| Age | Commit message (Collapse) | Author |
|---|
|
exponentially backed off initial_interval. Don't hallucinate that
we can send ARP packets without waiting. Don't claim to be waiting
for ARP packets when not doing so. Correctly detect expiry of
selecting period. Speeds up negotiations.
Tested on various dhcp servers by Martin Pelika, ian@, and David
Coppa. And works at Starbucks and a mall for me.
|
|
|
|
ten, seconds. Use words not numerals consistently when naming
various timing values. Tweak one clumsy sentence.
|
|
ok claudio@
|
|
change that, but let's keep it consistent;
ok stsp
|
|
|
|
ok deraadt
|
|
so use daddr32_t
ok jasper
|
|
in libkvm with the stable-ABI versions that are currently named
KERN_PROC2, kvm_get{proc,argv,envv}2(). The latter names and symbols
will continue to be supported for a few releases.
Committing now that they ports people have had a couple releases
to update pkgs that usd the old functions
|
|
available partitions (e.g. many spoofed logical partitions) try
the next scheme rather than giving up.
"sane" deraadt@ ok matthew@
|
|
was received and what was sent out and print additional information
explaining payload size differences.
Issue was found by reyk, debugged by jsg and me with an input from
claudio (who found out that initial version breaks -w) and bluhm
(who advised to notify a user). Ok bluhm and deraadt on the
previous version of the diff. Lots of history for a one-liner :)
|
|
|
|
either explicitly
or implicitly, update the start and end sector of the OpenBSD area in the
disklabel with DL_SEBEND/DL_SETBSTART. Otherwise the new bounds would not be
saved to disk.
ok miod@ deraadt@
|
|
"rdomain", "description", etc. so that the ifconfig on ramdisk is able
to parse hostname.if files on updates.
OK deraadt@
|
|
makes yet another utility honor DUID's
ok jsing@ miod@ deraadt@
|
|
did not successfully read. Tweak some casts.
Fixes infinite loop problem noted by jeremy@ while installing on
boxen with 'random' garbage in MBR. General loop detection may
follow post-4.9.
Tested by jeremy@ and ok miod@
|
|
of the partition info around to confuse disklabel, newfs, fsck, etc.
From Pedro Martelletto.
ok miod@
|
|
ok henning jmc miod
|
|
ok henning claudio miod
|
|
routing domain.
While here, update comment on what the ioctl is used for (from sthen@).
OK mikeb@, sthen@
|
|
from "maurice"
|
|
|
|
from the PFKEY socket. This is needed for sasyncd.
ok mikeb@
|
|
when there's no sa established (as pointed out by reyk). instead
use require mode feature to send acquires from the kernel. this
allows us to get rid of the code that changes flow mode to acquire
and keep all installed flows in the tree and save up on some code
that deals with renegotiation. also several entities were renamed
(iked_acqflows -> iked_activeflows, iked_ipsecsas -> iked_activesas,
ikev2_acquire -> ikev2_acquire_sa). ok reyk
|
|
all the preparation steps. don't forget to change {flow,csa}_ikesa
pointers when transefing to a different ike sa. ok reyk
|
|
|
|
|
|
"no priority" priority named "none". This makes 'pfctl -x none'
equivalent to 'pfctl -x crit'.
ok mcbride@ henning@
|
|
|
|
ok mikeb@
|
|
to $peernet" and not depending on the initiator/responder mode.
- Remove the flow hash calculated but not used anymore.
ok mikeb@
|
|
ok mikeb@
|
|
ok mikeb@
|
|
ok mikeb@
|
|
|
|
use the last matching semantics of PF. The previous rbtree-based
implementation was broken and tried to do a longest prefix match. But
instead of prefix match and using radix-trees to fix it I decided with
mikeb@ to implement it as last matching policy evaluation. The last
matching policy wins; the "quick" keyword can enforce first matching;
additional keywords like "skip" are specific to iked(8). See
iked.conf(5) for more details.
The implementation also uses skip steps based on PF's code. It
significantly speeds up the evaluation of many policies but also adds
a little delay when loading them (only noticeable with thousands of
policies). This allows iked(8) to scale well with thousands of
configured policies but I also liked the fact to have skip steps in
another piece of code.
ok dhartmei@ for using his skip step code under the ISC license in policy.c
ok mikeb@, jmc@
|
|
prevent a possible crash.
ok mikeb@
|
|
to do exact matches; ok reyk
|
|
|
|
to drop Child SA based on the inactivity timer. In this case we instruct
the kernel to send us an acquire message upon receiving a packet for those
hosts and initiate a Child SA creation exchange ourselves.
ok reyk
|
|
|
|
just dropping them; ok reyk
|
|
|
|
|
|
|
|
no-df, random-id, set-tos for IPv6 rules. Check this in pfctl and
document it in pf.conf(5).
ok henning@ jmc@
|
|
ok jsing@ (who also pointed out a DPADD tweak missing from my diff)
|
|
|
|
|
|
|
