Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

463 lines (370 sloc) 19.083 kb
$KAME: CHANGELOG,v 1.2808 2005/10/17 14:40:02 suz Exp $
2005-10-17 SUZUKI, Shinsuke <>
* kame/kame/rtadvd/config.c, rtadvd.[ch]: not reinitialize
the host-variables in kernel to the ones at the start-up time,
since RA is a stateless autoconfiguration protocol.
Suggested by: Hideaki YOSHIFUJI
2005-10-15 SUZUKI, Shinsuke <>
* kame/sys/netinet6/mldv2.c: fixed a MLDv2-kernel crash when
an inappropriate address is given to IPV6_JOIN_GROUP API
2005-10-15 JINMEI, Tatuya <>
* raw_ip6.c (rip6_attach): caught failure of MALLOC for
icmp6_filter. The old code could dereference to a NULL pointer in
the failure case.
2005-10-08 SUZUKI, Shinsuke <>
* removed the following multicast-related programs, since they are
now maintained/developed/released in mcast-tools project.
pim6sd (including mtrace6) pim6dd mfc mcastsend mcastread pmsft
Tue Sep 20 14:09:07 JST 2005
stop installing libipsec. The main user of the library was
racoon, but racoon is not distributed from the KAME kit
(instead, it is provided from ipsec-tools with libipsec). We
don't have a strong reason to install the library now.
also, the basic functions of the libipsec are already being
provided from the base distributions of FreeBSD and NetBSD.
2005-09-16 SUZUKI, Shinsuke <>
* kame/kame/dhcp6:
- support compilation on linux
- dhcp6relay can listen to multiple interfaces
- dhcp6s ignores the received DHCP message unless it comes from the
listening interface
Contributed by: Francis Dupont
2005-09-15 JINMEI, Tatuya <>
* kame/kame/libinet6/getaddrinfo.c: removed IPPROTO_SCTP from the
explore array for SOCK_DGRAM, according to the usage described in
Also removed IPPROTO_DCCP entries altogether, since returning DCCP
addrinfo for SOCK_DGRAM has a bad effect on some existing UDP
applications. We'll need to revisit this once the DCCP API is
This change fixes the problem that name resolution performed in
the KAME snap resolver has been failing on FreeBSD 5.4R.
2005-09-14 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6_nbr.c (nd6_na_input): fixed incorrect
comparison introduced with cleanups on Aug 24th. This made NUD
unworkable, so all KAME snap kernels since then should be
Thu Aug 25 14:21:44 JST 2005
* kame/sys/net/pfkeyv2.h,kame/sys/netinet6/ipsec.c,
- added SADB_X_PACKET message type to deliver the information
of triggering packet of IKE negotiation when sending a
KEY_ACQUIRE message. This change should not cause any
binary compatibility issues, but if you found any, let us
Great thanks to Francis Dupont for this extension.
2005-08-10 SUZUKI, Shinsuke <>
* kame/sys/netinet6/ip6_mroute.c: fixed a kernel crash at the
start-up time of an IPv6 multicast program (pim6[sd]d, mfc)
2005-08-02 SUZUKI, Shinsuke <>
* freebsd5/sys/netinet/igmp.c: fixed a kernel crash due to a
IN_MULTI locking failure. supports IN_MULTI locking in igmpv3
2005-07-29 SUZUKI, Shinsuke <>
* freebsd5/*:
- introduced a fine-grain-locking for interface-address list and
in_multi list.
- use malloc() with M_NOWAIT when joining a multicast group in layer2,
drivers. Error handling routine is also added when malloc() fails.
This is to prevent unnecessary locking failure. (e.g. nd-proxy)
Obtained from: freebsd-net
ToDo: support it on IGMPv3
2005-07-26 SUZUKI, Shinsuke <>
* kame/sys/netinet6/{in6_msf.c, in6_var.c, mldv2.c, ip6_output.c}:
ports some MLDv1 enhancements into MLDv2.
