Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-06-11 | * Remove the exit condition on no sensors at start-up, since we now support | Constantine A. Murenin | |
hotplugging. * Factor out some code from main() into a new create() procedure, to save some memory and make the code tidier. ok henning | |||
2008-06-11 | add support for "transparent" forwarding in relays: normally the l7 | Reyk Floeter | |
relay will connect to the target host with its own ip address, but this mode will let it use the address of the client that is connecting from the other side. for example, there is no need to add the X-Forwarded-For HTTP headers for internal webservers in this mode anymore since they magically see the remote client ip address in the connection. it also allows to build fully-transparent ssl encapsulation for tcp sessions and many other things... based on an initial idea from dlg@ and pascoe@ (dlg's talk at opencon) using the new BINDANY and divert-reply interfaces from markus@ (since n2k8) ok markus@ pyr@ | |||
2008-06-11 | cut lookup tag code in smaller pieces | Marc Espie | |
2008-06-11 | further step on the road to tags: | Marc Espie | |
make definitions migrate to the top of the packing-list, allow solver to find tag on the correct name (will look at full definition later). | |||
2008-06-11 | defer to the packing element for computing md5 | Marc Espie | |
2008-06-11 | refactor md5 code to be able to work from a filehandle (like a pipe output) | Marc Espie | |
2008-06-11 | let elements be responsible for computing their own md5 (allows special | Marc Espie | |
behavior for @bin object). | |||
2008-06-11 | correctly enumerate MANSUBDIR | Peter Hessler | |
pointed out by deraadt | |||
2008-06-11 | enable memconfig on amd64 | Peter Hessler | |
ok deraadt@ | |||
2008-06-11 | tweak the "route to" text; | Jason McIntyre | |
2008-06-11 | Support hotpluggable sensors (e.g. the post-4.2 ipmi0 created by the | Constantine A. Murenin | |
deferred thread, as well as some timedelta sensors). ok henning, ckuethe | |||
2008-06-11 | use monotime instead of wallclock. | Henning Brauer | |
makes us independent from system time changes. diff from japan,was hiding... ok claudio some time ago | |||
2008-06-11 | getcwd can return NULL on error, so handle that case properly. | Tobias Stoeckmann | |
ok henning | |||
2008-06-10 | set the inactivity timeout of redirections to a shorter timeout of 600 | Reyk Floeter | |
seconds by default (pf's default is 86400s), they can be cranked with the "session timeout" directive and it is consistent to relay session timeouts. also remove the hack to modify the closing timeout because pf's sloppy state handling is taking care about half connection closing now. | |||
2008-06-10 | use sloppy pf state keeping for routed sessions (direct server return) | Reyk Floeter | |
where we only see the client side of the TCP session; this removes the timeout limitations that we had before. document "route to" in the manpage since it is fully working now. | |||
2008-06-10 | typo in -as yet- unused code. | Marc Espie | |
2008-06-10 | clean up the text; ok reyk | Jason McIntyre | |
2008-06-10 | one more trafic -> traffic; | Jason McIntyre | |
2008-06-10 | Fix typo. | Joel Sing | |
2008-06-10 | add the -O option to run an external script when the "other | Reyk Floeter | |
configuration" flag is found in the RA message. it basically means "here is your IPv6 address, but run something like DHCPv6 to get more information". so the main purpose is to run a dhcpv6 client to get DNS etc. Merged from KAME ok rainer@ | |||
2008-06-10 | For IPv6 addresses, return the first 32 bits of the MD5 hash of the | Christian Weisgerber | |
address as ref ID (RFC4330). ok henning@ | |||
2008-06-10 | According to the latest SNTPv4 spec in RFC4330, secondary servers | Christian Weisgerber | |
return the address of the synchronization source as reference identification. Remove the obsolete special casing specified in RFC2030. ok henning@ | |||
