| Age | Commit message (Collapse) | Author |
|---|
|
Document the interpretation of the third and fourth levels of KERN_FILE2.
Document that KERN_FILE and KERN_PROC are deprecated in favor of
KERN_FILE2 and KERN_PROC2.
ok and tweaks jmc@
|
|
a all zero mask. So check for this condition as well since else we read
garbage that comes after the netmask sockaddr (which is the IFP normaly).
Found by todd@, OK dlg@
|
|
ok mcbride
|
|
|
|
ok mcbride@ henning@
|
|
address family is selected; don't print the v6 mask if it's a v4 address.
|
|
tests for illegal conditions in translation/routing.
|
|
collapsing into tables, so that we can handle all possible address family
expansions.
|
|
like a dynamic one in the routespec.
|
|
|
|
Fix binat-to sanity checks.
|
|
|
|
- purge irrelevant addresses from the lists before collapsing
- ensure the lists are freed after they're collapsed
- more careful ifname copying, avoiding double-free / use-after-free traps
|
|
|
|
actions. Allow interfaces to be specified in special table entries for
the routing actions. Lists of addresses can now only be done using tables,
which pfctl will generate automatically from the existing syntax.
Functionally, this deprecates the use of multiple tables or dynamic
interfaces in a single nat or rdr rule.
ok henning dlg claudio
|
|
from and ok claudio@
|
|
lookahead in the parser
ok henning otto
|
|
and/or ASN1-DNs get not parsed correctly; with and ok krw@; ok reyk@
|
|
|
|
10.0.0.1 })
should be folded in the parser to any, not to 10.0.0.1. How long this bug has
been with us is unclear.
ok guenther mcbride
|
|
To quote henning, 'ok gcc'
|
|
/dev/mem to be direct instead of going through kvm_getprocs(), as
that function is going to get more an more broken as we move stuff
from struct proc to struct process for rthreads. To minimize the
code copying, put the common logic of filling in a kinfo_proc2
structure into a macro FILL_KPROC2() in <sys/sysctl.h> for use from
both the kernel and user-space. This also hides the KERN_PROC
#define behind "#if defined(_KERNEL)||defined(_LIBKVM)", as it's
deprecated.
Positive feedback from millert and blambert; so committing to unblock
further rthreads work.
|
|
ok marco@
|
|
files. If any information found in these documents is worthwhile and you
miss it, please make the time to work it into the manual pages (which people
actually do read).
ok guenther
|
|
instead, .It is required. Thus, move .Pp and text before the .Bl,
and remove the .Pp altogether where it is not needed.
Syntax errors found by mandoc(1), also required to fix the mandoc build;
feedback and ok jmc@, and sobrado@ also supports the direction.
|
|
|
|
also required to fix the mandoc build.
"fine. even if mandoc goes nowhere, it has found some bugs ;)" jmc@
ok sobrado@
|
|
|
|
without using a passphrase - instead the encryption mask key is stored on
the specified key disk partition (ideally being one on a removable device).
This also enables automatic assembly of crypto volumes at boot time.
ok marco@
|
|
|
|
as neither arrayified not arrayfied exist -- sanctioned dictionaries
like Merriam-Webster ones suggest a few alternatives (e.g., arrayed),
however these made up words are easy to understand and we are not
certain that current ones are not ok.
ok jmc@
|
|
on. use the received-on IFNAME filter option on a pf.conf rule to restrict
which packet the interface had to be received on. eg:
pass out on em0 from $foo to $bar received-on fxp0
ive been running this in production for a week now. i find it particularly
usefull with interface groups.
no objections, and a few "i like"s from henning, claudio, deraadt, mpf
|
|
|
|
ok claudio
|
|
looking at it with claudio since I started doing more routing stuff.
|
|
ok marco@
|
|
8 bytes smaller when a raw socket is used.
OK jmc, deraadt.
|
|
Instead of a false data mismatch report, we now print (TRUNC!).
This also fixes two out of bounds accesses.
The "wrong data byte #XXX" counter was also wrong and off by 8 bytes.
OK djm@ on an earlier version, OK deraadt@.
|
|
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio
|
|
|
|
to rewrite it because it was another mangled diff in mail. When will
people learn that the tabs and spaces are important?
|
|
the original approach using a source tracking node.
the reimplementation i smore flexible than the original one, we now have an
slist of source tracking nodes per state. that is cheap because more than
one entry will be an absolute exception.
ok beck and jsg, also stress tested by Sebastian Benoit <benoit-lists at fb12.de>
|
|
|
|
(one case was a false positive, but one is a modified copy of the other)
|
|
|
|
|
|
- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)
- list all reason codes in tcpdump(8)
ok henning jmc
|
|
non-default rdomain/rtable. route will change the default rdomain
using the new setrdomain() syscall and execute the supplied command,
eg. "route -T1 exec /usr/sbin/named".
Tested by many including michele@, phessler@
ok claudio@, deraadt@
|
|
ok jsg@
|
|
ok claudio@
|
