Permalink
Commits on Apr 1, 2001
  1. clarified goto-ours logic:

    jinmei committed Apr 1, 2001
    1. separated checks against spoofed ::1 src/dst from the goto-ours check.
       this also fixed a bug that the kernel accepted a packet with
       src=::1, dst=invalid, rcvif=lo0
       (you can test it by 'ping6 -S ::1 fe80::xxxx%lo0", where xxxx is not an
        interface ID of lo0)
    2. (experimentally) omitted a specical case for link-local destinations at a
       loopback interface.  I believe this is correct, because
       - we now have a host route for fe80::1%lo0, so we can accept a packet to
         the address using the generic logic.
       - we can reject packets to fe80::xxxx%lo0 (xxxx != 1) by the check for
         the RTF_GATEWAY bit for rt_flags (ip6_input.c line 872).
       *** NOTE to developers:***
       this is the case for bsdi4, but please check it on other platforms.
       after the confirmation, I'll completely remove the part (currently, it's
       just escaped by '#ifdef 0')
Commits on Mar 30, 2001
  1. simplify diff

    itojun committed Mar 30, 2001
  2. repair RA input processing

    itojun committed Mar 30, 2001
  3. repair again

    itojun committed Mar 30, 2001
Commits on Mar 29, 2001
  1. 2001-03-29 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei committed Mar 29, 2001
    	* kame/sys/netinet6/in6.h (IN6_IS_ADDR_xxx): made the macros safe
    	to the gcc's -Wcast-qual option.
    	Based on a comment from Brian Wellington
    	<Brian.Wellington@nominum.com>.
  2. mobile-ip6

    itojun committed Mar 29, 2001
  3. style: removed blank lines just after the head lines.

    jinmei committed Mar 29, 2001
    (I don't mind to keep the blank lines if they were intentional, though)
  4. IP6A_xx is a flag bit, not a value.

    itojun committed Mar 29, 2001
  5. integrate new ericsson mobile-ip6 snapshot (based on 13 draft, after

    itojun committed Mar 29, 2001
    Connectathon 2001).
    
    changes from original ericsson shipment:
    - avoid using "time" as variable name, we can't do that in BSD kernel.
    - on function signature change for MIP6 (like static -> non-static) use #ifdef
      MIP6.  it has been making problems for *BSD-current merge.
    - add __attribute__((__packed__)).
    - make the tree compile without MIP6.
    - make the tree compile on openbsd (should be okay on netbsd too).
    	WARNING: two #warning line were suppressed, or replaced with panic().
    - avoid unnecessary cosmetic change.
    - avoid $Id$ (previous commit to mip6{config,stat}.
    - fix nd6.c neighbor state management breakage, due to one of additional MIP6
      debugging messages.
    
    while we are here, made a couple of changes:
    - add __attribute__((__packed__)) here and there.
    - remove KAME-only (pre-2292bis) MIP6 header declaratations.
  6. copy destination sockaddr to a separate buffer before calling freeadd…

    jinmei committed Mar 29, 2001
    …rinfo().
    
    the destination might be reused afterwards, in order to use a routing
    header.
  7. $KAME$

    itojun committed Mar 29, 2001
  8. add "rmoption IPSEC" into MIP6 section, as MIP6 does not compile with

    itojun committed Mar 29, 2001
    openbsd ipsec.
  9. made address testing macros `-Wcast-qual safe'.

    jinmei committed Mar 29, 2001
    based on a comment from Brian Wellington@nominum
Commits on Mar 28, 2001
  1. wording.

    jinmei committed Mar 28, 2001
  2. try to conform to draft-ietf-dnsext-mdns-00. (resolve "local.arpa")

    itojun committed Mar 28, 2001
    -d is now obsolete.
Commits on Mar 27, 2001
  1. pass upper layer protocol info for non-tcp/udp/icmp6.

    itojun committed Mar 27, 2001
    XXX what to do against intermediate headers.  i guess we should get rid of
    these *_get_ulp functions and try to check mbuf directly against SPD entry.
  2. * racoon/isakmp_ident.c: ident_ir2sendmx(): plug memory

    thorpej committed Mar 27, 2001
      leak -- gsstoken wasn't being freed at function exit.
  3. remove debugging messages like warn("foo").

    itojun committed Mar 27, 2001
  4. * racoon: Changes to Vendor ID payload handling. Determine

    thorpej committed Mar 27, 2001
      which VID we will send on a per-proposal basis; we may need
      to send a different one for each proposal depending on the
      proposal contents (e.g. GSSAPI auth method).  We no longer
      set the Vendor ID in the localconf.
    
      When matching the Vendor ID in check_vendorid(), use a table
      of known Vendor IDs, and return the index, and maintain a list
      of extensions that vendors implement (e.g. GSSAPI auth method).
      XXX We have a slight hack to recognize the Windows 2000 Vendor
      ID.  Need to clarify with the Microsoft IPsec guys.
    
      In Aggressive Mode, as responder, when sending first
      response, make sure to include a Vendor ID payload.
    
      In Main Mode, as responder, when sending first response,
      make sure to include a Vendor ID payload.
    
      XXX Still more Vendor ID processing fixes to go.  And
      GSSAPI auth doesn't interoperate with Windows 2000 yet.
  5. have net.inet.ip.maxfragpackets sysctl MIB.

    itojun committed Mar 27, 2001
Commits on Mar 26, 2001
  1. Fix missing value from return statement.

    thorpej committed Mar 26, 2001
  2. Add comments describing some private use number ranges, and

    thorpej committed Mar 26, 2001
    clarify when the GSSAPI-related attribute numbers are valid
    (i.e. we must have received the appropriate Vendor ID from
    the peer).
  3. Clarify when the ISAKMP_NPTYPE_GSS payload type is valid (i.e. we must

    thorpej committed Mar 26, 2001
    have received the appropriate Vendor ID from the peer).
  4. simply return if the backup file is not defined.

    sakane committed Mar 26, 2001
  5. 2.5.2p2

    itojun committed Mar 26, 2001
Commits on Mar 25, 2001
  1. ack Constantine Sapuntzakis

    itojun committed Mar 25, 2001
  2. * sys/netinet6/ip6_output.c: correct dangling pointer in jumbogram

    itojun committed Mar 25, 2001
      output logic.
      From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
  3. re-initialize mopt in ip6_insert_jumboopt().

    itojun committed Mar 25, 2001
    From: csapuntz@stanford.edu
  4. * sys/netinet6/{ip6_mroute,in6_prefix}.c: add missing splx.

    itojun committed Mar 25, 2001
      From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)