-
Notifications
You must be signed in to change notification settings - Fork 22
/
CHANGELOG
1772 lines (1485 loc) · 77.3 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit
$KAME: CHANGELOG,v 1.1757 2001/07/04 07:06:05 itojun Exp $
<200107>
Wed Jul 4 16:02:26 JST 2001 itojun@iijlab.net
* openbsd/usr.sbin/inetd/inetd.c: correct UDP source address checks.
2.9 code did not check it for IPv6 traffic. sync with openbsd.
2001-07-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/libinet6/getaddrinfo.c: when the GAI_USE_ORDERING
environment variable is set, reorder the chain that getaddrinfo(3)
would return, based on the logic described in
draft-ietf-ipngwg-default-addr-select. With this extension,
things would be happier when
+ the underlying kernel supports IPv6,
+ "the default interface" is specified by the "ndp -I" command,
+ there is no router around the node,
+ the destination node has both AAAA (or A6) and A resource
records, and
+ the application just tries to connect to all the entries that
getaddrinfo(3) returns.
XXX: items to be considered:
- some of the logic is not implemented.
- this routine opens a socket to get the corresponding source
address for each destination candidate. This might cause
performance effect.
2001-07-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/in_proto.c (inetsw[]): corrected the sysctl
callback function for net.inet.ip6.XXX names (from icmp6_sysctl to
ip6_sysctl).
Mon Jul 2 20:06:28 JST 2001 itojun@iijlab.net
* sys/netinet6/in6.c: record multicast groups joined from within the
kernel, into struct in6_ifaddr. leave from these groups accordingly
on removal of interface addresses.
* (netbsd) sys/netinet6/in6_pcb.c: remove multicast group information
from pcb, in the early stage of interface removal processing, in
in6_pcbpurgeif0(). without this change kernel may panic on pcmcia
card removal. notified by jinmei.
<200106>
2001-06-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_forward.c (ip6_forward): do not drop the
packet (nor send an icmp6 error) on a "p2p redirect" case, unless
the packet's destination address is regarded as on-link. With
this check, we can distinguish a routing loop from a packet sent to
a nonexistent address. For the former case, we'd rather let the
packet go to the loop, and detect the loop by traceroute.
Clarification based on a recent discussion about the p2p-pingpong
draft.
Thu Jun 28 21:56:12 JST 2001 sakane@kame.net
* kame/libipsec/pfkey.c:
Fixed to calculate the length of the sadb extension in the function
pfkey_send_x5(). Calling pfkey_send_spddelete2() and
pfkey_send_spdget() had a problem. reported by <R.P.Koster@kpn.com>
Thu Jun 28 15:12:09 JST 2001 sakane@kame.net
* sys/netkey/key.c:
the behavior of SPDUPDATE has been changed. the kernel always add
a new policy in the case of SPDUPDATE. when there is a policy to be
updated, the kernel will move the state of the policy to be dead, and
then will add new policy. hence, SPDUPDATE doesn't depend on whether
there is a SP or not.
Thu Jun 28 10:23:01 JST 2001 itojun@iijlab.net
* netbsd/sys/netinet/udp_usrreq.c: correct UDP over IPv6 reception
when the packet is destined to a linklocal address.
Thu Jun 28 02:33:07 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6.c: refresh default router list on nd6_detach(),
only if we are an autoconfigured host. bug was that, we will lose
default route on "ifconfig gif0 destroy" even if default is not
pointing to gif0. reported by ume@mahoroba.org.
Thu Jun 28 02:35:18 JST 2001 sakane@kame.net
* kame/racoon:
- fixed to set the inbound policy in the case of "generate_policy".
- supported sadb_x_spdexpire().
above two things are from <lab@gta.com>.
Thu Jun 28 02:33:32 JST 2001 sakane@kame.net
* kame/setkey:
enabled to use a service name as a port number.
but these operation should use getaddrinfo().
Wed Jun 27 22:10:43 JST 2001 sakane@kame.net
* sys/netkey/key.c:
* kame/libipsec/pfkey_dump.c:
the lifetime information of the SP entry will send to the userland
from the kernel through pfkey when of spddump. And they can be
displayed by setkey -DP.
Wed Jun 27 19:47:19 JST 2001 sakane@kame.net
* sys/net/pfkeyv2.h:
* sys/netkey/key.c,key_debug.c:
* kame/libipsec/pfkey_dump.c:
* kame/setkey/scriptdump.pl:
printed current sequence number of the SA. accordingly, changed
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Wed Jun 27 14:35:00 JST 2001 itojun@iijlab.net
* openbsd/sys/netinet/tcp_input.c: make faithd work on openbsd.
OpenBSD 2.9 has been working okay, this is KAME/openbsd29 issue.
Mon Jun 25 16:15:06 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet6/ip6_fw.c: use syslog(3) interface for logging
from kuriyama@FreeBSD.org
Sat Jun 23 10:55:46 JST 2001 itojun@iijlab.net
* kame/mdnsd: with -N flag, mdnsd will lookup name-to-address mapping
using ICMPv6 node information query. experimental.
Sat Jun 23 03:10:50 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_output.c: disallow setsockopt(IPV6_V6ONLY)
for sockets that are already bound. per discussions on ipngwg
mailing list.
2001-06-21 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_dispatch.c (foundFinalPayload):
- Fix a bug that offset of the payload is calculated
incorrectly. Apply a patch from <ubj@verkstad.net>.
