summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2011-04-13print flags in hex; from hshoexer@; ok mikeb@ mpf@Markus Friedl
2011-04-12Make mount work when the special is provided as a DUID.Joel Sing
Diff from Alexander Polakov. ok phessler@
2011-04-09We are incorrectly processing option 33 (static route), treatingKenneth R Westerback
is as a host route rather than a classful network route. Too much trouble to fix such an obsolete feature, so ignore option 33 info.
2011-04-06Userland bits to allow PF to filter on the rdomain a packet belongs to.Claudio Jeker
This allows to write rules like "pass in on rdomain 1". Tested by phessler@, OK henning@
2011-04-06Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'Miod Vallat
for chars.
2011-04-05Remove portalfs.Thordur I. Bjornsson
While it is a terribly cool idea, it's just awful and since noone has stepped up to the plate to keep it up with the current vop state, retire it to the attic. ok krw@, deraadt@, guenther@, miod@. comments from jmc@
2011-04-05ditch fastroute, an ipf feature that made its way into pf beforeMike Belopuhov
route-to and friends were introduced making it obsolete. one even has to look it up int the ipf manual to get and idea what it's supposed to do. reuse some kernel bits for the upcoming nat64 stuff. "kill it with fire" from mcbride, "what mcbride said" from mpf, "kill kill kill" and ok henning.
2011-04-04give more space when printing volumes to allow softraid0 to fitjoshua stein
ok marco@
2011-04-04no reason not to let msdosfs mount async, from Alexander PolakovTed Unangst
2011-04-04route(8) has a -q option. No need for all this >/dev/null 2>&1Kenneth R Westerback
stuff.
2011-04-04Align man page with current reality.Kenneth R Westerback
2011-04-04Stray '$medium' missed in last commit.Kenneth R Westerback
2011-04-04Dump some useless calls to dhclient-script. i.e. MEDIUM, PREINIT,Kenneth R Westerback
ARPSEND, ARPCHECK. Drop support for 'media', 'medium' and 'alias' specifications in dhclient.conf. Old leases still parse but these options now have no effect. Be more polite and decline all offers we don't accept. Fix a IMSG length check. Many expressions of support at various bars. ok henning@ deraadt@ beck@
2011-03-31these days, newfs creates one inode per 4 fragments, rather than one per 8KB,Stuart Henderson
this lets it adapt to large filesystems (disklabel -E automatically increases fragment and block size for these). ok otto@
2011-03-27Fix interval handling. Start at initial_interval instead ofKenneth R Westerback
exponentially backed off initial_interval. Don't hallucinate that we can send ARP packets without waiting. Don't claim to be waiting for ARP packets when not doing so. Correctly detect expiry of selecting period. Speeds up negotiations. Tested on various dhcp servers by Martin Pelika, ian@, and David Coppa. And works at Starbucks and a mall for me.
2011-03-27new sentence, new line;Jason McIntyre
2011-03-26Correct described default for initial-interval. It is three, notKenneth R Westerback
ten, seconds. Use words not numerals consistently when naming various timing values. Tweak one clumsy sentence.
2011-03-23use the define for max rdomain with tunneldomain as wellJonathan Gray
ok claudio@
2011-03-13consistently use "Wake on LAN (WoL)"; i don;t care if anyone wants toJason McIntyre
change that, but let's keep it consistent; ok stsp
2011-03-13s/can be/are/ in previous; from jmcStefan Sperling
2011-03-13Add a way to enable/disable Wake On LAN with ifconfig.Stefan Sperling
ok deraadt
2011-03-12These utilities can currently only operate with a 32-bit block number range,Theo de Raadt
so use daddr32_t ok jasper
2011-03-12Replace the old, broken KERN_PROC ABI and its matching functionsPhilip Guenthe
in libkvm with the stable-ABI versions that are currently named KERN_PROC2, kvm_get{proc,argv,envv}2(). The latter names and symbols will continue to be supported for a few releases. Committing now that they ports people have had a couple releases to update pkgs that usd the old functions
2011-03-05If an auto-allocation scheme fails because there are not enoughKenneth R Westerback
available partitions (e.g. many spoofed logical partitions) try the next scheme rather than giving up. "sane" deraadt@ ok matthew@
2011-03-03This change makes ping compare minimum amount of bytes between whatMike Belopuhov
was received and what was sent out and print additional information explaining payload size differences. Issue was found by reyk, debugged by jsg and me with an input from claudio (who found out that initial version breaks -w) and bluhm (who advised to notify a user). Ok bluhm and deraadt on the previous version of the diff. Lots of history for a one-liner :)