2008-06-10 | Additionnal checks on the file names supplied for -s and -x. | Pierre-Yves Ritschard | |
Based on a diff by ajacoutot@, ok jdixon@ and sthen@ on a previous diff, ok ajacoutot@. | |||
2008-06-09 | - add a sanity check on tarballs name to ensure we're not feeding | Antoine Jacoutot | |
sysmerge with unrelated sets ok sthen@ pyr@ jdixon@ | |||
2008-06-09 | - encourage people to use the same source as was used to upgrade system | Antoine Jacoutot | |
binaries so that some etc files don't get forgotten in the process discussed with kurt@ tweaks and ok jmc@ | |||
2008-06-09 | simplify math for arc4random_uniform() suggested by | Damien Miller | |
Jinmei_Tatuya AT isc.org via jakob@ empirically verified for entire domain of upper_bound | |||
2008-06-09 | drop root privileges in rtadvd to _rtadvd | Rainer Giedat | |
ok deraadt@, reyk@, pyr@ | |||
2008-06-09 | also handle wireless interfaces (IFM_IEEE80211 in addition to IFM_ETHER) | Reyk Floeter | |
From kame ok rainer@ | |||
2008-06-09 | Define a new flag, UVM_FLAG_HOLE, for uvm_map to create a vm_map_entry of | Miod Vallat | |
a new etype, UVM_ET_HOLE, meaning it has no backend. UVM_ET_HOLE entries (which should be created as UVM_PROT_NONE and with UVM_FLAG_NOMERGE and UVM_FLAG_HOLE) are skipped in uvm_unmap_remove(), so that pmap_{k,}remove() is not called on the entry. This is intended to save time, and behave better, on pmaps with MMU holes at process exit time. ok art@, kettenis@ provided feedback as well. | |||
2008-06-09 | rename refstr to refid since it is an int32; ok henning | Theo de Raadt | |
2008-06-09 | do not copy up to two garbage characters from a 1 char string into a 4 char | Theo de Raadt | |
output buffer; ok henning | |||
2008-06-09 | do not leak memory on failure in refid production; ok ckuethe henning | Theo de Raadt | |
2008-06-09 | spacing | Theo de Raadt | |
2008-06-09 | Allow outgoing replies from sensor-driven servers to have a | Chris Kuethe | |
user-configurable reference ID, eg. "GPS" or "DCF"... ok mbalmer | |||
2008-06-09 | Correctly round the sockaddrs so that ndp works on 64bit machines. | Claudio Jeker | |
Stupid sockaddr_in6 has the worst size possible. OK henning@ deraadt@ | |||
2008-06-09 | allow direct copy of fh to another | Marc Espie | |
2008-06-09 | some syslog Xr; | Jason McIntyre | |
2008-06-08 | - remove sendmail cf files leftover after make in src | Antoine Jacoutot | |
issue reported by jmc@ ok pyr@ jdixon@ | |||
2008-06-08 | - enhance output for 80 columns wide terminals | Antoine Jacoutot | |
ok pyr@ | |||
2008-06-08 | Send debug output to syslog instead of a file when receiving SIGUSR1. | Rainer Giedat | |
This is a preparation for dropping privileges. ok henning@, pyr@ | |||
2008-06-08 | Don't ignore a slightly unresponsive server for an hour, 5 minutes is enough. | Chris Kuethe | |
comments & ok henning@ | |||
2008-06-07 | repair usage, jmc | Henning Brauer | |
2008-06-07 | teach the command lineparser about getopt style options after commands | Henning Brauer | |
use that for irrfilter mode. hints from theo a year ago, code by me a year ago, ok claudio a year ago | |||
2008-06-07 | Move the Apache manual out of etcXX and to miscXX where it belongs. | Jason Dixon | |
It has also been moved to /usr/share/doc/html/httpd/. This will ease sysmerge upgrades and help keep htdocs clean. Help from okan and phessler, doc tweaks by jmc ok deraadt@ millert@ beck@ | |||
2008-06-06 | oops, @bin files are files too | Marc Espie | |
2008-06-06 | @wantlib elements become checksummable | Marc Espie | |
2008-06-06 | Fix a bunch of goo by creating a more generic fucntion to handle it. | Marco Peereboom | |
code from jordan | |||
2008-06-06 | Fix alignment on some machines where crc cehck failed. | Marco Peereboom | |
code from jordan | |||
2008-06-04 | adderss -> address | Miod Vallat | |
2008-06-04 | Don't disassemble the AML if the -o option is specified. That way at least | Mark Kettenis | |
we get the complete files if the disassembler crashes on a machine. ok marco@, krw@, deraadt@ |