forked from kame/kame
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG.2000
5179 lines (4255 loc) · 219 KB
/
CHANGELOG.2000
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit, 2000
$KAME: CHANGELOG.2000,v 1.3 2002/12/10 02:12:08 jinmei Exp $
<200012>
Thu Dec 28 08:48:12 2000 SUMIKAWA Munechika <[email protected]>
* freebsd4/sys/miscfs/procfs/procfs_ctl.c:
FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs fix
Wed Dec 27 20:52:26 JST 2000 [email protected]
* netkey/key.c:
Added lifetime handler of the policy. There are two timer
"lifetime" and "validtime". "lifetime" means the lifetime of
the policy. "validtime" means the duration after the policy
has not been used. when these timer will be expired, key_spdexpire()
is called and the expiration message is sent to the userland.
the policy can be used without limitiation if both lifetime and
validtime are zero.
2000-12-26 JINMEI, Tatuya <[email protected]>
* bsdi4/lib/libinet6/resolv: supported EDNS0. See log on
Wed Apr 26 12:00:59 JST 2000 by itojun for more details.
2000-12-25 JINMEI, Tatuya <[email protected]>
* bsdi4/lib/libinet6: supported IPv6 transport of DNS resolver.
you should updated bsdi4/contrib as well.
This is just a first step. We have many TODO items on this.
Fri Dec 22 JST 2000 [email protected]
* traceroute6, ping6: revoke root privilege earlier.
2000-12-22 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6sd/pim6_proto.c: fixed typo in J/P message
handling.
* kame/kame/pim6sd/routesock.c: fixed alignment bugs for no SA_LEN
cases (nothing to do with BSD, though).
Both fixes were based on KAME PR sys/308 from
2000-12-22 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): correctly initialized
the "must be zero" field of upcall data. This fix is essential to
run IPv6 multicast routing daemon.
Report from: [email protected].
2000-12-22 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd/config.c (getconfig): allowed hosts to
advertise RA only when router lifetime is set 0 on every
advertising interface. This restriction would avoid invalid RAs
advertised from a host by misconfiguration.
2000-12-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/icmp6.c (icmp6_input): all *BSD called
icmp6_rip6_input(). rip6_input(), which was used by bsdi4 and
openbsd, was not suitable, because it would return unexpected
"unknown next header" errors upon receiving (e.g.) icmp6 echo
request.
* kame/sys/netinet6/raw_ip6.c (rip6_input): removed icmp6 cases
according to the above change.
2000-12-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (init_ip6pktopts): added to avoid
forgetting initialization of packet options. This function is
called from ip6_pcbopt() and ip6_setpktoptions().
This change would fix a problem that traceroute6 source routing
failed by EMSGSIZE.
2000-12-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netkey/key.c (key_cmpspidx_withmask): applied the same
fix as one introduced on 2000-12-07 (see below) for inbond
packets.
Wed Dec 20 14:41:11 JST 2000 [email protected]
* netbsd/lib/libinet6/getaddrinfo.c: experimental support for A6
records, only for cases where all 128 bits are supplied in a single
A6 record (like "A6 0 ::1"). netbsd only. disabled by default.
Mon Dec 18 01:41:47 2000 SUMIKAWA Munechika <[email protected]>
* freebsd4/usr.sbin/{syslogd, lpr}, freebsd4/usr.bin/logger: sync
with FreeBSD-current.
* freebsd3/ports/qpopper: upgrade to 3.1.2
Fri Dec 15 23:24:58 JST 2000 [email protected]
* racoon:
racoon uses syslog() if both the logging file and -F option are not
specified when racoon is launched. Now there are three way to log.
One is to the standard output. Second is to syslog. Third is to the
file specified by the option.
nuke YIPSDEBUG() macro, instead racoon use the value "loglevel"
as logging value. "loglevel" can be specified either of the following
capital word, and they are printed with each output as the tag name in
the logging file.
INFO: begin negotiation, SA establishment/deletion/expiration.
NOTIFY: just notifiable.
WARNING: not error strictly.
ERROR: system call error. also invalid parameter/format.
DEBUG1: debugging informatioin.
DEBUG2: too more verbose. e.g. parsing config.
XXX The logging level and the tag name are mixed. They may be separated.
ERROR should be separated because the error of IKE protocol and system
call are mixed.
XXX to be more checked.
Wed Dec 13 17:05:36 JST 2000 [email protected]
* netbsd/sbin/racoon: update racoon reachover makefile. compiles in
GSSAPI support if MKKERBEROS is set.
Tue Dec 12 08:56:39 PST 2000 [email protected]
* racoon/Makefile.in
* racoon/algorithm.c
* racoon/algorithm.h
* racoon/cfparse.y
* racoon/cftoken.l
* racoon/configure.in
* racoon/handler.c
* racoon/handler.h
* racoon/ipsec_doi.c
* racoon/isakmp.c
* racoon/isakmp.h
* racoon/isakmp_agg.c
* racoon/isakmp_base.c
* racoon/isakmp_ident.c
* racoon/main.c
* racoon/oakley.c
* racoon/oakley.h
* racoon/racoon.conf.5
* racoon/remoteconf.h
* racoon/strnames.c
Added files:
* racoon/gssapi.c
* racoon/gssapi.h
* racoon/README.gssapi
Implement GSSAPI using Kerberos 5 authentication for Phase 1
per dratf-ietf-ipsec-isakmp-gss-auth-06.txt. Implemented by
Frank van der Linden <[email protected]>.
