| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok millert@
|
| |
|
|
|
| |
ipsec code is written, but is disabled, so the ipsec words here are
still commented out for now.
|
| |
|
|
| |
ok jmatthew@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
-genkey" rather than separately generating parameters and key. Give a
clue that some CAs accept only prime256v1. Show the user where to stop
if they're just generating a private key for acme-client and therefore
don't need to generate a csr or cert manually. Add xr to acme-client(1)
suggest by tb@.
ok jmc tb
|
| | |
|
| |
|
|
| |
GC www/drupal7 description
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ports dev work.
if you are able to run pkg_add as root without a password, your account
is root-equivalent.
typing the password multiple times is a pain but if somebody is going to
choose to weaken their local security in this way, it should be their
own decision and not something they have read in a manpage.
ok tb@ thfr@
|
| |
|
|
|
|
|
|
|
| |
exposing battery sensors for HID++ 2.0 devices. Most of the code is
derived from the hid-logitech-hidpp Linux driver.
Thanks to Ville Valkonen <weezeldinga at gmail dot com> for testing.
ok mglocker@
|
| |
|
|
| |
OK deraadt@, bluhm@
|
| |
|
|
|
| |
ok bket@ sthen@ (who initially suggested the if-not-native value under
a similar name)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is a significant (and breaking) reworking of the policy based
routing that pf can do. the intention is to make it as easy as
nat/rdr to use, and more robust when it's operating.
the main reasons for this change are:
- route-to, reply-to, and dup-to do not work with pfsync
this is because the information about where to route-to is stored in
rules, and it is hard to have a ruleset synced between firewalls,
and impossible to have them synced 100% of the time.
- i can make my boxes panic in certain situations using route-to
yeah...
- the configuration and syntax for route-to rules are confusing.
the argument to route-to and co is an interace name with an optional
ip address. there are several problems with this. one is that people
tend to think about routing as sending packets to peers by their
address, not by the interface they're reachable on. another is that
we currently have no way to synchronise interface topology information
between firewalls, so using an interface to say where packets go
means we can't do failover of these states with pfsync. another
is that a change in routing topology means a host may become
reachable over a different interface. tying routing policy to
interfaces gets in the way of failover and load balancing.
this change does the following:
- stores the route info in the state instead of the pf rule
this allows route-to to keep working when the ruleset changes, and
allows route-to info to be sent over pfsync. there's enough spare bits
in pfsync messages that the protocol doesnt break.
the caveat is that route-to becomes tied to pass rules that create
state, like rdr-to and nat-to.
- the argument to route-to etc is a destination ip address
it's not limited to a next-hop address (thought a next-hop can be a
destination address). this allows for the failover and load balancing
referred to above.
- deprecates the address@interface host syntax in pfctl
because routing is done entirely by IPs, the interface is derived from
the route lookup, not pf. any attempt to use the @interface syntax
will fail now in all contexts.
there's enthusiasm from proctor@ jmatthew@ and others
ok sashan@ bluhm@
|
| |
|
|
| |
OK deraadt@
|
| |
|
|
| |
OK deraadt@
|
| |
|
|
|
|
| |
available device interfaces is called 'bNumInterfaces'.
ok phessler@, thfr@ (who provided the man page diff)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
|
| |
|
|
|
|
|
| |
Claim to be a touchpad instead, which sets up ims devices in X11 to
be more like touchpads.
ok mglocker
|
| |
|
|
|
|
| |
We don't use static in the kernel due to ddb so functions private
to the compilation unit are basically equivalent.
OK cheloha@ gnezdo@ mglocker@
|
| |
|
|
| |
ok claudio@ jmc@ sthen@
|
| |
|
|
| |
ok kn@ mvs@
|
| |
|
|
|
|
|
|
|
|
|
| |
interface descriptor corresponding to the unique name. This descriptor
is guaranteed to be valid until if_put(9) is called on the returned
pointer. if_unit(9) should replace already existent ifunit() which
returns descriptor not safe for dereference when context was switched.
This allow us to avoid some use-after-free issues in ioctl(2) path.
Also this unifies interface descriptor usage.
ok claudio@ sashan@
|
| |
|
|
| |
ok anton@ kn@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Less special cases in (rare) ports, pluse one can use EXTRACT_FILES as usual now.
OK espie robert
|
| | |
|
| |
|
|
|
|
|
| |
From Pierre Emeriaud, thanks!
Feeback jmc
OK dlg
|
| |
|
|
| |
With input from jmc@
|
| |
|
|
|
|
| |
and were kept only for backward compatibility reasons.
ok mpi@ yasuoka@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
With help/input from jmc@ and kn@.
ok jmc@
|
jmc
deraadt
kettenis
mvs
dlg
jsg
sthen
espie
stsp
visa
anton
rob
jca
mglocker
thfr
jcs
millert
kevlo
jmatthew
kn
claudio