summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2005-09-28- use proper function name in log messageMathieu Sauve-Frankel
ok norby@
2005-09-28use more strtonum(); from mkb@crypt.org.ruTheo de Raadt
2005-09-28err()->errx() and KNF; ok djm@Kevin Steves
2005-09-27Fix another case of inconstitent error handling that was missed in theOtto Moerbeek
previous commit. ok moritz@
2005-09-27use xargs -r0 for our build processTheo de Raadt
2005-09-27tweaks from wiz@netbsdJason McIntyre
2005-09-26deal with xargs new behaviour by using -r, okay deraadt@Pedro Martelletto
2005-09-26If setting the filter fails, pass the error back;Otto Moerbeek
ok deraadt@
2005-09-24- add auth_type and auth_keyid to struct ctl_ifaceMathieu Sauve-Frankel
- have ospfctl tell us when we are using authentication with 'show interface' ok claudio@ norby@
2005-09-24Add some code to just build the packing-list even if the package won'tMarc Espie
happen. Use -q and -Q for now, may change.
2005-09-24give it a bit highr priority and exit w/ failure if systcl ever fails; marc@ ↵Michael Shalayeff
henning@ ok some time ago...
2005-09-24pass actual items to prepare_long and check_name so that we can alsoMarc Espie
verify that modes/groups/owners are correct (code to come)
2005-09-24move uname/gname existence check into ArcCheck: Ustar archives deal withMarc Espie
this differently. Namely, use specific variables that default to the numeric value if the uid/gid don't exist in mkheader. Since the entry fields are not filled, ArcCheck gets all it needs for the package check.
2005-09-24Allows FETCH_CMD to replace ftp.Marc Espie
Note that, for simplicity, FETCH_CMD must be a single command with a full path. Use a script if you must.
2005-09-24mention marking of logs that have wrapped their buffer, from stevesk@Damien Miller
2005-09-24Log source address for 'malformed packet' errors. ok henning@Darren Tucker
2005-09-23Only allow root to run tcpdump. It's needed for the chroot security.Otto Moerbeek
ok moritz@ deraadt@
2005-09-23default port for ftp-proxy is 8021;Jason McIntyre
from johnb (pr #4520); ok deraadt@ ian@
2005-09-22boot-able -> bootable (typo fix in comments only)Jason McIntyre
from janne johansson (pr #4516)
2005-09-22consistency fixes, spotted by brian at awfulhak org;Jason McIntyre
2005-09-22add missing phrase;Jason McIntyre
ok brad@
2005-09-22add a few flags to CDIAGFLAGSBrad Smith
2005-09-21rearrange sanity checks to eliminate signed arithmatic, from stevesk@Damien Miller
2005-09-21grammar, spelling, formatting fixes...Jason McIntyre
2005-09-21Added some missing defines.Brad Smith
From ru FreeBSD
2005-09-21Add a radius_Flush() function that waits for the response (or timeout) toBrad Smith
any pending RADIUS transaction. Use this before sending RAD_STOP RADIUS messages so that we definitely ``stop'' the session. It was discovered that sometimes when the link timed out, we got lucky enough to have an un-ACK'd RADIUS accounting transaction in progress, resulting in the RAD_STOP message failing to send. From brian FreeBSD
2005-09-21Support a ``set rad_alive N'' command to enable periodic RADIUS accountingBrad Smith
information being sent to the RADIUS server. Logging of RADIUS accounting information moves to a ``set log [+-]radius'' level, along with the RADIUS alive info. From brian FreeBSD
2005-09-21Send NAS-IP-Address as well as NAS-IdentifierBrad Smith
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to support pre-rfc2865 RADIUS servers. This pushes our enable/disable items over the 32 bit limit, so reoganise things to allow a bunch more options. From brian FreeBSD
2005-09-21Avoid casts as lvalues.Brad Smith
From kan FreeBSD
2005-09-21If HISMACADDR is set in the environment, pass the value toBrad Smith
the RADIUS server as RAD_CALLING_STATION_ID. From brian FreeBSD
2005-09-21Send RADIUS gigaword data when OctetsIn or OctetsOut go over UINT32_MAX.Brad Smith
From dds FreeBSD
2005-09-21Make sure that "updates" with only MP withdraws (MP_UNREACH_NRLI) stopClaudio Jeker
processing after the MP withdraw block. OK henning@
2005-09-21when the route to a nexthop is a reject or blackhole route, the nexthopHenning Brauer
is invalid. add check for these flags. shows up with v6, many reject routes there. claudio ok
2005-09-21IPSec -> IPsecJason McIntyre
grammar from joel@
2005-09-21uppercase first letter of a sentence;Jason McIntyre
2005-09-21name union.Brad Smith
From ume FreeBSD
2005-09-21IPV6PREFIX is set when Framed-IPv6-Prefix is defined, You mayBrad Smith
want to pass the value to upper layer protocol such as DHCPv6 for prefix delegation. From ume FreeBSD
2005-09-21Do RADIUS accounting on IPV6CP.Brad Smith
From ume FreeBSD
2005-09-21Install routes specified by Framed-IPv6-Route. Since the formatBrad Smith
of Framed-IPv6-Route is user defined, it follows Framed-IP-route. From ume FreeBSD
2005-09-21Add IPv6 related attributes defined in RFC3162.Brad Smith
From ume FreeBSD
2005-09-20refuse building archive if we don't have user names for the uids.Marc Espie
2005-09-20allow "show rib" to be limited to an address family tooHenning Brauer
2005-09-20don't try to print v6 nexthops as v4 addressHenning Brauer
2005-09-20for consistency, make "show network" and alias for "network show"Henning Brauer
2005-09-20allow the "show network" output to be limited to a given address familyHenning Brauer
2005-09-20let "bgpctl network show" print v6 addresses correctlyHenning Brauer
2005-09-19zap unused header and #defines, mostly from stevesk@Damien Miller
2005-09-19Since ppp.link{up,down} is invoked at the end of IPCP negotiation, ifBrad Smith
we need ppp.link{up,down}, we couldn't disable IPCP. Now, if IPCP is disabled, ppp.link{up,down} is invoked at the end of IPV6CP negotiation. From FreeBSD
2005-09-19rev 1.8Brad Smith
made ppp compliant to RFC 2472 (based on a patch from another contributor) rev 1.10 Once ppp session is over, the route to ff02::tun0/32 was deleted, and never came back. Now, the route to ff02::tun0/32 is installed at the end of IPV6CP negitiaton. From FreeBSD Tested by aanriot@ and a few end-users
2005-09-19implement fast reconnectsHenning Brauer
when a peer drops to IDLE, we have to force him in IDLE for some time to prevent fast flapping. however, the forced idle time is annoying when the connection could be re-established immediately, i. e. bgpctl nei $peer clear or similar. implement an error counter per peer, increased every time we receive a notification. when we are in state IDLE and get a connection from the peer in question, check if the error counter is 1 or smaller. if so, change state to active and accept the connection, otherwise keep the current behaviour and reject the connection. the error counter gets scaled back by the IdleHoldResetTimer that scales the IdleHoldTime back as well