Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-06-21 | Fix "-T expire"; clear pfra_fback on addresses before sending them back to | Ryan Thomas McBride | |
the kernel to be deleted. | |||
2008-06-15 | put carppeer in the right place; | Jason McIntyre | |
2008-06-15 | fix usage(); | Jason McIntyre | |
2008-06-15 | Add 802.3ad LACP support for trunk(4). | Marco Pfatschbacher | |
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4). This is still work in progress. Tested with a HP ProCurve 3500. OK reyk@ | |||
2008-06-15 | When generating a new volume, ask the user to re-type the passphrase for | Hans-Joerg Hoexer | |
verification. ok djm | |||
2008-06-14 | add carppeer; an option to specify a different multicast address or | Reyk Floeter | |
even the unicast address of the remote carp peer. this especially helps when the multicast carp advertisements are causing problems in the network (some crappy switches don't do well with multicast), there are conflicts with VRRP, or the policy of the network does not allow multicast (most Internet eXchange points didn't allow carped OpenBGP routers because of the multicast advertisements). discussed with many ok mpf@ | |||
2008-06-14 | Provide a status field for operations on the bc_opaque data. Now we're | Hans-Joerg Hoexer | |
able to distinguish cleanly an failing ioctl (ie. return value -1) from trying to retrieve a KDF hint from a not yet initialized volume. ok marco djm | |||
2008-06-14 | add a -r option to specify the number of PKCS5 PBKDF2 iterations used | Damien Miller | |
to derive the password (minimum: 1000, maximum: more than you want) ok hshoexer@ | |||
2008-06-14 | Replace PBKDF2 implementation pulled in from vnconfig with one | Damien Miller | |
derived from Damien Bergamini's wpa-psk. This implementation is smaller, cleaner and uses the libc SHA1 functions instead of pulling in OpenSSL. make bioctl.c -Wall clean too Verified with rfc3962 test vectors and against a assembled cryptoraid; ok hshoexer@ | |||
2008-06-14 | finish djm@'s job of making mount_vnd -Wall clean, and mark this in the | Alexander von Gernler | |
Makefile. ok djm@, "get the M's out of my tree" deraadt@ | |||
2008-06-14 | Move ike and flow peer selection to common function. | Alexander Bluhm | |
No functional change yet. ok hshoexer | |||
2008-06-14 | Update bioctl(8) and softraid(4) to recent changes and enable softraid | Hans-Joerg Hoexer | |
crypto. It's still considered experimental! ok djm marco | |||
2008-06-14 | friendly error message when key decryption fails; ok hshoexer@ | Damien Miller | |
2008-06-13 | Implement pbkdf2 in in bioctl to derive master key from a passphrase. | Hans-Joerg Hoexer | |
ok marco djm | |||
2008-06-13 | -Wall friendly (missing "static", signed vs. unsigned comparison) | Damien Miller | |
2008-06-13 | INADDR_PFSYNC_GROUP is defined as network byte order in the kernel but | Reyk Floeter | |
as host byte order in userland. ifconfig didn't get this and always printed the pfsync syncpeer on little endian machines because the check to prevent printing the default address assumed the wrong byte order. ok claudio@ rainer@ | |||
2008-06-12 | -d tweaks; | Jason McIntyre | |
2008-06-12 | Initialize the tty in the same way for nmea and slip. | Marc Balmer | |
2008-06-12 | Add blurb for delete volume | Marco Peereboom | |
2008-06-12 | Add delete volume functionality. | Marco Peereboom | |
discussed with krw, kettenis & drahn ok hshoexer | |||
2008-06-11 | Explicit flush stdout after printing the pty name when -p is used. | Marc Balmer | |
found by ckuethe, help from otto. | |||
2008-06-11 | trivial code simplification | Alexander Bluhm | |
tested and ok hshoexer, grunk | |||
2008-06-11 | remove an ugly article; | Jason McIntyre | |
2008-06-10 | reduce mem usage by about 20% by packing state and type of an inode in a single | Otto Moerbeek | |
byte. Original diff by drahn@; twists by me; ok millert@ thib@ | |||
