Permalink
Commits on Aug 19, 2001
  1. improvements on src addr selection:

    - add a comment about public/temporary address selection
    - explicitly prefer longer matching address, even for the case of keeping it.
      (since we may introduce other rules after that.)
    jinmei committed Aug 19, 2001
  2. snprintf can return negative. from deraadt

    itojun committed Aug 19, 2001
  3. cope with sa_len < sizeof(struct sockaddr).

    From: Patrik Lindergren <patrik@datacom.nu>
    itojun committed Aug 19, 2001
  4. use snprintf, not sprintf

    itojun committed Aug 19, 2001
Commits on Aug 18, 2001
  1. described a new rule of src addr selection; prefer addresses on alive

    interfaces.
    jinmei committed Aug 18, 2001
  2. prefix(8) has been obsoleted

    jinmei committed Aug 18, 2001
  3. corrected versions of the latest drafts.

    jinmei committed Aug 18, 2001
  4. IPV6_NEXTHOP has been (almost) implemented.

    jinmei committed Aug 18, 2001
  5. typo

    jinmei committed Aug 18, 2001
  6. comment wording.

    jinmei committed Aug 18, 2001
  7. 2001-08-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* kame/sys/netinet6/in6_src.c (in6_selectsrc): changed the number
    	of longest matching rule in source address selection from 8 to 14,
    	so that it is easy to assign smaller numbers to more preferred
    	rules.  Additionally, a new rule to prefer addresses on alive
    	(i.e. IFF_UP) interfaces, based on a suggestion from
    	kato@wide.ad.jp.
    	*bsd/netstat were also changed accordingly.
    jinmei committed Aug 18, 2001
  8. sync with the latest list of source address selection

    - change "longest match" to rule 14
    - added "alive interface" as rule 8
    jinmei committed Aug 18, 2001
  9. added a new rule to source address selection; prefer addresses on alive

    (i.e. IFF_UP) interfaces.
    jinmei committed Aug 18, 2001
  10. changed the number of longest matching rule in source address selection

    from 8 to 14, so that it is easy to assign smaller numbers to higher preferred
    rules.  (15 is reserved for future use)
    jinmei committed Aug 18, 2001
  11. correction and improvement on source address selection:

    - add validation before incrementing statistics array to prevent possible
      buffer overrun
    - corrected logic in preferring appropriate scope
    jinmei committed Aug 18, 2001
Commits on Aug 17, 2001
  1. remove single space.

    sakane committed Aug 17, 2001
  2. ssh

    sakane committed Aug 17, 2001
  3. ssh, and added a comment about subjectaltname and the value in the id…

    … payload.
    sakane committed Aug 17, 2001
  4. required exactly matching of key length. but if responder side

    and peer's key length in proposal is bigger than mine, it might be accepted.
    sakane committed Aug 17, 2001
  5. typo

    itojun committed Aug 17, 2001
  6. >Is there an API or other mechanism for a user level program (e.g.

    >telnet) to inquire of the kernel whether AH/ESP is in use (i.e.
    >whether a security association exists between the local host and a
    >remote host)?
    itojun committed Aug 17, 2001
  7. kicked pfkey message out to higher debug level.

    sakane committed Aug 17, 2001
  8. private key should not be shown.

    sakane committed Aug 17, 2001
  9. some comments.

    sakane committed Aug 17, 2001
  10. fix comment. "notify" is not needed here.

    itojun committed Aug 17, 2001
  11. f-secure,ashley,openbsd with rsa signature

    sakane committed Aug 17, 2001
  12. have an example with FQDN.

    itojun committed Aug 17, 2001