2000-12-12 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/raw_ip6.c: used by bsdi4 for better code
sharing. Basically, no new feature change was introduced by this
change.
Snu Dec 11 JST 2000 [email protected]
* freebsd4/sys/i386/isa/if_lnc.c: cope with VMware ethernet chip
emulation, which loops back multicast packet to itself
(violates IFF_SIMPLEX behavior). now DAD on freebsd-on-VMware
works fine. thanks to: Florent Parent
<[email protected]> for help testing.
Sat Dec 10 JST 2000 [email protected]
* racoon/isakmp.c: bounds-check bogus length in isakmp header.
Sat Dec 9 09:08:02 JST 2000 [email protected]
* sys/netinet6/icmp6.c (netbsd/openbsd):
implement high/low watermark on pmtud host route entries.
create up to hiwat host route entries, if icmp6 too big messages is
validated. create up to lowat host route entries, if too big message
is not validated (= traffic is from non-connected pcb).
XXX hiwat/lowat default values
Fri Dec 8 16:05:04 JST 2000 [email protected]
* netbsd/sys/nfs: avoid IPv6 path MTU discovery if UDP is used as the
transport layer. TODO: make NFS aware of path MTU discovery.
2000-12-07 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ipsec.c (ipsec6_output_trans): when an ipsec
SA cannot be found while ipsec is required, send an icmp6
dst_unreach_admin error (instead of silent discard).
NOTE: Please be sure to update icmp6.c as well.
2000-12-07 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/icmp6.c (icmp6_reflect):
- processed scoped addresses in a generic manner.
- used in6_selectsrc to determine the source address of the
reflected packet.
2000-12-07 JINMEI, Tatuya <[email protected]>
* kame/sys/netkey/key.c (key_cmpspidx_withmask): compared
sin6_scope_id values only when both two values were
non-zero. Without this fix, ::/0 would not match fe80::1%ne0,
which could be a security hole.
TODO: there seem to be additional misuse about scope in this
file. We'll have to fix them eventually.
Wed Dec 6 00:22:31 JST 2000 [email protected]
* openbsd: use shared raw ip6 logic.
Tue Dec 5 10:44:53 JST 2000 [email protected]
* sys/netinet6/nd6_nbr.c: (non-bsdi) make sure we don't have DAD
process, for an IPv6 interface address on detached PCMCIA interfaces.
Mon Dec 4 23:09:51 JST 2000 [email protected]
* netbsd/pkgsrc: obsolete KAME pkgsrc tree, at least for now.
we should consult NetBSD pkgsrc directory. KAME pkgsrc uses
1.4.2 pkgsrc build framework, which is too old for use with 1.5.
Mon Dec 4 20:27:27 JST 2000 [email protected]
* netbsd/sys/netinet/udp_usrreq.c: fix IPv4 multicast input path.
NetBSD PR 11629.
Mon Dec 4 19:55:10 JST 2000 [email protected]
* sys/netinet6/in6_pcb.c (netbsd/openbsd):
re-introduce workaround for updating cached routes in unconnected
inpcb, on ICMPv6 redirect (otherwise, cached routes will not be
updated). should be revisited.
2000-12-04 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6[ds]d/mld6.c (make_mld6_msg):
* kame/kame/mld6query/mld6.c (make_msg):
* kame/kame/pim6dd/pim6.c (init_pim6):
made sure to use CMSG_LEN (not CMSG_SPACE) to set to cmsg_len.
based on a PR from URA Hiroshi <[email protected]>
2000-12-03 Koji Kawano <[email protected]>
* sys/netinet6/in6_prefix.c: missing copy vltime & pltime to
ifra(interface)
This effects that, if you use prefix command, you can't
add address to the interface or vltime = 0 even added.
Sun Dec 3 02:48:51 JST 2000 [email protected]
* sys/netinet6/ip6_mroute.h: to provide better binary compatibility
with *BSD-integrated tree, change operation #. you'll need to
recompile all multicast routing tools as well as the kernel.
Sat Dec 2 17:27:30 JST 2000 [email protected]
* bsdi3, bsdi4, freebsd2, netbsd: do not pass incomplete tcp header
to syn_cache_unreach.
Sat Dec 2 17:19:58 JST 2000 [email protected]
* netbsd: catch up with netbsd 1.5. MIP6/NATPT do not compile.
pvcbridge does not work for now.
NOTE: if you use anoncvs/cvsup to update from existing tree,
make sure to invoke "make TARGET=netbsd clean" before update.
symlink can make troubles with update.
Fri Dec 1 21:02:25 2000 SUMIKAWA Munechika <[email protected]>
* freebsd4/ports/{ct,v6eval}: upgrade to 1.2.
Fri Dec 1 19:35:18 JST 2000 [email protected]
* openbsd: catch up with openbsd 2.8. MIP6/NATPT may not work.
NOTE: if you use anoncvs/cvsup to update from existing tree,
make sure to invoke "make TARGET=openbsd clean" before update.
symlink can make troubles with update.
2000-12-01 JINMEI, Tatuya <[email protected]>
* *BSD/sys/netinet6/in6_pcb.c (in6_pcbnotify):
* *BSD/sys/netinet[6]/{tcp, udp, raw}XXX.c (ctlinput functions):
added clarifications and improvements:
- made the ctlinput mechanism more scope aware.
- considered flow label to detect PCBs to which should be notified a
given error (as well as usual detection items such as port
numbers).
- removed meaningless special considerations for PRC_HOSTDEAD
cases.
