| Age | Commit message (Collapse) | Author |
|---|
|
ok miod@
|
|
ok miod@ mpi@ deraadt@ martin@
|
|
is not set. This is what the late interface_link_status() did.
Allows drivers who cannot tell what the link state is to get
dhcp leases.
Prodding by henning@.
ok deraadt@ miod@
|
|
|
|
|
|
ok krw@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
|
|
to specify extended options like SA Lifetime. All the hard work was
done by lteo@, while naddy@ and me have made sure that defaults and
AH still work; sthen and jmc have looked over the diffs as well.
|
|
not sectors, since the values being tested/manipulated in the auto_alloc
tables are blocks at that point. Use MEG(256) instead of hand
expanding it when testing physmem.
|
|
lteo@ noticed that ipsecctl allowed them within the ike rules
while isakmpd failed to load the generated configuration.
The fix was verified by hshoexer, ok naddy
|
|
from Florian Obser, florian -AT- narrans -DOT- de
ok sthen@
|
|
ok gilles@, guenther@
|
|
When reading disk size/geometry from disklabel, clamp disk size to
the maximum number of cylinders that fit into UINT32_MAX sectors.
Don't just use the bottom 32 bits of the DL_GETDSIZE(). Warn that
truncation has been done.
|
|
capablity by using help text as regular prompt for 'size' and
'offset'. Try to detect and handle more overflow/underflow conditions
in getuint() and ensure returned value is always within requested
bounds. Handle zero-length partitions by treating them as UNUSED.
tested & ok halex@
|
|
ok mikeb naddy sthen; procedures ok henning
|
|
ok phessler@ mpf@ pirofti@ mpi@
|
|
whenever you see (flags >= ONE_OF_THE_FLAGS), run. that must break sooner
or later.
|
|
family can be determined by the "from" or "to" parameter in the
matching part, it is no longer necessary to specify "inet" or "inet6"
there.
OK henning@ mikeb@
|
|
+ XXX comment as reminder to clean this up for good
|
|
brought up by ryan, discussed with him and theo and they convinced me
|
|
ok mikeb sthen haesbaert henning
|
|
is now superflous. With rounding gone the offset parameter is
similarly superfluous. Simply getuint() accordingly.
|
|
units handling by copying getuint() from disklabel. MBR partition id
and disklabel partition type are different beasts. So deciding to
round off a MBR partition with id FS_BSDFFS meant rounding off
NTFS partitions. And FS_SWAP partitions meant DOS FAT 12. So just
nuke rounding off for now to simplify getuint().
ok beck@
|
|
partition numbers.
|
|
mechanism that was a holdover from when dhclient handled multiple
interfaces at once. There is only one timeout possible at a time.
Also move calculation of current time to just before check to see
if the timeout has expired.
ok beck@ guenther@
|
|
options that "write" to the packet by putting the latter in a set { } block.
for now prio and tos, maintain set-tos backwards compat for the moment.
"match set { prio 6, tos lowdelay }"
"match set prio 6"
from a discussion with ryan in tokyo a while ago, ok ryan phessler
|
|
The standards gpds are jealous gods. kettenis@ and beck@ have shown
EROFS is the wrong thing to return. So revert to EACCES until a
better error code is decided on.
|
|
are thus avoided. Since bounds are now reliable don't check the
returned value for being in-bounds. Since default value is
forced inside bounds, don't bother being tricky and passing a
default that is outside the bounds being specified.
ok beck@
|
|
are all constants. Independantly suggested by guenther@.
|
|
or AES-GMAC. These algorithms cannot be used safely with static
keys and RFCs 3686, 4106, and 4543 expressly forbid such configurations.
Also include a tweak (with jmc@) to the key size explanation, for
completeness sake.
ok mikeb@
|
|
printed with port names if desired.
tcpdump's pf_print_state.c has diverged significantly from pfctl's, so
the change to tcpdump's pf_print_state.c is not exactly the same as
pfctl's.
ok henning sthen
|
|
ask_num() function. Remove now unneeded 'flags' and 'help' parameters
from both. Display out of range values in hex in ask_pid(), since
we are seeking hex input.
ok guenther@
|
|
is attempted. This is instead of the current EACCES and is intended
to result in better error messages from mount(8).
Tweak default EROFS error text to mention fsck'ing in mount_ext2fs
and mount_msdos since they both have fsck's like ffs.
ok deraadt@ aja@ ian@ phessler@
|
|
duplicating the code. Allows simplification of the EDIT() #define
in Xedit() since we always ASK_DEC and use a NULL help parameter when
invoking ask_num().
|
|
discussed with guenther
|
|
A #define to simplify a function calling snippet does not simply or
help when it is used only once.
|
|
strtonum(). Make related error messages consistant.
ok haesbaert@
|
|
|
|
the kernel has code to deal with set-tos and that crap. don't ask for
details. stuart ok
|
|
utterly clear this is not a filter criteria but a packet modification thing.
also preparation for upcoming changes, including one to unscrew this mess
(I should not have to touch half the tree for this - ifixitlater)
not user visible, ok gcc
|
|
messages consistant. Check for valid partition when 'select'ing a
partition.
ok haesbaert@
|
|
keyword in the grammar to create a esn-enabled rule (no reason to
do so for manual sa configuration). instead decode sa flags so
that we can also watch changes happening in the realtime with the
monitor mode. prompted and ok by naddy
|
|
fixes the last known iked inter-op problem with windows 7.
|
|
when rekeying IKE SA as specified in the section 2.18 of RFC5996. Makes
Windows 7 clients a bit happier.
|
|
|
|
|
|
Instead set a timeout that will shut it down in case we don't get an SA
delete notification.
|
