| Age | Commit message (Collapse) | Author |
|---|
|
|
|
2) packet reassembly: only one method remains, full reassembly. crop
and drop-ovl are gone.
. set reassemble yes|no [no-df]
if no-df is given fragments (and only fragments!) with the df bit set
have it cleared before entering the fragment cache, and thus the
reassembled packet doesn't have df set either. it does NOT touch
non-fragmented packets.
3) regular rules can have scrub options.
. pass scrub(no-df, min-ttl 64, max-mss 1400, set-tos lowdelay)
. match scrub(reassemble tcp, random-id)
of course all options are optional. the individual options still do
what they used to do on scrub rules, but everything is stateful now.
4) match rules
"match" is a new action, just like pass and block are, and can be used
like they do. opposed to pass or block, they do NOT change the
pass/block state of a packet. i. e.
. pass
. match
passes the packet, and
. block
. match
blocks it.
Every time (!) a match rule matches, i. e. not only when it is the
last matching rule, the following actions are set:
-queue assignment. can be overwritten later, the last rule that set a
queue wins. note how this is different from the last matching rule
wins, if the last matching rule has no queue assignments and the
second last matching rule was a match rule with queue assignments,
these assignments are taken.
-rtable assignments. works the same as queue assignments.
-set-tos, min-ttl, max-mss, no-df, random-id, reassemble tcp, all work
like the above
-logging. every matching rule causes the packet to be logged. this
means a single packet can get logged more than once (think multiple log
interfaces with different receivers, like pflogd and spamlogd)
.
almost entirely hacked at n2k9 in basel, could not be committed close to
release. this really should have been multiple diffs, but splitting them
now is not feasible any more. input from mcbride and dlg, and frantzen
about the fragment handling.
speedup around 7% for the common case, the more the more scrub rules
were in use.
manpage not up to date, being worked on.
|
|
sectors at runtime instead of constantly converting the sector values
in the label to blocks. Adjust names accordingly. No functional change.
|
|
new labels.
|
|
will show as NTFS in fdisk output.
ok todd@ otto@ deraadt@
|
|
the way disklabel works; move it into DESCRIPTION
ok krw
|
|
ok deraadt@
|
|
and not DL_GETPSIZE().
|
|
allocations fails.
looks right deraadt, krw
ok henning
|
|
'c' from descriptions of d(elete) and z(ero) commands.
Feedback from jmc@
Slightly different version ok jmc@ deraadt@
|
|
switch the rtsocket message filter specification so you can or the macros
converting the routing socket message types into the mask used by the
filter. ie:
- ROUTE_SETFILTER(rtfilter, RTM_NEWADDR);
- ROUTE_SETFILTER(rtfilter, RTM_DELADDR);
- ROUTE_SETFILTER(rtfilter, RTM_IFINFO);
- ROUTE_SETFILTER(rtfilter, RTM_IFANNOUNCE);
+ rtfilter = ROUTE_FILTER(RTM_NEWADDR) | ROUTE_FILTER(RTM_DELADDR) |
+ ROUTE_FILTER(RTM_IFINFO) | ROUTE_FILTER(RTM_IFANNOUNCE);
there's a manpage change coming.
ok claudio@
|
|
boot loaders and update list of NUMBOOT>0 archs.
ok deraadt@
|
|
a.k.a. '-E'.
Feedback from otto@ jmc@
|
|
Prodded by & ok jmc@
|
|
Prodded by & ok jmc@
|
|
- clarify the terms geometry sectors field and start field
- change the fdisk prompt from 0 to 1, and explain its meaning
- temper CAVEATS: the note is "common practice", not mandatory
from nick and myself
|
|
|
|
ok krw@
|
|
expectation that -R will read the output of disklabel. I suspect we
will find another way to do this; ok otto
|
|
|
|
|
|
display the partition info by default as is done in the E(ditor). The
physical info is now only displayed if '-v' is specified.
ok deraadt@
|
|
when entering E(ditor) mode. Clean up 'u' code and make more effort
to keep label and mountpoint info in sync. Makes 'u' undo-able so
those with vi fingers can apply and revert changes (with perhaps a
'p' or two in between) to validate changes.
'U' suggested by deraadt@.
ok deraadt@
|
|
|
|
|
|
used instead, ok krw jmc
|
|
of concern so BUGS need not mention it. The other BUGS are also now
irrelevant or not bugs at all. So delete entire BUGS section. Also
tweak a bit of verbiage.
ok deraadt@
|
|
include /usr/src and /usr/obj plus some tweaks; ok deraadt@ krw@
|
|
ok otto@ beck@
|
|
feedback/ok krw
|
|
|
|
|
|
on disks without an existing label. The 'A' command allocates all space
on the disk into a reasonable partition scheme for a root disk.
Feedback from several, time to work on it in-tree.
Prodded (repeatedly) by and ok deraadt@
|
|
|
|
|
|
it is sufficient to zero the first megabyte of the disk, not the whole
disk.
ok marco@ mpf@ rainer@ jmc@
|
|
way it has already been done for ICMPv4.
ok mcbride@
|
|
ok miod@
|
|
Log the packets before checking the client state. Makes it easy to
find MACs for 'surprise' DHCP servers.
Positive comments from mbalmer@, jasper@.
|
|
|
|
looked at post-release -- out of time for these kinds of problems
david@ says: pfopt6 and f91.ok; pfopt6 change looks ok, but pf91 is
of concern.
|
|
diff from Mitja Mu?eni?
ok marco
|
|
|
|
first two terms so ifi is checked first.
|
|
|
|
Tested by many, thanks.
Put it in" deraadt@
|
|
by damien;
|
|
the mailing lists two weeks ago, and completely ignored I guess.
|
|
bsize fields for UNUSED partitions. '-R' already skipped processing
these fields for such partitions. Eliminates an XXX.
ok deraadt, "makes sense" miod@
|
|
networks in the wpapsk section of the page.
ok deraadt@ henning@
|