- use callout timer mechanism for protocol timer
- impose a random delay (when necessary) according to rfc2462bis
2005-07-26 JINMEI, Tatuya <>
* kame/kame/route6d: route6d now does not care about the kernel
internal form for scoped addresses at all. In particular, it can
transparently specify the source of a RIPng response as a gateway
address through the routing socket.
2005-07-26 JINMEI, Tatuya <>
* netbsd/openbsd: applied the same changes for routing sockets as
those for FreeBSD (see the next entry).
2005-07-23 JINMEI, Tatuya <>
* freebsd5/sys/net/rtsock.c: added support for IPv6 scoped
addresses for routing sockets:
- route_output() now accepts IPv6 addresses with non-0
sin6_scope_id field and converts those into the kernel internal
- rt_msg[12]() recovers the embedded scope zone ID and set the
sin6_scope_id field appropriately.
* freebsd5/sbin/{ifconfig,route}: got rid of ugly (but still
incomplete) special cases for IPv6 link-local addresses thanks to
this change.
2005-07-22 SUZUKI, Shinsuke <>
* freebsd5/sys/fs/devfs/devfs_vnops.c:
FreeBSD Security Advisory FreeBSD-SA-05:17.devfs
2005-07-22 JINMEI, Tatuya <>
* kame/kame/dhcp6: fixed memory leak for renew/rebind event data.
(KAME PR 872 reported by Meng Huan Hsieh)
2005-07-22 JINMEI, Tatuya <>
* kame/sys/netinet6/in6_src.c: allowed an application to send a
packet to a scoped address without explicitly disambiguating the
scope zone but with specifying the outgoing interface. It's a bad
practice and should be discouraged, but such code has been spread,
2005-07-16 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6_output.c (ip6_output): do not send
ctlinput notification unconditionally when an outgoing packet is
larger than the link MTU. From FreeBSD.
2005-07-15 SUZUKI, Shinsuke <>
* kame/sys/netinet6/ah_aesxcbcmac.c: fixed an
interoperability problem in AES-XCBC-MAC96.
(encryption was always done with the same key)
Submitted from: Yukiyo Akisada <>
2005-07-14 SUZUKI, Shinsuke <>
* kame/kame/pim6sd/{cfparse.y, cftoken.l, pim6sd.conf.5,
routesock.c, routesock.h}: implemented a static MRIB
for RPF calculation.
Wed Jul 13 20:26:31 JST 2005
* kame/kame/ndp/ndp.c
fixed the proxy directive to work properly.
2005-07-04 SUZUKI, Shinsuke <>
* freebsd5/sys/netinet/ip_fw2.c
FreeBSD Security Advisory FreeBSD-SA-05:13.ipfw
* freebsd5/sys/netinet/{tcp_input.c, tcp_var.h}:
FreeBSD Security Advisory FreeBSD-SA-05:15.tcp
2005-06-22 JINMEI, Tatuya <>
* freebsd5/sys/netinet6/in6_pcb.c (init_sin6): corrected argument
to sa6_recoverscope(). The previous code since June 17th's change
could modify invalid memory space (while the possibility should be
very rare) so upgrading is necessary.
2005-06-20 NISHIDA, Yoshifumi <>
* kame/sys/netinet/dccp.h kame/sys/netinet/dccp_tcplike.c
kame/sys/netinet/dccp_tcplike.h kame/sys/netinet/dccp_usrreq.c
kame/sys/netinet/dccp_var.h kame/sys/netinet6/dccp6_usrreq.c:
preliminary update to conform to the draft-ietf-dccp-spec-11.txt
2005-06-20 Tsuyoshi MOMOSE <>
* kame/sys/netinet6/nd6.c: Units of comparison to determine default
router expiration are mismateched. This problem was reported and
modified by Alan Chang <>.
2005-06-17 JINMEI, Tatuya <>
* kame/sys/netinet6/in6_ifattach.c (in6_ifattach): do not
auto-configure link-local addresses on loopback or PPP interfaces.
The latter is based on a comment from Francis Dupont.