2000-12-01 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/esp_input.c (esp6_ctlinput): called
pfctlinput2 to tell applications minimum information about an
error, even when the notification was encrypted. PCB notification
functions then might be able to detect an appropriate PCB using
source and destination addresses and IPv6 flow label.
2000-12-01 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_output): called pfctlinput2
when fragmenting the packet, in order to tell applications the
proper MTU of the outgoing interface for a particular destinaion.
The code would be more conformant to rfc2292bis with this change.
2000-12-01 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_input.c (pfctlinput2): was newly added to
allow the ctlinput mechanism to have additional
information. Although it could (or even should) be generalize to
be domain independent, we currently keep the function for INET6
only, because we don't know the whole effects of this.
<200011>
2000-11-30 JINMEI, Tatuya <[email protected]>
* bsdi4/sys/net/route.c (rtredirect): disabled the AF check in the
beginning of rtredirect, due to which redirection did not work for
IPv6. Although the check is actually a bit redundant, but
disabling the check does not have a bad effect.
2000-11-30 JINMEI, Tatuya <[email protected]>
* {kame,bsdi4,openbsd,freebsd[34]}/sys/netinet6/in6_pcb.c
(in6_pcbnotify): removed a special treatment for rtchange cases,
which was necessary only when we used the ND6_WAITDELETE neighbor
cache state for an unreachable neighbor. This removal would not
affect the behavior, but make the code simpler.
2000-11-29 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6sd/mld6.c (init_mld6): allow multicasted packet
sent to the MLD6 socket to be loop-backed by default. We can do
this since we don't have to handle DMVRP messages via the MLD6
socket.
(based on a question from <[email protected]>.)
2000-11-28 JINMEI, Tatuya <[email protected]>
* kame/kame/ping6/ping6.c ({get, set}_pathmtu): newly added to
support application-level path MTU discovery. If the -m option is
specified, ping6 will try to discover path MTU for the destination
using the IPV6_RECVPATHMTU socket option, and adjust the MTU using
the IPV6_USE_MTU socket option. This would be useful for those
OSes that do not perform path MTU discovery unless corresponding
connected socket exists, like recent versions of NetBSD and
OpenBSD.
2000-11-27 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c: added a new ancillary data item
"IPV6_USE_MTU," which allows an application to specify the MTU of
the outgoing packet. This item is currently experimental (i.e. not
described in a standard document.)
Mon Nov 27 04:20:40 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/lftp: upgrade to 2.3.5.
2000-11-27 Koji Kawano <[email protected]>
* /kame/freebsd[3,4]/ifconfig
1. add vltime & pltime parameter setting
2. add default thier value setting (tentative bug fixing)
2 is coz that not to add addresses.
2000-11-25 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6sd/route.c (add_leaf): just ignored an MLD report
if the node is not the DR for the corresponding subnet.
The fix was from [email protected].
2000-11-25 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6sd/pim6_proto.c (receive_pim6_bootstrap): even
when the BSR changes, just schedule an immediate advertisemnet of
advertisement, instead of actually sending message, in order to
avoid sending the advertisement to the old BSR.
In response to: a comment from [email protected].
2000-11-25 Koji Kawano <[email protected]>
* kame/freebsdX/net/if_loop.c: fixed duplicated free of pkt's aux data.
This happens in case of that "ping6 -w -I lo0 ::1" for example.
Fri Nov 24 17:29:30 JST 2000 [email protected]
* libinet6/if_nametoindex.c: conform to RFC2553 (ENXIO if the interface
is not found).
Fri Nov 24 15:14:37 JST 2000 [email protected]
* libinet6: compile strl{cpy,cat} for better code sharing.
(freebsd2/netbsd142/bsdi3/bsdi4)
Fri Nov 24 01:43:21 2000 SUMIKAWA Munechika <[email protected]>
* kame/freebsd4/usr.sbin/syslogd: IPv6 enabled syslogd from
[email protected]. '-a' option does not work now.
2000-11-21 Koji Kawano <[email protected]>
* kame/freebsd4: we now start to support 4.2-RELEASE.
Tue Nov 21 02:45:24 2000 SUMIKAWA Munechika <[email protected]>
* kame/freebsd3/ports/wwwoffle: upgrade to 2.6.
2000-11-18 JINMEI, Tatuya <[email protected]>
* [fno]bsd: supported the IPV6_RECVPATHMTU socket option. Not
compiled as of writing this log.
2000-11-18 JINMEI, Tatuya <[email protected]>
* kame/kame/racoon/grabmyaddr.c (suitable_ifaddr6): made sure to
close the temporary socket. Without this, racoon will eventually
die upon the "too many open files" error.
Fri Nov 17 05:09:07 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/apache13: upgrade to 1.3.14.
Thu Nov 16 01:16:07 JST 2000 [email protected]
* freebsd2/ports/lukemftp: lukemftp (portable NetBSD ftp client),
version 1.5.
* freebsd2/usr.bin/Makefile: we no longer build ftp client, to decrease
our maintenance labor. use lukemftp, or some other ftp client.
2000-11-15 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/icmp6.c (icmp6_input):
* bsdi4/sys/netinet6/raw_ipv6.c (rip6_ctlinput):
* bsdi4/sys/netinet/{tcp,udp}_usrreq.c ({tcp6,udp6}_ctlinput):
* bsdi4/sys/netinet6/in6_pcb.c (in6_pcbnotify):
IPV6_RECVPATHMTU socket option support.
Note that the current implementation is not fully conformant to
the latest rfc2292bis spec. The implementation uses a special
control structure to pass both the MTU value and the destination
to the application, while the spec says the corresponding
ancillary data just contains the MTU value.
