Fetching contributors…
Cannot retrieve contributors at this time
4781 lines (3896 sloc) 199 KB
CHANGELOG for KAME kit, 1999
$KAME: CHANGELOG.1999,v 1.4 2001/07/21 06:06:13 itojun Exp $
Fri Dec ?? JST 1999
* renamed "ptr" related files from "ptr_xx.c" to "natpt_xx.c".
you may need to run "make TARGET=netbsd clean prepare" before
rebuilding on your existing tree.
at least, "make install-includes" on freebsd2 may fail if you have
dangling symbolic links.
Fri Dec 31 13:21:58 JST 1999
* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.0.
Wed Dec 29 16:09:41 JST 1999
* generated first kame/bsdi4 snapshot, for BSDI BSD/OS 4.1.
Will be generated regularly. see bsdi4/TODO for twists and issues.
Tue Dec 28 16:11:42 JST 1999
* openbsd/sys/igmp.c, kame/sys/in_gif.c: remove kame patches that
does not fit openbsd well. openbsd ip_input() uses different args
from other kame/*BSD so live with that (for ipsec?).
This should fix behavior of gif tunnel. Before the fix gif tunnel
would fail to capture any IPv6-over-IPv4 packets.
Tue Dec 28 14:24:08 1999 SUMIKAWA Munechika <>
* freebsd3/ports/sendmail.beta: add sendmail 8.10.0beta10.
Tue Dec 28 13:55:57 1999 SUMIKAWA Munechika <>
* freebsd3/ports/*: sync with ports-current.
Tue Dec 28 JST 1999
* freebsd2/ports/sendmail.beta, netbsd/pkgsrc/mail/sendmail.beta:
upgrade to sendmail 8.10.0beta10.
Tue Dec 28 05:35:02 1999 SUMIKAWA Munechika <>
* freebsd3/ports/ja-mnews: add IPv6-ready port directory for
version 1.22.
Tue Dec 28 05:19:33 1999 SUMIKAWA Munechika <>
* freebsd3/ports/fetchmail: Upgrade to 5.2.1.
Mon Dec 27 22:03:26 1999 SUMIKAWA Munechika <>
* freebsd3/{include, etc, lib, libexec, sbin, usr.bin, usr.sbin}:
sync with FreeBSD 3.4-RELEASE
Mon Dec 27 21:34:51 1999 SUMIKAWA Munechika <>
* freebsd3/ports/ethereal: removed ethreal port. It's already
standardly disutributed by ports-current.
* freebsd3/ports: bump the version of shared libraries for sync
with FreeBSD-3.4.
Mon Dec 27 20:34:20 1999 SUMIKAWA Munechika <>
* freebsd3/sys: sync with FreeBSD 3.4-RELEASE. zp0 works
correctly, and ep0/cnw0 also work with PAO. However, many
applications are based on FreeBSD-3.3 yet.
Mon Dec 27 16:33:20 JST 1999
* freebsd2/ports/mnews: add IPv6-ready port directory for version 1.22.
note that this configuration is Japanese-message enabled version;
you may find the default configuration annoying...
Mon Dec 27 11:15:26 1999 SUMIKAWA Munechika <>
* freebsd3/ports/python: Upgrade to 1.5.2.
Mon Dec 27 03:42:38 1999 SUMIKAWA Munechika <>
* {bsdi3,freebsd2}/sys/netinet/udp_usrreq.c: fix data corruption
when multiple listening socket exists for udp multicast.
Mon Dec 27 00:37:04 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/emacs20: upgrade to 20.5.
Sat Dec 25 23:00:09 JST 1999
* freebsd2/usr.bin/fetch: apply y2k patch. this should be okay to
apply it as freebsd228 is not maintained by freebsd project any more.
From: Hideaki YOSHIFUJI <>
* freebsd[23]/ports/inn: use latest v6 patch.
From: Satosi KOBAYASI <>
1999-12-24 JINMEI, Tatuya <>
* kame/kame/ping6/ping6.c (main): restricted the -l (preload)
option to a privileged user.
Fri Dec 24 02:21:30 JST 1999
* implement 2292bis IPV6_REACHCONF (trivial).
1999-12-23 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_free): call pfctlinput with
PRC_HOSTDEAD in order to remove all cached routes to the
unreachable neighbor.
* kame/sys/netinet6/in6_pcb.c (in6_pcbnotify): call in6_rtchange
upon PRC_HOSTDEAD as well.
1999-12-23 JINMEI, Tatuya <>
* kame/sys/netinet6/tcp6_subr.c (tcp6_ctlinput):
* kame/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
* freebsd3/sys/netinet/tcp_subr.c (tcp6_ctlinput):
* netbsd/sys/netinet/tcp_subr.c (tcp6_ctlinput):
prevented these functions from referring to a dangling pointers
to an mbuf or rcvif.
1999-12-23 JINMEI, Tatuya <>
* kame/kame/ping6/ping6.c: when the -v option is given, recevied
HbH/Dst options headers and routing headers are printed using
1999-12-23 JINMEI, Tatuya <>
* kame/kame/libinet6/{ip6opt.c, rthdr.c}: some new library
functions were added according to rfc2292bis-01.
See TODO.2292bis for the current status of the implementation.
Wed Dec 22 21:37:07 JST 1999
* freebsd[23]/ports/inn: upgrade to 2.2.2 (not tested by KAME team).
From: Satosi KOBAYASI <>
Wed Dec 22 17:52:14 JST 1999
* kame/sys/netinet6:
Alart when sequence number cycles.
If cyclic sequence number is NOT allowed, sender doesn't send any
packet with auditing. Receiver discard packet with counting ipsecstat.
Wed Dec 22 17:42:43 JST 1999
* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.2.1.
Wed Dec 22 17:16:21 JST 1999
* kame/kame/setkey:
By default of manual keying, cyclic sequence number is allowed.
"cyclic-seq" option is changed to "nocyclic-seq". This means no
allowance to cycle sequence number.
Wed Dec 22 16:30:56 JST 1999
* kame/sys/netinet6/ip6_forward.c: (IPv6 IPsec tunnelling)
when returning icmp6 too big, never return mtu value < 1280.
Suggested by Hiroshi Miyata <>, based on RFC2473 7.1.
the code is still incomplete as we do not do fragmentation in
ip6_forward(). when doing tunnel ingress, ip6_forward() should
call ip6_output() after certain point so that we can generated
fragmented outputs.
1999-12-22 JINMEI, Tatuya <>
* kame/sys/netinet6/in6_pcb.h: clarified IN6P_xxx macros;
- removed unused definitions.
- avoided hardcoding in a shortcut macro.
1999-12-22 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): dropped case
statements for non-standard socket options (IPV6_RECVOPTS,
Since they are still defined in netinet6/in6.h, applications that
use these options should still be compilable. But the applications
will not work correctly any more because of this fix.
If your applications use these non-standard options, I strognly
recommend you to change the applications not to use the options.
The definitions in in6.h will also be removed after a transition
period (maybe two weeks or so).
Wed Dec 22 00:37:56 JST 1999
* many platforms:
be paranoid about malicious use of v4 mapped addr on v6 packet.
malicious party may try to use v4 mapped addr as source/dest to
confuse tcp/udp layer, or to bypass security checks,
for example, naive stack can mistakingly think a packet with
src = ::ffff: is from local node.
tcp/udp/rawip layer for bsdi4, netbsd, freebsd2, bsdi3
ip6 layer (ip6 input and routing header processing) for all OS.
the latter change can be controversial.
Tue Dec 21 00:44:22 PST 1999
* kame/sys/netinet6/ipsec.c:
Limitedly dealing with upper layer protocol and port number
when forwarding packet with IPsec. Support either TCP, UDP or ICMP.
If next header type is ESP then giving up to pursue header.
1999-12-21 JINMEI, Tatuya <>
* kame/kame/{bgpd, hroute6d, pim6[ds]d, ping6, racoon, route6d,
rtadvd, rtsol[d], traceroute6}: use IPV6_RECVxxx options (if
available) instead of according options in RFC2292.
1999-12-21 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6_ctloutput: supported IPV6_RECVxxx socket
options according to rfc2292bis-01.
Tue Dec 21 17:30:09 JST 1999
* netbsd/sys: make AF_INET6 wildcard socket special behavior
(RFC1933 IPv4 mapped addr) configurable.
- no MAPPED_ADDR_ENABLED option: disabled, AF_INET{,6} sockets are
totally separate
- MAPPED_ADDR_ENABLED=0: code compiled in, disabled by default,
can be turned on by sysctl or setsockopt
- MAPPED_ADDR_ENABLED=1: code compiled in, enabled by default,
can be turned off by sysctl or setsockopt
per-socket behavior will be copied from sysctl config on in6pcb
creation time. you need to reopen a socket, or perform setsockopt,
to change behavior of a socket.
TODO: too many options will kill us, we may want to decrease number
of #ifdef by making some of the above behavior a default.
TODO: net.inet6.ip6.mapped_addr has reverse semantics from
setsockopt(IPV6_BINDV6ONLY). this is confusing and should be changed.
Mon Dec 20 17:05:42 JST 1999
* freebsd3/ports/{xtris,netris}, netbsd/pkgsrc/games/{xtris,netris}:
tetris over IPv6 network.
From: Hideaki YOSHIFUJI <>
Mon Dec 20 00:16:49 JST 1999
* kame/faithd/faithd.c: handle connetion to IPv4 mapped address
correctly. the bug can allow DoS attack.
From: Feico Dillema
NetBSD PR: 8640
Sun Dec 19 21:19:09 JST 1999
* share/man/man4/ip6.4: manpage for IPv6 layer.
Sun Dec 19 13:11:11 JST 1999
* openbsd/sys: disable IPv4 mapped address support (RFC1933: AF_INET6
wildcard bind can accept IPv4 traffic). This is for possible
security risks due to complexity introduced into access control.
(sync with openbsd-current)
Sun Dec 19 10:57:37 JST 1999
* {net,open}bsd/sys/netinet/ip_output.c: avoid kernel panic on
multicast loopback. shared cluster mbuf will be overwritten
by HTONS().
Sat Dec 18 08:21:50 JST 1999
* share/man/man4/icmp6.4: manpage for ICMPv6 socket.
* netbsd/pkgsrc/security/heimdal: upgrade to 0.2h.
Thu Dec 16 17:31:49 1999 SUMIKAWA Munechika <>
* IPv6-enable xemacs-21.1.8. (not tested)
submitted by URA Hiroshi <>
1999-12-16 JINMEI, Tatuya <>
* kame/kame/{bgpd, hroute6d, pim6dd, pim6sd, route6d, rtsold}:
The default directory to make dump/trace files was changed from
/var/tmp to /var/run in order to avoid possible security problems.
This fix was suggested by the OpenBSD team.
Thu Dec 16 02:55:23 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/XFree86: Upgrade to 3.3.5(not tested).
submitted by
Wed Dec 15 17:09:45 JST 1999,
* sys/netinet6 (bunch of places): do not overwrite traffic class
bits when setting IP version field on IPv6 header.
1999-12-15 JINMEI, Tatuya <>
* kame/kame/{libinet6, tcpdump, v6test}: changed not to use the
ip6r0_addr and ip6r0_slmap members of the ip6_rthdr0 structure
according to <draft-ietf-ipngwg-rfc2292bis-01.txt>.
Note: it is recommented to recompile both the kernel and all the
user applications to avoid troubles due to size mismatch between
the kernel and the applications.
1999-12-15 JINMEI, Tatuya <>
* kame/sys/netinet6/{ip6.h, ip6_output.c, route6.c}:
removed the ip6r0_addr and ip6r0_slmap members from the
ip6_rthdr0 structure according to
1999-12-14 JINMEI, Tatuya <>
* kame/sys/netinet6/icmp6.c (icmp6_input): use
PRC_UNREACH_PROTOCOL as notification code upon receiving an ICMPv6
XXX: is this a good code?
1999-12-14 JINMEI, Tatuya <>
* kame/sys/netinet6/{in6_pcb.c, ip6_output.c, tcp6_input.c,
tcp_subr.c}: rtcalloc was reverted for bsdi where it was necessary
to make a cloned route for path MTU discovery.
Tue Dec 14 01:26:01 JST 1999
* kame/libinet6/getaddrinfo.c: fix cases when getipnodeby*() is not
available. "hp" will be broken if you call resolver function again,
so we need to deep-copy the necessary portion of results.
1999-12-13 JINMEI, Tatuya <>
* kame/kame/ndp/ndp.c (getdefif): was added to allow the -I option
not to take an argument, which now means to show the current
default interface. The -I option now takes a special argument
`delete' to remove the current default interface from the kernel.
Note: both the command and the kernel should be recompiled.
1999-12-13 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_ioctl): a new ioctl
SIOCGDEFIFACE_IN6 was added to tell application the current
default interface.
A new structure in6_ndifreq{} was introduced for the option and
SIOCSDEFIFACE_IN6, so that a user can remove the current default
interface from the kernel.
Mon Dec 13 14:58:04 JST 1999
* netbsd/pkgsrc/net/ethereal: upgrade to 0.79.
Mon Dec 13 10:49:48 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/heimdal: upgrade to 0.2f.
* netbsd/pkgsrc/security/heimdal: upgrade to 0.2f.
Sun Dec 12 19:22:39 JST 1999
* openbsd/sys/netinet/udp_usrreq.c: fix advanced API for udp.
route6d seems to work.
Sat Dec 11 02:55:23 JST 1999
* kame/sys/netinet6/nd6.c: add missing splx().
Fri Dec 10 13:57:35 1999 SUMIKAWA Munechika <>
* freebsd3/sys/i386/isa/if_ed.c, if_ep.c, if_fe.c, if_sr.c: remove
calling in6_ifattach() from all of drivers. These are no need
1999-12-10 JINMEI, Tatuya <>
* kame/kame/ndp/ndp.c: a new option '-I interface' was added to
specify the default interface used for a default route when there
is no router.
1999-12-09 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6_rtr.c (defrouter_addifreq): was added
to install a route to an interface as default when there's no
default router. A new ioctl SIOCSDEFIFACE_IN6 was also added
to specify the interface.
We now completely conform to Section 6.3.6 of RFC 2461.
1999-12-09 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6_rtr.c (defrouter_select): was added to
conform to Section 6.3.6 of RFC 2461. This change contains several
non-trivial modifications in the neighbor discovery handling in
kernel, so please be careful updating.
KAME's original mobile node support was also modified; a prefix
becomes detached if it has no (probably) reachable advertising
Thu Dec 9 09:46:58 JST 1999
* kame/sys/netinet6/ip6_input.c (non-bsdi):
don't initialize non-lo0 loopback interface. they will be
initialized when they are made IFF_UP.
Wed Dec 8 22:26:42 JST 1999
* kame/kame/setkey:
Check the port number in SP entry when the policy is for icmp.
It should be error when a port number for icmp specifyed.
Wed Dec 8 14:59:33 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/mediator: upgrade to 19991020.
* freebsd3/ports/w3m, w3m-ssl, ja-w3m, ja-w3m-ssl: divide into
four type:
english-w3m with SSL
japanese-w3m with SSL
and sync with ports-current and upgrade to 19991203.
* freebsd2/ports/irc: quick fix for making buildable. It's not
good way.
* freebsd2/ports/newbie: quick fix for making buildable.
* freebsd2/ports/apache13: upgrade to 1.3.9 with current IPv6
* freebsd2/ports/pident6d: upgrade to current IPv6 patch.
Wed Dec 8 16:47:58 JST 1999
* netbsd/pkgsrc/net/zebra, openbsd/ports/net/zebra,
freebsd[23]/ports/zebra: upgrade to 0.83. if you are using BGP4+
and using 0.82, you MUST upgrade it.
Tue Dec 7 20:38:34 1999 SUMIKAWA Munechika <>
* freebsd3/pc98/conf/GENERIC.v6, Makefile.pc98: support IPv6 on
NEC PC-98 architecture.
submited by: Wada Keiji <>
1999-12-07 JINMEI, Tatuya <>
* kame/kame/mping: was added for debugging IPv6 multicast.
Contributed by:
Tue Dec 7 19:46:49 1999 SUMIKAWA Munechika <>
* freebsd3/ports/qmail: sync with ports-current.
* freebsd3/ports/pident6d: upgrade to current IPv6 patch.
* freebsd3/ports/irc, newbie: quick fix for making buildable. It's
not good way.
* freebsd3/ports/python: upgrade to 1.5.2.
1999-12-06 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6_mroute.h: removed the definition of
sioc6_sg_req{}, which was replaced with sioc_sg_req6{} due to
(possible) scope issues.
If there is a compilation problem caused by this change, please
let me know.
1999-12-03 JINMEI, Tatuya <>
* kame/kame/pim6sd: massive improvements including
- sanity checks for incoming PIM messages
- fixed a bug of (sometimes) sending invalid RP-adv messages
- fixed a bug in RP group list management
- count various statistics inside the daemon and dump them to a
file on receiving a signal. A new option '-s' was added to
the pim6stat command to support this.
1999-12-03 JINMEI, Tatuya <>
* kame/kame/rtadvd/rtadvd.c: more sanity checks were added for
recevied RSes and RAs in order to avoid trying to process an
invalid message.
Thanks to the TAHI project for pointing out the problem.
1999-12-03 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6_rtr.c (nd6_ra_input): fixed a problem that
valid lifetime always updated regardless of the result of "two
hours problem" detection.
Reported by the TAHI project (
Fri Dec 3 13:35:37 JST 1999
* kame/sys/netinet6/nd6_nbr.c: if an interface is not
IFF_RUNNING|IFF_UP, wait for it becomes IFF_RUNNING|IFF_UP before
sending DAD probes. some of wireless network cards does not become
IFF_RUNNING even if it is made IFF_UP (due to a long chip
initialization time - netbsd "awi" needs 2 or 3 seconds).
the code does not do the trick if the driver sets IFF_RUNNING without
care (like netbsd cnw).
current code waits for 15 seconds. maybe we need to provide
sysctl access to the timing parameter.
Fri Dec 3 10:07:22 JST 1999
* all-os/sbin/route/route.c: do not perform "-prefixlen 64" as defualt
behavior on "-inet6". this does not make sense, and this changes
old behavior too much. you could not do "route get -inet6 ::1"
with it.
Fri Dec 3 02:57:50 JST 1999
* kame/sys/netinet6: enable KAME "goto ours" hack on openbsd.
Fri Dec 3 00:44:57 JST 1999
* netbsd/usr.sbin/syslogd: add IPv6 support. NetBSD PR 8934 by
Feico Dillema <>.
Thu Dec 2 01:50:28 JST 1999
* kame/sys/netinet6/icmp6.c: fix sanity check location for mbuf
requirement in icmp6_error().
* kame/sys/netinet6/ip6_forward.c: to protect the original packet
from ipsec tunnel-mode operations, copy it before any ipsec
operations (was copied after ipsec operations - does not make sense
if the packet is tunnelled as IPv6 header will be changed).
1999-12-01 JINMEI, Tatuya <>
* kame/kame/ping6/ping6.c: the `-S sourceaddr' option was added,
which specifies the source address of outgoing packets.
Wed Dec 1 20:16:04 JST 1999
* kame/kame/racoon:
Sync kernel. Tunnel mode enabled again. The status comes back
before modifying the kernel.
XXX Policy management engine will be started to implement next.
Wed Dec 1 10:29:16 JST 1999
* openbsd/sys/socket.h: remove #define for __ss_len and __ss_family.
add some comments.
* use sa_len, not ss_len nor __ss_len, when touching "length" member
of sockaddr_storage. affected files are:
due to the following reasons, I would make userland code to (1) have
"-Dss_len=__ss_len" into CPPFLAGS, or (2) make it never touch ss_len
nor __ss_len. this should be the most portable approach.
- I believe RFC2553 ss_len/__ss_len issue is not very clarified (need
to ask on ipngwg mailing list).
- Theo (of OpenBSD) is *very* opposed of having __ss_len, even backward
compat #define. I can understand his point (programmers will never
notice if compilation goes fine) so I would make kame/openbsd to
define sockaddr_storage with ss_{len,family}.
- for non-openbsd platforms, I would just obey RFC2553.
Wed Dec 1 00:47:16 1999 SUMIKAWA Munechika <>
* kame/sys/netinet6/{ip6_input.c, in6_ifattach.c}: removed
in6_ifattach_p2p(). GIF does not have linklocal address unless it
becomes up.
* kame/sys/netinet6/in6_ifattach.c: make the destination address
initialize when auto-generated linklocal address is assigned to
P-to-P IF.
Tue Nov 30 22:14:58 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/sock5: add new port, SOCKS based translator by NEC.
Tue Nov 30 03:19:33 JST 1999
* kame/sys/netkey/key.c,netinet6/ipsec.c:
Changed the order to select SA. the oldest SA is seleted in outbound
Mon Nov 29 21:24:25 JST 1999
* netbsd/sys/dev/pcmcia/if_cnw.c: implement ioctls and multicast for
cnw driver. support Canadian card. ioctl is compatible with bsdi
and FreeBSD/PAO (bsdi driver has lots of stabilization code, which
I would like to bring in).
* netbsd/usr.sbin/cnwctl: controlling program for cnw device.
compatible with bsdi and FreeBSD/PAO.
Mon Nov 29 16:53:28 JST 1999
* netbsd/pkgsrc/mail/smtpfeed: add pkgsrc directory for smtpfeed 1.02.
Fri Nov 26 19:50:19 JST 1999
* KAME repository experienced a disk crash last night. It was
recovered by now.
* {netbsd,bsdi4,openbsd}/sys/netinet/tcp_input.c:
implement upper-layer reachability confirmation hint to NDP.
