Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
6538 lines (5271 sloc) 257 KB
$Id: CHANGELOG,v 1.108 1999/09/12 17:07:23 jinmei Exp $
1999-09-13 JINMEI, Tatuya <>
* kame/kame/pim6sd/mtrace6: implemented in order to trace IPv6
multicast routing.
- kernel and multicast routing daemons should be updated as well.
- if you use cvsup, please be sure to `make clean' on the
directory `pim6sd' before update.
- mtrace6 feature is currently VERY experimental (we have no
official specification). You can't expect interoperability with
other implementations.
Sun Sep 12 23:44:00 JST 1999
* kame/dhcp6: experimental DHCPv6 client/server. many restrictions
due to incomplete implementation (and we may not be improving this
in the future). not included in default compilation tree.
use at your own risk.
Sat Sep 11 13:51:25 JST 1999
* kame/tcpdump: add support for dhcp6.
1999-09-09 JINMEI, Tatuya <>
* kame/kame/rtsold/rtsol.c (sendpacket): not call warnmsg even if
sendmsg fails (unless the error is a serious one). This change is
for a situation where a node has multiple interface cards and some
of the cards may be disabled.
Thu Sep 9 02:10:21 JST 1999
* netbsd/sys/net/if_ethersubr.c: grab IEEE802 MAC address as
seed of IPv6 interface index, on ether_ifattach().
this is for pcmcia ethernet cards inserted after bootstrap time.
(commits for other operating systems should follow)
Wed Sep 8 19:34:57 JST 1999
* netbsd/sys/dev/ic/sm91cxx.c: avoid duplicated multicast packet
reception on promiscuous mode. this fixes DAD failure during
promiscuous mode.
* sys/netinet6/in6_pcb.c: allow bind(2) to non-interface address,
if the socket is configred as FAITH socket. this is for allowing
ftp relay daemon to perform bind(2) on behalf of fake IPv4 address
on active data connection.
v6 ftp client --control---> ftp translator ----> v4 ftp server
"*" needs to be fake IPv4 address generated from translation pool
prefix and the address for v4 ftp server.
1999-09-08 JINMEI, Tatuya <>
* bsdi3/sbin/ifconfig/ifconfig.c (findaddr): used AF dependent
comparison functions instead of simple binary comparison. With
this fix, you can use ifconfig add, remove and modify commands for
IPv6 link-local addresses without embedding an interface
identifier. That is, you can do
# ifconfig ef0 inet6 remove fe80::1
instead of
# ifconfig ef0 inet6 remove fe80:2::1
Tue Sep 7 16:42:41 JST 1999
* kame/rip6query: use getaddrinfo() and getnameinfo(), not inet_pton()
and alike. allow interface to be specified with -I.
* netbsd/usr.bin/whois: fix getaddrinfo() loop.
* kame/racoon: fix compilation with --disable-ipv6 (include path).
* sys/netinet6/ipsec.c: support IPsec-only kernel compilation again.
* sys/netkey/key.c: allow any SPI value to be put into kernel,
for IPComp SA that uses well-known CPI field.
* kame/libipsec: allow "setkey -D" on IPComp SA.
* kame/tcpdump/print-ripng.c: format ripng information better
if -v is specified (but it eats more lines on screen).
Tue Sep 7 13:09:06 JST 1999
* kame/kame/sys/netinet6:
Implemented IPv6 forwarding with IPsec slightly.
It's enable if you define IPSEC_IPV6FWD option in kernel
configuration file.
XXX ICMPv6 for IPsec tunnel should be considered.
Tue Sep 7 10:09:53 JST 1999
* kame/sys/netkey/key.c:
Fixed kernel crash when you set SP by spdadd command of setkey.
Sun Sep 5 04:00:08 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd[23]/ports/ucd-snmp:
upgrade to latest IPv6 patch. icmp6 per-if stat is now available.
Sun Sep 4 JST 1999
* sys/netinet6/in6_ifattach.c: invert "u bit" on interface id for
pseudo interfaces, as suggested in RFC2373. This was mistakingly
dropped during migration to new repository.
NOTE: interface id for pseudo interfaces (faith*, gif*, and alike)
will change after this fix. Please be sure to update your config
file if you have explicit link-local address embedded in rc files.
1999-09-03 JINMEI, Tatuya <>
* kame/kame/ping6: changed the semantics of `-a A' option. It now
specifies to require the responder's anycast addresses.
1999-09-03 JINMEI, Tatuya <>
* kame/sys/netinet6/icmp6.h (NI_NODEADDR_FLAG_ANYCAST): added
in order to get/tell a node's anycast addresses.
Note that this is not in the specification, just for experimental
1999-09-03 JINMEI, Tatuya <>
* kame/sys/netinet6/udp6_usrreq.c (udp6_output): embedded
interface index to a link-local destination. This fix solved a
bug that you can't send a UDP packet to a link-local destination
even when specifying its interface.
XXX: the code is almost same as rip6_output.
Fri Sep 3 11:19:45 JST 1999
* kame/traceroute, kame/traceroute6: do not bark even if IPsec
configuration (for bypassing IPsec) is failed. now both programs
should work fine on kernel without IPsec support compiled in.
Fri Sep 3 01:06:47 JST 1999
* netbsd/pkgsrc/net/mtr, freebsd[23]/ports/mtr:
mtr network diagnose tool, version 0.41 with IPv6 support.
* netbsd/pkgsrc/net/rsync, freebsd[23]/ports/rsync:
upgrade to latest IPv6 patch.
Thu Sep 2 17:35:13 JST 1999
Fix alignment problem for routing socket on NetBSD/alpha.
* kame/ndp/ndp.c: Be more struct about alignment constraint in routing
socket messages (is aligned to sizeof(long) by ROUNDUP() in
* netbsd/sbin/route, kame/route6d, kame/bgpd, netbsd/usr.bin/netstat:
Fix alignment constraint for routing socket messages.
1999-09-02 JINMEI, Tatuya <>
* kame/sys/netinet6/: changed hop limit selection algorithm;
hop limit stored in the template header is not considered.
Also, TCP6 was changed to always select hop limit when sending
segment in order to reflect IPV6_UNICAST_HOPS setsockopt and
current hop limit adverised via router advertisements.
Thu Sep 1 17:00:14 JST 1999
* kame/kame/ping6,traceroute,traceroute6,rrenumd,mchat and so on.
Fixed policy specification due to the modification of policy
XXX In rrenumd, not implemented to specify inbound policy.
I must consider rrenumd's behavior.
XXX In inetd, What should i take deal of in/out ? #@ in/out ?
Thu Sep 1 16:53:14 JST 1999
* kame/kame/racoon:
Fixed argument of pfkey function call due to the modification
of libipsec. But I have not tested, so probably racoon can't run.
Thu Sep 1 16:50:14 JST 1999
* kame/kame/setkey,libipsec
- Changed SA specification,
NEW; add a::1 b::1 esp 0x1111 ...
OLD; add a::1 b::1 0x1111 -p esp ...
- Changed SP specification,
NEW; spdadd a::1/64[32] b::1/64[24] tcp
-P in ipsec esp/transport/::1-::1/require ;
- Changed some function in libipsec due to above modification.
- Added some function into libipsec for policy management.
Thu Sep 1 16:43:14 JST 1999
Modifyed IPsec policy management. As this modification, it's
enabled to,
1. make a SA to use both transport mode and tunnel mode.
2. make a SA to assign multiple SP entries.
3. check separately inbound SP and outbound SP.
Abstract of modification is
- Deleted a policy holder from pcb, alternatively added two policy
holderes that are inbound and outbound respectively.
- IP{V6,}_IPSEC_POLICY is devided two optname, IP{V6,}_IPSEC_POLICY_IN
- "proxy" address has gone away. SA is always specified by both
source and destination address without prefix, port number and
upper layer protocol.
- It's always use IPPROTO_XX as security protocol type internal.
So when using PF_KEY I/F, must map internal type to SADB_SATYPE_XX.
- changed the meaning of value of protocol and port. 0 is one of
the number of each value.
- Begin to add IPsec processing into ip6_forward.
Wed Sep 1 14:14:43 JST 1999
* usr.bin/ftp (all platforms): On data connection establishment,
warn if scoped address is used. If peer (ftp daemon) does not
handle scoped address, data connection may not work right.
* libexec/ftpd (all platforms): Copy sin6_scope_id from control
connection to active data connection destination, hoping
this to help ftpd's behavior with scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way
available to us. LPRT or EPRT command gives no information
about which interface (or scope) to be used for new data connection.
This seems to be sort of protocol spec twist.
Tue Aug 31 18:37:00 JST 1999
* openbsd: made GENERIC.v6 at least compilable.
GENERIC.v6 kernel boots okay, replies to ping6.
transport layer (AF_INET6 raw/tcp/udp socket) needs more work.
IPSEC support is completely broken (we have NRL/OpenBSD/KAME IPSEC
code in the tree, I am not quite sure how to solve this).
Tue Aug 31 03:07:16 JST 1999
* netbsd: Upgrade base version to 1.4.1. There's not too many
changes between NetBSD 1.4 and 1.4.1, so it should be possible
to install KAME/NetBSD141 on top of NetBSD 1.4 installation.
To get 1.4.1 libc and other important portions, I'd suggest
upgrading to 1.4.1, however.
Updated files are:
sys sbin/ifconfig sbin/ping usr.bin/ftp libexec/tftpd
1999-08-30 JINMEI, Tatuya <>
* kame/sys/netinet6: changed to use nd6_output() instead of
ifp->if_output() when sending a packet to a link-layer in various
cases. This change might affect some fundamental parts of sending
IPv6 packets such as forwarding a packet and neighbor
discovery. If you find instability, please let me know.
Mon Aug 30 13:10:15 JST 1999
* kame/rtsold: check for invalid RAs, like non-zero icmp6 code or
non-linklocal source address. Found by TAHI team.
Mon Aug 30 11:48:41 JST 1999
* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.78a.
Sat Aug 28 16:32:29 JST 1999
* netbsd/usr.bin/whois: IPv6-ready whois client.
Sat Aug 28 15:28:16 JST 1999
* kame/rtsold: fix rtsol's behavior when link-local address is
considered a duplicated address (by DAD).
Fri Aug 27 12:23:19 JST 1999
* netbsd/sys/netinet/tcp_subr.c: fix IPsec header size consideration
during TCP mss computation. you will see no fragmentation on
IPsec'ed TCP packets.
Thu Aug 26 22:36:07 JST 1999
* kame/tcpdump/print-ip.c: fix length printer for IPv4 first framgnet.
variable was broken during onion peeling and garbled value was
1999-08-26 JINMEI, Tatuya <>
* kame/kame/pim6sd/vif.c: changed the type of return value of
vif_forwarder() from if_set * to int.
Also, introduced a new function vif_and(), which is inteded to be
called from age_routes() instead of vif_forwarder(). The new
function is added in order to prevent bcopy from a NULL pointer,
which causes pim6sd hang up.
Thu Aug 26 18:01:27 JST 1999
* kame/sys/netinet6/frag6.c (frag6_init): changed ip6_id setting
algorhytm. it is borrowed from ip6_init(). ip6_id(initialized
fragmentation value) was always 0 on FreeBSD/NetBSD(was 3 on BSDI)
since it seemes tv/time_second is not set when calling
Thu Aug 26 05:07:49 JST 1999
* kame/tcpdump: print the idetification of fragment headers when
using -v flag
1999-08-26 JINMEI, Tatuya <>
* kame/sys/netinet6/ah_core.c (ah6_calccksum): fixed a bug
of pointer adjustment to chase options. The bug might cause
kernel panic when trying to calculate ICV for a HbH or a Dst options
header including an immutable option.
Thanks to the TAHI project( for finding the
1999-08-26 JINMEI, Tatuya <>
* sys/netinet6/in6_pcb.c (in6_selecthlim): added to select hop
limit for an outgoing packet in various situations. The algorithm
is as follows:
1. The hop limit field of the template header.
2. Hoplimit value specified via ioctl.
3. (If the outgoing interface is detected) the current
hop limit of the interface specified by router advertisement.
4. The system default hoplimit.
UDP6 and raw IP6 directory use this function. TCP6 uses this via
This change fixes the problem that IPV6_UNICAST_HOPS did not work
for a UDP6 and a raw IP6 socket.
Thanks to Tetsuya Isaki <> for
finding the problem.
Wed Aug 25 22:45:15 JST 1999
* kame/rtsold: Fix segv when invoked as normal user, not root.
do not wait forever if -1 is specified (or invoked as rtsol).
Wed Aug 25 19:59:49 JST 1999
* freebsd[23]/ports/ncftp3, netbsd/pkgsrc/net/ncftp3: upgrade to
latest IPv6 patch
Wed Aug 25 18:46:48 JST 1999
* freebsd[23]/ports/inn: update IPv6 patch.
From: Satosi KOBAYASI <>
1999-08-25 JINMEI, Tatuya <>
* kame/sys/netinet6/ah_core.c (ah6_calccksum): corrected the
length parameter for auth. data calculation at the end of
Problem reported by the TAHI project(
Wed Aug 25 11:24:43 JST 1999
* kame/racoon: Fix compilation on NetBSD/alpha.
Fix portability issue with ssleay/openssl. However, we cast
most of parameters to des_xx() into void *, which is not a very
good way to solve this issue.
Wed Aug 25 02:31:54 JST 1999
* freebsd3/ports/pfs: add pfs(personal file system)
* freebsd[23]/ports/emacs20: more sophisticated IPv6
supporting. Patched by:
1999-08-25 JINMEI, Tatuya <>
* kame/kame/pim6dd/debug.c (dump_lcl_grp): added to show status of
local listeners with some timer values.
Wed Aug 25 00:12:56 JST 1999
* freebsd[23]/ports/netperf, netbsd/pkgsrc/net/netperf: upgrade to
latest IPv6 patch
Tue Aug 24 23:45:36 JST 1999
* freebsd[23]/ports/mrt, netbsd/pkgsrc/net/mrt: upgrade to mrt 2.0.0a.
1999-08-24 JINMEI, Tatuya <>
* kame/kame/pim6dd: fixed a bug that pim6dd with a local listener
didn't correctly stop forwarding when it became an assert looser.
(The bug seemed to be derived from the original pimdd.)
Thanks to Mickael Hoerdt<> for finding
the problem.
Tue Aug 24 18:19:19 JST 1999
* netbsd/sys/netinet/tcp*.c: Improve syn cache cleanup again.
When listening socket goes away, syn cache entries associated to the
listening socket will never be used. Therefore, it makes more sense
to nuke all assockated syn cache entries when listening socket
goes away.
NOTE: On 4.4BSD, it was possible to run SYN-SYNACK-ACK handshake even
if listening socket goes away in the middle (as sonewconn is called
right after SYN reception). After introduction of syn cache,
the behavior was changed (if listening socket goes away in the
middle, no negotiation will be successful).
KAME change will keep the latter behavior.
Suggested by: Jason Thorpe
Tue Aug 24 08:18:00 GMT 1999
* bsdi3: fix manpage installation procedure to conform to
BSDI3 practice.
Tue Aug 24 16:42:54 JST 1999
* usr.sbin/rtsold, sbin/rtsol: Integrate rtsold and rtsol source code.
Behavior is switched by argv[0]. sbin/rtsol needs to be statically
linked for most of the platforms, so they are compiled separately.
This change will improve IPv6 spec conformance of rtsol(8).
Tue Aug 24 02:11:54 JST 1999
* etc/rc.net6: disallow multiple interfaces from being autoconfigured
on host case, added some comment on it.
IPv6 specification assumes, in many places, that autoconfigured
node has only single externally-visible network interface.
Autoconfiguring a node with multiple interfaces can cause unexpected
1999-08-24 JINMEI, Tatuya <>
* *bsd*/usr.{bin,sbin}/netstat: supported per-interface
statistics. Try
% netstat [-p [ip6|icmp6] | -f inet6] -s -I if_name
for printing statistics on a specified interface, or
% netstat [-p [ip6|icmp6] | -f inet6] -s -i
for all interfaces.
1999-08-24 JINMEI, Tatuya <>
* kame/sys/netinet6: implemented per-interface ICMPv6 statistics
based on RFC2466. ioctl(SIOCGIFSTAT_ICMP6) is available as API.
Note that this changes affect the size of struct in6_ifreq,
which means you have to recompile some applications using the
structure like ifconfig.
1999-08-22 JINMEI, Tatuya <>
* sys/netinet6/udp6_usrreq.c (udp6_output): now got rid of
in6_pcbconnect, which needs splnet and affects performance, since
we saw no essential reason for calling in6_pcbconnect.
Instead, in6_selectsrc and in6_pcbsetport are used in order to
fill in the local address and in the local port.
Fri Aug 20 20:27:34 JST 1999
* bsdi3/usr.sbin/inetd: inetd with IPv6 and IPsec support.
inet6d will be left uncompiled for good.
Fri Aug 20 18:13:36 JST 1999
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c:
do not capture tunnelled packet when gif interface is down
(not IFF_UP).
Fri Aug 20 15:26:59 JST 1999
* netbsd/sys/netinet/tcp_input.c: tentative fix to dangling pointer
problem in syn cache. may need updates.
Fri Aug 20 09:11:20 JST 1999
* freebsd[23]/ports/apache13, netbsd/pkgsrc/www/apache13:
* freebsd[23]/ports/bind8, netbsd/pkgsrc/www/bind8:
upgrade to new IPv6 patch.
Fri Aug 20 08:57:01 JST 1999
* sys/netinet6/in6.h: remove, or hide nonstandard macros/struct defs
from the userland programmers. if your code breaks with this change,
your program assumes something outside of RFC2553.
some of programs under "ports" or "packages" directory may fail to
compile. Please report if you find one.
Fri Aug 20 04:16:11 JST 1999
* freebsd[23]/ports/newbie, netbsd/pkgsrc/net/newbie: update to 0.22.
Fri Aug 20 00:23:42 JST 1999
* usr.sbin/racoon/racoon: fix SEGV due to duplicated free().
From: "Heiko W.Rupp" <>
Thu Aug 19 21:59:08 JST 1999
* sys/netinet/in_gif.c: if you run KAME/NetBSD prior to the change
as router, sometimes kernel paniced due to failure to include
opt_ipsec.h into this file. I really hate opt_xx.h...
From: Kazuto Ushioda <>
1999-08-19 JINMEI, Tatuya <>
* kame/sys/netinet6/{ip6_output.c, nd6.c}: use nd6_output by
default. Note that some files under sys/net must be updated,
too. I believe the behavior is now quite stable, but if not,
please let me know.
Thu Aug 19 15:02:35 JST 1999
* lib/libinet6: compile inet_pton() into libinet6. The code
is from ISC BIND821. This is to avoid bugs in OS-supplied
inet_pton() (the source of bug is BIND version < 8.2).
NOTE: KAME/NetBSD needs inet_addr.c into libinet6 as well, because
inet_pton() and inet_addr() are supplied as single object file in
Thu Aug 19 00:38:02 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd2/ports/ucd-snmp:
upgrade to 3.6.2. freebsd3/ports/ucd-snmp is not buildable.
Wed Aug 18 22:02:14 JST 1999
* sys/netinet6/in6_var.h: Based on RFC2465, IPv6 per-interface
statistics framework is implemented. Actual statistics support
is ongoing. ioctl(SIOCGIFSTAT_IN6) will let you peek the
statistics from the userland.
NOTE: rebuild all userland tools as struct in6_ifreq is changed
its size.
NOTE: in some cases we are unable to increment counter, because
there's no route for packet (hence interface).
1999-08-17 JINMEI, Tatuya <>
* kame/libinet6/ip6opt.c (inet6_option_append, inet6_option_alloc):
adjust pad length to avoid unnecessary pad.
Thanks to Frederic SOULIER for pointing it out.
Tue Aug 17 19:46:52 JST 1999
* sys/netinet6/in6.h: make IN6_IS_SCOPE_LINKLOCAL() invisible from
We will gradually remove nonstandard (and uncommon) defs as much as
possible from netinet/in.h. Some of your userland apps may
fail to compile during the process. Please stick to standard
defines (see RFC2553 and RFC2292).
Tue Aug 17 13:01:50 JST 1999
* kame/ndp: fix cases when no link-layer address information is
cached in the kernel.
1999-08-16 JINMEI, Tatuya <>
* kame/libinet6/name6.c (gethostbyname2): reinitilized saved_hp
right after freehostent() in order to avoid possible duplicate
free the variable.
Suggested by Frederic SOULIER.
Mon Aug 16 01:34:36 JST 1999
* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.77.
1999-08-14 JINMEI, Tatuya <>
* kame/pim6sd: correctly supported restarting by SIGHUP.
Thanks to <> for sending patch.
Sat Aug 14 00:18:57 JST 1999
* kame/kame/racoon:
Added man page of racoon.conf.
Changed default derectory placed racoon.conf.
new directory is /usr/local/etc.
1999-08-13 JINMEI, Tatuya <>
* kame/sys/netinet6/in6_pcb.c (in6_selectsrc):
added an argument to pass the local address of the PCB in order to
prefer the optionally specified address to the local address.
Fri Aug 13 23:01:15 JST 1999
* freebsd2/usr.sbin/inetd: support tcp6, udp6 as protocol type.
now inetd is able to support both address families, so there's no
need to run separate inet6d. you just need to (1) kill
/usr/sbin/inetd, and (2) run /usr/local/v6/sbin/inetd instead.
/etc/inetd.conf will be used.
Fri Aug 13 21:34:39 JST 1999
* sys/netinet6: Add net.inet6.ip6.use_deprecated sysctl MIB.
This is for RFC2462 5.5.4, which specifies the use of deprecated
address as the source address for new connection when no other choice
is available.
Default value is 1 (allows deprecated address as a last resort).
By making it 0, deprecated address will never be used, even as a
last resort, when selecting source address for new connection
(past KAME code always behaved like this).
Note that explicit bind(2) is disallowed against deprecated address.
Fri Aug 13 19:39:33 JST 1999
* kame/kame/racoon/cfparse.h:
change default directory placed configuration file.
new directory is /usr/local/v6/etc.
1999-08-13 JINMEI, Tatuya <>
* kame/kame/pim6dd: correctly supported restarting by SIGHUP.
Thanks to <> for sending patch.
1999-08-13 JINMEI, Tatuya <>
* pim6dd/pim6_proto.c (receive_pim6_assert): added a sanity check
in order to prevent core dump when receiving an assert message from a
router that the receiving node doesn't regard as a PIM neighbor.
1999-08-13 JINMEI, Tatuya <>
* kame/bgpd: made sure to transit an optional transitive path
attribute even if it's unrecognized.
Fri Aug 13 11:40:55 JST 1999
* freebsd2/ports/{ct,v6eval}: upgrade to 0.3. from
Fri Aug 13 00:41:12 JST 1999
* netbsd/usr.sbin/{tcpdmatch,tcpdchk}: made libwrap utilities
IPv6 ready.
Thu Aug 12 14:42:25 JST 1999
* kame/kame/racoon: make idea.h optional. now you can install SSLeay
without idea, and build racoon (some users need this for patent
Wed Aug 11 21:18:08 JST 1999
* netbsd/lib/libwrap: libwrap that handles IPv6 correctly.
IPv6 address should be wrapped in square bracket to avoid
confusion about colon, like this:
telnetd: [::1/128] [3ffe::/ffff::]
Tue Aug 9 JST 1999
* repository reorganization: NetBSD and FreeBSD228 uses
new repository at this moment.
Sun Aug 8 01:50:14 JST 1999
* kit/ports/vic6 (FreeBSD228): vic video conference system.
Fri Aug 6 JST 1999
* sys/netinet6/{tcp6,udp6}* (platforms with TCP6):
* sys/netinet6/ip6_fw.[ch]: IPv6 packet filter ported from
KAME/FreeBSD228 to all platforms.
1999-08-06 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): when attaching, initialized
in6p_ip6.ip6_hlim. Without this fix, kernel might send a packet
with 0 hop limit.
Thu Aug 5 20:51:31 JST 1999
* kit/ports/emacs20: add emacs-20.4
patched by:
Tue Aug 3 23:26:17 JST 1999
* kit/ports/netperf: add netperf-2.1pl3
a part of patch by:
Tue Aug 3 19:29:28 JST 1999
* kit/src/mchat: tiny multicast chat program, for testing your
multicast IPv6 network.
Mon Aug 2 19:14:58 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.76.
Sat Jul 31 12:14:07 JST 1999
* kit/src/libinet6/getnameinfo.c: NI_NUMERICHOST and NI_HOSTREQD
conflict with each other (NI_HOSTREQD requires DNS lookup while
NI_NUMERICHOST prohibits that) so raise error if both are specified.
From: Hajimu UMEMOTO <>
1999/07/31 06:31:34 JST
sys/netinet6/tcp6_subr.c, udp6_usrreq.c (FreeBSD228, BSDI3):
-consider interface id at link local address connect error
Fri Jul 30 10:15:56 JST 1999
* kit/src/traceroute6: allow "traceroute6 -q1 foo".
KAME PR: 135
Fri Jul 30 01:16:40 JST 1999
* kit/sbin/ifconfig, kit/usr.bin/telnet, sys/netinet6,
kit/src/traceroute, kit/src/pim6sd, kit/src/rrenumd, kit/src/inet6d,
kit/src/libinet6, kit/src/libpcap, kit/src/gifconfig:
(NetBSD14) 64bit CPU friendly. Basically, be more strict about types.
(1) size_t may not be int (cast to u_long on printing)
(2) time_t is not the same type as tv_sec
(3) SIOCGIFCONF returns unalighed structures so memcpy() before
touching content
(4) always need proper header file for mem* and str*
(5) do not touch unaligned structures. fill aligned structure
then perform memcpy().
(6) libpcap/net/bpf.h must be in sync with sys/net/bpf.h.
(7) 2nd arg to ioctl() must be u_long, not int.
1999-07-29 JINMEI, Tatuya <>
* src/bgpd/aspath.c (aspath2cost): not assert even if AS path
segment is NULL, which means an empty AS path. This fix is
essential when an IBGP peer sends an UPDATE message with an empty
AS path.
Thu Jul 29 18:18:07 JST 1999
* kit/src/rtsol: warn if net.inet6.ip6.accept_rtadv is false
(if it is false, rtsol will have no effect at all).
Wed Jul 28 16:32:02 JST 1999
* kit/src/rtsol: Sleep for a short period of random time before
sending the first RS.
(actually we check for tentative/non-tentative before sending the
first one, so this may not be needed)
Sleep RTR_SOLICITATION_INTERVAL seconds between resends.
(RFC2461 6.3.7, SHOULD)
1999/07/28 17:05:26 JST
* usr.sbin/inetd (FreeBSD32):
-fixed command names in man
-added new protocol type tcp46 and udp46 for future compatibility
1999/07/28 14:22:12 JST
* netinet/tcp_input.c,udp_usrreq.c
netinet6/tcp6_input.c,udp6_usrreq.c (FreeBSD228):
added "log_in_vain" for TCP and UDP over IPv6
1999-07-28 JINMEI, Tatuya <>
* src/pim6sd/pim6stat: added to show status of a PIM6 daemon.
Tue Jul 27 23:06:12 JST 1999
* kit/ports/mpg123, kit/pkgsrc/audio/mpg123: upgrade to 0.59r.
Tue Jul 27 22:51:49 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.74.
1999/07/27 15:14:30 JST
* etc/rc.net6:
changed KAME/FreeBSD32 inetd's name to inet46d and
enable it by default, if it exists.
1999/07/27 15:10:37 JST
* usr.sbin/inetd (FreeBSD32):
-merged IPSEC support from kame_228
-canged the name from "inetd" to "inet46d" because the
non FreeBSD32 inetd(v4-only) commands name conflict
with this command
1999/07/27 13:58:06 JST
* net/route.c:
changed M_WAIT to M_DONTWAIT because this could be
called from splnet() level in KAME.
Mon Jul 26 21:32:33 JST 1999
* kit/src/tcpdump: a bit of cleanups. add print-mobile.c (RFC2004)
from NetBSD. add print-l2tp.c by
NOTE: you may need to remove kit/src/tcpdump/Makefile manually,
or perform "make clean" in kit/, to build the userland.
Mon Jul 26 18:18:36 JST 1999
* kit/ports/irc, kit/pkgsrc/net/irc: add irc-2.10.2p1, The
'Internet Relay Chat' Server. compiles but not tested.
1999/07/26 05:38:48 JST
sys/netinet6/in6_pcb.c,udp6_usrreq.c (FreeBSD32):
-Fix the :: connect problem on FreeBSD 3.2
-Also fix the link local address connect problem
1999-07-23 JINMEI, Tatuya <>
* nd6.c (nd6_cache_lladdr): changed the logic of setting the
IsRouter bit; always set the bit for an entry of a `better router'
learned from a redirect message. I believe this is the intention
of RFC 2461, section 8.3.
The fix responded to a conformance test by the TAHI project.
Mon Jul 25 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13:
upgrade to use latest IPv6 patch. now filtering based on domain
name works properly.
Fri Jul 23 00:48:18 JST 1999
* kit/pkgsrc/net/rsync, kit/ports/rsync: upgrade to latest IPv6 patch.
Fri Jul 23 JST 1999
* sys/netinet6 (NetBSD 1.4): implement IPv6 path mtu discovery.
Now long distance TCP should work fine.
Thu Jul 22 11:55:14 JST 1999
* sys/netkey/key.c:
remove to check SA direction.
Thu Jul 22 11:30:07 JST 1999
* netinet6/ipsec.c:
give up to check transport mode restriction for forwarding packet.
But, this check should be done somewhere.
Wed Jul 21 02:45:07 JST 1999
* kit/usr.bin/ftp/ftp.c: BSDI4 ftpd returns junk reply against EPSV.
try to handle the situation properly by becoming more restrictive
against return code.
1999-07-20 JINMEI, Tatuya <>
* raw_ip6.c (rip6_input): changed not to use ip6->ip6_plen(which
will be zero for a jumbo payload) in checksum calculation.
The fix was based on a bug report from <>.
Tue Jul 20 02:15:38 JST 1999
* kit/libexec/tftpd, kit/usr.bin/tftp (NetBSD 1.4):
add IPv6 support.
Tue Jul 20 01:47:06 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.73.
Mon Jul 19 23:01:13 JST 1999
* kit/ports/ncftp3, kit/pkgsrc/net/ncftp3: upgrade to 3.0beta19
1999-07-19 JINMEI, Tatuya <>
* [bsdi3] sys/i386/isa/if_wl.c (wl_cse_handler): changed to call
in6_ifattach in CSE_CARD_INSERTION case in order to support IPv6.
Patch from: Masahiro Ishiyama <>
Thu Jul 8 12:16:55 JST 1999
* ports/ppp (FreeBSD3.2, 228):
updated to use 990708 IPv6 patch.
Fri Jul 9 16:38:01 JST 1999
* ports/apache13(FreeBSD3.2): sync with ports-current.
* src/v6test:
- forgot to install v6test.1
- supported construction of udp headers.
* usr.bin/ftp(BSDI): fix Y2K problem in using 'reget' command.
(applied M310-055 patch from BSDI)
Fri Jul 9 01:24:20 JST 1999
* kit/src/route6d: /16 routes were mistakingly added as host route.
From: Bill Sommerfeld <>
Wed Jul 1999/07/07 13:40:18 JST
* net/*, netinet6/*, netpm/*, sys/malloc.h
merged from FreeBSD3.2.
-prefix related extension
Now you can renumber prefix and addrs belong to it
at th same time, using "prefix" commmand or "rrenumd".
-fixed some IPv6 macro
-source code sync
Wed Jul 7 JST 1999
* bunch of portability fixes and clarifications,
including 64bit-architecture support and more strict type (for
example, use of time_t instead of long). Merged from KAME on
Wed Jul 7 01:18:16 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.71.
Tue Jul 6 18:28:30 JST 1999
* kit/src/{route6d,rtadvd,tcpdump}: fix 64bit CPU issues, like
sizeof(void *) != sizeof(int), sizeof(size_t) != sizeof(int).
* sys/netinet6: fix IPsec-only (and non-IPv6) build.
(found during NetBSD-current merge: thanks!)
Mon Jul 5 07:47:03 JST 1999
* kit/src/rtadvd: partial fix to signedness issue.
* kit/src/route6d.c: fix for signedness issue.
* kit/usr.bin/ftp (NetBSD14): fix junk pointer free during URL parsing.
(all found during NetBSD-current merge: thanks!)
1999-07-04 JINMEI, Tatuya <>
* in_gif.c (in_gif_output) (FreeBSD3): made sure to use the
configurable variable ip_gif_ttl as iphdr.ip_ttl.
1999-07-04 JINMEI, Tatuya <>
* in_proto.c(BSDI): set default value(GIF_TTL) of ip_gif_ttl.
Sun Jul 4 11:10:54 JST 1999
* sys (NetBSD 1.4): s/splnet/splsoftnet/ in IPv6/IPsec code.
Sun Jul 4 10:41:48 JST 1999
* GENERIC.v6 (NetBSD14): remove TCP6 as it needs many twist in userland
compilation if we try to support both. merged tcp (in netinet/tcp*)
is now stable enough.
NOTE: be sure to remove "options TCP6" from kernel config file,
otherwise kernel will not compile.
Sat Jul 3 21:11:05 JST 1999
* sys/netinet6/in6_pcb.c (NetBSD14): try to avoid reuse of port # when
opening listening socket. This fixes trouble when you perform
active ftp data transfer with the same server.
(client side always get the same port # and the server side need
to wait till TIME_WAIT state finishes)
* sys/netinet*/in{,6}.h: move IPsec sysctl index from IPPROTO_ESP
to IPPROTO_AH, so that it can be used even when the kernel does not
have IPSEC_ESP compilation option.
* kit/src/*: Makefile cleanups. (1) CPPFLAGS must be used for -D and
-I on NetBSD. (2) several lint fixes.
Sat Jul 3 05:43:18 JST 1999
* kit/src/pma,ptrconfig
* sys/net,netinet,netinet6,netkey,netpm,sys
FreeBSD32 is generally synced to FreeBSD228.
mainly added items are,
-v4 nat
-v4<->v6 protocol translation
-faith related extensions
-some more ipsec related sync
Fri Jul 2 23:57:45 JST 1999
* kit/src/ping6.c, sys/netkey/key_debug.c: fix for 64bit architecture.
From: Jason Thrope
* kit/src: avoid warnings.
* kit/usr.bin/telnet (NetBSD14): make source routing work.
* kit/usr.sbin/inetd (NetBSD14): dual stack inetd. "tcp6" gets
tcp6 socket for childs.
1999-07-02 JINMEI, Tatuya <>
* icmp6.c (icmp6_redirect_output): added source address check
before sending ND6 redirect according to RFC 2461, sec 8.2.
A new function nd6_is_addr_neighbor is implemented in nd6.c for
this purpose, although it is currently called only from
Fri Jul 2 08:23:05 JST 1999
* sys/netkey/key.c:
Fixed SA selection. When there was tunnel mode SA, not transport
mode SA, and you send transport mode, kernel selected tunnel mode SA
for your packet.
Fri Jul 2 05:23:44 JST 1999
* sys/netinet6/esp_core.c,kit/src/setkey:
Disabled new ESP with 3des-cbc mode and derived IV.
Enabled old ESP with des-cbc and 32bit IV.
Fri Jul 2 03:09:30 JST 1999
* kit/src/libinet6/get{addr,name}info.c:
get{addr,name}info.c works better in environment without
getipnodeby{addr,name}. It can perform queries for both
IPv4 and IPv6 (previously it performed only IPv4 query if
INET6 is not defined).
1999-07-01 JINMEI, Tatuya <>
* [BSDI]ip6_forward.c: experimentally added code to check
site-local source and to return an ICMP6 error if it breaks scope.
1999-07-01 JINMEI, Tatuya <>
* icmp6.h (ICMP6_DST_UNREACH_BEYONDSCOPE): was added according to
the new ICMP6 draft.
ping6, icmp6dump, traceroute6, and tcpdump were also rewritten to
use the new type.
1999-07-01 JINMEI, Tatuya <>
* ip6.h (IP6OPT_RTALERT_ACTNET): added a macro for as a new router
alert option value, which specifies that the datagram contains an
Atcitve Networks message.
1999-07-01 JINMEI, Tatuya <>
* ip6_mroute.c (ip6_mdq): moved M_LOOP flag check just before
sending a wrong-IF report. The older position was wrong since it
discarded a valid packet encapsulated in a PIM register message.
Thanks to: <>
Wed Jun 30 14:24:23 JST 1999
* sys (NetBSD14): bunch of cleanups, removing code that are not used,
comment fixes. MAPPED_ADDR_ENABLE is removed (this never worked).
tcp6 mapped address behavior was slightly changed.
Please read kit/IMPLEMENTATION for details.
* sys/i386/isa/if_ed.c (FreeBSD32): include opt_inet.h for INET6.
I REALLY HATE opt_inet.h. there is no way to check if I have
included enough header files.
* sys/netinet6/in6.h: uncomment prototype for inet6_options_*.
Fix typo.
Wed Jun 30 09:21:17 JST 1999
* sys/netinet6/esp_input.c: IPv4 esp tunnel packets were mistakingly
dropped by a typo. now it is fixed.
Found by:
Mon Jun 28 13:17:13 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.70.
Mon Jun 28 05:14:49 JST 1999
*kit, src/sys/netkey,crypt,netinet,netinet6 (FreeBSD32):
merged new ipsec and recent ipsec related changes.
Sat Jun 26 17:29:06 JST 1999
* kit/src/route6d: add -l option, which enables exchange of site local
routes. This option needs a great care as the semantics for site
local address space is quite vague.
Sat Jun 26 16:51:32 JST 1999
* kit/usr.bin/ftp (NetBSD14): fix ftp URL parsing in numeric IPv6
address case, like ftp://[::1]:9999/.
Sat Jun 26 15:37:23 JST 1999
* sys/netinet6/in6_pcb.c (NetBSD14): fix in6pcb lookup for listening
socket (this is for kenrels without "options TCP6").
From: Koji Kondo <>
Thu Jun 24 17:07:24 JST 1999
* sys/netinet6/udp6_usrreq.c: pass IPv6 extension header properly
to the user level. (call m_adj() after extension header
reception processing)
* kit/pkgsrc/www/apache13, kit/ports/apache13: upgrade to latest
IPv6 patch. This fixes domain name-based access control like
Wed Jun 23 22:35:06 JST 1999
* sys/netinet6: define net.inet6.ip6.kame_version sysctl MIB.
this shows KAME kit version as string. if you got the tree
from anoncvs or cvsup, it will be "from cvs repository".
if this is from SNAP kit, it will be like "SNAP 19991231".
Wed Jun 23 19:32:47 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.69.
Wed Jun 23 15:41:03 JST 1999
* sys/netinet6/ipsec* (NetBSD14/FreeBSD228/BSDI3):
define additional kernel config option "options IPSEC_ESP", which
enables ESP part of the kernel.
This is for US export regulation friendliness (I hate to have this)
"options IPSEC + options IPSEC_ESP" will build complete IPsec
(AH + ESP + IPComp)
"options IPSEC" will build IPsec kernel without crypto
(AH + IPComp)
without "options IPSEC", you'll get no IPsec.
NOTE: You need to add IPSEC_ESP if you want ESP code.
* sys/netinet6/ah_core.c (NetBSD14/FreeBSD228/BSDI3):
use OS-supplied MD5/SHA1 code, if the OS supplies that in libkern.
Tue Jun 22 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): stabilize tcp6 when "options TCP6"
is NOT defined. IPv4 mapped address (::ffff: can be
handled properly. inpcb and in6pcb are separate.
* kit/src/route6d: add more sanity check against command line option.
Mon Jun 21 05:54:37 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): add "options TCP6". If you would
like a stable IPv6 TCP (in netinet6/tcp6*, the one we have been
using), add "options TCP6". If you would like to test dual stack
tcp (in netinet/tcp*), do not add "options TCP6".
IPv6 TCP using netinet/tcp* is not stable yet.
* kit/usr.sbin/trpt (NetBSD 1.4): trpt with dual stack tcp support.
(if you build the kernel with separate tcp6 code, trpt will not
be able to show the trace for tcp6)
Sun Jun 20 05:38:26 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): changes toward address family
independent tcp (so that we can share tcp4 and tcp6 source code).
nuked tcpiphdr. no IPv6 support yet.
* sys/netinet6 (NetBSD 1.4): tiny cleanups.
Fri Jun 18 03:04:55 JST 1999
* kit/ports/icecast:
Fixed to connect with encrypted password between icecast and shout.
You can define --with-crypt.
Thu Jun 17 22:09:00 JST 1999
* kit/ports/ethereal (FreeBSD 228): upgrade to use 0.6.2.
sorry for the delay.
Thu Jun 17 21:37:05 JST 1999
* kit/src/route6d: reorganize directory to use
now we have kit/src/{route6d,ifmcstat,rip6query}.
NOTE: "make clean" before cvs update, if you use anoncvs
Wed Jun 16 13:58:08 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13: use latest IPv6 patch.
bugs in mod_access were fixed.
From: "Chris P. Ross" <>
1999-06-16 JINMEI, Tatuya <>
* src/tcpdump/print-pim.c (pimv2_print): supported more detailed
analysis for PIM sparse related messages.
Tue Jun 15 08:31:31 JST 1999
* kit/ports/bind8, kit/pkgsrc/net/bind8: use latest IPv6 patch.
* kit/ports/apache13, kit/pkgsrc/www/apache13: use latest IPv6 patch.
Tue Jun 15 07:18:06 JST 1999
* sys (BSDI): merge in ALTQ 1.1.3 patch for BSDI.
You'll need altq-1.1.3-bsdi-19990615.diff.gz in, for building userland.
From: Hideaki Imaizumi <>
Tue Jun 15 05:01:13 JST 1999
* src/sys/netinet6/in6_prefix.c, in6_prefix.h, in6_proto.c,
in6_var.h, nd6.h, nd6_rtr.c (FreeBSD32):
-BUG fix of router renumbering (touched undefined pointer at prefix
-removed RR prefix related code from ND prefix related code
(Because, now ND prefix and RR prefix is separated)
-set net.inet6.ip6.forwarding and net.inet6.ip6.accept_rtadv
by function.
When, net.inet6.ip6.forwarding change from 0 to 1, clear all
ND prefixes, and set net.inet6.ip6.accept_rtadv to 0
When, net.inet6.ip6.forwarding change from 1 to 0, clear all
RR prefixes, and try to recover original net.inet6.ip6.accept_rtadv
value as much as possible.
Mon Jun 14 04:24:56 JST 1999
* kit/ports/pfs (FreeBSD228): add pfs portable file system.
compiles but not tested.
Mon Jun 14 03:46:36 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.68.
* sys/netkey/key.c, kit/src/racoon: racoon is now able to exchange
IPComp SA. NOTE: need more checking on keydb management code.
Sun Jun 13 20:14:26 JST 1999
* sys/netinet6/tcp6_subr.c: when transmissing RST packet,
initialize flowlabel field properly.
1999-06-13 JINMEI, Tatuya <>
* src/pim6sd: many serious bugs were fixed. Though it has still
some bugs, we believe it's now worth trying.
Fri Jun 11 10:27:37 JST 1999
* sys/net, sys/neinet6 (FreeBSD 3.2):
updated router renumbering
-separete RR prefix list from ND prefix list
-addrs assigned by ifconfig is linked to correspondent prefix,
and it is also controled by the prefix change.
-now, prefix command can be used only if
TODO: -remove RR prefix related code from ND prefix part
-when net.inet6.ip6.forwarding is become 1,
clear ND prefix list
-when net.inet6.ip6.forwarding is become 0,
clear RR prefix list
-merge onto other platform
1999-06-10 JINMEI, Tatuya <>
* src/pim6sd: imported PIM6 sparse mode daemon developed by
Mickael Hoerdt at LSIIT Laboratory.
Though it can be compiled and work to some extent, it still
contains some serious problems.
So, please be careful when you try it. We also very much welcome
bug reports and patches.
1999-06-09 JINMEI, Tatuya <>
* src/pim6dd/mld6_proto.c (accept_listener_report):
if the group of a received MLD report is link-local, simply
discard the report, instead of creating and maintaining a group
entry for the group. It would be a bit more efficient.
Suggested by: Mickael Hoerdt <>
Wed Jun 9 16:00:14 JST 1999
* kit/ports/{ct,v6eval} (FreeBSD228): upgrade to 0.2.
1999-06-08 JINMEI, Tatuya <>
* netstat/mroute6.c (mroute6pr): printed "reg0" as `physical
interface' for an interface to receive PIM register messages.
Advised by: Mickael Hoerdt <>
1999-06-08 JINMEI, Tatuya <>
* ip6_mroute.c: enabled PIM sparse mode related part.
Advised by: Mickael Hoerdt <>
Tue Jun 8 16:04:49 JST 1999
* sys/netinet6/tcp6_subr.c (NetBSD 1.4): avoid using dtom()
for tcp header template. use "pool" allocator instead.
Tue Jun 8 15:24:51 JST 1999
* kit/pkgsrc/mail/fetchmail (NetBSD 1.4): upgrade to 5.0.3.
Tue Jun 8 14:58:35 JST 1999
* kit/pkgsrc/www/apache (NetBSD 1.4): changed daemon installtion
directory from /usr/pkg/bin to /usr/pkg/sbin. NetBSD pkgsrc for
apache does this so we'd better follow that practice.
Sun Jun 6 15:45:31 JST 1999
* sys/netinet6/in6_ifattach.c (NetBSD14):
when attaching link-local address to an interface, defer routing
table setup to prevent danglink pointer to be recorded in routing
related to, or fixes, PR 109.
1999-06-05 JINMEI, Tatuya <>
* src/pim6dd: made administrative scope filter more generic.
The following two types can be specified:
- Group1-Group2: specifies a numerical range of a scope.
- GroupPrefix/Prefixlen: specifies a prefix of a scope.
Sat Jun 5 07:40:48 JST 1999
* sys/netinet6 (FreeBSD228/NetBSD14/BSDI): IPComp (IP payload
compression protocol) support.
See section 5 in IMPLEMENTATION for detalis.
Sat Jun 5 00:11:38 JST 1999
* kit/src/tcpdump: support IPComp (ip payload compression, RFC2393)
message decoding.
* kit/src/tcpdump: fix pim6 Register-Stop message decoding bug.
From: mhoerdt <>
NOTE: be sure to perform "make clean" in kit directory.
(or "make distclean" in kit/src/tcpdump)
1999-06-02 JINMEI, Tatuya <>
* mld6.c (mld6_input): use the M_LOOP flag in order to detect if
an MLD6 report is looped back.
IFF_LOOPBACK was used in the older versions, but it was wrong
since ip6_mloopback faked ifp.
1999-06-02 JINMEI, Tatuya <>
* in_gif.c, in6_gif.c[FreeBSD 2, 3]:
- included gif.h for appropriate initialization
- included sys/kernel.h, which is necessary for SYSCTL_INT
Thanks to: Koji Kondo <> for reporting the problem.
Tue Jun 1 22:34:46 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.67.
* kit/pkgsrc/net/bind8, kit/ports/bind8: use latest IPv6 patch.
now listen-on and some other directives work with IPv6 address.
Mon May 31 19:02:27 JST 1999
upgrade KAME FreeBSD 3.1 to 3.2
upgrade ALTQ from 1.1.3 to 1.2 (FreeBSD 3.2)
1999-05-31 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): zero-clear the reserved field of a
Fragment header in an outgoing packet.
Mon May 31 01:18:04 JST 1999
* kit/src/racoon:
Added more checking the ID payload in phase 2. Draft said that IDr2
must be immediatelly followed by IDi2. We allow the illegal case,
but logged.
1999-05-31 JINMEI, Tatuya <>
* (kernel): added new sysctls, net.inet.ip.gifttl and
net.inet6.ip6.gifhlim. They specify TTL or hop limit for a gif
encapsulated packet.
BSDI users should update /usr/local/v6/sbin/sysctl to access
these sysctl names.
1999-05-28 JINMEI, Tatuya <>
* src/pim6dd/timer.c (age_routes): reflect changes even if the
unicast routing table does not change. I believe this is a bug of
the original pimdd.
This fix is necessary in order to handle expiration of the prune timer
when the forwarding cache entry still exists.
Fri May 28 1999,
The following changes affect FreeBSD228, NetBSD14, BSDI version of
KAME, not others.
* sys/netinet6/ipsec.c: On IPsec operation on listening socket, do
not share security policy structure among sockets. This is better
because it allows more efficient SAD entry lookup, and it will
leave less obsolete SPDs kept in the kernel.
* kit/src/setkey: add -l option (to be used with -D), which generate
summary of SAD every 1 seconds. This is good for tracing IKE daemon.
* kit/src/racoon: so many changes and fixes.
- At this moment racoon does not support proposal group with multiple
proposal (say, ESP proposal and AH proposal with same proposal
ID #). Now racoon ignores such proposal from initiator when it
behaves as responder, and filters out such proposal in
configuration file when behaves as initiator.
- Transmit INVALID_COOKIE informational exchange when no matching
ISAKMP SA is found for phase 2 packet.
- Reload of configuration (on SIGHUP) now works correctly.
- Be more strict about configuration file. Die if there's no
required items listed on configuration file.
- Fix lifetime attribute parsing. if the lifetime value is out of
range (due to malformed packet, maybe), use default lifetime.
Previously it sets lifetime to 0 and this caused problems.
- Clarify many of internal structures, such as diffie-hellman
primes and keys (mainly for future support of new group mode).
- racoon now checks phase 2 soft lifetime. Now rekey can be done
more smoothly (TODO: phase 1 soft lifetime check).
- racoon is now more robust against duplicated packets (due to
resend from the peer).
- Phase 1 now supports various encryption algorithms, incl. Blowfish
and CAST128. Key length can be negotiated properly.
- Delete payload support. racoon accepts delete payload from peer.
racoon transmits delete payload if SADB_DELETE is received,
thus SAD delete operation from setkey command will generate delete
payload. Need more support in other occasions.
- Many improvements in debugging output.
- So many minor bug fixes.
Fri May 28 07:34:54 JST 1999
* kit/src/setkey: Setkey no longer display dead SAs in the kenrel with
-D. To see dead SAs as well, specify -a with -D.
Fri May 28 02:09:23 JST 1999
* kit/src/racoon:
- Do not listen to wildcard socket (grab list of addresses and
perform specific bind(2)). This is to prevent broadcast DoS attack
to IKE daemon. If you specify wildcard address in the config file,
warning will appear.
Thu May 27 05:16:34 JST 1999
* sys/net{inet6,key}/Makefile (NetBSD 1.4): include files can be
installed by "cd kame/sys; make incinstall".
(NOTE: this does not follow kame/kit/INSTALL)
Subject: (KAME-snap 632) header file installation on NetBSD 1.4
From: Erik Bertelsen <>
Thu May 27 01:51:14 JST 1999
* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade IPv6 patch.
now instructions on configuring IPv6 UDP multicast audio streaming
is provided.
Wed May 26 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.66.
Wed May 26 1999
* kit/src/traceroute: fix order of privilege control. (IPsec
setsockopt must be performed with root privilege)
* kit/sbin/ping (NetBSD 1.4): clarification on IPsec policy
configuration. NetBSD ping command transmits dummy ping toward
loopback address (for flushing route cache in ip_output). We do
not need IPsec for this operation so we specify "bypass" policy
for the operation.
Tue May 25 03:32:12 JST 1999
* kit/src/racoon:
- Fixed to manage the exchange status. i.e. There is no limit really
for payload ordering.
- Supported idea, blowfish, rc5, cast. But not tested.
- Called libcrypt for checking weak key.
- clean up
Sun May 23 06:51:35 JST 1999
* kit/src/racoon:
- Check Notify messages in phase 1, but still ignore.
- Ignore multiple SA in phase 2.
- Fixed sending localport number in ISAKMP packet. It was a constant
of 500.
- Insert actual port in use into ID payload.
- Delete ADMIN_PROTO_IKE from admin.h. IKE is not protocol.
- Improved kmpstat. print the information if error.
- Improved PF_KEY messaging by timer.
pfkey_send_{timer,try}: is to send PFKEY message.
pfkey_acquire_{timer,try}: is to wait to get IKE.
- Fixed remote directive in racoon.conf more than tree. cftab was
broken when there was not anonymous entry in the first remote entry.
- Fixed local test mode. There is a bit strange, but it works.
- Fixed some of crash problems.
- clean up. There are same processing in various places.
They should be merged.
CAUTION: There is rekeying issue.
There may be crash problem in aggressive mode.
Sat May 22 21:44:09 JST 1999
* sys/dev/ic/midway.c (NetBSD 1.4): import changes in ALTQ 1.2 PVC ATM
code (only for Adaptec/ENI ATM driver - no ALTQ support in NetBSD).
NOTE: compiles but not checked
* sys/i386/pci/midway.c (BSDI): import changes in ALTQ 1.2 PVC ATM
code (only for Adaptec/ENI ATM driver - no ALTQ support in BSDI).
NOTE: currently broken
* sys, kit/ports/altq (FreeBSD228): update ALTQ to 1.2. userland
tools must be installed by using kit/ports/altq.
From: Kenjiro Cho <>
Sat May 22 21:13:47 JST 1999
* sys/net/if_gif.c: call if_up() on positive edge of IFF_UP,
to send up RTM_IFINFO to the userland.
TOOD: more checks to other drivers (sometimes non-KAME issue
but we need RTM_IFINFO message for routing daemons).
1999-05-22 JINMEI, Tatuya <>
* kit/src/pim6dd: supported group-basis output filter. See
pim6dd.conf(5), which is also updated.
Sat May 22 14:34:59 JST 1999
* sys/dev/pci/aeon.c (NetBSD 1.4): fix aeon crypto pci card driver
for NetBSD 1.4. No test performed yet (I don't have encryption-
enabled card anyway, I can't buy one in Japan!).
Sat May 22 1999
* sys/netinet6/in6_ifattach.c (NetBSD 1.4): fix dangling pointer
on link-local address addition failures.
Sat May 22 04:17:01 JST 1999
* sys/netinet6/nd6_rtr.c (NetBSD 1.4): Simply call rtrequest() from
defrouter_addreq(), rather than re-implement the behavior. This is
much simpler and avoids bug due to misuse of memory allocator.
TODO: check if it was the right fix, there may be special requirement
in defrouter_addreq(), which we have forgotten.
This fixes misterious "panic on long suspend/resume session" bug.
This was generated when aged routes, which were generated by
defrouter_addreq, are get purged (so kernel panic can be raised
by ndp -R).
defrouter_addreq() allocated struct rtentry by R_Malloc, but
NetBSD 1.4 now uses "pool" allocator in net/route.c.
Then defrouter_addreq() inserted struct rtentry allocated by
R_Malloc onto the routing table. Kernel panic'ed if you try to
call pool_put() with pointer to non-pool region (happens on route
The bug was a bit hard to track. I spent few days to find a
repeatable steps to make the kernel panic, spent 4 hours to find the
cause. IMHO new allocators/deallocators (like pool_{get,put})
should provide more sanity checks (especially for alloc/free pool
mismatches) when DIAGNOSTIC is defined. Current DIAGNOSTIC code did
not help me much. I should do this next time...
Fri May 21 JST 1999
* sys/netinet6/nd6_nbr.c (NetBSD 1.4): synchronized ND6 code
with BSDI. This includes experimental fix for duplicated ND6
detection (see CHANGELOG entry on Fri Apr 8 1999).
Thu May 20 16:36:20 JST 1999
* kit/pkgsrc/www/lynx, kit/ports/lynx: use latest IPv6 patch.
now numeric IPv6 address is supported under "http://[::1]:80/"
Thu May 20 16:05:27 JST 1999
* kit/pkgsrc/net/rsync, kit/ports/rsync: IPv6-ready rsync 2.3.1.
Thu May 20 12:12:09 JST 1999
* kit/src/libinet6/getaddrinfo.c: filter out AFs that are not
supported by the kernel. This takes effect when you use AI_PASSIVE
on IPv4 only node (previously both :: and are returned)
NOTE: this change requires full rebuild of "kit" tree. be sure
to remove /usr/local/v6/lib/*.a before rebuild.
From: Alexander Fung <>
Thu May 20 06:18:11 JST 1999
* sys/netkey/key.c:
Check the each values of lifetime. If the value is zero then
kernel ignores its lifetime. Actually, we do check the addtime
and bytes.
Thu May 20 04:38:44 JST 1999
* kit/src/racoon:
Don't use the sockets failed to call socket().
Thu May 20 01:42:24 JST 1999
* kit/usr.bin/finger, kit/libexec/fingerd (NetBSD 1.4):
dual-stack fingerd/finger.
Wed May 19 21:48:12 JST 1999
* sys/netinet{,6}/ip{,6}_output.c (F228/N14/BSDI):
hide some of IPsec error code from the userland. (need elaborate)
some of IPsec errors (such as "no SA") should be shown as packet loss
to the users.
Wed May 19 15:17:11 JST 1999
* sys/netinet6/frag6.c: Do not use mbuf to keep fragment queue, as
this does not contain messages. use malloc() instead.
This avoids dtom().
From: Craig Metz <>
Tue May 18 22:13:59 JST 1999
* sys/netinet/ip_output.c (BSDI/NetBSD14/FreeBSD228):
even if SO_DONTROUTE is speicfied, we need to use struct route and
route the packet, for IPsec tunnel mode processing. handle struct
route accordingly.
Tue May 18 22:06:29 JST 1999
* kern/uipc_socket.c, sys/socketvar.h, netinet6/ip6_output.c
(FreeBSD 3.1):
-moved sooptmcopyout to ip6_output.c with some modification.
-added ip6_soooptmcopyin().
-use those functions in ip6_ctloutput() when coping option data between
soopt and mbuf chain.
Tue May 18 02:17:06 JST 1999
* sys/netinet6, sys/netkey (NetBSD 1.4): merge in new IPsec policy
engine. Now (1) racoon is usable, (2) IPv6 IPsec including tunnel
mode is available, (3) policy engine is much more flexible.
* kit/src: enable build of IPsec-supporting programs on NetBSD.
* kit/sbin/ping (NetBSD 1.4): support ipsec policy specification
by -E option (-P was already occupied).
Sun May 16 22:33:41 JST 1999
* kit/sbin/ifconfig (NetBSD 1.4): change behavior of "ifconfig
interface" to print all the interface address available, not just
inet addresses. The behavior looks more natural to me.
Sun May 16 03:38:03 JST 1999
* sys/netinet6/in6_ifattach.c (NetBSD 1.4):
Add link-local address to the ethernet interfaces (and join
mandatory multicast groups), when the interface is made IFF_UP.
In NetBSD, pcmcia interfaces are not initialized until IFF_UP,
so there seems to be no other option.
Good thing is that now we do not need to call in6_ifattach() from
drivers. It is of course okay to call in6_ifattach() from drivers,
if you are sure that the driver is proprely initialized.
NOTE: this change may break some of the userland tools, which checks
IPv6 interface address BEFORE bringing the interface up.
Sun May 16 01:01:24 JST 1999
* kit/pkgsrc/security/ssh, kit/ports/ssh: upgrade to 1.2.27 with
latest IPv6 patch.
Sun May 16 00:32:52 JST 1999
* KAME/NetBSD-1.4 is now buildable (both kernel and userland).
* kit/usr.bin/netstat: add support for "netstat -p tcp6 -P
<tcp6cb address>".
Sat May 15 08:20:30 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.65.
Fri May 14 21:18:45 JST 1999
* sys/netkey/key.c (BSDI, FreeBSD228): To transmit SADB_ACQUIRE
messages correctly from the kernel, changed the mbuf allocation
policy in key_sendup(). Now we allocate non-cluster mbuf chain
for most cases.
Previously we allocated cluster mbuf for most of the cases, and
this caused PF_KEY socket to be considered full and sbappendaddr()
to fail. This is due to wasted space on cluster mbufs
(sbspace() checks both actual data size and mbuf area size).
Fri May 14 11:50:15 JST 1999
* sys/netinet6 (BSDI, FreeBSD228): in IPv6 IPsec, tunnel mode now
works as well.
Note: IPv6 spec suggests the originating node to process HBH option
on the packet from the node itself (the originating node is
considered as "first hop"). However, we do not do this when
you apply IPv6 IPsec tunel onto the packet, since HBH option is
already encrypted when it is to be processed. This should be
fixed, however, IMHO this is very rare case.
Thu May 13 22:56:06 JST 1999
* kit/src/v6test/v6test.c: support interface with DLT_NULL
bpf encapsulation (i.e. loopback interfaces).
1999-05-13 JINMEI, Tatuya <>
* src/v6test/getconfig.c (make_ah): added to support
authentication header.
Also added some new tests in ext.conf.
Thu May 13 21:25:51 JST 1999
* kit/src/racoon:
Aggressive mode was supported, but not tested sufficiently.
XXX There must be Vender ID in fixed place of payload. TO BE MODIFIED.
1999-05-13 JINMEI, Tatuya <>
* uipc_socket2.c (sbcreatecontrol): if a given control message
is larger than MLEN, allocate an mbuf cluster and store the
message into the cluster.
Also, implemented more strict length check.
This fix is only for FreeBSD(2 and 3) and NetBSD. A similar fix
for BSDI was already done.
Thu May 13 20:18:37 JST 1999
* sys/netinet6/ip6_fw.c, sys/i386/conf/GENERIC.v6 (FreeBSD3.1):
made compilabel and bootable with ip6fw enabled.
not tested well enough.
Thu May 13 20:04:35 JST 1999
* sys/netinet6/ah_core.c: drop IPv6 AH packet with too many
extension headers, to avoid DoS attacks.
Use net.inet6.ip6.hdrnestlimit to configure the number of extension
headers allowed.
1999-05-13 JINMEI, Tatuya <>
* src/pim6dd/trace.c (accept_mtrace): added to support the
response part of mtrace(not tested yet).
1999-05-13 JINMEI, Tatuya <>
* ip6_output.c (ip6_setpktoptions): added the IPV6_DSTOPTS case,
which allowed user to specify destination options headers for an
outgoing packet.
(compilable, but not tested yet)
1999-05-12 JINMEI, Tatuya <>
* in6_pcb.c (in6_pcbbind): prevented binding a socket to an
address if it's anycast, notready, detached or deprecated.
1999-05-12 JINMEI, Tatuya <>
* netstat/inet6.c: sync icmp6names[] with the latest kernel.
1999-05-12 JINMEI, Tatuya <>
* icmp6.h: changed the size of icmp6stat.icp6s_{in, out}hist from
ICMP6_MAXTYPE + 1 to 256 since the former made the kernel
1999-05-12 JINMEI, Tatuya <>
* added a sysctl net.inet6.ip6.defmcasthlim, which gets or
specifies the default hop limit for an outgoing IPv6 multicast
Note that BSDI users must update both kernel and kit/sbin/sysctl
to enable the new sysctl.
Wed May 12 14:57:54 JST 1999
* kit/libexec/fingerd, kit/usr.bin/finger (FreeBSD228): finger daemon/
client fixed for dualstack support.
Wed May 12 14:12:44 JST 1999
* kit/ports/inn (FreeBSD228/31): IPv6-enabled netnews server,
version 2.2.
From: Satosi KOBAYASI <>
Wed May 12 10:33:32 JST 1999
* sys/netinet6/icmp6.h: node information query/response got the
official ICMPv6 type, so use the official number.
NOTE: need recompilation in userland (ping6), and old KAME and new
KAME will not interoperate due to the overwrap in number...
Wed May 12 02:29:13 JST 1999
* sys/netkey/key.c (FreeBSD228/BSDI):
Fixed to expire SA. It can't be sent SADB_EXPIRE message due
to my mistake.
Added test implement for lifetime by byte counts.
You must be careful to set its value otherwise it causes many
SA to be set.
e.g. time limit = 22896000(s)
byte limit = 100(KB)
Tue May 11 18:48:37 JST 1999
* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade to latest
IPv6 patch, with song name broadcasting/request hack.
Tue May 11 18:26:06 JST 1999
* sys/netkey (FreeBSD228/BSDI): strictly perform reference count on
SPD/SAD. Now netkey seems to have almost no memory leaks.
* sys/netkey/key.c, kit/src/setkey/setkey.c (FreeBSD228/BSDI):
throw results of SADB_DUMP and SADB_X_SPDDUMP message as separate
message to pfkey socket. This should be more reasonable as each
of the result (for single SAD/SPD entry) has sadb_msg header.
Mon May 10 03:16:49 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.1.
Sun May 9 16:39:31 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby: update to use latest IPv6
Sun May 9 03:51:09 JST 1999
* kit/src/racoon: get/set proper source/destination address for IKE
packets, using IP_RECVDSTADDR and IPv6 advanced API.
this is needed to support hosts with more than 1 IP addresses
(i.e. most of IPv6 node needs this).
TODO: scoped IPv6 addresses support (link-local and site-local).
Sat May 8 23:13:53 JST 1999
* sys/netkey:
Fixed tick counter problem, that is timeout() re-sets lifetime to 1(s)
when you use too big lifetime. Now the timer about IPsec key
management is processed in key_timehandler().
Sat May 8 18:53:29 JST 1999
* sys/netinet, sys/netinet6 (BSDI, FreeBSD228): Inherit IPsec policy
configuration on tcp socket, across accept() operation (in the past
IPsec policy must be configured after accept()).
Now, you can configure IPsec policy onto listening tcp socket,
and wait for new conncection to come by accept(). The new socket
returned by accept() has the same IPsec policy as the listening tcp
socket. This should be more natural behavior to the programmers,
and this behavior is inevitable for protecting SYN/SYN ACK packet
from attackers.
Sat May 8 15:21:01 JST 1999
* kit/src/inet6d: Add quickhack to specify IPsec policy by specially
formatted comment line (starting with "#@"). Experimental and
is subject to change in the near future.
* sys/netinet, sys/netkey (BSDI, FreeBSD228): fixed IPsec policy
engine for IPv6 IPsec via IKE.
Fri May 7 13:59:16 JST 1999
* kit/src/tcpdump/print-ospf6.c: decode ospf6 packets.
NOTE: do not forget to perform "make distclean" (or, "make clean"
in kit directory). otherwise, old Makefile calls build failure.
Fri May 7 02:25:23 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.
now OSPF6 is ready for testing (but not for actual use - kernel
routing table will NOT be updated).
Thu May 6 14:18:12 JST 1999
* kit/src/tcpdump/print-pim.c: added pim dm decode routines.
(need pim-noisy network to debug this...)
Thu May 6 17:32:06 JST 1999
* sys/netinet6 (FreeBSD228): (1) separate IPv6 IPsec (transport-mode)
output processing into ipsec6_output_trans(), for cross-OS
(2) Multiple transport-mode IPsec headers can be inserted, in any
(3) Most of IPsec output functions now returns int, instead of
struct mbuf * (no mbuf head pointer will be modified).
It is for better uniformity, and better error code handling.
(4) Some of the IPsec fuctions assume certain property from mbuf
chain. See comments for those assumptions.
TODO: tunnel mode
Wed May 5 13:31:28 JST 1999
* kit/ports/tcp_wrapper: IPv6-ready tcp_wrappers_7.6.tar.gz
NOTE: this is separate from kit/ports/tcpd. kit/ports/tcpd is a
rewrite of tcp_wrappers for IPv6 (similar functionality but
completely separate codebase). kit/ports/tcp_wrapper is IPv6-
enabled tcp_wrapper.
From: Hajimu UMEMOTO <>
1999-05-05 JINMEI, Tatuya <>
* src/tcpdump/print-pim.c (pimv2_print): fixed a bug that a wrong
position was referred as the PIM version field.
Repored by Mickael Hoerdt <>
Wed May 5 06:03:59 JST 1999
* sys/dev/en/midway.c (FreeBSD3): pvc interface did not have the
IPv6 link-local address. There was some patch slipped off during
the merge.
From: Scott Mace <>
PR: 95
1999-05-05 JINMEI, Tatuya <>
* src/libpcap: supported a new protocol type `pim';
you can now invoke tcpdump like `tcpdump pim'.
Tue May 4 14:38:58 JST 1999
* sys/netinet6/ip6_output.c (FreeBSD228): make multiple transport-mode
AH on IPv6 work corretly.
add some sanity check to forbid inbound/outbound jumbogram packet
with AH (jumbogram and AH is ill-suited, spec-wise).
Tue May 4 13:25:51 JST 1999
* sys/netinet6/ip6_output.c (FreeBSD228): support IPv6 IPsec
(transport mode only) with new policy engine. To do this I've
changed some part of IPv6 option header construction routines,
so kick me if I've added any bugs.
Sun May 2 12:34:26 JST 1999
* kit/src/route6d/route6d.c: implement inbound route filter option (-L).
Sat May 1 13:45:36 JST 1999
* kit/usr.sbin/inetd (FreeBSD 2.2.8): Add quickhack to specify
IPsec policy by specially formatted comment line (starting with
"#@"). Experimental and is subject to change in the near future.
Sat May 1 JST 1999
* kit/src/libipsec/ipsec_policy.c: Added 2nd argument (int len) to
ipsec_set_policy(), to make it safer against buffer overflow.
Update the parser to be more strict about the IPsec policy string
Fri Apr 30 18:57:48 JST 1999
* sys/netkey/key.c:
Modified that kernel DOESN'T send SADB_EXPIRE message to user land
if SA is not used until expiration soft lifetime. Otherwise kernel
sends SADB_EXPIRE message with the values of current lifetime.
Fri Apr 30 17:53:43 JST 1999
* kit/src/route6d/route6d.c: Take care of dynamic interface adress
addition/removal, interface state change, and static route change.
Sideeffect: You can specify interfaces which are down, into the
command line options (like -N). Those interfaces can be used by
"ifconfig up" later.
Fri Apr 30 03:44:48 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13: upgrade IPv6 patch to
the latest one.
* kit/ports/zebra, kit/pkgsrc/net/zebra: use master distribution 0.63.
Thu Apr 29 22:26:34 JST 1999
* kit/src/racoon:
- Fixed proposal length when transform payload was created.
- Fixed the way to deal with nonces. When phase 2 rekeying happened,
and to reverse initiator and responder happened, then I dealed with
nonces reversely. Those effected to compute hash and keymat.
- Merged isakmp_compute_hash1() and isakmp_compute_hash2().
Thu Apr 29 17:26:48 JST 1999
* kit/src/tcpdump/print-isakmp.c:
Fixed a trivial bugs. It was mistaken to print transform id.
Thu Apr 29 16:26:44 JST 1999
* kit/sbin/ifconfig (BSDI): make "prefixlen" keyword work properly
as expected (sorry I'm embarrassed).
1999-04-29 JINMEI, Tatuya <>
* netstat/mroute6.c (mroute6pr): when printing the multicast
forwarding cache whose incoming interface is unknown, print
`---' instead of the magic number itself.
Note that the kernel source should also be updated.
1999-04-29 JINMEI, Tatuya <>
* src/pim6dd/vif.c (start_vif): set random delay before sending
the 1st PIM hello message in order to avoid hello message storm in
a bootstrap phase.
suggested by: Mickael Hoerdt <>
Thu Apr 29 01:25:36 JST 1999
* kit/src/dtcp: Dynamic Tunnel Configuration Protocol daemon/client.
It will let you configure IPv6-over-IPv4 tunnel dynamically with
APOP-like authentication.
The protocol was proposed by Peter Tattam of Trumpet.
NOTE: you'll need to install IPv6-ready ruby interpreter, by using
kit/ports/ruby (or kit/pkgsrc/lang/ruby).
From: Peter Tattam <>
1999-04-28 JINMEI, Tatuya <>
* src/pim6dd/pim6.c (send_pim6): used sendmsg() with IPV6_PKTINFO
cmsg instead of sendto in order to specify the outgoing interface
and the source address.
Thanks to:
Mickael Hoerdt <> for finding a
problem in the old version and sending a patch.
1999-04-28 JINMEI, Tatuya <>
* src/pim6dd/main.c (main): modified to call init_routesock after
making a child process, since the pid to access the routing socket
must be consistent.
Thanks to:
David PATE <> for finding the problem.
Mickael Hoerdt <> for sending a patch.
1999-04-28 JINMEI, Tatuya <>
* ip6_mroute.c (del_m6if): added a sanity check in del_m6if to
prevent kernel hangups, and modified to use in6_ifreq{} instead of
ifreq{} to avoid invalid memory access.
Wed Apr 28 19:26:48 JST 1999
* kit/pkgsrc/audio/icecast, kit/ports/icecast:
use new IPv6 patch. It is now possible to transfer mp3 files
over UDPv[46] multicast packets. This is really fun!
Wed Apr 28 14:30:22 JST 1999
* sys/netinet{,6} (BSDI 3.1): sync IPsec policy management code with
FreeBSD 2.2.8. This automatically removes many bugs in IPsec code,
simplifies policy management (but SPD is now mandatory), and adds
flexibility in packet formats.
However, IPv6 IPsec is now broken. Also, IPv4 IPsec is unstable
due to memory management bugs.
TODO: regress tests
Wed Apr 28 14:28:28 JST 1999
* sys/netinet{,6} (FreeBSD 2.2.8): do not strip TCP/UDP header from
mbuf, until ipsec policy engine checks the headers.
Wed Apr 28 05:19:07 JST 1999
* sys/netkey/key.c:
Fixed the way to search SPD. It always searched outbound SPD.
Tue Apr 27 02:59:50 JST 1999
* kit/src/racoon:
- Racoon become to do exchange tunnel mode. She gets the
encryption mode from kernel by PF_KEY and set to SA payload later,
so ignores the directive "encryption mode".
XXX: There have been rekeying problems yet.
I believe that it's local address of phase 1 as proxy address
whenever doing pfkey_update, and it's remote address of phase 1
as proxy address whenever doing pfkey_update.
- Added IPSECDOI_ATTR_ENC_MODE_DEFAULT as transport mode
for the default of encryption mode.
- Arranged the function to set SA attribute.
Tue Apr 27 02:13:26 JST 1999
* sys/netinet/ip_input.c,sys/netinet6/ip6_input.c:
Stoped to remove M_AUTHIPDGM, not M_AUTHIPHDR, from m_flags.
It caused checking policy of ESP inbound tunnel to be failed.
NOTE: I believe that M_AUTHIPHDR will obstruct as such above
when checking AH inbound tunnel policy, too.
Mon Apr 26 09:35:34 JST 1999
* sys/i386/isa/kms.c (BSDI): Keyboard mouse driver implemented by
Keisuke Uehara <>. Makes cursor keypad behave as
mouse cursor movement. /dev/kms0 will speak bus mouse protocol.
Not very KAME thing, but is really useful addition for notebooks.
1999-04-23 JINMEI, Tatuya <>
* src/bgpd/bgp.c: for passively opened BGP4+ connection, use
the configured value of local preference.
Thanks to for pointing it out.
Fri Apr 23 15:32:45 JST 1999
* kit/ports/fwtk6 (FreeBSD 2.2.8): TIS firewall toolkit, modified for
IPv6 connections. NOTE: you'll need to get original fwtk 2.1 by
yourself (you must read and agree the license agreement from TIS).
From: Hajimu UMEMOTO <>
Fri Apr 23 01:07:41 JST 1999
* sys/netkey/key.c:
Fixed the problem that key_get(), and rarely key_dump(), return error
code but error didn't happen.
Thu Apr 22 18:16:06 JST 1999
* kit/src/racoon:
'path' directive is added for post-command execution.
NOTE: This do update PATH, not to be added.
Thu Apr 22 17:45:16 JST 1999
* kit/src/racoon:
Before post-command excution, set local and remote addresses of
phase 1 to environment value named RACOON_INFO.
1999-04-22 JINMEI, Tatuya <>
* nd6_rtr.c (in6_ifdel): made sure that leave the solicited-node
multicast address associated with the deleted address. Also
call in6_savemkludge() before freeing the ifaddr structure.
1999-04-22 JINMEI, Tatuya <>
* mld6.c (mld6_sendpkt): looped an MLD6 packet back to the sending
node if the node is a multicast router, which has been disabled by
`ifdef notyet' although we already have multicast routing.
1999-04-22 JINMEI, Tatuya <>
* in6.c (in6_control): automatically embed a link-local interface
index of a destination address specified via the
1999/04/22 16:36:54 JST
* sys/netinet/tcp_input.c (FreeBSD3.1):
Bug Fix: call ip6_savecontrol() also other than when
accepting the connection.
Thu Apr 22 12:41:14 JST 1999
* kit/src/racoon:
Fixed the problem of phase 2 negotiation. Now it gets success
the negotiation of phase 2.
XXX: There is phase *1* rekeying problem while phase *2*
Thu Apr 22 06:10:52 JST 1999
* kit/src/racoon:
- Added new directive "post-command" for racoon configuration. When
IKE phase 1 negotiation has been finished, then this is excuted.
"post-command" consists three directive;
"exec" defines to excute command when phase 1
negotiation has been completed.
"success" defines to excute command when `exec' command
was success.
"failure" defines to excute command when `exec' command
was failure.
- kmpstat can trigger to start negotiation of phase 1. Usage is
that, e.g.
# kmpstat establish-sa ike inet
1999-04-21 JINMEI, Tatuya <>
* src/rtadvd/config.c (getconfig): clear the configuration buffer
if the specified does not exist in the configuration file, which
is necessary to avoid to use a configuration for another interface
by mistake.
* src/rtadvd/if.c (get_next_msg): added RTM_GET case in the search
Wed Apr 21 11:44:11 JST 1999
* kit/src/rtsol: bring interface down, then up, before sending RS.
This is a workaround for pcmcia ethernet card drivers (used on
notebooks). It looks that some of the drivers do not initialize
multicast packet filter properly on suspend/resume session, and
RA (to ff02::1) cannot be received on the interface after resume.
It looks that down-then-up solves most of the cases.
TODO: if this solves the problem, /etc/pccard.conf (or
/etc/card.conf) should perform down-then-up on resume.
Wed Apr 21 04:01:21 JST 1999
* kit/src/racoon:
- TODO has been updated.
- With port numbers and prefixes, phase 2 exchange is available.
We need some time for the stability. It's on testing to do
exchanging IPsec tunnel mode.
- It's became to begin phase 2 negotiation by IPsec-SA expiration.
- s/LDUR/LD/ and s/LTYPE/LD_TYPE/, because of clarification.
- Begin the trying to manage IPsec SA by queue(3). But I have no
idea to manage the SA parameters directly.
- Begin the trying to manage the IPsec-SA exchange by IPsec SA list.
XXX MUST support multi SA exchange.
- Modified some code for ANSI-C.
- A lot of modification.
Wed Apr 21 00:58:39 JST 1999
* kit/src/rrenumd:
-parser fix for recognizing match{-,_}prefix and use{-,_}prefix
-cmsghdr related msglen operaton bug fix
-enabled sending to IPv4 destination
(though, receiver side is also need to be enhanced to receive it)
Tue Apr 20 21:19:16 JST 1999
* kit/sys/netinet/altq_red.c: fix IPv6 header parsing code.
1999/04/20 17:55:31 JST
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c
synced between BSDs
Tue Apr 20 15:26:49 JST 1999
* kit/usr.bin/vmstat (BSDI, FreeBSD 2.2.8, NetBSD): source code
included in the tree (just need a recompilation, to make "vmstat -m"
Tue Apr 20 10:45:44 JST 1999
* kit/ports/zebra (FreeBSD 2.2.8/3.1):
* kit/pkgsrc/net/zebra (NetBSD): upgraded to 19990420 snapshot.
Tue Apr 20 10:36:52 JST 1999
* sys/netkey/key.c:
Modified a bit of ipsec_setsecidx() to get IP address
and port from mbuf.
ASSUMED: basic header is placed continuously in a mbuf.
Mon Apr 19 21:02:24 JST 1999
* kit/ports/mpg123 (FreeBSD 2.2.8, 3.1):
* kit/pkgsrc/audio/mpg123 (NetBSD): MPEG audio layer 3 player.
(embeded HTTP support code is updated for IPv6 HTTP)
Mon Apr 19 19:35:35 JST 1999
* kit/ports/icecast (FreeBSD 2.2.8, 3.1):
* kit/pkgsrc/audio/icecast (NetBSD): icecast MP3 broadcasting system.
based on version 1.1.3 of the original distribution.
Mon Apr 19 19:32:44 JST 1999
* sys/netinet/tcp.h,tcp_input.c,tcp_output.c,tcp_subr.c, tcp_var.h
sys/netinet6/ip6_output.c,ip6_var.h (FreeBSD3.1):
mainly fixes for considering IPv6 more enough on mss calcuration.
-added v6mssdflt
-added sysctl for setting v6mssdflt
-added ip6_exthdrsiz() and let it check supposed sending v6 ext
headers total len, and remove that from mss
-made output checksum part more clear(I belive essentially no change)
Mon Apr 19 15:04:43 JST 1999
* kit/ports/rev_v6_address (FreeBSD 2.2.8): a representing PTR
records tool for mainting DNS.
* kit/ports/geta (FreeBSD 2.2.8): GET Address - simple IPv4/IPv6
address resolver
Mon Apr 19 14:24:43 JST 1999
* sys/netinet6: Add automatic flow-labelling support in kernel,
for all operating systems.
(see CHANGELOG entry on Sun Apr 4 02:24:00 JST 1999)
Sun Apr 18 16:45:18 JST 1999
* sys/netkey/keyv2.h
Added PFKEY_ADDR_PREFIX() for convenience.
Sun Apr 18 09:39:25 JST 1999
* kit/ports/libident6 (FreeBSD 2.2.8): identd library for
IPv6 connetions.
* kit/ports/pident6d (FreeBSD 2.2.8): identd for IPv6 connetions.
From: Hajimu UMEMOTO <>
Sat Apr 17 13:13:41 JST 1999
* kit/pkgsrc/lang/python (NetBSD): python 1.5.2 with IPv6 support.
Sat Apr 17 11:22:29 JST 1999
* kit/ports/python (FreeBSD 2.2.8): python 1.5.1 with IPv6 support.
Sat Apr 17 01:33:01 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 1999/4/16 snapshot.
Fri Apr 16 18:16:04 JST 1999
* sys/, kit/ports/altq (FreeBSD31):
updated ALTQ to 1.1.3
Fri Apr 16 10:20:39 JST 1999
* kit/ports/sendmail6, kit/pkgsrc/mail/sendmail6:
upgrade to 8.9.3 + IPv6 patch version W3.2.
Thu Apr 15 18:04:49 JST 1999
* sys/netinet/tcp_input.c, tcp_subr.c (FreeBSD3.1):
rewrite tcp_respond() because it has incorrect pointer
reference bug. this caused keep alive packet with incorrect
checksum, and let long lived tcp connection die.
now tcp should become more stable.
Thu Apr 15 14:53:34 JST 1999
* kit/ports/mediator: added port directory for Mediator DNS relay
resolver daemon. NOTE: the master distribution is restricted so
most of you will not be able to compile this.
* kit/ports/kaffe: port for IPv6-ready kaffe (IPv6 patch by INRIA
guys). Not finished yet.
Thu Apr 15 08:57:24 JST 1999
* kit/src/man: add kame(4).
Thu Apr 14 JST 1999
* kit/src/libinet6: Made getaddrinfo.c and getnameinfo.c compilable
on most platforms (do not define INET6). This should be useful
when making applications IPv6-aware (supply KAME getaddrinfo.c in
"missing" directory and use AC_REPLACE_FUNCS(getaddrinfo) in
Wed Apr 14 20:57:13 JST 1999
* kit/src/racoon:
Added the sending some administration commands to kmpstat.
reload config, show schedule, show several SA,
delete several SA, flush several SAs, establish several SA
Added to handle some administration commands to admin.c. There are
some commands have not been supported yet, and these aren't tested
XXX: should be specified the efficient formats for
the communication which is between racoon and kmpstat.
Changed default port for administration.
racoon.conf is obsoleted by ibm.conf.
Wed Apr 14 18:26:14 JST 1999
* kit/ports/{ct,v6eval} (FreeBSD 2.2.8): TAHI IPv6 conformance test
kit, released today (0.1). See for details.
1999-04-14 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): fixed a bug of (possible) NULL pointer
access in PRU_CONNECT case in rip6_usrreq. FreeBSD 3.1 version
has the same problem in rip6_connect(), which was fixed as well.
Wed Apr 14 01:20:23 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby:
upgrade to ruby 1.2.5 with latest IPv6 patch.
Tue Apr 13 18:06:03 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby:
object oriented scripting language "ruby" 1.2.4 with IPv6 support.
Tue Apr 13 10:45:00 JST 1999
* kit/src/libipsec:
Added EIPSEC_INVAL_PREFIXLEN into ipsec_strerror.h.
To handle prefix, added `prefixlen' to the parameter
in pfkey_send_{add,update,delete,get}().
Mon Apr 12 21:21:59 JST 1999
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c:
(1) check IFF_LINK0 on ingress, as specified in the manpage.
(2) do not encapsulate if IFF_LINK0 is down and physical destination
address is not configured.
(3) check if physical source equals to dst on the packet, on egress
when IFF_LINK is enabled.
Mon Apr 12 11:34:02 JST 1999
* sys/netinet6/nd6_nbr.c: clear tentative bit without DAD, when
net.inet6.ip6.dad_count equals 0. (this is a bug - sorry)
Sun Apr 11 21:04:05 JST 1999
* usr.sbin/inetd (FreeBSD3.1):
enabled to specify tcp6 as protocol type in inet6d.conf.
when it is specified, the opened AF_INET6 socket don't accept
IPv4 connection.
Sun Apr 11 18:18:56 JST 1999
* kit/ports/ppp (FreeBSD):
IPv6 patch level upgrade.
-filter specification bug fix
-added debug mode(never become daemon in any mode)
-when using ppp created ifid, try to use common ifid at first
on any ppp connection.
1999-04-11 JINMEI, Tatuya <>
* src/libinet6/ip6opt.c : implemented inet6_option_alloc(),
inet6_option_next() and inet6_option_find() functions.
1999-04-11 JINMEI, Tatuya <>
* ip6_input.c (ip6_savecontrol): implemented IN6P_HOPOPTS,
IN6P_DSTOPTS and IN6P_RTHDR options in order to get Hop-by-hop
options, destination options and routing headers by a userland
Sat Apr 10 12:17:08 JST 1999
* sys/netinet6/in6_gif.c, sys/netinet/in_gif.c:
Add ECN friendly mode to gif interface. "ifconfig gifX ilnk1"
should enable "ECN allowed" behavior (see draft-ipsec-ecn-00),
and ECN bits will be copied on ingress and egress.
"Copying ECN bit on ingress" violates of RFC1933 (which says
that outer IPv4 TOS bit should be 0). This should be used under
mutual agreement with tunnel endpoint.
Fri Apr 9 22:53:28 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade original distribution
to 1999/4/8 snapshot. ospf6d is in the tree but not compilable.
we really are looking forward to test ospf6d!
Fri Apr 9 22:24:44 JST 1999
* kit/src/route6d/route6d.c: avoid hardcoding # of interfaces.
now you should be able to handle as many interfaces as you can.
# of interfaces is obtained on startup time, so it cannot handle
dynamically added interfaces at runtime.
Fri Apr 9 JST 1999
* sys/netinet6: implement setsockopt(IPV6_FAITH) for NetBSD and BSDI.
(see CHANGELOG on Fri Apr 2 20:00:23 JST 1999)
Fri Apr 9 20:44:55 JST 1999
* sys/netinet/ip_ecn.[ch]: move ECN friendly ingress/egress code into
separate function, for better code reuse.
Populate ECN friendly IPsec tunnel code to all the platforms.
1999/04/09 20:26:03 JST
usr.bin/netstat (FreeBSD3.1):
-print only inet socket at "-f inet"
-print inet6 socket at "-f inet6"
-print inet6 addr correctly for inet6 socket
Fri Apr 8 JST 1999
* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
Implement heuristics against DAD NS loopback. See source code
for detail; it may be better than dad_ignore_ns, but not very
perfect and may violate spec anyway.
1999-04-08 JINMEI, Tatuya <>
* nd6.c (nd6_output): if the interface is other than Ethernet and
FDDI, simply put the packet into the interface instead of tring
to resolve the next hop.
1999-04-08 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): for PRU_BIND, added a check to see
if the specified address is valid(e.g. not deprececated).
For PRU_CONNECT, used in6_selectsrc() in order to fill in the
source address field.
Thu Apr 8 20:14:45 JST 1999
* kit/src/faithd: get # of interfaces by using if_nameindex().
Thu Apr 8 19:39:01 JST 1999
* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
ignore incoming DAD NS packet, if dad_ignore_ns is set to 1.
By setting dad_ignore_ns to 1 (by bpatch maybe), you'll be able to
ignore DAD faults by drivers which loops packets back to itself
on promisc mode.
However, (1) you'll not be able to detect simultaneous DAD activity
on the subnet, nor same MAC address on the subnet (-> SparcStation2)
(2) it is not spec conformant behavior.
I dunno how many drivers are faulty, but at least BSDI mz driver
(which is my favorite) is broken, so would like to test this code.
Thu Apr 8 17:06:32 JST 1999
* kit/src/v6test: changed config file directory to PREFIX/share/v6test.
Thu Apr 8 17:01:42 JST 1999
* kit/src/libinet6/getaddrinfo.c: (1) do not attach canonname
"localhost" to ::1 and The name may not be ubiquitously
(2) add comment about get_addr() call when AI_CANONNAME is given for
numeric address. it is a bit strange that we do addr->name
translation here...
1999-04-08 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): If a hop-by-hop options header is
contained in an outgoing packet, examine and process it,
which behavior is required in the base IPv6 spec(RFC 2460).
Note that some other code relating to option processing was
also modified.
1999-04-08 JINMEI, Tatuya <>
* ip6_output.c (ip6_insert_jumboopt): fixed a bug that
the function does not adjust the length field of an already
existing hop-by-hop header.
Thanks to Kenjiro Komaki <> for finding the
Wed Apr 7 23:42:55 JST 1999
* kit/etc/rc.net6: add "sleep" after interface configuration. now
DAD will be performed for global addresses too, and we have to
wait till DAD's completion before invoking daemons.
Wed Apr 7 18:46:17 JST 1999
* kit/lib/libftpio(FreeBSD 2.2.8): try EPSV in IPv4 case too,
because EPSV behaves better for translators. Also, try EPRT in
IPv4 case too.
Wed Apr 7 18:02:28 JST 1999
* sys/netinet6/nd6_rtr.c: don't care link local addr
state and every time do DAD in in6_ifadd().
Wed Apr 7 17:28:17 JST 1999
* kit/src/ndp: Print out expired prefix as "expired",
not by negative lifetime value.
* kit/sbin/ifconfig: Do not print negative value for interface address
lifetime. This sometimes happens if you invoke ifconfig on the
expiration time.
* sys/netinet6/nd6*.c: Fix RA prefix information validation for
lifetime values. It now works as expected (RFC2462 5.5.3 (e) or
Jim Bound's rule - default is Jim Bound's rule).
(1) Do not remove prefix information in the kernel (struct
nd6_prefix) on expiration. Will be removed after
NDPR_KEEP_EXPIRED seconds. We need old prefix information for
validation purposes.
(2) Do not remove interface address when prefix information is
removed. Their lifetime is managed separately.
(3) Clarify validation rules for lifetime fields in RA prefix
Wed Apr 7 14:29:46 JST 1999
* sys/net/if.c (except BSDI 3.1): fix where we call in6_if_up() on
ioctls. (this is a routine to trap IFF_UP positive edge -
mainly for DAD)
1999-04-07 JINMEI, Tatuya <>
* nd6.c (nd6_output): was newly implemented, which is called from
ip6_output instead of ifp->if_output. The change mainly aims to
perform neighbor unreachability detection even if the outgoing
interface is not up.
NOTE: The change is still experimental and needs more tests.
So, it is not enabled unless the `NEWIP6OUTPUT' kernel
configuration option is specified.
Wed Apr 7 03:06:54 JST 1999
* kit/libexec/ftpd (NetBSD): fix EPRT.
* kit/usr.bin/ftp (NetBSD, FreeBSD2): try EPSV in IPv4 case too,
because EPSV behaves better for translators. Also, try EPRT in
IPv4 case too.
1999-04-06 JINMEI, Tatuya <>
* FreeBSD 2.2.8: merged Alteon Gigabit Ether driver from
We believe that it supports IPv6 as well, but we have not
tested yet.
Tue Apr 6 22:25:41 JST 1999
* kit/src/libpcap: Allow tcpdump on ATM interface for FreeBSD.
DLT type for ATM is defined in OS-supplied bpf.h, so follow that
value in libpcap/net/bpf.h.
Tue Apr 6 19:40:52 JST 1999
* kit/etc/rc.net6: on router, perform "ifconfig up" before configuring
interface to wait for DAD's completion.
Tue Apr 6 18:50:27 JST 1999
* kit/ports/ucd-snmp, kit/pkgsrc/net/ucd-snmp:
upgrade to 3.6.1 with latest IPv6 patch.
NOTE: on NetBSD, snmpnetstat is not working right. this is a bug in
original distribution (ucd-snmp 3.6.1).
Tue Apr 6 18:00:08 JST 1999
* kit/Makefile: install documents in kit/* into
$(PREFIX)/share/doc/kame (usually PREFIX = /usr/local/v6).
Tue Apr 6 12:45:51 JST 1999
* kit/src/rtadvd: If old prefix configuration directive ("addr"
without "addrs") appears on rtadvd.conf, show warning to syslog and
exit. This should help people who forgot to update old
configuration file.
1999-04-05 JINMEI, Tatuya <>
* [NetBSD]in6.c (in6_control): fixed a bug that `ifconfig delete'
does not work correctly.
Mon Apr 5 17:39:54 JST 1999
* kit/ports/lynx (FreeBSD 2.2.8/3.1)
* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.
IPv4 numeric address in URL is now handled correctly.
(this was broken by IPv6 patch...)
Mon Apr 5 13:00:48 JST 1999
* kit/pkgsrc/net/ucd-snmp: (NetBSD 1.3.3)
GNU_CONFIGURE settings in caused trouble with ucd-snmp,
and snmpd hanged up on some specific queries. Now it is fixed and
working fine.
Mon Apr 5 04:17:51 JST 1999
* kit/ports/ppp (FreeBSD):
IPv6 patch level upgrade.
some more debug, improvement, and man fix.
-set ifid only for link local addr
-search MYADDRINET6 first, and then MYADDR
Sun Apr 4 02:24:00 JST 1999
* sys/netinet6: Add automatic flow-labelling support in kernel.
tcp6 inbound and outbound connection, and udp6 outbound packets
after connect(), will have flow label field filled in with a sequence
number (will be unique for 2^20 connections). Flow label portion
of sin6_flowinfo will be ignored.
This can be turned off by setting net.inet6.ip6.auto_flowlabel sysctl
variable into 0 (default is 1). If the value is 0, the value
in sin6_flowinfo will be used.
(experimental, KAME/FreeBSD 2.2.8 only)
Semantics of flow label is still rather vague. The semantics of
sin6_flowinfo field is also vabue. Some of us fear that,
if we leave it as is, nobody will be using flow label. We would
like to start by (1) marking as many connections as possible
with flow labels, then (2) try some QoS/diffserv things with the
marked traffic, then (3) think about how we should go forward.
TODO: other better support for flowlabel, such as filling
sin6_flowinfo on inbound traffic.
1999-04-03 JINMEI, Tatuya <>
* src/rtsold: changed to watch interface flags and to probe
advertising routers when an interface becomes up or down.
Sat Apr 3 11:27:18 JST 1999
* kit/ports/lynx (FreeBSD 2.2.8/3.1)
* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.
Fri Apr 2 20:00:23 JST 1999
* sys/netinet6, kit/src/faithd: implement setsockopt(IPV6_FAITH).
setsockopt(IPV6_FAITH) is now required to accept TCP
conection toward FAITH-relayed prefixes. This will affect
faithd daemon only, and this will protect other daemons (like
sendmail or httpd) from mistakingly accepting FAITH'ed TCP
(experimental, KAME/FreeBSD 2.2.8 only)
Fri Apr 2 20:00:23 JST 1999
* sys/netinet6/icmp6.c: Receive important ICMPv6 messages toward
FAITH'ed prefixes. This is required to make PMTUD work for
FAITH'ed TCP6 connections.
1999/04/02 16:33:03 JST
* kit/src/rtadvd:
Check dest interface's if_flagss and if not IFF_UP, don't send RA
to the interface. If it become IFF_UP again, restart sending RA to it.
Also, made if.h and added some common definitions to it.
Some debug on rtmsg type checking procedure.
Fri Apr 2 12:55:28 JST 1999
* kit/ports/ppp (FreeBSD 2.2.8, 3.1):
update v6 patch level. fix several bugs and man fix.
1999-04-01 JINMEI, Tatuya <>
* if.c (ifioctl): if an interface's mtu is changed by SIOCSIFMTU,
also change the ND6 level mtu associated with the interface.
1999-04-01 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): prevented IPv6 level fragmentation
on a link that does not support link-level fragmentation.
XXX: currently we don't have any method to check if a link
supports link-level fragmentation.
Wed Mar 31 12:42:28 JST 1999
* kit/src/faithd: stabilize plain TCP relay.
- connection timeout will be measured for both diretions - timeout
won't happen if there's some data stream for either of the
TODO: tcp.c shouldn't fork(), for process table conservation...
- explicitly set SO_SNDTIMEO, to correctly detect write overflow
(= client side or server side disconnected the connection during
Wed Mar 31 12:42:28 JST 1999
* sys/netinet6: remove old FAITH implementation and user interface
knob, namely net.inet6.ip6.faith_prefix.
* kit/src/faith: make it a shell script for backward compatibility.
Tue Mar 30 23:21:05 JST 1999
* sys/netinet6/nd6_rtr.c: (1) do not use tentative or duplicated
link-local address as the seed for autoconfiguration.
(2) changed how kernel detects "fresh" prefix on RA packet.
Tue Mar 30 12:32:33 JST 1999
* sys/netinet6 (FreeBSD 3): merge in new faith code.
Now all operating systems are "new faith" ready.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Tue Mar 30 02:04:12 JST 1999
* kit/src/faithd: disconnect inactive sessions in 30 minutes,
to avoid stale connection to chewing up system resources.
TODO: should it be configurable?
Mon Mar 29 18:41:06 JST 1999
* sys/netinet6/in6.c, kit/sbin/ifconfig: (NetBSD and FreeBSD 2.2.8)
Support "ifconfig vltime" and "ifconfig pltime" for altering
interface address lifetime.
See CHANGELOG on Wed Mar 24 15:06:25 JST 1999 for detail.
Mon Mar 29 17:20:23 JST 1999
NetBSD pkgsrc catch-ups.
* kit/pkgsrc/net/wget: port for wget 1.5.3.
* kit/pkgsrc/net/zebra: upgraded to 19990327 snapshot.
* kit/pkgsrc/net/apache: upgraded to 1.3.6 + latest IPv6 patch.
* kit/pkgsrc/net/ncftp3: upgrade to use latest IPv6 patch
(see CHANGELOG on Thu Mar 25 16:21:11 JST 1999 by sumikawa).
1999-03-29 JINMEI, Tatuya <>
* ip6_output.c (ip6_setmoptions): when joining a node-local scope
multicast group, choose the loopback interface as the default
1999-03-29 JINMEI, Tatuya <>
* ip6_output.c (ip6_output), in6_pcb.c (in6_selectsrc):
added some consideration for node-local multicast addresses:
- route outgoing packets to the loopback interface
- choose the source address from the loopback
interface(typically it's the loopback address, ::1).
1999/03/29 01:42:43 JST
* kit/ports/ppp:
upgrade to 990309 version.
Mon Mar 29 01:41:04 JST 1999
* kit/ports/zebra (FreeBSD 2.2.8): upgrade to 19990327 snapshot.
1999/03/29 00:35:42 JST
* sys/net/if_tun.c (FreeBSD2.2.8, 3.1):
-Bug Fix: return ENOBUFS when M_PREPEND fails
-removed unused function
Sun Mar 28 00:37:36 JST 1999
* sys/netinet{,6}/tcp{,6}_subr.c: fix mbuf length computation bug
in ipsec[46]_hdrsiz_tcp().
From: Tomomi Suzuki <>
Sat Mar 27 07:17:34 JST 1999
* kit/ports/wget: (FreeBSD 2.2.8): wget 1.5.3 with IPv6 support
patch (by
1999-03-27 JINMEI, Tatuya <>
* icmp6.c (icmp6_redirect_output): fixed memory leak, that occurs
in a case where the function is called but no redirect should be
Fri Mar 26 20:51:28 JST 1999
* sys/netinet6: IPsec tunnel is now friendly with ECN (Explicit
Congestion Notification). Behavior can be configured in per-host
manner with sysctl, not per-SA manner.
Fri Mar 26 12:11:03 JST 1999
* src/sys/netinet/in_pcb.c (FreeBSD 3.1):
Bug Fix: added necessary next list entry replacement in for loop.
Also, use LIST macro.
Now infinite loop problem should have been fixed.
Fri Mar 26 03:04:10 JST 1999
* kit/ports/apache13 (FreeBSD 2.2.8): update to apache 1.3.6.
(need some regression test...)
Fri Mar 26 JST 1999
* sys/netinet6/ip6_output.c: boundary check for
IPV6_{UNI,MULTI}CAST_HOPS is added as described in spec.
Thu Mar 25 16:21:11 JST 1999
* kit/ports/ncftp3 (FreeBSD 2.2.8): update port
- try 'EPSV' connection first on IPv4 and IPv6 passive
- remove hard coded number
Thu Mar 25 15:32:54 JST 1999
* kit/src/faithd: fix "my address" determination. previous code
was caress about sin6_scope_id and sin6_port when comparing
interface address with getsockname().
Thu Mar 25 13:41:08 JST 1999
* kit/src/faithd: -p option lets you get IPv4 privileged src port
(port < 1024).
1999/03/24 23:26:50 JST
* kit/ports/perl5 (FreeBSD 3.1):
upgraded to perl5.005_55.(developer release)
Wed Mar 24 15:06:25 JST 1999
* sys/netinet6/in6.c, kit/sbin/ifconfig (BSDI):
ioctl interface is modified to allow (privileged) userland program
to modify interface address lifetime. ifconfig option "vltime" nad
"pltime" are implemented.
Tue Mar 23 21:56:52 JST 1999
* sys/dev/pci/aeon.c (NetBSD 1.3.3): Invertex AEON crypto/compression
card driver (ported from OpenBSD).
TODO: compression support in the driver
TODO: userland interface (/dev/lzs? /dev/md5? /dev/sha1?)
TODO: hook for KAME IPsec (this is a hard one...)
Tue Mar 23 19:05:00 JST 1999
* kit/sbin/ifconfig: add -L option, which displays address lifetime
for IPv6 addresses.
Tue Mar 23 18:03:41 JST 1999
* sys/netinet6 (NetBSD 1.3.3): merge in new faith code.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Tue Mar 23 10:30:46 JST 1999
* kit/src/ndp: generate timestamp on "ndp -t -A 1", to make output
merge-able with tcpdump's output.
1999-03-19 JINMEI, Tatuya <>
* src/ping6: added -a option in order to support the ICMP node
information node addresses Qtype.
1999-03-19 JINMEI, Tatuya <>
* icmp6.c: supported ICMPv6 node information the FQDN and node
addresses Qtypes.
1999-03-19 JINMEI, Tatuya <>
* in6.c (in6_setmaxmtu): was newly added to recalculate the
maximum MTU for outgoing IPv6 packets. The function is called
when there is a possibility of a change of the MTU.
Fri Mar 19 04:18:00 JST 1999
* kit/src/libipsec:
For handling tunnel mode, Added parameter for proxy address to
pfkey_send_add() and pfkey_send_update().
Thu Mar 18 17:56:19 JST 1999
* kit/src/faithd: update faith_prefix determination.
if USE_ROUTE is defined, faithd will determine faith_prefix
by the following
- if the getsockname() matches any of my interface address,
it is toward myself (not for translator).
- otherwise, it is for translator.
This behavior is for new "faith" pseudo interface support,
implemented in BSDI and FreeBSD 2.2.8 (at this moment).
sysctl MIB for faith_prefix is meaningless in this case.
if USE_ROUTE is not defined, faithd will determine faith_prefix
by the following algorithm:
- if the getsockname() matches faith_prefix (registered
via sysctl) it is for translator.
- otherwise, it is for myself.
This behavior is for old "faith" implementation.
Thu Mar 18 15:28:28 JST 1999
* kit/bin/route/route.c (BSD/OS 3.1): allow interface route to be
added by "route add -inet6 foobaa -interface if0".
Thu Mar 18 14:27:24 JST 1999
* sys/netinet6 (BSD/OS 3.1): remove HYDRANGEA_COMPAT compile option,
which is VERY obsolete. If there's anybody relied on this, please
migrate to advanced API.
Thu Mar 18 14:20:56 JST 1999
* sys/netinet6 (BSD/OS 3.1): merge in new faith code. userland should
be updated soon.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Wed Mar 17 16:39:18 JST 1999
* kit/ports (FreeBSD 3.1): updated and made buildable many ports
as FreeBSD 2.2.8 update.
added: ncftp3, squid11, wbd
updated: apach13(to 1.3.4), mrt(to 1.5.2a), heimdal(to 0.1c),
sendmail6(to 8.9.2), gated-ipv6 (to snapshot-0399),
lynx(to 2.8.1rel.1), tcptrace(to 5.1.1), vat6(to 19981109),
vnc(to 3.3.2r3)
TODO: buildability check -> XFree86, mozilla
to be compilable -> perl5, ppp, ucd-snmp
update(also with kernel) -> altq
Wed Mar 17 09:15:12 JST 1999
* sys/netkey/keyv2.h
Added two macros for utilization to make sadb message,
Wed Mar 17 08:32:29 JST 1999
* kit/src/libipsec
Fixed pfkey_sadump() to print the values of lifetime extension.
1999-03-16 JINMEI, Tatuya <>
* sys/netinet6/ip6_output.c (ip6_output): changed to use the MTU
for fragmentation advertised via RA (if specified) instead of the
link MTU.
1999-03-16 Atsushi Onoe <>
* kit/src/traceroute6/traceroute6.c: support source route (-g)
1999-03-16 Atsushi Onoe <>
* kit/src/libinet6/rthdr.c: fix return value of inet6_rthdr_getaddr().
Tue Mar 16 15:24:22 JST 1999
* src/netinet6,netinet,netkey
* kit/src/libipsec,setkey,racoon,ping6,traceroute,traceroute6
* kit/sbin/ping:
* kit/usr.bin/telnet:
IPsec policy engine has been changed drastically.
Now it's NOT valid for old syntax to manage SPD by setkey.
You must use new syntax to configurate that.
XXX MUST be written many manuals.
The policy is managed by either setsockopt() or setkey
like following:
By calling setsockopt(3):
To set policy,
setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, len);
setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, len);
To delete policy,
To get policy,
getsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, &len);
getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, &len);
`policy' is the binary data formated sadb_x_policy defined
netkey/keyv2.h. You can make `policy' you want by calling
ipsec_set_policy(). for example:
ipsec_set_policy(buffer, "ipsec ah/use esp/use/");
NOTE: You must allocate buffer sufficiently.
By setkey command for administrater:
spdadd icmp -P bypass;
spdadd 3ffe:501:4819::1 3ffe:501:481d::1 tcp -P ah/use;
The argument `policy' follow to -P option is below,
policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
policy_type := "discard", "none", "ipsec"
ipsec_request := protocol "/" level ["/" proxy_address]
protocol := "esp", "ah"
level := "default", "use", "require"
Some user land command can configurate policy.
ping -P "ipsec ah/require/"
telnet -P "ipsec ah/use esp/use"
The argument `policy' follow to -P option is below,
policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
policy_type := "ipsec", "entrust", "bypass"
ipsec_request := protocol "/" level ["/" proxy_address]
protocol := "esp", "ah"
level := "default", "use", "require"
Be attention to `policy_type' against the case of using setkey.
XXX traceroute6 and ping6 were fixed, but don't use IPsec
XXX because kernel hasn't had IPsec code for IPv6 yet.
Added IPsec library for users convenience.
synchronized new ipsec.
output warning message in configure when using OpenSSL.
Calcurated hdr size of ESP/AH that predicted along with policy.
Returned max header size if no SA present.
Modified INBOUND policy check.
Added rejecting code to icmp{,6}_input.
Added a flag of mbuf:
M_AUTHIPDGM that is set when ther is ICV in packet.
Re-arranged mbuf flags about IPsec.
M_AUTHIPDHR data origin authentication for IP header
M_DECRYPTED confidentiality
M_AUTHIPDGM data origin authentication
Merged rejecting code about INET{,6}
Fixed callout_handle for FreeBSD3.x. XXX NOT tested.
Mereged key_newsa() and key_newsa2().
Arranged the code of key_setsaval().
Taking IN_ADDR in sockaddr as network byte order.
XXX that is violate to section 2. PF_KEY Message Format in RFC2367.
Changed semantics of sadb_lifetime_usetime.
XXX expiration check.
We operate CURRENT sadb_lifetime_usetime as the time,
in seconds, when association was last used. For HARD and SOFT,
the number of seconds after the last use of the association
until it expires.
We select the number of flows as the conecpt of
sadb_lifetime_allocations. So we increment the one
whenever calling {esp,ah}_{in,out}put.
Fixed memory leak when calling key_sendup without socket registerd.
That caused kernel to be crash when using SADB_X_PROMISC or mulsti
sockets registerd by SADB_REGISTER.
Added to fix m_len in ipsec?_in_reject() when following both situation.
- internet PCB exists.
- m_pkthdr.len != m_len.
XXX It's quick hack.
XXX With either socket or pcb, we should call IPsec stack.
Enclosed the part of identity extension processing in key_acquire().
XXX identity extension must be a record per src/dst or nothing.
XXX We don't have the way to regist proper identity record, By PF_KEY ?
Tue Mar 16 13:50:26 JST 1999
* kit/ports/gated-ipv6 (FreeBSD 2.2.8):
* kit/pkgsrc/net/gated-ipv6 (NetBSD 1.3.3):
update to use 99/3 snapshot. this is based on public snapshot
and should require no manual fetching (correct me if I'm wrong).
Tue Mar 16 06:30:58 JST 1999
* sys/netinet6/icmp6.c: do not generate icmp6 error against redirects.
this is a bit experimental but this change is decided in ipngwg.
Mon Mar 15 19:38:54 JST 1999
* src/libexec/ftpd (FreeBSD 3.1):
-enabled data connection on v4 mapped addr connection
-enabled passive mode for AF_INET (also on v4 mapped addr)
-enabled TCP_NOPUSH
-added PORTRANGE option for AF_INET6 (experimental?)
Mon Mar 15 14:39:33 JST 1999
* src/sys/netinet6/in6_ifattach.c (FreeBSD 3.1):
Bug Fix: correctly link ::1 to lo0 ifaddr list.
Sun Mar 14 06:42:10 JST 1999
* src/sys/netinet/tcp_subr.c (FreeBSD 3.1):
fixed ip length of reset packet at tcp_respond().
Sun Mar 14 02:07:05 JST 1999
* kit/ports/apache13 (FreeBSD 2.2.8):
* kit/pkgsrc/www/apache13 (NetBSD 1.3.3):
update IPv6 patch to version 19990314.
Now NameVirtualHost accepts hostname and port separately.
1999-03-12 JINMEI, Tatuya <>
* src/bgpd/bgp.c (bgp_process_update): fixed memory leak.
If you use BGP4+ using bgpd, you should apply the fix.
Fri Mar 12 14:47:57 JST 1999
* src/sys/net/if_spppsubr.c (FreeBSD 3.1):
merged cisco_hdlc support for sppp.
(patch is given from thanks very much!)
Fri Mar 12 14:47:12 JST 1999
* src/sys/netinet6/in6.c (FreeBSD 3.1):
Bug Fix: free correct ifa pointer at SIOCDIFADDR_IN6.
Also removed ifa(not so used), and use &ia->ia_ifa instead.
(kernel panic at IPv6 address remove problem is fixed)
Thu Mar 11 19:07:50 JST 1999
* src/usr.bin/netstat (FreeBSD 3.1):
enabled "netstat -s -f inet6"
Thu Mar 11 17:42:18 JST 1999
* sys/netinet/tcp_*(FreeBSD 3.1):
Bug Fix:
-backup ip_ver after in_cksum() at tcp_input() for later ver check.
-add isipv6 arg to tcp_respond() and not check ip_ver in it.
-fixed some tcp_template related macro definitions.
(Now kernel panic problem seems to be fixed!)
Thu Mar 11 00:27:55 JST 1999
* sys (FreeBSD 2.2.8): experimental update to FAITH firewall-oriented
TCP relaying code. Now we have pseudo interface called faith[0-9].
Packets routed toward faith[0-9] interface will be sent to the
upper-layers for TCP relaying. Userland part (faithd daemon) is
unchanged. There's no "faith prefix" (faith -p foo) configuration
necessary. You'll just need to set up routing table toward
faith[0-9], and then enable faith (faith -e).
For backward compatibility, the kernel will behave just as before
if you have no pseudo interface faith[0-9] configured.
Wed Mar 10 16:11:19 JST 1999
* kit/lib/libskey/Makefile: (FreeBSD 2.2.8):
Do not build shlib for IPv6-ready libskey by default.
NOTE: Please remove /usr/local/v6/lib/libskey.* if you are unsure
about the side effects.
If a user installs shlib version of libskey to /usr/local/v6/lib,
and she does not add /usr/local/v6/lib into shlib search path,
ftpd will fail to communicate with ftp (because of "shlib version
too old" message they become out of sync). We go for safer side.
Tue Mar 9 11:07:40 JST 1999
* sys/netinet/tcp_subr.c (FreeBSD 3.1.0)
Bug Fix: correctly copy t_template into IPv6 or IPv4
header. (However, kernel panic problem is not seemed to be
fixed yet.)
Mon Mar 8 22:39:09 JST 1999
* kit/ports/heimdal (FreeBSD 2.2.8)
* kit/pkgsrc/security/heimdal (NetBSD 1.3.3)
update master distribution to 0.1c.
Mon Mar 8 12:44:11 JST 1999
* kit/ports/ethereal (FreeBSD 2.2.8): ethereal packet analyzer 0.5.1
with IPv6 support patch.
Wed Mar 3 23:05:32 JST 1999
* sys/netinet6/nd6.c: if non-host route is given to nd6_resolve(),
lookup again by itself. This case happens when non-clone route
lookup is performed in upper layers (for example, NetBSD PRU_CONNECT
code in raw_ip6.c) and the route is given all the way down to
nd6_resolve(), via ip6_output() and ether_output().
XXX check side-effects with care
Wed Mar 3 20:06:05 JST 1999
* sys (FreeBSD 3.1): remove files that are removed during 3.0-RELEASE
to 3.1-RELEASE, from KAME repository. sync GENERIC.v6 to GENERIC.
1999-03-02 JINMEI, Tatuya <>
* nd6.c (nd6_slowtimo): newly implemented. The function is called
once an hour and recomputes new random values of reachable time if
1999-03-02 JINMEI, Tatuya <>
* mbuf.h (MINCLSIZE) [FreeBSD 2.2.8 and BSDI 3.1]:
changed the definition from MHLEN+MLEN to MHLEN+1 in order to
conform to a KAME's requirement for device drivers.
Note: The change may cause unexpected problems. In such a case,
we'll restore the old definition.
1999-03-02 JINMEI, Tatuya <>
* src/libinet6/ifname.c (if_nameindex): allocated enough memory
to store temporary data instead of using fixed size arrays
in order to handle arbitrary number of interfaces.
* src/libinet6/ifname.c (if_indextoname): fixed a bug about
the return value of the function.
Sun Feb 28 12:20:11 JST 1999
* kit/pkgsrc/security/heimdal (NetBSD 1.3.3):
provides easy installation for "heimdal" kerberos5 implementation.
Sat Feb 27 17:38:51 JST 1999
* sys/netinet6/nd6_nbr.c: revised warning messages on neighbor
solicitation packet input. it is now more informative.
Sat Feb 27 03:13:01 JST 1999
* sys/netinet/ip_output.c, sys/netinet6/ip6_output.c:
getsockopt(ipsec related policy variable) caused kernel to SEGV
due to uninitialized pointer access.
Fri Feb 26 17:12:55 JST 1999
* Source-address determination for NS output is now conformant to the
spec. The kernel will try to use the source address for the
prompting packet as the source address, when possible.
This may save a NS/NA exchange roundtrip.
Previously KAME always use scope-wise source address selection.
However, it looks that scope-wise selection is not best suitable for
NS output case. (old code is #if 0'ed and kept for a while)
Fri Feb 26 15:28:28 JST 1999
* kit/ports/wbd (FreeBSD 2.2.8): use tcl/tk 8.0.
Fri Feb 26 14:58:58 JST 1999
* kit/ports/vnc: ORL is now AT&T Lab Cambridge, due to buyout.
master distribution URL has changed.
Fri Feb 25 JST 1999
* kit/src/man: repository for manpages that are not specific to
userland programs, such as inet6(4) or ipsec(4).
Thu Feb 25 16:20:42 JST 1999
* sys/netinet/tcp_{input,output}.c (NetBSD 1.3.3):
IPv4 TCP now takes care about IPsec header sizes. Therefore,
there will be no extra fragmentation necessary.
XXX need more considerations on how to achieve this behavior
Thu Feb 25 13:27:03 JST 1999
* sys/netinet/{esp,ah}_input.c: mbuf manipulation for IPsec tunnel
case is fixed. m_freem() was called twice for single mbuf,
and it made a node to hang up some time later.
1999-02-25 JINMEI, Tatuya <>
* frag6.c (frag6_input): changed the processing when an incoming
fragment overlaps some existing fragments in the reassembly queue;
drop it instead of adjusting existing ones, which processing is better
from a security point of view.
Thu Feb 25 01:05:59 JST 1999
* sys/netinet6/esp_output.c: merge esp4_output() and esp6_output() into
single function, esp_output(). this is for better code sharing
and less maintenance cost. cluster mbuf copying code (by jinmei)
is now used for both IPv4 and IPv6.
1999-02-24 JINMEI, Tatuya <>
* src/rtadvd: added -c command line option to specify the
configuration file.
Wed Feb 24 22:26:24 JST 1999
* sys/netinet/ip_icmp.c: Our code does not parse chained header
in icmp4 notification processing at this moment. Therefore, we
can't send notification to tcp layer for packet like "IPv4 AH TCP".
(The problem is NOT fixed, this log is just for memorandum)
1999-02-24 JINMEI, Tatuya <>
* icmp6.c (icmp6_input): added `goto deliver' at the last
of the ICMP6_PACKET_TOO_BIG case.
1999-02-24 JINMEI, Tatuya <>
* esp_output.c (esp6_output): before encryption, copied all mbufs
with cluster that is refereed more than once. This is inefficient,
but necessary to handle cases of TCP retransmission.
TODO: Similar process is necessary for esp4_output, too.
Wed Feb 24 19:48:09 JST 1999
* sys/netinet6/icmp6.c: implement icmp6 rate limit check as separate
function. implement rate limiting in icmp6 redirect.
Tue Feb 23 17:20:10 JST 1999
* kit/ports/tcptrace (FreeBSD 2.2.8)
* kit/pkgsrc/net/tcptrace (NetBSD 1.3.3): upgrade base version to 5.1.1.
Tue Feb 23 15:26:19 JST 1999
* kit/pkgsrc/www/squid11 (NetBSD 1.3.3): new package for "squid" web
cache 1.1.22, with IPv6 support.
Tue Feb 23 00:12:16 JST 1999
* kit/ports/heimdal (FreeBSD 2.2.8): upgrade to 0.1b.
Mon Feb 22 18:19:25 JST 1999
* sys/netinet6/icmp6.c: icmp6_redirect_output():
changed handling of redirect header option, based on discussions
on IPv6imp mailing list. we now pad the original packet, if
the original packet is not 8-byte aligned.
(previously we always truncate the original packet)
Mon Feb 22 12:32:58 JST 1999
* kit/ports/ncftp3 (FreeBSD 2.2.8): update to beta 18
Mon Feb 22 12:13:23 JST 1999
* kit/pkgsrc/net/ncftp3 (NetBSD 1.3.3): Ncftp 3.0 beta 18, with IPv6
Mon Feb 22 01:19:28 JST 1999
* kit/ports/ncftp3 (FreeBSD 2.2.8): IPv6 ports for Ncftp 3.0 beta 17
Sun Feb 21 07:16:44 JST 1999
* kit/pkgsrc/net/mrt (NetBSD 1.3.3): update to 1.5.2a.
Sat Feb 20 01:08:22 JST 1999
* kit/ports/vat6 (FreeBSD 2.2.8): library dependency path was wrong.
From: Martti Kuparinen <>
Fri Feb 19 19:57:31 JST 1999
* sys/dev/ppbus/if_plip.c (FreeBSD 3.1): undefed TIMEOUT after
if.h inclusion, as temporal workaround for macro name conflict
with sys/net/if_altq.h.
Fri Feb 19 19:52:11 JST 1999
* sys/i386/conf/GENERIC.v6 (FreeBSD 3.1): update as changes in
Fri Feb 19 19:32:04 JST 1999
* kit/ports/heimdal (FreeBSD 2.2.8): upgrade base version to 0.1a.
Fri Feb 19 16:41:49 JST 1999
* (FreeBSD 3.1): 3.0 -> 3.1 diffs.
Fri Feb 19 16:11:49 JST 1999
* kit/Makefile.kit (FreeBSD 3.0): changed ports tag name from
kame_300 to kame_310.
Fri Feb 19 15:48:25 JST 1999
* usr.bin/telnet/commands.c
* usr.bin/netstat/main.c, mroute6.c
* libexec/rlogind/rlogind.c
fix of conflict at merging FreeBSD 3.1. (all conflicts merged
but no compile check yet)
Thu Feb 18 22:37:39 JST 1999
* libexec/rshd/rshd.c
* usr.bin/Makefile
* usr.bin/fetch/fetch.1,fetch.h,ftp.c,http.c,main.c
* usr.bin/ftp/ftp.c
fixed conflicts importing from FreeBSD 3.1. (still one more)
Thu Feb 18 20:10:45 JST 1999
* usr.bin/netstat/mbuf.c
* usr.bin/rsh/rsh.c
* usr.bin/telnet/telnet.1
* usr.bin/tftp/main.c,tftp.c
* sys/conf/files,
* sys/i386/conf/GENERIC,LINT,Makefile.i386
* sys/i386/isa/if_ed.c,if_ep.c,if_lnc.c,sio.c,if_fe.c
* sys/net/bridge.c
* sys/netinet/ip_input.c
fixed conflicts importing from FreeBSD 3.1. (there is still more)
Thu Feb 18 16:35:58 JST 1999
* libexec/Makefile
* sys/netinet/ip_mroute.c, ip_output.c, tcp_input.c, tcp_subr.c,
tcp_var.h, udp_var.h
* sys/netkey/key.c, key_debug.c
* sys/pci/if_en_pci.c, sys/pci/if_tx.c
* sys/sys/malloc.h
fixed conflict of FreeBSD 3.1 merging. (there is still more)
Thu Feb 18 11:11:57 JST 1999
* kit/ports/squid11 (FreeBSD 2.2.8): package for squid-1.1.22 +
ipv6 patch.
1999-02-11 JINMEI, Tatuya <>
* ip6_input.c (ip6_input, BSDI): merged the "goto ours" hack
from FreeBSD; use the routing table instead of linear search
of ifaddrs.
1999-02-11 JINMEI, Tatuya <>
* src/bgpd: fixed a bug that bgpd is core dumped when failing
to redistribute BGP updates.
1999-02-10 JINMEI, Tatuya <>
* ip6_input.c (ip6_input): removed a redundant check in the
determination whether to accept an incoming packet.
Wed Feb 10 01:14:50 1999 Yoshinobu Inoue <>
* sys/netinet/ip_fw.c (FreeBSD 3.0): added inclusion of
ip6.h with "ifdef INET6".
Wed Feb 10 00:26:58 1999 Yoshinobu Inoue <>
* sys/net/tcp_output.c (FreeBSD 3.0): removed unused debug
Tue Feb 9 22:41:36 1999 Yoshinobu Inoue <>
* sys/net/if.c (FreeBSD 3.0): add "if 0" in ifa_ifwithnet()
to disable P2P dst check for adding route to
P2P interfaces(including gif), because usually IPv6 link local
destination address of P2P interface is unknown.
This is just a addition of same patch which had already been
applied to KAME FreeBSD2.2.X.
Fri Feb 5 16:32:16 CET 1999
* kit/src/libinet6/getnameinfo.c: avoid function static variables
for better thread safe-ness.
Fri Feb 5 14:36:49 CET 1999
* kit/ports/mrt (FreeBSD 2.2.8-RELEASE): update to 1.5.2a.
Wed Feb 3 19:34:54 1999 Yoshinobu Inoue <>
* kit/Makefile (FreeBSD 3.0): copy bgpd.conf.5 (sync with other
Wed Feb 3 19:24:20 1999 Yoshinobu Inoue <>
* sys/pci/if_xl.c (FreeBSD 3.0): catch up to (RELENG_3
branch in FreeBSD CVS repository, to sync with KAME FreeBSD 2.2.8.
Wed Feb 3 16:38:48 1999 Yoshinobu Inoue <>
* sys/net/rtsock.c: work around to reset gw to correct
value at RTM_CHANGE. (this fixes IPv4 on-link communication
problem by "routed -q")
Wed Feb 3 12:47:52 1999 Yoshinobu Inoue <>
* sys/netinet6: sync between KAME FreeBSD 2.2.8 and 3.0. (Also
changed draft reference to rfc reference)
Tue Feb 2 19:39:41 1999 Yoshinobu Inoue <>
* sys/netkey/key.c, key_debug.c, keysock.c, keyv2.h : sync between
KAME FreeBSD 2.2.8 and 3.0. (Also changed draft reference to rfc
Tue Feb 2 18:58:45 1999 Yoshinobu Inoue <>
* sys/netkey/key.c: sync between KAME FreeBSD 2.2.8 and 3.0
Tue Feb 2 18:23:26 1999 Yoshinobu Inoue <>
* sys/netinet6/in6_var.h (FreeBSD 3.0-RELEASE): added SANITY CHECK
for IFP_TO_IA6(). (sync with KAME FreeBSD 2.2.8)
Tue Feb 2 16:40:55 1999 Yoshinobu Inoue <>
* src/prefix/prefix.c: init keeplen as (64 - uselen), because that
spec seems to be natural and easy to use.
Tue Feb 2 13:25:32 1999 Yoshinobu Inoue <>
* sys/netinet/udp_usrreq.c (FreeBSD 3.0-RELEASE): Bug Fix:
fixed wrong pcb pointer reference in udp_input(). this will fix
the kernel halt bug at udp_input.
Mon Feb 1 01:44:46 1999 Yoshinobu Inoue <>
* sys/i386/isa/if_lnc.h,if_lnc.c (FreeBSD 3.0-RELEASE):
Merged multicast support of 3.0 branch. Also allocate mbuf cluster
for packets which don't fit in one mbuf. However, no operational
check yet.
Sun Jan 31 13:42:16 JST 1999
* kit/ports/heimdal (FreeBSD 2.2.8-RELEASE): upgrade to 0.0u.
1999-01-29 JINMEI, Tatuya <>
* src/bgpd/bgpd.conf.5: added an example of configuration
Fri Jan 29 14:05:06 JST 1999
* kit/pkgsrc/www/lynx (NetBSD 1.3.3): package for lynx 2.8.1rel1 +
IPv6 support. ncurses is disabled for Japanese/Asian language
Fri Jan 29 13:53:30 JST 1999
* kit/ports/lynx (FreeBSD 2.2.8): upgrade to lynx 2.8.1rel1 + IPv6
support. ncurses is disabled for Japanese/Asian language supports.
Thu Jan 28 18:29:03 JST 1999
* removed kit/ports/im (FreeBSD 2.2.8/3.0): our patches already
contains a standard package in FreeBSD 2.2.8/3.0
Wed Jan 27 23:20:28 JST 1999
* kit/ports/wbd (FreeBSD 2.2.8): multicast shared whiteboard tool.
Tue Jan 26 15:45:19 JST 1999
* sys/pci/if_xl.c (FreeBSD 2.2.8): catch up to (RELENG_2_2
branch) in FreeBSD CVS repository.
this fixes bugs in xl_start() and xl_txeof(), which could lead your
machine to hangup by mbuf cluster shortage. merged in for
Thu Jan 21 02:56:47 JST 1999
* sys (FreeBSD 2.2.8): incorporate ALTQ 1.1.3.
* kit/ports/altq (FreeBSD 2.2.8): use ALTQ 1.1.3.
* kit/pkgsrc/net/altq (NetBSD 1.3.3): use ALTQ 1.1.3. However,
as the package directory only compiles ATM PVC tools, there should
be no significant changes.
Wed Jan 20 15:07:45 1999 Yoshinobu Inoue <>
* (FreeBSD 3.0): removed src/sys files that are already removed
from FreeBSD 3.0.
sys/i386/scsi 93cx6.c 93cx6.h advansys.c advansys.h
aic7xxx.c aic7xxx.h bt.c btreg.h
Tue Jan 19 20:42:17 1999 Yoshinobu Inoue <>
* (FreeBSD 3.0): removed src/sys files that are already removed
from FreeBSD 3.0.
sys/scsi README cd.c ch.c od.c pt.c scsi_all.h
scsi_base.c scsi_cd.h scsi_changer.h
scsi_debug.h scsi_disk.h scsi_driver.c
scsi_driver.h scsi_generic.h scsi_ioctl.c
scsi_message.h scsi_sense.c scsi_tape.h
scsi_worm.h scsiconf.c scsiconf.h
sctarg.c sd.c ssc.c st.c su.c uk.c worm.c
sys/kern init_sysvec.c kern_opt.c
sys/conf files.newconf
sys/dev/ppbus vpo.h
sys/dev/slice disklabel.c mbr.c slice.4 slice.h
slice_base.c slice_device.c
sys/i386/eisa aha1742.c aic7770.c bt74x.c
sys/i386/i386/ mountroot.c
sys/i386/include conf.h
sys/i386/isa aha1542.c bt5xx-445.c
sys/pci aic7870.c bt9xx.c
sys/sys dpt.h netbsd_syscall.h
sys/vm device_pager.h
Tue Jan 19 19:23:36 JST 1999
* kit/ports/tcptrace (FreeBSD 2.2.8/3.0)
* kit/pkgsrc/net/tcptrace (NetBSD): tcptrace 5.1.0, with tiny
patch for IPv6 support.
Tue Jan 19 14:00:26 1999 Yoshinobu Inoue <>
* src/sys/net/if_spppsubr.c (FreeBSD 3.0): wrapped def of macro
UNTIMEOUT and TIMEOUT by ifndef, because that is also defined
in net/if_altq.h.
Tue Jan 19 13:02:00 1999 Yoshinobu Inoue <>
* src/sys/sys/systm.h, src/sys/kern/subr_prf.c (FreeBSD 3.0):
imported from FreeBSD-current.
* src/sys/kern/init_sysvec.c, kern_opt.c (FreeBSD 3.0):
removed files which are already removed from FreeBSD 3.0.
Tue Jan 19 11:39:04 1999 Yoshinobu Inoue <>
* src/sys/net/if_sppp.h, if_spppsubr.c (FreeBSD 3.0): imported
from FreeBSD-current.
Tue Jan 19 11:03:30 1999 Yoshinobu Inoue <>
* kit/Makefile.kit (FreeBSD 3.0): removed target include-300.diff
because that is not necessary for usual developer any more.