2001-06-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (icmp6_reflect): removed ifdef'ed
blocks to keep an older rule about the size of icmp6 echo replies
specified in rfc 1885, in order to make the code simpler.
The history about the behavior was described as a comment just
before the function definition.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/advapitest/sender.c:
* kame/kame/ping6/ping6.c:
removed IPV6_USE_MTU related parts.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/(several files): removed IPV6_USE_MTU related
parts. It was introduced as an experimental workaround on
2000-11-28 (see CHANGELOG.2000), but we've found we do not need
this stuff through further discussion (and implementation changes
on the path MTU discovery procedure).
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (icmp6_reflect): set IPV6_MINMTU to
avoid path MTU discovery for reflected packets.
This might be controversial, but I believe this makes sense.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd4/sys/netinet/tcp_subr.c (tcp_rtlookup):
* freebsd4/sys/netinet/tcp_subr.c (tcp_rtlookup6):
made sure to use the correct sa_len for rtalloc(). sizeof(ro_dst)
is not necessarily the correct one, especially in NEW_STRUCT_ROUTE
cases for IPv6.
The previous code could turn the path MTU discovery off as a bad
effect. If you define NEW_STRUCT_ROUTE in a KAME snap
(note that GENERIC.KAME defines this option), be sure to update
the kernel.
Wed Jun 20 14:33:28 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet6/{in6_var.h,in6.c,natpt_rule.c,nd6_rtr.c}:
remove in6_len2mask(). this fucnction is duplicated with
in6_prefixlen2mask().
Tue Jun 19 16:33:40 JST 2001 itojun@iijlab.net
* bsdi4/sys/netinet/tcp_input.c: make faithd work on bsdi4.
reported by jinmei
2001-06-18 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_trans.c (translatingICMPv4To6):
- Hop limit of translated IPv6 packet uses ttl of original
IPv4 packet, so that a hop limit is decremented in
ip6_forward().
* kame/sys/netinet6/natpt_trans.c (tr_icmp4MimicPayload):
- Correct UDP port number stored in ICMP_UNREACH packet
returned from IPv4 network. It was not enough in the change
that I put in 09 Jun 2001.
Now, KAME NAT-PT can process traceroute6 from IPv6 host to
IPv4 host.
Mon Jun 18 16:59:35 JST 2001 itojun@iijlab.net
* sys/netinet6/icmp6.c: on icmp6 node information query (FQDN),
do not respond with hostnames with two dots (like "foo..bar").
0-length labels are not distinguishable with multiple name replies.
yoshfuji@usagi
2001-06-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (in6_tmpifadd): called
pfxlist_onlink_check() at the end of this function, to make sure
a temporary address generated from a detached public one also
detached. This is redundant when the temporary address is
generated when creating a new public address, but is essential
when the address is generated due to deprecation of an old
temporary address.
2001-06-17 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c: re-enabled clarification on the
dependency between the 1st dst opt header and the routing header,
based on rfc2292bis-02.
This part was disabled when merging a recent mip6 patch from Ericsson,
without much consideration about the rationale. Actually,
disabling this part just for MIP6 convenience is a bad idea (or at
least not a good idea). We need to think carefully about a way to
make the advanced API coexist with MIP6 options.
Fri Jun 15 13:14:31 JST 2001 itojun@iijlab.net
* openbsd/sys/net/if.[ch]: change meaning of ifnet.if_lastchange
to meet with RFC1573 ifLastChange. sync with openbsd-current.
Thu Jun 14 18:12:57 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet/icmp6.h:
- add new types and codes defined in RFC3122(Inverse NDP). they
will be renamed when defined in 2292bis.
- duplicated KAME local types and codes are renumberd.
note that, for the following features, we have lost interoperability
between past KAME releases and future KAME releases (because they
use unofficial numbers). if you play with these features, you must
upgrade all boxes you have.
- mtrace6(8)
- mobile-ip6 home agent discovery
- specific route information on RA, as defined in
draft-ietf-ipngwg-router-preference
Thu Jun 14 17:05:06 JST 2001 itojun@iijlab.net
* netbsd/sys/net/if.[ch]: change meaning of ifnet.if_lastchange
to meet with RFC1573 ifLastChange. sync with netbsd-current.
Thu Jun 14 13:42:55 JST 2001 suz@sdl.hitachi.co.jp
* bsdi3/usr.sbin/netstat/mroute6.c
+ fixed a bug that bsdi3's "netstat -gn" does not display multicast
I/F list due to a lack of NEW_STRUCT_ROUTE macro.
Wed Jun 13 22:31:49 JST 2001 itojun@iijlab.net
* *bsd*/sys/net/if_ethersubr.c: in ether_input(), drop multicast packet
from myself, if the interface is !IFF_SIMPLEX. multicast packets
are explicitly copied via loopback interface in ip_output() and
ip6_output(), so the old codepath caused a duplicate. also the
old codepath affected IPv6 DAD. KAME PR 360
Wed Jun 13 17:29:56 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/net/if_gif.c: suppressed update of if_lastchange when
processing packets on BSD/OS and FreeBSD for SNMP requirements.
2001-06-13 Shin'ichi Fujisawa <fujisawa@kame.net>
* sys/i386/conf/GENERIC.KAME
- Add NATPT-NAT and add some notes.
* kame/sys/netinet6/natpt_{defs.h,trans.c,tslot.c}
- Support FTP4 non-passive mode.
