summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
which optionally verifies that a packet is received on the interface that holds the route back to the packet's source address. This makes it an automatic ingress filter, but only when routing is fully symmetric. bugfix feedback claudio@; ok claudio@ and dhartmei@
2006-03-13Cleanup and plug a fe memleaks and; from Davif Hill with a twist fromOtto Moerbeek
myself.
2006-03-12Add the -s flag, meaning: skip mount if the file system isOtto Moerbeek
already mounted. This flag is very handy when mounting mfs partitions. The -s flag will be used in an upcoming etc/rc diff. ok henning@ deraadt@
2006-03-12use asprintf instead of a static buffer; dhill, tested by pedroTheo de Raadt
2006-03-09Remove -n from synopsis tooPedro Martelletto
2006-03-09Remove option -n from newfs as well as all references to fs_postbl()Pedro Martelletto
Various testing for a while, okay krw@
2006-03-07add support for special "bypass" and "deny" flows.Reyk Floeter
ok hshoexer@, thanks jmc@
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
addresses). "ike dynamic esp" will use the system's hostname as the fqdn source id (instead of the ip address) by default and enable dpd (dead peer detection) to allow smooth reconnects after an ip address change (i.e. forced reconnect with consumer adsl lines). ok hshoexer@, looks fine markus@, jmc@
2006-03-06convert permanent privilege revocation to use setresuid/setresgid;Damien Miller
ok henning@
2006-02-21improvements from claudio:Jason McIntyre
- note that "-alias" is a synonym for "delete", and encourage the latter - make the description of "delete" clearer ok claudio
2006-02-21The new default encryption algorithm for main mode is AES instead of 3DES.Hans-Joerg Hoexer
Noticed as not being documented by otto@. ok otto@
2006-02-20bit more consistent...Jason McIntyre
2006-02-20- note that "deletetunnel" is for gif(4) and gre(4) devices onlyJason McIntyre
- remove some redundant text from "deletetunnel" description help/ok claudio
2006-02-14Define a wsdisplay type for the Sun ZX/Leo frame buffer.Miod Vallat
2006-02-06typo from alexey dobriyan;Jason McIntyre
2006-02-03override authentication tag as well; ok hshoexer@Christian Weisgerber
2006-02-02Two fixes: generate default main mode config when using PSK, added missingHans-Joerg Hoexer
force (with naddy@) ok reyk@ naddy@
2006-02-02Small cleanup to avoid gotos, from Andrey Matveev.Hans-Joerg Hoexer
ok moritz@
2006-02-01double semicolon; from Daniel Matic in PR 4929Otto Moerbeek
2006-02-01noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1Hans-Joerg Hoexer
2006-02-01NTP is described by RFC 1305, not 1035;Jason McIntyre
from michal f. hanula (freebsd docs/92629)
2006-01-28zap unused functionHenning Brauer
From: Andrey Matveev <evol@online.ptt.ru>
2006-01-25spell fall through as FALLTHROUGHTed Unangst
2006-01-20initialize authtype->string in case of RSA to avoid bad free()Christian Weisgerber
ok reyk@ hshoexer@
2006-01-17wrap long lines (no binary change)Reyk Floeter
2006-01-17spacingTheo de Raadt
2006-01-17no , after last element in enumTheo de Raadt
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
"psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@
2006-01-15If the log file is invalid/incompatible, try to rename the bad log fileCan Erkin Acar
and continue with a new name instead of suspending. ok mcbride@
2006-01-14Add a -q flag to reduce output a la newfs, and print the raw device we areMiod Vallat
operating on instead of ``growfs'' (a la newfs as well). ok millert@ pedro@
2006-01-09some minor types house cleaning, ok ottoTheo de Raadt
2006-01-09Introduce a wsdisplay type for mac68k frame buffers; we might need to becomeMiod Vallat
less generic in the future, though.
2006-01-09Remove references to an/awi/ancontrol that should not have beenJonathan Gray
here in the first place.
2006-01-09Don't enter ancontrol. Reminded by deraadt@Jonathan Gray
2006-01-09Move ancontrol to the attic, no longer needed.Jonathan Gray
2006-01-06put the description of vlanprio in the correct place;Jason McIntyre
2006-01-05Make it possible to set a default vlan priority to a vlan interface.Esben Norby
ok claudio@ brad@
2006-01-04Import NetBSD's direct adb code on mac68k, switching to real keyboard and mouseMiod Vallat
drivers, and to wscons as the console; a few parts borrowed from OpenBSD/macppc as well. Currently only working with displays configured in 1bpp or 8bpp modes; this limitation will be worked on ASAP. Tested by claudio@ kettenis@ martin@ nick@ and I on various models. X11 changes coming soon.
2006-01-03most modern implementations of nfsd support TCP, not just 4.4BSD;Jason McIntyre
prompted by a similar commit in freebsd. do not recommend TCP; ok millert
2006-01-02clean up error paths using "goto", part 1. From Andrey Matveev <evol atHans-Joerg Hoexer
online dot ptt dot ru>. Thanks!
2005-12-30better wording, based on a diff from daniel matic;Jason McIntyre
2005-12-29mention the keywords "wireless network interface" for the -M switch;Reyk Floeter
consistency with other 802.11-specific commands descriptions. thanks to Andreas Bihlmaier
2005-12-28no close() after fdopen(); ok hshoexer@Christian Weisgerber
2005-12-28remove some unused functions and an unused variable found by lint.Hans-Joerg Hoexer
ok markus@
2005-12-28make sure isakmpd fifo is actually a fifo.Hans-Joerg Hoexer
2005-12-21Userland programs should include <errno.h> not <sys/errno.h>Todd C. Miller
OK deraadt@
2005-12-20let isakmpd(8) remove it's pid/fifo file on exit.Moritz Jodeit
rework signal handling in the monitor process to let this work. testing and ok hshoexer@
2005-12-19Add and use a few more constants and macros needed by UFS2Pedro Martelletto
No functional change
2005-12-18Fix condition so "BIOS fixup botch" can, unlikely as it is, beKenneth R Westerback
detected. Found by lint. ok millert@
2005-12-13Fix an assignment (=) where an equality test (==) was meant. Found byChad Loder
lint. OK millert, deraadt