Tue Jan 19 10:42:47 1999 Yoshinobu Inoue <>
* src/sys/netinet/ip_input.c (FreeBSD 3.0): changed ip_reass()
to return (struct mbuf *). if 0'ed m_pullup of mbuf cluster.
left m_pkthdr.len calculation part in ip_reass() as KAME patched,
to prefer readability for now.
Thank you for for finding out this problem
and contributing patch.
Mon Jan 18 20:09:15 1999 Yoshinobu Inoue <>
* kit/Makefile(FreeBSD 3.0): Separate make-unnecessary dir from
SUBDIR. Added checking and linking of etc dir.
Mon Jan 18 20:03:17 1999 Yoshinobu Inoue <>
* src/include/Makefile(FreeBSD 3.0): mkdir install dir under
/usr/include, if it doesn't exist. now you can make, make install
header files under kit/usrc/include.
Mon Jan 18 19:23:57 1999 Yoshinobu Inoue <>
* src/etc(FreeBSD 3.0): import of /usr/src/etc from 3.0 RELEASE.
Mon Jan 18 18:29:09 JST 1999
* kit/ports/socks64 (FreeBSD 2.2.8/3.0)
* kit/pkgsrc/net/socks64 (NetBSD)
upgrade original distribution to socks5 1.0r8 with new socks64(IPv6)
NOTE: NEC now requires you to fetch the distribution from their
webpage by yourself, with signing a form.
Mon Jan 18 11:44:12 JST 1999
* sys (FreeBSD 2.2.8 and 3.0): backout KAME changes to sys/protosw.h,
and made netinet packet processing compatible with traditional BSD
way. See below (Jan 16 21:13) for more details.
Mon Jan 18 03:31:02 1999 Yoshinobu Inoue <>
* sys/net (FreeBSD 3.0): Sync some files with kame_228.
(However, if_spppsubr.c is not yet. INET6 support for this code
will need to be reimplemented)
Mon Jan 18 03:26:28 1999 Yoshinobu Inoue <>
* sys/netinet/ip_input.c (FreeBSD 3.0): Bug fix: Prevent kernel
panic when fragmentation occurred. Patch contributed by Wayne
Knowles. However, this might be temporal fix. Will need to change
ip_reass() to meet KAME mbuf requirement.
Sun Jan 17 21:13:44 JST 1999
* sys (BSDI): backout KAME changes to sys/protosw.h, and made netinet
packet processing compatible with traditional BSD way. See
below (Jan 16 21:13) for more details.
Sat Jan 16 14:48:09 GMT 1999
* kit/pkgsrc/net/altq (NetBSD): altq 1.1.2 package. This package
installs ATM PVC tools only, as there's no ALTQ support in NetBSD
* sys/net/if_atm*, sys/dev/ic/midway* (NetBSD):
ATM PVC pseudo device (pvc0) support from altq 1.1.2.
Refer to manpage and for
details and usage.
Sat Jan 16 21:13:43 JST 1999
* sys (NetBSD): eliminate all warnings by:
- backout KAME changes to sys/protosw.h, and
- define netinet6/ip6protosw.h for IPv6 protocol switch.
Now the kernel compiles without warnings. Even with -Werror it
compiles fine (tested on i386 architecture).
Good thing about the change: KAME should be more friendly with
other protocol families (such as netns, but not really tested).
Bad point: if kernel receives an IPv4 packet with too many chained
headers, input processing routine may chew up the kernel stack.
For example, if the kernel receives IPv4 packet with tons of
IPsec headers, kernel stack overflow (and panic) may result.
For IPv6, we use KAME onion-peeling mechanism and is safer
from kernel stack usage point of view.
1999-01-16 JINMEI, Tatuya <>
* src/bgpd: heavy improvements;
- many bugs were fix, including backup route recovery and
search algorithm for peers.
- supported a new configuration option to specify the local address
for a BGP4+ connection.
- separated BGP input buffers per peer base and implemented
non blocking read to prevent deadlock.
1999-01-14 JINMEI, Tatuya <>
* src/bgpd: bug fix;
- Some fixes about memory management(including memory leak and
duplicated free)
- Fixed a problem that bgpd sometimes mistakenly regards a doubly
opened connection as a fatal error(and stops).
Wed Jan 13 17:38:01 JST 1999
* kit/ports/ucd-snmp (FreeBSD), kit/pkgsrc/net/ucd-snmp (NetBSD):
upgrade IPv6 patch for ucd-snmp 3.5.3 port. Now it is available on
NetBSD too.
Wed Jan 13 12:51:48 JST 1999
* kit/ports/sendmail6: (FreeBSD) upgrade master distribution to
8.9.2+new IPv6 patch.
* kit/pkgsrc/mail/sendmail6: (NetBSD) upgrade master distribution to
8.9.2+new IPv6 patch.
Wed Jan 13 11:07:58 1999 Yoshinobu Inoue <>
* sys/net/rtsock.c: removed unused variable. (as netbsd fix)
Wed Jan 13 00:25:43 1999 Yoshinobu Inoue <>
* kit/libexec/route6d/udp6stat.c: Bug fix: wrong pointer was freed.
Tue Jan 12 17:26:48 JST 1999
* kit/libexec/ftpd, kit/usr.bin/ftp: (NetBSD) added EPRT/EPSV support.
Tue Jan 12 16:03:30 JST 1999
* kit/pkgsrc/www/apache13: (NetBSD) upgrade base version to 1.3.4.
* kit/ports/apache13: (FreeBSD) upgrade base version to 1.3.4.
Tue Jan 12 02:49:57 1999 Yoshinobu Inoue <>
* kit/src/route6d/udp6stat.c
Display protocol version(v4, v6) of pcb entries.
Tue Jan 12 02:20:51 1999 Yoshinobu Inoue <>
* kit/src/route6d/udp6stat.c
Made it also work on KAME for FreeBSD 3.0.
Mon Jan 11 23:09:40 1999 Yoshinobu Inoue <>
* kit/libexec/ftpd/ftpcmd.y: Bug fix: fixed == to =.
1999-01-08 JINMEI, Tatuya <>
* ip6_input.c (ip6_input): fixed a bug that prevented hosts from
receiving non-link local multicast packets.
TODO: more clarification of error codes from ip6_mforward() so that
we can accept packets unless the errors are fatal.
Thanks to: Niels Baggesen <>
Fri Jan 8 14:36:01 JST 1999
* kit/pkgsrc: (NetBSD) package building system for NetBSD. We'll be
adding IPv6-ready packages into here.
mail: fetchmail qpopper sendmail6
net: bind8 mrt socks64 v6tun wu-ftpd zebra
security: ssh tcpd6
www: apache13
are ready at this moment. Note that some of the packages are
derived from KAME/FreeBSD ports, and they may install files
into different places from standard NetBSD packages.
Thu Jan 7 23:59:24 1999 Yoshinobu Inoue <>
* kit/usr.sbin/lpr/lpd/lpd.c: changed (caddr_t *) to caddr_t.
1999-01-07 Atsushi Onoe <>
* sys/sys/socket.h, sys/net/if.h: change the member name of
struct sockaddr_storage: e.g. ss_family -> __ss_family;
and define IF_NAMESIZE in if.h to conform bsd-api-new-05.
NOTE: some of applications in "port" collection fails to compile
due to the change. Please be warned.
1999-01-07 JINMEI, Tatuya <>
* src/bgpd/bgp.c: some bug fixes and enhancements;
- allowed the `prepend' keyword to takes an argument, which specifies
number of iteration of prepending. See bgpd.conf.5.
- fixed a bug that an off-link IBGP next-hop is mistakenly
installed to kernel in some cases.
Thu Jan 7 15:41:19 JST 1999
* sys/netkey/keydb.h: KMALLOC/KFREE macro used in pfkey/ipsec conflict
with NetBSD/FreeBSD IP filter code. avoided the conflict for all
of OSes we support.
Thu Jan 7 15:13:13 1999 Yoshinobu Inoue <>
* sys/netinet6/nd6_rtr.c:
Previous fix for address lifetime initialization was incomplete.
Added missing fixes, and put same parts into new function,
Thu Jan 7 15:01:49 JST 1999
* kit/src/send-pr: kame-send-pr is now provided so that command line
users can submit KAME problem reports at ease.
Tue Jan 5 18:26:15 JST 1999
* kit/ports/vnc: upgrade base version to 3.3.2r3.
* kit/ports/mrt: upgrade base version to 1.5.1a.
* kit/ports/fetchmail: upgrade base version to 4.7.4.
* kit/ports/zebra: upgrade base version to 981222.
* kit/ports/qmail: qmail 1.03 with IPv6 support. Testers wanted
(I'm biased to sendmail).
Thu Dec 31 20:56:12 JST 1998
* kit/ports/ucd-snmp: upgrade base version to ucd-snmp 3.5.3.
Thu Dec 31 03:37:03 1998 Yoshinobu Inoue <>
* kit/ports/socks64:
made compilable on KAME FreeBSD 3.0.
(Include if_var.h. Should be removed in the future,
also with removal of in6_var.h)
Wed Dec 30 22:28:58 1998 Yoshinobu Inoue <>
* kit/src
Made then compilable on KAME FreeBSD 3.0.
Especially many ifdef's are added to route6d/ifmcstat.c.
Tue Dec 29 18:07:52 1998 Yoshinobu Inoue <>
* sys/net,netinet,netinet6
sync with FreeBSD3.0 as much as possible.(mainly netinet6)
Fri Dec 25 22:06:04 1998 Yoshinobu Inoue <>
* sys/netinet6/nd6_rtr.c: Added consideration of ndpr_rrf_decrvalid
and ndpr_rrf_decrprefd for address lifetime initialization.
Without this, prefixes allocated by prefix command will be
IN6_IFF_DEPRECATED after some period of time.
Fri Dec 25 17:02:08 JST 1998
* kit/ports/bind8 (FreeBSD): IPv6-ready bind8. named will accept
queries to IPv6 UDP/TCP port 53, dig/nslookup/whatever are able to
make queries toward IPv6 UDP/TCP port 53, and so forth.
1998-12-24 JINMEI, Tatuya <>
* in6_proto.c,ip6_input.c,ip6_var.h: removed none_input().
Now a packet whose protocol is IPPROTO_NONE can safely be passed
to the userland.
netinet/in_proto.c was also modified.
Thu Dec 24 19:40:27 1998 Yoshinobu Inoue <>
* kit/src/libinet6/resolv/res_debug.c
add ifdef of T_UINFO, T_UID, T_GID, to make it compilable on
FreeBSD 3.0.
1998-12-24 JINMEI, Tatuya <>
* probe.c (probe_init): call shutdown() after opening the probe socket
to make the socket `send-only'.
Thu Dec 24 11:46:38 JST 1998
* sys/netinet6/raw_ip6.c: setsockopt(IPV6_CHECSUM) sometimes caused
SEGV due to a bug in mbuf boundary checks. It is now fixed.
Thu Dec 24 03:11:19 JST 1998
* kit/ports/apache13: updated to use new patch.
(fixed args for freeaddrinfo())
Reported by:
Florent Parent <>
Andreas Wrede <>
Tue Dec 22 20:10:40 1998 Yoshinobu Inoue <>
* kit/src/faithd/tcp.c: Before terminating a relay process,
shutdown s_snd. This make opposite-direction relay process
to terminate also.
1998-12-22 JINMEI, Tatuya <>
* mld6.c (mld6_input): Fixed a problem that zero divide occurs
when receiving a MLD query with Maximum Response Delay smaller
than 200(including zero).
Thanks to Niels Baggesen <> for reporting the
problem and sending a patch.
1998-12-22 JINMEI, Tatuya <>
* ip6_output.c (ip6_setmoptions): For link-local multicast
detection, use IN6_IS_ADDR_MC_LINKLOCAL instead of
Thanks to: Tetsuya Isaki <>
1998-12-22 Atsushi Onoe <>
* kit/src/libinet6/rcmd.c: fix declaration of iruserok() for
Sat Dec 19 14:02:44 1998 Yoshinobu Inoue <>
* kit/src/faithd/faithd.c, tcp.c
do closelog() and (re)openlog() for child after fork.
check EINTR for select() and read().
Fri Dec 18 12:25:49 1998 Yoshinobu Inoue <>
* kit/src/faithd/tcp.c: BUG fix:
fixed select fds settting. add check of send result and retry.
clean-up'ed select routine.
(Thanks for jinmei-san for code review and comment, also thanks for
onoe-san for many background informations)
Thu Dec 17 00:26:18 1998 Yoshinobu Inoue <>
* kit/src/faithd/tcp.c: BUG fix; use global integer rcvon and
writeon, to control the set/unset of readfds for s_rcv and
writefds for s_snd in select();
Wed Dec 16 13:30:46 1998 Yoshinobu Inoue <>
* kit/src/faithd/faithd.c: BUG fix; give syslog() correct buffer
pointer. This fix the strange syslog() output problem on child
Wed Dec 16 12:48:53 1998 Yoshinobu Inoue <>
* kit/src/faithd/tcp.c
Fork in tcp_relay() for going relay traffic and coming relay traffic.
And in those each process, do non-blocking write() so that OOB data
can be forwarded preferrably.
1998-12-15 Atsushi Onoe <>
* kit/src/libinet6/rcmd.c, rresvport_af.c: add compatible wrapper
functions to avoid conflict of symbols.
1998-12-14 Atsushi Onoe <>
* kit/usr.bin/telnet/commands.c: support source route for IPv4
and IPv6 (@gw1@gw2@dest).
1998-12-11 JINMEI, Tatuya <>
* bgp.c (connect_process): modified some code fragments not to
call fatal even if {set,get}sockopt is failed. This is necessary
to interoperate with some(e.g. Cisco) implementations when the
peer is not listening to the BGP port.
1998-12-10 SUMIKAWA Munechika <>
* syncronized netinet6/* codes of three OSs as much as possible
Thu Dec 10 04:14:59 JST 1998
* sys/neitnet/
* sys/neitnet6/
changed IPPROTO_NONE as return value to IPPROTO_DONE.
and use IPPROTO_NONE only for protocl type value.
also, this fixes mbuf leak bug when received a packet with
1998-12-10 JINMEI, Tatuya <>
* src/bgpd: supported `next hop self' when sending a BGP4+ UPDATE
message to an IBGP peer.
1998-12-10 JINMEI, Tatuya <>
* src/bgpd/parse.c: changed restriction of using the `preference'
keyword for an EBGP peer only.
Sat Dec 5 04:53:05 JST 1998
* kit/src/racoon:
Soft lifetime is set to 80% of hard lifetime.
This rate can be defined which you like by calling
Fri Dec 4 02:26:13 JST 1998
* kit/src/racoon:
It's fixed to handle session for PF_KEY.
It's enable to display the entries on the negotiation of phase 2.
About address semantics for varius case is commented into isakmp.h.
Wed Dec 2 23:44:00 JST 1998
* sys/netinet6: (NetBSD) fixed odd behavior in ND6. Now ND6 works
properly as expected.
Wed Dec 2 13:17:21 JST 1998
* sys/netkey/key.c:
Fixed to hung up the kernel when running two of racoon.
Sat Nov 28 00:54:28 JST 1998
* kit/src/route6d: route tag support. route6d can advertise route tag
by "-t 0x1234". rip6query will show the advertised route tag,
if non-zero value is advertised.
Fri Nov 27 JST 1998
* kit/lib/libutil: (FreeBSD) logwtmp() which takes care of IPv6 address
that does not fit UT_HOSTSIZE. (not really tested)
This was intended to replace original shared library by new libutil
to override logwtmp() used by /usr/bin/login. However,
/usr/bin/login records username/hostname by itself. Therefore,
the attempt was failed.
Fri Nov 27 01:54:10 JST 1998
* kit/lib/libskey: (FreeBSD) S/Key library capable of handling
IPv6 hostnames listed in /etc/skey.access.
You can override standard /usr/lib/ by doing
"ldconfig -m /usr/local/v6/lib". By doing so /usr/bin/login
will be able to handle IPv6 hostnames without re-compilation.
To test this add the followin entry to /etc/skey.access and try
a telnet session to ::1.
permit internet ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
"prefixlen" syntax is added.
permit internet ::1/128
Thu Nov 26 10:15:35 JST 1998
- (FreeBSD) support IPv6 firewall
- kit/sbin/ip6fw: controll utility
Wed Nov 25 18:36:46 JST 1998
* kit/libexec/telnetd: perform setsockopt(IP_TOS) only if the perr
is IPv4 host.
Tue Nov 24 18:53:38 JST 1998
* kit/src/racoon:
A new Diffie-Hellman group as number 5 was supported.
Sat Nov 21 06:15:30 JST 1998
* sys/netinet6/icmp6.c: ICMP6 redirect processing was wrong.
routing table update event was not properly propagated toward
Sat Nov 21 03:55:17 JST 1998
* KAME IPv6 on NetBSD-pmax is now confirmed to work.
From: Feico Dillema <>
Date: Fri, 20 Nov 1998 16:53:41 +0100
Subject: (KAME-snap 210) Status Report KAME and NetBSD-1.3.2-pmax
Fri Nov 20 17:00:35 JST 1998
* sys/netinet6/nd6_rtr.c: Update prefix information option processing.
(experimental, FreeBSD/BSDI only)
Add more comments to RA processing code.
Separate prefix lifetime and address lifetime. Address lifetime
will be kept in struct in6_ifaddr. Implement "2 hour" rule for
address lifetime, which prevents DoS attack (hopefully).
TODO: on-link determination must be updated.
* kit/sbin/ifconfig: Add code to print out address lifetime.
It looks too noisy and commented out by default.
Thu Nov 19 23:28:43 JST 1998
* kit/etc/rc.net6: don't assign prefix if $prefix is null
Thu Nov 19 19:03:53 JST 1998
* sys/netinet6/nd6.h: removed reserved field of
the bit field, ndpr_stateflags, to also remove the necessity of
changing the size of reserved field at new bit member addition.
Wed Nov 18 20:48:07 JST 1998
- Header chain chasing support for tcpdump.
To use this, user must specify "ip protochain x" or
"ip6 protochain x".
Since BPF code for header chasing cannot be optimized and is a bit
slow, this is separate from "ip proto x".
For example, "ip6 protochain 6" should capture any IPv6 packet
with TCP header (TCP with AH, or TCP with hop-by-hop option,
can be captured).
Wed Nov 18 10:05:42 JST 1998
* kit/ports/lynx: fix security hole in "rlogin://" URL.
(obtained from bugtraq mailing list)
From: Artur Grabowski (art@STACKEN.KTH.SE)
Date: Tue, 17 Nov 1998 17:06:00 +0100
Wed Nov 18 04:00:32 JST 1998
* kit/src/rtsol/rtsol.c
make compilable on FreeBSD 3.0
1998-11-17 JINMEI, Tatuya <>
* src/pim6dd: added to support PIMv6 dense mode.
Pim6dd was based on pimdd developed at the University of Oregon.
Tue Nov 17 16:08:45 JST 1998
* kit/src/gifconfig/gifconfig.8
manual update for gif multi dest extensions contributed from
also descriptions about IPv6 support and enable switch of this
extension by link0 flag on/off is also added.
Tue Nov 17 14:57:51 JST 1998
* sys/net/if.c,if.h,if_gif.c,route.c,route.h,rtsock.c
* sys/netinet/in_gif.c,in_gif.h
* sys/neitnet6/in6_gif.c,in6_gif.h
* kit/sbin/route/route.8,route.c
merged gif multi dest extensions contributed from
IPv6 support and enable switch of this extension by link0 flag on/off
is also added.
Tue Nov 17 01:51:12 JST 1998
* kit/src/gifconfig.c:
support of printing physical IPv6 address value
Mon Nov 16 22:14:50 JST 1998
* sys/net/if_gif.c: Bug Fix
added SIOC{S,G}IF{PHY,PSRC,PDST}*_IN6 ioctls to enable gif
tunneling over IPv6.
Mon Nov 16 17:57:26 JST 1998
* kit/src/libinet6/rcmd.c: Update ahost (1st argument)
only if canonical hostname is available. This is to preserve
the original behavior.
Sat Nov 14 18:25:06 JST 1998
* kit/usr.bin/telnet/commands.c (FreeBSD/NetBSD): preserve original
- if the hostname to connect to is numeric, perform canonical name
lookup (look for PTR record, i.e. gethostbyaddr).
- if the hostname is non-numeric, do not perform canonical name
* kit/usr.bin/telnet/commands.c (BSDI): preserve original behavior.
- never perform canonical name lookup.
Fri Nov 13 01:36:57 JST 1998
* sys/crypto/sha1.c: fixed SHA-1 computation bug when the data source
is sized multiple of 64bytes. Thanks goes to Chris Winters
<> for detailed bug report!
Thu Nov 12 20:14:19 JST 1998
* sys/netinet6/in6.c: avoid hardcoding prefixlen == 64bit in
SIOC[ADG]LIFADDR processing.
bitwidth of interface id is always 64bit (defined in RFC2373),
but prefixlen may NOT be 64bit. RFC2373 allows non-RFC2374 address
encoding scheme. (see figure on page 8)
Thu Nov 12 19:53:34 JST 1998
* kit/src/rrenumd/rrenumd.c
"AE" options added for rrenumd authentication and
Thu Nov 12 16:13:53 JST 1998
* kit/src/{libpcap,tcpdump}: support IPv6 address in pcap expression.
tcpdump host ::1
tcpdump net 3ffe:0501::/32
TODO: libpcap now requires getaddrinfo() if --enable-ipv6 is specified.
configure should check the existence and use alternatives
(missing/getaddrinfo.c?) if none found.
TODO: "gateway" syntax is not working in --enable-ipv6 setting.
Wed Nov 12 11:43:54 JST 1998
* sys/net/if_dummy.c: correct if_type to IFT_DUMMY
Wed Nov 11 18:16:56 JST 1998
* sys/netinet/in.c: implement SIOC[ADG]LIFADDR.
Wed Nov 11 14:16:00 JST 1998
* kit/libexec/ftpd(FreeBSD): perform ioctl(IP_TOS) and
setsockopt(TCP_NOPUSH) to be performed only in IPv4 ftp connection.
login.cap is now supported (but never tested).
logwtmp() is fixed to log IPv6 numeric hostname as much as possible.