2005-06-17 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_need_cache): perform NUD on PPP
2005-06-17 JINMEI, Tatuya <>
* {kame,*bsd}/sys/(various files): revised scope-related
interfaces, clarifying the relationship between the
kernel-internal form and the public sockaddr_in6 form. Details
are described in kame/IMPLEMENTATION. External behavior basically
should not change, although several bugs in minor cases were also
fixed with the clarification. Some scope-related functions were
2005-06-08 SUZUKI, Shinsuke <>
* kame/sys/netinet6/nd6.c: fixed a bug that some of the subcommands
in 'ndp -i ..' command does not work (e.g. accept_rtadv, nud)
2005-06-06 SUZUKI, Shinsuke <>
* freebsd5/sys/netinet6/mldv2.c: send a Multicast-Listener-Done
message when stop listening to a group.
(this fix is necessary if MLDv2 is enabled in kernel and
net.inet6.icmp6.mld_version is set to 1)
Wed May 25 12:20:25 JST 2005
* kame/kame/shisa: now shisa daemons uses configuration files
instead of command line options. please check sample
configuratoin files located in the shisa directory.
2005-05-21 JINMEI, Tatuya <>
* kame/sys/netinet6/in6.c (in6_if2idlen): supported IFT_PPP.
2005-05-19 SUZUKI, Shinsuke <>
* (freebsd5|netbsd)/sys/sys/sockio.h: assign the same ioctl number
to MSF-API-related ioctls among all *BSDs (to keep binary
compatibilities as much as possible)
2005-05-14 JINMEI, Tatuya <>
* kame/kame/libinet6/getaddrinfo.c (matchlen): corrected a wrong
cast from sockaddr_in to sockaddr_in6.
2005-05-13 SUZUKI, Shinsuke <>
* freebsd5: sync with 5.4-RELEASE (it includes a fix for
the FreeBSD Security Advisory FreeBSD-SA-05:06-09)
2005-05-03 JINMEI, Tatuya <>
* kame/kame/dhcp6/dhcp6c_ia.c (ia_timo): kept the latest server's
DUID even in the REBIND state in case of sending a Release message
in that state.
2005-05-03 JINMEI, Tatuya <>
* kame/kame/dhcp6/cfparse.y: corrected "address parameters" so
that we don't have to specify the meaningless (but mandatory)
prefix length in the context of IA_NA.
2005-05-03 JINMEI, Tatuya <>
* kame/kame/dhcp6/config.c (configure_commit): made sure that
interface parameters are initialized with the default values even
if the interface is not explicitly configured in the configuration
file. This particularly made sure that the preference option is
not included unless explicitly specified. A memory leakage for
the client when specifying a script file was also fixed.
2005-04-29 JINMEI, Tatuya <>
* kame/kame/dhcp6/dhcp6c.c (client6_mainloop): corrected error
handling for select(2) in order to avoid unexpected blocking when
receiving a signal.
Thu Apr 28 16:12:38 JST 2005
* freebsd[45]/usr.sbin/Makefile,netbsd/usr.sbin/Makefile:
racoon was removed from the make list.
2005-04-28 SUZUKI, Shinsuke <>
* freebsd5/sbin/ip6fw: stop including ip6fw in SNAP, since FreeBSD's
ip6fw is enough (KAME's ip6fw does not have any function different
from ip6fw)
2005-04-27 JINMEI, Tatuya <>
* kame/sys/netinet6/in6.c (in6_update_ifa): always updated
ia6_updatetime regardless of whether the address is created or
updated. This is necessary so that the expiration times will be
updated correctly when the lifetiems of an existing address are
modified by hand or by a process such as a DHCPv6 client.
2005-04-26 JINMEI, Tatuya <>
* kame/kame/dhcp6/addrconf.c (na_ifaddrconf): corrected lifetime
arguments to ifaddrconf().
2005-04-23 SUZUKI, Shinsuke <>
* kame/sys/netinet6/in6_rmx.c, in6_ifattach.c: fixed a kernel crash
by a lock-order-reversal in freebsd5
2005-04-20 SUZUKI, Shinsuke <>
* freebsd5/sys/net/if.c: FreeBSD Security Advisory
2005-04-19 SUZUKI, Shinsuke <>
* *bsd/sys/netinet/igmp.c, igmp_var.h, in.[ch], ip_output.c,
IGMPv3 treats 224.0.0.x(x!=1) as a normal IPv4 multicast address,
as specified in RFC3766.
