summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2009-02-23back out last commit since it breaks a few regress tests -- this will beTheo de Raadt
looked at post-release -- out of time for these kinds of problems david@ says: pfopt6 and f91.ok; pfopt6 change looks ok, but pf91 is of concern.
2009-02-22split synopsis and the options list according to functionality;Jason McIntyre
diff from Mitja Mu?eni? ok marco
2009-02-19spacingTheo de Raadt
2009-02-19'(ifi->linkstat && ifi && ifi->rfdesc != -1)' is flawed. Swap theKenneth R Westerback
first two terms so ifi is checked first.
2009-02-16fix pfctl -v printing of anchors, from camield@. Closes user/6065Stuart Henderson
2009-02-16Allow username and password to be up to 255 characters in length.Can Erkin Acar
Tested by many, thanks. Put it in" deraadt@
2009-02-16sync the wpa example with those in the driver pages, as pointed outJason McIntyre
by damien;
2009-02-15should fsck the raw device; spotted by frantisek holop and mentioned onTheo de Raadt
the mailing lists two weeks ago, and completely ignored I guess.
2009-02-15Don't display, or save via the editor 's' command, the fsize andKenneth R Westerback
bsize fields for UNUSED partitions. '-R' already skipped processing these fields for such partitions. Eliminates an XXX. ok deraadt, "makes sense" miod@
2009-02-15Give an example of how to use wpa-psk(8) to connect to WPABret Lambert
networks in the wpapsk section of the page. ok deraadt@ henning@
2009-02-15make "ifconfig if0 chan" list the channels supported by the device.Damien Bergamini
add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too. discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
2009-02-13Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.Damien Bergamini
Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X. Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
2009-02-09Document that ips has bio support now.Alexander Yurchenko
2009-02-09Add caveat that rebuild is not currently implemented on softraid.Marco Peereboom
2009-02-08Eliminate excessive verbiage for 'fdisk -i' and 'fdisk -u'. EspeciallyKenneth R Westerback
the multi-line banner announcing that the MBR is being changed. Also the listing of the partition table in 'fdisk -u'. Display a consistant message when the MBR is written. While here cleanup and shrink code without changing any semantics. Started with a diff posted on tech@ by Tobias Ulmer. "I like it" marco@ ok jsing@
2009-02-08bump the posix reference in STANDARDS to IEEE Std 1003.1-2008, with a fewJason McIntyre
updates to follow;
2009-02-06Remove bogus casts of integer constants SPPPIO[GS]DEFS to caddr_tAlexander Yurchenko
and fix typo while here. ok canacar@
2009-02-03Reflect MPLS kernel changes. Operations are stored now in rt_mpls field.Michele Marchetto
ok claudio@ laurent@
2009-02-01Let this compile with gcc2.Miod Vallat
2009-01-31write point-to-point in a consistent way.Igor Sobrado
jmc@ has provided a complete list of manual pages to be fixed, and suggested using uppercase (i.e., Point-to-Point) when discussing the protocol, and lowercase (point-to-point) otherwise. ok jmc@
2009-01-30If the "peer" address is not specified or derived from "to" forAlexander Bluhm
"ike" rules in ipsec.conf, the default peer is used. In theory ipsecctl -f ipsec.conf can configure the default peer for each "ike" entry. As isakmpd only supports one default peer, the last "ike" rule that uses a default peer wins. This configuration is then significant for all "ike" rules that use the default peer. Now a warning is printed if a later rule in ipsec.conf changes the configuration of the original default peer. This should be an error but that would break existing user configs. So only a warning is printed. ok hshoexer@, todd@
2009-01-29After checking that peer == NULL do not assign peer = NULL a fewAlexander Bluhm
lines later. No functional change. ok grunk@, hshoexer@
2009-01-29tweak previous;Jason McIntyre
2009-01-29Introduce -mplslabel to allow ipv4/ipv6 packets enter MPLS clouds.Michele Marchetto
This is also consistent with mplslabel in ifconfig(8). OK claudio@ laurent@
2009-01-29Improve logging:Hans-Joerg Hoexer