I dunno if it is right or not.
(previously logged as "invalid hostname")
Wed Nov 11 13:56:59 JST 1998
* kit/src/rtsol: use SIOC[ADG]LIFADDR when possible. this is mainly
for test purposes, but looks nice.
Wed Nov 11 12:02:10 JST 1998
* sys/netinet6/in6.c: support SIOC[ADG]LIFADDR for IPv6 address.
see ipngwg mailing list #6621 (October 10). IPv6 address support
will be added when IPv6 version is confirmed to be working right.
Tue Nov 10 16:23:50 JST 1998
* sys/netinet/ip_output.c: (FreeBSD) prevent ipfw code from SEGV.
NOTE: we are still wondering whether ipfw code works right with
KAME or not. Your inputs and bug reports would be really helpful.
Tue Nov 10 16:10:26 JST 1998
* kit/ports/ssh: update IPv6 patch to 1.4.
Tue Nov 10 12:31:53 JST 1998
* kit/src/racoon: eliminate u_int{8,16,32}. use u_int{8,16,32}_t for
better portability.
* kit/src/racoon: support lifetime type "kb". NOTE: no kernel support
for expiration yet.
Tue Nov 10 00:21:04 JST 1998
* sys/netinet6: accumulate bytes transferred over SA, so that we can
define lifetime by bytes (sadb_lifetime_bytes) in the future.
* kit/src/setkey: display bytes transferred over SA.
Mon Nov 9 15:51:28 JST 1998
* sys/netkey/key.c: pass FQDN and USERFQDN identity extension
on ACQUIRE message. we need to check if it is allowed to pass
multiple identity extension to userland (racoon dislikes this).
Mon Nov 9 15:10:16 JST 1998
* kit/src/setkey: changed the meaning of -h flag.
was: print usage and exit, now: display hexadecimal dump on -x.
Sat Nov 7 00:29:19 JST 1998
* kit/src/rrenumd/Makefile, lexer.l, rrenumd.8, rrenumd.conf.5
man update, and fixed lexer file to support comment in conf file.
1998-11-06 JINMEI, Tatuya <>
* src/bgpd/bgp_input.c (bgp_read): fixed a problem that bgpd
stopped when an ETIMEDOUT error occurred on a BGP socket.
Fri Nov 6 16:27:07 JST 1998
* sys/crypto/cast128/cast128.c: speed up by replacing core functions
by macros.
Message-Id: <>
Date: Sat, 31 Oct 1998 02:06:40 +0900
From: Tomomi Suzuki <>
Fri Nov 6 14:00:30 JST 1998
* sys/netinet6: ND6 cleanups.
- remove old lladdr caching code. utilize nd6_cache_lladdr.
- if we got RS/RA/NS/redir packet without lladdr, make an neighbor
cache entry with NOSTATE state (= considered PASSIVE).
- checked relationship between neighbor cache and defrouter list. it
seems fine (there will be no defrouter list without neighbor cache).
Thu Nov 5 JST 1998
* kit/src/route6d: ripng fix: update route lifetime only if the
advertisement is from same gw, with same metric. (see p13 of RFC2080)
Thanks to:
Thu Nov 5 21:14:01 JST 1998
* kit/src/libinet6/resolv/res_debug.c
Made this really compilable on FreeBSD 3.0.
Thu Nov 5 20:33:02 JST 1998
* kit/src/libinet6/ifname.c
* kit/src/libinet6/resolv/res_debug.c
* kit/src/ndp/ndp.c
* kit/src/prefix/prefix.c
Made compilable on FreeBSD 3.0.
Now prefix assignment seems to be successful.
Thu Nov 5 04:26:55 JST 1998
* sys/netinet6/in6_prefix.c
BUG FIX: fixed matched prefix length validity check to comply
with spec.
Thu Nov 5 02:59:55 JST 1998
* kit/src/Makefile
added rrenumd to SUBDIR.
Thu Nov 5 02:45:59 JST 1998
* kit/src/rrenumd/rrenumd.c, parser.y, lexer.l, Makefile, rrenumd.8
fixed bugs and now it seems to be sending valid rrenum msgs.
* kit/src/rtadvd/rrenum.c,rtadv.c
fixed bugs and now seems to be successfully renumbering when
received rrenum msgs from rrenumd.
* kit/src/prefix/prefix.c
changed default value of use_prefix length.
Wed Nov 4 23:41:05 JST 1998
* sys/netinet6/esp*: cleanup ESP pad length processing.
base spec requires 4n, cbc algorithms require 8n.
* sys/netinet6/ah_core.c: make sure to skip ifindex portion
in ip6 src/dst address.
Wed Nov 4 JST 1998
* kit/src/racoon: fix IPv6 ID payload.
* sys/netkey/key.c: changed internal structure for SA management.
SA will be held into per-state linked list, not per-protocol
linked list.
Wed Nov 4 00:29:02 JST 1998
* kit/src/tcpdump: try checking buggy implementation of CAST128.
SSLeay 0.9.0b has a bug in encryption round # on short keys -
rounds should be 12 for key <= 80bits.
Tue Nov 3 19:58:13 JST 1998
* sys/crypto/blowfish: fixed cbc mode processing. now it should be
interoperable with other implementations (need testing).
Mon Nov 2 01:02:30 JST 1998
* kit/ports/gated-ipv6: pathname of original distribution changed.
Mon Oct 31 JST 1998
* kit/src/racoon: AH algorithm must be determined by hash algorithm
type attribute, not the transform type.
* kit/src/racoon: sanity checker for config file improved.
* sys/netinet6/esp_output.c: fixed a serious bug in ESP tunnel output,
which mistakes policy determination and send packets in clear (simple
tunnel, not ESP tunnel) in some configuration.
* kit/src/tcpdump: ID payload now printed properly.
* kit/src/racoon: parser improvements. makefile improvements.
link print-isakmp.c from tcpdump so that packets can be monitored
after decryption, in debug mode.
Fri Oct 30 21:52:50 JST 1998
* sys/netinet6, kit/usr.bin/netstat: gather more stats on
IPsec operations.
Thu Oct 29 JST 1998
* kit/src/racoon: ignore notification payload on phase 1 negotiation
(responder-lifetime). this is necessary for interop with RedCreek
when responder-lifetime does not match.
* kit/src/racoon: compute long cipher key for phase 1 properly
(for example 3DES)
* kit/src/racoon: phase 2 quick mode: attach fake ID payload for
debugging (configurable)
* kit/src/racoon: ignore commit bit (we don't support this yet)
* kit/src/racoon: bug fix in DELETE payload processing.
TODO: handle it more properly, (i.e. remove SA if possible)
* kit/src/racoon: send and check Vendor ID. (does nothing tricky
at this moment)
* kit/src/racoon: phase 2 AH proposal must include authentication
method attribute. reject non-conforming proposal on config file,
and on the packet from the peer.
* kit/src/racoon: filter out phase 2 proposal that does not match
the SA type requested from the kernel. For example, AH proposals
will be filtered out when ESP SA is requested.
* kit/src/racoon: improve parser code.
Wed Oct 28 JST 1998
* kit/src/racoon: SA payload fixes. (1) SAi_b must be the whole
SA payload sent from the initiator. (2) responder must send the
selected proposal only, not the whole payload.
* kit/src/racoon: phase 2 PFS fix. config file format has changed.
one must specify PFS DH group in phase 2 configuration, not per-
transform configuration.
* kit/src/racoon: ESP with authentication is now supported.
generate longer KEYMAT for this.
* kit/src/racoon: improve warnings on ATTR payload format.
* kit/src/racoon: bark if there's no "remote anonymous" section.
* kit/src/tcpdump: isakmp and ipsec improvements.
Wed Oct 28 13:54:48 JST 1998
* kit/src/racoon: better PFS (Perfect Forward Secrecy) support.
RFC keyed MD5 support. ignore Vendor ID payload (we may check
content of Vendor ID payload in the future).
Tue Oct 27 23:28:45 GMT 1998
* kit/src/racoon:
In phase 1, using real address as ID payload,
if ID was not specified in config file.
Tue Oct 27 22:37:30 GMT 1998
* kit/src/racoon:
Applied t_id except hash_t when decision AH algorithm.
Wed Oct 28 07:05:57 JST 1998
* kit/src/setkey: support keyed SHA1.
* sys/netkey: add more information about supported algorithms into
* sys/netinet6: cleanup AH/ESP algorithm table. add key length
information into the table.
Tue Oct 27 22:06:26 GMT 1998
* kit/src/racoon:
Added Some comment about checking payload.
Implemented new SA payload parser.
Removed enc_t in ipsec_sa structure.
Supported to handle key length per algorithm.
Mon Oct 26 11:34:13 JST 1998
* sys/netinet6: IPv4 options processing. not tested.
I believe that it will not work if there's source route option,
since ip_dooptions() rewrites the ip header.
Sun Oct 25 15:21:37 JST 1998
* kit/src/rtsol: avoid kvm_read(). use ioctl() instead, to grab
interface information.
Sun Oct 25 JST 1998
* sys/netinet6: add more sanity checks in esp{4,6}_input() and
ah{4,6}_input(), to avoid panic in heavy ipsec sessions.
Sat Oct 24 03:02:43 JST 1998
Added parser to rrenumd. But not seems to be working yet.
Also man is not up to date.
Thu Oct 22 04:05:15 JST 1998
* sys/netkey, kit/src/racoon:
Fixed the behavior about ACQUIRE, GETSPI, UPDATE and ADD.
There were some mistakes. Changed that kernel doesn't make a entry
for acquiring when SADB_ACQUIRE.
Wed Oct 21 22:57:25 JST 1998
* made rfc AH work again.
* fix ipsec{4,6}_hdrsiz() (bug caused SEGV on AH tunnel case)
* wrap IF_ENQUEUE() by splimp()
Wed Oct 21 19:44:45 JST 1998
* midway.c(en ATM driver on FreeBSD/BSDI): fix transmit buffer
management. in specific condition driver stops xmit'ing.
Wed Oct 21 15:52:23 JST 1998
* kit/src/racoon:
Begin to handle Information Exchange. need more coding.
1998-10-21 JINMEI, Tatuya <>
* if_gif.c (gif_input): put incoming packets to a network layer
queue instead of directly calling an input function to prevent
too many recursive function calls.
Wed Oct 21 13:16:39 JST 1998
* kit/ports/gated-ipv6: port for famous routing daemon, GateDaemon IPv6.
Wed Oct 21 12:11:38 JST 1998
* kit/src/racoon:
changed the way to compute KEYMAT.
changed the handling SPI and KEYMAT in pfkey_update() and pfkey_add().
NOTE: When SA expire, racoon will be strange behavior. To be fixed.
Wed Oct 21 01:19:41 JST 1998
* sys/netinet6: Update AH tunnel authenticity checking code.
Consider outer IP header authentic (if it gets authenticated),
and assume nothing (no authenticity) to inner IP header.
* sys/netinet6: more IPsec statistics.
Tue Oct 20 16:47:00 JST 1998
* sys/netinet{,6}: make AH tunnel mode working for IPv4.
* sys/netinet6: more statistics for AH.
* sys/netinet6: better sanity checks for IPv4 AH/ESP tunnel.
Tue Oct 20 13:54:27 JST 1998
* sys/netinet6: make des-derived work. need interop tests.
Mon Oct 19 19:48:25 JST 1998
* remove unused code/defines in ipsec.
* log() fixes.
* mark des-derived not working by rejecting it in esp_descbc_mature().
(iv management is not right)
1998-10-19 JINMEI, Tatuya <>
* netstat/inet6.c (pim6_stats): added to print PIM for IPv6 statistics.
Mon Oct 19 17:39:48 JST 1998
* sys/netkey/key.c: variable "sab" was defined twice in key_checksab()
and it made all packets to be sent in clear. it is now fixed.
sorry for your troubles.
Sun Oct 18 JST 1998
* kit/src/tcpdump: add some code to dump isakmp packets,
on udp port 500. However, most part of the exchange is encrypted
(and that part cannot be decoded).
1998-10-17 JINMEI, Tatuya <>
* src/bgpd/bgp.c (bgp_process_update): Several bugs were fixed.
The bugs were mostly about BGP4+ route reflector.
Thu Oct 15 16:17:09 JST 1998
* sys/netinet6 and kit/usr.bin/netstat: added some ipsec statistics.
1998-10-14 JINMEI, Tatuya <>
* src/bgpd/dump.c: added to dump bgpd status to a file. The status
includes various information such as bgpd internal routing table
and BGP4+ per peer status. Please do not forget to execute the
configure command before compiling.
Man pages were also updated.
Sat Oct 14 18:31:25 JST 1998
* kit/etc/rc.net6
changed to use "prefix" command instead of "ifconfig" command
in router case.
Wed Oct 14 17:44:36 JST 1998
* kit/sys/netkey, kit/sys/net/rtsock.c: PF_KEY and PF_ROUTE sockets
are stabilized. it should work fine against severe tests.
location of splnet() was wrong.
Sat Oct 14 16:06:16 JST 1998
* kit/src/Makefile
added "prefix" command as to be installed by default.
Wed Oct 14 11:30:27 JST 1998
* kit/sys/netkey: properly handle IPv6 address passed by SADB_ACQUIRE.
* kit/src/racoon: IPv6 support. guess IPv6 stack type, socket/bind
to IPv6 unspecified addr, and so forth. need more confirmation on
Sat Oct 14 11:05:48 JST 1998
changed bit field structure member size from u_long to u_char,
because BSDI suppose the size differently between kernel
and userland.
And merged some diffs of in6_prefix.c between BSD variants.
now "prefix" command seems to work on BSDI.
Wed Oct 14 03:52:11 JST 1998
* kit/ports/apache13: Port for apache 1.3.3. For non-FreeBSD OSes,
IPv6 patch is available from
* kit/ports/apache12: renamed from kit/ports/apache (port for apache
1.2.6). 1.3.3 is highly recommended over 1.2.6.
Tue Oct 13 23:45:04 JST 1998
* kit/src/setkey: add -x option, which dumps all the message
transmitted to PF_KEY socket. (uses SADB_X_PROMISC).
Tue Oct 13 23:27:36 JST 1998
* sys/netkey: support SADB_X_PROMISC. maybe good for debuggin'.
Tue Oct 13 21:21:27 JST 1998
* kit/src/racoon: make racoon code free from CPU endian.
now racoon works on KAME on NetBSD/sparc too.
(namely, eay_bn2v() and eay_v2bn() are updated)
Tue Oct 13 15:35:16 JST 1998
* kit/src/racoon: be more strict about checking SSLeay's existence.
previously we checked md5.h, but some operating systems have md5.h
by default.
Tue Oct 13 14:22:32 JST 1998
* sys/netkey: Add splnet() to prevent race condition.
* sys/netkey/keysock.c: Changed the way sadb_msg is sent to userland.
PF_KEY defines three ways to send sadb_msg to userland:
(1) to requesting process only, (2) to all listening processes, and
(3) to all registered processes. The implementation now conforms
to this.
1998-10-12 Atsushi Onoe <>
* kit/src/libinet6/name6.c
use res_query() for reverse lookup instead of res_search().
allow IPv4-compat address for getipnodebyaddr(), do not perform
any query for "::" to conform bsd-api-new-02.
allow misalign address for getipnodebyaddr().
Sun Oct 11 23:31:35 JST 1998
* sys/net*: (NetBSD) IPsec is now working. Now we need to perform
bunch of tests...
Sun Oct 11 22:52:24 JST 1998
* sys/netinet6/{esp,ah}_core.c: bark if no secret key is specified
for esp/ah algorithms that require secret key.
Sat Oct 11 22:35:59 JST 1998
added several checking of missing args, and changed some default
Sun Oct 11 20:37:06 JST 1998
* kit/{sbin,usr.sbin}/sysctl and sys/netkey (NetBSD and BSDI):
add net.key.* sysctl MIBs. for FreeBSD we already got net.key.*.
Sat Oct 11 01:03:17 JST 1998
changed "panic" to "log(LOG_ERR...)" in bit_copy().
Sat Oct 11 00:42:15 JST 1998
update usage description of man and program.
Sun Oct 10 JST 1998
* sys/netinet6 and kit/sbin/ifconfig (NetBSD): fix ifconfig to
some extent, so that we can check status of if address flags (such as
"anycast"). there are some fixes necessary (ioctl API design issues).
Sat Oct 10 14:46:50 JST 1998
fixed usage description.
removed unused function.
Sat Oct 10 03:27:44 JST 1998
Made compilable on NetBSD
also, this command seems to work on NetBSD
Sat Oct 10 02:59:02 JST 1998
removed prefix related enhance(because they are moved to
new "prefix" command)
Sat Oct 10 02:42:00 JST 1998
Newly added these files.
Actually these are prefix related functions from
current KAME FreeBSD sbin/ifconfig.
Same functions in sbin/ifconfig will be removed.
Only working on FreeBSD now.
TODO: operational check on BSDI
compile check on NetBSD
complete man page
Sat Oct 10 01:54:58 JST 1998
Bug Fix:
change ">>" to ">>=". (discovered by itojun)
Fri Oct 9 21:48:19 JST 1998
enabled "-a" for prefix renumbering commands
print usage for prefix related commands
shorten long parameters.
Fri Oct 9 20:02:21 JST 1998
SIOCSGIFPREFIX_IN6, by ifconfig.
And fixed several kernel bugs discovered using those commands.
Now prefix renumbering by ifconfig seems to be working well.
1998/10/09 17:06:51 JST
i386/conf Makefile.i386
separated SYSTEM_LD macro into 2 case, where "-g" is defined and not.
1998/10/09 13:32:16 JST
i386/conf Makefile.i386
add "ulimit" to SYSTEM_LD macro, not only to SYSTEM_LD_TAIL macro.
Fri Oct 9 11:52:33 JST 1998
* kit/src/faithd: improve command/result parsing in ftp translation.
support EPSV ALL. reject PORT and PASV from client as it is bogus
for IPv6 ftp connection.
Thu Oct 8 21:09:30 JST 1998
* kit/src/faithd: redesign ftp.d completely, to make the translator
code more context-free. Also, EPSV/EPRT is supported.
TODO: utilize "EPSV ALL" for improved performance,
better error recovery
1998-10-08 JINMEI, Tatuya <>
* if_gif.c (gif_output): prevented infinite call of gif_output
by introducing a counter variable which is static in this
function. Note that this approach may introduce MUTEX problem
when using kernel thread.
Tue Oct 7 18:20:01 JST 1998
implemented following cmd in kernel.
TODO: enhance ifconfig and rrenumd to utilize these cmds,
and test kernel behavior
1998-10-07 JINMEI, Tatuya <>
* ip6_mroute.c: implemented kernel-level IPv6 multicast
forwarding. It can be compiled, but there have been no userland
routing daemon yet. So it will not effectively work for a while.
Wed Oct 7 13:04:01 JST 1998
* take care of IPsec tunnel in computing MTU and TCP MSS.
ipsec{4,6}_hdrsiz is defined for this.
{esp,ah}*_hdrsiz_* are deprecated.
Wed Oct 7 1998
* experimental ND6 code is enabled in KAME/BSDI and KAME/FreeBSD.
we are trying to figure out the following spec flaws:
- discovery-v2-03 talks almost nothing about how to manage neighbor
cache entry on reception of RA/RS/NS/redirect without link-layer
address option.
- IsRouter flag sometimes becomes out-of-sync, due to neighbor
cache expiration/creation rules.
we are still thinking about the spec, and changing nd6_cache_lladdr().
the experimental code works just fine so the change will not bite
Wed Oct 7 00:33:03 JST 1998
* kit/lib/libftpio: (FreeBSD only) Fixed IPv4 non-passive ftp.
(bind failed due to wrong argument)
Tue Oct 6 18:28:13 JST 1998
If a packet is to be forwarded over IPsec tunnel, and it couldn't
due to "too big and don't fragment", report the correct tunnel MTU
toward the originator.
tunnel MTU = if MTU - sizeof(IP header) - ESP/AH headers/paddings
To test this, you may need
sysctl -w net.inet.ipsec.dfbit=1
to set DF bit on the outer IP header.
Tue Oct 6 13:48:42 JST 1998
* sys/netinet6/ipsec.c: changed the way IPsec tunnel is created.
(see ipsec4_encapsulate() in sys/netinet6/ipsec.c)
* sys/netinet6/ipsec.c: define new sysctl MIB, net.inet.ipsec.dfbit,
to allow users to control DF bit treatment (copy/clear/set) on
ipsec tunnel encapsulation.
NOTE: this is per-host configuration, not a per-interface
configuration defined in draft-ietf-ipsec-arch-sec-07.txt.
Tue Oct 6 13:13:19 JST 1998
fix for rtr renumbering related structure's member name and
order change at ifconfig, rrenumd, rtadvd
maybe minimum implementation of router renumbering at rtadvd completed
Tue Oct 6 12:57:50 JST 1998
changed router renumbering related structure's member name and order.
added same interface check for SIOC*IFPREFIX_IN6 cmds.
added in6_rrenumreq structure for advanced ioctls for rtr renumbering
TODO: implement new SIOC*PREFIX_IN6 cmds in kernel
Mon Oct 5 17:20:13 JST 1998
* Eliminate clause 3 from our KAME copyright notice, as we've heard
that 4-clause BSD copyright irritates people very much.
Mon Oct 5 10:46:05 JST 1998
* kit/ports/sendmail6: make it buildable, by removing -I/usr/src/sys
from site.config-v6.kame.
1998/10/03 00:59:54 JST
ports/mozilla Makefile
ports/mozilla/files md5
Patch level up.
-IPv6 hostname with AAAA record,
or numarical IPv6 address escaped by [ ],
can be specified as proxy server.
-adopted __res_state structure change.
1998/10/02 23:54:27 JST
src/ndp ndp.c
netinet6 nd6.h nd6.c nd6_nbr.c
Added "ln_expire" to llinfo_nd6 structure, and "expire" to
in6_nbrinfo structure.
NDP use them for state transition and rt_expire is no more used.
Also, ndp command is changed to use ln_expire to display each