Permalink
Commits on Apr 14, 2001
  1. do not copy TTL field on ipsec packet encapsulation. RFC2401 p32.

    itojun
    itojun committed Apr 14, 2001
    From: <Ronald.vanderPol@surfnet.nl>
Commits on Apr 13, 2001
  1. make it equal to latest netbsd-1-5. won't compile as kame ships with

    itojun
    itojun committed Apr 13, 2001
    1.5 headers.
  2. backout part of 1.6 -> 1.7 (sys/types.h namespace pollution).

    itojun
    itojun committed Apr 13, 2001
    XXX we should sync up with whatever ume did on freebsd-current.
Commits on Apr 12, 2001
  1. wording

    jinmei
    jinmei committed Apr 12, 2001
  2. update information:

    sumikawa
    sumikawa committed Apr 12, 2001
    	libpcap		merged in original distribution
    	tcpdump		merged in original distribution
    	wget		merged as ftp/wget
Commits on Apr 11, 2001
  1. removed a period at EOL of a log message.

    jinmei
    jinmei committed Apr 11, 2001
  2. * racoon:

    sakane
    sakane committed Apr 11, 2001
    Supported to get a certificate from DNS CERT RR.
    Also getcertsbyname() is implemented In order to get CERT RRs.
    This function can use lwres.a if HAVE_LWRES is defined when racoon
    is compiled.
    XXX need more local test and interoperability test.
    XXX should be arranged too many certificate stuff in racoon.conf.
  3. add dnssec related files. not tested

    itojun
    itojun committed Apr 11, 2001
  4. make it compile (dnssec related *.c were added)

    itojun
    itojun committed Apr 11, 2001
  5. improved getcertsbyname(). it will use lwres_getrrsetbyname() for get…

    sakane
    sakane committed Apr 11, 2001
    …ting
    
    CERT RR if HAVE_LWRES is defined.
    XXX the response in my test environment cannot be valid,
    XXX so it is need more improvement.
  6. Supported to get a certificate from CERT RR of DNS.

    sakane
    sakane committed Apr 11, 2001
    XXX need more testing.
    XXX should be arranged too many certificate stuff in racoon.conf.
  7. fixed comments.

    sakane
    sakane committed Apr 11, 2001
  8. 2001-04-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei
    jinmei committed Apr 11, 2001
    	* kame/sys/netinet6/ip6_output.c (ip6_pcbopt):
    	* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions):
    	prevented invalid (anycast or unready) addresses from being
    	specified as the packet's source address using the IPV6_PKTINFO
    	socket option or ancillary data.
  9. prevented invalid (anycast or unready) addresses from being specified

    jinmei
    jinmei committed Apr 11, 2001
    packets' source address using IPV6_PKTINFO socket option or ancillary data.
  10. fixed comment.

    sakane
    sakane committed Apr 11, 2001
Commits on Apr 10, 2001
  1. a bit improved payload check in rsasig case.

    sakane
    sakane committed Apr 10, 2001
  2. Note latest round of racoon bug fixes from

    thorpej
    thorpej committed Apr 10, 2001
    George Yang <gyang@zembu.com>.
  3. quick_r2send(): Make sure to vfree(data) if we fail to allocate

    thorpej
    thorpej committed Apr 10, 2001
    a new body.  Fixes memory leak.  From George Yang <gyang@zembu.com>.
  4. get_ph2approvalx(): When we find a matching saprop, make sure to

    thorpej
    thorpej committed Apr 10, 2001
    flushsaprop(pr0), as the returned saprop is a copy.  Fixes a memory
    leak.  From George Yang <gyang@zembu.com>.
  5. ph1_main(): Add the message to the received-list before

    thorpej
    thorpej committed Apr 10, 2001
    processing to ensure the packet isn't processed twice
    in case of an error.
    
    quick_main(): Add the message to the received-list before
    processing to ensure the packet isn't processed twice
    in case of an error.
    
    isakmp_post_acquire(): Don't unbind the phase1/phase2
    handlers; let the caller do it.
    
    isakmp_newcookie(): Plug memory leaks.
    
    From George Yang <gyang@zembu.com>.
  6. pk_recvacquire(): Make sure the phase1 and phase2 handlers

    thorpej
    thorpej committed Apr 10, 2001
    are unbound before the phase2 handler is deleted.
  7. you can advertise route information option by rtadvd.

    suz
    suz committed Apr 10, 2001
    (assigned temporary route-information option type = 9)
  8. noted on router-preference

    suz
    suz committed Apr 10, 2001
Commits on Apr 9, 2001
  1. comment out a debug printf.

    itojun
    itojun committed Apr 9, 2001
    is the case important?  if it is very important, make it panic in DIANGOSTIC.
    this one gets visited if we run NFS server on NetBSD 1.5.1_BETA, i'm still
    trying to hunt the source down.
  2. printed error code after failure of in6_addmulti in in6_update_ifa().

    jinmei
    jinmei committed Apr 9, 2001
    (just for diagnosis)
Commits on Apr 8, 2001
Commits on Apr 7, 2001
  1. 2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei
    jinmei committed Apr 7, 2001
    	* bsdi4/sys/netinet/in_proto.c (inetsw[]): set ipsec_sysctl
    	correctly.  Without this, "netstat -p ipsec -s" does not work.
  2. 2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei
    jinmei committed Apr 7, 2001
    	* bsdi4/sys/netinet/tcp_input.c (tcp_peer_mss): avoided
    	IPv6 fragmentation when IPV6_USE_MIN_MTU is required.
Commits on Apr 6, 2001
  1. * racoon:

    sakane
    sakane committed Apr 6, 2001
    implemented to generate the policy in the responder side automatically.
    If the responder does not have any policy in SPD during phase 2
    negotiation, and the directive is set on, then racoon will choice
    the first proposal in the SA payload from the initiator, and generate
    policy entries from the proposal.  This function is for the responder,
    and ignored in the initiator case.
    XXX should be checked tunnel mode case.
  2. If the responder does not have any policy in SPD during phase 2 negot…

    sakane
    sakane committed Apr 6, 2001
    …iation,
    
    and the directive is set on, then racoon will choice the first proposal
    in the SA payload from the initiator, and generate policy entries from
    the proposal.  This function is for the responder, and ignored in the
    initiator case.
    
    XXX only transport mode case is checked.  should be checked tunnel mode case.
    XXX need more consideration about many case.
  3. updated about anonymous client.

    sakane
    sakane committed Apr 6, 2001
  4. avoid hardcoded constant

    itojun
    itojun committed Apr 6, 2001