| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-03-23 | use the define for max rdomain with tunneldomain as well | Jonathan Gray | |
| ok claudio@ | |||
| 2011-03-13 | consistently use "Wake on LAN (WoL)"; i don;t care if anyone wants to | Jason McIntyre | |
| change that, but let's keep it consistent; ok stsp | |||
| 2011-03-13 | s/can be/are/ in previous; from jmc | Stefan Sperling | |
| 2011-03-13 | Add a way to enable/disable Wake On LAN with ifconfig. | Stefan Sperling | |
| ok deraadt | |||
| 2011-03-12 | These utilities can currently only operate with a 32-bit block number range, | Theo de Raadt | |
| so use daddr32_t ok jasper | |||
| 2011-03-12 | Replace the old, broken KERN_PROC ABI and its matching functions | Philip Guenthe | |
| in libkvm with the stable-ABI versions that are currently named KERN_PROC2, kvm_get{proc,argv,envv}2(). The latter names and symbols will continue to be supported for a few releases. Committing now that they ports people have had a couple releases to update pkgs that usd the old functions | |||
| 2011-03-05 | If an auto-allocation scheme fails because there are not enough | Kenneth R Westerback | |
| available partitions (e.g. many spoofed logical partitions) try the next scheme rather than giving up. "sane" deraadt@ ok matthew@ | |||
| 2011-03-03 | This change makes ping compare minimum amount of bytes between what | Mike Belopuhov | |
| was received and what was sent out and print additional information explaining payload size differences. Issue was found by reyk, debugged by jsg and me with an input from claudio (who found out that initial version breaks -w) and bluhm (who advised to notify a user). Ok bluhm and deraadt on the previous version of the diff. Lots of history for a one-liner :) | |||
| 2011-03-02 | no need for a separate NOTES section; ok henning | Jason McIntyre | |
| 2011-03-02 | Every time the user updates the bounds of the OpenBSD area of the disk, ↵ | Kenneth R Westerback | |
| either explicitly or implicitly, update the start and end sector of the OpenBSD area in the disklabel with DL_SEBEND/DL_SETBSTART. Otherwise the new bounds would not be saved to disk. ok miod@ deraadt@ | |||
| 2011-03-01 | Introduce a dummy function in the SMALL case to digest arguments like | Claudio Jeker | |
| "rdomain", "description", etc. so that the ifconfig on ramdisk is able to parse hostname.if files on updates. OK deraadt@ | |||
| 2011-02-28 | switch open(...) to opendev(...) | Alexander Hall | |
| makes yet another utility honor DUID's ok jsing@ miod@ deraadt@ | |||
| 2011-02-21 | Honour MBR_read() results and don't pretend we can parse blocks we | Kenneth R Westerback | |
| did not successfully read. Tweak some casts. Fixes infinite loop problem noted by jeremy@ while installing on boxen with 'random' garbage in MBR. General loop detection may follow post-4.9. Tested by jeremy@ and ok miod@ | |||
| 2011-02-19 | If the user screws up adding a partition, don't keep partial bits | Kenneth R Westerback | |
| of the partition info around to confuse disklabel, newfs, fsck, etc. From Pedro Martelletto. ok miod@ | |||
| 2011-02-17 | Clarify that ifconfig tries to show interface groups before type "groups". | Camiel Dobbelaar | |
| ok henning jmc miod | |||
| 2011-02-17 | 0-4095 inclusive is the correct (12 bit) vlan range | Camiel Dobbelaar | |
| ok henning claudio miod | |||
| 2011-02-03 | When binding to addresses, ignore any IP address not in the current | Peter Hessler | |
| routing domain. While here, update comment on what the ioctl is used for (from sthen@). OK mikeb@, sthen@ | |||
| 2011-01-29 | no need for fopen, when opendev gives us a perfectly good fd. | Ted Unangst | |
| from "maurice" | |||
| 2011-01-28 | improve behavior of drop_sa: always negotiating a new child sa; ok reyk | Mike Belopuhov | |
| 2011-01-26 | Don't initiate any connections in passive mode, not even for ACQUIRE messages | Reyk Floeter | |
| from the PFKEY socket. This is needed for sasyncd. ok mikeb@ | |||
| 2011-01-26 | get rid of acquire flows completely, as they tend to pass traffic | Mike Belopuhov | |
| when there's no sa established (as pointed out by reyk). instead use require mode feature to send acquires from the kernel. this allows us to get rid of the code that changes flow mode to acquire and keep all installed flows in the tree and save up on some code that deals with renegotiation. also several entities were renamed (iked_acqflows -> iked_activeflows, iked_ipsecsas -> iked_activesas, ikev2_acquire -> ikev2_acquire_sa). ok reyk | |||
| 2011-01-26 | enable child sas and do sa and flow transfer after succeeding with | Mike Belopuhov | |
| all the preparation steps. don't forget to change {flow,csa}_ikesa pointers when transefing to a different ike sa. ok reyk | |||
| 2011-01-25 | fixup child sa deletion in drop_sa; ok reyk | Mike Belopuhov | |
| 2011-01-24 | fixup previous for the responder mode | Mike Belopuhov | |
| 2011-01-23 | 'pfctl -x none' did not turn debugging off. Skip the syslog internal | Alexander Bluhm | |
| "no priority" priority named "none". This makes 'pfctl -x none' equivalent to 'pfctl -x crit'. ok mcbride@ henning@ | |||
| 2011-01-21 | repair rekeying by sending appropriate traffic selector; ok reyk | Mike Belopuhov | |
| 2011-01-21 | don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ. | Reyk Floeter | |
| ok mikeb@ | |||
| 2011-01-21 | - Fix traffic selector configuration that it is always "from $localnet | Reyk Floeter | |
| to $peernet" and not depending on the initiator/responder mode. - Remove the flow hash calculated but not used anymore. ok mikeb@ | |||
| 2011-01-21 | Remove misleading error message. | Reyk Floeter | |
| ok mikeb@ | |||
| 2011-01-21 | don't create child sas from empty proposals. | Reyk Floeter | |
| ok mikeb@ | |||
| 2011-01-21 | handle empty encrypted payloads (might happen with some informationals) | Reyk Floeter | |
| ok mikeb@ | |||
| 2011-01-21 | tweak previous; | Jason McIntyre | |
| 2011-01-21 | Reimplement the iked(8) policy evaluation for incoming connections to | Reyk Floeter | |
| use the last matching semantics of PF. The previous rbtree-based implementation was broken and tried to do a longest prefix match. But instead of prefix match and using radix-trees to fix it I decided with mikeb@ to implement it as last matching policy evaluation. The last matching policy wins; the "quick" keyword can enforce first matching; additional keywords like "skip" are specific to iked(8). See iked.conf(5) for more details. The implementation also uses skip steps based on PF's code. It significantly speeds up the evaluation of many policies but also adds a little delay when loading them (only noticeable with thousands of policies). This allows iked(8) to scale well with thousands of configured policies but I also liked the fact to have skip steps in another piece of code. ok dhartmei@ for using his skip step code under the ISC license in policy.c ok mikeb@, jmc@ | |||
| 2011-01-21 | split pfkey initialization into a privileged and unprivileged part to | Reyk Floeter | |
| prevent a possible crash. ok mikeb@ | |||
| 2011-01-18 | reyk noticed that my rb-tree-fu is not that great. fixup compare function | Mike Belopuhov | |
| to do exact matches; ok reyk | |||
| 2011-01-17 | silence stupid gcc warning by initializing a variable with NULL. | Reyk Floeter | |
| 2011-01-17 | Add initial acquire mode support and use it whenever Windows peers decide | Mike Belopuhov | |
| to drop Child SA based on the inactivity timer. In this case we instruct the kernel to send us an acquire message upon receiving a packet for those hosts and initiate a Child SA creation exchange ourselves. ok reyk | |||
| 2011-01-17 | move mask2prefixlen functions to the util module; ok reyk | Mike Belopuhov | |
| 2011-01-12 | postpone processing of pfkey messages received in pfkey_reply instead of | Mike Belopuhov | |
| just dropping them; ok reyk | |||
| 2011-01-12 | decouple flow deletion from the ikev2_childsa_delete; ok reyk | Mike Belopuhov | |
| 2011-01-12 | fixup bogus check; ok reyk | Mike Belopuhov | |
| 2011-01-12 | don't forget to specify spi sizes; ok reyk | Mike Belopuhov | |
| 2010-12-31 | According to pf_scrub_ip6() pf does not support the scrub options | Alexander Bluhm | |
| no-df, random-id, set-tos for IPv6 rules. Check this in pfctl and document it in pf.conf(5). ok henning@ jmc@ | |||
| 2010-12-29 | Fix swapctl -A with DUIDs in /etc/fstab, and plug a small memory leak. | Stefan Sperling | |
| ok jsing@ (who also pointed out a DPADD tweak missing from my diff) | |||
| 2010-12-23 | pick netmask instead of address when we mean it; found by dhill, ok reyk | Mike Belopuhov | |
| 2010-12-23 | always add a none payload, should fix ike sa rekeying for responders; ok reyk | Mike Belopuhov | |
| 2010-12-23 | spelling fixes; from Daniel Dickman | Jason McIntyre | |
| 2010-12-22 | move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because | Reyk Floeter | |
| it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id(). | |||
| 2010-12-22 | split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for | Reyk Floeter | |
| everything else. we might need to include util.c in ikectl later. sure mikeb@ | |||
| 2010-12-22 | ikev2 rfc was recently updated, so list the newer one; ok reyk | Mike Belopuhov | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |