to be updated for the route pool change.Jonathan Gray
expanded version of a diff from Vadim Zhukov. ok henning@ claudio@
2009-11-05IPv6 support for divert sockets.Michele Marchetto
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
2009-11-05adding an interface if it already is added should be successful, not give aTodd T. Fries
bogus and misleading error, this permits re-running bridgename.if(5) files etc without confusion prodded/found by deraadt@ ok deraadt@ phessler@ henning@ stsp@
2009-11-04tweak previous;Jason McIntyre
2009-11-04tweak previous;Jason McIntyre
2009-11-03Lies. We no longer support this magic netmask at the end of the lineClaudio Jeker
compatibility.
2009-11-03Get rid of pflogd.pid because the privsep child cannot delete the pidfile;Theo de Raadt
use pkill(1) in /etc/newsyslog.conf instead together with otto and suggestions from tedu
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
2009-11-02s/hz/Hz/ on multiples of the SI unit hertz other than MHz.Igor Sobrado
reminded by STeve Andre.
2009-11-02Print the route metrics in monitor mode if -v is used. This info can beClaudio Jeker
useful from time to time and it is easer then deciphering ktrace output. While there kill the no longer needed msec macro. OK henning
2009-11-02Use strtonum instead of atoi, this allows to do basic range checking.Claudio Jeker
While there remove some very old compat code supporting a syntax that no one still knows or uses. OK henning@, deraadt@
2009-10-31If the nmea(4) or endrun(4) timing disciplines are selected ignore statusChris Kuethe
lines; this prevents poll(2) from saying the fd has data to be read, when it only had a status line change. Prevents ldattach from exiting when relaying data to gpsd while being driven by a gps with 1PPS. ok deraadt
2009-10-30The script that generates keywords.h wasn't updated whenJonathan Gray
mplslabel label was added, fix.
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
which unbreaks ie route-to after the recent pf changes. With much help debugging and pointing out of missing bits from claudio@ ok claudio@ "looks good" henning@
2009-10-28route_host initializes the netmask to a /128 no matter what af is used soClaudio Jeker
that the load balancing code does not freak out but because of this check_netmask() is now complaining. So set the addr.type to PF_ADDR_DYNIFTL so check_netmask() is fixing up the netmask for IPv4 and stops complaining. This is a partial fix for the failing regress test 13. found with jsg, looks good henning
2009-10-28Correct function name in err and errx.Claudio Jeker
2009-10-28poll events must be reinitialized after each call to poll. fixesChris Kuethe
ldattach exiting when relaying (nmea to gpsd, for example). ok deraadt@
2009-10-28rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andTheo de Raadt
unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
2009-10-25Somehow during my testing I missed a test case where an existing cryptoMarco Peereboom
volume could no longer be brought up. Found by Pedro la Peu <pedro@am-gen.org>, thanks for the report.
2009-10-22tweak previous; ok marcoJason McIntyre
2009-10-22use the UNIX-related macros (.At and .Ux) where appropriate.Igor Sobrado
ok jmc@
2009-10-21Add delete example since it has come up several times.Marco Peereboom
2009-10-21Add passphrase file for crypto volume bring-up. Proded and ok deraadtMarco Peereboom
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 11:22:42 +0000