Age | Commit message (Collapse) | Author |
|
|
|
Tested by many, thanks.
Put it in" deraadt@
|
|
by damien;
|
|
the mailing lists two weeks ago, and completely ignored I guess.
|
|
bsize fields for UNUSED partitions. '-R' already skipped processing
these fields for such partitions. Eliminates an XXX.
ok deraadt, "makes sense" miod@
|
|
networks in the wpapsk section of the page.
ok deraadt@ henning@
|
|
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.
discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@
|
|
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.
|
|
|
|
|
|
the multi-line banner announcing that the MBR is being changed.
Also the listing of the partition table in 'fdisk -u'. Display a
consistant message when the MBR is written.
While here cleanup and shrink code without changing any semantics.
Started with a diff posted on tech@ by Tobias Ulmer.
"I like it" marco@ ok jsing@
|
|
updates to follow;
|
|
and fix typo while here.
ok canacar@
|
|
ok claudio@ laurent@
|
|
|
|
jmc@ has provided a complete list of manual pages to be fixed,
and suggested using uppercase (i.e., Point-to-Point) when discussing
the protocol, and lowercase (point-to-point) otherwise.
ok jmc@
|
|
"ike" rules in ipsec.conf, the default peer is used. In theory
ipsecctl -f ipsec.conf can configure the default peer for each "ike"
entry. As isakmpd only supports one default peer, the last "ike"
rule that uses a default peer wins. This configuration is then
significant for all "ike" rules that use the default peer.
Now a warning is printed if a later rule in ipsec.conf changes the
configuration of the original default peer. This should be an error
but that would break existing user configs. So only a warning is
printed.
ok hshoexer@, todd@
|
|
lines later. No functional change.
ok grunk@, hshoexer@
|
|
|
|
This is also consistent with mplslabel in ifconfig(8).
OK claudio@ laurent@
|
|
- in ipsec_delete_spi_list() a log_verbose is added, when a remote peer
sends us a delete message for an SA. However, to avoid spamming the log
when SAs are deleted during re-keying, I only log_verbose, when the soft
timeout of the SA is not expired yet. Thus only deletion of live SAs
gets logged.
- in ipsec_decode_ids() I remove the additonal printing of IP-Adresses in
hex as the addresses are already printed in CIDR.
- while there, apply some KNF
ok todd@, mpf@, bluhm@
|
|
|
|
keyword as argument for the peer parameter will do that. An ike
without peer creates the peer-default config. A flow without peer
acquires a host-to-host SA.
tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
|
|
|
|
socket dhclient will get.
ja ja claudio@
|
|
|
|
for easier debugging.
ok grunk@, hshoexer@, todd@
|
|
M and m were already taken. OK henning@
|
|
make source code fit on 80-column displays; while here, remove superfluous
comment sign.
ok krw@
|
|
|
|
different source network than we have negotiated with a peer.
This enables us to do nat/binat on the enc(4) interface.
Very useful to work around rfc 1918 collisions.
Manpage and testing by Mitja Muzenic. Thanks!
OK hshoexer@, markus@. "I like it" todd@
|
|
in bytes; this allows us to get rid of many off_t casts, and ensures
proper operation on very large swap partitions on 32 bit machines.
From Pierre Riteau.
|
|
the bounds of the OpenBSD area. Should prevent users from shooting themselves
in the feet.
ok krw@
|
|
binaries to stop working.
OK krw@, michele@, henning@, dlg@
|
|
ok claudio@
|
|
built-in blurb in STANDARDS; we did once have a COMPATIBILITY section
which we merged with STANDARDS, so i think this is appropriate. it
certainly feels better than adding single sentences randomly to the
end of text bodies.
|
|
on certain shells; do not try to document changes between the
implementations, but at least warn of their existence;
diff from Ingo Schwarze
|
|
ok jmc@
|
|
|
|
wsconsctl)
|
|
negative and cause SEGVs. Handle this the same as an out of range
blockno. ok jsg@ (also victim) pedro@ thib@
|
|
|
|
This avoids warnings about already existing manual flows when
ipsec.conf is reloaded. From Mitja Muzenic <mitja at muzenic dot
net>, thanks!
|
|
|
|
hardcoded values used here before were incorrect.
ok claudio@
|
|
and operations are now stored in rt_flags.
This also simplify a lot the syntax.
ok claudio@ laurent@
|
|
|
|
OK deraadt@
|
|
implied sizeof(struct rt_msghdr). Makes code more robust when userland and
kernel are out of sync.
|
|
ok krw millert
|