We are now clarifying it in the IETF ipng ML, and the
implementation may change after the discussion.
TODO: transport layer support in other *BSD than bsdi4.
Mon Nov 13 04:28:33 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/ncftp3: upgrade to 3.0.2
Sun Nov 12 15:40:29 JST 2000 [email protected]
* bsdi4/libexec/ftpd/ftpd.c: update LPSV/EPSV result code to conform
RFC2428.
2000-11-11 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd: introduced some improvements and new features
mainly for auto router renumbering (RR):
- joined all-routers site-local multicast group when RR is enabled,
and made the receiving interface configurable via a new command
line option "-M".
- fixed many bugs in handling RR messages.
- supported lifetimes that decrement in real time, and will expire
at a specified time in the future. 3 new parameters for
rtadvd.conf were introduced to handle such lifetimes. See
rtadvd.conf(5).
Thu Nov 9 20:14:00 JST 2000 [email protected]
* racoon:
check the address is suitable or not before using them when grabing
all addresses on each interfaces. tentative, duplicated and
detached are unsuitable at the moment.
Thu Nov 9 15:30:42 JST 2000 [email protected]
* racoon:
Use both the source address and the destination address to get
phase1-sa.
Thu Nov 9 09:53:54 JST 2000 [email protected]
* netbsd/libexec/{rshd,rlogind}: do not refer free'ed memory region.
KAME PR 302 from [email protected]
Thu Nov 9 02:21:00 JST 2000 [email protected]
* *bsd*/sys/sys/mbuf.h: make sure we nuke mbuf pointed to by m_aux,
on MFREE(). under sys/kern, there are code which calls MFREE()
instead of m_free().
* sys/netinet6?/tcp6?_input.c: reject SYN, if the destination address is
a deprecated address and we forbid the use of deprecated address.
* sys/sys/mbuf.h: get rid of M_ANYCAST6. flag bit is a precious resource
(done for freebsd2/bsdi[34]/openbsd/netbsd)
Thu Nov 9 02:17:10 JST 2000 [email protected]
*racoon:
Ignored a acquire message if its destination address matches
a multicast address.
Thu Nov 9 01:30:20 JST 2000 [email protected]
* setkey:
Print a timestamp on each dump line by using -x option.
2000-11-08 JINMEI, Tatuya <[email protected]>
* kame/kame/libinet6/if_indextoname.c (if_indextoname): made sure
to set ENXIO to errno if an appropriate interface is not found.
(to be conformant to RFC2553 and its bis)
Wed Nov 8 02:14:22 JST 2000 [email protected]
* racoon:
Fixed to bind a address which is added right now to the kernel.
2000-11-08 JINMEI, Tatuya <[email protected]>
* bsdi3/sbin/ifconfig/ifconfig.c (in6_status):
* bsdi4/sbin/ifconfig/ifconfig.c (inet6_status):
* {net,open}bsd/sbin/ifconfig/ifconfig.c:
explicitly state that an address is "deprecated" if preferred
lifetime goes into 0.
2000-11-08 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd/rtadvd.c (sock_open): join ff05::2 if router
renumbering is enabled.
Wed Nov 8 01:27:40 JST 2000 [email protected]
* route6d: do not advertise cloned/dynamic routes.
Tue Nov 7 12:44:07 JST 2000 [email protected]
* netbsd/pkgsrc/mail/postfix: use 20001005 + IPv6 patch.
Tue Nov 7 01:49:35 2000 SUMIKAWA Munechika <[email protected]>
* kame/kame/libinet6/resolv/res_init.c: fix memory leak.
Mon Nov 6 15:46:39 JST 2000 [email protected]
* sys/net/if_stf.c, sys/netinet*/in*gif.c: IFF_LINK2 now controls
the use of ingress filter on tunnel outer/inner source address.
2000-11-06 JINMEI, Tatuya <[email protected]>
* {bsdi4,freebsd[34]}/sys/netinet/tcp_subr.c (tcp6_ctlinput):
* {bsdi4,openbsd}/sys/netinet/udp_usrreq.c (udp6_ctlinput):
* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
* kame/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
loosened validation for inner packets of icmp6 errors as much as
possible.
2000-11-06 JINMEI, Tatuya <[email protected]>
* freebsd3/sys/netinet/ip_input.c (ip_input): reverted original
FreeBSD code fragment; twisted ip_id before and after calling
ip_mforward().
Reported by: Greg Troxel <[email protected]>
Mon Nov 6 00:36:02 JST 2000 [email protected]
* sys/netinet6/udp6_output.c (bsdi4/openbsd): do not mix up
inbound and outbound flowlabel value.
Thu Nov 2 23:17:07 JST 2000 [email protected]
* sys/netinet6/esp_core.c: fix [13]DES on big endian machines.
report from [email protected].
Wed Nov 1 23:58:34 JST 2000 [email protected]
* sys/crypto/twofish: fix runtime error check logic. it has been
broken for some time.
* regress/crypto: regression test for kernel crypto logic.
Wed Nov 1 17:24:31 JST 2000 [email protected]
* sys/netinet6/ip6_{in,out}put.c: implement flow label manipulation
setsockopt, as documented in draft-itojun-ipv6-flowlabel-api-00.txt.
the default value can be switched by net.inet6.ip6.auto_flowlabel.
experimental.
<200010>
Tue Oct 31 13:33:38 JST 2000 [email protected]
* sys/netinet6/ip6_{in,out}put.c: implement traffic class manipulation
API, as documented in draft-itojun-ipv6-tclass-api-01.txt.
experimental.