You can connect IPv4 FTP client to IPv4 FTP server with
passive mode or non passive mode. This is a part of
facility of NAT-PT.
If you want to use this facility (IPv4 NAT), it is necessary
to do uncomment of both following kernel options in
sys/i386/conf/GENERIC.KAME and compile/link kernel.
#options NATPT
#options NATPT_NAT
2001-06-10 Keiichi SHIMA <keiichi@iij.ad.jp>
Remove MIP6 code from KAME source tree. MIP6 code is now
under reconstruction. The last KAME snap that includes MIP6 is
20010604 snap.
2001-06-09 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_trans.c (tr_icmp4MimicPayload):
- Correct a packet header stored in a data part of returned
ICMP packet when ICMP_UNREACH returned from IPv4 network.
* kame/sys/netinet6/natpt_{defs.h,trans.c,tslot.c}:
- Remove NATPT_TRACEROUTE flag in struct _cv{}.
Does not use NATPT_TRACEROUTE by this modification.
Fri Jun 8 08:28:56 JST 2001 itojun@iijlab.net
* sys/net/if_stf.c: inject outgoing packet to bpf. KAME PR 358
2001-06-07 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_tslot.c (checkTracerouteReturn):
- Translate incoming IPv4 ICMP_UNREACH packet when this
ICMP_UNREACH returns from IPv4 network, and it is a error
return for IPv6 host. Only return of traceroute was a
target until now.
* kame/sys/netinet6/natpt_{dispatch.c,tslot.c,var.h}
- Changed routine name as follows due to modification
mentioned above.
checkTracerouteReturn() -> checkIncomingICMP()
2001-06-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/ping6/ping6.c: stop sending echo packets whenever the
upper limit is specified by the -c option, regardless of the -f
option. Based on a comment from Tomohide Nagashima
<tomohide@japan-telecom.co.jp>.
Thu Jun 7 11:30:38 JST 2001 sakane@kame.net
* kame/racoon:
fixed a segmentation fault when when racoon checks whether there is a
phase 1 sa for phase 2 sa negotiation.
Mon Jun 4 22:45:23 JST 2001 itojun@iijlab.net
* openbsd: switch base version to 2.9.
Mon Jun 4 JST 2001 itojun@iijlab.net
* *bsd*/sys/net/rtsock.c: adjust routing socket message length
on route_output(). previous code may send up garbage at the end of
the message.
* netbsd/sys/net/rtsock.c: check mbuf allocation failure in rt_msg1().
2001-06-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd/config.c (getconfig): forced users to specify
router lifetimes explicitly. "rtltimeN" must now explicitly be
specified.
2001-06-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/ndp/ndp.c (dump): skip routes with the LINK flag and
a non AF_LINK gateway to suppress bark in getnbrinfo().
XXX: such routes should have the GATEWAY flag, not the LINK flag.
However, there is rotten routing software that advertises all
routes that have the GATEWAY flag without careful examination.
Thus, KAME kernel intentionally does not set the LINK flag. What
is to be fixed is not ndp, but such routing software (and the
kernel workaround).
2001-06-01 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (icmp6_reflect): used the default
hoplimit value when rcvif is NULL. Without the change, icmp6
error packets would be sent with 0 hoplimit.
All KAME snaps after the following change should be updated:
Wed Apr 4 19:49:39 JST 2001 itojun@iijlab.net.
2001-06-01 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_cache_lladdr): when the link-layer
address of a router changes, select the best router again. This
is important especially when the neighbor entry is newly created,
since it might make a new default router that is probably
reachable, which affects the selection policy.
Fri Jun 1 00:44:00 JST 2001 sakane@kame.net
* sys/netkey/key.c:
Fixed to make a response in key_spdadd().
reported by <R.P.Koster@kpn.com>
<200105>
2001-05-31 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_trans.c:
- translate LPRT -> PORT.
- translate PORT result(*1) to LPRT result(*2).
*1: 200 PORT command successful.
*2: 200 LPRT command successful.
You can connect IPv6 FTP client to IPv4 FTP server with
passive mode or non passive mode.
Restrictions:
o When you use non passive mode, and IPv4 FTP server does
not use port Number 20 as a destination port, your ftp
session will fail.
2001-05-31 suz@sdl.hitachi.co.jp
* sys/netinet6/{nd6.c, nd6.h, nd6_rtr.c, mip6_md.c}
bsdi3/sys/i386/conf/GENERIC.v6
freebsd4/sys/i386/conf/GENERIC.KAME
implements router-preference on host side. (not enabled
yet. plese include "option RTPREF" in your kernel to make
use of this feature.) [will commit kernel config for other OS,
when I confirm its compilability]
2001-05-31 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/libinet6/getaddrinfo.c (explore_numeric): when a
numeric address is given to getaddrinfo() with the AI_CANONNAME
flag, set the name itself to each ai_canonname field of the
returned addrinfo chain.
Without the change, getaddrinfo would leave the field NULL, which
would annoy some applications.
(the change follows 2553bis-03)
2001-05-29 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_trans.c
- Translate LPSV to PASV.
- Translate PASV result(*1) to LPSV result(*2).
*1: 227 Entering Passive Mode (...)
*2: 228 Entering Long Passive Mode (...)
Todo: LPRT -> PORT, PORT result -> LPRT result.
