| Age | Commit message (Collapse) | Author |
|---|
|
identity (username). OK mikeb@
|
|
time_second. Since time_second changes depending on the wall-
clock time, time_second is not a reliable source for the status.
We can even end up with a negative time delta. Thus, use the
monotonically growing time_uptime and export it to userland.
ok bluhm@ mikeb@
|
|
this is a modest attempt to shorten the ifconfig output. encap wont
show up if neither vnetid or parent are supplied by an interface.
whitespace tweaks from benno@
output tweaks from reyk@
ok deraadt@ henning@
|
|
is funny, but not useful, so say .Nm Op Fl \&Dx as required.
|
|
|
|
OK bluhm@
|
|
Less of unreliable ioctl(SIOCGIFMEDIA), more getifaddrs().
ok mpi@
|
|
marking the function "static". Use OSFP_DEBUG, in a similar
fashion to OPT_DEBUG (pfctl_optimize.c).
OK bluhm@
|
|
This reduces the diff with usr.sbin/tcpdump/pfctl_osfp.c. The change
from tcpdump is newer, so change pfctl. No binary change.
OK deraadt@
|
|
As mentioned by miod@ here [1], wsconsctl(8) has a currently
undocumented 'display.font' variable allowing to change the
current font on framebuffer consoles.
[1] http://undeadly.org/cgi?action=article&sid=20131023125815
OK deraadt@
|
|
separate function so it can be used in multiple
places.
|
|
|
|
looking for a valid recorded lease into a separate
function and thus make them consistent.
No intentional functional change.
|
|
ok yasuoka mikeb
|
|
ok kr@ aja@
|
|
Reported by Carl Mascott, thanks! OK sthen
|
|
|
|
OK sthen, visa
|
|
those are command modifiers, not flags. Inconsistency noticed
and patch sent in by Anton dot Lindqvist at gmail dot com.
|
|
update their descriptions. In sysctl.8 refer to /etc/sysctl.conf in FILES.
discussed with and ok jmc
|
|
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
|
|
|
Since only leaf queues can have packets assigned to them,
H-FSC requires the user specified root queue to have a
parent. To simplify userland tools and the configuration
interface, the kernel can be leveraged to set it up.
ok henning
|
|
with the no-longer-available address over and over and over, requiring
iked to be restarted eventually. instead, on EADDRNOTAVAIL, schedule
SA deletion so a new one is set up shortly thereafter. ok reyk mikeb
|
|
checking, make somaxconn and sominconn unsigned.
Issue reported by orge on freenode, thanks!
Input, patient explanations and ok deraadt, millert.
|
|
Public key authentication uses public key files that are stored in the
/etc/iked/pubkeys/ directory where the IKE IDs are encoded as filenames.
This does not simply work with ASN1_DNs where the IDs include slashes
and other special characters. Instead of breaking and failing when an
ASN1_DN is configured, simply skip the public key lookup but allow
to use it with certificates or PSKs.
Reported and fix tested by Igor V. Gubenko - Thanks.
|
|
sync usage() with SYNOPSIS;
|
|
and do not try to do all the documenting in SYNOPSIS/usage();
ok deraadt
|
|
the key of the state.
ok sasha
|
|
commit in 2000 that introduced the features already called them SA
bundles. The word group is taken by Diffie-Hellman, reusing it
causes confusion.
OK hshoexer@
|
|
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
|
ok otto
|
|
remove condition for static linking; ok tb@
|
|
sanity improvements reyk@ recently put into dhcrelay to ensure no more than
the captured packet is processed.
|
|
had it correct. Don't BPF_WORDALIGN() the value for the number of
bytes read() into the buffer. This could theoretically cause the
processing of 1 - 3 more bytes than were read.
|
|
|
|
Remove -Werror to give code a greater chance of building.
ok deraadt@ florian@
|
|
flow which the first SA matched by the flow type. This behaviour
was mostly undocumented and unexpected. Make SA bundles explicit
in ipsec.conf(5). Only group SAs that have the same src and dst
and also the same bundle identifier.
OK hshoexer@
|
|
|
|
See RFC 5996, section 2.23, NAT Traversal:
In the case of a mismatching NAT_DETECTION_DESTINATION_IP hash, it
means that the system receiving the NAT_DETECTION_DESTINATION_IP
payload is behind a NAT and that system SHOULD start sending
keepalive packets as defined in [UDPENCAPS].
With markus@, ok reyk@
|
|
scanning the used inode map. The code as written assumes inosused
is signed but this is no longer the case. OK deraadt@
|
|
|
|
|
|
group related functions in kroute.c together and comment them a bit.
No intentional functional change.
|
|
priv_write_resolv_conf() and move the latter into kroute.c
with all its priv_ friends.
No intentional functional change.
|
|
i.e. open FILE during program set up and use the FILE created for
the rest of the program lifetime after dropping privilege and
pledge()'ing. No need for passing messages to the priv process.
Tweak lease file handling a bit in passing.
Monitoring the -L file with external programs like sysutils/entr
still works.
Looks good to sthen@.
|
|
ok mikeb
|
|
unsigned.
While there, fix a whitespace issue.
OK deraadt@
|
|
win.
No intentional functional change.
|
|
'int' -> 'unsigned int' (and visa versa) where obvious.
Steal a couple of 'unsigned' -> u_int32_t from reyk@'s dhcrelay
tweaks.
No intentional functional change.
|
