summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2008-07-01Isakmpd acquire mode did not work with a config generated fromAlexander Bluhm
ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
2008-07-01If a rules contains a hostname instead of an address, use the listAlexander Bluhm
of all possible addresses from DNS and not only the first one. So during expansion, the right address family can be chosen and regression test ike56 passes again. There localhost resolves to 127.0.0.1 and ::1. ok hshoexer
2008-07-01If multiple to addresses but no peer are given in an ike or flowAlexander Bluhm
rule, the current to address is taken as peer during expansion. This makes the broken regress test ikefail7 obsolete as address family mismatch cannot happen anymore. ok hshoexer
2008-07-01Initialize variable before checking against NULL.Ray Lai
OK deraadt, otto, krw.
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
and the state-related pf(4) ioctls, and make functions in state creation and destruction paths more robust in error conditions. All values in struct pfsync_state now in network byte order, as with pfsync. testing by david ok henning, systat parts ok canacar
2008-06-27documentation tweak.Igor Sobrado
2008-06-26First pass at removing clauses 3 and 4 from NetBSD licenses.Ray Lai
Not sure what's more surprising: how long it took for NetBSD to catch up to the rest of the BSDs (including UCB), or the amount of code that NetBSD has claimed for itself without attributing to the actual authors. OK deraadt@
2008-06-25In interactive mode, always suggest offsets and sizes inside theOtto Moerbeek
OpenBSD area and change the 'p' command to only print the boundaries and size of the OpenBSD area and the free space within that area. Introduce a 'l' command to print the header only. With krw@; ok krw@ deraadt@; jmc@ for the man page bits
2008-06-25allow to install and boot the OpenBSD A6 partition and disklabel in anReyk Floeter
extended DOS partition. the concept of extended partitions is very simple, it is just another mbr at the partition offset (well, the standard "EBR" is a linked list with a few limitations, but this diff works with both variants). this diff has been in the snapshots for a while. with input from weingart@ and krw@ ok deraadt@
2008-06-24- move -S and -t into the main option descriptions: they were the onlyJason McIntyre
options left of the old tuning list, and it makes sense to have one list now - document -T. this was requested by todd (fries), and comes largely from the description in netbsd's page of the same name ok millert otto
2008-06-24- document the raidlevelsJason McIntyre
- tweak CAVEATS, as requested by marco ok hshoexer marco
2008-06-24Index: src/sbin/growfs/growfs.cIgor Sobrado
=================================================================== RCS file: /cvs/src/sbin/growfs/growfs.c,v retrieving revision 1.23 diff -u -p -r1.23 growfs.c --- src/sbin/growfs/growfs.c 5 Oct 2007 13:56:14 -0000 1.23 +++ src/sbin/growfs/growfs.c 4 Jun 2008 10:10:32 -0000 @@ -2227,7 +2227,7 @@ usage(void) DBG_ENTER; - fprintf(stderr, "usage: growfs [-Ny] [-s size] special\n"); + fprintf(stderr, "usage: growfs [-Nqy] [-s size] special\n"); DBG_LEAVE; exit(1);
2008-06-23Do not compile the ``kbd needs to be rebuilt'' test if -DNOKVM. Should shaveMiod Vallat
a few bytes off the installation media filesystems.
2008-06-21Fix "-T expire"; clear pfra_fback on addresses before sending them back toRyan Thomas McBride
the kernel to be deleted.