2000-10-29 Shin'ichi Fujisawa <[email protected]>
* Fixed NATPT memory leak. When TCP session is finished, memory
which holds tcp information is not freed.
2000-10-25 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd/if.c (if_getmtu): made some clarifications:
- first try getifaddrs(), and then do SIOCGIFMTU for safety. The
revised logic will relieve environments with poor getifaddrs()
implementation.
- avoid referring to freed data by delaying to call freeifaddrs().
* kame/kame/rtadvd/rtadvd.conf.5: insistently noted that the
configuration file can be omitted for those who do not read
rtadvd(8).
2000-10-24 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (defrouter_select): do not install a
route to the default interface as default route if the node acts
as a router, because such default route might conflict with a
default route installed from a user application (e.g. routing
daemon).
2000-10-24 JINMEI, Tatuya <[email protected]>
* kame/kame/v6test/getconfig.c (make_{tcp,udp}): TCP/UDP data
buffer can be specified.
based on a patch from: Tomomi Suzuki <[email protected]>
2000-10-24 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6.c (in6_ifscrub): checked the existence of
dstaddr before calling rtinit(). This fix will solve the KAME PR
sys/295.
Sun Oct 22 23:08:22 JST 2000 [email protected]
* kame/sys/netinet6/in6_pcb.c (freebsd2/bsdi3):
don't do anything special against IPv4 mapped address, as we don't
support them.
Sat Oct 21 01:40:20 JST 2000 [email protected]
* bindtest: add summary mode (-s). from yoshfuji.
Fri Oct 20 04:20:12 JST 2000 [email protected]
* openbsd: enable IPv6 PTMUD DoS prevention. validates TCP6/UDP6 PMTUD
by existence of connected pcb.
Fri Oct 20 03:14:55 JST 2000 [email protected]
* ping6: by default, fragment packet into 1280 bytes (IPv6 minimum MTU).
-m will suppress the behavior (send it as is, and obey path MTU
discovery).
Thu Oct 19 14:12:04 JST 2000 [email protected]
* racoon:
- check whether the initial contact is acceptable.
when both ends are using "use" as the policy level, both ends initiate
the phase 1 and send initial-contacts under each phase 1 SA. In this
case, each phase 1 SA will be banished by the another initial-contact.
Simply calling getcontacted() is the solution to avoid the case.
2000-10-19 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_mroute.c (add_m6fc): made sure to reset
the outgoing interfaces list in all cases where a multicast
routing cache is created or updated.
In response to a report from Hoerdt Mickael
Thu Oct 19 10:37:05 JST 2000 [email protected]
* sys/netinet6/icmp6.c: (netbsd only for now) try to prevent
DoS attack using path MTU messages. validate ICMPv6 too big messages
using content of TCP/UDP connection table and/or IPsec SAs.
framework by [email protected]. sync with netbsd-current.
TODO: think about sendto(2) cases, raw ip6 cases and others.
aren't we too restrictive given the fact PMTUD is mandatory for IPv6?
TODO: other platforms
Wed Oct 18 18:54:50 JST 2000 [email protected]
* racoon:
- fixed to parse the timer directive in the racoon configuration.
- the identifier in phase 1 transmitted by peer compared with the user
expecting. If they are not same, racoon just warns it at the moment.
- Moved the place of calling ipsec_checkid1() after parsing the payload
transmitted by peer.
- bark if DH computation failed.
- added two function to handle the certificate.
eay_str2asn1dn(), convert the string into DER.
eay_cmp_asn1dn(), compare two subjectname.
2000/10/18 18:15:25 JST [email protected]
the 2nd round of the ALTQ cleanup:
* add a new discipline, PRIQ (priority queueing).
its minor device number is 11.
* kernel config options:
prepend "ALTQ_" to all the ALTQ kernel config options.
(e.g., CBQ -> ALTQ_CBQ)
eliminate CBQ_RED, CBQ_RIO, HFSC_RED, HFSC_RIO but
enable RED/RIO on HFSC/CBQ/PRIQ when RED/RIO is defined.
* change ioctl numbers to be more consistent among disciplines.
* altqd:
divide altqd.c into altqd.c and libaltq2.c.
libaltq2.c contains functions and variables required by libaltq.
* remove the accounting mode from headers and userland tools.
(it was already removed from the kernel)
* other misc cleanup
as usual, don't forget to install new include files and rebuild
userland tools.
2000-10-17 Shin'ichi Fujisawa <[email protected]>
* NAT-PT can translate fragmented IPv4 packet to IPv4.
You need to write 'options NATPT_NAT' and 'options NATPT_FRAGMENT'
into kernel configuration file, and recompile kernel.
This function is experimental, and tested only FreeBSD 3.5.
2000/10/17 19:47:21 JST [email protected]
* freebsd4/sys/alpha/alpha exception.s:
* freebsd4/sys/alpha/include asm.h:
import the fix from FreeBSD-current that allows to boot large
kernels on alpha.
without this fix, GENERIC.KAME kernels hang after printing
the copyright.
Mon Oct 16 05:13:56 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/mozilla: upgrade to M18
2000-10-15 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/icmp6.c (icmp6_mtudisc_update): update path
MTU information only when a corresponding host route already
exists. Currently for bsdi only.
This is an experimental fix for the KAME PR sys/292. We may choose
a different way in the future.
