| Age | Commit message (Collapse) | Author |
|---|
|
From Patrik Lundin and Linus Widstromer.
ok reyk@
|
|
|
|
some cases it is desired to load the rules as "match in" without "quick"
to allow additional filtering or applying additional rule/state options,
eg. to add an overload table for DOS mitigation. Add the optional "match"
keyword for the redirect "tag" option to change the pf rule type accordingly.
ok jsg@ mikeb@
|
|
|
|
ok claudio@, jsg@, phessler@
|
|
(verified by both sthen@ and me).
ok sthen@; "just commit it" claudio@
|
|
|
|
inherited from the table definition even though these values could
not be changed there. While there fix a memory leak in a rather strange
case.
OK phessler, jsg, pyr, sthen, deraadt
|
|
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?
|
|
Seems reasonable to jsg, ok phessler, no response from reyk or pyr
|
|
Minor bump for libutil.
Previous versions of this diff and man page looked at by various people.
"you should just commit" deraadt
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
more readable, and fixes a spacing bug we had in smtpd.8;
|
|
and "server".
fixes for bgplg(8) and relayd.conf(5) suggested by jmc@, good catch!
ok jmc@
|
|
and follows a suggestion in event.h. also don't mix signal() and
signal_set()/signal_add().
ok jsg@ gilles@
|
|
ok jsg@ gilles@
|
|
|
|
'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@
and tech@ postings, many by Brad Tilley.
|
|
ok eric
|
|
If this happens the imsg may no longer be usable as there may be queued
messages, but this is a) already the case with the code now, and b)
would be the case if recvmsg() fails anyway, so we can document that -1
from imsg_read() invalidates the struct imsgbuf.
discussed with and ok eric
|
|
This fixes it.
Found out by Laurent Lavaud & myself.
"looks olrite" henning@
|
|
relay protocol with that done for specified relay protocols.
Makes it possible to use SSL for the default relay protocol.
From boudewijn@indes.com in pr 6316
|
|
in these cases, is useless anyway.
Found by and fixing the build with mandoc;
still fine with both old and new groff.
ok jmc@
|
|
connection and while here create a seperate function for handling cleaning
up after a request; with suggestions from reyk and claudio.
ok claudio@
|
|
something here as well.
ok claudio@ phessler@
|
|
As the child processes now call event_loopexit() and signal handling
is done through libevent if a child process died we wouldn't always
cleanup properly and wouldn't do carp demote to failover either.
This matches the way ospfd does things which is where the event_loopexit()
in child processes change came from originally.
ok claudio@ pyr@
|
|
don't get into a situation where we are calling event_set() on an event
that was already added.
ok claudio@
|
|
confusing pf.
|
|
actions. Allow interfaces to be specified in special table entries for
the routing actions. Lists of addresses can now only be done using tables,
which pfctl will generate automatically from the existing syntax.
Functionally, this deprecates the use of multiple tables or dynamic
interfaces in a single nat or rdr rule.
ok henning dlg claudio
|
|
like several other things in the tree.
ok reyk@ looks fine claudio@
|
|
`OK' claudio
|
|
of the hardcoded 0. OK henning@
|
|
ok jmc
|
|
found by parfait.
|
|
elements first (this matches all the other structures). no functional
change.
|
|
few remaining ".Tn UNIX" macros with ".Ux" ones.
pointed out by ratchov@, thanks!
ok jmc@
|
|
ok jmc@
|
|
in an error path.
|
|
loop in the shutdown case. OK henning@
Fix an error message to include the correct function name.
|
|
function, which is additionally exported for use by others.
It will be needed by smtpd's SSL module when the SMTP client code
is changed to replace libevent's evbuffers with our msgbuf_* API.
ok gilles@ henning@ guenther@ eric@
|
|
ok henning@
|
|
|
|
em0". the implementation will lookup the first IPv4 address of an
interface before any other IPv4 and IPv6 addresses.
ok gilles@ (i got inspired by smtpd)
|
|
ok pyr@, jmc@ for man bits
|
|
Thanks to Sebastian Benoit, closes pr6146
|
|
based on health check results, using the existing table syntax. this
allows to maintain multiple (uplink) gateways to implement link
balancing or WAN link failover if no routing protocol or other
keepalive method is available. works fine with or without
net.inet.ip.multipath enabled.
ok pyr@, jmc@ for manpages
|
|
freeing the msgbuf.
While here also remove an unnecessary while loop.
ok eric pyr
|
|
|
|
another 'struct session' in sys/sysctl.h.
|
|
check if the host is only n hops away and not re-routed over a longer
path.
|
