-
Notifications
You must be signed in to change notification settings - Fork 22
/
CHANGELOG
2569 lines (2153 loc) · 112 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit
$KAME: CHANGELOG,v 1.1907 2001/10/11 12:59:52 keiichi Exp $
<200110>
Thu Oct 11 21:57:50 JST 2001 keiichi@iij.ad.jp
mip6
* fix BU list management function.
* introduce MIP6_ALLOW_COA_FALLBACK kernel option.
this allows you to use a coa as a src address if the peer
doesn't recognize a home address destination option.
may arouse a mip6 believe's anger, but very useful.
Wed Oct 10 17:38:05 JST 2001 sakane@kame.net
* kame/kame/racoon:
Fixed racoon crash when uni-directional policy is defined.
racoon negoticate two SAs even in the case of the uni-directional
policy.
Wed Oct 10 04:52:54 JST 2001 itojun@iijlab.net
* bsdi4: use PULLDOWN_TEST (m_pulldown) codepath. improves conformance
when ipv6 extension headers are present.
Wed Oct 10 10:27:24 JST 2001 itojun@iijlab.net
* netbsd/sys/netinet/raw_ip.c: fix a typo which could lead to kernel
panic when ICMPv4 is returned against raw ip socket.
reported by kato@wide
2001-10-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd/rtadvd.c (find_prefix, prefix_match): corrected
prefix calculation:
- avoid invalid pointer access when bytelen is a multiple of 8
- avoid using the right shift operator to make the code look safer
2001-10-09 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd/config.c (getconfig): made configuration parser
compatible with FreeBSD 4.4-RELEASE, in terms of the route
information option:
- allowed rtrXXX instead of rtXXX.
- made route lifetime optional.
In any case, some warning messages are printed as well, so that the
user can notice the change and fix the configuration.
Tue Oct 9 08:43:04 JST 2001 sakane@kame.net
* kame/kame/racoon/schedule.c:
the entry of the schedule is marked with dead before the function in
the entry will be called. some schedules, check_rtsock(),
check_flushsa_stub, woulbe be remained in the schulder even after they
were excuted. sched_scrub_param() is unnecessary probably anymore.
2001-10-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/contrib/bind/src/lib/irs/dns_ho.c (add_hostent):
calculated alignment correctly. Without this fix, gethostbyname()
would not work correctly when the function handles more than one
address.
This is a back merge of a fix from bsdi to BSD/OS 4.3 (beta).
2001-10-02 suz@sdl.hitachi.co.jp
* freebsd4/lib/libinet6/Makefile
- "options insecure1" is available on FreeBSD4-KAME, too.
(you have to rebuild applications to enjoy this feature)
2001-10-01 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/kame/{natptconfig,natptlog}:
- Add contents of manual page.
- Separate contents of configuration file as natpt.conf.5.
<200109>
2001-09-26 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_ifattach.c (in6_ifattach): calls
nd6_ifattach() before creating addresses. This is necessary
because an MLD packet may be sent during the creation procedure,
in which a valid nd_ifinfo entry can be referred to.
Wed Sep 26 14:30:46 JST 2001 sakane@kame.net
* kame/kame/racoon:
new directive "verify_identifier has been added. it can be strict
to check the identifier in the ID payload transmitted by the peer.
the default is off.
Wed Sep 26 00:01:08 JST 2001 sakane@kame.net
* kame/sys/netkey/key.c:
* kame/kame/setkey:
the syntax how to define a policy of a ICMPv6 type and/or a code
has been changed. the previous modification at Fri Sep 21 broke
a backward compatibility, and had no sense. when the policy doesn't
require IPsec for an inbound Neighbor Solicitation with any source
/destination address, the specification is the following;
spdadd ::/0 ::/0 icmp6 135,0 -P out none;
2001-09-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/addrselect/: a tool to configure the policy table (see
below). This program is also an experimental stuff.
2001-09-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c: implemented the policy table for
source address selection, according to
draft-ietf-ipngwg-default-addr-select-05.
The policy table can be configured via the sysctl(3) interface
(except for FreeBSD, at this moment). This implementation is
still experimental, and might be changed in the near future.
2001-09-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (fill_[dp]rlist): added as shared
subroutines for nd6_sysctl_[dp]rlist (for FreeBSD) and nd6_sysctl
(for other *BSDs), in order to centralize the complicated logic.
2001-09-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (defrouter_select): removed the
default route if there was neither a default router nor the
default interface.
2001-09-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c (in6_selectroute): made sure to fill
in retifp and retrt, regardless of the return value. Without this
change, the kernel could panic, since ip6_output() refers to the
returned ifp even in error cases.
All versions of the kernel after the 20010730 snap should be
upgraded to fix this problem.
2001-09-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/(various files): fixed integer overflow for
valid and preferred lifetimes;
- introduced new members in nd_prefix{} and in6_ifaddr{} to record
the timestamp of the latest update
- check expiration based on the difference between the current
time and the timestamp, not on the explicit expiration times
Fri Sep 21 14:19:02 JST 2001 sakane@kame.net
* kame/sys/netinet6/ipsec.c:
When the value of the upper layer of the security policy index (spidx)
structure is ICMPv6, the port field in "src" of the spidx means ICMPv6
type, and the port field in "dst" of the spidx specifies ICMPv6 code.