2000-10-15 JINMEI, Tatuya <[email protected]>
* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput):
* bsdi4/sys/netinet/udp_usrreq.c (udp6_ctlinput):
added validation for the TCP or UDP headers of inner
packets. Without this, a bad remote user could make the kernel
core-dump.
(itojun seemed to merge the fix to other *BSDs)
Sun Oct 15 19:18:45 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/squid11: use latest IPv6 patch.
* freebsd3/ports/lftp: upgrade to 2.3.4.
* freebsd3/ports/sendmail: sendmail 8.11 now is official version
so I combine sendmail6 and sendmail.beta into new port 'sendmail'.
Sun Oct 15 17:49:15 JST 2000 [email protected]
* netbsd/pkgsrc/net/{libpcap,tcpdump}, freebsd[23]/ports/{libpcap,tcpdump}:
use 10/9 weekly snapshot.
Thu Oct 12 04:56:24 JST 2000 [email protected]
* kame/racoon: Added two directives, my_identifier and peers_identifer.
It can be define the identifiers by each peers. Identifier directive
will obsoleted in near future.
XXX peers_identifier should be compared with the value included in ID
payload sent from the peer.
XXX asn1dn shoule be able to be specified by user.
Wed Oct 11 JST 2000 [email protected]
* sys/net/if_gif.c: fix uninitialized variable, which can lead to
kernel panic.
Tue Oct 10 23:54:17 JST 2000 [email protected]
* sys/netinet6/in6_proto.c: don't call tcp_init twice, if
we share tcp stack between IPv4/v6 and we are compiling a kernel
with dual stack configuration (netbsd/openbsd/freebsd[34]/bsdi4).
from [email protected].
* sys/netinet6/icmp6.c: nuke net.inet6.icmp6.errratelimit.
* openbsd/sys/conf/GENERIC: move KAME mandatory flags into
conf/GENERIC, so that they will get defined for all kernel
configuration files.
Tue Oct 10 15:43:58 JST 2000 [email protected]
* kame/rtsold/rtsock.c: watch routing socket for pcmcia/cardbus
interface removal. cease RS if an interface gets removed.
(affects NetBSD 1.5 or higher)
Tue Oct 10 03:50:32 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/wu-ftpd: upgrade to latest IPv6 patch. EPSV now
works. TODO: -s speaks IPv4 only.
Sat Oct 7 16:01:12 JST 2000 [email protected]
* ping6, traceroute, traceroute6, mtrace6, icmp6dump: plug fd_set hole.
see openbsd select(2). from deraadt@openbsd.
* traceroute: repair savestr() hole.
Thu Oct 5 12:31:12 JST 2000 [email protected]
* sys/netkey/key.c: get rid of all uses of random() in IPsec code,
where possible (netbsd/freebsd4). for other operating systems, we
have no good random number source like rnd(4), and random() will
be used. you will see one-line warning when you start using IPsec.
XXX we may need to think about how IV should be stirred. the current
code uses too much entropy out of rnd(4).
Thu Oct 5 07:41:18 JST 2000 [email protected]
* *bsd*/sys/net/if.c: make sure we have root privilege on SIOCSPHY*
operation. remove SIOCSPHY* handling from in{,6}_control.
from: [email protected]
Wed Oct 4 20:39:16 JST 2000 [email protected]
* sys/netkey/key.c: supply two sysctl variables,
net.key.{esp,ah}_keymin, that control how ACQUIRE messages are
formed. algorithms/key length smaller than the configured value
will be filtered out.
Wed Oct 4 07:30:10 JST 2000 [email protected]
* sys/net/pfkeyv2.h, racoon: move AES (rijndael) protocol # to the
official one. note that you now lost interoperability between old
racoon and new racoon, when you negotiate rijndael.
also note that AES final document is yet to become FIPS standard,
so there's some uncertainity window, for like 3 months.
Wed Oct 4 00:29:42 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/lftp: upgrade to 2.3.3.
* freebsd3/ports/{libpcap,tcpdump}: upgrade to 2000/10/02
weekly snap.
* freebsd3/ports/wu-ftpd: upgrade to 2.6.1.
Tue Oct 3 JST 2000 [email protected]
* libipsec/pfkey.c: tighten header chasing. we should change some
of the function signatures for better protection.
2000-10-04 JINMEI, Tatuya <[email protected]>
* bsdi4/usr.sbin/netstat/main.c:
* kame/kame/netstat/ipsec.c (ipsec6_stats0):
printed statistics on IPv6 IPsec by `netstat -s [-p ipsec6]'.
2000-10-03 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (defrouter_addifreq): use rtrequest1
with a proper interface address for bsdi4, instead of rtrequest.
This is necessary for the function to work correctly for a p2p
interface.
2000-10-03 JINMEI, Tatuya <[email protected]>
* bsdi3/sys/netinet/tcp_subr.c (ipsec4_hdrsiz_tcp):
* bsdi4/sys/netinet/tcp_subr.c (ipsec_hdrsiz_tcp):
properly set the ip_hl field before calling ipsec4_hdrsiz().
Without this, the policy matching routine would misunderstand the
IP header length, and would failed to detect the position of the
TCP header. As a consequence, policy matching using specific TCP
ports would fail.
2000-10-03 JINMEI, Tatuya <[email protected]>
* kame/sys/crypto/rijndael/rijndael-api-fst.c: avoided assert,
memcpy, and memset, which are not available in the kernel of some
BSD variants. It would rather be better to use them from a
standardization point of view, but it could be undesirable for
portability among *BSD kernels.