Thu Nov 25 19:57:44 1999 SUMIKAWA Munechika <>
* freebsd2/ports/openssh: IPv6-enable openssh.
obtained from
* freebsd3/ports/ethereal: upgrade to 0.7.8.
Thu Nov 25 18:37:59 JST 1999
* kame/sys/netinet6/in6_cksum.c: changed length-related argument
type from int to u_int32_t, for (future) jumbogram support.
Thu Nov 25 18:08:36 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/ipv6socket_scrub: a new port directory for
IPv6 socket scrubber (IPv6-readiness checking tool for source
code tree).
Thu Nov 25 10:26:39 JST 1999
* netbsd/pkgsrc/devel/ipv6socket_scrub: a new pkgsrc directory for
IPv6 socket scrubber (IPv6-readiness checking tool for source code
* netbsd/pkgsrc/net/ethereal: upgrade to 0.7.8.
Wed Nov 24 19:48:36 JST 1999
* tcp_input.c (all platforms)
do not remove ip header and tcp header/option until we pass the mbuf
to socket layer, or tcp reass queue. this will help us use
m_pulldown(), remove strong assumption on mbuf when doing pcb
lookup again on TIME_WAIT (near "goto findpcb"), and simplify the
code for ipsec policy lookup/whatever.
there was a bug in original bsdi[34] and openbsd near here. those
operating systems strips off tcp header twice when "goto findpcb"
case gets visited. This was from Net/2 or Lite-2, it seems. I'll
report this to these guys.
Here are list of affected files:
bsdi3/sys/netinet/tcp_input.c (serious)
bsdi4/sys/netinet/tcp_input.c (serious)
openbsd/sys/netinet/tcp_input.c (serious)
Wed Nov 24 15:44:53 JST 1999
* kame/sys/netinet6/in6_src.c: share source address selection code
between bsdi4 and openbsd (move it from openbsd/sys/netinet6 to
NOTE: the change affects openbsd and freebsd2. if you are on
openbsd, you'll need to perform "make TARGET=openbsd clean prepare"
after updating the tree to cleanup and renew symlinks. if you are
on freebsd2, you'll need to remove freebsd2/sys/netinet6 BEFORE
performing anoncvs update (the directory was generated by "make
TARGET=freebsd2 prepare").
Tue Nov 23 05:19:38 JST 1999
* netbsd/pkgsrc/net/totd, freebsd[23]/ports/totd:
upgrade to 1.1p1. the author of totd says that 1.1 has serious
bug (which can flood your network with DNS queries) so please
be sure to upgrade to 1.1p1.
* openbsd/ports/net/totd: add port directory for totd.
Mon Nov 22 19:19:31 JST 1999
* kame/sys/netinet6/*.h, */usr.bin/netstat: use u_quad_t for all
IPv6/IPsec stat fields.
NOTE: be sure to update /usr/include before userland recompilation.
also be sure to update both kernel and netstat(1).
Sun Nov 21 22:01:25 JST 1999
* openbsd/sbin/ifconfig/ifconfig.c: support KAME scopeid hack.
this will make the behavior slightly incompatible
(we can't use getnetbyname due to library conflict). Be warned.
* openbsd/usr.bin/netstat: support KAME scopeid hack.
Sun Nov 21 05:49:14 JST 1999
* openbsd/sys/dev/ic/am7990.c: for inbound packets, allocate mbuf
cluster whenever desired. this is to make "le" driver conform to
KAME mbuf chain requirement.
Sat Nov 20 21:43:26 JST 1999
* openbsd/sys/netinet/udp_usrreq.c: fix panic on interface down
in udp6_ctlinput(). fixes KAME PR 175.
* kame/sys/netinet6/ip6protosw.h: fix panic on big endian openbsd
machines (short/int mismatch with struct protosw).
1999-11-19 JINMEI, Tatuya <>
* kame/kame/pim6sd/config.c (config_vifs_from_kernel): considers
loopback and non multicast-capable interfaces, since some routers
have global addresses only on such interfaces.
Also, anycast addresses are now ignored.
Fri Nov 19 13:20:24 1999 SUMIKAWA Munechika <>
* kame/kame/{pim6dd, pim6sd, rtadvd, rtsold}: in looking up
interface information, comparing interface name between IFs which
duplicate name partly, such as 'gif1' and 'gif10', fails. It's
caused by lack of length comparation.
Tue Nov 16 20:17:22 1999 SUMIKAWA Munechika <>
* freebsd3/ports/openssh: IPv6-enable openssh.
obtained from
Thu Nov 18 06:45:45 GMT 1999
* openbsd: upgrade base version to OpenBSD 2.6.
Thu Nov 18 12:20:02 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd[23]/ports/ucd-snmp,
openbsd/ports/net/ucd-snmp: upgrade to latest IPv6 patch.
tcp/udp MIB number is fixed.
From: Niels Baggesen <>
1999-11-17 JINMEI, Tatuya <>
* kame/kame/tcpdump/print-pim.c (pimv2_print):
corrected offset check and calculation for the RP holdtime and
priority fields of Bootstraps.
Wed Nov 17 13:38:40 1999 SUMIKAWA Munechika <>
* freebsd3/ports/apache13: upgrade to 1.3.9.
1999-11-16 JINMEI, Tatuya <>
* kame/kame/ndp/ndp.c (plist): improved information about
adveritising routers:
- show each router's reachability.
- show each router in the new scopedaddr format.
1999-11-16 JINMEI, Tatuya <>
* kame/kame/bgpd/dump.c (dump_if_rtable): was added to dump
more information about each inteface including local addresses.
print_ifrt_dump() was removed according to this change.
1999-11-15 JINMEI, Tatuya <>
* freebsd3/sys/netinet/tcp_subr.c (tcp_newtcpcb): always
initialize inp_ip_ttl in tcp_newtcpcb() in order to avoid
zero ttl when matching an incoming IPv4-maaped IPv6 address.
This fix was in response to a problem report from
Wed Nov 10 22:42:37 JST 1999
Support a behavior of kernel when policy description is omited peer's
addresses in transport mode case. If you define protocol/mode//level
as policy then kernel get addresses from IP header to match SPD.
XXX should be considered the relative between inner and outer IP
addresses when packet will launch from own interface by tunnel mode.
Tue Nov 9 EST 1999
* netbsd/sys/netinet/tcp_input.c: backout previous change for
tcp_pullup(), as it degraded stability and made some wrong
assumptions (see below, Nov 6).
Tue Nov 9 07:14:23 EST 1999
* kame/libpcap/scanner.l: make IPv6 parsing more strict.
this makes arp[0:1] to work again ("0:1" was mistakingly
considered as IPv6 address). Uses very ugly regex...
Sun Nov 7 10:40:55 EST 1999
* netbsd/sys/netinet/tcp_input.c: implement tcp_pullup(),
which ensures mbuf alignment match with what tcp_input() assumes.
the routine is kind of ugly because, in most architectures,
MHLEN < ip + tcp + tcp opt
with IPv6.
Sun Nov 6 JST 1999
* freebsd2/release: improvements to IPv6+PAO boot floppy. add
isc dhcp client for easier network configuration.
From: Takahiro Yugawa <>
* netbsd/distrib: IPv6-ready boot floppy generator code.
At this moment for i386 only.
Fri Nov 5 22:02:00 JST 1999
* kame/sys/netinet6/{ip6_input,icmp6,route6}.c: clarify mbuf
chain requirements. add m_pulldown experimental code (#ifdef'ed).
Fri Nov 5 19:52:28 JST 1999
* freebsd[23]/usr.bin/netstat/route.c: show MTU on netstat -rnl
(you may need to specify "-a" as well to see cached result of
path MTU discovery).
Fri Nov 5 18:15:36 JST 1999
* kame/sys/netinet6/ipcomp_core.c: do not use default memory window
size for zlib, it is too big. let user choose memory window size.
no sysctl access is provided right now, you need to rewrite
the value by modifying source code, or by using kmem/bpatch.
From: Laine Stump <>
Fri Nov 5 10:41:26 JST 1999
* netbsd/sys/dev/pcmcia/if_awi_pcmcia.c (and others):
bring in awi driver for BayStack 650 card from NetBSD-currnt.
we need this for IETF washington DC:-)
Fri Nov 5 01:22:42 JST 1999
* kame/sys/netinet: rename in_cksum4() into in4_cksum(), to match
1999-11-04 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_rtrequest): changed the initial
state when creating a neighbor cache entry from INCOMPLETE to
NOSTATE, in order to avoid unexpected NSes.
1999-11-04 JINMEI, Tatuya <>
* kame/sys/netinet6/icmp6.c (icmp6_redirect_output): do not
include a target link-layer address option unless the address is
Thanks to: the TAHI project for finding the problem.
Thu Nov 4 18:08:00 JST 1999
* kame/etc/rc.net6: install reject route for scoped address without
scope identifiers. this will raise icmp6 error on, say,
"ping6 fe80::1" (this is invalid since there's no scope identifier).
Thu Nov 4 17:22:05 1999 SUMIKAWA Munechika <>
* netbsd/pkgsrc/net/pchar, freebsd[23]/ports/pchar,
openbsd/ports/net/pchar: pathchar reimplementation.
Thu Nov 4 09:40:08 JST 1999
* kame/sys/{netkey,netinet6}:
* kame/kame/{libipsec,setkey,racoon}:
Implemented a policy level of `unique' for strict use of SA.
The decimal number named `reqid' is used as the identifier in order to
relate between a SA and SA requests in some policy.
Manual keying may need explicitly to specify the identifier. You can
put the decimal number as the identifier after keyword `unique' of
policy level followed by colon(:). For example, "unique:1225".
The value is:
0 are reserved.
1 - 32767 are reserved for manual keying.
Others are for kernel use.
Note that this id doesn't identify a SA by only itself.
XXX To be implemented the inbound policy check by level of `unique'
after a implement of holding SA used to decode.
XXX The field of reqid on PF_KEY message is in sadb_msg structure.
It may not be adequated for portablity.
XXX racoon has not been supported yet.
Thu Nov 4 05:52:12 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd[23]/ucd-snmp:
use latest IPv6 patch.
* openbsd/ports/net/zebra: upgrade to 0.81.
* openbsd/ports/net/ucd-snmp: add ucd-snmp (4.0.1 + IPv6 patch).
Wed Nov 3 22:11:16 JST 1999
* kame/sys/netkey/key.c:
key_msg2sp() returns suitable error code.
Wed Nov 3 21:48:29 JST 1999
* kame/sys/netkey/key.c:
Toss up a policy index as identity of SA user when kernel acquired SA.
This is used extended identity type, that is SADB_X_IDENTTYPE_ADDR,
included in the SADB_EXT_IDENTITY extension.
Tue Nov 2 13:27:36 JST 1999
* freebsd2/ports/sendmail.beta, netbsd/pkgsrc/mail/sendmail.beta:
add port directory for sendmail 8.10.0beta6, to stress-test IPv6
part of it.
Tue Nov 2 01:46:01 JST 1999
* bsdi3/bin/ping6: move bsdi3/sbin/ping6 into bsdi3/bin/ping6, as
bsdi3 puts ping into bin/ping. You may want to remove
/usr/local/v6/sbin/ping6 to get rid of old binary.
Mon Nov 1 21:29:59 JST 1999
* netbsd/pkgsrc/net/mrt, freebsd[23]/ports/mrt: upgrade to 2.0.1a.
Mon Nov 1 13:34:07 JST 1999
* freebsd2/ports/openssl: port directory for OpenSSL 0.9.4. required
for freebsd2/ports/v6eval (and useful for building tcpdump and
* freebsd2/ports/{ct,v6eval}: port directory for TAHI IPv6 conformance
test kit, version 0.4.
Fri Oct 29 21:17:10 JST 1999
* kame/libinet6/getaddinfo.c: Bunch of cleanups.
(1) When servname == 0 and protocol == 0, return addrinfo structure
for both DGRAM/UDP and STREAM/TCP.
For example, if you ask for localhost/echo without specifying
servname nor protocol, the following four addrinfo structure will
be returned (the order may vary):
::1 dgram/udp port 7
::1 stream/tcp port 7 dgram/udp port 7 stream/tcp port 7
This fixes KAME PR 141.
(2) fix memory leak on failure cases
(3) clarify non-udp/tcp protocol cases. at this moment SOCK_RAW
is the only one allowed. we may need to loosen the restriction
* kame/libinet6/getnamenfo.c: clarify non-udp/tcp protocol cases.
1999-10-29 JINMEI, Tatuya <>
* kame/kame/pim6sd: config parser was rewritten using lex and
yacc. According to this change, each line MUST now be terminated
by a semi-colon ';', and hence older configuration files will
cause parsing errors. Please be careful in updating.
Thu Oct 28 19:39:02 JST 1999
* openbsd/sys/sys/socket.h: fix alignment constraint for
ancillary data.
Thu Oct 28 14:00:45 JST 1999
* freebsd3/ports/ucd-snmp: upgrade to 4.0.1 with IPv6 patch.
it looks tcb/udb dump is not working.
* freebsd3/ports/zebra: upgrade to 0.80.
1999-10-28 JINMEI, Tatuya <>
* freebsd[23]/ports/wwwoffle: was added with IPv6 patch developed
by Feico Dillema <>
Thu Oct 28 09:24:14 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd2/ports/ucd-snmp:
upgrade to latest IPv6 patch.
Thu Oct 28 01:41:00 JST 1999
* kame/kame/netinet6/ipsec.c:
Fix mbuf memory leak.
- Policy buffer was not freed when PCB was free.
- PF_KEY message buffer was not freed when key_parse() returned zero.
1999-10-27 JINMEI, Tatuya <>
* kame/kame/pim6dd: applied several fixes from sumikawa@hitachi
Wed Oct 27 20:58:42 JST 1999
* netbsd/usr.bin/netstat: use getnameinfo() with KAME hack.
add support for -v into interface info and pcb info printing,
which avoids address truncation on printing.
1999-10-27 JINMEI, Tatuya <>
* kame/kame/pim6sd/rp.c (delete_grp_mask_entry):
fixed a bug of rearraging the group list.
I believe the bug was derived from original pimd.
Wed Oct 27 14:49:09 JST 1999
* kame/sys/netkey/key.c:
We don't always try to allocate new SA. It's no need if the state
of SA in the holder is SADB_SASTATE_MATURE, and if this is newer one.
1999-10-27 JINMEI, Tatuya <>
* kame/kame/bgpd/in6.c (mask2len): changed the argument from
in6_addr{} to sockaddr_in6{} so that the function could handle
a shortened netmask. The change solves the problem that bgpd
misunderstands the prefix length of an interface direct route.
Thanks to: the TAHI project for finding the problem.
Wed Oct 27 10:14:07 JST 1999
* freebsd2/ports/ucd-snmp: upgrade to 4.0.1 with IPv6 fixes.
Wed Oct 27 03:27:13 1999 SUMIKAWA Munechika <>
* freebsd[23]/sys/conf/ RELEASE="${REVISION}-${BRANCH}"
instead of specified keywords, such as 2.2.8-RELEASE.
Submitted by: Martti Kuparinen <>
Tue Oct 26 23:45:15 1999 SUMIKAWA Munechika <>
* bsdi3/libexec/ftpd/ftpd/ftpcmd.y: appllied Y2K patch of
* bsdi3/usr.bin/ftp/cmds.c: One more Y2K patch. M310-055 is not
enough for newer checking. e.g.:
% touch -t 200107221100 tmp/test
% touch -t 199907221130 test
% ftp
Connected to
220 FTP server (Version wu-2.4(1)\
Fri Jan 17 12:05:30 MST 1997) ready.
Name (
331 Password required for sumikawa.
230 User sumikawa logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd tmp
250 CWD command successful.
ftp> newer test
Local file "test" is newer than remote file "test"
Reported by:
Tue Oct 26 18:50:16 JST 1999
* netbsd/sys/netinet/ip_input.c: disable ipflow (IPv4 fast forwading)
if IPsec is configured in the kernel.
From: Hans-Joachim Knobloch <>
Tue Oct 26 17:52:12 JST 1999
* (bunch of source code): fix inet_pton() error check. we need to
check if the return value equals to 1, or not equal to 1.
"<= 0" or "!= 0" does not really make sense.
Tue Oct 26 17:30:43 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/vat6: Tcl initialization patch.
Submitted by: Kenjiro Cho <> (kame-snap 1471)
Tue Oct 26 13:27:43 JST 1999
* netbsd/pkgsrc/www/wwwoffle: add wwwoffle 2.5 with IPv6 patch.
* netbsd/pkgsrc/net/zebra, freebsd2/ports/zebra: upgrade to 0.80.
Tue Oct 26 02:58:19 JST 1999
* freebsd3/sys/netinet tcp_input.c udp_usrreq.c
Modify m_len before and after calling ipsec_in_reject().
FreeBSD3 cuts out IP header from mbuf before pcb lookupping.
Tue Oct 26 02:44:51 JST 1999
* kame/sys/netinet6/ipsec.c:
Fixed a bug that sa_len wasn't updated in spidx.
Improved to make spidx which is used as key to search SPD.
Mon Oct 25 22:30:47 JST 1999
* kame/sys/netkey/key.c:
* kame/kame/libipsec:
- Improved to set IP addresses into the ipsec request structure
from PF_KEY msgs.
- Fixed to print IP addresses in ipsec policy request.
- Fixed a bit to print protocol name.
Sat Oct 23 17:11:39 PDT 1999
* {netbsd,freebsd2,bsdi3}/sbin/ifconfig: show IPv6 link-local
addresses in KAME extended IPv6 numeric address format, like
fe80::1@ne0 (experimental).
The change may require you to update rc.net6.
1999-10-22 JINMEI, Tatuya <>
* kame/kame/bgpd: added a configuration option to handle
site-local addresses in RIPng. See bgpd.conf(5).
Fri Oct 22 13:35:23 1999 SUMIKAWA Munechika <>
* freebsd3/lib/libftpio: fix getaddrinfo() loop, so that the code
will try to explore all the addresses returned after query.
Thu Oct 21 15:00:15 PDT 1999
* kame/sys/netinet/in_cksum4.c: fix computation algorithm for big
Thu Oct 21 08:40:24 PDT 1999
* netbsd/sys/netinet/udp_usrreq.c: advanced API has been broken for
IPv6 UDP due to a one-letter typo. it is now fixed.
Thu Oct 21 07:57:02 PDT 1999
* netbsd/pkgsrc/net/ucd-snmp: upgrade to 4.0.1 with IPv6 fixes.
1999-10-21 JINMEI, Tatuya <>
* *bsd*/usr.sbin/traceroute/Makefile: added OS-specific
compilation options, one of which would fix a problem of bad
checksums for probe packets.
Thu Oct 21 15:12:16 JST 1999
* kame/kame/racoon:
Make it compilable on INRIA stack.
Patch from <>.
Wed Oct 20 23:05:52 PDT 1999
* freebsd2/lib/libftpio: fix getaddrinfo() loop, so that the code
will try to explore all the addresses returned after query.
Wed Oct 20 09:01:53 PDT 1999
* netbsd/pkgsrc/net/wu-ftpd: upgrade to 2.5.0 with IPv6 patch.
Thu Oct 21 00:19:23 JST 1999
* kame/kame/libipsec:
Improved IPsec policy parser. Following requests are allowed:
See policy_parse.y for detail.
Wed Oct 20 20:13:50 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/ncftp3, netbsd/pkgsrc/net/ncftp3: upgrade to
3.0 beta 21.
1999-10-20 JINMEI, Tatuya <>
* kame/kame/ndp/ndp.c (dump): enabled the NI_WITHSCOPEID flag for
getnameinfo when printing a neighbor cache entry for a link-local
scope address. So, for example, `ndp -an' would provide the
following result:
Neighbor Linklayer Address
fe80::210:4bff:fe32:93d1@ef0 0:10:4b:32:93:d1
fe80::210:5aff:fe5c:6b5c@ef0 0:10:5a:5c:6b:5c
fe80::2a0:24ff:fe66:1350@ef0 0:a0:24:66:13:50
(some fields were ommited in the example.)
1999-10-20 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_ioctl): in the case of
SIOCGNBRINFO_IN6, embeded the interface index of a link-local
scope address into the address before calling nd6_lookup().
With this hack, applications would not have to care about the
KAME's hack for scoped addresses.
1999-10-20 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_lookup): use rt->rt_ifa->ifa_ifp
instead of rt->rt_ifp for validation of the interface. This change
would solve a problem that `ndp -a[n]' barks at a neighbor cache
entry for the node's own address.
Tue Oct 19 13:43:27 JST 1999
* kame/sys/netinet,netinet6,netkey:
- Save uid who created socket, and decision socket based policy
with this uid. At FreeBSD3, so->so_cred->p_svuid is saved
as this uid.
- New identify type; SADB_X_IDENTTYPE_ADDR. This is suitable
to identify clients of SA, not SA peers, rather than using
Tue Oct 19 07:13:02 JST 1999
* kame/dhcp6: server passes timezone information to clients.
Tue Oct 19 00:53:51 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/wu-ftpd: upgrade to 2.5.0 with security
patches. If you use old wu-ftpd, you should upgrade it because of
several security holes.
Mon Oct 18 13:43:40 JST 1999
* kame/tcpdump/print-bgp.c: decode BGP packets. BGP data that crosses
packet boundary will not be decoded (it does not reassemble TCP
1999-10-18 JINMEI, Tatuya <>
* kame/kame/bgpd: added various improvements and changes
- reflection of change of an IGP route to IBGP routes that use
the IGP route for BGP next-hop resolution.
- show per-prefix sorted BGP routes in the dump file.
- show various timers in the dump file.