2001-05-29 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_{defs.h,trans.c,tslot.c,var.h}
- convert FTP EPRT command to PORT.
Now, you can connect IPv6 host to IPv4 ftp server when passive
mode is off.
Todo: LPSV/LPRT
Mon May 28 00:24:45 JST 2001 itojun@iijlab.net
* sys/netinet6/raw_ip6.c: declare struct rip6stat. gather statistics
on SOCK_RAW sockets (except for icmp6 sockets) for debugging aid.
req'ed by yasu.
TODO: netstat(1) support for bsdi4
Sat May 26 23:40:50 JST 2001 sakane@ydc.co.jp
* freebsd4/sys/netinet6/raw_ip6.c:
Fixed IPV6_USE_MIN_MTU behavior in rip6_output().
Thu May 24 18:18:24 JST 2001 sakane@ydc.co.jp
* kame/racoon:
Enabled passive mode. Racoon never initiate IKE session
if passive mode is defined in the configuration file.
Thu May 24 17:59:51 JST 2001 sakane@ydc.co.jp
* sys/netkey/key.c:
Fixed to get a SA to be used when of SADB_ADD, SADB_UPDATE
and SADB_GETSPI. In the case of add, update and getspi, "reqid"
must to be take care when of looking for a SA.
Thu May 24 17:21:05 JST 2001 itojun@iijlab.net
* sys/netinet6/in6_rmx.c (freebsd[34]): do not configure tcp
send/receive buffer size onto routing table. honor socket buffer
size. not tested.
2001-05-23 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_{defs.h,trans.c}
- Fix a bug in calculation of TCP ack.
- Remove unused function(s). These functions were unnecessary.
decrementSeq() and incrementAck().
Tue May 22 20:01:05 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd4/usr.bin/telnet: make buildable with 2292bis API.
Tue May 22 17:00:41 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_input.c: repair mbuf alignment code in
!PULLDOWN_TEST case (netbsd/openbsd are not affected).
M_COPY_PKTHDR should have been used prior to MCLGET.
2001-05-22 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtsold/rtsold.c (rtsol_timer_update): changed the
timeout period after sending MAX_RTR_SOLICITATIONS solicitation
from RTR_SOLICITATION_INTERVAL to MAX_RTR_SOLICITATION_DELAY
according to the last paragraph of RFC 2461 Section 6.3.7.
In response to: a comment from Pekka Savola <pekkas@netcore.fi>
2001-05-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/udp6_output.c (udp6_output): if the
destination address is an IPv4-mapped IPv6 address which is
supposed to be sent as an IPv4 packet, call in_selectsrc to
determine the source IPv4 address. Also, some parameters to
caclulate the IPv4 checksum are corrected.
2001-05-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* {kame,*bsd}/sys/netinet{,6}/many files: added complete support
of the IPV6_V6ONLY socket option;
- it now prohibits the outbound direction as well as inbound.
- it considers the cases where the option is specified for an already
bound, connected, or listening socket.
- it works for bsdi4 as well as for other BSDs (except OpenBSD).
2001-05-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_input.c (ip6_input): in the 'goto ours'
check, do not accept packet if the corresponding route has the
cloned bit. This fix should solve the problem that some OSes
mistakenly accept a packet to fe80::2%lo0.
XXX: the added check is not intuitive, and I'm not 100% sure this
change will never introduce another kind of problem. We might
reconsidr to solve the problem in a more explicit manner.
The fix was based on a report from Hajimu UMEMOTO
<ume@mahoroba.org>.
Fri May 18 17:10:10 JST 2001 sakane@ydc.co.jp
* kame/racoon:
Fixed to copy "reqid" into a proposal table from policy entries.
The exchange failed when policy level "unique" was specified.
Fri May 18 14:50:56 JST 2001 sakane@ydc.co.jp
* kame/setkey:
Enabled to get a protocol number from /etc/protocol as upper layer
protocol. "icmp6" and "ip4" still can be used.
2001-05-17 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/frag6.c (frag6_input): plugged memory leak in
overlapping fragments cases.
Suggested by hitachi guys via sumikawa@kame.net.
Thu May 17 12:50:40 JST 2001 itojun@iijlab.net
* sys/netinet6: remove OLDIP6OUTPUT codepath. notified from sumikawa
(i remember i said i would do this, a long time ago)
Wed May 16 12:04:57 JST 2001 sakane@ydc.co.jp
* sys/netinet6/ah_input.c:
don't flip ip_id *back* in freebsd4.x case.
reported by <ume@mahoroba.org>.
Mon May 14 23:01:30 JST 2001 itojun@iijlab.net
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c: drop IFF_LINK0
(multi destination mode) support.
Mon May 14 00:42:52 JST 2001 suz@sdl.hitachi.co.jp
* kame/kame/mld6query/mld6.c: fixed a bug in argument handling.
from Mickael Hoerdt <hoerdt@clarinet.u-strasbg.fr>
2001-05-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/INSTALL: added a note about ppp.diff
based on a comment from <murakami@pana.net>.
2001-05-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/usr.bin/telnet/commands.c (tn): corrected a loop for
connect(2) after getaddrinfo(3).
The fix was from <murakami@pana.net>
Wed May 9 20:15:22 JST 2001 itojun@iijlab.net
* ping6/ping6.c: correct signal handling with
"ping6 -f <nonexisting peer>". from hash@iij.ad.jp.
