Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Dec 10, 2000
  1. add mtudisc_{hi,lo} wat

    itojun authored
  2. drop packet if it looks to be truncated/length field is bogus.

    itojun authored
    be sure to dummy read the packet if memory allocation is failed.
    
    XXX more sanity check
Commits on Dec 9, 2000
  1. add missing "\n" for printf in TV_DELTA.

    kjc authored
    report by Chris Cappuccio <chris@dqc.org>
  2. * sys/netinet6/icmp6.c (netbsd/openbsd):

    itojun authored
      implement high/low watermark on pmtud host route entries.
      create up to hiwat host route entries, if icmp6 too big messages is
      validated.  create up to lowat host route entries, if too big message
      is not validated (= traffic is from non-connected pcb).
      XXX hiwat/lowat default values
  3. openbsd/netbsd: implement hiwat/lowat on pmtud host route entries.

    itojun authored
    allow non-validated too big message, if we are < lowat.
    allow validated too big message, if we are < hiwat.
    XXX pick a victim and allow validated too big message, if we are in
    lowat < x < hiwat.
Commits on Dec 8, 2000
  1. from pcbnotify logic, always call icmp6_mtudisc_update, with validation

    itojun authored
    results.  it is up to icmp6_mtudisc_update, whether to install the pmtu result
    into the routing table, or to ignore it.
    this is to allow non-validated icmp6 too big messages to be installed
    if # of pmtud-generated routing entry is small enough.
  2. maintain # of rt_timer entries.

    itojun authored
    XXX check if there any possibility for inconsistency.
  3. avoid pmtud on nfs (netbsd)

    itojun authored
  4. to avoid PMTUD, set IPV6_USE_MIN_MTU for now.

    itojun authored
Commits on Dec 7, 2000
  1. re-enabled mld6.c, which seemd to be unintentionally disabled while d…

    jinmei authored
    …isabling
    
    miP6 stuff...
  2. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei authored
    	* kame/sys/netinet6/ipsec.c (ipsec6_output_trans): when an ipsec
    	SA cannot be found while ipsec is required, send an icmp6
    	dst_unreach_admin error (instead of silent discard).
    	NOTE: Please be sure to update icmp6.c as well.
  3. when an ipsec SA cannot be found while ipsec is required,

    jinmei authored
    send an icmp6 dst_unreach_admin error (instead of silent discard).
    XXX should be blocked by an ifdef?
  4. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei authored
    	* kame/sys/netinet6/icmp6.c (icmp6_reflect):
    	- processed scoped addresses in a generic manner.
    	- used in6_selectsrc to determine the source address of the
    	  reflected packet.
  5. in icmp6_reflect(),

    jinmei authored
      use in6_xxxscope to handle scoped addresses, not directly embed IDs.
      revisited the source address selection.
  6. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei authored
    	* kame/sys/netkey/key.c (key_cmpspidx_withmask): compared
    	sin6_scope_id values only when both two values were
    	non-zero. Without this fix, ::/0 would not match fe80::1%ne0,
    	which could be a security hole.
    	TODO: there seem to be additional misuse about scope in this
    	file. We'll have to fix them eventually.
Commits on Dec 6, 2000
  1. If there is a phase 2 handler against the policy identifier in

    sakane authored
    the acquire message, and if
       1. its state is less than PHASE2ST_ESTABLISHED, then racoon
          should ignore such a acquire message becuase the phase 2
          is just negotiating.
       2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
          has to prcesss such a acquire message becuase racoon may
          lost the expire message.
  2. natpt does not work at all

    itojun authored
  3. get rid of openbsd-only raw ip6 handler.

    itojun authored
  4. indent

    itojun authored
Commits on Dec 5, 2000
  1. in key_cmpspidx_withmask(), compare scope ID only when both two IDs are

    jinmei authored
    non zero.
    I'm not sure this is the best fix, but without this,
    ::/0 would never matches a scoped address...
  2. in6_ifdetach is not necessary for bsdi

    jinmei authored
    (I'm not sure if the condition "_BSDI_VERSION >= 199802" is really necessary.
     can we really ignore bsdi3?)
  3. * openbsd: use shared raw ip6 logic.

    itojun authored
  4. switch openbsd raw ip6 input to shared code.

    itojun authored
    TODO: bsdi4, compatibility check, more cleanups.
    XXX #define overrides are ugly.  we should synchronize inpcb member names.
  5. typo

    itojun authored
  6. s/inp_csumoffset/in6p_cksum/, for easier code sharing.

    itojun authored
    for userland, old name is available via #define
  7. revive the warning about using -m option on delete/get operation.

    sakane authored
    It will remain until snap users will confirm to remove them.
  8. The modification of 1.172 was incorrect. key_delete/get can select th…

    sakane authored
    …e SA
    
    without the mode.  Because SA can be distinguished by only the destination
    address and protocol, SPI at local system.  Note that a mode is just optional
    information of SA.
    The original problem was that there was a bug in key_add().
  9. tcp/faith

    itojun authored
  10. '-m' option is obsoleted. Because SA can be distinguished by only

    sakane authored
    the destination address and protocol, SPI at local system.
  11. $KAME$

    itojun authored
Something went wrong with that request. Please try again.