2000-10-02 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_nbr.c (nd6_ns_input): added several minor
fixes:
- do not 'goto bad' unless taddr6 is propery set.
- adjust the pointer to ip6_hdr after IP6_EXTHDR_{GET, CHECK} for
safety.
- goto bad if check for hoplimit fails (to record the header
information).
2000-10-02 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): check if a
routing header is contained, in order to store destination option
headers at proper postions.
XXX: the check routine is not very efficient.
2000-10-02 JINMEI, Tatuya <[email protected]>
* bsdi[34]/sys/kern/uipc_syscalls.c (sendit): check if cmsg_len is
0, in order to avoid an infinite loop.
2000-10-02 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions): supported
the IPV6_RTHDRDSTOPTS case, which was just forgotten.
2000-10-02 JINMEI, Tatuya <[email protected]>
* bsdi4/sbin/ifconfig/ifconfig.c (main): set ND6_INFINITE_LIFETIME
to ia6t_[pv]ltime as the default values, so that manually
configured IPv6 addresses have infinite lifetime.
2000-10-01 JINMEI, Tatuya <[email protected]>
* kame/kame/pim6sd/timer.c: fixed a bug that missed necessary
braces.
(applied a patch from [email protected])
<200009>
Sun Sep 30 JST 2000 [email protected]
* racoon: disable rc5/idea support by default, due to patent twists.
Fri Sep 29 12:12:16 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/fetchmail: upgrade to 5.5.3.
* freebsd3/ports/lftp: upgrade to 2.3.2.
Wed Sep 27 00:56:03 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/wget: use latest IPv6 patch(9/15).
Tue Sep 26 17:40:30 JST 2000 [email protected]
* sys/netkey/key.c: attach sadb_comb for IPComp SADB_ACQUIRE message.
the use of sadb_comb is not on RFC2367; it was discussed in
pf_key mailing list and is one of the candidate behavior under
current header file declaration.
Tue Sep 26 07:56:17 JST 2000 [email protected]
* libinet6/getnameinfo.c: off-by-1 error in string length valildation.
From: Pavel Kankovsky <[email protected]>
NOTE: all users are suggested to upgrade their userland.
Sun Sep 24 07:31:53 JST 2000 [email protected]
* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/9/18 weekly snap
from tcpdump.org.
Sun Sep 24 04:15:52 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/wwwoffle: upgrade to 2.5e.
* freebsd3/ports/netcat: netcat 1.10. you must select address
family to use -4/-6 option explicitly.
Sun Sep 24 00:38:51 2000 SUMIKAWA Munechika <[email protected]>
* freebsd3/ports/tcp_wrapper: upgrade to latest IPv6 patch.
* freebsd3/ports/lynx: upgrade to 2.8.4dev10
Fri Sep 23 JST 2000 [email protected]
* racoon:
- Converted to binary from string if need. openssl returns a string
even if object should be a binary.
- fixed to attach the notify of responder life time. It always was
sent.
- enabled to get multiple subjectAltNames. verified the ID in the
ID payload and one of the subjectAltNames.
- don't send the attribute of lifetime as bytes when it is not defined
in configuration file.
- nuke certaltname. It always define explicitly name in the
racoon.conf, for example fqdn, user_fqdn. don't get identifier
from the subjectAltName.
- fixed base mode with RSA signature in initiator case.
- enable to switch sending CR payload or not.
- ignored multiple cert payload. at the moment, racoon take first cert.
But it should be took all cert payload.
Sat Sep 23 JST 2000 [email protected]
* racoon: (1) attach key length attribute to rijndael/twofish.
they are variable-length ciphers, key length attribute is mandatory.
(2) disable kmpstat and racoon admin port, as there's no
authentication at all (bad idea for security tools...)
* sys/netkey/key.c: attach sensible default lifetime to sadb_comb.
Fri Sep 22 23:47:24 JST 2000 [email protected]
* sys/netkey/key.c:
Fixed the meaning of "created". Then the behavior of
net.key.blockacq_count is fixed.
Fri Sep 22 JST 2000 [email protected]
* sys/netinet6/ipsec.c: clarify policy lookup. always pull port
number from the packet. previous code looked up port number from
pcb, and did not work right on sendto() with explicit address.
* sys/netinet6/ip6_forwarding.c: do not try to look at port numbers,
as we are forwarding and the packet could be a fragment.
* sys/netinet6/ipcomp_*.c: (1) stabilize deflate engine. (2) remove
too strong assumption on mbuf chain, make it friendly with
m_pulldown cases. (3) compute outbound byte lifetime based on
uncompressed packet. the behavior now meets inbound behavior.
RFC2401 page 23. (4) fix mbuf leak (compression error cases).
* racoon: (1) support short phase 2 SPI (16bit instead of 32bit) for
IPComp, to meet the latest IPComp draft. need more checks.
(2) stabilize behavior when many phase 1 proposals are presetned.
(3) make it possible to build with boehm GC.
(4) do not attach IDci/IDcr payload on phase 2 negotiation, if
we are negotiating transport mode SAs. this should help "encrypt
everyone's traffic" server configuration, like below:
spdadd ::/0 ::/0 any -P out ipsec esp/transport//use;
spdadd ::/0 ::/0 any -P ah ipsec esp/transport//use;
the source of this problem is the dual meaning of policy src/dst
address space pair ("::/0 ::/0" in the above example).
there are two meanings/interpretation of this at this moment:
- cloud behind the gateway (tunnel mode case only)
- src/dst pair for which i would like to enforce ipsec
tunnel/transport)
we may need to split them into two distinct configuration,
if there's demand.