For example, the following means the policy doesn't require IPsec for
an inbound Neighbor Solicitation.
spdadd ::/0[135] ::/0 icmp6 -P in none;
2001-09-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (prelist_update): corrected the
definition of "storedlifetime" (used in the two-hour rule) for an
address that has an infinite lifetime. Without this special
case, the lifetime of such an address would unintentionally be
decreased.
2001-09-19 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/v6test/: added some tiny improvements/corrections:
- added missing NTOHS
- corrected checksum calculation for packets with routing headers
- made the checksum calculation routine against invalid packets
The fist two were based on comments from Yutaka Shimizu
<jacky@open.tjsys.co.jp>.
2001-09-19 Shin'ichi Fujisawa <fujisawa@kame.net>
* freebsd4/sys/netinet/udp_usrreq.c:
- Remove 'static' attribute from variable "udpcksum".
* kame/kame/sys/netinet6/natpt_trans.c:
- Examine net.inet.udp.checksum when making UDP packet.
* kame/sys/netinet6/natpt_{defs.h,{dispatch,trans,tslot}.c}:
- traceroute6 works. I forgot to review it.
Wed Sep 19 19:06:06 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_{in,out}put.c: make IPV6_TCLASS socket option to
take int, not u_int8_t. follows the latest 2292bis draft.
(backward binary compatibility is provided for bsdi43)
Thu Sep 20 01:00:08 JST 2001 sakane@kame.net
* kame/kame/rtsold:
improved the -a option. it can probe a interface automatically when
the interface wake up. it can be started anytime even when there is no
network interface on the list of intarfaces in the kernel.
2001-09-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/libinet6/resolv/res_send.c (res_send):
* bsdi4/contrib/bind/src/lib/resolv/res_send.c (res_nsend):
if a UDP response from a "wrong" server is truncated (and if we
allow to accept such responses), fall back to TCP with the "wrong"
address, in order to avoid connecting to an anycast address.
2001-09-16 suz@sdl.hitachi.co.jp
* kame/kame/v6test/testcap.[ch](tgetnum), getconfig.c: fixed a
bug that you sometimes cannot specify a value if its MSB is on.
* kame/kame/v6test/cksum.c(cksum6), v6test.c(main), v6test.1:
added an option not to generate checksum automatically.
2001-09-15 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/v6test/getconfig.c (make_rthdr): fixed routing header
generation.
2001-09-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/usr.bin/telnet/commands.c (tn): made it sure to terminate
the loop of connection attempt correctly, based on a comment from
murakami@pana.net.
2001-09-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_timer): before calling
icmp6_error(), embedded scope zone ID (if necessary) for the
erroneous packet.
Thu Sep 13 08:15:21 JST 2001 sakane@kame.net
* kame/sys/netkey/key.c:
newer SA is prefered for a out-bound packet than old one
when net.key.prefered_oldsa is set to zero.
Thu Sep 13 08:12:46 JST 2001 sakane@kame.net
* kame/sys/netinet6/ipsec.c:
fixed to process a IPv6 packet when ah transport after esp tunnel
should be applied. the SA of AH transport could not be selected
from the SAD because of this bug.
Wed Sep 12 16:19:42 JST 2001 sakane@kame.net
* kame/racoon/proposal.c:
fixed to compare pfs values in two proposals in the case of
"claim" mode. reported by <vanhu@free.fr>
2001-09-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/scope6.c (in6_addr2zoneid): changed the return
value type from u_int32_t to int64_t, so that the caller can tell
an error from valid "4+28" ID values. All the callers of this
function were also modified accordingly, with stricter validation
checks.
2001-09-03 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_{rule.h,trans.c,var.h}:
- Support tftp translation. Tftp6 client can connect to tftp4
server.
2001-09-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/udp6_output.c (udp6_output): (bsdi4 and
netbsd) when sending IPv4 packets represented as IPv4-mapped IPv6
address, passed socket option to ip_output() so that the function
would handle broadcasted packet correctly. For bsdi4, also merged
all-ones broadcast cases from udp_usrreq.c.
2001-09-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions): checked if
each cmsghdr pointer had enough size to store the structure.
This could be a security fix, but I think the current code is
practically safe enough. That is, we do not have to be in a harry
to merge this fix to *BSDs.
2001-09-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* *bsd/sys/sys/socket.h (CMSG_FIRSTHDR): checked msg_controllen
in CMSG_FIRSTHDR as described in RFC2292, particularly in case
that the kernel returns an empty list for some reasons.
(based on a note from David Borman <dab@bsdi.com>)
2001-09-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/contrib/bind/src/lib/resolv/res_send.c (res_nsend):
* kame/kame/libinet6/resolv/res_send.c (res_send):
when "insecure1" is specified, do not connect datagram sockets,
so that the kernel can accept responses from an "unknown" server.
2001-09-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_input.c (ip6_sysctl): (bsdi4 only) made
net.inet[6].ip6.v6only modifiable.
Wed Sep 5 12:05:14 JST 2001 itojun@iijlab.net
* faithd: change the default directory for daemons and configuration
files. was: /usr/local/v6/{libexec,etc}, now: /usr/libexec and /etc.
2001-09-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/in_pcb.c (in_pcballoc): when
net.inet[6].ip6.v6only is 1, set IN6P_IPV6_V6ONLY (which
corresponds to the IPV6_V6ONLY socket option) for all sockets at
socket(2).
Tue Sep 4 01:32:49 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd4/usr.sbin/ppp: import IPv6 supporting PPP from
FreeBSD-current.
2001-09-03 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_*.[ch]:
* freebsd4/usr.sbin/{natptconfig,natptd,natptlog}:
KAME NAT-PT (kernel and user command) code was completely renewed.
Major changes are as follows.
- Changed a coding style to "bsd" (described in IMPLEMENTATION,
chapter 8).
- Does not depend on interface.
'interface' directive was removed in configuration rule, and no
inbound/outbound distinction in each rule.
- Changed a syntax of configuration command (natptconfig) related to
the item mentioned above. The syntax does not change greatly, it
became simpler.
- Use TAILQ (defined in /usr/include/sys/queue.h) instead of my
original list handle routines.
- Removed natptd user command.
Because the facility that natptd aimed is the same as totd.
2001-09-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi[34]/sys/sys/mbuf.h (MFREE): corrected the point of calling
splmem_fast(), so that the lock would not be freed
unintentionally. A busy kernel, such as the one processing IPsec,
could panic without this fix, so all bsdi users are recommended to
apply this fix.
The fix is a back port from BSD/OS 4.3 beta.
<200108>
2001-08-31 SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
* pim6sd/pim6_proto.c (parse_pim6_hello): strengthens length check for
Hello packet. Without this fix, pim6sd may crash if it receives a
Hello packet with a too short Hello option.
2001-08-31 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/{in6.c in6_ifattach.c, nd6_rtr.c}: revised the
support of the privacy extension of stateless address
configuration, based on draft-ietf-ipngwg-temp-addresses-v2-00.
See Section 8. of the document to see feature changes.
* kame/sys/netinet6/in6_var.h: added a new member "ia6_createtime"
to the in6_ifaddr structure with the change above, in order to
record the time of creation of an address. This member is set for
all addresses, but is only referred for temporary addresses.
2001-08-30 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/tcp_input.c (tcp_rtlookup): always used
rtcalloc() so that both active and passive connections would make
cloned host routes. The previous code, which called rtalloc(),
should not have severe bad effects, but using rtcalloc() is more
suitable to bsdi's logic.
2001-08-28 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/ndp/ndp.c (ifinfo):
- printed the values of ND6_IFF_ACCEPT_RTADV and
ND6_IFF_PREFER_SOURCE by 'ndp -i IF'
- allowed a user to specify the flag bits by
'ndp -i IF [-]accept_rtadv' or
'ndp -i IF [-] prefer_source', respectively.
2001-08-28 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.h:
* kame/sys/netinet6/in6_src.c (in6_selectsrc):
introduced a new flag bit "ND6_IFF_PREFER_SOURCE" in the nd_ifinfo
structure, in order to specify "preferred" interfaces for source
address selection.
2001-08-28 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.[ch]:
* kame/sys/netinet6/nd6_rtr.c (nd6_ra_input):
introduced a new flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo
structure, in order to control whether to accept RAs per-interface
basis. The kernel now accepts RAs only when
net.inet6.ip6.accept_rtadv is 1 and the flag is on the receiving
interface. The new stuff does not change the old default
behavior.
2001-08-28 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c (in6_selectsrc): corrected a
condition on temporary addresses.
2001-08-22 kjc@csl.sony.co.jp
* bsdi4/sys/net/if.h:
add ALTQ-compat queue macros to bsdi4 in order to
reduce "#ifdef ALTQ". (in paticular, sys/net/if_gif.c)
(the commit mail didn't go out due to a permission problem in
the repository.)
2001-08-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c (in6_selectsrc): changed the number
of longest matching rule in source address selection from 8 to 14,
so that it is easy to assign smaller numbers to more preferred
rules. Additionally, a new rule to prefer addresses on alive
(i.e. IFF_UP) interfaces, based on a suggestion from
kato@wide.ad.jp.
*bsd/netstat were also changed accordingly.
Fri Aug 17 05:24:45 JST 2001 itojun@iijlab.net
* kame/setkey/parse.y: handle FQDN address in SPD/SAD configurations.
when an FQDN resolves into multiple addresses, setkey(8) will
install SPD/SAD entries for all possible combinations.
inspired by Solaris IPsec stack.
2001-08-16 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/usr.sbin/netstat/stats_inet6.h:
* {freebsd4,netbsd}/usr.bin/netstat/inet6.c (ip6_stats):
printed statistics about the source address selection rules.
(experimental. we may have to reconsider the way to print the
stat.)
2001-08-16 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c (in6_selectsrc): implemented the
source address selection algorithm based on
draft-ietf-ipngwg-default-addr-select-05. With this change, the
older backend function, in6_ifawithscope(), to choose a source
address was removed. Also,
- added statistics array to ip6stat to see which rule is applied
in the algorithm.
- added a new sysctl variable "net.inet6.ip6.prefer_tempaddr" to
reverse the rule about temporary addresses.
2001-08-15 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/scope6.c (in6_addrscope): treat the loopback
address as global, because there is no ambiguity about scoping.
Otherwise, we'd see ::1%ID (ID != 0) via scope6_addr2default(),
which would rather has bad effects.
Note: I'm still not sure if this change is really safe. We should
take care of the new behavior.
2001-08-14 Keiichi SHIMA <keiichi@iij.ad.jp>
* add a home agents list timeout routine.
* add some init functions.
Tue Aug 14 15:01:57 JST 2001 suz@sdl.hitachi.co.jp
* kame/pim6sd: explicitly assigns NULL to pointers in newly-
malloced structures if there's no specific pointer to be assigned.
Tue Aug 14 05:20:23 JST 2001 itojun@iijlab.net
* sys/netkey/key.c: drop support for byte lifetime. byte lifetime
is define in a very vague manner, and it can lead to unsynchronized
SAs (= dangling SA left behind) with packet losses, byte count
mismatches and other causes. kernel returns EINVAL if non-zero
byte lifetime is specified on ADD/UPDATE.
Mon Aug 13 22:03:28 JST 2001 sakane@kame.net
* kame/racoon:
supported MODP 2048, 3072, 4096 and 8192-bit.
these are described in draft-ietf-ipsec-ike-modp-groups-01.txt
2001-08-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_setpktoption): newly added,
in order to centralize the routine for handling outgoing packet
options both as socket options and as ancillary data.
It also introduced additional data validation. For example,
IPV6_USE_MIN_MTU is not allowed in the context of RFC2292 (i.e. by
the IPV6_PKTOPTIONS.)
2001-08-09, Keiichi SHIMA <keiichi@iij.ad.jp>
* add a relay routine for an icmp against an encaplulated packet.
not tested.
* free mbuf in case error in the functions that has an mbuf pointer
in its argument list.
Thu Aug 9 09:37:44 BST 2001 suz@sdl.hitachi.co.jp
* kame/kame/pim6sd: s/vifi_t/mifi_t/ to sync with kernel implementation
of IPv6 multicast interface.
2001-08-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_pcbopt, ip6_setpktoptions):
for the IPV6_NEXTHOP ancillary data/socket option, set
sin6_scope_id to 0 in non-SCOPEDROUTING cases, so that the kernel
can make a neighbor cache for the specified nexthop with a scoped
address.
Tue Aug 7 23:30:59 JST 2001 sakane@kame.net
* kame/racoon:
RFC2407 4.6.3.3 says that INITIAL-CONTACT is the notify message that
announces the peer the sender of the message was rebooted.
previous interpretation in racoon was to delete all SAs which
source address is the sender of the message.
with the change, racoon only deletes SA which matches BOTH the
source address and the destination accress in the notify message.
Tue Aug 7 09:42:23 JST 2001 itojun@iijlab.net
* libinet6/getrrsetbyname.c: libc implementation of getrrsetbyname(3).
useful for racoon(8) cert-on-DNS handling. from openbsd.
Mon Aug 6 21:18:58 BST 2001 suz@sdl.hitachi.co.jp
* kame/kame/v6test/getconfig.c: you can build up a packet from
multiple raw-data entries.
Sun Aug 5 14:00:04 JST 2001 itojun@iijlab.net
* sys/netinet6/ipsec.c: improve cached ipsec policy lookup on connected
SOCK_STREAM PCBs.
2001-08-03 Keiichi SHIMA <keiichi@iij.ad.jp>
add mobileip source code.
currently, many parts of spec are not implemented yet. even
uncompilable under other than freebsd4 now. also very
unstable. of course, without MIP6 kernel option, there is no
problem. all mip6 related code is separated by ifdef MIP6.
this integration is just for KAME mip6 developper's
convinience. the purpose of this early integration is to
decrease the maintenance cost to synchronize KAME main tree
and developping mip6 tree. after this merge, mip6 code
modifications are reflected directly to KAME code.
i will make these codes compilable on the other OSes as soon
as possible.
2001-08-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/advapitest/sender.c (main): added a new option '-n
nexthop' to test IPV6_NEXTHOP.
2001-08-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/{ip6_output.c, in6_src.c}: supported
the IPV6_NEXTHOP ancillary data / socket option.
At this moment, the next hop should be an AF_INET6 socket address.
2001-08-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_is_addr_neighbor): check on-link
prefixes (not addresses) to see if a given address is a neighbor
in a given link.
<200107>
Tue Jul 31 22:54:57 JST 2001 suz@sdl.hitachi.co.jp
* kame/kame/pim6sd/cfparse.y: command-line debug-option works now.
Tue Jul 31 sakane@kame.net
* kame/racoon:
the phase1 deletion should be postponed until there is no phase2.
this was probably made a consensus at vpn bakeoff on Oct, 1998.
2001-07-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/(several files): several improvements on the
IPv6 output routine:
- added a seprate function in6_selectroute() to centralize the
route and outgoing interface selection algorithm
- call in6_selectroute() from in6_selectsrc() and ip6_output(), and
use same codebase for both unicast and multicast packets as much
as possible
- added stricter (and thorough) scope checks for outgoing packets
(e.g. this check would prevent a packet generated by
'ping6 -S ::1 fe80::1%ne0' from being sent)
- renamed in6_addr2scopeid() to in6_addr2zoneid() to be more intuitive
in terms of the scope architecture
- made in6_addr2zoneid take care of the loopback address
- set the tentative flag before joinging multicast addresses, so
that the corresponding MLD packet would not have a tentative
source address
2001-07-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_nbr.c (nd6_ns_output):
* kame/sys/netinet6/nd6_nbr.c (nd6_na_output):
* kame/sys/netinet6/icmp6.c (icmp6_redirect_output):
do not pass a pointer to a pointer to ifnet to ip6_output() for
counting statistics, use the interface on which the ND process is
involved instead.
2001-07-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/mld6.c (mld6_input): allowed MLD messages to
have the unspecified address as source.
* kame/sys/netinet6/mld6.c (mld6_sendpkt): use the unspecified
address when there is no valid link-local address available.
Fri Jul 27 17:39:24 JST 2001 itojun@iijlab.net
* sys/net/if_sec.c: "sec*" pseudo device for decapsulating IPsec
tunnel packets. if we have the device, we depart from RFC2401
tunnelling model (where IPsec tunnels are defined within IPsec
document) to draft-touch-ipsec-vpn-01.txt model on inbound.
all IPsec tunnel-mode SPD entries will automagically be accompanied
with a sec* device. refer to IMPLEMENTATION for more details.
Fri Jul 27 12:49:47 JST 2001 itojun@iijlab.net
* sys/netinet6/ipsec.c: cache ipsec policy on pcbs, try to avoid
per-packet SPD lookup. idea from thorpej
2001-07-27 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/net/if_loop.c (looutput): set M_LOOP for IPv6 packets.
Thu Jul 26 23:13:06 JST 2001 itojun@iijlab.net
* mdnsd: IPv4 support. PR 370 from assar@assaris.sics.se
Thu Jul 26 02:12:04 JST 2001 itojun@iijlab.net
* *bsd*/sys/netinet*/in*_pcb.c: call ipsec_init_policy() from
within in*_pcballoc(), not from PRU_ATTACH logic. it is to make
the allocation of ipsec policy struct prior to making inpcb available
to the world (don't show incomplete inpcb to others).
can lead to panic(), as reported on stable@freebsd.
Wed Jul 25 18:15:37 JST 2001 suz@sdl.hitachi.co.jp
* kame/sys/netinet6/udp6_output.c, freebsd4/sys/netinet6/udp_usrreq.c:
rejects IPv6 packet toward IPv4-mapped address if its source
address is not an IPv4-mapped IPv6 address, since the
converted IPv4 packets would have an unexpected IPv4 source
address.
(TCP6 might have the same bug)
Wed Jul 25 15:33:06 JST 2001 itojun@iijlab.net
* netbsd/sys/net/route.c: do not fill rmx_mtu too much on RTM_ADD/
RTM_RESOLVE. this was merged by mistake during past kame work.
2001-07-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/(various files): correctly supported
interface-local multicast:
- install ff01::%ifname/32 when first configuring an interface.
- changed the source address selection for ff01::xxxx.
- changed the outgoing interface selection for ff01::xxxx.
- prohibit packets towards ff01::xxx from being sent on the wire.
- reject packets towards ff01::xxxx from the wire.
Wed Jul 25 11:52:34 JST 2001 itojun@iijlab.net
* sys/netinet/if_gif.c: use encap_attach(), instead of
encap_attach_func(). enables us to use radix address match in
ip_encap.c.
Wed Jul 25 03:51:34 JST 2001 itojun@iijlab.net
* sys/netinet/ip_encap.c: use radix table lookup for entries registered
through encap_attach() API (address pairs). still not sure if it
gives us any performance improvement, but should be much better
when you have thoudsands of gif interfaces.
2001-07-24 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_control): in the SIOCDIFADDR_IN6
case, if the corresponding prefix can be removed, just call
prelist_remove(), not changing the expire value.
Tue Jul 24 17:54:10 JST 2001 itojun@iijlab.net
* sys/netinet6/in6_prefix.c: RIP.
2001-07-24 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/ping6/ping6.c: use bind(2) to specify the source
address with the -S option. (Unfortunately) IPV6_PKTINFO is not a
good idea, because it cannot handle scoped addresses very well.
2001-07-24 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/raw_ip6.c (rip6_usrreq):
* freebsd4/sys/netinet6/raw_ip6.c (rip6_bind):
* freebsd4/sys/netinet6/raw_ip6.c (rip6_connect):
supported the scoped address format in bind(2) and connect(2) for
raw socket. The former case is essential; bind(2) for a scoped
address would not success without this fix.
Tue Jul 24 03:54:24 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6.c: repair ndp -R.
* ndp: do not print uninitialized interface on ndp -i.
Mon Jul 23 15:10:08 JST 2001 itojun@iijlab.net
* sys/netinet6/in6.c: now ff01::/16 prefix means "interface local
multicast", not "node local multicast". therefore, we now
join ff01::1 in per-interface basis. buggy.
* *bsd*/usr.*/netstat/route.c: decode embedded scope identifier for
ff01::/16. NOTE: we still are using IN6_IS_ADDR_MC_NODELOCAL macro,
as there's no "interface local" macro defined in 2553bis-03.
Mon Jul 23 00:28:05 JST 2001 itojun@iijlab.net
* sys/net/radix_mpath.c: (netbsd, RADIX_MPATH) reject RTM_ADD of
conflicting entries, where all key/mask/gw are the same.
Sun Jul 22 11:07:17 JST 2001 itojun@iijlab.net
* netbsd/sys/netinet/in.c: improve IFA_ROUTE management, to make sure
multiple interface addresses with the same prefix (10.0.0.1/24 and
10.0.0.2/24) works right. i bothered as it is mandatory with
RADIX_MPATH environment, and netbsd-current is moving toward this
direction. netbsd only.
- on interface address addition, check if there's the same prefix
already installed, and if so, don't install another one
- on removal, check if there's other interface address which has the
same prefix, and if so, move IFA_ROUTE to him
Sat Jul 21 13:30:21 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6_rtr.c: simplify default router list manipulation.
try to install multiple default routes into routing table, if
there are multiple RA sources (routers).
Sat Jul 21 03:35:20 JST 2001 itojun@iijlab.net
* *bsd*/sys/net/route.c: make equal() more pickier about sa_len,
to avoid possible data buffer overrun.
* netbsd/sys/net/radix.c: multipath support in radix routing table.
experimental, netbsd only. see 7.2 of IMPLEMENTATION.
Fri Jul 20 14:20:51 JST 2001 itojun@iijlab.net
* nodeinfod: a daemon that responds to node information queries.
we are wondering if it is a good idea to migrate to a userland
implementation, for complicated query type handling (like node
addresses, FQDN response with DNS encoding, NI group address,
and such). we still find ping6 -w responses quite useful and
would like to keep it in the kernel (so that every node responds to).
or should we implement CDP? :-) experimental.
2001-07-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/libinet6/getaddrinfo.c (getaddrinfo): enabled
destination address reordering (that I introduced on July 3) by
default, and removed the environment variable knob.
2001-07-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c (nd6_free): if the reason for the
deletion is just garbage collection, and the neighbor is an active
default router, do not delete it. Instead, reset the GC timer
using the router's lifetime. Simply deleting the entry would
affect default router selection, which is not necessarily a good
thing, especially when we're using router preference values.
2001-07-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (pfxlist_onlink_check): mark
(autoconfigured) prefixes that do not have a reachable router when
we have at least one default router (as well as the former
condition).
This change would help the case that we've moved to a new link where
we have a router that does not provide prefixes and we configure
an address by hand.
2001-07-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/contrib/bind/src/lib/resolv/res_init.c (res_setoptions):
applied the fix below.
Wed Jul 18 18:06:25 JST 2001 itojun@iijlab.net
* libinet6/resolv/res_init.c: by putting "insecure1" or "insecure2"
into /etc/resolv.conf "options" line, you can control the
RES_INSECURE[12] settings in _res.options.
2001-07-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_createmkludge): was newly added
to allocate space for the kludge at interface initialization time.
Formerly, we dynamically allocated the space in in6_savemkludge()
with malloc(M_WAITOK). However, it was wrong since the function
could be called under an interrupt context (software timer on
address lifetime expiration).
Although this function is a global one, it is expected to be
called only from in6_ifattach().
Tue Jul 17 10:58:21 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd4/sys/kern/kern_exec.c: applied the patch of 'FreeBSD
Security Advisory FreeBSD-SA-01:42.signal'
2001-07-16 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_dispatch.c (configCv4, configCv6):
- configCv4() and configCv6() returns real payload number or
IPPROTO_IP. Packet passes to the next process when value of
IPPROTO_IP was returned.
2001-07-15 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_{dispatch.c,var.h}
- Separate natpt_pyldaddr() from foundFinalPayload(). This
routine finds ICMP/TCP/UDP payload from IPv6 header chain
and returns it's address.
* kame/sys/netinet6/natpt_trans.c
- translate ICMPv6 Error Messages into ICMPv4.
2001-07-15 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_update_ifa): do not call malloc
with M_WAITOK, since in6_update_ifa() can be called under an
interrupt context.
Based on a FreeBSD PR 28927 from Garrett Wollman
<wollman@lcs.mit.edu> via ume.
Sun Jul 15 00:01:44 JST 2001 sakane@kame.net
* kame/racoon:
the time of execution of several cipher function and the taking time
of each phase can be logged when ENABLE_STATS is defined.
these messages are passed to syslogd as LOG_NOTICE.
2001-07-12 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_{rule,tslot}.c
- You can connect from outside (IPv4 world) to inside (IPv6
world), The following connection is possible.
o inbound from 10.0.69.67
to 3ffe:501:41c:6000:2a0:24ff:fe95:a4a6
o inbound from any4 port 65303
to 3ffe:501:41c:6000:2a0:24ff:fe95:a4a6 port 23
This facility did not work for a bug until now.
Wed Jul 11 17:55:33 JST 2001 suz@sdl.hitachi.co.jp
* kame/kame/pim6sd: added SSM (Source-Specific-Multicast) mode
for SSM prefix (ff20::/12 and ff30::/12).
from Mickael Hoerdt <hoerdt@clarinet.u-strasbg.fr>.
+ supports MLDv2 as well as MLDv1 (cfparse.y, cftoken.l,
mld6*.[ch], timer.c, vif.[ch])
+ uses SPT for multicast address in SSM range
(inet6.[ch], mrt.c, pim6*.[ch], route.c)
* kame/sys/netinet/icmp6.h: added ICMPv6 code for MLDv2 Report
temporarily.