* openbsd/sys/netinet/in.c, in_var.h, ip_output.c,
* netbsd/sys/netinet/igmp.c, igmp_var.h, in.c, in_pcb.c, in_var.h,
ip_output.c: reflect the following MLDv2 changes into the
NetBSD/OpenBSD's IGMPv3 implementation.
- fixs a kernel crash by an IGMPv3 Query (2005-01-01)
- retransmits IGMPv3 report RobustnessVariable times (2004-12-31)
- corrects an IGMP-query handling when MaxResponseCode=0 (2004-12-27)
- introduces a sysctl option to force IGMP version (2004-07-09)
- renames IGMPv3-ready in_multi{} manipulation functions (2004-02-05)
* freebsd5/sys/netinet/igmp.c: fixed a kernel crash by an IGMP packet
(a bug introduced in the change at 2005-04-14)
2005-04-18 SUZUKI, Shinsuke <>
* freebsd5/sys/netinet/igmp.c, in.c, ip_output.c,
kame/sys/netinet/in_msf.c: fixed the byte order of an IPv4 address
for IN_XXX macros (freebsd-only)
2005-04-14 SUZUKI, Shinsuke <>
* kame/sys/netinet/in_msf.c freebsd5/contrib/pf/net/if_pfsync.c,
freebsd5/sys/netinet/igmp.c, igmp_var.h, in.c, in_pcb.c, in_var.h,
ip_output.c: reflect the following MLDv2 changes into the FreeBSD5's
IGMPv3 implementation.
- fixs a kernel crash by an IGMPv3 Query (2005-01-01)
- retransmits IGMPv3 report RobustnessVariable times (2004-12-31)
- corrects an IGMP-query handling when MaxResponseCode=0 (2004-12-27)
- introduces a sysctl option to force IGMP version (2004-07-09)
- renames IGMPv3-ready in_multi{} manipulation functions (2004-02-05)
* freebsd5/sys/netinet/ip_output.c: specifies spl()s as done in
original FreeBSD5
* kame/*: remove freebsd[234]-specific code, since they are no longer
supported in KAME-SNAP
2005-04-05 SUZUKI, Shinsuke <>
* freebsd5/sys/ufs/ffs/ffs_inode.c: FreeBSD Security Advisory
2005-04-04 SUZUKI, Shinsuke <>
* kame/sys/netinet6/nd6.c: when the number of the packets queued in
a NDP cache exceed the limit, discard the oldest packet,
as specified in RFC2461 7.2.2.
2005-04-01 SUZUKI, Shinsuke <>
* kame/sys/netinet/icmp6.h, kame/sys/netinet6/icmp6.c, nd6.c: limits
the number of unresolved packets stored in a NDP cache.
(To prevent a DoS attack using 2005-01-21's change)
2005-04-01 SUZUKI, Shinsuke <>
* kame/kame/rtadvd/config.c, rtadvd.[ch]: reflect router-variables
in RA configuration into host-variables in kernel.
2005-03-30 JINMEI, Tatuya <>
* kame/kame/dhcp6/addrconf.c (update_address): make sure that
the lifetimes of addresses are updated when the client receives a
Reply in response to Renew or Rebind.
2005-03-23 SUZUKI, Shinsuke <>
* kame/sys/net/if_ist.c: added a sanity check for the IPv4 address
embedded in the configured IPv6 address
2005-03-18 SUZUKI, Shinsuke <>
* kame/sys/netinet6/in6.c, in6_var.h, in6_proto.c, ip6_input.c,
ip6_mroute.c: added a knob to enable path MTU discovery for
multicast packets. (by default, it is disabled)
2005-03-14 SUZUKI, Shinsuke <>
* kame/sys/netinet6/ip6_output.c: fixed a kernel crash due to a LOR
by a multicast-group join without specifying any receiving interface.
