| Age | Commit message (Collapse) | Author |
|---|
|
ok henning
|
|
flow instead of the ID payload. This will fix a part of problems of
L2TP/IPsec from NAT'd clients.
ok markus@
tested by markus@ and myself.
|
|
The general syntax is:
pass in inet from any to 192.168.1.1 af-to inet6 from 2001::1 to 2001::2
In the NAT64 case the "to" is not needed in af-to and the IP is extraced
from the IPv6 dst (assuming a /64 prefix).
Again most work by sperreault@, mikeb@ and reyk@
OK mcbride@, put it in deraadt@
|
|
From: giovanni <qgiovanni at gmail dot com>
|
|
|
|
|
|
discussed with jsing and millert
|
|
isakmpd.8: rsa:1024 -> rsa:2048 (ok markus)
all: X509 -> X.509
from Lawrence Teo
|
|
no objections mpi@ and matthieu@
|
|
use system calls directly, instead.
|
|
sizeofvoid.org>
|
|
accept the same values as pf.conf. It accepts decimal, hexadecimal and
the dscp/tos keywords. The ping option was ripped of in SMALL.
ok mcbride@ sthen@
|
|
ok deraadt@
|
|
|
|
- change accuracy of SENSOR_FREQ from Hz to muHz
- add SENSOR_VOLTS_AC entry to userland programs
ok deraadt@
|
|
from Patrick Keshishian (sidster at boxsoft dot com)
|
|
|
|
|
|
|
|
specifically, rewrite them to permit some markup in the column headers,
and use "Ta" instead of literal tabs; mandoc does not currently match groff
100%, but a mandoc fix may be some time off, and we've gone enough releases
with poorly formatting column lists.
in some cases i have rewritten the lists as -tag, where -column made
little sense.
|
|
ok henning, mcbride
|
|
verification caused by the incorrect check of the EVP_VerifyFinal
return value. Issue was discovered and reported by Justin Ferguson,
justin-dot-ferguson-at-ioactive.com. Thanks!
While here, check for HMAC_* return values.
ok jsg, markus
|
|
ok mcbride
|
|
construct;
this also sidesteps what seems to be a problem with mandoc, in that
"-column -compact" seems to mess up the formatting. thus these pages should
now have their lists formatted nicely (i.e. correctly aligned and with indent
applied);
as a side note, the fact that headers are not properly marked up is another
issue which will be addressed separately (a mandoc fix is needed, i think).
i have fudged a few of these to mark up properly, since the workaround does
make sense for some pages.
as another side note, i haven;t fixed man7, as i need to prepare a separate
diff for kristaps and ingo.
|
|
ok mikeb@
|
|
Ok jmc@ (who also pointed me to the 2nd missing one) sobrado@.
|
|
|
|
ok henning
|
|
Diff from zinke@ with a some minor cleanup.
ok henning claudio deraadt
|
|
attributes (this is now required by pf_rule_test().
ok sthen henning
|
|
|
|
|
|
|
|
for the new priority queueing implementation. valid range is 0 to 7. the old
trick for priorizing empty ACKs etc remains thru the latter notation
ok ryan mpf sthen plus pea testing and halex and claudio reading
|
|
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
|
- Did not include PF_SKIP_RDOM
- Changed order of address and ports.
|
|
packages _only_. One is not supposed to add any base scripts in it.
naddy@ doesn't care (I think he does care but he won't admit it)
ok robert@
(I'll add something to current.html in a few)
|
|
|
|
|
|
|
|
been implicit for years now.
ok henning@
|
|
a bunch of bugs with fragment handling not being in sync with the
rest of the ruleset.
Much feedback from mpf, bluhm & markus
Thanks to Tony Sarendal for help with testing
ok bluhm; various previous versions ok henning, claudio, mpf, markus
|
|
behaves as if SO_KEEPALIVE was set on all TCP sockets, forcing keepalives
to be sent every net.inet.tcp.keepidle half-seconds.
In conjunction with a keepidle value greatly reduced from the default,
this can be useful for keeping sessions open if you are stuck on a network
with short NAT or firewall timeouts.
Feedback from various people, ok henning@ claudio@
|
|
type (if not specified) to "use" instead of "require".
(since they will not get a key...)
ok mikeb claudio
|
|
place it was missing. Delete now redundant calls to DIOCGDINFO when
getting physical disk info in disklabel(8) and fdisk(8).
Reminded by a fdisk discussion with Andres Perera on tech@.
ok deraadt@
|
|
|
|
a ffs frag size can be less than the d_secsize of the disk. Make
sure amd64 writedisklabel() puts the disklabel where readdoslabel()
will read it. Tweak i386/amd64 installboot/biosboot so sectors are
indeed used where sectors are claimed.
Lets me fdisk, newfs, mount and installboot onto 2048 and 4096
byte sector devices. Other filesystem utilites will still hold
surprises.
Note that actually booting from such devices will await BIOSen that
acknowledge such devices as bootable.
ok guenther@
|
|
|
|
even though -interface is the same as -iface.
OK jmc@
|
|
|