* kame/kame/pim6sd/BUGS.V6
- write down ToDos suggested in the above patch.
Tue Jul 10 15:34:09 JST 2001 itojun@iijlab.net
* netbsd: switch to NetBSD-1.5.1 from NetBSD-1.5.
Tue Jul 10 15:34:09 JST 2001 yu-inoue@jp.fujitsu.com
* freebsd4/sys/netinet in.c in_pcb.c in_pcb.h
* freebsd4/sys/netinet6 in6_pcb.c in6_pcb.h
* kame/sys/netinet6 in6_ifattach.c
- "When remove a network card, freebsd4 can crash" bug fixed.
When remove interface, release multicast group on interface.
IPv4
if_detach() -> in_control() -> in_pcbpurgeif0()
IPv6
if_detach() -> in6_ifdetach() -> in6_pcbpurgeif0()
Mon Jul 9 23:01:10 JST 2001 sakane@kame.net
* kame/racoon:
- print all of rejected attributes in phase 1 proposal when no suitable
proposal are found. suggested by <mcr@sandelman.ottawa.on.ca>
- fixed not to increment the transform number in phase 1 proposal.
it was degraded.
Fri Jul 6 19:52:59 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet6/ip6_fw.c: fragmented packets processing logic
was wrong. reviewd by: ume
Fri Jul 6 15:17:25 JST 2001 itojun@iijlab.net
* netbsd/sys/sys/systm.h: declare ovbcopy() for better code sharing.
Fri Jul 6 14:37:30 JST 2001 suz@sdl.hitachi.co.jp
* freebsd4/usr.bin/v6test: added v6test to FreeBSD4-KAME
Fri Jul 6 08:33:30 JST 2001 itojun@iijlab.net
* sys/netinet/ip6.h: IP6_EXTHRD_GET0() did not check the mbuf length,
when off == 0. noone was using this macro.
2001-07-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/net/if_tun.c (tunifioctl): returned EAFNOSUPPORT if
the SIOCSIFADDR command is issued for an unsupported address
family (i.e. all AFs except AF_INET). This helps the IPv6 layer
detect the unavailability of the interface before going further on
initialization, and, as a result, suppress unexpected warning
messages.
Wed Jul 4 16:02:26 JST 2001 itojun@iijlab.net
* openbsd/usr.sbin/inetd/inetd.c: correct UDP source address checks.
2.9 code did not check it for IPv6 traffic. sync with openbsd.
2001-07-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/libinet6/getaddrinfo.c: when the GAI_USE_ORDERING
environment variable is set, reorder the chain that getaddrinfo(3)
would return, based on the logic described in
draft-ietf-ipngwg-default-addr-select. With this extension,
things would be happier when
+ the underlying kernel supports IPv6,
+ "the default interface" is specified by the "ndp -I" command,
+ there is no router around the node,
+ the destination node has both AAAA (or A6) and A resource
records, and
+ the application just tries to connect to all the entries that
getaddrinfo(3) returns.
XXX: items to be considered:
- some of the logic is not implemented.
- this routine opens a socket to get the corresponding source
address for each destination candidate. This might cause
performance effect.
2001-07-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/in_proto.c (inetsw[]): corrected the sysctl
callback function for net.inet.ip6.XXX names (from icmp6_sysctl to
ip6_sysctl).
Mon Jul 2 20:06:28 JST 2001 itojun@iijlab.net
* sys/netinet6/in6.c: record multicast groups joined from within the
kernel, into struct in6_ifaddr. leave from these groups accordingly
on removal of interface addresses.
* (netbsd) sys/netinet6/in6_pcb.c: remove multicast group information
from pcb, in the early stage of interface removal processing, in
in6_pcbpurgeif0(). without this change kernel may panic on pcmcia
card removal. notified by jinmei.
<200106>
2001-06-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_forward.c (ip6_forward): do not drop the
packet (nor send an icmp6 error) on a "p2p redirect" case, unless
the packet's destination address is regarded as on-link. With
this check, we can distinguish a routing loop from a packet sent to
a nonexistent address. For the former case, we'd rather let the
packet go to the loop, and detect the loop by traceroute.
Clarification based on a recent discussion about the p2p-pingpong
draft.
Thu Jun 28 21:56:12 JST 2001 sakane@kame.net
* kame/libipsec/pfkey.c:
Fixed to calculate the length of the sadb extension in the function
pfkey_send_x5(). Calling pfkey_send_spddelete2() and
pfkey_send_spdget() had a problem. reported by <R.P.Koster@kpn.com>
Thu Jun 28 15:12:09 JST 2001 sakane@kame.net
* sys/netkey/key.c:
the behavior of SPDUPDATE has been changed. the kernel always add
a new policy in the case of SPDUPDATE. when there is a policy to be
updated, the kernel will move the state of the policy to be dead, and
then will add new policy. hence, SPDUPDATE doesn't depend on whether
there is a SP or not.
Thu Jun 28 10:23:01 JST 2001 itojun@iijlab.net
* netbsd/sys/netinet/udp_usrreq.c: correct UDP over IPv6 reception
when the packet is destined to a linklocal address.
Thu Jun 28 02:33:07 JST 2001 itojun@iijlab.net
* sys/netinet6/nd6.c: refresh default router list on nd6_detach(),
only if we are an autoconfigured host. bug was that, we will lose
default route on "ifconfig gif0 destroy" even if default is not
pointing to gif0. reported by ume@mahoroba.org.
