-
Notifications
You must be signed in to change notification settings - Fork 22
/
COVERAGE
318 lines (224 loc) · 7.75 KB
/
COVERAGE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
Support coverage table for KAME/*BSD and KAME-merged *BSD
KAME project
$KAME: COVERAGE,v 1.133 2003/09/09 11:22:42 itojun Exp $
x: supported/integrated
-: not supported/not integrated
KAME
net16 open32 free228 free35 free48 bsdi31 bsdi42
-- -- -- -- -- -- --
TCP/UDP see IMPLEMENTATION for details
ALTQ x x x x x - -
IPsec x (*1) x x x x x
(*1) OpenBSD IPsec is available for both IPv4/IPv6. Not really tested.
If you would like to use OpenBSD IPsec for production system,
use unpatched (non-KAME) OpenBSD.
KAME mobile-ip6
? ? - - (*1) - -
(*1) being worked on
NAT/PT - - x (*1) x (*1) ?
(*1) compilable but not tested
2292bis on TCP x (*1) x x ? x x
(*1) code exists, but not tested
getaddrinfo obeys configured resolv order
x x - - x - x
KAME extended resolver (IPv6 transport, EDNS0, bogus address filtering)
x x x x - x x
PULLDOWN_TEST codepath
x x x - - x x
CMSG passing in unix domain socket obeys CMSG_xx
x - - - x - ?
faithd support in inetd
x - - - - x -
IPv6 PMTUD DoS prevention
(*1) (*1) - - (*3) (*2) (*2)
(*1) validates ICMPv6 too big by using TCP/connected UDP/ESP/AH connection
table. PMTUD does not work for other random protocols like ping6.
(*2) validates ICMPv6 too big by presense of cloned route. subject to
local DoS.
(*3) validates ICMPv6 too big by presense of cloned route. Local
DoS is prevented in a different mechanism.
CMSG_ALIGN sysctl ALIGN ALIGN ALIGN ALIGN ALIGN ALIGN
(*1) (*1) (*1) (*2) (*1) (*1)
(*1) has namespace pollution bug, KAME PR 230.
(*2) requires separate inclusion of machine/param.h.
(all) backward binary compatibility for old code that uses old CMSG_xx
is not provided (yet).
ART routing table lookup algorithm
x x - - - x (*1)
(*1) IPv6 only
multipath support in routing table
x - - - - - -
Userland PPP - ? x x x ? ?
Kernel PPP x ? - - x ? ?
(+): see above for KAME/*BSD differences
KAME merged *-current merged
*BSD net open free net16 open32 free48 bsdi42
-- -- -- -- -- -- -- ---
KAME IPv6 as of latest early early 0528 early early 0528 apr00
jun00 jun00 2001 jun00 jun00 2001
KAME IPsec as of
latest 12jun00 - 0528 12jun00 - 0528 apr00
2001 2001
IPv4 IPsec KAME KAME openbsd KAME KAME openbsd KAME KAME
IPv6 IPsec KAME KAME openbsd KAME KAME openbsd KAME KAME
(*1) (*1)
(*1) no extension header support yet (fragment header is supported),
hardware acceleration is available. tunnel mode may need more work.
IPsec ESP, rc5-cbc
- - (*1) - - (*1) - -
(*1) not based on kame
IPsec ESP, blowfish/des on LP64
x x (*1) x x (*1) x ?
(*1) not based on kame
IPsec ESP, des on big endian
x x (*1) x x (*1) x ?
(*1) not based on kame
IPsec ESP, crypto backend uses block cipher (esp_cbc_encrypt)
x x (*1) x x (*1) x -
(*1) not based on kame
RFC2367 conformance: sadb_msg
x x (*1) x x (*1) x -
(*1) not based on kame
RFC2367 conformance: SADB_[EAC]ALG
x x (*1) x x (*1) x -
(*1) not based on kame
TCP/UDP see IMPLEMENTATION for details
TCP6 drops packets with unspecified IPv6 source
x x x x x x x -
ip6_forward rejects packets with unspecified IPv6 source
x x x x x x x -
ip6_mforward rejects packets with unspecified IPv6 source
x x x x x x x -
draft-ietf-ipngwg-p2p-pingpong-00.txt
x x x - - - - -
advanced API 2292bis 2292 2292 2292 2292 2292 2292 2292bis
(*1)
(*1) 2292 API is supplied for binary backward compatibility
CMSG_FIRSTHDR validates msg_controllen
x x x - - - - -
getifaddrs x x x x x x x x
icmp6 nodeinfo 07 07 07 07 07 07 07 ?
(*1/2) (*1/2)
(all) spec conformance is still low.
(*1) does not join NI group address
(*2) node addresses reply does not have TTL attached
net.inet6.icmp6.nodeinfo is a bitmap
x x x x x x x -
nd6_proxyall - - - x - - x -
ndp -s proxy x x x x x x x x
ndp -I x x x x x x x x
NUD on p2p x x x x x x x ?
