summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2008-06-11* Remove the exit condition on no sensors at start-up, since we now supportConstantine A. Murenin
hotplugging. * Factor out some code from main() into a new create() procedure, to save some memory and make the code tidier. ok henning
2008-06-11add support for "transparent" forwarding in relays: normally the l7Reyk Floeter
relay will connect to the target host with its own ip address, but this mode will let it use the address of the client that is connecting from the other side. for example, there is no need to add the X-Forwarded-For HTTP headers for internal webservers in this mode anymore since they magically see the remote client ip address in the connection. it also allows to build fully-transparent ssl encapsulation for tcp sessions and many other things... based on an initial idea from dlg@ and pascoe@ (dlg's talk at opencon) using the new BINDANY and divert-reply interfaces from markus@ (since n2k8) ok markus@ pyr@
2008-06-11cut lookup tag code in smaller piecesMarc Espie
2008-06-11further step on the road to tags:Marc Espie
make definitions migrate to the top of the packing-list, allow solver to find tag on the correct name (will look at full definition later).
2008-06-11defer to the packing element for computing md5Marc Espie
2008-06-11refactor md5 code to be able to work from a filehandle (like a pipe output)Marc Espie
2008-06-11let elements be responsible for computing their own md5 (allows specialMarc Espie
behavior for @bin object).
2008-06-11correctly enumerate MANSUBDIRPeter Hessler
pointed out by deraadt
2008-06-11enable memconfig on amd64Peter Hessler
ok deraadt@
2008-06-11tweak the "route to" text;Jason McIntyre
2008-06-11Support hotpluggable sensors (e.g. the post-4.2 ipmi0 created by theConstantine A. Murenin
deferred thread, as well as some timedelta sensors). ok henning, ckuethe
2008-06-11use monotime instead of wallclock.Henning Brauer
makes us independent from system time changes. diff from japan,was hiding... ok claudio some time ago
2008-06-11getcwd can return NULL on error, so handle that case properly.Tobias Stoeckmann
ok henning
2008-06-10set the inactivity timeout of redirections to a shorter timeout of 600Reyk Floeter
seconds by default (pf's default is 86400s), they can be cranked with the "session timeout" directive and it is consistent to relay session timeouts. also remove the hack to modify the closing timeout because pf's sloppy state handling is taking care about half connection closing now.
2008-06-10use sloppy pf state keeping for routed sessions (direct server return)Reyk Floeter
where we only see the client side of the TCP session; this removes the timeout limitations that we had before. document "route to" in the manpage since it is fully working now.
2008-06-10typo in -as yet- unused code.Marc Espie
2008-06-10clean up the text; ok reykJason McIntyre
2008-06-10one more trafic -> traffic;Jason McIntyre
2008-06-10Fix typo.Joel Sing
2008-06-10add the -O option to run an external script when the "otherReyk Floeter
configuration" flag is found in the RA message. it basically means "here is your IPv6 address, but run something like DHCPv6 to get more information". so the main purpose is to run a dhcpv6 client to get DNS etc. Merged from KAME ok rainer@
2008-06-10For IPv6 addresses, return the first 32 bits of the MD5 hash of theChristian Weisgerber
address as ref ID (RFC4330). ok henning@
2008-06-10According to the latest SNTPv4 spec in RFC4330, secondary serversChristian Weisgerber
return the address of the synchronization source as reference identification. Remove the obsolete special casing specified in RFC2030. ok henning@
2008-06-10Additionnal checks on the file names supplied for -s and -x.Pierre-Yves Ritschard
Based on a diff by ajacoutot@, ok jdixon@ and sthen@ on a previous diff, ok ajacoutot@.
2008-06-09- add a sanity check on tarballs name to ensure we're not feedingAntoine Jacoutot
sysmerge with unrelated sets ok sthen@ pyr@ jdixon@
2008-06-09- encourage people to use the same source as was used to upgrade systemAntoine Jacoutot
binaries so that some etc files don't get forgotten in the process discussed with kurt@ tweaks and ok jmc@
2008-06-09simplify math for arc4random_uniform() suggested byDamien Miller
Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound
2008-06-09drop root privileges in rtadvd to _rtadvdRainer Giedat
ok deraadt@, reyk@, pyr@
2008-06-09also handle wireless interfaces (IFM_IEEE80211 in addition to IFM_ETHER)Reyk Floeter
From kame ok rainer@
2008-06-09Define a new flag, UVM_FLAG_HOLE, for uvm_map to create a vm_map_entry ofMiod Vallat
a new etype, UVM_ET_HOLE, meaning it has no backend. UVM_ET_HOLE entries (which should be created as UVM_PROT_NONE and with UVM_FLAG_NOMERGE and UVM_FLAG_HOLE) are skipped in uvm_unmap_remove(), so that pmap_{k,}remove() is not called on the entry. This is intended to save time, and behave better, on pmaps with MMU holes at process exit time. ok art@, kettenis@ provided feedback as well.
2008-06-09rename refstr to refid since it is an int32; ok henningTheo de Raadt
2008-06-09do not copy up to two garbage characters from a 1 char string into a 4 charTheo de Raadt
output buffer; ok henning
2008-06-09do not leak memory on failure in refid production; ok ckuethe henningTheo de Raadt
2008-06-09spacingTheo de Raadt
2008-06-09Allow outgoing replies from sensor-driven servers to have aChris Kuethe
user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer
2008-06-09Correctly round the sockaddrs so that ndp works on 64bit machines.Claudio Jeker
Stupid sockaddr_in6 has the worst size possible. OK henning@ deraadt@
2008-06-09allow direct copy of fh to anotherMarc Espie
2008-06-09some syslog Xr;Jason McIntyre
2008-06-08- remove sendmail cf files leftover after make in srcAntoine Jacoutot
issue reported by jmc@ ok pyr@ jdixon@
2008-06-08- enhance output for 80 columns wide terminalsAntoine Jacoutot
ok pyr@
2008-06-08Send debug output to syslog instead of a file when receiving SIGUSR1.Rainer Giedat
This is a preparation for dropping privileges. ok henning@, pyr@
2008-06-08Don't ignore a slightly unresponsive server for an hour, 5 minutes is enough.Chris Kuethe
comments & ok henning@
2008-06-07repair usage, jmcHenning Brauer
2008-06-07teach the command lineparser about getopt style options after commandsHenning Brauer
use that for irrfilter mode. hints from theo a year ago, code by me a year ago, ok claudio a year ago
2008-06-07Move the Apache manual out of etcXX and to miscXX where it belongs.Jason Dixon
It has also been moved to /usr/share/doc/html/httpd/. This will ease sysmerge upgrades and help keep htdocs clean. Help from okan and phessler, doc tweaks by jmc ok deraadt@ millert@ beck@
2008-06-06oops, @bin files are files tooMarc Espie
2008-06-06@wantlib elements become checksummableMarc Espie
2008-06-06Fix a bunch of goo by creating a more generic fucntion to handle it.Marco Peereboom
code from jordan
2008-06-06Fix alignment on some machines where crc cehck failed.Marco Peereboom
code from jordan
2008-06-04adderss -> addressMiod Vallat
2008-06-04Don't disassemble the AML if the -o option is specified. That way at leastMark Kettenis
we get the complete files if the disassembler crashes on a machine. ok marco@, krw@, deraadt@