Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-04-04 | document the bug that sasyncd peers should share the same | Otto Moerbeek | |
platform. it would be really nice if somebody would fix this. ok mpf@ todd@ jmc@ | |||
2008-03-17 | sync the synopsis and usage; "usage:" is lowercase | Igor Sobrado | |
ok jmc@ | |||
2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-05-17 | Check getpwnam() return value for NULL before dereferencing it. | Moritz Jodeit | |
ok ray@ millert@ | |||
2007-02-26 | Zero out struct before using, not after. | Ray Lai | |
From <sthen at symphytum dot spacehopper dot org>, PR 5388. OK hshoexer@ and mpf@. | |||
2007-01-08 | allow shared key specification in hex (0x01234...); ok ho | Markus Friedl | |
2006-12-26 | make option processing happen first. | Mathieu Sauve-Frankel | |
ok deraadt@ | |||
2006-12-25 | good day to remove a some poo | Theo de Raadt | |
2006-12-25 | spacing | Theo de Raadt | |
2006-12-24 | first pass cleanup of sasyncd, based on some discussion with deraadt@ | Mathieu Sauve-Frankel | |
inline conf_init into main() and remove it from conf.y. add usage(). small amount of whitespace nits in sasync.h ok deraadt@ mcbride@ | |||
2006-11-28 | add additional link states to report the half duplex / full duplex | Reyk Floeter | |
state, if known by the driver. this is required to check the full duplex state without depending on the ifmedia ioctl which can't be called in the kernel without process context. ok henning@, brad@ | |||
2006-09-16 | Only interpret link state routing messages for the monitored carp interface. | Marco Pfatschbacher | |
memcpy the if_msghdr to avoid alignment problems. OK hshoexer@, miod@, deraadt@ | |||
2006-09-12 | for apps which use interface groups, point to the section of | Jason McIntyre | |
ifconfig(8) where they are explained; ok mcbride mpf henning | |||
2006-09-01 | Teach sasyncd to set isakmpd into active or passive mode, according | Marco Pfatschbacher | |
to our current carp state. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@ | |||
2006-08-31 | Add more SADB types to the filter: ACQUIRE, X_ASKPOLICY, REGISTER. | Marco Pfatschbacher | |
While there put the message sieve into the more appropriate filter function. Pointed out by markus. OK ho@, markus@, hshoexer@, deraadt@ | |||
2006-08-31 | Only chroot the unprivileged part of sasyncd(8). | Marco Pfatschbacher | |
OK deraadt@ mcbride@ hshoexer@ | |||
2006-08-30 | need to retry writing to pfkey socket on EAGAIN, ok theo | Henning Brauer | |
2006-06-03 | tweaks; | Jason McIntyre | |
2006-06-02 | whitespace cleanup, no binary change. | Moritz Jodeit | |
2006-06-02 | Make sasyncd fail back correctly with carp preemption enabled. | Ryan Thomas McBride | |
Hold the carp demotion when booting, to prevent carp from preempting until we've sync'd with our peers. This adds a new CTL_ENDSNAP message to the exchange between the sasync daemons to indicate when the complete snapshot has been sent. Undemote after 60 seconds, or when recieve a CTL_ENDSNAP from all our peers. Syntax is slightly changed, removing the 'carp' keyword (so do "interface carp0" rather than "carp interface carp0". Adds 'group <ifgroup>', defaults to the 'carp' group. ok moritz@ | |||
2006-06-01 | Instead of polling the carp interface to detect a switch between MASTER and | Ryan Thomas McBride | |
BACKUP, listen to the routing socket for link change messages. Based on a diff from nathanael at polymorpheous dot com. ok moritz@ | |||
2006-05-26 | let us not talk about ipsecadm and vpn anymore; ok reyk | Theo de Raadt | |
2006-04-16 | cleanup error handling to avoid two memleaks. found and ok pat@ | Moritz Jodeit | |
2006-03-31 | Plug memory leak on error path; ok ho@ moritz@ | Patrick Latifi | |
2006-02-15 | remove "the the" in comment; ok jmc@ | David Krause | |
2006-01-26 | fix some format strings and add a missing | Moritz Jodeit | |
argument to a log_err() call. ok ho@ | |||
2006-01-20 | Don't depend on implicit include of signal.h | Todd C. Miller | |
2005-09-21 | IPSec -> IPsec | Jason McIntyre | |
grammar from joel@ | |||
2005-09-11 | handle short read()'s. fixes transfer | Moritz Jodeit | |
of very large SA/SPD snapshots. ok ho@ | |||
2005-07-19 | handle short reads/writes. this fixes the | Moritz Jodeit | |
transfer of big SA/SPD snapshots. ok ho@ | |||
2005-07-09 | IP-address -> IP address; | Jason McIntyre | |
from tamas tevesz; | |||
2005-07-07 | when reading of sadb/spd data fails don't call | Moritz Jodeit | |
memset with a len of (unsigned)-1. ok ho@ | |||
2005-05-31 | minor tweaks; | Jason McIntyre | |
2005-05-28 | result not used; ok ho | Theo de Raadt | |
2005-05-28 | Optionally prevent syncing failover node-node SA/SPD info (master side). | Hakan Olsson | |
2005-05-27 | Update, also mention pfsync integration | Hakan Olsson | |
2005-05-27 | Keep sockaddr in syncpeer struct. | Hakan Olsson | |
2005-05-27 | Implement SPD (IPsec flow) snapshots. | Hakan Olsson | |
2005-05-26 | Document 'flushmode' | Hakan Olsson | |
2005-05-26 | add a 'flushmode' to control how the master handles FLUSH to slaves. tweak ↵ | Hakan Olsson | |
some loglevels. | |||
2005-05-26 | check ppid | Hakan Olsson | |
2005-05-26 | disable SPD snapshot for now | Hakan Olsson | |
2005-05-26 | Initialize variables | Hakan Olsson | |
2005-05-26 | Don't alloc/free zero-sized SADB/SPD buffers. | Hakan Olsson | |
2005-05-24 | cleanup parser, permit more than one listener | Hakan Olsson | |
2005-05-24 | logging tweaks | Hakan Olsson | |
2005-05-24 | Now that all "other" SADB_DUMP fields are zero, we don't have fix it here. | Hakan Olsson | |
2005-05-24 | Remove some debugging cruft. | Hakan Olsson | |
2005-05-24 | When peers connect, have the master daemon look at in-kernel SAs and feed | Hakan Olsson | |
these to the new peer. Adds privsep as fetching SADB and SPD kernel data requires privileges. |