2001-05-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/bindtest: added supplement tests to see which sockets
receive which packets.
Two new option -1 and -2 were added to support TCP cases of the
above test.
Another new option -6 was also added to support the IPV6_V6ONLY
option if available.
* kame/kame/bindtest/test.sh: added new tests based on the above
enhancement.
2001-05-07 Shin'ichi Fujisawa <fujisawa@kame.net>
* sys/netinet6/natpt_{defs.h,trans.c}
Support EPSV command/response pair to/from PASV command/respons
translation. You can use ftp from IPv6 client to IPv4 ftp
server, if it is passive mode.
2001-05-05 Shin'ichi Fujisawa <fujisawa@kame.net>
* sys/netinet6/natpt_{log,trans}.c
Remove warning in compilation.
2001-05-05 Shin'ichi Fujisawa <fujisawa@kame.net>
* sys/netinet6/natpt_*.[ch]
* kame/natptconfig/*.[chly]
- Remove the code which considered FAITH.
This facility is not thought about well. If there is need, we had
better reconsider this.
Wed May 2 16:30:34 JST 2001 sakane@ydc.co.jp
* kame/racoon:
- logged the openssl version when racoon starts.
- fixed to check whether to process the pfkey message received.
moved the routine into each pfkey handler.
2001-05-01 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd4/sys/net/if.c (if_detach): reversed the order of
in6_ifdetach and rnh_walktree(if_rtdel). Since IPv6 interface direct
routes are expected to be removed by the IPv6-specific kernel API,
the old order would cause some inconsistency between the routing
entries and IPv6 specific data structures.
Wed May 2 02:01:25 JST 2001 itojun@iijlab.net
* sys/netkey/key.c: correct varaible initialization in inbound
tunnel policy checking. From: Gunther Schadow
Tue May 1 16:49:24 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_forward.c: turn on PROHIBIT_P2PREDIRECT by default,
based on discussion on ipngwg mailing list. see changelog on
sep 12 2000 by jinmei@kame.net
<200104>
Sun Apr 29 12:25:48 JST 2001 itojun@iijlab.net
* sys/netinet6/raw_ip6.c (except freebsd[34]): plug mbuf leak on
sysctl(IPV6_CHECKSUM).
Sat Apr 28 00:09:10 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6.c (freebsd): repair backward binary compatibility
breakage for SIOCGIFINFO_IN6.
see changelog on Sat Feb 17 01:51:43 JST 2001.
if you are on freebsd systems please make sure to recompile
/usr/local/v6/sbin/ndp with the new header files.
/usr/sbin/ndp should work fine with the latest kernel.
Fri Apr 27 17:53:54 JST 2001 itojun@iijlab.net
* sys/netinet6/in6.c:in6_ifinit(): make it work with stf interface.
initialize ia_addr before if_ioctl(SIOCSIFADDR), to meet historical
practice in in_ifinit().
* sys/net/if_stf.c: pickup a correct outer IPv4 destination address,
even if the gateway portion on the routing table is set to non-6to4
address, like:
# route add -inet6 2002:: -prefixlen 16 ::1 -ifp stf0
* netbsd/sbin/ifconfig/ifconfig.c: allow "deprecated" flag to be
set by user. it is useful to configure outgoing-only stf interface,
like:
# ifconfig stf0 inet6 2002:d2a0:5f68::1 prefixlen 16 alias deprecated
* sys/net/if_stf.c: IFF_LINK0 disables the input path.
2001-04-27 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_rtrequest): stop process if
nd6_need_cache() is 0 and the route is not a host route (which
should probably be an interface direct route on a link that does
not need neighbor cahces). Otherwise, the function would set the
RTF_LLINFO flag, which would annoy the ndp(8) command.
* kame/sys/netinet6/nd6_rtr.c (nd6_prefix_onlink): did not set
the RTF_GATEWAY flag even for !nd6_need_cache() cases. The
intention was to prevent the process of nd6_rtrequest(), but we do
not need the flag, since we now explicitly disable the process.
Setting the RTF_GATEWAY flag is not the best way, because routes
with the flag can mistakenly be deleted by user applications.
Tue Apr 24 15:29:51 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd4: sync with 4.3-RELEASE
Fri Apr 20 23:59:21 JST 2001 itojun@iijlab.net
* sys/netinet6/in6_pcb.c: (netbsd): fix #if clause with NOIPPRIVPORTS.
the old code mistakenly allowed bind(2) from non-privileged user
onto privilege ports (netbsd integrated trees, like plain NetBSD 1.5
are not affected). from k-sugyou.
Thu Apr 19 18:26:49 JST 2001 sakane@ydc.co.jp
* sys/netinet6/ah_input.c:
Fixed to mismatch AH checksum on FreeBSD4. ip->ip_id was reversed
before calculating IPv4 ah checksum, but this operation is not
necessary for FreeBSD4. Only FreeBSD[23], openbsd and bsdi3 need.
The problem doesn't appear on the FreeBSD original tree.
2001-04-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/pim6[ds]d/mld6_proto.c: clarifications and cleanups;
- removed an incorrect check in accept_listener_query(), which was
rather harmful.
- ignore queries if the receiving node is the querier.
- removed a redundant check in accept_listener_query().
- removed the al_old member of the listaddr structure, and all
references to the member. This should be safe, because there
is effectively no use of the member. This change should also
make the code more conformant to RFC 2710.
