| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
naddy gave me a pointer in the right direction
ok millert@ deraadt@
looks good to matt dunwoodie
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
note that this links ifconfig with libcrypto to get at base64
encoding and decoding routines. im looking at an alternative way
to do that, so hopefully this is temporary.
secondly, note that all the wireguard stuff is under ifndef SMALL,
so the special build of ifconfig for install media does include
wireguard support, and also does not need libcrypto.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
|
|
|
|
|
|
| |
ncg * ipg calcualtion can overflow if signed types are used. Move
to uint32_t for the relevant values. Aligned with FreeBSD changes.
Also make sure newfs refuses to create an fs with more that 2^32-1
inodes. ok millert@
|
|
|
|
| |
ok patrick@
|
|
|
|
| |
ok patrick@
|
| |
|
|
|
|
| |
ok patrick@
|
|
|
|
| |
ok patrick@
|
|
|
|
|
|
| |
improving clarity.
No intentional functional change.
|
|
|
|
| |
ok patrick@
|
|
|
|
| |
ok patrick@
|
|
|
|
| |
ok patrick@
|
| |
|
|
|
|
|
|
| |
conversion steps). it only contains kernel prototypes for 4 interfaces,
all of which legitimately belong in sys/systm.h, which are already included
by all enqueue_randomness() users.
|
|
|
|
| |
ok patrick@
|
| |
|
|
|
|
|
|
|
| |
from the range [1..UINT_MAX] initially. On inode re-use increment
and on wrap refill from the range [1..UINT_MAX-1] to avoid
assigning UINT_MAX (the original value). Zero still means uninitialized.
ok millert@
|
| |
|
|
|
|
| |
'address'.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
They can be configured with the new ikesa enc options aes-128-gcm,
aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.
Tested with Strongswan by Stephan Mendling and myself
Tested with Juniper SRX by remi@
ok sthen@, patrick@
|
|
|
|
|
|
|
|
|
|
|
|
| |
slaacd and unwind start very early in the boot process and syslog is
not fully available yet so these messages tend to get lost.
But they are also not particularly useful.
Prompted by a report by Jason Mader on bugs@
OK deraadt, claudio, bluhm
Note that this code has been copied around to all our privsep daemons
and also lives in usr.sbin. Leave it alone there because multiple people
said they find it useful for those daemons.
|
|
|
|
| |
allusions to 'rtstatic'.
|
|
|
|
| |
extraction function.
|
|
|
|
| |
current usage.
|
| |
|
| |
|
|
|
|
|
|
|
| |
routes_len, domains_len, ns_len. Removes obsolete alignment with
names of RTM_PROPOSAL fields and makes code easier to read.
No intentional functional change.
|
|
|
|
|
|
|
|
|
|
|
|
| |
domain name servers with variable sized uint8_t chunks.
Allows larger lists of search domains and static routes while making
common situations use much less memory.
Original report of breaching the 128-byte limit for static routes from
James Cook via misc@.
Testing of various versions by Andreas Kusalananda.
|
|
|
|
|
|
|
| |
unnecessary wrappers, since they all contained a single field that
could be used as is.
Suggested by claudio@
|
| |
|
| |
|
|
|
|
|
| |
for FFS1 MFS. Problem reported by Mark Patruck and Andreas Kusalananda Kahari.
ok otto@
|
|
|
|
|
| |
filesystems or ramdisks to use explicit -O 1; installer already does that.
ok sthen@
|
|
|
|
|
|
|
| |
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
|
|
|
|
|
|
|
| |
after the variable length data (static routes, search path, dns
servers) sizes are deteremined.
No intentional functional change. Allows potential change to variable
length proposals.
|
|
|
|
|
|
| |
a different value to limit memcpy() is a bad thing.
Discovered & fix tested by Andreas Kahari. Thanks!
|
|
|
|
|
|
|
| |
in printing the int field we store it in. i.e. '%d' not '%u.
Discovered while tracking down breakage reported by Andreas Kahari on
bugs@.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In pf(4), the pf_status.since timestamp is set with time_uptime(9).
This is a low-res snapshot of nanouptime(9). nanouptime(9) is used to
implement CLOCK_BOOTTIME for clock_gettime(2). It is not used to
implement CLOCK_UPTIME, though. The names are misleading.
Switch to CLOCK_BOOTTIME in places in userspace where we use
pf_status.since so we are working with the right clock.
Technically CLOCK_MONOTONIC is equivalent, but we shouldn't use that
here. CLOCK_MONOTONIC is not necessarily the "time since boot": the
standard says its absolute value is meaningless.
ok patrick@ bluhm@
|
|
|
|
| |
ok patrick@
|
|
|
|
|
|
| |
(domain search) and 't' (text) options. Enables append/prepend for the
domain-search option by inserting blanks between the domains and
ensures the presence of a terminating NUL when merging text.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|