Age | Commit message (Collapse) | Author |
|
ipsec.conf. The config created by isakmpd dynamically was different
from the config that ipsecctl generated out of ipsec.conf.
Both config formats are changed so that they match. One needs a
passive ike line and a require flow line with the same parameters
in the ipsec.conf. Then the acquire message generated by the kernel
will trigger isakmpd to generate a config that matches the one that
ipsecctl generated from the ike line.
ok hshoexer, 'sounds good' todd
|
|
of all possible addresses from DNS and not only the first one. So
during expansion, the right address family can be chosen and
regression test ike56 passes again. There localhost resolves to
127.0.0.1 and ::1.
ok hshoexer
|
|
rule, the current to address is taken as peer during expansion.
This makes the broken regress test ikefail7 obsolete as address
family mismatch cannot happen anymore.
ok hshoexer
|
|
OK deraadt, otto, krw.
|
|
and the state-related pf(4) ioctls, and make functions in state creation and
destruction paths more robust in error conditions.
All values in struct pfsync_state now in network byte order, as with pfsync.
testing by david
ok henning, systat parts ok canacar
|
|
|
|
Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.
OK deraadt@
|
|
OpenBSD area and change the 'p' command to only print the boundaries
and size of the OpenBSD area and the free space within that area.
Introduce a 'l' command to print the header only. With krw@; ok krw@
deraadt@; jmc@ for the man page bits
|
|
extended DOS partition. the concept of extended partitions is very
simple, it is just another mbr at the partition offset (well, the
standard "EBR" is a linked list with a few limitations, but this diff
works with both variants).
this diff has been in the snapshots for a while.
with input from weingart@ and krw@
ok deraadt@
|
|
options left of the old tuning list, and it makes sense to have one list
now
- document -T. this was requested by todd (fries), and comes largely from
the description in netbsd's page of the same name
ok millert otto
|
|
- tweak CAVEATS, as requested by marco
ok hshoexer marco
|
|
===================================================================
RCS file: /cvs/src/sbin/growfs/growfs.c,v
retrieving revision 1.23
diff -u -p -r1.23 growfs.c
--- src/sbin/growfs/growfs.c 5 Oct 2007 13:56:14 -0000 1.23
+++ src/sbin/growfs/growfs.c 4 Jun 2008 10:10:32 -0000
@@ -2227,7 +2227,7 @@ usage(void)
DBG_ENTER;
- fprintf(stderr, "usage: growfs [-Ny] [-s size] special\n");
+ fprintf(stderr, "usage: growfs [-Nqy] [-s size] special\n");
DBG_LEAVE;
exit(1);
|
|
a few bytes off the installation media filesystems.
|
|
the kernel to be deleted.
|
|
|
|
|
|
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4).
This is still work in progress. Tested with a HP ProCurve 3500.
OK reyk@
|
|
verification.
ok djm
|
|
even the unicast address of the remote carp peer. this especially
helps when the multicast carp advertisements are causing problems in
the network (some crappy switches don't do well with multicast), there
are conflicts with VRRP, or the policy of the network does not allow
multicast (most Internet eXchange points didn't allow carped OpenBGP
routers because of the multicast advertisements).
discussed with many
ok mpf@
|
|
able to distinguish cleanly an failing ioctl (ie. return value -1) from
trying to retrieve a KDF hint from a not yet initialized volume.
ok marco djm
|
|
to derive the password (minimum: 1000, maximum: more than you want)
ok hshoexer@
|
|
derived from Damien Bergamini's wpa-psk. This implementation is
smaller, cleaner and uses the libc SHA1 functions instead of
pulling in OpenSSL.
make bioctl.c -Wall clean too
Verified with rfc3962 test vectors and against a assembled cryptoraid;
ok hshoexer@
|
|
Makefile.
ok djm@, "get the M's out of my tree" deraadt@
|
|
No functional change yet.
ok hshoexer
|
|
crypto. It's still considered experimental!
ok djm marco
|
|
|
|
ok marco djm
|
|
|
|
as host byte order in userland. ifconfig didn't get this and always printed
the pfsync syncpeer on little endian machines because the check to prevent
printing the default address assumed the wrong byte order.
ok claudio@ rainer@
|
|
|
|
|
|
|
|
discussed with krw, kettenis & drahn
ok hshoexer
|
|
found by ckuethe, help from otto.
|
|
tested and ok hshoexer, grunk
|
|
|
|
byte. Original diff by drahn@; twists by me; ok millert@ thib@
|
|
short for IPv6. Increase the buffer size from 80 to 200 where
appropriate. For the M command a buffer for 10 bytes is sufficient.
ok hshoexer@ mpf@ grunk@
|
|
Use the 'counters' table option in pf.conf if you actually need them.
If enabled, memory is not allocated until packets match an address.
This saves about 40% memory if counters are not being used, and paves the way
for some more significant cleanups coming soon.
ok henning mpf deraadt
|
|
into one 8 bit flags field.
shrinks the state structure by 4 bytes on 32bit archs
ryan ok
|
|
problem noticed by ckuethe, solution discussed with claudio
|
|
instead of IPV6_ADDR_SUBNET where appropriate. Then isakmpd has
the same behaviour for IPv6 and IPv4.
ok markus@
|
|
by accident the buggy expression yields the same value.
|
|
|
|
|
|
of the good one. ok theo ryan reyk
|
|
to the device.
found by ckuethe, fixed and tested with ckuethe
|
|
|
|
likely to be read
- sort SEE ALSO
|
|
|