summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2004-12-11A compare function for heapsort(3) should not just subtract twoOtto Moerbeek
offsets, it does not work if the difference is large. Problem found by Jean-Gerard Pailloncyi who had false warnings of overlapping partitions. ok millert@ tedu@
2004-12-10allow pf to filter on route labelsHenning Brauer
pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan
2004-12-10check msg->isakmp_sa != NULL before the transport gets updated; ok hshoexerMarkus Friedl
2004-12-081. allow up to DPD_RETRANS_MAX retransmitted R_U_THERE messages.Markus Friedl
2. reset dpd_failcount when switching to DPD_TIMER_NORMAL. 3. ignore DPD timeouts on SAs that are marked SA_FLAG_REPLACED. ok hshoexer, ho
2004-12-08NAT/T: replace the isakmpd SA transport with the transport from theMarkus Friedl
message (only during phase 1). this avoids DPD messages to the 'wrong' port. ok hshoexer
2004-12-08Add "'overload' requires 'max-src-conn' or 'max-src-conn-rate'" sanity check,Ryan Thomas McBride
fix some cut-n-paste mayhem in other related checks.
2004-12-07space between macro arg and punctuation;Jason McIntyre
2004-12-07Document 'carpdev'Ryan Thomas McBride
2004-12-07Add the 'carpdev' option, to set the carp devices physical interface.Ryan Thomas McBride
If not specified, the kernel will attempt to select the correct interface by the subnet (this is the current behaviour). ok deraadt@ henning@
2004-12-07KNFRyan Thomas McBride
2004-12-07re-commit mcbride@'s 'flush global', this time without the breakage inDaniel Hartmeier
pfvar.h. builds kernel and userland.
2004-12-07note that -a is the default if no params given;Jason McIntyre
`interface' is now optional;
2004-12-07real backoutTheo de Raadt
2004-12-07oops, incomplete backoutTheo de Raadt
2004-12-07tree does not compile, spotted by dlg (not obvious how to fix)Theo de Raadt
---- Change the default for 'overload <table> flush' to flush only states from the offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
2004-12-07Change the default for 'overload <table> flush' to flush only states from theRyan Thomas McBride
offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
2004-12-07default to interface printing, instead of help message. any illegal -Theo de Raadt
option goes to usage. initial work by ian, changed by me, ok mcbride
2004-12-06RFC2409 mandates min and max nonce lengths. hshoexer@ ok.Hakan Olsson
2004-12-05extend window of "ignoring route messages on the socket" for 10 secondsTheo de Raadt
instead of 3.
2004-12-05initialize $$->tail and $$->next for MAXSRCCONNRATEDaniel Hartmeier
2004-12-04Userland support for limiting open tcp connections per source. eg:Ryan Thomas McBride
keep state (max-src-conn 1000, max-src-conn-rate 100/10, overflow <bad> flush) allow a maximum of 1000 open connections or 100 new connections in 10 seconds. The addresses of offenders are added to the <bad> table which can be used in the ruleset, and existing states from that host are flushed. ok deraadt@ dhartmei@
2004-12-02Default to A/UX partition type for OpenBSD newly created partitions on mac68k.Miod Vallat
ok drahn@
2004-12-01not all interfaces support mtu setting;Jason McIntyre
ok tdeval@ miod@ nick@
2004-12-01add pppoe stuff to usage();Jason McIntyre
ok jaredy@
2004-12-01- sort optionsJason McIntyre
- tweak pppoe stuff - add pppoe to `create' list ok canacar@ jaredy@
2004-11-29Spell precede correctly.Jonathan Gray
'looks fine' millert@, krw@. ok jmc@
2004-11-28In kernel pppoe client, a simple IPv4 only implementation.Can Erkin Acar
Initial porting from NetBSD by David Berghoff. Modified/simplified to match our sppp implementation. ok deraadt@
2004-11-281 inode per 8192 bytes nowTed Unangst
2004-11-26implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreeMarkus Friedl
and use sysctl for 'ipsecadm show'; ok deraadt
2004-11-25off by one in err()Markus Friedl
2004-11-25Ignore 0.0.0.0 in RTM_NEWADDR messages as these messages are generated byClaudio Jeker
dhclient. This fixes the dhclient exiting problem reported by Steve Shockley. This is a fast fix for the problem acctually the dhclient-script needs to be replaced. OK henning@ deraadt@
2004-11-24replace old net/if_ieee80211.h header with the net80211 ones, userland part.Federico G. Schwindt
millert@ mcbride@ jsg@
2004-11-24typo in previousIan Darwin
2004-11-24kernfs caveats, ok deraadt@Ian Darwin
2004-11-23tweaks;Jason McIntyre
ok damien@
2004-11-22use the filesystem based firmware loader; ok deraadt@Damien Bergamini
2004-11-21tweaks;Jason McIntyre
ok damien@
2004-11-19repair display.focus pokus; from janjaap@ in pr#3990Michael Shalayeff
2004-11-18use the filesystem based firmware loader; deraadt okDamien Bergamini
2004-11-18use hash and not hmac to calculate NAT-D payloads. Also add NAT-D payload forHans-Joerg Hoexer
the destination address first. Remove support for obsolete V1 NAT-T. This fixes interoperability problems with non-openbsd isakmpd implementations. "looks good" ho@, ok markus@ for hash/hmac testing by various people (thanks!)
2004-11-17remove NI_WITHSCOPEID (which is not standard)Jun-ichiro itojun Hagino
2004-11-13Let mount -a mount mfs systems shadowing a disk partition, if disklabel reportsMiod Vallat
the partition type as ffs. Makes people's life easier on platforms where disklabel does not record partition types and hardcodes values for them, such as sparc and sparc64. ok otto@
2004-11-10Use ${STATIC} rather than -static (dont hardcode). ok miod@Dale Rahn
2004-11-100xBF is new Solaris ID; lclee@west.sun.comTheo de Raadt
2004-11-09do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.hDaniel Hartmeier
reported by Alexey E. Suslikov, ok henning@
2004-11-08rename char array realpath to pathreal to avoid naming conflict withHans-Joerg Hoexer
realpath(3); makes lint a bit happier ok ho@
2004-11-08more monitor cleanup:Hans-Joerg Hoexer
remove dead code, some debug messages, prototype monitor_close() to void. ok ho@
2004-11-08no const for sysdep_sa_len (not yet), slipped in during previous commit...Hans-Joerg Hoexer
2004-11-08monitor cleanup: honor const, added missing inlcude, missing typecast (makesHans-Joerg Hoexer
lint happy) ok ho@
2004-11-08make lint happy and honor const.Hans-Joerg Hoexer
ok ho@