summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2012-07-26Make interface_status() assume that a link is up when IFM_AVALIDKenneth R Westerback
2012-07-26load os passive fingerprints when testing the ruleset; ok henningMike Belopuhov
2012-07-25do not check ns here, we're supposed to compute it; ok krw@ deraadt@Otto Moerbeek
2012-07-14replace (somewhat) magic numbers with constantsAlexander Hall
2012-07-14ansifyAlexandr Shadchin
2012-07-14fix typo in commentAlexandr Shadchin
2012-07-14zap whitespaceAlexandr Shadchin
2012-07-13small tweak;Jason McIntyre
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-13Replace a '512' with DEV_BSIZE. Calculate physmem size in blocks andKenneth R Westerback
2012-07-13Support additional MODP DH groups in the Phase 1 and Phase 2.Mike Belopuhov
2012-07-13allow destination/prefixlen syntax for ipv6 routes.Sebastian Benoit
2012-07-13Use NULL instead of 0 for pointersAlexandr Shadchin
2012-07-11MBR can't handle the truth.Kenneth R Westerback
2012-07-11Simplify guts and calling of getuint(). Eliminate a useless 'help'Kenneth R Westerback
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-10disable lidsuspend on shutdownAlexander Hall
2012-07-10use PFSTATE_SCRUBMASKHenning Brauer
2012-07-10Allow an implicit address family for af-to rules. If the addressAlexander Bluhm
2012-07-10intermediate hack^Wugly "fix" to prevent spurious "scrub ()" printsHenning Brauer
2012-07-10set { ... } -> set ( ... )Henning Brauer
2012-07-09Fix typo in warning message.Lawrence Teo
2012-07-09We always want to do unit conversions. So flags parameter of getuint()Kenneth R Westerback
2012-07-09I want some of what kjell was smoking 10 years ago when he addedKenneth R Westerback
2012-07-09Make 'swap' command work like fdisk(8) says -- you must supply two validKenneth R Westerback
2012-07-09Terminate with extreme prejudice the multiple timeout queuingKenneth R Westerback
2012-07-09fix some of the confusion we have in pf regarding filter criteria vsHenning Brauer
2012-07-09Revert previous.Kenneth R Westerback
2012-07-09Use strtonum() instead of strtol() inside ask_num(). Many overflowsKenneth R Westerback
2012-07-08set_pid() does not need prompt string, low or high parameters. TheseKenneth R Westerback
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-07-08New attempt to make the -P flag work with -ss, so that states can beLawrence Teo
2012-07-08Split out an ask_pid() function rather than over-parameterizing theKenneth R Westerback
2012-07-08Return EROFS when a read-write mount of a read-only sd(4) deviceKenneth R Westerback
2012-07-08Call Xsetpid() to edit the partition type from Xedit() rather thanKenneth R Westerback
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
2012-07-08Nuke useless EDIT() #define in Xsetpid.Kenneth R Westerback
2012-07-08Replace tricker atoi() and hand rolled parsing with strsep() andKenneth R Westerback
2012-07-07copy&paste mistake in error messageChristian Weisgerber
2012-07-07remove incorrect check in pfctl preventing set-tos for ipvshit.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-07-07Replace atoi() with strtonum() where it's easy. Make related errorKenneth R Westerback
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber