Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

319 lines (224 sloc) 7.929 kb
Support coverage table for KAME/*BSD and KAME-merged *BSD
KAME project
$KAME: COVERAGE,v 1.134 2003/11/05 14:06:27 suz Exp $
x: supported/integrated
-: not supported/not integrated
KAME
net16 open32 free228 free35 free49 bsdi31 bsdi42
-- -- -- -- -- -- --
TCP/UDP see IMPLEMENTATION for details
ALTQ x x x x x - -
IPsec x (*1) x x x x x
(*1) OpenBSD IPsec is available for both IPv4/IPv6. Not really tested.
If you would like to use OpenBSD IPsec for production system,
use unpatched (non-KAME) OpenBSD.
KAME mobile-ip6
? ? - - (*1) - -
(*1) being worked on
NAT/PT - - x (*1) x (*1) ?
(*1) compilable but not tested
2292bis on TCP x (*1) x x ? x x
(*1) code exists, but not tested
getaddrinfo obeys configured resolv order
x x - - x - x
KAME extended resolver (IPv6 transport, EDNS0, bogus address filtering)
x x x x - x x
PULLDOWN_TEST codepath
x x x - - x x
CMSG passing in unix domain socket obeys CMSG_xx
x - - - x - ?
faithd support in inetd
x - - - - x -
IPv6 PMTUD DoS prevention
(*1) (*1) - - (*3) (*2) (*2)
(*1) validates ICMPv6 too big by using TCP/connected UDP/ESP/AH connection
table. PMTUD does not work for other random protocols like ping6.
(*2) validates ICMPv6 too big by presense of cloned route. subject to
local DoS.
(*3) validates ICMPv6 too big by presense of cloned route. Local
DoS is prevented in a different mechanism.
CMSG_ALIGN sysctl ALIGN ALIGN ALIGN ALIGN ALIGN ALIGN
(*1) (*1) (*1) (*2) (*1) (*1)
(*1) has namespace pollution bug, KAME PR 230.
(*2) requires separate inclusion of machine/param.h.
(all) backward binary compatibility for old code that uses old CMSG_xx
is not provided (yet).
ART routing table lookup algorithm
x x - - - x (*1)
(*1) IPv6 only
multipath support in routing table
x - - - - - -
Userland PPP - ? x x x ? ?
Kernel PPP x ? - - x ? ?
(+): see above for KAME/*BSD differences
KAME merged *-current merged
*BSD net open free net16 open32 free49 bsdi42
-- -- -- -- -- -- -- ---
KAME IPv6 as of latest early early 0528 early early 0528 apr00
jun00 jun00 2001 jun00 jun00 2001
KAME IPsec as of
latest 12jun00 - 0528 12jun00 - 0528 apr00
2001 2001
IPv4 IPsec KAME KAME openbsd KAME KAME openbsd KAME KAME
IPv6 IPsec KAME KAME openbsd KAME KAME openbsd KAME KAME
(*1) (*1)
(*1) no extension header support yet (fragment header is supported),
hardware acceleration is available. tunnel mode may need more work.
IPsec ESP, rc5-cbc
- - (*1) - - (*1) - -
(*1) not based on kame
IPsec ESP, blowfish/des on LP64
x x (*1) x x (*1) x ?
(*1) not based on kame
IPsec ESP, des on big endian
x x (*1) x x (*1) x ?
(*1) not based on kame
IPsec ESP, crypto backend uses block cipher (esp_cbc_encrypt)
x x (*1) x x (*1) x -
(*1) not based on kame
RFC2367 conformance: sadb_msg
x x (*1) x x (*1) x -
(*1) not based on kame
RFC2367 conformance: SADB_[EAC]ALG
x x (*1) x x (*1) x -
(*1) not based on kame
TCP/UDP see IMPLEMENTATION for details
TCP6 drops packets with unspecified IPv6 source
x x x x x x x -
ip6_forward rejects packets with unspecified IPv6 source
x x x x x x x -
ip6_mforward rejects packets with unspecified IPv6 source
x x x x x x x -
draft-ietf-ipngwg-p2p-pingpong-00.txt
x x x - - - - -
advanced API 2292bis 2292 2292 2292 2292 2292 2292 2292bis
(*1)
(*1) 2292 API is supplied for binary backward compatibility
CMSG_FIRSTHDR validates msg_controllen
x x x - - - - -
getifaddrs x x x x x x x x
icmp6 nodeinfo 07 07 07 07 07 07 07 ?
(*1/2) (*1/2)
(all) spec conformance is still low.
(*1) does not join NI group address
(*2) node addresses reply does not have TTL attached
net.inet6.icmp6.nodeinfo is a bitmap
x x x x x x x -
nd6_proxyall - - - x - - x -
ndp -s proxy x x x x x x x x
ndp -I x x x x x x x x
NUD on p2p x x x x x x x ?
(ndp -i)
NUD on p2p only if real neighbor
x x x x x x x ?
