| Age | Commit message (Collapse) | Author |
|---|
|
- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)
- list all reason codes in tcpdump(8)
ok henning jmc
|
|
non-default rdomain/rtable. route will change the default rdomain
using the new setrdomain() syscall and execute the supplied command,
eg. "route -T1 exec /usr/sbin/named".
Tested by many including michele@, phessler@
ok claudio@, deraadt@
|
|
ok jsg@
|
|
ok claudio@
|
|
or can't return important flags via ioctl. Excess verbiage pointed out
by deraadt@.
ok henning@
|
|
ok jmc@
|
|
|
|
|
|
you backup your data and lock up your pets prior to using this.
Tested by todd@
ok marco@
|
|
|
|
|
|
|
|
|
|
NAT, filter). now we only have one. no need for an array any more. simplifies
the code quite a bit.
in the process fix the abuse of PF_RULESET_* by (surprise, isn't it) the
table code.
written at the filesystem hackathon in stockholm, committed from the
hardware hackathon in portugal. ok gcc and jsing
|
|
got renamed to spanpriority.
|
|
the relevant manual pages. Functionality is described in the (4)
pages, controlling the functionality in ifconfig(8), and the hostname.if
gains the old bridgename.if(5) functionality.
ok claudio jmc
|
|
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@
|
|
like ifconfig -a by setting the aflag to 1. Found with and OK deraadt@
|
|
|
|
to be used for sending out gre/gif encoded packets. OK deraadt@, henning@
|
|
|
|
|
|
|
|
we don't know the size of, otherwise gcc >= 4 will error.
ok markus@ deraadt@
|
|
ok millert
|
|
|
|
|
|
|
|
of dhcp options.
found by parfait.
ok krw@
|
|
ok henning
|
|
expanded version of a diff from Vadim Zhukov.
ok henning@ claudio@
|
|
tested by phessler@ pyr@
ok claudio@
"go ahead" deraadt@
|
|
bogus and misleading error, this permits re-running bridgename.if(5) files etc
without confusion
prodded/found by deraadt@
ok deraadt@ phessler@ henning@ stsp@
|
|
|
|
|
|
compatibility.
|
|
use pkill(1) in /etc/newsyslog.conf instead
together with otto and suggestions from tedu
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
reminded by STeve Andre.
|
|
useful from time to time and it is easer then deciphering ktrace output.
While there kill the no longer needed msec macro.
OK henning
|
|
While there remove some very old compat code supporting a syntax that
no one still knows or uses. OK henning@, deraadt@
|
|
lines; this prevents poll(2) from saying the fd has data to be read, when
it only had a status line change. Prevents ldattach from exiting when
relaying data to gpsd while being driven by a gps with 1PPS.
ok deraadt
|
|
mplslabel label was added, fix.
|
|
which unbreaks ie route-to after the recent pf changes.
With much help debugging and pointing out of missing bits from claudio@
ok claudio@ "looks good" henning@
|
|
that the load balancing code does not freak out but because of this
check_netmask() is now complaining. So set the addr.type to PF_ADDR_DYNIFTL
so check_netmask() is fixing up the netmask for IPv4 and stops complaining.
This is a partial fix for the failing regress test 13.
found with jsg, looks good henning
|
|
|
|
ldattach exiting when relaying (nmea to gpsd, for example).
ok deraadt@
|
|
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms
|
|
volume could no longer be brought up.
Found by Pedro la Peu <pedro@am-gen.org>, thanks for the report.
|
|
|