2008-06-10 | Arguments to fifo commands were limited to 80 bytes. That is too | Alexander Bluhm | |
short for IPv6. Increase the buffer size from 80 to 200 where appropriate. For the M command a buffer for 10 bytes is sufficient. ok hshoexer@ mpf@ grunk@ | |||
2008-06-10 | Make counters on table addresses optional and disabled by default. | Ryan Thomas McBride | |
Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt | |||
2008-06-10 | save somespace in the state by collapsing two 8 bit ints used as booleans | Henning Brauer | |
into one 8 bit flags field. shrinks the state structure by 4 bytes on 32bit archs ryan ok | |||
2008-06-10 | sleep if the slave device of the pty(4) is not connected. | Marc Balmer | |
problem noticed by ckuethe, solution discussed with claudio | |||
2008-06-10 | Fix implementation of IN6_IS_ADDR_FULL so that IPV6_ADDR is used | Alexander Bluhm | |
instead of IPV6_ADDR_SUBNET where appropriate. Then isakmpd has the same behaviour for IPv6 and IPv4. ok markus@ | |||
2008-06-10 | better take the size of the right table; found while tinkering with fsck_ffs | Otto Moerbeek | |
by accident the buggy expression yields the same value. | |||
2008-06-10 | print sizeofs using %zu; ok joris@ | Otto Moerbeek | |
2008-06-10 | in verbose mode indicate which states are sloppy, ryan reyk theo | Henning Brauer | |
2008-06-10 | new state option "sloppy" to use the sloppy tcp state tracker instead | Henning Brauer | |
of the good one. ok theo ryan reyk | |||
2008-06-10 | correctly setup the tty line for NMEA devices, especially turn off echo | Marc Balmer | |
to the device. found by ckuethe, fixed and tested with ckuethe | |||
2008-06-09 | Don't reverence slattach(8) or nmeaattach(8) in a comment. | Marc Balmer | |
2008-06-09 | - move the "this app is deprecated" blurb to the start, where it's more | Jason McIntyre | |
likely to be read - sort SEE ALSO | |||
2008-06-09 | zap trailing whitespace; | Jason McIntyre | |
2008-06-09 | Remove nmeaattch(8), which is superseeded by ldattach(8). | Marc Balmer | |
ok deraadt | |||
2008-06-09 | nmeaattach(8) is now deprecated. Use ldattach(8) instead. | Marc Balmer | |
2008-06-09 | slattach(8) is now deprecated. Use ldattach(8) instead. | Marc Balmer | |
2008-06-09 | The new newfs(8) code causes alternate superblocks to end up in | Otto Moerbeek | |
different locations than before. Actually, the disklabel does not contain enough info to completely reconstruct the locations of all alternate sb's. So use a hardcoded list of all possible 1st alternate sb locations, but don't forget to verify against the label. ok millert@ thib@ | |||
2008-06-09 | Add the '-p' option to ldattach(8) to pass data received from the device | Marc Balmer | |
to the master device of a pty(4) pair. The name of the slave device is written to standard output. This is useful for applications like e.g. gpsd from the misc/gpsd port that also use the serial data stream (e.g. nmea(4) as a time source and gpsd to get at positional data). help and ok deraadt, makes ckuethe happy. | |||
2008-06-08 | fix generated size for -m; bug report by Peter J. Philipp; ok millert@ | Otto Moerbeek | |
deraadt@ | |||
2008-06-07 | stop spurious "got link" which nooone noticed, but everyone should have; ok krw | Theo de Raadt | |
2008-06-04 | warnx already prepends string with a colon, no need to manually add one | Tobias Stoeckmann | |
here. ok millert, otto | |||
2008-06-04 | setbootflag() must be done before checksum'ing the label. Bug introduced | Theo de Raadt | |
in 1.126, found by nick during a test install; ok krw | |||
2008-06-03 | fix some spacing issues; | Jason McIntyre | |
2008-06-01 | synchronize synopsis and usage. | Igor Sobrado | |
2008-05-31 | add hfs+ type. deraadt@ ok | Federico G. Schwindt | |
2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride | |
- Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs. |