All the changes were based on comments from Mickael Hoerdt
<hoerdt@clarinet.u-strasbg.fr>.
Sun Apr 15 14:38:58 JST 2001 itojun@iijlab.net
* sys/netinet6/ipsec.c: on IPsec tunnel mode encapsulation, do not
copy TTL (or hop limit) value from inner to outer IP header.
From: Ronald.vanderPol@surfnet.nl
Wed Apr 11 18:52:26 JST 2001 sakane@ydc.co.jp
* racoon:
Supported to get a certificate from DNS CERT RR.
Also getcertsbyname() is implemented In order to get CERT RRs.
This function can use lwres.a if HAVE_LWRES is defined when racoon
is compiled.
XXX need more local test and interoperability test.
XXX should be arranged too many certificate stuff in racoon.conf.
2001-04-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_pcbopt):
* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions):
prevented invalid (anycast or unready) addresses from being
specified as the packet's source address using the IPV6_PKTINFO
socket option or ancillary data.
2001-04-10 Jason R. Thorpe <thorpej@zembu.com>
* racoon/pfkey.c: pk_recvacquire(): Make sure the phase1
and phase2 handlers are unbound before the phase 2 handler
is deleted.
* racoon/isakmp.c: ph1_main(), quick_main(): Add the message
to the received-list before processing to ensure the packet
isn't processed twice in case of an error.
isakmp_post_acquire(): Don't unbind the phase1/phase2 handlers;
let the caller do it.
isakmp_newcookie(): Plug memory leaks.
From George Yang <gyang@zembu.com>.
* racoon/ipsec_doi.c: get_ph2approvalx(): When we find a
matching saprop, make sure to flushsaprop(pr0), as the returned
saprop is a copy. Fixes a memory leak.
From George Yang <gyang@zembu.com>.
* racoon/isakmp_quick.c: quick_r2send(): Make sure to vfree(data)
if we fail to allocate a new body. Fixes a memory leak.
From George Yang <gyang@zembu.com>.
Tue Apr 10 22:51:26 JST 2001 suz@sdl.hitachi.co.jp
* rtadvd/config.c, rtadvd/rtadvd.h, rtadvd/rtadvd.conf.5
you can advertise route information option as stated in
draft-draves-ipng-router-selection-01.txt.
* sys/netinet/icmp6.h (nd_opt_route_info, ND_OPT_ROUTE_INFO)
* kame/sys/netinet/icmp6.h added a macro and a structure
for route information option.
Note that these are still non-standard.
Note: before compiling the latest rtadvd, you have to install the
header file, and (probably) perform "make clean".
2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/in_proto.c (inetsw[]): set ipsec_sysctl
correctly. Without this, "netstat -p ipsec -s" does not work.
2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/tcp_input.c (tcp_peer_mss): avoided
IPv6 fragmentation when IPV6_USE_MIN_MTU is required.
Fri Apr 6 23:25:19 JST 2001 sakane@ydc.co.jp
* racoon:
implemented to generate the policy in the responder side automatically.
If the responder does not have any policy in SPD during phase 2
negotiation, and the directive is set on, then racoon will choice
the first proposal in the SA payload from the initiator, and generate
policy entries from the proposal. This function is for the responder,
and ignored in the initiator case.
XXX should be checked tunnel mode case.
2001-04-04 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Add support for the Dmalloc debugging malloc
library. This library gives very nice memory usage
statistics and leak information.
Thu Apr 5 03:42:24 JST 2001 suz@sdl.hitachi.co.jp
* kame/v6test/getconfig.c: v6test supports arbitrary raw packet
advertisement, such as OSPFv3, Tunnelled packet etc.
Wed Apr 4 22:47:27 JST 2001 sakane@ydc.co.jp
* racoon:
support scopeid. base code was from <Francis.Dupont@enst-bretagne.fr>.
it should be considered more.
Wed Apr 4 19:49:39 JST 2001 itojun@iijlab.net
* sys/netinet6/icmp6.c: make sure we do not pass mbuf with
bogus m->m_pkthdr.rcvif, to icmp6_reflect(), on icmp6 error
generation.
Wed Apr 4 13:17:00 JST 2001 suz@sdl.hitachi.co.jp
* kame/v6test/getconfig.c
fixed a bug that you cannot specify an optional value if its
MSB is on.
2001-04-03 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Better integration of debugging malloc libraries.
Use wrapper macros (racoon_{malloc,calloc,free,realloc}())
so that debugging malloc implementations can get file/line
info, and also put traditional malloc/calloc/free/realloc
stubs in the main program so that libraries linked with
racoon get the debugging allocators, as well.
Mon Apr 3 JST 2001 itojun@iijlab.net
* sys/netinet6/tcp6_output.c (freebsd2/bsdi3),
sys/netinet/tcp_output.c (netbsd/openbsd/bsdi4):
support IPV6_USE_MIN_MTU setsockopt on IPv6 tcp.
- pass IPV6_MINMTU down to ip6_output,
- on outgoing segment packing use 1280 (IPV6_MMTU) as packet size,
instead of MSS heard from the peer (except bsdi4/openbsd).
design memo:
do we need to play with MSS advertisement to the peer? I don't
think so, since:
- IPV6_MIN_MTU controls outbound traffic only
- outgoing MSS advertisement will control the inbound segment size.
though i agree that it is be useful to decrase MSS advertisement
to trick inbound PMTUD behavior, i believe it is a separate topic
from IPV6_MIN_MTU.
