gmtime(3) / locatime(3) can fail when timestamps are way off.

Add missing error checks to all calls under sbin/

Input & OK millert

Spacing, no object change.

space -> tab

No object change.

Remove unnecessary netinet/in_systm.h include.

ok millert@

Allow -v (verbose logging) to work if a -D option is supplied.
Previously, a specific check was made for any -D log option being
used and, if so, *no* -v log entries are made, losing potentially
useful log entries. ok lum@

safer snprintf construct with more paranoid length calculation
ok millert

Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which leads to surprising results. Spotted by/partly
from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@

add log_errorx() which doesn't print the errno value. ok hshoexer@

provide log_fatalx() function, that does not print an error string (like err
vs. errx). Not used yet.

ok moritz@

USE_DEBUG is bye bye

nat-traversal always

privsep always

kill HAVE_PCAP

spacing; ok cloder

where possible, use bzero instead of memset

ok cloder henning

make lint happy and honor const.

ok ho@

spacing

Narrow down privsep interface. Remove ui_init to monitor. So we can get rid of
monitor_mkfifo.

Work in progress.

ok ho@

Don't write too much IKE data in packet capture

Packet capture should add the ESP-marker when NAT-T is active.

KNF, style, 80c, etc. hshoexer@ ok

More KNF. Mainly spaces and line-wraps, no binary change.

ok ho@

partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer

-Wsign-compare nits. hshoexer@ ok.

Add missing bits to make already present privsep code work. Enable privsep.

ok ho@ deraadt@ markus@

Add and document configuration options Logverbose and Loglevel. As log.c now
depends on conf.c and some regression tests use log.c, add conf.c to
Makefiles where necessary.

ok ho@

With -d, SIGINT should do a clean shutdown.
Without -d, logs should be sent to syslog, level LOG_INFO.

Added -v option. Enables logging of successful exchange completion.
ok ho@

Log the actual port for src and dst, don't assume it's always 500.

Style nits.

boring cleanups

Remove clauses 3 and 4. With approval from Niklas Hallqvist and
Niels Provos.

Cleanup. Use 'sizeof variable' instead of magic constants.

More isakmpd privsep work. X509 private keys are now kept in the privileged
process only. Various cleanup and bugfixes.
markus@ ok

Start of privilege separation for isakmpd.
There are some kinks left, so keep it default disabled for now.
markus@ says ok to commit.

Append to the packet log file, don't overwrite. Requested by pb@.

rm trailing whitespace

Use DLT_LOOP instead of DLT_NULL for pcap, to keep track of changes in
tcpdump(8). This repairs the '-L' (cleartext packet capture) option.

branches: 1.27.2;
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

the last few sprintf -> snprintf

str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf

Extend the FIFO ui with the 'D A <level>' (to set all debug levels) and
'D T' (to toggle all logging on and off) commands. niklas@ ok.

change timeval to bpf_timeval; 32 bit in size, permitting much greater portability

careful with snprintf() == -1; ho, provos

(c)-2001

Rewrite packet capture to handle IPv6 addresses.

htonl() for null.null_family, ok niels@, ho@

Style.

isakmpd can now capture un-encrypted IKE negotiation packets to a
file. In pcap(3) format, so tcpdump(8) can read it.
Idea by Tim Newsham <newsham@lava.net>, work by him and me.
Ok angelos@, niklas@

(c) 2001

Pedantic style police

pids are useful in syslog; ok angelos@

branches: 1.13.2;
Merge with EOM 1.30

author: niklas
no need for sysdep.h in here. This promotes reuse of the log
module in other environments

author: ho
(c)-2000

Merge with EOM 1.28

author: niklas
From OpenBSD: be paranoid about the syslog format parameter

use %s when calling syslog

branches: 1.10.2;
Merge with EOM 1.27

author: ho
Add log_init() to properly initialize log_output variable.

regress/crypto/Makefile: Merge with EOM 1.5
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36

author: niklas
Made debug logging a compile time selectable feature

Merge with EOM 1.25

author: niklas
Ouch ho, that was ugly, make code portable

Merge with EOM 1.24

author: ho
Release lock(s) on logfile when write fails.

./log.c: Merge with EOM 1.23

Style

Make an attempt to handle failures in logging; disk full, etc.
We fallback to syslog(), which in turn has a fallback to /dev/console.

Move LOG_SIZE to log.h

Add LOG_REPORT to always go to logchannel regardless of level; misc small fixes

I did not need to do this but... style nits

Add class and level to debug messages

log time on -d mode

1999 copyrights

Merge from the Ericsson repository
| revision 1.15
| date: 1999/02/25 11:39:10; author: niklas; state: Exp; lines: +3 -1
| include sysdep.h everywhere
| ----------------------------

Last months worth of work on isakmpd, lots done

Add RCS Ids from the EOM repository

openBSD RCS IDs

branches: 1.1.1;
Initial revision

Spacing, no object change.

space -> tab

No object change.