2005-03-14 SUZUKI, Shinsuke <>
* kame/sys/netinet6/in6.c, in6_var.h, nd6.c: introduced an ioctl option
to configure IPv6 host variables from userland. (intented for a use
on router to reflect RA parameter to kernel)
* kame/kame/ndp/ndp.c: added a knob to kick this ioctl.
2005-03-08 SUZUKI, Shinsuke <>
* freebsd5/sys/kern/uipc_socket.c, freebsd5/sys/kern/uipc_syscalls.c,
makes SCTP compilable on FreeBSD5
Tue Mar 8 05:31:52 JST 2005
* kame/kame/racoon/isakmp.c:
one of buffer overrun problem was fixed. from ipsec-tools team.
Mon Mar 6 2005
* kame/sys/netinet{,6}/sctp*: new patch from randall
2005-03-02 SUZUKI, Shinsuke <>
* kame/kame/dhcp6/dhcp6.c: fixed a DHCPv6-client
initialization failure when a node has no IPv6 global address.
2005-03-02 SUZUKI, Shinsuke <>
* kame/kame/dhcp6/dhcp6relay.[c8]: supports multiple client-side
2005-03-02 SUZUKI, Shinsuke <>
* kame/sys/netinet6/ip6_output.c: fixed a freebsd5 kernel crash when
WITNESS debug option is enabled
2005-03-01 ryuji <>
* "mdd" is replaced by "babymdd". please see man page for details.
2005-03-01 SUZUKI, Shinsuke <>
* integrated dhcp6lc functionality into dhcp6c ('i' option)
2005-02-28 Tsuyoshi MOMOSE <>
* kame/sys/net/mipsock.c, kame/kame/shisad/mnd.c: Fixed word alignment
2005-02-22 SUZUKI, Shinsuke <>
* kame/sys/net/pf.c, freebsd5/sys/contrib/pf/net/pf.c: fixed a bug that
PF discards every packet with option headers.
Reported by: Stig Venaas
2005-02-22 SUZUKI, Shinsuke <>
* kame/sys/netinet6/ip6_input.c: fixed PF malfunction for inbound
IPv6 traffic on freebsd5.
2005-02-15 JINMEI, Tatuya <>
* kame/sys/netinet6/ipsec.c: (ipsec[46]_in_reject): fixed
unexpected panic on freebsd5.
Mon Feb 7 12:02:16 JST 2005
* freebsd4: Upgrade to 4.11-RELEASE
2005-01-31 Tsuyoshi MOMOSE <>
* kame/sys/netinet6/mip6.c: stop proxy ND on a home agent when
the home agent daemon was terminated.
This problem was found by Christian Vogt<>.
* kame/sys/netinet6/nd6.h: fixed an IPv6 packet output failure
when an ICMPv6 Redirect message announces that the destination
is onlink in prior to the packet output.
* kame/sys/netinet6/{nd6.c, nd6_nbr.c}: fixed a loss of fragmented
packets when the corresponding NDP state is not resolved.
* kame/sys/netinet6/icmp6.c: ignores ICMPv6 code field in case of
ICMPv6 Packet-Too-Big.
* kame/sys/netinet6/ip6_output: fixed a path MTU discovery failure
on FreeBSD5.
* kame/sys/netinet6/icmp6.c: fixed an ICMPv6 Redirect message corruption
* kame/kame/dhcp6: implemented stateful non-temporary address
* kame/sys/netkey/key.c: fixed an unexpected addr/port matching failure
in SA management.
* kame/sys/netinet6/{udp6_var.h, udp6_usrreq.c}: fixed a NetBSD
kernel crash by referring to an uninitialized variable.
Wed Jan 5 07:58:00 UTC 2005
* switch NetBSD base version to 2.0. todo: dccp, sctp, pf, altq
* kame/sys/netinet6/mldv2.c: fixed a kernel crash by an MLDv2
Query (Multicast Address and Source Specific Query).
Jump to Line
Something went wrong with that request. Please try again.