* sys/netkey/keysock.c: stabilize behavior in heavy SADB_ACQUIRE
traffic.
Thu Sep 21 03:18:11 JST 2000 [email protected]
* sys/netinet6/esp_core.c: make it possible to use rijndael and twofish
at the same time. this obsoletes kernel compile option
IPSEC_ESP_TWOFISH.
* sys/netkey/key.c: relax SPI boundary check for IPComp. at this
moment no check is made against wellknown IPComp CPI.
need to revisit.
* sys/netinet6/route6.c: repair cut and paste bug in address validation.
from francis dupont.
Wed Sep 20 22:21:57 2000 SUMIKAWA Munechika <[email protected]>
* kame/freebsd3/ports/bind9: upgrade to official release 9.0.0
Wed Sep 20 03:10:09 JST 2000 [email protected]
* sys/netkey/key.c: make proposal/combination payload on SADB_ACQUIRE
message (kernel -> userland) optional, to support ipcomp ACQUIRE
messages. this makes KAME PF_KEY to violate RFC2367. however,
as ipcomp is not covered by RFC2367 (we cannot attach
proposal/combination for ipcomp case), we have no other choice.
* netbsd/sys/netinet/tcp_subr.c: allocate mbuf cluster for tcp header
template, only when necessary. this avoids too aggressive memory
usage on heavy load web server, for example.
From: Kevin Lahey <[email protected]>
Tue Sep 19 07:43:42 JST 2000 [email protected]
* freebsd[234], bsdi[34] tcp code: repair IPsec header size prediction
(which avoids fragmentation on IPsec'ed TCP packet).
was broken by Sep 19 00:59:30 change.
Tue Sep 19 06:01:33 JST 2000 [email protected]
* sys/netinet6/esp_core.c: repair IPsec blowfish-cbc (BF_encrypt takes
host endian value!). Aug28 commit log was wrong. blowfish-cbc has
been broken from Aug28 till this commit.
* sys/netinet6/esp_core.c: nuke old ESP core logic.
Tue Sep 19 02:50:41 JST 2000 [email protected]
* netbsd/pkgsrc/net/bind9: use 9.0.0 (first official release)
Tue Sep 19 00:59:30 JST 2000 [email protected]
* sys/netinet6/ipsec.c: on ipsec policy lookup, properly handle traffic
on AF_INET6 socket with IPv4 mapped address (eg IPv4 on wire).
NOTE: we still have issue with port number lookup (KAME PR 287).
Sat Sep 16 23:28:32 JST 2000 [email protected]
* freebsd2/ports/wget, netbsd/pkgsrc/net/wget: use latest IPv6 patch
(9/15). it repairs -I option.
2000-09-15 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/icmp6.c (icmp6_redirect_input): examined the
gateway (from the routing table) only when the address family of
the gateway is AF_INET6.
In response to a report from Jacques A. Vidrine <[email protected]> in
the freebsd-net ML.
Thu Sep 14 10:40:12 2000 SUMIKAWA Munechika <[email protected]>
* kame/freebsd3/ports/lfp: upgrade to 2.2.6.
Thu Sep 14 09:24:47 JST 2000 [email protected]
* kame/faithd: repair EPRT translation. cope with PASV result
without paren.
Thu Sep 14 04:01:35 2000 SUMIKAWA Munechika <[email protected]>
* freebsd[234]: hardcode NEW_STRUCT_ROUTE to 1
* freebsd4/usr.sbin/lpr: IPv6 support from kame/freebsd3
2000-09-13 JINMEI, Tatuya <[email protected]>
* bsdi4/usr.sbin/racoon: was just added for build. It can be
compiled (at least in my environment) but has not been tested.
Wed Sep 13 15:01:17 JST 2000 [email protected]
* kame/kame/racoon:
Added some switches into racoon.conf;
- verifying a certificate or not.
- verifying the subjectAltName and the sucjectName.
- sending a certificate or not.
Wed Sep 13 14:56:23 JST 2000 [email protected]
* kame/racoon/doc/FAQ: add racoon FAQ. will be improved in the near
future.
Tue Sep 12 23:48:58 JST 2000 [email protected]
* kame/kame/racoon:
- Fixed the parameter of ipsecdoi_checkph1proposal() of initiator side.
RFC 2409 says the last byte is not included the padding length.
- Fixed to parse the responder's proposal on initiator. Error happened
that the responder responded second proposal.
Tue Sep 12 17:52:01 JST 2000 [email protected]
* sys/netinet6/esp_input.c: workaround to recent IPv6 ESP problem
(started early Sep with ESP core crypto engine rewrite).
perform m_pullup2 equivalent on IPv6 ESP transport mode, to avoid
non-continuous mbuf. (this is not necessary for m_pulldown case)
KAME PR 283. Thanks to TAHI guys and [email protected].
2000-09-12 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_forward.c (ip6_forward): if the incoming
interface equals to the outgoing one, and the link attached to the
interface is point-to-point, then immediately drop the packet and
send an ICMPv6 destination unreachable error message.
This is currently experimental and needs the PROHIBIT_P2PREDIRECT
kernel compilation option.
Tue Sep 12 14:21:27 JST 2000 [email protected]
* kame/faithd: change default behavior with no arguments.
old behavior (relay telnet session) does not seem like a sensible
default - the behavior is historical. now faithd will die with
usage on no argument.
WARNING: you may need to change startup scripts, if you rely upon
old "no argument" behavior.
Tue Sep 12 00:37:48 JST 2000 [email protected]