(ndp -i)
NUD on p2p only if real neighbor
x x x x x x x ?
ND6 WAITDELETE state (should be removed)
- - - x - - x x
expiration of ND6 STALE entries (nd6_gctimer)
x x x x x x x -
pfctlinput2 (*1) x - ? x - ? -
(*1) in ip6_input.c
xx_ctlinput scope friendliness
x x x x x x x -
icmp6 beyondscope
x x x x x x x x
ping6 with short -s
x x x x x x x ?
CMSG_ALIGN ALIGN sysctl ALIGN ALIGN sysctl ALIGN ALIGN ALIGN
(*1) (*1) (*2) (*1) (*2) (*2)
(*1) has namespace pollution bug, KAME PR 230.
(*2) requires separate inclusion of machine/param.h.
(all) backward binary compatibility for old code that uses old CMSG_xx
is not provided (yet).
CMSG passing in unix domain socket obeys CMSG_xx
(+) x - x x - x ?
rip6stat x x - x - - x -
IPV6_V6ONLY x x - x - - x -
getaddrinfo obeys configured resolv order
(+) x x x x x x -
getaddrinfo supports AI_ADDRCONFIG (RFC3493)
- - - x - - x -
(*1) enabled by default, cannot turn it off
getaddrinfo returns official hostname in hosts(5) (leftmost) in ai_canonname
(*1) x x x x x x ?
(*1) netbsd, openbsd, freebsd4 are "x", others are "-"
getnameinfo uses addr%numeric for scopeid > maxifindex
x x x x x x x x
getnameinfo, 2nd arg type is socklen_t
x x x x x x x -
getnameinfo uses EAI_xx as return value (RFC3493)
x x x x x x x -
getnameinfo always return a string with scope
x x x - x x - -
'options insecure1' in /etc/resolv.conf
x x x - x x - -
ALTQ (+) x x - x x - -
NAT/PT (+) - - - - - - -
mobile-ip6 (+) - - - - - - (*1)
(*1) old Ericsson mobile-ip6
IPv6 RPC - x - - x - - -
IPv6 NFS - x - x x - - -
NIS ipnodes map support for hostname lookup
- x - - x - - -
resolver support for IPv6 transport
(+) (*1) (*1) x (*1) (*1) x -
(*1) libc resolver can handle IPv6 transport (IPv6 address in
/etc/resolv.conf), but not with userland tools like nslookup or dig.
scoped addr in /etc/hosts (getaddrinfo)
(+) x x x x x x -
scoped addr in /etc/resolv.conf "nameserver" line
(+) x x x x x x -
ipsec socket passing to ip{6,}_output
aux aux - aux aux - aux aux
ipsec esp, encryption logic
new new (*1) new new (*1) new old
new: unified cbc logic, old: per-algorithm cbc logic
(*1): not based on kame
ipsec esp, blowfish-cbc codebase (before/after aug28, 2000)
new new (*1) new new (*1) new old
(*1): not based on kame
ipsec esp, rijndael support
(*1) x (*2) x x (*2) x -
(*1) except openbsd
(*2): not based on kame
ipsec esp, twofish support
(*1) - (*2) x - (*2) x -
(*1) experimental, based on draft-ietf-ipsec-ciph-aes-cbc-00.txt
(*2): not based on kame
router renumbering declaration does not use bitfield (sys/netinet/icmp6.h)
x x x x x x x -
router renumbering bit declaration conforms RFC2894/2292bis-02
x x x x x x x -
source address selection
latest may00 may00 may00 may00 may00 may00 apr00?
IPv6 PMTUD DoS prevention
(+) (*1) (*1) - (*1) (*1) - -
(*1) validates ICMPv6 too big by using TCP/connected UDP/ESP/AH connection
table. PMTUD does not work for other random protocols like ping6.
6to4 intface x x - x x - x x
RFC3041 privacy extensions for IPv6 stateless autoconfiguration
x - - x - - x x
basic userland x x x x x x x (*1)
(*1) ftpd is totally broken from standard conformance POV. it does not
interoperate with any other clients. we have informed bsdi about this.
route6d x x x x x x x x
hroute6d x - - - - - - x
bgpd x - - - - - - x
pim6dd x pkgsrc - - pkgsrc - - x
pim6sd x pkgsrc - - pkgsrc - - x
rtsol/rtsold x x x x x x x x
rtadvd x x x x x x x x
rrenumd x - - x - - x x
ip6fw x - - x - - x x
faithd x x x x x x x x
(*1) (*1)
(*1) inetd support
syslogd x x - x x - x ?
lpr/lpd x x - - x - - ?
default sendmail is IPv6 ready
(+) x x x x x x -
default sendmail.cf is IPv6 ready
(+) x x - x x - -
racoon x x/pkg - - x/pkg - - x
racoon version latest 021120 - ports 020507 - ports ?
Userland PPP (+) - ? x - ? - ?
Kernel PPP (+) x ? x x ? x ?