summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2012-07-11MBR can't handle the truth.Kenneth R Westerback
2012-07-11Simplify guts and calling of getuint(). Eliminate a useless 'help'Kenneth R Westerback
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-10disable lidsuspend on shutdownAlexander Hall
2012-07-10use PFSTATE_SCRUBMASKHenning Brauer
2012-07-10Allow an implicit address family for af-to rules. If the addressAlexander Bluhm
2012-07-10intermediate hack^Wugly "fix" to prevent spurious "scrub ()" printsHenning Brauer
2012-07-10set { ... } -> set ( ... )Henning Brauer
2012-07-09Fix typo in warning message.Lawrence Teo
2012-07-09We always want to do unit conversions. So flags parameter of getuint()Kenneth R Westerback
2012-07-09I want some of what kjell was smoking 10 years ago when he addedKenneth R Westerback
2012-07-09Make 'swap' command work like fdisk(8) says -- you must supply two validKenneth R Westerback
2012-07-09Terminate with extreme prejudice the multiple timeout queuingKenneth R Westerback
2012-07-09fix some of the confusion we have in pf regarding filter criteria vsHenning Brauer
2012-07-09Revert previous.Kenneth R Westerback
2012-07-09Use strtonum() instead of strtol() inside ask_num(). Many overflowsKenneth R Westerback
2012-07-08set_pid() does not need prompt string, low or high parameters. TheseKenneth R Westerback
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-07-08New attempt to make the -P flag work with -ss, so that states can beLawrence Teo
2012-07-08Split out an ask_pid() function rather than over-parameterizing theKenneth R Westerback
2012-07-08Return EROFS when a read-write mount of a read-only sd(4) deviceKenneth R Westerback
2012-07-08Call Xsetpid() to edit the partition type from Xedit() rather thanKenneth R Westerback
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
2012-07-08Nuke useless EDIT() #define in Xsetpid.Kenneth R Westerback
2012-07-08Replace tricker atoi() and hand rolled parsing with strsep() andKenneth R Westerback
2012-07-07copy&paste mistake in error messageChristian Weisgerber
2012-07-07remove incorrect check in pfctl preventing set-tos for ipvshit.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-07-07Replace atoi() with strtonum() where it's easy. Make related errorKenneth R Westerback
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2012-06-28prevent salt_len overflow; reported by andrew nelless, ok otto, teduMike Belopuhov
2012-06-27leftover code re-enqueued the same item on the list multiple timesMike Belopuhov
2012-06-27prevent an endless loopMike Belopuhov
2012-06-26Add some more paranoia and make code clearer. Check that the requiredKenneth R Westerback
2012-06-26RFC 2132 says "Options containing NVT ASCII data SHOULD NOT includeKenneth R Westerback
2012-06-26improve ikev2_msg_retransmit_timeoutMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-25log all, not log-all; ok henningJason McIntyre
2012-06-24Nuke interface_link_status() (check media status only) and useKenneth R Westerback
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov