When it's the possessive of 'it', it's spelled "its", without the
apostrophe.

Remove NULL-checks before free().

stdlib.h is in scope; do not cast malloc/calloc/realloc*
ok millert krw

malloc+memset -> calloc

from Benjamin Baier (programmer (at) netzbasis.de)

handle ECONNABORTED errors from accept(). In many code blocks they can be
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are.
ok's from various maintainers of these directories...

fix a leak
ok krw@

read returns ssize_t not int.

ok mikeb@

Add CDIAGFLAGS infrastructure.
Fix signed vs unsigned and dup symbol shadow.

ok mikeb@
"looks good" deraadt@

Having more than 2 log levels is silly. Use only 3 verbosity levels:
None (), Important (-v), All (-vv)
ok deraadt@

allow shared key specification in hex (0x01234...); ok ho

whitespace cleanup, no binary change.

Make sasyncd fail back correctly with carp preemption enabled.

Hold the carp demotion when booting, to prevent carp from preempting until
we've sync'd with our peers. This adds a new CTL_ENDSNAP message to the
exchange between the sasync daemons to indicate when the complete snapshot
has been sent. Undemote after 60 seconds, or when recieve a CTL_ENDSNAP from
all our peers.

Syntax is slightly changed, removing the 'carp' keyword (so do
"interface carp0" rather than "carp interface carp0". Adds 'group <ifgroup>',
defaults to the 'carp' group.

ok moritz@

cleanup error handling to avoid two memleaks. found and ok pat@

fix some format strings and add a missing
argument to a log_err() call. ok ho@

Don't depend on implicit include of signal.h

handle short read()'s. fixes transfer
of very large SA/SPD snapshots. ok ho@

Keep sockaddr in syncpeer struct.

add a 'flushmode' to control how the master handles FLUSH to slaves. tweak some loglevels.

cleanup parser, permit more than one listener

When peers connect, have the master daemon look at in-kernel SAs and feed
these to the new peer. Adds privsep as fetching SADB and SPD kernel data
requires privileges.

Various logging fixes, handle peer disconnects better.

add "listen on <interface name>"

No more SSL between peers, instead do shared key AES & SHA

Move sasyncd(8), for IPsec SA synchronization, in-tree. Work in progress.
deraadt@ ok.

Remove NULL-checks before free().

stdlib.h is in scope; do not cast malloc/calloc/realloc*
ok millert krw

malloc+memset -> calloc

from Benjamin Baier (programmer (at) netzbasis.de)

handle ECONNABORTED errors from accept(). In many code blocks they can be
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are.
ok's from various maintainers of these directories...

fix a leak
ok krw@

read returns ssize_t not int.

ok mikeb@

Add CDIAGFLAGS infrastructure.
Fix signed vs unsigned and dup symbol shadow.

ok mikeb@
"looks good" deraadt@

Having more than 2 log levels is silly. Use only 3 verbosity levels:
None (), Important (-v), All (-vv)
ok deraadt@

allow shared key specification in hex (0x01234...); ok ho

whitespace cleanup, no binary change.

Make sasyncd fail back correctly with carp preemption enabled.

Hold the carp demotion when booting, to prevent carp from preempting until
we've sync'd with our peers. This adds a new CTL_ENDSNAP message to the
exchange between the sasync daemons to indicate when the complete snapshot
has been sent. Undemote after 60 seconds, or when recieve a CTL_ENDSNAP from
all our peers.

Syntax is slightly changed, removing the 'carp' keyword (so do
"interface carp0" rather than "carp interface carp0". Adds 'group <ifgroup>',
defaults to the 'carp' group.

ok moritz@

cleanup error handling to avoid two memleaks. found and ok pat@

fix some format strings and add a missing
argument to a log_err() call. ok ho@

Don't depend on implicit include of signal.h

handle short read()'s. fixes transfer
of very large SA/SPD snapshots. ok ho@

Keep sockaddr in syncpeer struct.

add a 'flushmode' to control how the master handles FLUSH to slaves. tweak some loglevels.

cleanup parser, permit more than one listener

When peers connect, have the master daemon look at in-kernel SAs and feed
these to the new peer. Adds privsep as fetching SADB and SPD kernel data
requires privileges.

Various logging fixes, handle peer disconnects better.

add "listen on <interface name>"

No more SSL between peers, instead do shared key AES & SHA

Move sasyncd(8), for IPsec SA synchronization, in-tree. Work in progress.
deraadt@ ok.