TODO: generate packets fit into 1280 bytes for bsdi4/openbsd
2001-04-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi3/sys/net/if.c (ifa_ifwithnet): disabled the check for
IFF_POINTOPOINT|IFF_LOOPBACK in ifa_ifwithnet(). The check for
IFF_POINTOPOINT was already disabled, but the check for
IFF_LOOPBACK should be disabled as well, in order to install
fe80::%lo0/64 correctly.
2001-04-01 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_input.c (ip6_input): clarified goto-ours
logic:
1. separated checks against spoofed ::1 src/dst from the goto-ours
check. This also fixed a bug that the kernel accepted a packet with
src=::1, dst=invalid (not assigned), rcvif=lo0
(you can test it by 'ping6 -S ::1 fe80::xxxx%lo0", where xxxx is
not an interface ID of lo0)
2. omitted a specical case for link-local destinations on a
loopback interface, because
- we now have a host route for fe80::1%lo0, so we can accept a
packet to the address using the generic logic.
- we can reject packets to fe80::xxxx%lo0 (xxxx != 1) by the check
for the RTF_GATEWAY bit for rt_flags (ip6_input.c line 872).
<200103>
Fri Mar 30 10:46:00 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6_rtr.c: repair inbound RA processing. broken
yesterday (with mobile-ip6 commit).
2001-03-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.h (IN6_IS_ADDR_xxx): made the macros safe
to the gcc's -Wcast-qual option.
Based on a comment from Brian Wellington
<Brian.Wellington@nominum.com>.
Thu Mar 29 16:31:34 JST 2001 itojun@iijlab.net
* sys/netinet6/mip6*: bring in latest ericsson mobile-ip6 code.
based on revision 13 of the mobile-ip6 draft. see TODO.mobile-ip6
for details.
2001-03-26 Jason R. Thorpe <thorpej@zembu.com>
* racoon/isakmp_ident.c: ident_ir2sendmx(): plug memory
leak -- gsstoken wasn't being freed at function exit.
2001-03-26 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Changes to Vendor ID payload handling. Determine
which VID we will send on a per-proposal basis; we may need
to send a different one for each proposal depending on the
proposal contents (e.g. GSSAPI auth method). We no longer
set the Vendor ID in the localconf.
When matching the Vendor ID in check_vendorid(), use a table
of known Vendor IDs, and return the index, and maintain a list
of extensions that vendors implement (e.g. GSSAPI auth method).
XXX We have a slight hack to recognize the Windows 2000 Vendor
ID. Need to clarify with the Microsoft IPsec guys.
In Aggressive Mode, as responder, when sending first
response, make sure to include a Vendor ID payload.
In Main Mode, as responder, when sending first response,
make sure to include a Vendor ID payload.
XXX Still more Vendor ID processing fixes to go. And
GSSAPI auth doesn't interoperate with Windows 2000 yet.
Sun Mar 25 18:11:24 JST 2001 itojun@iijlab.net
* sys/netinet6/{ip6_mroute,in6_prefix}.c: add missing splx.
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
* sys/netinet6/ip6_output.c: correct dangling pointer in jumbogram
output logic.
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
2001-03-23 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_*.[ch]
- Change MALLOC type M_TEMP to M_NATPT.
This causes serious memory leak in FreeBSD4.2 when leave M_TEMP.
2001-03-23 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (ni6_addrs, ni6_store_addrs):
If the 3rd bit of the icmp6_nodeinfo sysctl variable is clear,
- do not respond to node info FQDN to an RFC3041 temporary address.
- do not include temporary addresses in a node info Node Addresses
reply.
This bit is clear by default based on privacy consideration.
Thu Mar 22 08:06:30 JST 2001 sakane@ydc.co.jp
* racoon:
fixed to parse modp1536 of DH group. reported by <shigeru@iij.ad.jp>
2001-03-22 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_cache_lladdr): set nd6_gctimer to
ln_expire just after the state transition to STALE. This change
fixed a bug that a longer timer value was mistakenly set, after
transition to the delay ND state. The bug could delay NUD, but it
does not happen in a normal operation. Thus, you do not
necessarily have to update the kernel in a hurry.
The bug was introduced around Jan 20th, 2001, and was found by a
recent TAHI conformance check.
Thu Mar 22 04:56:57 JST 2001 sakane@ydc.co.jp
* racoon/policy.c:
fixed to compare between policies when the responder decides to
accept the proposal or not. the upper layer protocol is represented
by 0 in ID payload.
Thu Mar 22 04:15:43 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_input.c (netbsd): inject packet to ipfilter
only if it is wire format (not if it went through ipsec tunnel).
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
2001-03-22 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd/config.c (getconfig): allow router preference
values to be specified in the "raflags" directive.
* kame/sys/netinet/icmp6.h (ND_RA_RTPREF_xxx): added definitions
for router preferences. Note that these are non-standard.
Note: before compiling the latest rtadvd, you have to install the
header file, and (probably) perform "make clean".
Thu Mar 22 01:45:32 JST 2001 sakane@ydc.co.jp
* racoon:
fixed potencial of a buffer overrun when adding a ID payload to
the ISAKMP payload. It happened when policy is both to use IPSec
transport mode and not to specify a transport protocol.
reported by <cs@purdue.edu>.