- increased the default size of output socket buffers used for BGP
connections. Also, made the size configurable.
1999-10-17 JINMEI, Tatuya <>
* kame/sys/netinet6/nd6.c (nd6_lookup): added a sanity check for
the interface at the end of the function. This will prevent
invalid redirect messages when there is routing loop with an
adjacent router.
1999-10-17 JINMEI, Tatuya <>
* kame/kame/bgpd/ripng.c (rip_process_response): logged prefix and
interface for non-routable prefixes or for a prefix with an
invalid metric.
Adviced by: Tetsuya Isaki <>
Fri Oct 15 16:53:20 JST 1999
* kame/tcpdump/print-{tcp,udp}.c: print IP address properly when
intermediate headers or IP option is present.
* kame/sys/netinet/in_cksum4.c: more clever IPv4 pseudo header
checksum routine.
* netbsd/sys: experimental use of m_pulldown() in tcp and udp.
m_pulldown() guarantees contiguous allocation of intermediate
headers (like tcp header) on mbuf chain.
Thu Oct 14 17:27:26 JST 1999
* kame/tcpdump: fix endian-ness problem in big endian machines.
From: KOIE Hidetaka <>
1999-10-13 JINMEI, Tatuya <>
* kame/sys/netinet6/icmp6.c (icmp6_ctloutput): fixed mbuf leak on
(found by: k-sugyo@kame)
1999-10-13 JINMEI, Tatuya <>
* kame/kame/bgpd/bgp_util.c (bgp_peerstr): was added to print a
BGP-peer address (link-local or global).
* kame/kame/bgpd/in6.c (ip6str): took a new argument (ifindex) to
print link-identifier as well for a link-local address.
* the way to treat the dump file was also changed. See bgpd(8) in
Tue Oct 12 19:14:53 JST 1999
* netbsd/pkgsrc/net/ethereal: ethereal port for version 0.7.5.
Mon Oct 11 00:40:52 JST 1999
* freebsd2/ports/fwtk6: use latest IPv6 patch.
From: Hajimu UMEMOTO <>
Sun Oct 10 15:44:07 JST 1999
* kame/sys/netinet6/{icmp6.c,tcp6_subr.c,udp6_usrreq.c},
freebsd3/sys/netinet/tcp_subr.c, freebsd3/sys/netinet6/udp6_usrreq.c:
Revisit xx_ctlinput(). We added extra args to xx6_ctlinput(),
but it was wrong. We cannot just invent function prototype for
xx_ctlinput() as they will be called across protocol types
(for example, see pfctlinput() in sys/kern).
Made last arg of xx6_ctlinput() into void *, to meet standard
For passing info from icmp6 handler to xx6_ctlinput(), introduced
struct ip6ctlparam.
Sat Oct 9 11:35:32 JST 1999
* openbsd/ports/net/bind8, netbsd/pkgsrc/net/bind8,
freebsd[23]/ports/bind8: upgrade IPv6 patch. AAAA dynamic update
is now available.
why do I have to commit it FOUR times... :-(
Fri Oct 8 17:26:09 JST 1999
* openbsd/ports/net/bind8: bind 812 with IPv6 support.
* openbsd/ports/net/zebra: zebra 0.79.
* openbsd/ports/mail/sendmail6: sendmail 8.9.2 with IPv6 support.
Fri Oct 8 12:21:39 JST 1999
* netbsd/pkgsrc/audio/mpg123, freebsd2/ports/mpg123:
upgrade to latest IPv6 patch.
* netbsd/pkgsrc/www/lynx, freebsd2/ports/lynx:
upgrade to 2.8.2 + latest IPv6 patch.
From: Hideaki YOSHIFUJI <>
Fri Oct 8 08:42:12 JST 1999
* openbsd/sys/net/route.[ch], kame/sys/netinet6/icmp6.c:
synchronize ipv6 pmtud code for openbsd with netbsd.
this includes change to openbsd/sys/net/route.[ch] for
route entry timer code.
this should fix possible dangling pointer problem in previous code.
Fri Oct 8 01:40:23 JST 1999
* openbsd/ports/security/ssh: ssh 1.2.27 with IPv6 patch.
* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.1.1.
* openbsd/ports/mail/fetchmail: added, IPv6-enable config with 5.1.1.
Thu Oct 7 22:05:10 JST 1999
* openbsd: issue first snapshot for KAME/OpenBSD25.
there still are many issues to be fixed. see openbsd/TODO for
details. report any experiences to
Thu Oct 7 14:08:24 JST 1999
* kame/etc/rc.net6: disallow "internal" addresses like ::ffff:
to appear on the wire. This is done by configuring reject route
onto the routing table, so you can always re-enable it if you have
some special need for experiments.
1999-10-06 JINMEI, Tatuya <>
* *bsd*/netstat/route.c (netname6, routename6): were changed to
use getnameinfo in order to accomodate to the new format for
scoped addresses.
Now link-local gateways when invoking `netstat -rn' are shown like
Wed Oct 6 19:50:37 JST 1999
* freebsd[23]/ports/perl5: update to latest IPv6 patch.
Wed Oct 6 19:42:56 JST 1999
* netbsd/pkgsrc/net/totd, freebsd[23]/ports/totd:
totd, a DNS server for translation services like faithd(8).
NetBSD PR: 8563
From: Feico Dillema <>
Wed Oct 6 17:28:05 JST 1999
* kame/bindtest: tests how the kernel implements bind(2) on IPv4/v6
socket. is not compiled in default compilation.
1999-10-06 JINMEI, Tatuya <>
* kame/kame/pim6sd/pim6sd.conf.5: was added for configuration
1999-10-06 JINMEI, Tatuya <>
* kame/kame/v6test/v6test.c (bpf_open): use pcap_lookupdev (if
possible) to choose the outgoing interface when the user does not
specify one.
Tue Oct 5 20:46:33 JST 1999
* bsdi3/sys/i386/isa/if_mz.c: drop faulty multicast loopback packet
on promiscuous mode. this is to make the driver always behave as
1999-10-05 JINMEI, Tatuya <>
* *bsd*/*/netstat/inet6.c (ip6_ifstats): added the case of
ifs6_in_truncated to be printed, which was just forgotten so far.
1999-10-05 JINMEI, Tatuya <>
* kame/kame/v6test/getconfig.c (make_padnopt): added a new
attribute(padoptreallen) for the PadN option so that v6test could
fake the option length.
* kame/kame/v6test/conf/ext.conf (illhdrlen): added a new test.
Mon Oct 4 18:59:06 JST 1999
* netbsd/pkgsrc/www/w3m: new port for W3M, simple text based WWW
* netbsd/pkgsrc/devel/boehm-gc: conservative garbage collector for C
programs. needed for pkgsrc/www/w3m.
Sat Oct 2 16:18:35 JST 1999
* freebsd[23], netbsd: import ALTQ 2.0. ALTQ on bsdi3 is not
supported yet. IPv6 support needs improvement. Not really tested,
Testers wanted.
* freebsd[23]/ports/altq, netbsd/pkgsrc/net/altq:
update ALTQ userland to 2.0.
Fri Oct 1 09:02:23 JST 1999
* freebsd[23]/lib/libftpio: fix EPSV case. this should fix
1999-09-30 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6.h (IP6_EXTHDR_CHECK): added a sanity check
for the case where m_next is NULL and m does not contain enough
data. This fix will prevent the kernel from referring to illegal
memory space when receiving a packet with bogus header length.
Thu Sep 30 10:57:22 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/w3m: new port W3M, simple text based WWW client.
1999-09-30 JINMEI, Tatuya <>
* kame/kame/rtsold/dump.c: was added to dump internal status
of the running rtsold to a file by sending the SIGUSR1 signal.
Wed Sep 29 17:09:15 1999 SUMIKAWA Munechika <>
* kame/kame/ndp/ndp.c: use getnameinfo() instead of inet_ntop().
you should use -n option if you don't want to reverse lookup.
1999-09-28 JINMEI, Tatuya <>
* kame/kame/bgpd/if.c (get_32id): fixed a bug that was
chosen as the BGP identifier if it was the only IPv4 address on
the router.
Mon Sep 27 22:25:00 JST 1999
* kame/{libpcap,tcpdump}: support OpenBSD.
Mon Sep 27 12:28:13 1999 SUMIKAWA Munechika <>
* freebsd3/ports/ethereal: upgrade to 0.7.5.
Mon Sep 27 04:33:31 1999 SUMIKAWA Munechika <>
* freebsd[23]/ports/tcp_wrapper, netbsd/ports/tcp_wrapper:
upgraded to latest IPv6 patch made by
1999-09-26 JINMEI, Tatuya <>
* kame/kame/libinet6: made the code as much portable as possible.
Some macros were added to aclocal.m4 and were used in
for compilation on other platforms than KAME.
Sun Sep 26 12:08:28 JST 1999
* freebsd[23]/ports/vic6: upgrade to new IPv6 patch.
Fri Sep 24 21:15:02 JST 1999
* freebsd2/sys/netinet/ip_output.c: prevent kernel panic on
per-socket IPsec policy specification, like:
# ping -P 'out ipsec ah/transport/x-x/use' x
(the cause was only a pair of parens, we'd better have -Wall in
kernel Makefile...)
Fri Sep 24 00:36:05 JST 1999
* kame/sys/netinet6/in6_ifattach.c: do not allow all-zero EUI64/
IEEE802 to be used as interface id source for pseudo interfaces.
without this, all-zero IEEE802 address will be mistakingly used as
interface id source, on bsdi/wildboar pcmcia device driver
(when in6_ifattach_getifid is get called from ether_ifattach).
Fri Sep 24 JST 1999
* kame/sys/netinet6/ip6_output.c: append destination header 2 to the
outgoing packet. the code was broken a long time ago.
From: Conny Larsson <>
Thu Sep 23 15:24:45 1999 SUMIKAWA Munechika <>
* freebsd3/sys/i386/if_wi.c: WaveLAN/IEEE speaks IPv6. It is new
official supported device.
Wed Sep 22 20:42:25 JST 1999
* kame/kame/mchat:
Added two new command, /file and /log. `/file' is to send file
specified. `/log' is to log data received into file specified.
If `/log' is typed again, logging will be finished.
Wed Sep 22 15:22:21 JST 1999
* netbsd/sys/netinet/tcp* (tcp4/6)
* bsdi3/sys/netinet/tcp* (tcp4)
* freebsd2/sys/netinet/tcp* (tcp4)
* kame/sys/netinet6/tcp6* (tcp6 for bsdi3/freebsd2)
* freebsd3/sys/netinet/tcp* (tcp4/6)
fix TCP MSS computation with IPsec headers. (1) TCP MSS option
must be mtu - iphdrlen - tcphdrlen. it is a violation of protocol
spec to decrement option value further. (2) simplify IPsec header
size offset handling. this may, or may not come with some
performance hit.
Wed Sep 22 14:43:20 1999 SUMIKAWA Munechika <>
* freebsd3/sys: upgraded base version to FreeBSD 3.3-RELEASE.
TODO: tcp_getcred() and udp_getcred() need more work to support
IPv6 socket.
Wed Sep 22 JST 1999
* openbsd: bunch of fixes and merges for KAME/openbsd.
basic operations are IPv6 ready but still needs more work.
* netbsd/pkgsrc/www/squid11: upgrade to latest IPv6 patch.
* kame/tcpdump/print-frag6.c: print fragment length, instead of
ipv6 whole payload length, as property of fragment header.
1999-09-22 JINMEI, Tatuya <>
* openbsd/sys/dev/ic/elink3.c (epget): prevented the input routine
from deviding two (small) mbufs; the new routine always stores an
incoming packet either in a single mbuf or in a chain of mbuf
Mon Sep 20 17:38:03 JST 1999
* kame/sys/netinet6/in6_ifattach.c: allow MD5(hostname) to be used
as interface id for pseudo interfaces, when no other choices are
available (need to be revisited).
* kame/sys/netinet6/*: merge in ARCnet support from NetBSD-current.
* netbsd/sys/netinet/udp_usrreq.c: support IPv4 mapped address on
udp6 socket.
1999-09-16 JINMEI, Tatuya <>
* *bsd*/usr.bin/Makefile: added v6test to SUBDIR.
*bsd*/usr.bin/v6test/Makefile: added to install v6test.
1999-09-16 JINMEI, Tatuya <>
* bsdi3/usr.bin/ppp/ppp_ipv6cp.c: was rewritten not to use
s6_addr{16, 32}, which might cause portability problems.
1999-09-16 JINMEI, Tatuya <>
* bsdi3/usr.bin/Makefile (SUBDIR): directory ppp was added to
SUBDIR. Note, however, ipv6cp was not fully tested.
Thu Sep 16 13:50:42 JST 1999
* kame/libipsec/pfkey.c: Temporary workaround against KAME PR 154.
If you use setkey to dump many keys in the kernel, or to add
many keys at one time, PF_KEY socket buffer will overflow
(because PF_KEY socket is SOCK_DGRAM, there's no flow control).
To address this issue we added setsockopt(SO_{SND,RCV}BUF) into
pfkey_open(). This allows the PF_KEY socket to hold roughly 1000
keys in the buffer. More fundamental fix should follow.
Thu Sep 16 09:44:03 JST 1999
* netbsd/pkgsrc/net/tcptrace, freebsd[23]/pkgsrc/net/tcptrace:
upgrade to 5.2.1.
1999-09-15 JINMEI, Tatuya <>
* kame/sys/netinet6/in6.c (in6_control): removed a redundant
sanity check for ifp in the SIOCGIFSTAT_IN6 case. The check was
even harmful to freebsd3.
1999-09-15 JINMEI, Tatuya <>
* kame/sys/netinet6/ip6_mroute.c (add_m6if, del_m6if):
for fbsd3, use if_allmulti() instead of calling if_ioctl directly
to set/unset the multicast-promiscuous mode.
This fix would be essential if you want to use your kame-freebsd3
box as an IPv6 multicast router. Please do not forget apply the
1999-09-14 JINMEI, Tatuya <>
* *bsd*/usr.sbin/pim6sd/pim6sd/Makefile:
* *bsd*/usr.sbin/pim6sd/
install directory and ld path were corrected.
1999-09-14 JINMEI, Tatuya <>
* kame/kame/bgpd/bgp_output.c (bgp_send_update): added a sanity
check of the origin of a route before sending UPDATE for the
route. This will prevent SEGV when sending update of a non-BGP
route. It is strongly recommended to apply this fix if you use
the KAME bgpd as an EBGP router.
Thanks to: Nobumichi Ozoe <> for reporting
the problem.
Tue Sep 14 01:37:37 JST 1999
* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra:
upgrade to 0.79.
Mon Sep 13 20:42:07 JST 1999
* kame/sys/netinet6/in6_ifattach.c: do not use IEEE802/EUI64 addr
with u bit != 0, as source of interface id for pseudo interfaces.
this is because IEEE802/EUI64 addr with u bit != 0 is not globally
unique (there are such ethernet cards exist - yes, I have one).
NOTE: this change may affect your "gif" interface configuration
Mon Sep 13 20:41:07 JST 1999
* */sys/netinet/raw_ip.c, */sys/netinet/udp_usrreq.c,
kame/sys/netinet6/raw_ip6.c, kame/sys/netinet6/udp6_usrreq.c:
on PRU_ATTACH, call in6_pcbdetach if ipsec policy initialization
is failed. this fixes memory leakage during heavy use of socket
Mon Sep 13 12:26:07 JST 1999
* netbsd/sys/dev/pcmcia/if_wi*, netbsd/usr.sbin/wiconfig:
WaveLan driver from NetBSD-current. Works fine with IPv6 as we've
fixed it. (This may be (1) a bad idea to bring some drivers in
from *-current, for some of version controlling issues, or (2) a
good idea for reducing people's labor for merging. I'm not really
1999-09-13 JINMEI, Tatuya <>
* kame/kame/pim6sd/mtrace6: implemented in order to trace IPv6
multicast routing.
- kernel and multicast routing daemons should be updated as well.
- if you use cvsup, please be sure to `make clean' on the
directory `pim6sd' before update.
- mtrace6 feature is currently VERY experimental (we have no
official specification). You can't expect interoperability with
other implementations.
Sun Sep 12 23:44:00 JST 1999
* kame/dhcp6: experimental DHCPv6 client/server. many restrictions
due to incomplete implementation (and we may not be improving this
in the future). not included in default compilation tree.
use at your own risk.
Sat Sep 11 13:51:25 JST 1999
* kame/tcpdump: add support for dhcp6.
1999-09-09 JINMEI, Tatuya <>
* kame/kame/rtsold/rtsol.c (sendpacket): not call warnmsg even if
sendmsg fails (unless the error is a serious one). This change is
for a situation where a node has multiple interface cards and some
of the cards may be disabled.
Thu Sep 9 02:10:21 JST 1999
* netbsd/sys/net/if_ethersubr.c: grab IEEE802 MAC address as
seed of IPv6 interface index, on ether_ifattach().
this is for pcmcia ethernet cards inserted after bootstrap time.
(commits for other operating systems should follow)
Wed Sep 8 19:34:57 JST 1999
* netbsd/sys/dev/ic/sm91cxx.c: avoid duplicated multicast packet
reception on promiscuous mode. this fixes DAD failure during
promiscuous mode.
* sys/netinet6/in6_pcb.c: allow bind(2) to non-interface address,
if the socket is configured as FAITH socket. this is for allowing
ftp relay daemon to perform bind(2) on behalf of fake IPv4 address
on active data connection.
v6 ftp client --control---> ftp translator ----> v4 ftp server
"*" needs to be fake IPv4 address generated from translation pool
prefix and the address for v4 ftp server.
1999-09-08 JINMEI, Tatuya <>
* bsdi3/sbin/ifconfig/ifconfig.c (findaddr): used AF dependent
comparison functions instead of simple binary comparison. With
this fix, you can use ifconfig add, remove and modify commands for
IPv6 link-local addresses without embedding an interface
identifier. That is, you can do
# ifconfig ef0 inet6 remove fe80::1
instead of
# ifconfig ef0 inet6 remove fe80:2::1
Tue Sep 7 16:42:41 JST 1999
* kame/rip6query: use getaddrinfo() and getnameinfo(), not inet_pton()
and alike. allow interface to be specified with -I.
* netbsd/usr.bin/whois: fix getaddrinfo() loop.
* kame/racoon: fix compilation with --disable-ipv6 (include path).
* sys/netinet6/ipsec.c: support IPsec-only kernel compilation again.
* sys/netkey/key.c: allow any SPI value to be put into kernel,
for IPComp SA that uses well-known CPI field.
* kame/libipsec: allow "setkey -D" on IPComp SA.
* kame/tcpdump/print-ripng.c: format ripng information better
if -v is specified (but it eats more lines on screen).
Tue Sep 7 13:09:06 JST 1999
* kame/kame/sys/netinet6:
Implemented IPv6 forwarding with IPsec slightly.
It's enable if you define IPSEC_IPV6FWD option in kernel
configuration file.
XXX ICMPv6 for IPsec tunnel should be considered.
Tue Sep 7 10:09:53 JST 1999
* kame/sys/netkey/key.c:
Fixed kernel crash when you set SP by spdadd command of setkey.
Sun Sep 5 04:00:08 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd[23]/ports/ucd-snmp:
upgrade to latest IPv6 patch. icmp6 per-if stat is now available.
Sun Sep 4 JST 1999
* sys/netinet6/in6_ifattach.c: invert "u bit" on interface id for
pseudo interfaces, as suggested in RFC2373. This was mistakingly
dropped during migration to new repository.
NOTE: interface id for pseudo interfaces (faith*, gif*, and alike)
will change after this fix. Please be sure to update your config
file if you have explicit link-local address embedded in rc files.
1999-09-03 JINMEI, Tatuya <>
* kame/kame/ping6: changed the semantics of `-a A' option. It now
specifies to require the responder's anycast addresses.
1999-09-03 JINMEI, Tatuya <>
* kame/sys/netinet6/icmp6.h (NI_NODEADDR_FLAG_ANYCAST): added
in order to get/tell a node's anycast addresses.
Note that this is not in the specification, just for experimental
1999-09-03 JINMEI, Tatuya <>
* kame/sys/netinet6/udp6_usrreq.c (udp6_output): embedded
interface index to a link-local destination. This fix solved a
bug that you can't send a UDP packet to a link-local destination
even when specifying its interface.
XXX: the code is almost same as rip6_output.
Fri Sep 3 11:19:45 JST 1999
* kame/traceroute, kame/traceroute6: do not bark even if IPsec
configuration (for bypassing IPsec) is failed. now both programs
should work fine on kernel without IPsec support compiled in.
Fri Sep 3 01:06:47 JST 1999
* netbsd/pkgsrc/net/mtr, freebsd[23]/ports/mtr:
mtr network diagnose tool, version 0.41 with IPv6 support.
* netbsd/pkgsrc/net/rsync, freebsd[23]/ports/rsync:
upgrade to latest IPv6 patch.
Thu Sep 2 17:35:13 JST 1999
Fix alignment problem for routing socket on NetBSD/alpha.
* kame/ndp/ndp.c: Be more struct about alignment constraint in routing
socket messages (is aligned to sizeof(long) by ROUNDUP() in
* netbsd/sbin/route, kame/route6d, kame/bgpd, netbsd/usr.bin/netstat:
Fix alignment constraint for routing socket messages.
1999-09-02 JINMEI, Tatuya <>
* kame/sys/netinet6/: changed hop limit selection algorithm;
hop limit stored in the template header is not considered.
Also, TCP6 was changed to always select hop limit when sending
segment in order to reflect IPV6_UNICAST_HOPS setsockopt and
current hop limit advertised via router advertisements.
