summaryrefslogtreecommitdiff
path: root/usr.sbin/sasyncd
AgeCommit message (Collapse)Author
2008-04-04document the bug that sasyncd peers should share the sameOtto Moerbeek
platform. it would be really nice if somebody would fix this. ok mpf@ todd@ jmc@
2008-03-17sync the synopsis and usage; "usage:" is lowercaseIgor Sobrado
ok jmc@
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2007-05-31convert to new .Dd format;Jason McIntyre
2007-05-17Check getpwnam() return value for NULL before dereferencing it.Moritz Jodeit
ok ray@ millert@
2007-02-26Zero out struct before using, not after.Ray Lai
From <sthen at symphytum dot spacehopper dot org>, PR 5388. OK hshoexer@ and mpf@.
2007-01-08allow shared key specification in hex (0x01234...); ok hoMarkus Friedl
2006-12-26make option processing happen first.Mathieu Sauve-Frankel
ok deraadt@
2006-12-25good day to remove a some pooTheo de Raadt
2006-12-25spacingTheo de Raadt
2006-12-24first pass cleanup of sasyncd, based on some discussion with deraadt@Mathieu Sauve-Frankel
inline conf_init into main() and remove it from conf.y. add usage(). small amount of whitespace nits in sasync.h ok deraadt@ mcbride@
2006-11-28add additional link states to report the half duplex / full duplexReyk Floeter
state, if known by the driver. this is required to check the full duplex state without depending on the ifmedia ioctl which can't be called in the kernel without process context. ok henning@, brad@
2006-09-16Only interpret link state routing messages for the monitored carp interface.Marco Pfatschbacher
memcpy the if_msghdr to avoid alignment problems. OK hshoexer@, miod@, deraadt@
2006-09-12for apps which use interface groups, point to the section ofJason McIntyre
ifconfig(8) where they are explained; ok mcbride mpf henning
2006-09-01Teach sasyncd to set isakmpd into active or passive mode, accordingMarco Pfatschbacher
to our current carp state. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
2006-08-31Add more SADB types to the filter: ACQUIRE, X_ASKPOLICY, REGISTER.Marco Pfatschbacher
While there put the message sieve into the more appropriate filter function. Pointed out by markus. OK ho@, markus@, hshoexer@, deraadt@
2006-08-31Only chroot the unprivileged part of sasyncd(8).Marco Pfatschbacher
OK deraadt@ mcbride@ hshoexer@
2006-08-30need to retry writing to pfkey socket on EAGAIN, ok theoHenning Brauer
2006-06-03tweaks;Jason McIntyre
2006-06-02whitespace cleanup, no binary change.Moritz Jodeit
2006-06-02Make sasyncd fail back correctly with carp preemption enabled.Ryan Thomas McBride
Hold the carp demotion when booting, to prevent carp from preempting until we've sync'd with our peers. This adds a new CTL_ENDSNAP message to the exchange between the sasync daemons to indicate when the complete snapshot has been sent. Undemote after 60 seconds, or when recieve a CTL_ENDSNAP from all our peers. Syntax is slightly changed, removing the 'carp' keyword (so do "interface carp0" rather than "carp interface carp0". Adds 'group <ifgroup>', defaults to the 'carp' group. ok moritz@
2006-06-01Instead of polling the carp interface to detect a switch between MASTER andRyan Thomas McBride
BACKUP, listen to the routing socket for link change messages. Based on a diff from nathanael at polymorpheous dot com. ok moritz@
2006-05-26let us not talk about ipsecadm and vpn anymore; ok reykTheo de Raadt
2006-04-16cleanup error handling to avoid two memleaks. found and ok pat@Moritz Jodeit
2006-03-31Plug memory leak on error path; ok ho@ moritz@Patrick Latifi
2006-02-15remove "the the" in comment; ok jmc@David Krause
2006-01-26fix some format strings and add a missingMoritz Jodeit
argument to a log_err() call. ok ho@
2006-01-20Don't depend on implicit include of signal.hTodd C. Miller
2005-09-21IPSec -> IPsecJason McIntyre
grammar from joel@
2005-09-11handle short read()'s. fixes transferMoritz Jodeit
of very large SA/SPD snapshots. ok ho@
2005-07-19handle short reads/writes. this fixes theMoritz Jodeit
transfer of big SA/SPD snapshots. ok ho@
2005-07-09IP-address -> IP address;Jason McIntyre
from tamas tevesz;
2005-07-07when reading of sadb/spd data fails don't callMoritz Jodeit
memset with a len of (unsigned)-1. ok ho@
2005-05-31minor tweaks;Jason McIntyre
2005-05-28result not used; ok hoTheo de Raadt
2005-05-28Optionally prevent syncing failover node-node SA/SPD info (master side).Hakan Olsson
2005-05-27Update, also mention pfsync integrationHakan Olsson
2005-05-27Keep sockaddr in syncpeer struct.Hakan Olsson
2005-05-27Implement SPD (IPsec flow) snapshots.Hakan Olsson
2005-05-26Document 'flushmode'Hakan Olsson
2005-05-26add a 'flushmode' to control how the master handles FLUSH to slaves. tweak ↵Hakan Olsson
some loglevels.
2005-05-26check ppidHakan Olsson
2005-05-26disable SPD snapshot for nowHakan Olsson
2005-05-26Initialize variablesHakan Olsson
2005-05-26Don't alloc/free zero-sized SADB/SPD buffers.Hakan Olsson
2005-05-24cleanup parser, permit more than one listenerHakan Olsson
2005-05-24logging tweaksHakan Olsson
2005-05-24Now that all "other" SADB_DUMP fields are zero, we don't have fix it here.Hakan Olsson
2005-05-24Remove some debugging cruft.Hakan Olsson
2005-05-24When peers connect, have the master daemon look at in-kernel SAs and feedHakan Olsson
these to the new peer. Adds privsep as fetching SADB and SPD kernel data requires privileges.