summaryrefslogtreecommitdiff
path: root/usr.sbin/sasyncd
AgeCommit message (Collapse)Author
2006-11-28add additional link states to report the half duplex / full duplexReyk Floeter
state, if known by the driver. this is required to check the full duplex state without depending on the ifmedia ioctl which can't be called in the kernel without process context. ok henning@, brad@
2006-09-16Only interpret link state routing messages for the monitored carp interface.Marco Pfatschbacher
memcpy the if_msghdr to avoid alignment problems. OK hshoexer@, miod@, deraadt@
2006-09-12for apps which use interface groups, point to the section ofJason McIntyre
ifconfig(8) where they are explained; ok mcbride mpf henning
2006-09-01Teach sasyncd to set isakmpd into active or passive mode, accordingMarco Pfatschbacher
to our current carp state. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
2006-08-31Add more SADB types to the filter: ACQUIRE, X_ASKPOLICY, REGISTER.Marco Pfatschbacher
While there put the message sieve into the more appropriate filter function. Pointed out by markus. OK ho@, markus@, hshoexer@, deraadt@
2006-08-31Only chroot the unprivileged part of sasyncd(8).Marco Pfatschbacher
OK deraadt@ mcbride@ hshoexer@
2006-08-30need to retry writing to pfkey socket on EAGAIN, ok theoHenning Brauer
2006-06-03tweaks;Jason McIntyre
2006-06-02whitespace cleanup, no binary change.Moritz Jodeit
2006-06-02Make sasyncd fail back correctly with carp preemption enabled.Ryan Thomas McBride
Hold the carp demotion when booting, to prevent carp from preempting until we've sync'd with our peers. This adds a new CTL_ENDSNAP message to the exchange between the sasync daemons to indicate when the complete snapshot has been sent. Undemote after 60 seconds, or when recieve a CTL_ENDSNAP from all our peers. Syntax is slightly changed, removing the 'carp' keyword (so do "interface carp0" rather than "carp interface carp0". Adds 'group <ifgroup>', defaults to the 'carp' group. ok moritz@
2006-06-01Instead of polling the carp interface to detect a switch between MASTER andRyan Thomas McBride
BACKUP, listen to the routing socket for link change messages. Based on a diff from nathanael at polymorpheous dot com. ok moritz@
2006-05-26let us not talk about ipsecadm and vpn anymore; ok reykTheo de Raadt
2006-04-16cleanup error handling to avoid two memleaks. found and ok pat@Moritz Jodeit
2006-03-31Plug memory leak on error path; ok ho@ moritz@Patrick Latifi
2006-02-15remove "the the" in comment; ok jmc@David Krause
2006-01-26fix some format strings and add a missingMoritz Jodeit
argument to a log_err() call. ok ho@
2006-01-20Don't depend on implicit include of signal.hTodd C. Miller
2005-09-21IPSec -> IPsecJason McIntyre
grammar from joel@
2005-09-11handle short read()'s. fixes transferMoritz Jodeit
of very large SA/SPD snapshots. ok ho@
2005-07-19handle short reads/writes. this fixes theMoritz Jodeit
transfer of big SA/SPD snapshots. ok ho@
2005-07-09IP-address -> IP address;Jason McIntyre
from tamas tevesz;
2005-07-07when reading of sadb/spd data fails don't callMoritz Jodeit
memset with a len of (unsigned)-1. ok ho@
2005-05-31minor tweaks;Jason McIntyre
2005-05-28result not used; ok hoTheo de Raadt
2005-05-28Optionally prevent syncing failover node-node SA/SPD info (master side).Hakan Olsson
2005-05-27Update, also mention pfsync integrationHakan Olsson
2005-05-27Keep sockaddr in syncpeer struct.Hakan Olsson
2005-05-27Implement SPD (IPsec flow) snapshots.Hakan Olsson
2005-05-26Document 'flushmode'Hakan Olsson
2005-05-26add a 'flushmode' to control how the master handles FLUSH to slaves. tweak ↵Hakan Olsson
some loglevels.
2005-05-26check ppidHakan Olsson
2005-05-26disable SPD snapshot for nowHakan Olsson
2005-05-26Initialize variablesHakan Olsson
2005-05-26Don't alloc/free zero-sized SADB/SPD buffers.Hakan Olsson
2005-05-24cleanup parser, permit more than one listenerHakan Olsson
2005-05-24logging tweaksHakan Olsson
2005-05-24Now that all "other" SADB_DUMP fields are zero, we don't have fix it here.Hakan Olsson
2005-05-24Remove some debugging cruft.Hakan Olsson
2005-05-24When peers connect, have the master daemon look at in-kernel SAs and feedHakan Olsson
these to the new peer. Adds privsep as fetching SADB and SPD kernel data requires privileges.
2005-05-23wee fixes;Jason McIntyre
2005-05-23Xr and whitespace fixes;Jason McIntyre
2005-05-23Various logging fixes, handle peer disconnects better.Hakan Olsson
2005-05-23add "listen on <interface name>"Hakan Olsson
2005-05-23No more SSL. Make text somewhat clearer.Hakan Olsson
2005-05-22No more SSL between peers, instead do shared key AES & SHAHakan Olsson
2005-05-22style nitsHakan Olsson
2005-05-03setres[ug]id; ok deraadt@Damien Miller
2005-05-01typarella; from alexandre anriot;Jason McIntyre
2005-05-01spellingDavid Krause
2005-04-03yacc parserHakan Olsson