Remove unnecessary netinet/in_systm.h include.

ok millert@

Allow -v (verbose logging) to work if a -D option is supplied.
Previously, a specific check was made for any -D log option being
used and, if so, *no* -v log entries are made, losing potentially
useful log entries. ok lum@

safer snprintf construct with more paranoid length calculation
ok millert

Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which leads to surprising results. Spotted by/partly
from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@

add log_errorx() which doesn't print the errno value. ok hshoexer@

provide log_fatalx() function, that does not print an error string (like err
vs. errx). Not used yet.

ok moritz@

USE_DEBUG is bye bye

nat-traversal always

privsep always

kill HAVE_PCAP

spacing; ok cloder

where possible, use bzero instead of memset

ok cloder henning

make lint happy and honor const.

ok ho@

spacing

Narrow down privsep interface. Remove ui_init to monitor. So we can get rid of
monitor_mkfifo.

Work in progress.

ok ho@

Don't write too much IKE data in packet capture

Packet capture should add the ESP-marker when NAT-T is active.

KNF, style, 80c, etc. hshoexer@ ok

More KNF. Mainly spaces and line-wraps, no binary change.

ok ho@

partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer

-Wsign-compare nits. hshoexer@ ok.

Add missing bits to make already present privsep code work. Enable privsep.

ok ho@ deraadt@ markus@

Add and document configuration options Logverbose and Loglevel. As log.c now
depends on conf.c and some regression tests use log.c, add conf.c to
Makefiles where necessary.

ok ho@

With -d, SIGINT should do a clean shutdown.
Without -d, logs should be sent to syslog, level LOG_INFO.

Added -v option. Enables logging of successful exchange completion.
ok ho@

Log the actual port for src and dst, don't assume it's always 500.

Style nits.

boring cleanups

Remove clauses 3 and 4. With approval from Niklas Hallqvist and
Niels Provos.

Cleanup. Use 'sizeof variable' instead of magic constants.

More isakmpd privsep work. X509 private keys are now kept in the privileged
process only. Various cleanup and bugfixes.
markus@ ok

Start of privilege separation for isakmpd.
There are some kinks left, so keep it default disabled for now.
markus@ says ok to commit.

Append to the packet log file, don't overwrite. Requested by pb@.

rm trailing whitespace

Use DLT_LOOP instead of DLT_NULL for pcap, to keep track of changes in
tcpdump(8). This repairs the '-L' (cleartext packet capture) option.

branches: 1.27.2;
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.

the last few sprintf -> snprintf

str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf

Extend the FIFO ui with the 'D A <level>' (to set all debug levels) and
'D T' (to toggle all logging on and off) commands. niklas@ ok.

change timeval to bpf_timeval; 32 bit in size, permitting much greater portability

careful with snprintf() == -1; ho, provos

(c)-2001

Rewrite packet capture to handle IPv6 addresses.

htonl() for null.null_family, ok niels@, ho@

Style.

isakmpd can now capture un-encrypted IKE negotiation packets to a
file. In pcap(3) format, so tcpdump(8) can read it.
Idea by Tim Newsham <newsham@lava.net>, work by him and me.
Ok angelos@, niklas@

(c) 2001

Pedantic style police

pids are useful in syslog; ok angelos@

branches: 1.13.2;
Merge with EOM 1.30

author: niklas
no need for sysdep.h in here. This promotes reuse of the log
module in other environments

author: ho
(c)-2000

Merge with EOM 1.28

author: niklas
From OpenBSD: be paranoid about the syslog format parameter

use %s when calling syslog

branches: 1.10.2;
Merge with EOM 1.27

author: ho
Add log_init() to properly initialize log_output variable.

regress/crypto/Makefile: Merge with EOM 1.5
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36

author: niklas
Made debug logging a compile time selectable feature

Merge with EOM 1.25

author: niklas
Ouch ho, that was ugly, make code portable

Merge with EOM 1.24

author: ho
Release lock(s) on logfile when write fails.

./log.c: Merge with EOM 1.23

Style

Make an attempt to handle failures in logging; disk full, etc.
We fallback to syslog(), which in turn has a fallback to /dev/console.

Move LOG_SIZE to log.h

Add LOG_REPORT to always go to logchannel regardless of level; misc small fixes

I did not need to do this but... style nits

Add class and level to debug messages

log time on -d mode

1999 copyrights

Merge from the Ericsson repository
| revision 1.15
| date: 1999/02/25 11:39:10; author: niklas; state: Exp; lines: +3 -1
| include sysdep.h everywhere
| ----------------------------

Last months worth of work on isakmpd, lots done

Add RCS Ids from the EOM repository

openBSD RCS IDs

branches: 1.1.1;
Initial revision