Permalink
Commits on Jul 25, 2007
  1. update comment on the use of strncpy()

    itojun
    itojun committed Jul 25, 2007
  2. "null" and "NUL" are different.

    itojun
    itojun committed Jul 25, 2007
  3. - canceled misuse of strlcpy()

    jinmei
    jinmei committed Jul 25, 2007
    - added a margin for an internal buffer storing ifname so that the use of
      strlcpy() (where it could be used) is safe.
  4. corrected .Xr notation

    jinmei
    jinmei committed Jul 25, 2007
  5. more meat

    itojun
    itojun committed Jul 25, 2007
    add BUGS
  6. MAN/MAN8

    itojun
    itojun committed Jul 25, 2007
Commits on Jul 24, 2007
  1. manpage. it is a start.

    itojun
    itojun committed Jul 24, 2007
  2. do not use sprintf(), nor strcpy(). they are unboundded operation.

    itojun
    itojun committed Jul 24, 2007
    for ifr_name people use memcpy() or bcopy() in many cases, but in this case,
    variable "iface" is a char *, so i used strlcpy().
Commits on Jul 11, 2007
  1. It must compare with the hard lifetime.

    sakane
    sakane committed Jul 11, 2007
    NetBSD sys/netkey/key.c does not relate to this fix.
    FreeBSD/NetBSD sys/netipsec/key.c must be modified.
Commits on Jun 14, 2007
  1. make it compile on 4.1-current XXX quickhack

    itojun
    itojun committed Jun 14, 2007
  2. fix problems with the previous commit.

    itojun
    itojun committed Jun 14, 2007
    verified compilation on openbsd 4.1-current.
  3. ANSIfy, to reduce diffs with *BSDs.

    itojun
    itojun committed Jun 14, 2007
    based on diff from dunceor at gmail.com.
    XXX not tested yet, sorry, we need to ressurect buildlab configs.
    
    random thoughts:
    - IGMPv3 support needs a serious cleanup.  argument passing is horrible, style
      does not meet style(9) at all.  i'm afraid there could be a lot of bugs.
    - DCCP/SCTP/NAT-PT need someone to maintain them, otherwise we should drop
      them at once.
    - we should pick a platform (one of *BSD) and try to get KAME tree in sync
      with more recent version of *BSD.  otherwise, KAME tree gets more and more
      out-of-date.
Commits on May 22, 2007
  1. RFC3946 (by pekka savola) has all the details on 6to4 packet filtering.

    itojun
    itojun committed May 22, 2007
    refer draft-{itojun,cmetz}-*-harmful*.txt and
    draft-ietf-v6ops-security-overview-06.txt (again, by pekka savola).
Commits on May 17, 2007
  1. 2007-05-17 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei
    jinmei committed May 17, 2007
    	* kame/sys/netinet6/icmp6.c: Disabled responding to NI queries
    	from a global address by default as specified in RFC4620.
    	It can be re-enabled by setting the 0x8 flag of
    	net.inet6.icmp6.nodeinfo.
  2. - Disabled responding to NI queries from a global address by default as

    jinmei
    jinmei committed May 17, 2007
      specified in RFC4620.  A new flag for icmp6_nodeinfo was added to enable the
      feature.
    - Also cleaned up the code so that the semantics of the icmp6_nodeinfo
      flags is clearer (i.e., defined specific macro names instead of using
      hard-coded values).
  3. disable aes-ctr for now, block size for aes-ctr is 1 (stream cipher)

    itojun
    itojun committed May 17, 2007
    but we do not deal with stream cipher today.
Commits on May 13, 2007
  1. we finally have T-shirt page

    itojun
    itojun committed May 13, 2007
  2. s/yea/yeah/

    itojun
    itojun committed May 13, 2007
  3. update crypto export/import issues URL

    itojun
    itojun committed May 13, 2007
Commits on May 11, 2007
  1. update crypto law URL

    itojun
    itojun committed May 11, 2007
Commits on May 8, 2007
  1. too big default - reduce it

    itojun
    itojun committed May 8, 2007
  2. clarifying some points in the previous code comment as well as some m…

    jinmei
    jinmei committed May 8, 2007
    …inor
    
    style changes
Commits on May 6, 2007
  1. comment on "drop packets with more than 1 routing header" code.

    itojun
    itojun committed May 6, 2007
    suggested by jinmei.
Commits on May 5, 2007
  1. typo: s/baned/banned/

    itojun
    itojun committed May 5, 2007
Commits on May 4, 2007
  1. - added some comments

    suz
    suz committed May 4, 2007
    - removed an unnecesary code
Commits on May 3, 2007
  1. drop packets with more than 1 routing headers.

    itojun
    itojun committed May 3, 2007
    from claudio@openbsd
Commits on Apr 21, 2007
  1. oops

    itojun
    itojun committed Apr 21, 2007
Commits on Apr 20, 2007
  1. disable type 0 routing header (for now - we'll make sure to enable it,

    itojun
    itojun committed Apr 20, 2007
    hopefully soon - but do not hold your breath).
    
    http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
Commits on Apr 8, 2007
  1. ignore "unrecognized" router alert options so that the router can

    jinmei
    jinmei committed Apr 8, 2007
    forward packets containing such a router alert option.  Actually, this code
    only treats IP6OPT_RTALERT_MLD as "recognized".
    
    pointed out by Andrew McDonald
Commits on Mar 30, 2007
  1. removed duplicated macro definition.

    keiichi
    keiichi committed Mar 30, 2007
  2. added PHYNEXTHOP ioctl macros.

    keiichi
    keiichi committed Mar 30, 2007
Commits on Mar 27, 2007
  1. s/register //

    itojun
    itojun committed Mar 27, 2007
    use sizeof() instead of hardcoded number