Thu Jun 28 02:35:18 JST 2001 sakane@kame.net
* kame/racoon:
- fixed to set the inbound policy in the case of "generate_policy".
- supported sadb_x_spdexpire().
above two things are from <lab@gta.com>.
Thu Jun 28 02:33:32 JST 2001 sakane@kame.net
* kame/setkey:
enabled to use a service name as a port number.
but these operation should use getaddrinfo().
Wed Jun 27 22:10:43 JST 2001 sakane@kame.net
* sys/netkey/key.c:
* kame/libipsec/pfkey_dump.c:
the lifetime information of the SP entry will send to the userland
from the kernel through pfkey when of spddump. And they can be
displayed by setkey -DP.
Wed Jun 27 19:47:19 JST 2001 sakane@kame.net
* sys/net/pfkeyv2.h:
* sys/netkey/key.c,key_debug.c:
* kame/libipsec/pfkey_dump.c:
* kame/setkey/scriptdump.pl:
printed current sequence number of the SA. accordingly, changed
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Wed Jun 27 14:35:00 JST 2001 itojun@iijlab.net
* openbsd/sys/netinet/tcp_input.c: make faithd work on openbsd.
OpenBSD 2.9 has been working okay, this is KAME/openbsd29 issue.
Mon Jun 25 16:15:06 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet6/ip6_fw.c: use syslog(3) interface for logging
from kuriyama@FreeBSD.org
Sat Jun 23 10:55:46 JST 2001 itojun@iijlab.net
* kame/mdnsd: with -N flag, mdnsd will lookup name-to-address mapping
using ICMPv6 node information query. experimental.
Sat Jun 23 03:10:50 JST 2001 itojun@iijlab.net
* sys/netinet6/ip6_output.c: disallow setsockopt(IPV6_V6ONLY)
for sockets that are already bound. per discussions on ipngwg
mailing list.
2001-06-21 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_dispatch.c (foundFinalPayload):
- Fix a bug that offset of the payload is calculated
incorrectly. Apply a patch from <ubj@verkstad.net>.
2001-06-21 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (icmp6_reflect): removed ifdef'ed
blocks to keep an older rule about the size of icmp6 echo replies
specified in rfc 1885, in order to make the code simpler.
The history about the behavior was described as a comment just
before the function definition.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/advapitest/sender.c:
* kame/kame/ping6/ping6.c:
removed IPV6_USE_MTU related parts.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/(several files): removed IPV6_USE_MTU related
parts. It was introduced as an experimental workaround on
2000-11-28 (see CHANGELOG.2000), but we've found we do not need
this stuff through further discussion (and implementation changes
on the path MTU discovery procedure).
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/icmp6.c (icmp6_reflect): set IPV6_MINMTU to
avoid path MTU discovery for reflected packets.
This might be controversial, but I believe this makes sense.
2001-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd4/sys/netinet/tcp_subr.c (tcp_rtlookup):
* freebsd4/sys/netinet/tcp_subr.c (tcp_rtlookup6):
made sure to use the correct sa_len for rtalloc(). sizeof(ro_dst)
is not necessarily the correct one, especially in NEW_STRUCT_ROUTE
cases for IPv6.
The previous code could turn the path MTU discovery off as a bad
effect. If you define NEW_STRUCT_ROUTE in a KAME snap
(note that GENERIC.KAME defines this option), be sure to update
the kernel.
Wed Jun 20 14:33:28 2001 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* kame/sys/netinet6/{in6_var.h,in6.c,natpt_rule.c,nd6_rtr.c}:
remove in6_len2mask(). this fucnction is duplicated with
in6_prefixlen2mask().
Tue Jun 19 16:33:40 JST 2001 itojun@iijlab.net
* bsdi4/sys/netinet/tcp_input.c: make faithd work on bsdi4.
reported by jinmei
2001-06-18 Shin'ichi Fujisawa <fujisawa@kame.net>
* kame/sys/netinet6/natpt_trans.c (translatingICMPv4To6):
- Hop limit of translated IPv6 packet uses ttl of original
IPv4 packet, so that a hop limit is decremented in
ip6_forward().
* kame/sys/netinet6/natpt_trans.c (tr_icmp4MimicPayload):
- Correct UDP port number stored in ICMP_UNREACH packet
returned from IPv4 network. It was not enough in the change
that I put in 09 Jun 2001.
Now, KAME NAT-PT can process traceroute6 from IPv6 host to
IPv4 host.
Mon Jun 18 16:59:35 JST 2001 itojun@iijlab.net
* sys/netinet6/icmp6.c: on icmp6 node information query (FQDN),
do not respond with hostnames with two dots (like "foo..bar").
0-length labels are not distinguishable with multiple name replies.
yoshfuji@usagi
2001-06-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (in6_tmpifadd): called
pfxlist_onlink_check() at the end of this function, to make sure
a temporary address generated from a detached public one also
detached. This is redundant when the temporary address is
generated when creating a new public address, but is essential
when the address is generated due to deprecation of an old
temporary address.
2001-06-17 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c: re-enabled clarification on the
dependency between the 1st dst opt header and the routing header,
based on rfc2292bis-02.