Thu Mar 22 00:26:51 JST 2001 itojun@iijlab.net
* sys/netinet6/icmp6.c: update MTU on path MTU timeout.
noted by onoe@sm.sony.co.jp.
* ndp/ndp.c: do not dereference null pointer. from tomomi suzuki
2001-03-20 Shin'ichi Fujisawa <shin@loquat.rant.net>
* sys/netinet6/natpt_trans.c: Put IPPROTO_UDP into IPv6 header.
Because conversion of IP header part is shared with TCP, default
protocol was set as TCP.
* sys/netinet6/natpt_trans.c: Calculate UDP checksum which was
converted to IPv6. I forgot to re-calculate it.
Tue Mar 20 11:56:08 JST 2001 itojun@iijlab.net
* sys/netinet6/icmp6.c: change interpretation of
net.inet6.icmp6.nodeinfo from true/false to bitmap.
2^0 (= 1) bit: respond/ignore FQDN query (ping6 -w)
2^1 (= 2) bit: respond/ignore NODEINFO query (ping6 -a)
2001-03-19 Shin'ichi Fujisawa <shin@dianthus.kame.net>
* Add initial version of NAT-PT plan.
2001-03-18 Shin'ichi Fujisawa <fujisawa@kame.net>
* freebsd4/sys/netinet/ip_input.c
- Move NATPT hook to just before check to see if the packet is
for us. Because NATPT need one more extra IPv4 address to
translate IPv6 to IPv4 when this NATPT hook was put after this
inspection.
- Change indent to an 8 character tab.
* kame/sys/netinet6/natpt_dispatch.c
- Add IPv6 outbound packet counter.
- Fix bug of comparison that size of packet exceeds mtu.
* kame/sys/netinet6/natpt_trans.c
- Fix a bug to clear UDP header when calculate UDP checksum.
* kame/sys/netinet6/natpt_{defs.h,dispatch.c,tslot.c}
- Remove code evading a bug of SuMiRe NAT.
SuMiRe NAT is obsolete.
Thu Mar 15 20:39:03 JST 2001 sakane@ydc.co.jp
* racoon:
- fixed a phase 2 handler deletion. racoon will delete a phase2
handler immediately when hard lifetime expires.
- check a unit of the timer in the configuration file.
Thu Mar 15 17:48:54 JST 2001 itojun@iijlab.net
* sys/netinet/ip_mroute.c: use sys/netinet/ip_encap.c framework
for inbound packet dispatch.
2001-03-15 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_ifinit): always set nd6_rtrequest
to ifa_rtrequest.
* kame/sys/netinet6/nd6_rtr.c (nd6_prefix_onlink): because of the
above change, the function does not set the ifa_rtrequest
function.
* kame/sys/netinet6/in6.c (in6_ifloop_request): set the address
itself as gateway, and set the corresponding host route to the
RTF_LLINFO, so that the route would have the flag, and thus
applications (e.g. routing daemons) that assume traditional kernel
behavior would be happy. Older versions made the route to the
node's own address like this:
2001:200::3ca2:ffef:eff5:f9fd ::1 UH lo0
However, since some routing daemons try to install kernel internal
routes that do not have the RTF_LLINFO flag, this kind of entry
could cause unintentional host routes propagated. The new kernel,
instead, installs
2001:200::c049:d099:ab4b:b637 0:a0:12:34:ab:cd UHL lo0
just like far older versions of the kernel (except for the
existance of the cloned bit), which installed the host route as a
cloned route from the corresponding interface direct route.
2001-03-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd2/ports/wu-ftpd: upgraded to wu-ftpd 2.6.1. Since there
are security holes in older versions, upgrade is recommended.
Mon Mar 12 20:17:43 JST 2001 itojun@iijlab.net
* sys/crypto/sha2/sha2.c: hmac-sha2-{256,384,512} support. attaches
96 bits of crypto checksum (not sure if this is right - there's no
draft on this).
TODO: interop tests
2001-03-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_output): added a couple of
missing splx() for OpenBSD IPsec.
2001-03-08 Atsushi Onoe <onoe@sm.sony.co.jp>
* kame/route6d.c: correct deleting host route, based on
report from enami@sm.sony.co.jp.
2001-03-06 Jason R. Thorpe <thorpej@zembu.com>
* kame/racoon/schedule.c: Implement sched_scrub_param(),
which kills all scheduler work queue entries which a
specified parameter.
* kame/racoon/handler.c: Use sched_scrub_param() to make
sure no references to a handler exist when it is freed.
2001-03-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (nd6_prefix_onlink): set RTF_GATEWAY
to an interface direct route when nd6_need_cache() is false, in
order to prevent nd6_rtrequest() from setting RTF_LLINFO (which
annoys the ndp(8) command).
This change is based on a report from nobumichi ozoe
<nobumichi_ozoe@ydc.co.jp>.
Tue Mar 6 09:22:56 JST 2001 itojun@iijlab.net
* sys/netinet6/raw_ip6.c: permit IPV6_CHECKSUM socket option for
the following cases only (previously it was allowed for any AF_INET6
socket): raw ip6 socket, and protocol != IPPROTO_ICMPV6.
RFC2292 section 3.1. commented by yoshfuji.
2001-03-05 Jason R. Thorpe <thorpej@zembu.com>
* kame/racoon/gssapi.c: Use GSS_C_MECH_CODE when reporting
GSSAPI errors.
2001-03-05 Jason R. Thorpe <thorpej@zembu.com>