2008-06-15put carppeer in the right place;Jason McIntyre
2008-06-15fix usage();Jason McIntyre
2008-06-15Add 802.3ad LACP support for trunk(4).Marco Pfatschbacher
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4). This is still work in progress. Tested with a HP ProCurve 3500. OK reyk@
2008-06-15When generating a new volume, ask the user to re-type the passphrase forHans-Joerg Hoexer
verification. ok djm
2008-06-14add carppeer; an option to specify a different multicast address orReyk Floeter
even the unicast address of the remote carp peer. this especially helps when the multicast carp advertisements are causing problems in the network (some crappy switches don't do well with multicast), there are conflicts with VRRP, or the policy of the network does not allow multicast (most Internet eXchange points didn't allow carped OpenBGP routers because of the multicast advertisements). discussed with many ok mpf@
2008-06-14Provide a status field for operations on the bc_opaque data. Now we'reHans-Joerg Hoexer
able to distinguish cleanly an failing ioctl (ie. return value -1) from trying to retrieve a KDF hint from a not yet initialized volume. ok marco djm
2008-06-14add a -r option to specify the number of PKCS5 PBKDF2 iterations usedDamien Miller
to derive the password (minimum: 1000, maximum: more than you want) ok hshoexer@
2008-06-14Replace PBKDF2 implementation pulled in from vnconfig with oneDamien Miller
derived from Damien Bergamini's wpa-psk. This implementation is smaller, cleaner and uses the libc SHA1 functions instead of pulling in OpenSSL. make bioctl.c -Wall clean too Verified with rfc3962 test vectors and against a assembled cryptoraid; ok hshoexer@
2008-06-14finish djm@'s job of making mount_vnd -Wall clean, and mark this in theAlexander von Gernler
Makefile. ok djm@, "get the M's out of my tree" deraadt@
2008-06-14Move ike and flow peer selection to common function.Alexander Bluhm
No functional change yet. ok hshoexer
2008-06-14Update bioctl(8) and softraid(4) to recent changes and enable softraidHans-Joerg Hoexer
crypto. It's still considered experimental! ok djm marco
2008-06-14friendly error message when key decryption fails; ok hshoexer@Damien Miller
2008-06-13Implement pbkdf2 in in bioctl to derive master key from a passphrase.Hans-Joerg Hoexer
ok marco djm
2008-06-13-Wall friendly (missing "static", signed vs. unsigned comparison)Damien Miller
2008-06-13INADDR_PFSYNC_GROUP is defined as network byte order in the kernel butReyk Floeter
as host byte order in userland. ifconfig didn't get this and always printed the pfsync syncpeer on little endian machines because the check to prevent printing the default address assumed the wrong byte order. ok claudio@ rainer@
2008-06-12-d tweaks;Jason McIntyre
2008-06-12Initialize the tty in the same way for nmea and slip.Marc Balmer
2008-06-12Add blurb for delete volumeMarco Peereboom
2008-06-12Add delete volume functionality.Marco Peereboom
discussed with krw, kettenis & drahn ok hshoexer
2008-06-11Explicit flush stdout after printing the pty name when -p is used.Marc Balmer
found by ckuethe, help from otto.
2008-06-11trivial code simplificationAlexander Bluhm
tested and ok hshoexer, grunk
2008-06-11remove an ugly article;Jason McIntyre
2008-06-10reduce mem usage by about 20% by packing state and type of an inode in a singleOtto Moerbeek
byte. Original diff by drahn@; twists by me; ok millert@ thib@
2008-06-10Arguments to fifo commands were limited to 80 bytes. That is tooAlexander Bluhm
short for IPv6. Increase the buffer size from 80 to 200 where appropriate. For the M command a buffer for 10 bytes is sufficient. ok hshoexer@ mpf@ grunk@
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
into one 8 bit flags field. shrinks the state structure by 4 bytes on 32bit archs ryan ok
2008-06-10sleep if the slave device of the pty(4) is not connected.Marc Balmer
problem noticed by ckuethe, solution discussed with claudio
2008-06-10Fix implementation of IN6_IS_ADDR_FULL so that IPV6_ADDR is usedAlexander Bluhm
instead of IPV6_ADDR_SUBNET where appropriate. Then isakmpd has the same behaviour for IPv6 and IPv4. ok markus@
2008-06-10better take the size of the right table; found while tinkering with fsck_ffsOtto Moerbeek
by accident the buggy expression yields the same value.
2008-06-10print sizeofs using %zu; ok joris@Otto Moerbeek
2008-06-10in verbose mode indicate which states are sloppy, ryan reyk theoHenning Brauer
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
of the good one. ok theo ryan reyk
2008-06-10correctly setup the tty line for NMEA devices, especially turn off echoMarc Balmer
to the device. found by ckuethe, fixed and tested with ckuethe
2008-06-09Don't reverence slattach(8) or nmeaattach(8) in a comment.Marc Balmer
2008-06-09- move the "this app is deprecated" blurb to the start, where it's moreJason McIntyre
likely to be read - sort SEE ALSO
2008-06-09zap trailing whitespace;Jason McIntyre