Thu Sep 1 17:00:14 JST 1999
* kame/kame/ping6,traceroute,traceroute6,rrenumd,mchat and so on.
Fixed policy specification due to the modification of policy
XXX In rrenumd, not implemented to specify inbound policy.
I must consider rrenumd's behavior.
XXX In inetd, What should i take deal of in/out ? #@ in/out ?
Thu Sep 1 16:53:14 JST 1999
* kame/kame/racoon:
Fixed argument of pfkey function call due to the modification
of libipsec. But I have not tested, so probably racoon can't run.
Thu Sep 1 16:50:14 JST 1999
* kame/kame/setkey,libipsec
- Changed SA specification,
NEW; add a::1 b::1 esp 0x1111 ...
OLD; add a::1 b::1 0x1111 -p esp ...
- Changed SP specification,
NEW; spdadd a::1/64[32] b::1/64[24] tcp
-P in ipsec esp/transport/::1-::1/require ;
- Changed some function in libipsec due to above modification.
- Added some function into libipsec for policy management.
Thu Sep 1 16:43:14 JST 1999
Modified IPsec policy management. As this modification, it's
enabled to,
1. make a SA to use both transport mode and tunnel mode.
2. make a SA to assign multiple SP entries.
3. check separately inbound SP and outbound SP.
Abstract of modification is
- Deleted a policy holder from pcb, alternatively added two policy
holders that are inbound and outbound respectively.
- IP{V6,}_IPSEC_POLICY is divided two optname, IP{V6,}_IPSEC_POLICY_IN
- "proxy" address has gone away. SA is always specified by both
source and destination address without prefix, port number and
upper layer protocol.
- It's always use IPPROTO_XX as security protocol type internal.
So when using PF_KEY I/F, must map internal type to SADB_SATYPE_XX.
- changed the meaning of value of protocol and port. 0 is one of
the number of each value.
- Begin to add IPsec processing into ip6_forward.
Wed Sep 1 14:14:43 JST 1999
* usr.bin/ftp (all platforms): On data connection establishment,
warn if scoped address is used. If peer (ftp daemon) does not
handle scoped address, data connection may not work right.
* libexec/ftpd (all platforms): Copy sin6_scope_id from control
connection to active data connection destination, hoping
this to help ftpd's behavior with scoped IPv6 addresses.
I'm not sure if it is the right way, but it is the best way
available to us. LPRT or EPRT command gives no information
about which interface (or scope) to be used for new data connection.
This seems to be sort of protocol spec twist.
Tue Aug 31 18:37:00 JST 1999
* openbsd: made GENERIC.v6 at least compilable.
GENERIC.v6 kernel boots okay, replies to ping6.
transport layer (AF_INET6 raw/tcp/udp socket) needs more work.
IPSEC support is completely broken (we have NRL/OpenBSD/KAME IPSEC
code in the tree, I am not quite sure how to solve this).
Tue Aug 31 03:07:16 JST 1999
* netbsd: Upgrade base version to 1.4.1. There's not too many
changes between NetBSD 1.4 and 1.4.1, so it should be possible
to install KAME/NetBSD141 on top of NetBSD 1.4 installation.
To get 1.4.1 libc and other important portions, I'd suggest
upgrading to 1.4.1, however.
Updated files are:
sys sbin/ifconfig sbin/ping usr.bin/ftp libexec/tftpd
1999-08-30 JINMEI, Tatuya <>
* kame/sys/netinet6: changed to use nd6_output() instead of
ifp->if_output() when sending a packet to a link-layer in various
cases. This change might affect some fundamental parts of sending
IPv6 packets such as forwarding a packet and neighbor
discovery. If you find instability, please let me know.
Mon Aug 30 13:10:15 JST 1999
* kame/rtsold: check for invalid RAs, like non-zero icmp6 code or
non-linklocal source address. Found by TAHI team.
Mon Aug 30 11:48:41 JST 1999
* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.78a.
Sat Aug 28 16:32:29 JST 1999
* netbsd/usr.bin/whois: IPv6-ready whois client.
Sat Aug 28 15:28:16 JST 1999
* kame/rtsold: fix rtsol's behavior when link-local address is
considered a duplicated address (by DAD).
Fri Aug 27 12:23:19 JST 1999
* netbsd/sys/netinet/tcp_subr.c: fix IPsec header size consideration
during TCP mss computation. you will see no fragmentation on
IPsec'ed TCP packets.
Thu Aug 26 22:36:07 JST 1999
* kame/tcpdump/print-ip.c: fix length printer for IPv4 first fragment.
variable was broken during onion peeling and garbled value was
1999-08-26 JINMEI, Tatuya <>
* kame/kame/pim6sd/vif.c: changed the type of return value of
vif_forwarder() from if_set * to int.
Also, introduced a new function vif_and(), which is intended to be
called from age_routes() instead of vif_forwarder(). The new
function is added in order to prevent bcopy from a NULL pointer,
which causes pim6sd hang up.
Thu Aug 26 18:01:27 JST 1999
* kame/sys/netinet6/frag6.c (frag6_init): changed ip6_id setting
algorithm. it is borrowed from ip6_init(). ip6_id(initialized
fragmentation value) was always 0 on FreeBSD/NetBSD(was 3 on BSDI)
since it seems tv/time_second is not set when calling
Thu Aug 26 05:07:49 JST 1999
* kame/tcpdump: print the identification of fragment headers when
using -v flag
1999-08-26 JINMEI, Tatuya <>
* kame/sys/netinet6/ah_core.c (ah6_calccksum): fixed a bug
of pointer adjustment to chase options. The bug might cause
kernel panic when trying to calculate ICV for a HbH or a Dst options
header including an immutable option.
Thanks to the TAHI project( for finding the
1999-08-26 JINMEI, Tatuya <>
* sys/netinet6/in6_pcb.c (in6_selecthlim): added to select hop
limit for an outgoing packet in various situations. The algorithm
is as follows:
1. The hop limit field of the template header.
2. Hoplimit value specified via ioctl.
3. (If the outgoing interface is detected) the current
hop limit of the interface specified by router advertisement.
4. The system default hoplimit.
UDP6 and raw IP6 directory use this function. TCP6 uses this via
This change fixes the problem that IPV6_UNICAST_HOPS did not work
for a UDP6 and a raw IP6 socket.
Thanks to Tetsuya Isaki <> for
finding the problem.
Wed Aug 25 22:45:15 JST 1999
* kame/rtsold: Fix segv when invoked as normal user, not root.
do not wait forever if -1 is specified (or invoked as rtsol).
Wed Aug 25 19:59:49 JST 1999
* freebsd[23]/ports/ncftp3, netbsd/pkgsrc/net/ncftp3: upgrade to
latest IPv6 patch
Wed Aug 25 18:46:48 JST 1999
* freebsd[23]/ports/inn: update IPv6 patch.
From: Satosi KOBAYASI <>
1999-08-25 JINMEI, Tatuya <>
* kame/sys/netinet6/ah_core.c (ah6_calccksum): corrected the
length parameter for auth. data calculation at the end of
Problem reported by the TAHI project(
Wed Aug 25 11:24:43 JST 1999
* kame/racoon: Fix compilation on NetBSD/alpha.
Fix portability issue with ssleay/openssl. However, we cast
most of parameters to des_xx() into void *, which is not a very
good way to solve this issue.
Wed Aug 25 02:31:54 JST 1999
* freebsd3/ports/pfs: add pfs(personal file system)
* freebsd[23]/ports/emacs20: more sophisticated IPv6
supporting. Patched by:
1999-08-25 JINMEI, Tatuya <>
* kame/kame/pim6dd/debug.c (dump_lcl_grp): added to show status of
local listeners with some timer values.
Wed Aug 25 00:12:56 JST 1999
* freebsd[23]/ports/netperf, netbsd/pkgsrc/net/netperf: upgrade to
latest IPv6 patch
Tue Aug 24 23:45:36 JST 1999
* freebsd[23]/ports/mrt, netbsd/pkgsrc/net/mrt: upgrade to mrt 2.0.0a.
1999-08-24 JINMEI, Tatuya <>
* kame/kame/pim6dd: fixed a bug that pim6dd with a local listener
didn't correctly stop forwarding when it became an assert looser.
(The bug seemed to be derived from the original pimdd.)
Thanks to Mickael Hoerdt<> for finding
the problem.
Tue Aug 24 18:19:19 JST 1999
* netbsd/sys/netinet/tcp*.c: Improve syn cache cleanup again.
When listening socket goes away, syn cache entries associated to the
listening socket will never be used. Therefore, it makes more sense
to nuke all assockated syn cache entries when listening socket
goes away.
NOTE: On 4.4BSD, it was possible to run SYN-SYNACK-ACK handshake even
if listening socket goes away in the middle (as sonewconn is called
right after SYN reception). After introduction of syn cache,
the behavior was changed (if listening socket goes away in the
middle, no negotiation will be successful).
KAME change will keep the latter behavior.
Suggested by: Jason Thorpe
Tue Aug 24 08:18:00 GMT 1999
* bsdi3: fix manpage installation procedure to conform to
BSDI3 practice.
Tue Aug 24 16:42:54 JST 1999
* usr.sbin/rtsold, sbin/rtsol: Integrate rtsold and rtsol source code.
Behavior is switched by argv[0]. sbin/rtsol needs to be statically
linked for most of the platforms, so they are compiled separately.
This change will improve IPv6 spec conformance of rtsol(8).
Tue Aug 24 02:11:54 JST 1999
* etc/rc.net6: disallow multiple interfaces from being autoconfigured
on host case, added some comment on it.
IPv6 specification assumes, in many places, that autoconfigured
node has only single externally-visible network interface.
Autoconfiguring a node with multiple interfaces can cause unexpected
1999-08-24 JINMEI, Tatuya <>
* *bsd*/usr.{bin,sbin}/netstat: supported per-interface
statistics. Try
% netstat [-p [ip6|icmp6] | -f inet6] -s -I if_name
for printing statistics on a specified interface, or
% netstat [-p [ip6|icmp6] | -f inet6] -s -i
for all interfaces.
1999-08-24 JINMEI, Tatuya <>
* kame/sys/netinet6: implemented per-interface ICMPv6 statistics
based on RFC2466. ioctl(SIOCGIFSTAT_ICMP6) is available as API.
Note that this changes affect the size of struct in6_ifreq,
which means you have to recompile some applications using the
structure like ifconfig.
1999-08-22 JINMEI, Tatuya <>
* sys/netinet6/udp6_usrreq.c (udp6_output): now got rid of
in6_pcbconnect, which needs splnet and affects performance, since
we saw no essential reason for calling in6_pcbconnect.
Instead, in6_selectsrc and in6_pcbsetport are used in order to
fill in the local address and in the local port.
Fri Aug 20 20:27:34 JST 1999
* bsdi3/usr.sbin/inetd: inetd with IPv6 and IPsec support.
inet6d will be left uncompiled for good.
Fri Aug 20 18:13:36 JST 1999
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c:
do not capture tunnelled packet when gif interface is down
(not IFF_UP).
Fri Aug 20 15:26:59 JST 1999
* netbsd/sys/netinet/tcp_input.c: tentative fix to dangling pointer
problem in syn cache. may need updates.
Fri Aug 20 09:11:20 JST 1999
* freebsd[23]/ports/apache13, netbsd/pkgsrc/www/apache13:
* freebsd[23]/ports/bind8, netbsd/pkgsrc/www/bind8:
upgrade to new IPv6 patch.
Fri Aug 20 08:57:01 JST 1999
* sys/netinet6/in6.h: remove, or hide nonstandard macros/struct defs
from the userland programmers. if your code breaks with this change,
your program assumes something outside of RFC2553.
some of programs under "ports" or "packages" directory may fail to
compile. Please report if you find one.
Fri Aug 20 04:16:11 JST 1999
* freebsd[23]/ports/newbie, netbsd/pkgsrc/net/newbie: update to 0.22.
Fri Aug 20 00:23:42 JST 1999
* usr.sbin/racoon/racoon: fix SEGV due to duplicated free().
From: "Heiko W.Rupp" <>
Thu Aug 19 21:59:08 JST 1999
* sys/netinet/in_gif.c: if you run KAME/NetBSD prior to the change
as router, sometimes kernel panicked due to failure to include
opt_ipsec.h into this file. I really hate opt_xx.h...
From: Kazuto Ushioda <>
1999-08-19 JINMEI, Tatuya <>
* kame/sys/netinet6/{ip6_output.c, nd6.c}: use nd6_output by
default. Note that some files under sys/net must be updated,
too. I believe the behavior is now quite stable, but if not,
please let me know.
Thu Aug 19 15:02:35 JST 1999
* lib/libinet6: compile inet_pton() into libinet6. The code
is from ISC BIND821. This is to avoid bugs in OS-supplied
inet_pton() (the source of bug is BIND version < 8.2).
NOTE: KAME/NetBSD needs inet_addr.c into libinet6 as well, because
inet_pton() and inet_addr() are supplied as single object file in
Thu Aug 19 00:38:02 JST 1999
* netbsd/pkgsrc/net/ucd-snmp, freebsd2/ports/ucd-snmp:
upgrade to 3.6.2. freebsd3/ports/ucd-snmp is not buildable.
Wed Aug 18 22:02:14 JST 1999
* sys/netinet6/in6_var.h: Based on RFC2465, IPv6 per-interface
statistics framework is implemented. Actual statistics support
is ongoing. ioctl(SIOCGIFSTAT_IN6) will let you peek the
statistics from the userland.
NOTE: rebuild all userland tools as struct in6_ifreq is changed
its size.
NOTE: in some cases we are unable to increment counter, because
there's no route for packet (hence interface).
1999-08-17 JINMEI, Tatuya <>
* kame/libinet6/ip6opt.c (inet6_option_append, inet6_option_alloc):
adjust pad length to avoid unnecessary pad.
Thanks to Frederic SOULIER for pointing it out.
Tue Aug 17 19:46:52 JST 1999
* sys/netinet6/in6.h: make IN6_IS_SCOPE_LINKLOCAL() invisible from
We will gradually remove nonstandard (and uncommon) defs as much as
possible from netinet/in.h. Some of your userland apps may
fail to compile during the process. Please stick to standard
defines (see RFC2553 and RFC2292).
Tue Aug 17 13:01:50 JST 1999
* kame/ndp: fix cases when no link-layer address information is
cached in the kernel.
1999-08-16 JINMEI, Tatuya <>
* kame/libinet6/name6.c (gethostbyname2): reinitialized saved_hp
right after freehostent() in order to avoid possible duplicate
free the variable.
Suggested by Frederic SOULIER.
Mon Aug 16 01:34:36 JST 1999
* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.77.
1999-08-14 JINMEI, Tatuya <>
* kame/pim6sd: correctly supported restarting by SIGHUP.
Thanks to <> for sending patch.
Sat Aug 14 00:18:57 JST 1999
* kame/kame/racoon:
Added man page of racoon.conf.
Changed default directory placed racoon.conf.
new directory is /usr/local/etc.
1999-08-13 JINMEI, Tatuya <>
* kame/sys/netinet6/in6_pcb.c (in6_selectsrc):
added an argument to pass the local address of the PCB in order to
prefer the optionally specified address to the local address.
Fri Aug 13 23:01:15 JST 1999
* freebsd2/usr.sbin/inetd: support tcp6, udp6 as protocol type.
now inetd is able to support both address families, so there's no
need to run separate inet6d. you just need to (1) kill
/usr/sbin/inetd, and (2) run /usr/local/v6/sbin/inetd instead.
/etc/inetd.conf will be used.
Fri Aug 13 21:34:39 JST 1999
* sys/netinet6: Add net.inet6.ip6.use_deprecated sysctl MIB.
This is for RFC2462 5.5.4, which specifies the use of deprecated
address as the source address for new connection when no other choice
is available.
Default value is 1 (allows deprecated address as a last resort).
By making it 0, deprecated address will never be used, even as a
last resort, when selecting source address for new connection
(past KAME code always behaved like this).
Note that explicit bind(2) is disallowed against deprecated address.
Fri Aug 13 19:39:33 JST 1999
* kame/kame/racoon/cfparse.h:
change default directory placed configuration file.
new directory is /usr/local/v6/etc.
1999-08-13 JINMEI, Tatuya <>
* kame/kame/pim6dd: correctly supported restarting by SIGHUP.
Thanks to <> for sending patch.
1999-08-13 JINMEI, Tatuya <>
* pim6dd/pim6_proto.c (receive_pim6_assert): added a sanity check
in order to prevent core dump when receiving an assert message from a
router that the receiving node doesn't regard as a PIM neighbor.
1999-08-13 JINMEI, Tatuya <>
* kame/bgpd: made sure to transit an optional transitive path
attribute even if it's unrecognized.
Fri Aug 13 11:40:55 JST 1999
* freebsd2/ports/{ct,v6eval}: upgrade to 0.3. from
Fri Aug 13 00:41:12 JST 1999
* netbsd/usr.sbin/{tcpdmatch,tcpdchk}: made libwrap utilities
IPv6 ready.
Thu Aug 12 14:42:25 JST 1999
* kame/kame/racoon: make idea.h optional. now you can install SSLeay
without idea, and build racoon (some users need this for patent
Wed Aug 11 21:18:08 JST 1999
* netbsd/lib/libwrap: libwrap that handles IPv6 correctly.
IPv6 address should be wrapped in square bracket to avoid
confusion about colon, like this:
telnetd: [::1/128] [3ffe::/ffff::]
Tue Aug 9 JST 1999
* repository reorganization: NetBSD and FreeBSD228 uses
new repository at this moment.
Sun Aug 8 01:50:14 JST 1999
* kit/ports/vic6 (FreeBSD228): vic video conference system.
Fri Aug 6 JST 1999
* sys/netinet6/{tcp6,udp6}* (platforms with TCP6):
* sys/netinet6/ip6_fw.[ch]: IPv6 packet filter ported from
KAME/FreeBSD228 to all platforms.
1999-08-06 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): when attaching, initialized
in6p_ip6.ip6_hlim. Without this fix, kernel might send a packet
with 0 hop limit.
Thu Aug 5 20:51:31 JST 1999
* kit/ports/emacs20: add emacs-20.4
patched by:
Tue Aug 3 23:26:17 JST 1999
* kit/ports/netperf: add netperf-2.1pl3
a part of patch by:
Tue Aug 3 19:29:28 JST 1999
* kit/src/mchat: tiny multicast chat program, for testing your
multicast IPv6 network.
Mon Aug 2 19:14:58 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.76.
Sat Jul 31 12:14:07 JST 1999
* kit/src/libinet6/getnameinfo.c: NI_NUMERICHOST and NI_HOSTREQD
conflict with each other (NI_HOSTREQD requires DNS lookup while
NI_NUMERICHOST prohibits that) so raise error if both are specified.
From: Hajimu UMEMOTO <>
1999/07/31 06:31:34 JST
sys/netinet6/tcp6_subr.c, udp6_usrreq.c (FreeBSD228, BSDI3):
-consider interface id at link local address connect error
Fri Jul 30 10:15:56 JST 1999
* kit/src/traceroute6: allow "traceroute6 -q1 foo".
KAME PR: 135
Fri Jul 30 01:16:40 JST 1999
* kit/sbin/ifconfig, kit/usr.bin/telnet, sys/netinet6,
kit/src/traceroute, kit/src/pim6sd, kit/src/rrenumd, kit/src/inet6d,
kit/src/libinet6, kit/src/libpcap, kit/src/gifconfig:
(NetBSD14) 64bit CPU friendly. Basically, be more strict about types.
(1) size_t may not be int (cast to u_long on printing)
(2) time_t is not the same type as tv_sec
(3) SIOCGIFCONF returns unaligned structures so memcpy() before
touching content
(4) always need proper header file for mem* and str*
(5) do not touch unaligned structures. fill aligned structure
then perform memcpy().
(6) libpcap/net/bpf.h must be in sync with sys/net/bpf.h.
(7) 2nd arg to ioctl() must be u_long, not int.
1999-07-29 JINMEI, Tatuya <>
* src/bgpd/aspath.c (aspath2cost): not assert even if AS path
segment is NULL, which means an empty AS path. This fix is
essential when an IBGP peer sends an UPDATE message with an empty
AS path.
Thu Jul 29 18:18:07 JST 1999
* kit/src/rtsol: warn if net.inet6.ip6.accept_rtadv is false
(if it is false, rtsol will have no effect at all).
Wed Jul 28 16:32:02 JST 1999
* kit/src/rtsol: Sleep for a short period of random time before
sending the first RS.
(actually we check for tentative/non-tentative before sending the
first one, so this may not be needed)
Sleep RTR_SOLICITATION_INTERVAL seconds between resends.
(RFC2461 6.3.7, SHOULD)
1999/07/28 17:05:26 JST
* usr.sbin/inetd (FreeBSD32):
-fixed command names in man
-added new protocol type tcp46 and udp46 for future compatibility
1999/07/28 14:22:12 JST
* netinet/tcp_input.c,udp_usrreq.c
netinet6/tcp6_input.c,udp6_usrreq.c (FreeBSD228):
added "log_in_vain" for TCP and UDP over IPv6
1999-07-28 JINMEI, Tatuya <>
* src/pim6sd/pim6stat: added to show status of a PIM6 daemon.
Tue Jul 27 23:06:12 JST 1999
* kit/ports/mpg123, kit/pkgsrc/audio/mpg123: upgrade to 0.59r.
Tue Jul 27 22:51:49 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.74.
1999/07/27 15:14:30 JST
* etc/rc.net6:
changed KAME/FreeBSD32 inetd's name to inet46d and
enable it by default, if it exists.
1999/07/27 15:10:37 JST
* usr.sbin/inetd (FreeBSD32):
-merged IPSEC support from kame_228
-changed the name from "inetd" to "inet46d" because the
non FreeBSD32 inetd(v4-only) commands name conflict
with this command
1999/07/27 13:58:06 JST
* net/route.c:
changed M_WAIT to M_DONTWAIT because this could be
called from splnet() level in KAME.
Mon Jul 26 21:32:33 JST 1999
* kit/src/tcpdump: a bit of cleanups. add print-mobile.c (RFC2004)
from NetBSD. add print-l2tp.c by
NOTE: you may need to remove kit/src/tcpdump/Makefile manually,
or perform "make clean" in kit/, to build the userland.
Mon Jul 26 18:18:36 JST 1999
* kit/ports/irc, kit/pkgsrc/net/irc: add irc-2.10.2p1, The
'Internet Relay Chat' Server. compiles but not tested.
1999/07/26 05:38:48 JST
sys/netinet6/in6_pcb.c,udp6_usrreq.c (FreeBSD32):
-Fix the :: connect problem on FreeBSD 3.2
-Also fix the link local address connect problem
1999-07-23 JINMEI, Tatuya <>
* nd6.c (nd6_cache_lladdr): changed the logic of setting the
IsRouter bit; always set the bit for an entry of a `better router'
learned from a redirect message. I believe this is the intention
of RFC 2461, section 8.3.
The fix responded to a conformance test by the TAHI project.
Mon Jul 25 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13:
upgrade to use latest IPv6 patch. now filtering based on domain
name works properly.
Fri Jul 23 00:48:18 JST 1999
* kit/pkgsrc/net/rsync, kit/ports/rsync: upgrade to latest IPv6 patch.
Fri Jul 23 JST 1999
* sys/netinet6 (NetBSD 1.4): implement IPv6 path mtu discovery.
Now long distance TCP should work fine.
Thu Jul 22 11:55:14 JST 1999
* sys/netkey/key.c:
remove to check SA direction.
Thu Jul 22 11:30:07 JST 1999
* netinet6/ipsec.c:
give up to check transport mode restriction for forwarding packet.
But, this check should be done somewhere.
Wed Jul 21 02:45:07 JST 1999
* kit/usr.bin/ftp/ftp.c: BSDI4 ftpd returns junk reply against EPSV.
try to handle the situation properly by becoming more restrictive
against return code.
1999-07-20 JINMEI, Tatuya <>
* raw_ip6.c (rip6_input): changed not to use ip6->ip6_plen(which
will be zero for a jumbo payload) in checksum calculation.
The fix was based on a bug report from <>.
Tue Jul 20 02:15:38 JST 1999
* kit/libexec/tftpd, kit/usr.bin/tftp (NetBSD 1.4):
add IPv6 support.
Tue Jul 20 01:47:06 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.73.
Mon Jul 19 23:01:13 JST 1999
* kit/ports/ncftp3, kit/pkgsrc/net/ncftp3: upgrade to 3.0beta19
1999-07-19 JINMEI, Tatuya <>
* [bsdi3] sys/i386/isa/if_wl.c (wl_cse_handler): changed to call
in6_ifattach in CSE_CARD_INSERTION case in order to support IPv6.
Patch from: Masahiro Ishiyama <>
Thu Jul 8 12:16:55 JST 1999
* ports/ppp (FreeBSD3.2, 228):
updated to use 990708 IPv6 patch.
Fri Jul 9 16:38:01 JST 1999
* ports/apache13(FreeBSD3.2): sync with ports-current.
* src/v6test:
- forgot to install v6test.1
- supported construction of udp headers.
* usr.bin/ftp(BSDI): fix Y2K problem in using 'reget' command.
(applied M310-055 patch from BSDI)
Fri Jul 9 01:24:20 JST 1999
* kit/src/route6d: /16 routes were mistakingly added as host route.
From: Bill Sommerfeld <>
Wed Jul 1999/07/07 13:40:18 JST
* net/*, netinet6/*, netpm/*, sys/malloc.h
merged from FreeBSD3.2.
-prefix related extension
Now you can renumber prefix and addrs belong to it
at th same time, using "prefix" commmand or "rrenumd".
-fixed some IPv6 macro
-source code sync
Wed Jul 7 JST 1999
* bunch of portability fixes and clarifications,
including 64bit-architecture support and more strict type (for
example, use of time_t instead of long). Merged from KAME on
Wed Jul 7 01:18:16 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.71.
Tue Jul 6 18:28:30 JST 1999
* kit/src/{route6d,rtadvd,tcpdump}: fix 64bit CPU issues, like
sizeof(void *) != sizeof(int), sizeof(size_t) != sizeof(int).
* sys/netinet6: fix IPsec-only (and non-IPv6) build.
(found during NetBSD-current merge: thanks!)
Mon Jul 5 07:47:03 JST 1999
* kit/src/rtadvd: partial fix to signedness issue.
* kit/src/route6d.c: fix for signedness issue.
* kit/usr.bin/ftp (NetBSD14): fix junk pointer free during URL parsing.
(all found during NetBSD-current merge: thanks!)
1999-07-04 JINMEI, Tatuya <>
* in_gif.c (in_gif_output) (FreeBSD3): made sure to use the
configurable variable ip_gif_ttl as iphdr.ip_ttl.
1999-07-04 JINMEI, Tatuya <>
* in_proto.c(BSDI): set default value(GIF_TTL) of ip_gif_ttl.
Sun Jul 4 11:10:54 JST 1999
* sys (NetBSD 1.4): s/splnet/splsoftnet/ in IPv6/IPsec code.
Sun Jul 4 10:41:48 JST 1999
* GENERIC.v6 (NetBSD14): remove TCP6 as it needs many twist in userland
compilation if we try to support both. merged tcp (in netinet/tcp*)
is now stable enough.
NOTE: be sure to remove "options TCP6" from kernel config file,
otherwise kernel will not compile.
Sat Jul 3 21:11:05 JST 1999
* sys/netinet6/in6_pcb.c (NetBSD14): try to avoid reuse of port # when
opening listening socket. This fixes trouble when you perform
active ftp data transfer with the same server.
(client side always get the same port # and the server side need
to wait till TIME_WAIT state finishes)
* sys/netinet*/in{,6}.h: move IPsec sysctl index from IPPROTO_ESP
to IPPROTO_AH, so that it can be used even when the kernel does not
have IPSEC_ESP compilation option.
* kit/src/*: Makefile cleanups. (1) CPPFLAGS must be used for -D and
-I on NetBSD. (2) several lint fixes.
Sat Jul 3 05:43:18 JST 1999
* kit/src/pma,ptrconfig
* sys/net,netinet,netinet6,netkey,netpm,sys
FreeBSD32 is generally synced to FreeBSD228.
mainly added items are,
-v4 nat
-v4<->v6 protocol translation
-faith related extensions
-some more ipsec related sync
Fri Jul 2 23:57:45 JST 1999
* kit/src/ping6.c, sys/netkey/key_debug.c: fix for 64bit architecture.
From: Jason Thrope
* kit/src: avoid warnings.
* kit/usr.bin/telnet (NetBSD14): make source routing work.
* kit/usr.sbin/inetd (NetBSD14): dual stack inetd. "tcp6" gets
tcp6 socket for childs.
1999-07-02 JINMEI, Tatuya <>
* icmp6.c (icmp6_redirect_output): added source address check
before sending ND6 redirect according to RFC 2461, sec 8.2.
A new function nd6_is_addr_neighbor is implemented in nd6.c for
this purpose, although it is currently called only from
Fri Jul 2 08:23:05 JST 1999
* sys/netkey/key.c:
Fixed SA selection. When there was tunnel mode SA, not transport
mode SA, and you send transport mode, kernel selected tunnel mode SA
for your packet.
Fri Jul 2 05:23:44 JST 1999
* sys/netinet6/esp_core.c,kit/src/setkey:
Disabled new ESP with 3des-cbc mode and derived IV.
Enabled old ESP with des-cbc and 32bit IV.
Fri Jul 2 03:09:30 JST 1999
* kit/src/libinet6/get{addr,name}info.c:
get{addr,name}info.c works better in environment without
getipnodeby{addr,name}. It can perform queries for both
IPv4 and IPv6 (previously it performed only IPv4 query if
INET6 is not defined).
1999-07-01 JINMEI, Tatuya <>
* [BSDI]ip6_forward.c: experimentally added code to check
site-local source and to return an ICMP6 error if it breaks scope.
1999-07-01 JINMEI, Tatuya <>
* icmp6.h (ICMP6_DST_UNREACH_BEYONDSCOPE): was added according to
the new ICMP6 draft.
ping6, icmp6dump, traceroute6, and tcpdump were also rewritten to
use the new type.
1999-07-01 JINMEI, Tatuya <>
* ip6.h (IP6OPT_RTALERT_ACTNET): added a macro for as a new router
alert option value, which specifies that the datagram contains an
Atcitve Networks message.
1999-07-01 JINMEI, Tatuya <>
* ip6_mroute.c (ip6_mdq): moved M_LOOP flag check just before
sending a wrong-IF report. The older position was wrong since it
discarded a valid packet encapsulated in a PIM register message.
Thanks to: <>
Wed Jun 30 14:24:23 JST 1999
* sys (NetBSD14): bunch of cleanups, removing code that are not used,
comment fixes. MAPPED_ADDR_ENABLE is removed (this never worked).
tcp6 mapped address behavior was slightly changed.
Please read kit/IMPLEMENTATION for details.
* sys/i386/isa/if_ed.c (FreeBSD32): include opt_inet.h for INET6.
I REALLY HATE opt_inet.h. there is no way to check if I have
included enough header files.
* sys/netinet6/in6.h: uncomment prototype for inet6_options_*.
Fix typo.
Wed Jun 30 09:21:17 JST 1999
* sys/netinet6/esp_input.c: IPv4 esp tunnel packets were mistakingly
dropped by a typo. now it is fixed.
Found by:
Mon Jun 28 13:17:13 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.70.
Mon Jun 28 05:14:49 JST 1999
*kit, src/sys/netkey,crypt,netinet,netinet6 (FreeBSD32):
merged new ipsec and recent ipsec related changes.
Sat Jun 26 17:29:06 JST 1999
* kit/src/route6d: add -l option, which enables exchange of site local
routes. This option needs a great care as the semantics for site
local address space is quite vague.
Sat Jun 26 16:51:32 JST 1999
* kit/usr.bin/ftp (NetBSD14): fix ftp URL parsing in numeric IPv6
address case, like ftp://[::1]:9999/.
Sat Jun 26 15:37:23 JST 1999
* sys/netinet6/in6_pcb.c (NetBSD14): fix in6pcb lookup for listening
socket (this is for kenrels without "options TCP6").
From: Koji Kondo <>
Thu Jun 24 17:07:24 JST 1999
* sys/netinet6/udp6_usrreq.c: pass IPv6 extension header properly
to the user level. (call m_adj() after extension header
reception processing)
* kit/pkgsrc/www/apache13, kit/ports/apache13: upgrade to latest
IPv6 patch. This fixes domain name-based access control like
Wed Jun 23 22:35:06 JST 1999
* sys/netinet6: define net.inet6.ip6.kame_version sysctl MIB.
this shows KAME kit version as string. if you got the tree
from anoncvs or cvsup, it will be "from cvs repository".
if this is from SNAP kit, it will be like "SNAP 19991231".
Wed Jun 23 19:32:47 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.69.
Wed Jun 23 15:41:03 JST 1999
* sys/netinet6/ipsec* (NetBSD14/FreeBSD228/BSDI3):
define additional kernel config option "options IPSEC_ESP", which
enables ESP part of the kernel.
This is for US export regulation friendliness (I hate to have this)
"options IPSEC + options IPSEC_ESP" will build complete IPsec
(AH + ESP + IPComp)
"options IPSEC" will build IPsec kernel without crypto
(AH + IPComp)
without "options IPSEC", you'll get no IPsec.
NOTE: You need to add IPSEC_ESP if you want ESP code.
* sys/netinet6/ah_core.c (NetBSD14/FreeBSD228/BSDI3):
use OS-supplied MD5/SHA1 code, if the OS supplies that in libkern.
Tue Jun 22 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): stabilize tcp6 when "options TCP6"
is NOT defined. IPv4 mapped address (::ffff: can be
handled properly. inpcb and in6pcb are separate.
* kit/src/route6d: add more sanity check against command line option.
Mon Jun 21 05:54:37 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): add "options TCP6". If you would
like a stable IPv6 TCP (in netinet6/tcp6*, the one we have been
using), add "options TCP6". If you would like to test dual stack
tcp (in netinet/tcp*), do not add "options TCP6".
IPv6 TCP using netinet/tcp* is not stable yet.
* kit/usr.sbin/trpt (NetBSD 1.4): trpt with dual stack tcp support.
(if you build the kernel with separate tcp6 code, trpt will not
be able to show the trace for tcp6)
Sun Jun 20 05:38:26 JST 1999
* sys/netinet/tcp* (NetBSD 1.4): changes toward address family
independent tcp (so that we can share tcp4 and tcp6 source code).
nuked tcpiphdr. no IPv6 support yet.
* sys/netinet6 (NetBSD 1.4): tiny cleanups.
Fri Jun 18 03:04:55 JST 1999
* kit/ports/icecast:
Fixed to connect with encrypted password between icecast and shout.
You can define --with-crypt.
Thu Jun 17 22:09:00 JST 1999
* kit/ports/ethereal (FreeBSD 228): upgrade to use 0.6.2.
sorry for the delay.
Thu Jun 17 21:37:05 JST 1999
* kit/src/route6d: reorganize directory to use
now we have kit/src/{route6d,ifmcstat,rip6query}.
NOTE: "make clean" before cvs update, if you use anoncvs
Wed Jun 16 13:58:08 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13: use latest IPv6 patch.
bugs in mod_access were fixed.
From: "Chris P. Ross" <>
1999-06-16 JINMEI, Tatuya <>
* src/tcpdump/print-pim.c (pimv2_print): supported more detailed
analysis for PIM sparse related messages.
Tue Jun 15 08:31:31 JST 1999
* kit/ports/bind8, kit/pkgsrc/net/bind8: use latest IPv6 patch.
* kit/ports/apache13, kit/pkgsrc/www/apache13: use latest IPv6 patch.
Tue Jun 15 07:18:06 JST 1999
* sys (BSDI): merge in ALTQ 1.1.3 patch for BSDI.
You'll need altq-1.1.3-bsdi-19990615.diff.gz in, for building userland.
From: Hideaki Imaizumi <>
Tue Jun 15 05:01:13 JST 1999
* src/sys/netinet6/in6_prefix.c, in6_prefix.h, in6_proto.c,
in6_var.h, nd6.h, nd6_rtr.c (FreeBSD32):
-BUG fix of router renumbering (touched undefined pointer at prefix
-removed RR prefix related code from ND prefix related code
(Because, now ND prefix and RR prefix is separated)
-set net.inet6.ip6.forwarding and net.inet6.ip6.accept_rtadv
by function.
When, net.inet6.ip6.forwarding change from 0 to 1, clear all
ND prefixes, and set net.inet6.ip6.accept_rtadv to 0
When, net.inet6.ip6.forwarding change from 1 to 0, clear all
RR prefixes, and try to recover original net.inet6.ip6.accept_rtadv
value as much as possible.
Mon Jun 14 04:24:56 JST 1999
* kit/ports/pfs (FreeBSD228): add pfs portable file system.
compiles but not tested.
Mon Jun 14 03:46:36 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.68.
* sys/netkey/key.c, kit/src/racoon: racoon is now able to exchange
IPComp SA. NOTE: need more checking on keydb management code.
Sun Jun 13 20:14:26 JST 1999
* sys/netinet6/tcp6_subr.c: when transmissing RST packet,
initialize flowlabel field properly.
1999-06-13 JINMEI, Tatuya <>
* src/pim6sd: many serious bugs were fixed. Though it has still
some bugs, we believe it's now worth trying.
Fri Jun 11 10:27:37 JST 1999
* sys/net, sys/neinet6 (FreeBSD 3.2):
updated router renumbering
-separete RR prefix list from ND prefix list
-addrs assigned by ifconfig is linked to correspondent prefix,
and it is also controled by the prefix change.
-now, prefix command can be used only if
TODO: -remove RR prefix related code from ND prefix part
-when net.inet6.ip6.forwarding is become 1,
clear ND prefix list
-when net.inet6.ip6.forwarding is become 0,
clear RR prefix list
-merge onto other platform
1999-06-10 JINMEI, Tatuya <>
* src/pim6sd: imported PIM6 sparse mode daemon developed by
Mickael Hoerdt at LSIIT Laboratory.
Though it can be compiled and work to some extent, it still
contains some serious problems.
So, please be careful when you try it. We also very much welcome
bug reports and patches.
1999-06-09 JINMEI, Tatuya <>
* src/pim6dd/mld6_proto.c (accept_listener_report):
if the group of a received MLD report is link-local, simply
discard the report, instead of creating and maintaining a group
entry for the group. It would be a bit more efficient.
Suggested by: Mickael Hoerdt <>
Wed Jun 9 16:00:14 JST 1999
* kit/ports/{ct,v6eval} (FreeBSD228): upgrade to 0.2.
1999-06-08 JINMEI, Tatuya <>
* netstat/mroute6.c (mroute6pr): printed "reg0" as `physical
interface' for an interface to receive PIM register messages.
Advised by: Mickael Hoerdt <>
1999-06-08 JINMEI, Tatuya <>
* ip6_mroute.c: enabled PIM sparse mode related part.
Advised by: Mickael Hoerdt <>
Tue Jun 8 16:04:49 JST 1999
* sys/netinet6/tcp6_subr.c (NetBSD 1.4): avoid using dtom()
for tcp header template. use "pool" allocator instead.
Tue Jun 8 15:24:51 JST 1999
* kit/pkgsrc/mail/fetchmail (NetBSD 1.4): upgrade to 5.0.3.
Tue Jun 8 14:58:35 JST 1999
* kit/pkgsrc/www/apache (NetBSD 1.4): changed daemon installtion
directory from /usr/pkg/bin to /usr/pkg/sbin. NetBSD pkgsrc for
apache does this so we'd better follow that practice.
Sun Jun 6 15:45:31 JST 1999
* sys/netinet6/in6_ifattach.c (NetBSD14):
when attaching link-local address to an interface, defer routing
table setup to prevent danglink pointer to be recorded in routing
related to, or fixes, PR 109.
1999-06-05 JINMEI, Tatuya <>
* src/pim6dd: made administrative scope filter more generic.
The following two types can be specified:
- Group1-Group2: specifies a numerical range of a scope.
- GroupPrefix/Prefixlen: specifies a prefix of a scope.
Sat Jun 5 07:40:48 JST 1999
* sys/netinet6 (FreeBSD228/NetBSD14/BSDI): IPComp (IP payload
compression protocol) support.
See section 5 in IMPLEMENTATION for detalis.
Sat Jun 5 00:11:38 JST 1999
* kit/src/tcpdump: support IPComp (ip payload compression, RFC2393)
message decoding.
* kit/src/tcpdump: fix pim6 Register-Stop message decoding bug.
From: mhoerdt <>
NOTE: be sure to perform "make clean" in kit directory.
(or "make distclean" in kit/src/tcpdump)
1999-06-02 JINMEI, Tatuya <>
* mld6.c (mld6_input): use the M_LOOP flag in order to detect if
an MLD6 report is looped back.
IFF_LOOPBACK was used in the older versions, but it was wrong
since ip6_mloopback faked ifp.
1999-06-02 JINMEI, Tatuya <>
* in_gif.c, in6_gif.c[FreeBSD 2, 3]:
- included gif.h for appropriate initialization
- included sys/kernel.h, which is necessary for SYSCTL_INT
Thanks to: Koji Kondo <> for reporting the problem.
Tue Jun 1 22:34:46 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.67.
* kit/pkgsrc/net/bind8, kit/ports/bind8: use latest IPv6 patch.
now listen-on and some other directives work with IPv6 address.
Mon May 31 19:02:27 JST 1999
upgrade KAME FreeBSD 3.1 to 3.2
upgrade ALTQ from 1.1.3 to 1.2 (FreeBSD 3.2)
1999-05-31 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): zero-clear the reserved field of a
Fragment header in an outgoing packet.
Mon May 31 01:18:04 JST 1999
* kit/src/racoon:
Added more checking the ID payload in phase 2. Draft said that IDr2
must be immediatelly followed by IDi2. We allow the illegal case,
but logged.
1999-05-31 JINMEI, Tatuya <>
* (kernel): added new sysctls, net.inet.ip.gifttl and
net.inet6.ip6.gifhlim. They specify TTL or hop limit for a gif
encapsulated packet.
BSDI users should update /usr/local/v6/sbin/sysctl to access
these sysctl names.
1999-05-28 JINMEI, Tatuya <>
* src/pim6dd/timer.c (age_routes): reflect changes even if the
unicast routing table does not change. I believe this is a bug of
the original pimdd.
This fix is necessary in order to handle expiration of the prune timer
when the forwarding cache entry still exists.
Fri May 28 1999,
The following changes affect FreeBSD228, NetBSD14, BSDI version of
KAME, not others.
* sys/netinet6/ipsec.c: On IPsec operation on listening socket, do
not share security policy structure among sockets. This is better
because it allows more efficient SAD entry lookup, and it will
leave less obsolete SPDs kept in the kernel.
* kit/src/setkey: add -l option (to be used with -D), which generate
summary of SAD every 1 seconds. This is good for tracing IKE daemon.
* kit/src/racoon: so many changes and fixes.
- At this moment racoon does not support proposal group with multiple
proposal (say, ESP proposal and AH proposal with same proposal
ID #). Now racoon ignores such proposal from initiator when it
behaves as responder, and filters out such proposal in
configuration file when behaves as initiator.
- Transmit INVALID_COOKIE informational exchange when no matching
ISAKMP SA is found for phase 2 packet.
- Reload of configuration (on SIGHUP) now works correctly.
- Be more strict about configuration file. Die if there's no
required items listed on configuration file.
- Fix lifetime attribute parsing. if the lifetime value is out of
range (due to malformed packet, maybe), use default lifetime.
Previously it sets lifetime to 0 and this caused problems.
- Clarify many of internal structures, such as diffie-hellman
primes and keys (mainly for future support of new group mode).
- racoon now checks phase 2 soft lifetime. Now rekey can be done
more smoothly (TODO: phase 1 soft lifetime check).
- racoon is now more robust against duplicated packets (due to
resend from the peer).
- Phase 1 now supports various encryption algorithms, incl. Blowfish
and CAST128. Key length can be negotiated properly.
- Delete payload support. racoon accepts delete payload from peer.
racoon transmits delete payload if SADB_DELETE is received,
thus SAD delete operation from setkey command will generate delete
payload. Need more support in other occasions.
- Many improvements in debugging output.
- So many minor bug fixes.
Fri May 28 07:34:54 JST 1999
* kit/src/setkey: Setkey no longer display dead SAs in the kenrel with
-D. To see dead SAs as well, specify -a with -D.
Fri May 28 02:09:23 JST 1999
* kit/src/racoon:
- Do not listen to wildcard socket (grab list of addresses and
perform specific bind(2)). This is to prevent broadcast DoS attack
to IKE daemon. If you specify wildcard address in the config file,
warning will appear.
Thu May 27 05:16:34 JST 1999
* sys/net{inet6,key}/Makefile (NetBSD 1.4): include files can be
installed by "cd kame/sys; make incinstall".
(NOTE: this does not follow kame/kit/INSTALL)
Subject: (KAME-snap 632) header file installation on NetBSD 1.4
From: Erik Bertelsen <>
Thu May 27 01:51:14 JST 1999
* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade IPv6 patch.
now instructions on configuring IPv6 UDP multicast audio streaming
is provided.
Wed May 26 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.66.
Wed May 26 1999
* kit/src/traceroute: fix order of privilege control. (IPsec
setsockopt must be performed with root privilege)
* kit/sbin/ping (NetBSD 1.4): clarification on IPsec policy
configuration. NetBSD ping command transmits dummy ping toward
loopback address (for flushing route cache in ip_output). We do
not need IPsec for this operation so we specify "bypass" policy
for the operation.
Tue May 25 03:32:12 JST 1999
* kit/src/racoon:
- Fixed to manage the exchange status. i.e. There is no limit really
for payload ordering.
- Supported idea, blowfish, rc5, cast. But not tested.
- Called libcrypt for checking weak key.
- clean up
Sun May 23 06:51:35 JST 1999
* kit/src/racoon:
- Check Notify messages in phase 1, but still ignore.
- Ignore multiple SA in phase 2.
- Fixed sending localport number in ISAKMP packet. It was a constant
of 500.
- Insert actual port in use into ID payload.
- Delete ADMIN_PROTO_IKE from admin.h. IKE is not protocol.
- Improved kmpstat. print the information if error.
- Improved PF_KEY messaging by timer.
pfkey_send_{timer,try}: is to send PFKEY message.
pfkey_acquire_{timer,try}: is to wait to get IKE.
- Fixed remote directive in racoon.conf more than tree. cftab was
broken when there was not anonymous entry in the first remote entry.
- Fixed local test mode. There is a bit strange, but it works.
- Fixed some of crash problems.
- clean up. There are same processing in various places.
They should be merged.
CAUTION: There is rekeying issue.
There may be crash problem in aggressive mode.
Sat May 22 21:44:09 JST 1999
* sys/dev/ic/midway.c (NetBSD 1.4): import changes in ALTQ 1.2 PVC ATM
code (only for Adaptec/ENI ATM driver - no ALTQ support in NetBSD).
NOTE: compiles but not checked
* sys/i386/pci/midway.c (BSDI): import changes in ALTQ 1.2 PVC ATM
code (only for Adaptec/ENI ATM driver - no ALTQ support in BSDI).
NOTE: currently broken
* sys, kit/ports/altq (FreeBSD228): update ALTQ to 1.2. userland
tools must be installed by using kit/ports/altq.
From: Kenjiro Cho <>
Sat May 22 21:13:47 JST 1999
* sys/net/if_gif.c: call if_up() on positive edge of IFF_UP,
to send up RTM_IFINFO to the userland.
TOOD: more checks to other drivers (sometimes non-KAME issue
but we need RTM_IFINFO message for routing daemons).
1999-05-22 JINMEI, Tatuya <>
* kit/src/pim6dd: supported group-basis output filter. See
pim6dd.conf(5), which is also updated.
Sat May 22 14:34:59 JST 1999
* sys/dev/pci/aeon.c (NetBSD 1.4): fix aeon crypto pci card driver
for NetBSD 1.4. No test performed yet (I don't have encryption-
enabled card anyway, I can't buy one in Japan!).
Sat May 22 1999
* sys/netinet6/in6_ifattach.c (NetBSD 1.4): fix dangling pointer
on link-local address addition failures.
Sat May 22 04:17:01 JST 1999
* sys/netinet6/nd6_rtr.c (NetBSD 1.4): Simply call rtrequest() from
defrouter_addreq(), rather than re-implement the behavior. This is
much simpler and avoids bug due to misuse of memory allocator.
TODO: check if it was the right fix, there may be special requirement
in defrouter_addreq(), which we have forgotten.
This fixes misterious "panic on long suspend/resume session" bug.
This was generated when aged routes, which were generated by
defrouter_addreq, are get purged (so kernel panic can be raised
by ndp -R).
defrouter_addreq() allocated struct rtentry by R_Malloc, but
NetBSD 1.4 now uses "pool" allocator in net/route.c.
Then defrouter_addreq() inserted struct rtentry allocated by
R_Malloc onto the routing table. Kernel panic'ed if you try to
call pool_put() with pointer to non-pool region (happens on route
The bug was a bit hard to track. I spent few days to find a
repeatable steps to make the kernel panic, spent 4 hours to find the
cause. IMHO new allocators/deallocators (like pool_{get,put})
should provide more sanity checks (especially for alloc/free pool
mismatches) when DIAGNOSTIC is defined. Current DIAGNOSTIC code did
not help me much. I should do this next time...
Fri May 21 JST 1999
* sys/netinet6/nd6_nbr.c (NetBSD 1.4): synchronized ND6 code
with BSDI. This includes experimental fix for duplicated ND6
detection (see CHANGELOG entry on Fri Apr 8 1999).
Thu May 20 16:36:20 JST 1999
* kit/pkgsrc/www/lynx, kit/ports/lynx: use latest IPv6 patch.
now numeric IPv6 address is supported under "http://[::1]:80/"
Thu May 20 16:05:27 JST 1999
* kit/pkgsrc/net/rsync, kit/ports/rsync: IPv6-ready rsync 2.3.1.
Thu May 20 12:12:09 JST 1999
* kit/src/libinet6/getaddrinfo.c: filter out AFs that are not
supported by the kernel. This takes effect when you use AI_PASSIVE
on IPv4 only node (previously both :: and are returned)
NOTE: this change requires full rebuild of "kit" tree. be sure
to remove /usr/local/v6/lib/*.a before rebuild.
From: Alexander Fung <>
Thu May 20 06:18:11 JST 1999
* sys/netkey/key.c:
Check the each values of lifetime. If the value is zero then
kernel ignores its lifetime. Actually, we do check the addtime
and bytes.
Thu May 20 04:38:44 JST 1999
* kit/src/racoon:
Don't use the sockets failed to call socket().
Thu May 20 01:42:24 JST 1999
* kit/usr.bin/finger, kit/libexec/fingerd (NetBSD 1.4):
dual-stack fingerd/finger.
Wed May 19 21:48:12 JST 1999
* sys/netinet{,6}/ip{,6}_output.c (F228/N14/BSDI):
hide some of IPsec error code from the userland. (need elaborate)
some of IPsec errors (such as "no SA") should be shown as packet loss
to the users.
Wed May 19 15:17:11 JST 1999
* sys/netinet6/frag6.c: Do not use mbuf to keep fragment queue, as
this does not contain messages. use malloc() instead.
This avoids dtom().
From: Craig Metz <>
Tue May 18 22:13:59 JST 1999
* sys/netinet/ip_output.c (BSDI/NetBSD14/FreeBSD228):
even if SO_DONTROUTE is speicfied, we need to use struct route and
route the packet, for IPsec tunnel mode processing. handle struct
route accordingly.
Tue May 18 22:06:29 JST 1999
* kern/uipc_socket.c, sys/socketvar.h, netinet6/ip6_output.c
(FreeBSD 3.1):
-moved sooptmcopyout to ip6_output.c with some modification.
-added ip6_soooptmcopyin().
-use those functions in ip6_ctloutput() when coping option data between
soopt and mbuf chain.
Tue May 18 02:17:06 JST 1999
* sys/netinet6, sys/netkey (NetBSD 1.4): merge in new IPsec policy
engine. Now (1) racoon is usable, (2) IPv6 IPsec including tunnel
mode is available, (3) policy engine is much more flexible.
* kit/src: enable build of IPsec-supporting programs on NetBSD.
* kit/sbin/ping (NetBSD 1.4): support ipsec policy specification
by -E option (-P was already occupied).
Sun May 16 22:33:41 JST 1999
* kit/sbin/ifconfig (NetBSD 1.4): change behavior of "ifconfig
interface" to print all the interface address available, not just
inet addresses. The behavior looks more natural to me.
Sun May 16 03:38:03 JST 1999
* sys/netinet6/in6_ifattach.c (NetBSD 1.4):
Add link-local address to the ethernet interfaces (and join
mandatory multicast groups), when the interface is made IFF_UP.
In NetBSD, pcmcia interfaces are not initialized until IFF_UP,
so there seems to be no other option.
Good thing is that now we do not need to call in6_ifattach() from
drivers. It is of course okay to call in6_ifattach() from drivers,
if you are sure that the driver is proprely initialized.
NOTE: this change may break some of the userland tools, which checks
IPv6 interface address BEFORE bringing the interface up.
Sun May 16 01:01:24 JST 1999
* kit/pkgsrc/security/ssh, kit/ports/ssh: upgrade to 1.2.27 with
latest IPv6 patch.
Sun May 16 00:32:52 JST 1999
* KAME/NetBSD-1.4 is now buildable (both kernel and userland).
* kit/usr.bin/netstat: add support for "netstat -p tcp6 -P
<tcp6cb address>".
Sat May 15 08:20:30 JST 1999
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.65.
Fri May 14 21:18:45 JST 1999
* sys/netkey/key.c (BSDI, FreeBSD228): To transmit SADB_ACQUIRE
messages correctly from the kernel, changed the mbuf allocation
policy in key_sendup(). Now we allocate non-cluster mbuf chain
for most cases.
Previously we allocated cluster mbuf for most of the cases, and
this caused PF_KEY socket to be considered full and sbappendaddr()
to fail. This is due to wasted space on cluster mbufs
(sbspace() checks both actual data size and mbuf area size).
Fri May 14 11:50:15 JST 1999
* sys/netinet6 (BSDI, FreeBSD228): in IPv6 IPsec, tunnel mode now
works as well.
Note: IPv6 spec suggests the originating node to process HBH option
on the packet from the node itself (the originating node is
considered as "first hop"). However, we do not do this when
you apply IPv6 IPsec tunel onto the packet, since HBH option is
already encrypted when it is to be processed. This should be
fixed, however, IMHO this is very rare case.
Thu May 13 22:56:06 JST 1999
* kit/src/v6test/v6test.c: support interface with DLT_NULL
bpf encapsulation (i.e. loopback interfaces).
1999-05-13 JINMEI, Tatuya <>
* src/v6test/getconfig.c (make_ah): added to support
authentication header.
Also added some new tests in ext.conf.
Thu May 13 21:25:51 JST 1999
* kit/src/racoon:
Aggressive mode was supported, but not tested sufficiently.
XXX There must be Vender ID in fixed place of payload. TO BE MODIFIED.
1999-05-13 JINMEI, Tatuya <>
* uipc_socket2.c (sbcreatecontrol): if a given control message
is larger than MLEN, allocate an mbuf cluster and store the
message into the cluster.
Also, implemented more strict length check.
This fix is only for FreeBSD(2 and 3) and NetBSD. A similar fix
for BSDI was already done.
Thu May 13 20:18:37 JST 1999
* sys/netinet6/ip6_fw.c, sys/i386/conf/GENERIC.v6 (FreeBSD3.1):
made compilabel and bootable with ip6fw enabled.
not tested well enough.
Thu May 13 20:04:35 JST 1999
* sys/netinet6/ah_core.c: drop IPv6 AH packet with too many
extension headers, to avoid DoS attacks.
Use net.inet6.ip6.hdrnestlimit to configure the number of extension
headers allowed.
1999-05-13 JINMEI, Tatuya <>
* src/pim6dd/trace.c (accept_mtrace): added to support the
response part of mtrace(not tested yet).
1999-05-13 JINMEI, Tatuya <>
* ip6_output.c (ip6_setpktoptions): added the IPV6_DSTOPTS case,
which allowed user to specify destination options headers for an
outgoing packet.
(compilable, but not tested yet)
1999-05-12 JINMEI, Tatuya <>
* in6_pcb.c (in6_pcbbind): prevented binding a socket to an
address if it's anycast, notready, detached or deprecated.
1999-05-12 JINMEI, Tatuya <>
* netstat/inet6.c: sync icmp6names[] with the latest kernel.
1999-05-12 JINMEI, Tatuya <>
* icmp6.h: changed the size of icmp6stat.icp6s_{in, out}hist from
ICMP6_MAXTYPE + 1 to 256 since the former made the kernel
1999-05-12 JINMEI, Tatuya <>
* added a sysctl net.inet6.ip6.defmcasthlim, which gets or
specifies the default hop limit for an outgoing IPv6 multicast
Note that BSDI users must update both kernel and kit/sbin/sysctl
to enable the new sysctl.
Wed May 12 14:57:54 JST 1999
* kit/libexec/fingerd, kit/usr.bin/finger (FreeBSD228): finger daemon/
client fixed for dualstack support.
Wed May 12 14:12:44 JST 1999
* kit/ports/inn (FreeBSD228/31): IPv6-enabled netnews server,
version 2.2.
From: Satosi KOBAYASI <>
Wed May 12 10:33:32 JST 1999
* sys/netinet6/icmp6.h: node information query/response got the
official ICMPv6 type, so use the official number.
NOTE: need recompilation in userland (ping6), and old KAME and new
KAME will not interoperate due to the overwrap in number...
Wed May 12 02:29:13 JST 1999
* sys/netkey/key.c (FreeBSD228/BSDI):
Fixed to expire SA. It can't be sent SADB_EXPIRE message due
to my mistake.
Added test implement for lifetime by byte counts.
You must be careful to set its value otherwise it causes many
SA to be set.
e.g. time limit = 22896000(s)
byte limit = 100(KB)
Tue May 11 18:48:37 JST 1999
* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade to latest
IPv6 patch, with song name broadcasting/request hack.
Tue May 11 18:26:06 JST 1999
* sys/netkey (FreeBSD228/BSDI): strictly perform reference count on
SPD/SAD. Now netkey seems to have almost no memory leaks.
* sys/netkey/key.c, kit/src/setkey/setkey.c (FreeBSD228/BSDI):
throw results of SADB_DUMP and SADB_X_SPDDUMP message as separate
message to pfkey socket. This should be more reasonable as each
of the result (for single SAD/SPD entry) has sadb_msg header.
Mon May 10 03:16:49 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.1.
Sun May 9 16:39:31 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby: update to use latest IPv6
Sun May 9 03:51:09 JST 1999
* kit/src/racoon: get/set proper source/destination address for IKE
packets, using IP_RECVDSTADDR and IPv6 advanced API.
this is needed to support hosts with more than 1 IP addresses
(i.e. most of IPv6 node needs this).
TODO: scoped IPv6 addresses support (link-local and site-local).
Sat May 8 23:13:53 JST 1999
* sys/netkey:
Fixed tick counter problem, that is timeout() re-sets lifetime to 1(s)
when you use too big lifetime. Now the timer about IPsec key
management is processed in key_timehandler().
Sat May 8 18:53:29 JST 1999
* sys/netinet, sys/netinet6 (BSDI, FreeBSD228): Inherit IPsec policy
configuration on tcp socket, across accept() operation (in the past
IPsec policy must be configured after accept()).
Now, you can configure IPsec policy onto listening tcp socket,
and wait for new conncection to come by accept(). The new socket
returned by accept() has the same IPsec policy as the listening tcp
socket. This should be more natural behavior to the programmers,
and this behavior is inevitable for protecting SYN/SYN ACK packet
from attackers.
Sat May 8 15:21:01 JST 1999
* kit/src/inet6d: Add quickhack to specify IPsec policy by specially
formatted comment line (starting with "#@"). Experimental and
is subject to change in the near future.
* sys/netinet, sys/netkey (BSDI, FreeBSD228): fixed IPsec policy
engine for IPv6 IPsec via IKE.
Fri May 7 13:59:16 JST 1999
* kit/src/tcpdump/print-ospf6.c: decode ospf6 packets.
NOTE: do not forget to perform "make distclean" (or, "make clean"
in kit directory). otherwise, old Makefile calls build failure.
Fri May 7 02:25:23 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.
now OSPF6 is ready for testing (but not for actual use - kernel
routing table will NOT be updated).
Thu May 6 14:18:12 JST 1999
* kit/src/tcpdump/print-pim.c: added pim dm decode routines.
(need pim-noisy network to debug this...)
Thu May 6 17:32:06 JST 1999
* sys/netinet6 (FreeBSD228): (1) separate IPv6 IPsec (transport-mode)
output processing into ipsec6_output_trans(), for cross-OS
(2) Multiple transport-mode IPsec headers can be inserted, in any
(3) Most of IPsec output functions now returns int, instead of
struct mbuf * (no mbuf head pointer will be modified).
It is for better uniformity, and better error code handling.
(4) Some of the IPsec fuctions assume certain property from mbuf
chain. See comments for those assumptions.
TODO: tunnel mode
Wed May 5 13:31:28 JST 1999
* kit/ports/tcp_wrapper: IPv6-ready tcp_wrappers_7.6.tar.gz
NOTE: this is separate from kit/ports/tcpd. kit/ports/tcpd is a
rewrite of tcp_wrappers for IPv6 (similar functionality but
completely separate codebase). kit/ports/tcp_wrapper is IPv6-
enabled tcp_wrapper.
From: Hajimu UMEMOTO <>
1999-05-05 JINMEI, Tatuya <>
* src/tcpdump/print-pim.c (pimv2_print): fixed a bug that a wrong
position was referred as the PIM version field.
Repored by Mickael Hoerdt <>
Wed May 5 06:03:59 JST 1999
* sys/dev/en/midway.c (FreeBSD3): pvc interface did not have the
IPv6 link-local address. There was some patch slipped off during
the merge.
From: Scott Mace <>
PR: 95
1999-05-05 JINMEI, Tatuya <>
* src/libpcap: supported a new protocol type `pim';
you can now invoke tcpdump like `tcpdump pim'.
Tue May 4 14:38:58 JST 1999
* sys/netinet6/ip6_output.c (FreeBSD228): make multiple transport-mode
AH on IPv6 work corretly.
add some sanity check to forbid inbound/outbound jumbogram packet
with AH (jumbogram and AH is ill-suited, spec-wise).
Tue May 4 13:25:51 JST 1999
* sys/netinet6/ip6_output.c (FreeBSD228): support IPv6 IPsec
(transport mode only) with new policy engine. To do this I've
changed some part of IPv6 option header construction routines,
so kick me if I've added any bugs.
Sun May 2 12:34:26 JST 1999
* kit/src/route6d/route6d.c: implement inbound route filter option (-L).
Sat May 1 13:45:36 JST 1999
* kit/usr.sbin/inetd (FreeBSD 2.2.8): Add quickhack to specify
IPsec policy by specially formatted comment line (starting with
"#@"). Experimental and is subject to change in the near future.
Sat May 1 JST 1999
* kit/src/libipsec/ipsec_policy.c: Added 2nd argument (int len) to
ipsec_set_policy(), to make it safer against buffer overflow.
Update the parser to be more strict about the IPsec policy string
Fri Apr 30 18:57:48 JST 1999
* sys/netkey/key.c:
Modified that kernel DOESN'T send SADB_EXPIRE message to user land
if SA is not used until expiration soft lifetime. Otherwise kernel
sends SADB_EXPIRE message with the values of current lifetime.
Fri Apr 30 17:53:43 JST 1999
* kit/src/route6d/route6d.c: Take care of dynamic interface adress
addition/removal, interface state change, and static route change.
Sideeffect: You can specify interfaces which are down, into the
command line options (like -N). Those interfaces can be used by
"ifconfig up" later.
Fri Apr 30 03:44:48 JST 1999
* kit/ports/apache13, kit/pkgsrc/www/apache13: upgrade IPv6 patch to
the latest one.
* kit/ports/zebra, kit/pkgsrc/net/zebra: use master distribution 0.63.
Thu Apr 29 22:26:34 JST 1999
* kit/src/racoon:
- Fixed proposal length when transform payload was created.
- Fixed the way to deal with nonces. When phase 2 rekeying happened,
and to reverse initiator and responder happened, then I dealed with
nonces reversely. Those effected to compute hash and keymat.
- Merged isakmp_compute_hash1() and isakmp_compute_hash2().
Thu Apr 29 17:26:48 JST 1999
* kit/src/tcpdump/print-isakmp.c:
Fixed a trivial bugs. It was mistaken to print transform id.
Thu Apr 29 16:26:44 JST 1999
* kit/sbin/ifconfig (BSDI): make "prefixlen" keyword work properly
as expected (sorry I'm embarrassed).
1999-04-29 JINMEI, Tatuya <>
* netstat/mroute6.c (mroute6pr): when printing the multicast
forwarding cache whose incoming interface is unknown, print
`---' instead of the magic number itself.
Note that the kernel source should also be updated.
1999-04-29 JINMEI, Tatuya <>
* src/pim6dd/vif.c (start_vif): set random delay before sending
the 1st PIM hello message in order to avoid hello message storm in
a bootstrap phase.
suggested by: Mickael Hoerdt <>
Thu Apr 29 01:25:36 JST 1999
* kit/src/dtcp: Dynamic Tunnel Configuration Protocol daemon/client.
It will let you configure IPv6-over-IPv4 tunnel dynamically with
APOP-like authentication.
The protocol was proposed by Peter Tattam of Trumpet.
NOTE: you'll need to install IPv6-ready ruby interpreter, by using
kit/ports/ruby (or kit/pkgsrc/lang/ruby).
From: Peter Tattam <>
1999-04-28 JINMEI, Tatuya <>
* src/pim6dd/pim6.c (send_pim6): used sendmsg() with IPV6_PKTINFO
cmsg instead of sendto in order to specify the outgoing interface
and the source address.
Thanks to:
Mickael Hoerdt <> for finding a
problem in the old version and sending a patch.
1999-04-28 JINMEI, Tatuya <>
* src/pim6dd/main.c (main): modified to call init_routesock after
making a child process, since the pid to access the routing socket
must be consistent.
Thanks to:
David PATE <> for finding the problem.
Mickael Hoerdt <> for sending a patch.
1999-04-28 JINMEI, Tatuya <>
* ip6_mroute.c (del_m6if): added a sanity check in del_m6if to
prevent kernel hangups, and modified to use in6_ifreq{} instead of
ifreq{} to avoid invalid memory access.
Wed Apr 28 19:26:48 JST 1999
* kit/pkgsrc/audio/icecast, kit/ports/icecast:
use new IPv6 patch. It is now possible to transfer mp3 files
over UDPv[46] multicast packets. This is really fun!
Wed Apr 28 14:30:22 JST 1999
* sys/netinet{,6} (BSDI 3.1): sync IPsec policy management code with
FreeBSD 2.2.8. This automatically removes many bugs in IPsec code,
simplifies policy management (but SPD is now mandatory), and adds
flexibility in packet formats.
However, IPv6 IPsec is now broken. Also, IPv4 IPsec is unstable
due to memory management bugs.
TODO: regress tests
Wed Apr 28 14:28:28 JST 1999
* sys/netinet{,6} (FreeBSD 2.2.8): do not strip TCP/UDP header from
mbuf, until ipsec policy engine checks the headers.
Wed Apr 28 05:19:07 JST 1999
* sys/netkey/key.c:
Fixed the way to search SPD. It always searched outbound SPD.
Tue Apr 27 02:59:50 JST 1999
* kit/src/racoon:
- Racoon become to do exchange tunnel mode. She gets the
encryption mode from kernel by PF_KEY and set to SA payload later,
so ignores the directive "encryption mode".
XXX: There have been rekeying problems yet.
I believe that it's local address of phase 1 as proxy address
whenever doing pfkey_update, and it's remote address of phase 1
as proxy address whenever doing pfkey_update.
- Added IPSECDOI_ATTR_ENC_MODE_DEFAULT as transport mode
for the default of encryption mode.
- Arranged the function to set SA attribute.
Tue Apr 27 02:13:26 JST 1999
* sys/netinet/ip_input.c,sys/netinet6/ip6_input.c:
Stoped to remove M_AUTHIPDGM, not M_AUTHIPHDR, from m_flags.
It caused checking policy of ESP inbound tunnel to be failed.
NOTE: I believe that M_AUTHIPHDR will obstruct as such above
when checking AH inbound tunnel policy, too.
Mon Apr 26 09:35:34 JST 1999
* sys/i386/isa/kms.c (BSDI): Keyboard mouse driver implemented by
Keisuke Uehara <>. Makes cursor keypad behave as
mouse cursor movement. /dev/kms0 will speak bus mouse protocol.
Not very KAME thing, but is really useful addition for notebooks.
1999-04-23 JINMEI, Tatuya <>
* src/bgpd/bgp.c: for passively opened BGP4+ connection, use
the configured value of local preference.
Thanks to for pointing it out.
Fri Apr 23 15:32:45 JST 1999
* kit/ports/fwtk6 (FreeBSD 2.2.8): TIS firewall toolkit, modified for
IPv6 connections. NOTE: you'll need to get original fwtk 2.1 by
yourself (you must read and agree the license agreement from TIS).
From: Hajimu UMEMOTO <>
Fri Apr 23 01:07:41 JST 1999
* sys/netkey/key.c:
Fixed the problem that key_get(), and rarely key_dump(), return error
code but error didn't happen.
Thu Apr 22 18:16:06 JST 1999
* kit/src/racoon:
'path' directive is added for post-command execution.
NOTE: This do update PATH, not to be added.
Thu Apr 22 17:45:16 JST 1999
* kit/src/racoon:
Before post-command excution, set local and remote addresses of
phase 1 to environment value named RACOON_INFO.
1999-04-22 JINMEI, Tatuya <>
* nd6_rtr.c (in6_ifdel): made sure that leave the solicited-node
multicast address associated with the deleted address. Also
call in6_savemkludge() before freeing the ifaddr structure.
1999-04-22 JINMEI, Tatuya <>
* mld6.c (mld6_sendpkt): looped an MLD6 packet back to the sending
node if the node is a multicast router, which has been disabled by
`ifdef notyet' although we already have multicast routing.
1999-04-22 JINMEI, Tatuya <>
* in6.c (in6_control): automatically embed a link-local interface
index of a destination address specified via the
1999/04/22 16:36:54 JST
* sys/netinet/tcp_input.c (FreeBSD3.1):
Bug Fix: call ip6_savecontrol() also other than when
accepting the connection.
Thu Apr 22 12:41:14 JST 1999
* kit/src/racoon:
Fixed the problem of phase 2 negotiation. Now it gets success
the negotiation of phase 2.
XXX: There is phase *1* rekeying problem while phase *2*
Thu Apr 22 06:10:52 JST 1999
* kit/src/racoon:
- Added new directive "post-command" for racoon configuration. When
IKE phase 1 negotiation has been finished, then this is excuted.
"post-command" consists three directive;
"exec" defines to excute command when phase 1
negotiation has been completed.
"success" defines to excute command when `exec' command
was success.
"failure" defines to excute command when `exec' command
was failure.
- kmpstat can trigger to start negotiation of phase 1. Usage is
that, e.g.
# kmpstat establish-sa ike inet
1999-04-21 JINMEI, Tatuya <>
* src/rtadvd/config.c (getconfig): clear the configuration buffer
if the specified does not exist in the configuration file, which
is necessary to avoid to use a configuration for another interface
by mistake.
* src/rtadvd/if.c (get_next_msg): added RTM_GET case in the search
Wed Apr 21 11:44:11 JST 1999
* kit/src/rtsol: bring interface down, then up, before sending RS.
This is a workaround for pcmcia ethernet card drivers (used on
notebooks). It looks that some of the drivers do not initialize
multicast packet filter properly on suspend/resume session, and
RA (to ff02::1) cannot be received on the interface after resume.
It looks that down-then-up solves most of the cases.
TODO: if this solves the problem, /etc/pccard.conf (or
/etc/card.conf) should perform down-then-up on resume.
Wed Apr 21 04:01:21 JST 1999
* kit/src/racoon:
- TODO has been updated.
- With port numbers and prefixes, phase 2 exchange is available.
We need some time for the stability. It's on testing to do
exchanging IPsec tunnel mode.
- It's became to begin phase 2 negotiation by IPsec-SA expiration.
- s/LDUR/LD/ and s/LTYPE/LD_TYPE/, because of clarification.
- Begin the trying to manage IPsec SA by queue(3). But I have no
idea to manage the SA parameters directly.
- Begin the trying to manage the IPsec-SA exchange by IPsec SA list.
XXX MUST support multi SA exchange.
- Modified some code for ANSI-C.
- A lot of modification.
Wed Apr 21 00:58:39 JST 1999
* kit/src/rrenumd:
-parser fix for recognizing match{-,_}prefix and use{-,_}prefix
-cmsghdr related msglen operaton bug fix
-enabled sending to IPv4 destination
(though, receiver side is also need to be enhanced to receive it)
Tue Apr 20 21:19:16 JST 1999
* kit/sys/netinet/altq_red.c: fix IPv6 header parsing code.
1999/04/20 17:55:31 JST
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c
synced between BSDs
Tue Apr 20 15:26:49 JST 1999
* kit/usr.bin/vmstat (BSDI, FreeBSD 2.2.8, NetBSD): source code
included in the tree (just need a recompilation, to make "vmstat -m"
Tue Apr 20 10:45:44 JST 1999
* kit/ports/zebra (FreeBSD 2.2.8/3.1):
* kit/pkgsrc/net/zebra (NetBSD): upgraded to 19990420 snapshot.
Tue Apr 20 10:36:52 JST 1999
* sys/netkey/key.c:
Modified a bit of ipsec_setsecidx() to get IP address
and port from mbuf.
ASSUMED: basic header is placed continuously in a mbuf.
Mon Apr 19 21:02:24 JST 1999
* kit/ports/mpg123 (FreeBSD 2.2.8, 3.1):
* kit/pkgsrc/audio/mpg123 (NetBSD): MPEG audio layer 3 player.
(embeded HTTP support code is updated for IPv6 HTTP)
Mon Apr 19 19:35:35 JST 1999
* kit/ports/icecast (FreeBSD 2.2.8, 3.1):
* kit/pkgsrc/audio/icecast (NetBSD): icecast MP3 broadcasting system.
based on version 1.1.3 of the original distribution.
Mon Apr 19 19:32:44 JST 1999
* sys/netinet/tcp.h,tcp_input.c,tcp_output.c,tcp_subr.c, tcp_var.h
sys/netinet6/ip6_output.c,ip6_var.h (FreeBSD3.1):
mainly fixes for considering IPv6 more enough on mss calcuration.
-added v6mssdflt
-added sysctl for setting v6mssdflt
-added ip6_exthdrsiz() and let it check supposed sending v6 ext
headers total len, and remove that from mss
-made output checksum part more clear(I belive essentially no change)
Mon Apr 19 15:04:43 JST 1999
* kit/ports/rev_v6_address (FreeBSD 2.2.8): a representing PTR
records tool for mainting DNS.
* kit/ports/geta (FreeBSD 2.2.8): GET Address - simple IPv4/IPv6
address resolver
Mon Apr 19 14:24:43 JST 1999
* sys/netinet6: Add automatic flow-labelling support in kernel,
for all operating systems.
(see CHANGELOG entry on Sun Apr 4 02:24:00 JST 1999)
Sun Apr 18 16:45:18 JST 1999
* sys/netkey/keyv2.h
Added PFKEY_ADDR_PREFIX() for convenience.
Sun Apr 18 09:39:25 JST 1999
* kit/ports/libident6 (FreeBSD 2.2.8): identd library for
IPv6 connetions.
* kit/ports/pident6d (FreeBSD 2.2.8): identd for IPv6 connetions.
From: Hajimu UMEMOTO <>
Sat Apr 17 13:13:41 JST 1999
* kit/pkgsrc/lang/python (NetBSD): python 1.5.2 with IPv6 support.
Sat Apr 17 11:22:29 JST 1999
* kit/ports/python (FreeBSD 2.2.8): python 1.5.1 with IPv6 support.
Sat Apr 17 01:33:01 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 1999/4/16 snapshot.
Fri Apr 16 18:16:04 JST 1999
* sys/, kit/ports/altq (FreeBSD31):
updated ALTQ to 1.1.3
Fri Apr 16 10:20:39 JST 1999
* kit/ports/sendmail6, kit/pkgsrc/mail/sendmail6:
upgrade to 8.9.3 + IPv6 patch version W3.2.
Thu Apr 15 18:04:49 JST 1999
* sys/netinet/tcp_input.c, tcp_subr.c (FreeBSD3.1):
rewrite tcp_respond() because it has incorrect pointer
reference bug. this caused keep alive packet with incorrect
checksum, and let long lived tcp connection die.
now tcp should become more stable.
Thu Apr 15 14:53:34 JST 1999
* kit/ports/mediator: added port directory for Mediator DNS relay
resolver daemon. NOTE: the master distribution is restricted so
most of you will not be able to compile this.
* kit/ports/kaffe: port for IPv6-ready kaffe (IPv6 patch by INRIA
guys). Not finished yet.
Thu Apr 15 08:57:24 JST 1999
* kit/src/man: add kame(4).
Thu Apr 14 JST 1999
* kit/src/libinet6: Made getaddrinfo.c and getnameinfo.c compilable
on most platforms (do not define INET6). This should be useful
when making applications IPv6-aware (supply KAME getaddrinfo.c in
"missing" directory and use AC_REPLACE_FUNCS(getaddrinfo) in
Wed Apr 14 20:57:13 JST 1999
* kit/src/racoon:
Added the sending some administration commands to kmpstat.
reload config, show schedule, show several SA,
delete several SA, flush several SAs, establish several SA
Added to handle some administration commands to admin.c. There are
some commands have not been supported yet, and these aren't tested
XXX: should be specified the efficient formats for
the communication which is between racoon and kmpstat.
Changed default port for administration.
racoon.conf is obsoleted by ibm.conf.
Wed Apr 14 18:26:14 JST 1999
* kit/ports/{ct,v6eval} (FreeBSD 2.2.8): TAHI IPv6 conformance test
kit, released today (0.1). See for details.
1999-04-14 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): fixed a bug of (possible) NULL pointer
access in PRU_CONNECT case in rip6_usrreq. FreeBSD 3.1 version
has the same problem in rip6_connect(), which was fixed as well.
Wed Apr 14 01:20:23 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby:
upgrade to ruby 1.2.5 with latest IPv6 patch.
Tue Apr 13 18:06:03 JST 1999
* kit/ports/ruby, kit/pkgsrc/lang/ruby:
object oriented scripting language "ruby" 1.2.4 with IPv6 support.
Tue Apr 13 10:45:00 JST 1999
* kit/src/libipsec:
Added EIPSEC_INVAL_PREFIXLEN into ipsec_strerror.h.
To handle prefix, added `prefixlen' to the parameter
in pfkey_send_{add,update,delete,get}().
Mon Apr 12 21:21:59 JST 1999
* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c:
(1) check IFF_LINK0 on ingress, as specified in the manpage.
(2) do not encapsulate if IFF_LINK0 is down and physical destination
address is not configured.
(3) check if physical source equals to dst on the packet, on egress
when IFF_LINK is enabled.
Mon Apr 12 11:34:02 JST 1999
* sys/netinet6/nd6_nbr.c: clear tentative bit without DAD, when
net.inet6.ip6.dad_count equals 0. (this is a bug - sorry)
Sun Apr 11 21:04:05 JST 1999
* usr.sbin/inetd (FreeBSD3.1):
enabled to specify tcp6 as protocol type in inet6d.conf.
when it is specified, the opened AF_INET6 socket don't accept
IPv4 connection.
Sun Apr 11 18:18:56 JST 1999
* kit/ports/ppp (FreeBSD):
IPv6 patch level upgrade.
-filter specification bug fix
-added debug mode(never become daemon in any mode)
-when using ppp created ifid, try to use common ifid at first
on any ppp connection.
1999-04-11 JINMEI, Tatuya <>
* src/libinet6/ip6opt.c : implemented inet6_option_alloc(),
inet6_option_next() and inet6_option_find() functions.
1999-04-11 JINMEI, Tatuya <>
* ip6_input.c (ip6_savecontrol): implemented IN6P_HOPOPTS,
IN6P_DSTOPTS and IN6P_RTHDR options in order to get Hop-by-hop
options, destination options and routing headers by a userland
Sat Apr 10 12:17:08 JST 1999
* sys/netinet6/in6_gif.c, sys/netinet/in_gif.c:
Add ECN friendly mode to gif interface. "ifconfig gifX ilnk1"
should enable "ECN allowed" behavior (see draft-ipsec-ecn-00),
and ECN bits will be copied on ingress and egress.
"Copying ECN bit on ingress" violates of RFC1933 (which says
that outer IPv4 TOS bit should be 0). This should be used under
mutual agreement with tunnel endpoint.
Fri Apr 9 22:53:28 JST 1999
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade original distribution
to 1999/4/8 snapshot. ospf6d is in the tree but not compilable.
we really are looking forward to test ospf6d!
Fri Apr 9 22:24:44 JST 1999
* kit/src/route6d/route6d.c: avoid hardcoding # of interfaces.
now you should be able to handle as many interfaces as you can.
# of interfaces is obtained on startup time, so it cannot handle
dynamically added interfaces at runtime.
Fri Apr 9 JST 1999
* sys/netinet6: implement setsockopt(IPV6_FAITH) for NetBSD and BSDI.
(see CHANGELOG on Fri Apr 2 20:00:23 JST 1999)
Fri Apr 9 20:44:55 JST 1999
* sys/netinet/ip_ecn.[ch]: move ECN friendly ingress/egress code into
separate function, for better code reuse.
Populate ECN friendly IPsec tunnel code to all the platforms.
1999/04/09 20:26:03 JST
usr.bin/netstat (FreeBSD3.1):
-print only inet socket at "-f inet"
-print inet6 socket at "-f inet6"
-print inet6 addr correctly for inet6 socket
Fri Apr 8 JST 1999
* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
Implement heuristics against DAD NS loopback. See source code
for detail; it may be better than dad_ignore_ns, but not very
perfect and may violate spec anyway.
1999-04-08 JINMEI, Tatuya <>
* nd6.c (nd6_output): if the interface is other than Ethernet and
FDDI, simply put the packet into the interface instead of tring
to resolve the next hop.
1999-04-08 JINMEI, Tatuya <>
* raw_ip6.c (rip6_usrreq): for PRU_BIND, added a check to see
if the specified address is valid(e.g. not deprececated).
For PRU_CONNECT, used in6_selectsrc() in order to fill in the
source address field.
Thu Apr 8 20:14:45 JST 1999
* kit/src/faithd: get # of interfaces by using if_nameindex().
Thu Apr 8 19:39:01 JST 1999
* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
ignore incoming DAD NS packet, if dad_ignore_ns is set to 1.
By setting dad_ignore_ns to 1 (by bpatch maybe), you'll be able to
ignore DAD faults by drivers which loops packets back to itself
on promisc mode.
However, (1) you'll not be able to detect simultaneous DAD activity
on the subnet, nor same MAC address on the subnet (-> SparcStation2)
(2) it is not spec conformant behavior.
I dunno how many drivers are faulty, but at least BSDI mz driver
(which is my favorite) is broken, so would like to test this code.
Thu Apr 8 17:06:32 JST 1999
* kit/src/v6test: changed config file directory to PREFIX/share/v6test.
Thu Apr 8 17:01:42 JST 1999
* kit/src/libinet6/getaddrinfo.c: (1) do not attach canonname
"localhost" to ::1 and The name may not be ubiquitously
(2) add comment about get_addr() call when AI_CANONNAME is given for
numeric address. it is a bit strange that we do addr->name
translation here...
1999-04-08 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): If a hop-by-hop options header is
contained in an outgoing packet, examine and process it,
which behavior is required in the base IPv6 spec(RFC 2460).
Note that some other code relating to option processing was
also modified.
1999-04-08 JINMEI, Tatuya <>
* ip6_output.c (ip6_insert_jumboopt): fixed a bug that
the function does not adjust the length field of an already
existing hop-by-hop header.
Thanks to Kenjiro Komaki <> for finding the
Wed Apr 7 23:42:55 JST 1999
* kit/etc/rc.net6: add "sleep" after interface configuration. now
DAD will be performed for global addresses too, and we have to
wait till DAD's completion before invoking daemons.
Wed Apr 7 18:46:17 JST 1999
* kit/lib/libftpio(FreeBSD 2.2.8): try EPSV in IPv4 case too,
because EPSV behaves better for translators. Also, try EPRT in
IPv4 case too.
Wed Apr 7 18:02:28 JST 1999
* sys/netinet6/nd6_rtr.c: don't care link local addr
state and every time do DAD in in6_ifadd().
Wed Apr 7 17:28:17 JST 1999
* kit/src/ndp: Print out expired prefix as "expired",
not by negative lifetime value.
* kit/sbin/ifconfig: Do not print negative value for interface address
lifetime. This sometimes happens if you invoke ifconfig on the
expiration time.
* sys/netinet6/nd6*.c: Fix RA prefix information validation for
lifetime values. It now works as expected (RFC2462 5.5.3 (e) or
Jim Bound's rule - default is Jim Bound's rule).
(1) Do not remove prefix information in the kernel (struct
nd6_prefix) on expiration. Will be removed after
NDPR_KEEP_EXPIRED seconds. We need old prefix information for
validation purposes.
(2) Do not remove interface address when prefix information is
removed. Their lifetime is managed separately.
(3) Clarify validation rules for lifetime fields in RA prefix
Wed Apr 7 14:29:46 JST 1999
* sys/net/if.c (except BSDI 3.1): fix where we call in6_if_up() on
ioctls. (this is a routine to trap IFF_UP positive edge -
mainly for DAD)
1999-04-07 JINMEI, Tatuya <>
* nd6.c (nd6_output): was newly implemented, which is called from
ip6_output instead of ifp->if_output. The change mainly aims to
perform neighbor unreachability detection even if the outgoing
interface is not up.
NOTE: The change is still experimental and needs more tests.
So, it is not enabled unless the `NEWIP6OUTPUT' kernel
configuration option is specified.
Wed Apr 7 03:06:54 JST 1999
* kit/libexec/ftpd (NetBSD): fix EPRT.
* kit/usr.bin/ftp (NetBSD, FreeBSD2): try EPSV in IPv4 case too,
because EPSV behaves better for translators. Also, try EPRT in
IPv4 case too.
1999-04-06 JINMEI, Tatuya <>
* FreeBSD 2.2.8: merged Alteon Gigabit Ether driver from
We believe that it supports IPv6 as well, but we have not
tested yet.
Tue Apr 6 22:25:41 JST 1999
* kit/src/libpcap: Allow tcpdump on ATM interface for FreeBSD.
DLT type for ATM is defined in OS-supplied bpf.h, so follow that
value in libpcap/net/bpf.h.
Tue Apr 6 19:40:52 JST 1999
* kit/etc/rc.net6: on router, perform "ifconfig up" before configuring
interface to wait for DAD's completion.
Tue Apr 6 18:50:27 JST 1999
* kit/ports/ucd-snmp, kit/pkgsrc/net/ucd-snmp:
upgrade to 3.6.1 with latest IPv6 patch.
NOTE: on NetBSD, snmpnetstat is not working right. this is a bug in
original distribution (ucd-snmp 3.6.1).
Tue Apr 6 18:00:08 JST 1999
* kit/Makefile: install documents in kit/* into
$(PREFIX)/share/doc/kame (usually PREFIX = /usr/local/v6).
Tue Apr 6 12:45:51 JST 1999
* kit/src/rtadvd: If old prefix configuration directive ("addr"
without "addrs") appears on rtadvd.conf, show warning to syslog and
exit. This should help people who forgot to update old
configuration file.
1999-04-05 JINMEI, Tatuya <>
* [NetBSD]in6.c (in6_control): fixed a bug that `ifconfig delete'
does not work correctly.
Mon Apr 5 17:39:54 JST 1999
* kit/ports/lynx (FreeBSD 2.2.8/3.1)
* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.
IPv4 numeric address in URL is now handled correctly.
(this was broken by IPv6 patch...)
Mon Apr 5 13:00:48 JST 1999
* kit/pkgsrc/net/ucd-snmp: (NetBSD 1.3.3)
GNU_CONFIGURE settings in caused trouble with ucd-snmp,
and snmpd hanged up on some specific queries. Now it is fixed and
working fine.
Mon Apr 5 04:17:51 JST 1999
* kit/ports/ppp (FreeBSD):
IPv6 patch level upgrade.
some more debug, improvement, and man fix.
-set ifid only for link local addr
-search MYADDRINET6 first, and then MYADDR
Sun Apr 4 02:24:00 JST 1999
* sys/netinet6: Add automatic flow-labelling support in kernel.
tcp6 inbound and outbound connection, and udp6 outbound packets
after connect(), will have flow label field filled in with a sequence
number (will be unique for 2^20 connections). Flow label portion
of sin6_flowinfo will be ignored.
This can be turned off by setting net.inet6.ip6.auto_flowlabel sysctl
variable into 0 (default is 1). If the value is 0, the value
in sin6_flowinfo will be used.
(experimental, KAME/FreeBSD 2.2.8 only)
Semantics of flow label is still rather vague. The semantics of
sin6_flowinfo field is also vabue. Some of us fear that,
if we leave it as is, nobody will be using flow label. We would
like to start by (1) marking as many connections as possible
with flow labels, then (2) try some QoS/diffserv things with the
marked traffic, then (3) think about how we should go forward.
TODO: other better support for flowlabel, such as filling
sin6_flowinfo on inbound traffic.
1999-04-03 JINMEI, Tatuya <>
* src/rtsold: changed to watch interface flags and to probe
advertising routers when an interface becomes up or down.
Sat Apr 3 11:27:18 JST 1999
* kit/ports/lynx (FreeBSD 2.2.8/3.1)
* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.
Fri Apr 2 20:00:23 JST 1999
* sys/netinet6, kit/src/faithd: implement setsockopt(IPV6_FAITH).
setsockopt(IPV6_FAITH) is now required to accept TCP
conection toward FAITH-relayed prefixes. This will affect
faithd daemon only, and this will protect other daemons (like
sendmail or httpd) from mistakingly accepting FAITH'ed TCP
(experimental, KAME/FreeBSD 2.2.8 only)
Fri Apr 2 20:00:23 JST 1999
* sys/netinet6/icmp6.c: Receive important ICMPv6 messages toward
FAITH'ed prefixes. This is required to make PMTUD work for
FAITH'ed TCP6 connections.
1999/04/02 16:33:03 JST
* kit/src/rtadvd:
Check dest interface's if_flagss and if not IFF_UP, don't send RA
to the interface. If it become IFF_UP again, restart sending RA to it.
Also, made if.h and added some common definitions to it.
Some debug on rtmsg type checking procedure.
Fri Apr 2 12:55:28 JST 1999
* kit/ports/ppp (FreeBSD 2.2.8, 3.1):
update v6 patch level. fix several bugs and man fix.
1999-04-01 JINMEI, Tatuya <>
* if.c (ifioctl): if an interface's mtu is changed by SIOCSIFMTU,
also change the ND6 level mtu associated with the interface.
1999-04-01 JINMEI, Tatuya <>
* ip6_output.c (ip6_output): prevented IPv6 level fragmentation
on a link that does not support link-level fragmentation.
XXX: currently we don't have any method to check if a link
supports link-level fragmentation.
Wed Mar 31 12:42:28 JST 1999
* kit/src/faithd: stabilize plain TCP relay.
- connection timeout will be measured for both diretions - timeout
won't happen if there's some data stream for either of the
TODO: tcp.c shouldn't fork(), for process table conservation...
- explicitly set SO_SNDTIMEO, to correctly detect write overflow
(= client side or server side disconnected the connection during
Wed Mar 31 12:42:28 JST 1999
* sys/netinet6: remove old FAITH implementation and user interface
knob, namely net.inet6.ip6.faith_prefix.
* kit/src/faith: make it a shell script for backward compatibility.
Tue Mar 30 23:21:05 JST 1999
* sys/netinet6/nd6_rtr.c: (1) do not use tentative or duplicated
link-local address as the seed for autoconfiguration.
(2) changed how kernel detects "fresh" prefix on RA packet.
Tue Mar 30 12:32:33 JST 1999
* sys/netinet6 (FreeBSD 3): merge in new faith code.
Now all operating systems are "new faith" ready.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Tue Mar 30 02:04:12 JST 1999
* kit/src/faithd: disconnect inactive sessions in 30 minutes,
to avoid stale connection to chewing up system resources.
TODO: should it be configurable?
Mon Mar 29 18:41:06 JST 1999
* sys/netinet6/in6.c, kit/sbin/ifconfig: (NetBSD and FreeBSD 2.2.8)
Support "ifconfig vltime" and "ifconfig pltime" for altering
interface address lifetime.
See CHANGELOG on Wed Mar 24 15:06:25 JST 1999 for detail.
Mon Mar 29 17:20:23 JST 1999
NetBSD pkgsrc catch-ups.
* kit/pkgsrc/net/wget: port for wget 1.5.3.
* kit/pkgsrc/net/zebra: upgraded to 19990327 snapshot.
* kit/pkgsrc/net/apache: upgraded to 1.3.6 + latest IPv6 patch.
* kit/pkgsrc/net/ncftp3: upgrade to use latest IPv6 patch
(see CHANGELOG on Thu Mar 25 16:21:11 JST 1999 by sumikawa).
1999-03-29 JINMEI, Tatuya <>
* ip6_output.c (ip6_setmoptions): when joining a node-local scope
multicast group, choose the loopback interface as the default
1999-03-29 JINMEI, Tatuya <>
* ip6_output.c (ip6_output), in6_pcb.c (in6_selectsrc):
added some consideration for node-local multicast addresses:
- route outgoing packets to the loopback interface
- choose the source address from the loopback
interface(typically it's the loopback address, ::1).
1999/03/29 01:42:43 JST
* kit/ports/ppp:
upgrade to 990309 version.
Mon Mar 29 01:41:04 JST 1999
* kit/ports/zebra (FreeBSD 2.2.8): upgrade to 19990327 snapshot.
1999/03/29 00:35:42 JST
* sys/net/if_tun.c (FreeBSD2.2.8, 3.1):
-Bug Fix: return ENOBUFS when M_PREPEND fails
-removed unused function
Sun Mar 28 00:37:36 JST 1999
* sys/netinet{,6}/tcp{,6}_subr.c: fix mbuf length computation bug
in ipsec[46]_hdrsiz_tcp().
From: Tomomi Suzuki <>
Sat Mar 27 07:17:34 JST 1999
* kit/ports/wget: (FreeBSD 2.2.8): wget 1.5.3 with IPv6 support
patch (by
1999-03-27 JINMEI, Tatuya <>
* icmp6.c (icmp6_redirect_output): fixed memory leak, that occurs
in a case where the function is called but no redirect should be
Fri Mar 26 20:51:28 JST 1999
* sys/netinet6: IPsec tunnel is now friendly with ECN (Explicit
Congestion Notification). Behavior can be configured in per-host
manner with sysctl, not per-SA manner.
Fri Mar 26 12:11:03 JST 1999
* src/sys/netinet/in_pcb.c (FreeBSD 3.1):
Bug Fix: added necessary next list entry replacement in for loop.
Also, use LIST macro.
Now infinite loop problem should have been fixed.
Fri Mar 26 03:04:10 JST 1999
* kit/ports/apache13 (FreeBSD 2.2.8): update to apache 1.3.6.
(need some regression test...)
Fri Mar 26 JST 1999
* sys/netinet6/ip6_output.c: boundary check for
IPV6_{UNI,MULTI}CAST_HOPS is added as described in spec.
Thu Mar 25 16:21:11 JST 1999
* kit/ports/ncftp3 (FreeBSD 2.2.8): update port
- try 'EPSV' connection first on IPv4 and IPv6 passive
- remove hard coded number
Thu Mar 25 15:32:54 JST 1999
* kit/src/faithd: fix "my address" determination. previous code
was caress about sin6_scope_id and sin6_port when comparing
interface address with getsockname().
Thu Mar 25 13:41:08 JST 1999
* kit/src/faithd: -p option lets you get IPv4 privileged src port
(port < 1024).
1999/03/24 23:26:50 JST
* kit/ports/perl5 (FreeBSD 3.1):
upgraded to perl5.005_55.(developer release)
Wed Mar 24 15:06:25 JST 1999
* sys/netinet6/in6.c, kit/sbin/ifconfig (BSDI):
ioctl interface is modified to allow (privileged) userland program
to modify interface address lifetime. ifconfig option "vltime" nad
"pltime" are implemented.
Tue Mar 23 21:56:52 JST 1999
* sys/dev/pci/aeon.c (NetBSD 1.3.3): Invertex AEON crypto/compression
card driver (ported from OpenBSD).
TODO: compression support in the driver
TODO: userland interface (/dev/lzs? /dev/md5? /dev/sha1?)
TODO: hook for KAME IPsec (this is a hard one...)
Tue Mar 23 19:05:00 JST 1999
* kit/sbin/ifconfig: add -L option, which displays address lifetime
for IPv6 addresses.
Tue Mar 23 18:03:41 JST 1999
* sys/netinet6 (NetBSD 1.3.3): merge in new faith code.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Tue Mar 23 10:30:46 JST 1999
* kit/src/ndp: generate timestamp on "ndp -t -A 1", to make output
merge-able with tcpdump's output.
1999-03-19 JINMEI, Tatuya <>
* src/ping6: added -a option in order to support the ICMP node
information node addresses Qtype.
1999-03-19 JINMEI, Tatuya <>
* icmp6.c: supported ICMPv6 node information the FQDN and node
addresses Qtypes.
1999-03-19 JINMEI, Tatuya <>
* in6.c (in6_setmaxmtu): was newly added to recalculate the
maximum MTU for outgoing IPv6 packets. The function is called
when there is a possibility of a change of the MTU.
Fri Mar 19 04:18:00 JST 1999
* kit/src/libipsec:
For handling tunnel mode, Added parameter for proxy address to
pfkey_send_add() and pfkey_send_update().
Thu Mar 18 17:56:19 JST 1999
* kit/src/faithd: update faith_prefix determination.
if USE_ROUTE is defined, faithd will determine faith_prefix
by the following
- if the getsockname() matches any of my interface address,
it is toward myself (not for translator).
- otherwise, it is for translator.
This behavior is for new "faith" pseudo interface support,
implemented in BSDI and FreeBSD 2.2.8 (at this moment).
sysctl MIB for faith_prefix is meaningless in this case.
if USE_ROUTE is not defined, faithd will determine faith_prefix
by the following algorithm:
- if the getsockname() matches faith_prefix (registered
via sysctl) it is for translator.
- otherwise, it is for myself.
This behavior is for old "faith" implementation.
Thu Mar 18 15:28:28 JST 1999
* kit/bin/route/route.c (BSD/OS 3.1): allow interface route to be
added by "route add -inet6 foobaa -interface if0".
Thu Mar 18 14:27:24 JST 1999
* sys/netinet6 (BSD/OS 3.1): remove HYDRANGEA_COMPAT compile option,
which is VERY obsolete. If there's anybody relied on this, please
migrate to advanced API.
Thu Mar 18 14:20:56 JST 1999
* sys/netinet6 (BSD/OS 3.1): merge in new faith code. userland should
be updated soon.
(see changelog on Thu Mar 11 00:27:55 JST 1999 for details)
Wed Mar 17 16:39:18 JST 1999
* kit/ports (FreeBSD 3.1): updated and made buildable many ports
as FreeBSD 2.2.8 update.
added: ncftp3, squid11, wbd
updated: apach13(to 1.3.4), mrt(to 1.5.2a), heimdal(to 0.1c),
sendmail6(to 8.9.2), gated-ipv6 (to snapshot-0399),
lynx(to 2.8.1rel.1), tcptrace(to 5.1.1), vat6(to 19981109),
vnc(to 3.3.2r3)
TODO: buildability check -> XFree86, mozilla
to be compilable -> perl5, ppp, ucd-snmp
update(also with kernel) -> altq
Wed Mar 17 09:15:12 JST 1999
* sys/netkey/keyv2.h
Added two macros for utilization to make sadb message,
Wed Mar 17 08:32:29 JST 1999
* kit/src/libipsec
Fixed pfkey_sadump() to print the values of lifetime extension.
1999-03-16 JINMEI, Tatuya <>
* sys/netinet6/ip6_output.c (ip6_output): changed to use the MTU
for fragmentation advertised via RA (if specified) instead of the
link MTU.
1999-03-16 Atsushi Onoe <>
* kit/src/traceroute6/traceroute6.c: support source route (-g)
1999-03-16 Atsushi Onoe <>
* kit/src/libinet6/rthdr.c: fix return value of inet6_rthdr_getaddr().
Tue Mar 16 15:24:22 JST 1999
* src/netinet6,netinet,netkey
* kit/src/libipsec,setkey,racoon,ping6,traceroute,traceroute6
* kit/sbin/ping:
* kit/usr.bin/telnet:
IPsec policy engine has been changed drastically.
Now it's NOT valid for old syntax to manage SPD by setkey.
You must use new syntax to configurate that.
XXX MUST be written many manuals.
The policy is managed by either setsockopt() or setkey
like following:
By calling setsockopt(3):
To set policy,
setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, len);
setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, len);
To delete policy,
To get policy,
getsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, &len);
getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, &len);
`policy' is the binary data formated sadb_x_policy defined
netkey/keyv2.h. You can make `policy' you want by calling
ipsec_set_policy(). for example:
ipsec_set_policy(buffer, "ipsec ah/use esp/use/");
NOTE: You must allocate buffer sufficiently.
By setkey command for administrater:
spdadd icmp -P bypass;
spdadd 3ffe:501:4819::1 3ffe:501:481d::1 tcp -P ah/use;
The argument `policy' follow to -P option is below,
policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
policy_type := "discard", "none", "ipsec"
ipsec_request := protocol "/" level ["/" proxy_address]
protocol := "esp", "ah"
level := "default", "use", "require"
Some user land command can configurate policy.
ping -P "ipsec ah/require/"
telnet -P "ipsec ah/use esp/use"
The argument `policy' follow to -P option is below,
policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
policy_type := "ipsec", "entrust", "bypass"
ipsec_request := protocol "/" level ["/" proxy_address]
protocol := "esp", "ah"
level := "default", "use", "require"
Be attention to `policy_type' against the case of using setkey.
XXX traceroute6 and ping6 were fixed, but don't use IPsec
XXX because kernel hasn't had IPsec code for IPv6 yet.
Added IPsec library for users convenience.
synchronized new ipsec.
output warning message in configure when using OpenSSL.
Calcurated hdr size of ESP/AH that predicted along with policy.
Returned max header size if no SA present.
Modified INBOUND policy check.
Added rejecting code to icmp{,6}_input.
Added a flag of mbuf:
M_AUTHIPDGM that is set when ther is ICV in packet.
Re-arranged mbuf flags about IPsec.
M_AUTHIPDHR data origin authentication for IP header
M_DECRYPTED confidentiality
M_AUTHIPDGM data origin authentication
Merged rejecting code about INET{,6}
Fixed callout_handle for FreeBSD3.x. XXX NOT tested.
Mereged key_newsa() and key_newsa2().
Arranged the code of key_setsaval().
Taking IN_ADDR in sockaddr as network byte order.
XXX that is violate to section 2. PF_KEY Message Format in RFC2367.
Changed semantics of sadb_lifetime_usetime.
XXX expiration check.
We operate CURRENT sadb_lifetime_usetime as the time,
in seconds, when association was last used. For HARD and SOFT,
the number of seconds after the last use of the association
until it expires.
We select the number of flows as the conecpt of
sadb_lifetime_allocations. So we increment the one
whenever calling {esp,ah}_{in,out}put.
Fixed memory leak when calling key_sendup without socket registerd.
That caused kernel to be crash when using SADB_X_PROMISC or mulsti
sockets registerd by SADB_REGISTER.
Added to fix m_len in ipsec?_in_reject() when following both situation.
- internet PCB exists.
- m_pkthdr.len != m_len.
XXX It's quick hack.
XXX With either socket or pcb, we should call IPsec stack.
Enclosed the part of identity extension processing in key_acquire().
XXX identity extension must be a record per src/dst or nothing.
XXX We don't have the way to regist proper identity record, By PF_KEY ?
Tue Mar 16 13:50:26 JST 1999
* kit/ports/gated-ipv6 (FreeBSD 2.2.8):
* kit/pkgsrc/net/gated-ipv6 (NetBSD 1.3.3):
update to use 99/3 snapshot. this is based on public snapshot
and should require no manual fetching (correct me if I'm wrong).
Tue Mar 16 06:30:58 JST 1999
* sys/netinet6/icmp6.c: do not generate icmp6 error against redirects.
this is a bit experimental but this change is decided in ipngwg.
Mon Mar 15 19:38:54 JST 1999
* src/libexec/ftpd (FreeBSD 3.1):
-enabled data connection on v4 mapped addr connection
-enabled passive mode for AF_INET (also on v4 mapped addr)
-enabled TCP_NOPUSH
-added PORTRANGE option for AF_INET6 (experimental?)
Mon Mar 15 14:39:33 JST 1999
* src/sys/netinet6/in6_ifattach.c (FreeBSD 3.1):
Bug Fix: correctly link ::1 to lo0 ifaddr list.
Sun Mar 14 06:42:10 JST 1999
* src/sys/netinet/tcp_subr.c (FreeBSD 3.1):
fixed ip length of reset packet at tcp_respond().
Sun Mar 14 02:07:05 JST 1999
* kit/ports/apache13 (FreeBSD 2.2.8):
* kit/pkgsrc/www/apache13 (NetBSD 1.3.3):
update IPv6 patch to version 19990314.
Now NameVirtualHost accepts hostname and port separately.
1999-03-12 JINMEI, Tatuya <>
* src/bgpd/bgp.c (bgp_process_update): fixed memory leak.
If you use BGP4+ using bgpd, you should apply the fix.
Fri Mar 12 14:47:57 JST 1999
* src/sys/net/if_spppsubr.c (FreeBSD 3.1):
merged cisco_hdlc support for sppp.
(patch is given from thanks very much!)
Fri Mar 12 14:47:12 JST 1999
* src/sys/netinet6/in6.c (FreeBSD 3.1):
Bug Fix: free correct ifa pointer at SIOCDIFADDR_IN6.
Also removed ifa(not so used), and use &ia->ia_ifa instead.
(kernel panic at IPv6 address remove problem is fixed)
Thu Mar 11 19:07:50 JST 1999
* src/usr.bin/netstat (FreeBSD 3.1):
enabled "netstat -s -f inet6"
Thu Mar 11 17:42:18 JST 1999
* sys/netinet/tcp_*(FreeBSD 3.1):
Bug Fix:
-backup ip_ver after in_cksum() at tcp_input() for later ver check.
-add isipv6 arg to tcp_respond() and not check ip_ver in it.
-fixed some tcp_t