ND6 WAITDELETE state (should be removed)
- - - x - - x x
expiration of ND6 STALE entries (nd6_gctimer)
x x x x x x x -
pfctlinput2 (*1) x - ? x - ? -
(*1) in ip6_input.c
xx_ctlinput scope friendliness
x x x x x x x -
icmp6 beyondscope
x x x x x x x x
ping6 with short -s
x x x x x x x ?
CMSG_ALIGN ALIGN sysctl ALIGN ALIGN sysctl ALIGN ALIGN ALIGN
(*1) (*1) (*2) (*1) (*2) (*2)
(*1) has namespace pollution bug, KAME PR 230.
(*2) requires separate inclusion of machine/param.h.
(all) backward binary compatibility for old code that uses old CMSG_xx
is not provided (yet).
CMSG passing in unix domain socket obeys CMSG_xx
(+) x - x x - x ?
rip6stat x x - x - - x -
IPV6_V6ONLY x x - x - - x -
getaddrinfo obeys configured resolv order
(+) x x x x x x -
getaddrinfo supports AI_ADDRCONFIG (RFC3493)
- - - x - - x -
(*1) enabled by default, cannot turn it off
getaddrinfo returns official hostname in hosts(5) (leftmost) in ai_canonname
(*1) x x x x x x ?
(*1) netbsd, openbsd, freebsd4 are "x", others are "-"
getnameinfo uses addr%numeric for scopeid > maxifindex
x x x x x x x x
getnameinfo, 2nd arg type is socklen_t
x x x x x x x -
getnameinfo uses EAI_xx as return value (RFC3493)
x x x x x x x -
getnameinfo always return a string with scope
x x x - x x - -
'options insecure1' in /etc/resolv.conf
x x x - x x - -
ALTQ (+) x x - x x - -
NAT/PT (+) - - - - - - -
mobile-ip6 (+) - - - - - - (*1)
(*1) old Ericsson mobile-ip6
IPv6 RPC - x - - x - - -
IPv6 NFS - x - x x - - -
NIS ipnodes map support for hostname lookup
- x - - x - - -
resolver support for IPv6 transport
(+) (*1) (*1) x (*1) (*1) x -
(*1) libc resolver can handle IPv6 transport (IPv6 address in
/etc/resolv.conf), but not with userland tools like nslookup or dig.
scoped addr in /etc/hosts (getaddrinfo)
(+) x x x x x x -
scoped addr in /etc/resolv.conf "nameserver" line
(+) x x x x x x -
ipsec socket passing to ip{6,}_output
aux aux - aux aux - aux aux
ipsec esp, encryption logic
new new (*1) new new (*1) new old
new: unified cbc logic, old: per-algorithm cbc logic
(*1): not based on kame
ipsec esp, blowfish-cbc codebase (before/after aug28, 2000)
new new (*1) new new (*1) new old
(*1): not based on kame
ipsec esp, rijndael support
(*1) x (*2) x x (*2) x -
(*1) except openbsd
(*2): not based on kame
ipsec esp, twofish support
(*1) - (*2) x - (*2) x -
(*1) experimental, based on draft-ietf-ipsec-ciph-aes-cbc-00.txt
(*2): not based on kame
router renumbering declaration does not use bitfield (sys/netinet/icmp6.h)
x x x x x x x -
router renumbering bit declaration conforms RFC2894/2292bis-02
x x x x x x x -
source address selection
latest may00 may00 may00 may00 may00 may00 apr00?
IPv6 PMTUD DoS prevention
(+) (*1) (*1) - (*1) (*1) - -
(*1) validates ICMPv6 too big by using TCP/connected UDP/ESP/AH connection
table. PMTUD does not work for other random protocols like ping6.
6to4 intface x x - x x - x x
RFC3041 privacy extensions for IPv6 stateless autoconfiguration
x - - x - - x x
basic userland x x x x x x x (*1)
(*1) ftpd is totally broken from standard conformance POV. it does not
interoperate with any other clients. we have informed bsdi about this.
route6d x x x x x x x x
hroute6d x - - - - - - x
bgpd x - - - - - - x
pim6dd x pkgsrc - - pkgsrc - - x
pim6sd x pkgsrc - - pkgsrc - - x
rtsol/rtsold x x x x x x x x
rtadvd x x x x x x x x
rrenumd x - - x - - x x
ip6fw x - - x - - x x
faithd x x x x x x x x
(*1) (*1)
(*1) inetd support
syslogd x x - x x - x ?
lpr/lpd x x - - x - - ?
default sendmail is IPv6 ready
(+) x x x x x x -
default sendmail.cf is IPv6 ready
(+) x x - x x - -
racoon x x/pkg - - x/pkg - - x
racoon version latest 021120 - ports 020507 - ports ?
Userland PPP (+) - ? x - ? - ?
Kernel PPP (+) x ? x x ? x ?
Jump to Line
Something went wrong with that request. Please try again.