summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2016-07-27correct syntax for baddynamic example. from Holger MikolonTed Unangst
2016-07-27increase the size of forkstat fields to accomodate large valuesTed Unangst
2016-07-25Revert change to density calculation. David Vasek points out thisKenneth R Westerback
is a more complicated problem than it appears. ok deraadt@
2016-07-23Back out the dhclient BPF change. There are DHCP servers out there whichStefan Sperling
send frames to the ethernet broadcast address, so this will need some more thought and it's too late for 6.0. Problem reported by Holger Mikolon. ok mpi@
2016-07-23At n2k16 David Vasek pointed out that FFS partitions on 4K disks areKenneth R Westerback
created with far fewer inodes than DEV_BSIZE devices. Scale the default 'density' value by (sector size)/DEV_BSIZE to create the same number of inodes. Obviously a NO-OP on DEV_BSIZE devices. Thanks David! ok deraadt@
2016-07-22Actually DECLINE and delete unused offers. Don't just say so in a comment.Kenneth R Westerback
In situations where >1 offer is received this will eliminate unbounded memory growth and make us a more polite netizen. In some corner cases it might prevent reuse of inappropriate older offers. ok millert@
2016-07-21Use explicit idiom when testing the result of strcmp() and strncmp().Kenneth R Westerback
i.e. == 0 and != 0 as appropriate. No intentional functional change. Suggested by & ok tom@
2016-07-20Shrink priv_write_file() API so that it does less, and the callers askTheo de Raadt
it to do less. Discussion with guenther. ok krw
2016-07-20As a general rule, fchown before fchmod is a safer order (because manyTheo de Raadt
systems throw away bits upon chown). Not in this case, but code gets copied.. ok krw
2016-07-20When parsing the configuration. initialize the auth structureReyk Floeter
correctly, as parse.y's $$ is not zero-initialized. Found by Rene Ammerlaan OK markus@ florian@
2016-07-20Make the size for the syn cache hash array tunable. As we areAlexander Bluhm
swapping between two syn caches for random reseeding anyway, this feature can be added easily. When the cache is empty, there is an opportunity to change the hash size. This allows an admin under SYN flood attack to defend his machine. Suggested by claudio@; OK jung@ claudio@ jmc@
2016-07-19Narrow the BPF read filter rules so only packets sent to theKenneth R Westerback
interface's LLADDR pass. Rely on dhclient's existing ability to detect and react to LLADDR changes. This limits the number of packets that get dropped as a result of dhclient setting BIOCSFILDROP on the bpf descriptor. Problem with bridges and multiple dhclients noted by stsp@. ok mpi@ stsp@ deraadt@ henning@
2016-07-18no more cbq_opts - CBQ is gone, ok mpi phessler bennoHenning Brauer
2016-07-18g/c unused (global!) var: oqueues isn't used any more. ALTQ leftover; notHenning Brauer
noticed since struct node_queue stayed. ok claudio benno gcc
2016-07-14kern.usermount is currently a no-op;Jason McIntyre
ok deraadt
2016-07-13Introduce RTF_MULTICAST and flag corresponding IPv6 routes as suchMartin Pieuchot
instead of abusing RTF_CLONING. Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
2016-07-09only print one error, not multiple misleading messagesTed Unangst
2016-07-05Remove kern.random remnants; OK deraadt@Tim van der Molen
2016-07-04Drop support for the undocumented second argument (same as -N option)Philip Guenther
ok deraadt@
2016-06-30ntpys sysctl was removedTed Unangst
2016-06-29Document arptimeout, arpdown. Prodded by and ok jmc@Chris Cappuccio
2016-06-26somebody forgot to look at format string warningsTed Unangst
2016-06-25Move pledge after opendev and DIOCGPDINFO. Fixes e.g. fdisk /dev/tty.Theo Buehler
This diff by deraadt was overlooked far too many times, mostly by me. It's the original fix of the pledge disklabel breakage found by espie. diff by deraadt; ok semarie, tb.
