summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2008-06-21Fix "-T expire"; clear pfra_fback on addresses before sending them back toRyan Thomas McBride
the kernel to be deleted.
2008-06-15put carppeer in the right place;Jason McIntyre
2008-06-15fix usage();Jason McIntyre
2008-06-15Add 802.3ad LACP support for trunk(4).Marco Pfatschbacher
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4). This is still work in progress. Tested with a HP ProCurve 3500. OK reyk@
2008-06-15When generating a new volume, ask the user to re-type the passphrase forHans-Joerg Hoexer
verification. ok djm
2008-06-14add carppeer; an option to specify a different multicast address orReyk Floeter
even the unicast address of the remote carp peer. this especially helps when the multicast carp advertisements are causing problems in the network (some crappy switches don't do well with multicast), there are conflicts with VRRP, or the policy of the network does not allow multicast (most Internet eXchange points didn't allow carped OpenBGP routers because of the multicast advertisements). discussed with many ok mpf@
2008-06-14Provide a status field for operations on the bc_opaque data. Now we'reHans-Joerg Hoexer
able to distinguish cleanly an failing ioctl (ie. return value -1) from trying to retrieve a KDF hint from a not yet initialized volume. ok marco djm
2008-06-14add a -r option to specify the number of PKCS5 PBKDF2 iterations usedDamien Miller
to derive the password (minimum: 1000, maximum: more than you want) ok hshoexer@
2008-06-14Replace PBKDF2 implementation pulled in from vnconfig with oneDamien Miller
derived from Damien Bergamini's wpa-psk. This implementation is smaller, cleaner and uses the libc SHA1 functions instead of pulling in OpenSSL. make bioctl.c -Wall clean too Verified with rfc3962 test vectors and against a assembled cryptoraid; ok hshoexer@
2008-06-14finish djm@'s job of making mount_vnd -Wall clean, and mark this in theAlexander von Gernler
Makefile. ok djm@, "get the M's out of my tree" deraadt@
2008-06-14Move ike and flow peer selection to common function.Alexander Bluhm
No functional change yet. ok hshoexer
2008-06-14Update bioctl(8) and softraid(4) to recent changes and enable softraidHans-Joerg Hoexer
crypto. It's still considered experimental! ok djm marco
2008-06-14friendly error message when key decryption fails; ok hshoexer@Damien Miller
2008-06-13Implement pbkdf2 in in bioctl to derive master key from a passphrase.Hans-Joerg Hoexer
ok marco djm
2008-06-13-Wall friendly (missing "static", signed vs. unsigned comparison)Damien Miller
2008-06-13INADDR_PFSYNC_GROUP is defined as network byte order in the kernel butReyk Floeter
as host byte order in userland. ifconfig didn't get this and always printed the pfsync syncpeer on little endian machines because the check to prevent printing the default address assumed the wrong byte order. ok claudio@ rainer@
2008-06-12-d tweaks;Jason McIntyre
2008-06-12Initialize the tty in the same way for nmea and slip.Marc Balmer
2008-06-12Add blurb for delete volumeMarco Peereboom
2008-06-12Add delete volume functionality.Marco Peereboom
discussed with krw, kettenis & drahn ok hshoexer
2008-06-11Explicit flush stdout after printing the pty name when -p is used.Marc Balmer
found by ckuethe, help from otto.
2008-06-11trivial code simplificationAlexander Bluhm
tested and ok hshoexer, grunk
2008-06-11remove an ugly article;Jason McIntyre
2008-06-10reduce mem usage by about 20% by packing state and type of an inode in a singleOtto Moerbeek
byte. Original diff by drahn@; twists by me; ok millert@ thib@
2008-06-10Arguments to fifo commands were limited to 80 bytes. That is tooAlexander Bluhm
short for IPv6. Increase the buffer size from 80 to 200 where appropriate. For the M command a buffer for 10 bytes is sufficient. ok hshoexer@ mpf@ grunk@
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
into one 8 bit flags field. shrinks the state structure by 4 bytes on 32bit archs ryan ok
2008-06-10sleep if the slave device of the pty(4) is not connected.Marc Balmer
problem noticed by ckuethe, solution discussed with claudio
2008-06-10Fix implementation of IN6_IS_ADDR_FULL so that IPV6_ADDR is usedAlexander Bluhm
instead of IPV6_ADDR_SUBNET where appropriate. Then isakmpd has the same behaviour for IPv6 and IPv4. ok markus@
2008-06-10better take the size of the right table; found while tinkering with fsck_ffsOtto Moerbeek
by accident the buggy expression yields the same value.
2008-06-10print sizeofs using %zu; ok joris@Otto Moerbeek
2008-06-10in verbose mode indicate which states are sloppy, ryan reyk theoHenning Brauer
2008-06-10new state option "sloppy" to use the sloppy tcp state tracker insteadHenning Brauer
of the good one. ok theo ryan reyk
2008-06-10correctly setup the tty line for NMEA devices, especially turn off echoMarc Balmer
to the device. found by ckuethe, fixed and tested with ckuethe
2008-06-09Don't reverence slattach(8) or nmeaattach(8) in a comment.Marc Balmer
2008-06-09- move the "this app is deprecated" blurb to the start, where it's moreJason McIntyre
likely to be read - sort SEE ALSO
2008-06-09zap trailing whitespace;Jason McIntyre
2008-06-09Remove nmeaattch(8), which is superseeded by ldattach(8).Marc Balmer
ok deraadt
2008-06-09nmeaattach(8) is now deprecated. Use ldattach(8) instead.Marc Balmer
2008-06-09slattach(8) is now deprecated. Use ldattach(8) instead.Marc Balmer
2008-06-09The new newfs(8) code causes alternate superblocks to end up inOtto Moerbeek
different locations than before. Actually, the disklabel does not contain enough info to completely reconstruct the locations of all alternate sb's. So use a hardcoded list of all possible 1st alternate sb locations, but don't forget to verify against the label. ok millert@ thib@
2008-06-09Add the '-p' option to ldattach(8) to pass data received from the deviceMarc Balmer
to the master device of a pty(4) pair. The name of the slave device is written to standard output. This is useful for applications like e.g. gpsd from the misc/gpsd port that also use the serial data stream (e.g. nmea(4) as a time source and gpsd to get at positional data). help and ok deraadt, makes ckuethe happy.
2008-06-08fix generated size for -m; bug report by Peter J. Philipp; ok millert@Otto Moerbeek
deraadt@
2008-06-07stop spurious "got link" which nooone noticed, but everyone should have; ok krwTheo de Raadt
2008-06-04warnx already prepends string with a colon, no need to manually add oneTobias Stoeckmann
here. ok millert, otto
2008-06-04setbootflag() must be done before checksum'ing the label. Bug introducedTheo de Raadt
in 1.126, found by nick during a test install; ok krw
2008-06-03fix some spacing issues;Jason McIntyre
2008-06-01synchronize synopsis and usage.Igor Sobrado
2008-05-31add hfs+ type. deraadt@ okFederico G. Schwindt
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
- Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs.