| Age | Commit message (Collapse) | Author |
|---|
|
from mikeb
|
|
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?
|
|
"total sectors" to "boundstart" and "boundend" in the list of fields
that are left alone during a RESTORE operation.
ok deraadt@
|
|
This ensures that all physical fields are filled in with current
values. Lack of values (boundstart, boundend in particular) noted
by ray@.
ok deraadt@
|
|
-v show" are called with the -v switch.
ok markus@
|
|
spotted by Mike Belopuhov.
|
|
id payloads as errors. Lets interop with strongSwan which sends
both IDi and IDr work again.
|
|
bsize boundary and the end fills up the last bsize chunk.
Don't change the start sector if it is the first sector of the
OpenBSD portion of the disk.
Don't attempt to align on SUN_CYLCHECK architectures. They are
attempting a different alignment.
This is an attempt to ensure that FFS i/o's are aligned for optimal
performance on newer disks that lie about their sector size.
|
|
the value 0 to one function call. Use 0 there, eliminate the
variable and the pointless verbose verbiage that always displayed
the same value.
ok deraadt@ matthew@
|
|
ok deraadt
|
|
This ensures that we reach the call to reboot(2) without being killed
by some other process. OK deraadt@ nicm@
|
|
config file.
|
|
|
|
|
|
|
|
|
|
reviewed by deraadt@
written by sthen@ who said i should commit it cos he was going to sleep.
|
|
|
|
"sure" marco@
|
|
|
|
large on very large filesystems; reported by Benny Lofgren; partly
from FreeBSD. ok deraadt@ beck@ millert@
|
|
version of his diff to tech@ committed);
|
|
OpenBSD MBR partition does not span from sector 1 after MBR partition
data is re-initialized.
written with lot of good advice from deraadt@ and jmc@
ok deraadt@
|
|
returning a magic value that is not even handled as such by the caller
ok krw@
|
|
|
|
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.
Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.
Written by claudio@, criticized^Wcritiqued by me
|
|
printing, both of inline anchors and when requested explicitly with a '*'
in the anchor.
- Correct recursive printing of wildcard anchors (recurse into child anchors
rather than rules, which don't exist)
- Print multi-part anchor paths correctly (pr6065)
- Fix comments and prevent users from specifying multi-component names for
inline anchors.
tested by phessler
ok henning
|
|
will be getting cleaned up soon.
ok henning
|
|
|
|
|
|
|
|
|
|
ok maja@
|
|
that value, print an error message and repost the question
ok krw@ deraadt@
|
|
E.g. if we have a /dev/wskbd1 keyboard1 will show up when doing a -a.
wsconsctl keyboard1 will now show you all variables for keyboard1.
feedback and ok miod@. -moj
|
|
ok mcbride
|
|
supported.
ok marco@
|
|
|
|
ok miod@. -moj
|
|
tell the kernel to send all IPsec traffic for derived SAs to the
specified enc(4) interface instead of enc0.
|
|
|
|
ok krw@ jsing@
|
|
block boundary. In most modern (i.e. 'faked' geometry) situations
this will start it at (0-based) block[64] rather than block[63] as
now. This should help performance on disks which really have 4K
sectors but report 512-byte sectors.
Power of 2 idea from deraadt@.
ok toby@ deraadt@
|
|
ok krw@
|
|
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.
manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@
|
|
alternative to X.509 CA verification. this will be needed to support public
key authentication like isakmpd does; a few bits are still missing.
|
|
the smaller implementation from iked that is using libcrypto instead.
This allows to remove a lot of code (which is always good), get rid of
some custom crypto code by using libcrypto, theoretically adds
support for many new MODP and EC2N/ECP modes (but it is not configurable
yet), and allows to share the dh.c/dh.h code in different codebases
(it is identical in isakmpd and iked, but could also be used elsewhere).
ok deraadt@
|
|
|
|
ok henning@ krw@
|
|
|