2016-06-22Add curly braces that were missed in rev 1.651. Add parenthesis to make theMark Kettenis
condition in the if statement more readable while I'm there. ok phessler@, benno@, florian@
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
change this in all config parsers in our tree that support macros. problem reported by sven falempin. feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
2016-06-21the manpage documents that af-to does not work on pass out rules, butSebastian Benoit
the pf.conf parser allows it, which leads a non working configuration being loaded. this changes the parser to make pass out .. af-to an error. ok henning@ mikeb@
2016-06-20Add a bit more verbosity to tmpfs mount(8) output.Antoine Jacoutot
ok millert@ feedback/ok natano@
2016-06-19a little nicer formatting; from miodJason McIntyre
2016-06-19Split readlabel() into two functions, readlabel() and parselabel(), andTheo Buehler
pledge in-between the two funtion calls. The new readlabel() only does a DIOC*DINFO ioctl, making sure the fd points to a disk, while parselabel() does the scary string manipulations. In the makelabel() code path do an early DIOCGDINFO before pledge. This fixes yet another pledge problem (disklabel -w /dev/tty floppy576). Some of this was discussed with beck. ok semarie, earlier version ok deraadt
2016-06-18Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsVincent Gross
cannot be bound to by non-root users. Ok millert@ bluhm@
2016-06-16allow include in inline anchorsHenning Brauer
with this, anchor foo { include "/path/to/rules" } works and "load anchor" is obsolete, to be removed somewhen later after release. co-production with reky at bsdcan, ok reyk mikeb benno sasha
2016-06-15Add umb(4) - a driver for the Mobile Broadband Interface Model (MBIM)Gerhard Roth
The umb(4) driver provides support for USB MBIM devices. Those devices establish connections via celluar networks such as GPRS, UMTS, and LTE. ok mpi@ sthen@ additional feedback from deraadt@ jmc@ stsp@ kettenis@
2016-06-14llprio now affects pppoe(4) control frames as well as arp(4) and bpf(4) writes.Stuart Henderson
2016-06-13correct pledge for disklabel -R -[fF]Jonathan Gray
ok tb@
2016-06-10Add the "llprio" field to struct ifnet, and the corresponding keywordVincent Gross
to ifconfig. "llprio" allows one to set the priority of packets that do not go through pf(4), as the case is for arp(4) or bpf(4). ok sthen@ mikeb@
2016-06-07Document the net.inet.tcp.synuselimit sysctl; OK bluhm@ jmc@Tim van der Molen
2016-06-07per trending style, add continue to emtpy loop bodies.Ted Unangst
ok mglocker
2016-06-06restore my ability to do full bulks.Marc Espie
okay deraadt@
2016-06-03update default value for rebootTed Unangst
2016-06-03The networks I use are sufficiently fast that a 10 second "reboot" timeoutTed Unangst
is not necessary, and in fact quite annoying when I swtich networks and want to get back to the init state quickly. Default instead to 1 second. The very few users who encounter problems may edit dhclient.conf. ok benno krw does not object
2016-06-02Use the last 32-bits of the IPv6 address to dynamically assignPatrick Wildt
addresses from the pool, instead of the fourth byte, which usually represents network bits. ok markus@ mikeb@
2016-06-01Fix automatic disk allocation based on a template which I broke in theTheo Buehler
previous commit. readlabel() calls editor_allocspace() which will use the default label unless a template was provided beforehand. Thus, call parse_autolabel() before redlabel(). Problem found and fix provided by Mark Patruck, thanks! Fix asap, deraadt@
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
clients can be given an IPv4 and IPv6 address at the same time, thus enabling dual stack usage. ok markus@ mikeb@
2016-06-01Kill sysctl net.inet6.ip6.rr_pruneJeremie Courreges-Anglas
We don't support Router Renumbering and there are no plans to change that. ok mpi@
2016-06-01ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0)Patrick Wildt
addresses by specified (e.g. 192.0.2.1) ones. The function should return if the address is already set. The check was wrong for the IPv6 case, as it returned if it's not set. This caused the address to never be fixed. ok markus@ mikeb@
2016-05-31permit wxallowed on mfsTheo de Raadt
discussed with naddy a bit, ok millert
2016-05-29Refactor and clean up the logic before pledge a bit and fix pledgeTheo Buehler
fallout related to pledge disklabel (e.g. 'disklabel /dev/tty'). - Allow 'disklabel sdN' again for non-root users. - Make sure at least one DIO* ioctl comes before pledge "disklabel" - Fix the op == WRITE logic that broke 'make release' in -r2.217 Based on -r2.17 from beck. ok beck
2016-05-29wxabort bits; ok deraadtJason McIntyre
2016-05-29sort mount options, and shorten slightly the wxabort text;Jason McIntyre
2016-05-28Don't pledge before opendev() and ioctl DIOCGDINFO were called.Theo Buehler
Avoids a pledge crash with 'ncheck_ffs /dev/tty'. deraadt agrees