- in ipsec_delete_spi_list() a log_verbose is added, when a remote peer sends us a delete message for an SA. However, to avoid spamming the log when SAs are deleted during re-keying, I only log_verbose, when the soft timeout of the SA is not expired yet. Thus only deletion of live SAs gets logged. - in ipsec_decode_ids() I remove the additonal printing of IP-Adresses in hex as the addresses are already printed in CIDR. - while there, apply some KNF ok todd@, mpf@, bluhm@
2009-01-28Reflect MPLS kernel changes.Michele Marchetto
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
keyword as argument for the peer parameter will do that. An ike without peer creates the peer-default config. A flow without peer acquires a host-to-host SA. tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
2009-01-28cleaning up my tree: trivial KNF and a comment fix.Hans-Joerg Hoexer
2009-01-28use claudios new rtsocket filters to restrict which messages on the routeDavid Gwynne
socket dhclient will get. ja ja claudio@
2009-01-28Remove some dead (#if 0) code.Hans-Joerg Hoexer
2009-01-27A warning text in ipsecctl was used twice. Make the messages uniqueAlexander Bluhm
for easier debugging. ok grunk@, hshoexer@, todd@
2009-01-26Mark multipath routes with P in the show command flags. Bummer that bothClaudio Jeker
M and m were already taken. OK henning@
2009-01-24improve indentation without wasting space on the install media;Igor Sobrado
make source code fit on 80-column displays; while here, remove superfluous comment sign. ok krw@
2009-01-24Improve comment about resolv.conf creation. Prodded by sobrado@.Kenneth R Westerback
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
different source network than we have negotiated with a peer. This enables us to do nat/binat on the enc(4) interface. Very useful to work around rfc 1918 collisions. Manpage and testing by Mitja Muzenic. Thanks! OK hshoexer@, markus@. "I like it" todd@
2009-01-17Use different variables for the dump offset in blocks and the dump offsetMiod Vallat
in bytes; this allows us to get rid of many off_t casts, and ensures proper operation on very large swap partitions on 32 bit machines. From Pierre Riteau.
2009-01-11On *ppc disks shared with MacOS, walk the Apple partition map to find outMiod Vallat
the bounds of the OpenBSD area. Should prevent users from shooting themselves in the feet. ok krw@
2009-01-10Use the kernel set ifam_hdrlen so that ABI changes won't cause olderClaudio Jeker
binaries to stop working. OK krw@, michele@, henning@, dlg@
2009-01-08Reflect MPLS kernel changes.Michele Marchetto
ok claudio@
2009-01-06i saw the previous was wrong as soon as i committed it: put theJason McIntyre
built-in blurb in STANDARDS; we did once have a COMPATIBILITY section which we merged with STANDARDS, so i think this is appropriate. it certainly feels better than adding single sentences randomly to the end of text bodies.
2009-01-06document, consistently, those apps which also exist as built-insJason McIntyre
on certain shells; do not try to document changes between the implementations, but at least warn of their existence; diff from Ingo Schwarze
2009-01-04replace hardcoded exit values with .Ex macros;Igor Sobrado
ok jmc@
2009-01-02Handle kernel core files larger than 2GB; ok dlg@Miod Vallat
2008-12-29Give ifb its own display type (be sure to make includes before rebuildingMiod Vallat
wsconsctl)
2008-12-29Some forms of inode corruption can make remsize and thus isize goOtto Moerbeek
negative and cause SEGVs. Handle this the same as an out of range blockno. ok jsg@ (also victim) pedro@ thib@
2008-12-24fox format string; ok tedu@Otto Moerbeek
2008-12-22Only warn about pfkey failures when errno is != EEXIST.Hans-Joerg Hoexer
This avoids warnings about already existing manual flows when ipsec.conf is reloaded. From Mitja Muzenic <mitja at muzenic dot net>, thanks!
2008-12-22mark log_fatal() and monitor_exit() as __dead, as they do not return.Hans-Joerg Hoexer
2008-12-16Use macros from route.h when mapping route priorities to names; theStuart Henderson
hardcoded values used here before were incorrect. ok claudio@
2008-12-15Reflect kernel changes. Labels are no more per link uniqueMichele Marchetto
and operations are now stored in rt_flags. This also simplify a lot the syntax. ok claudio@ laurent@