2011-03-02no need for a separate NOTES section; ok henningJason McIntyre
2011-03-02Every time the user updates the bounds of the OpenBSD area of the disk, ↵Kenneth R Westerback
either explicitly or implicitly, update the start and end sector of the OpenBSD area in the disklabel with DL_SEBEND/DL_SETBSTART. Otherwise the new bounds would not be saved to disk. ok miod@ deraadt@
2011-03-01Introduce a dummy function in the SMALL case to digest arguments likeClaudio Jeker
"rdomain", "description", etc. so that the ifconfig on ramdisk is able to parse hostname.if files on updates. OK deraadt@
2011-02-28switch open(...) to opendev(...)Alexander Hall
makes yet another utility honor DUID's ok jsing@ miod@ deraadt@
2011-02-21Honour MBR_read() results and don't pretend we can parse blocks weKenneth R Westerback
did not successfully read. Tweak some casts. Fixes infinite loop problem noted by jeremy@ while installing on boxen with 'random' garbage in MBR. General loop detection may follow post-4.9. Tested by jeremy@ and ok miod@
2011-02-19If the user screws up adding a partition, don't keep partial bitsKenneth R Westerback
of the partition info around to confuse disklabel, newfs, fsck, etc. From Pedro Martelletto. ok miod@
2011-02-17Clarify that ifconfig tries to show interface groups before type "groups".Camiel Dobbelaar
ok henning jmc miod
2011-02-170-4095 inclusive is the correct (12 bit) vlan rangeCamiel Dobbelaar
ok henning claudio miod
2011-02-03When binding to addresses, ignore any IP address not in the currentPeter Hessler
routing domain. While here, update comment on what the ioctl is used for (from sthen@). OK mikeb@, sthen@
2011-01-29no need for fopen, when opendev gives us a perfectly good fd.Ted Unangst
from "maurice"
2011-01-28improve behavior of drop_sa: always negotiating a new child sa; ok reykMike Belopuhov
2011-01-26Don't initiate any connections in passive mode, not even for ACQUIRE messagesReyk Floeter
from the PFKEY socket. This is needed for sasyncd. ok mikeb@
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
when there's no sa established (as pointed out by reyk). instead use require mode feature to send acquires from the kernel. this allows us to get rid of the code that changes flow mode to acquire and keep all installed flows in the tree and save up on some code that deals with renegotiation. also several entities were renamed (iked_acqflows -> iked_activeflows, iked_ipsecsas -> iked_activesas, ikev2_acquire -> ikev2_acquire_sa). ok reyk
2011-01-26enable child sas and do sa and flow transfer after succeeding withMike Belopuhov
all the preparation steps. don't forget to change {flow,csa}_ikesa pointers when transefing to a different ike sa. ok reyk
2011-01-25fixup child sa deletion in drop_sa; ok reykMike Belopuhov
2011-01-24fixup previous for the responder modeMike Belopuhov
2011-01-23'pfctl -x none' did not turn debugging off. Skip the syslog internalAlexander Bluhm
"no priority" priority named "none". This makes 'pfctl -x none' equivalent to 'pfctl -x crit'. ok mcbride@ henning@
2011-01-21repair rekeying by sending appropriate traffic selector; ok reykMike Belopuhov
2011-01-21don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.Reyk Floeter
ok mikeb@
2011-01-21- Fix traffic selector configuration that it is always "from $localnetReyk Floeter
to $peernet" and not depending on the initiator/responder mode. - Remove the flow hash calculated but not used anymore. ok mikeb@
2011-01-21Remove misleading error message.Reyk Floeter
ok mikeb@
2011-01-21don't create child sas from empty proposals.Reyk Floeter
ok mikeb@
2011-01-21handle empty encrypted payloads (might happen with some informationals)Reyk Floeter
ok mikeb@
2011-01-21tweak previous;Jason McIntyre
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
use the last matching semantics of PF. The previous rbtree-based implementation was broken and tried to do a longest prefix match. But instead of prefix match and using radix-trees to fix it I decided with mikeb@ to implement it as last matching policy evaluation. The last matching policy wins; the "quick" keyword can enforce first matching; additional keywords like "skip" are specific to iked(8). See iked.conf(5) for more details. The implementation also uses skip steps based on PF's code. It significantly speeds up the evaluation of many policies but also adds a little delay when loading them (only noticeable with thousands of policies). This allows iked(8) to scale well with thousands of configured policies but I also liked the fact to have skip steps in another piece of code. ok dhartmei@ for using his skip step code under the ISC license in policy.c ok mikeb@, jmc@