Permalink
Commits on Jul 25, 2007
  1. update comment on the use of strncpy()

    itojun committed Jul 25, 2007
  2. "null" and "NUL" are different.

    itojun committed Jul 25, 2007
  3. - canceled misuse of strlcpy()

    jinmei committed Jul 25, 2007
    - added a margin for an internal buffer storing ifname so that the use of
      strlcpy() (where it could be used) is safe.
  4. corrected .Xr notation

    jinmei committed Jul 25, 2007
  5. more meat

    itojun committed Jul 25, 2007
    add BUGS
  6. MAN/MAN8

    itojun committed Jul 25, 2007
Commits on Jul 24, 2007
  1. manpage. it is a start.

    itojun committed Jul 24, 2007
  2. do not use sprintf(), nor strcpy(). they are unboundded operation.

    itojun committed Jul 24, 2007
    for ifr_name people use memcpy() or bcopy() in many cases, but in this case,
    variable "iface" is a char *, so i used strlcpy().
Commits on Jul 11, 2007
  1. It must compare with the hard lifetime.

    sakane committed Jul 11, 2007
    NetBSD sys/netkey/key.c does not relate to this fix.
    FreeBSD/NetBSD sys/netipsec/key.c must be modified.
Commits on Jun 14, 2007
  1. make it compile on 4.1-current XXX quickhack

    itojun committed Jun 14, 2007
  2. fix problems with the previous commit.

    itojun committed Jun 14, 2007
    verified compilation on openbsd 4.1-current.
  3. ANSIfy, to reduce diffs with *BSDs.

    itojun committed Jun 14, 2007
    based on diff from dunceor at gmail.com.
    XXX not tested yet, sorry, we need to ressurect buildlab configs.
    
    random thoughts:
    - IGMPv3 support needs a serious cleanup.  argument passing is horrible, style
      does not meet style(9) at all.  i'm afraid there could be a lot of bugs.
    - DCCP/SCTP/NAT-PT need someone to maintain them, otherwise we should drop
      them at once.
    - we should pick a platform (one of *BSD) and try to get KAME tree in sync
      with more recent version of *BSD.  otherwise, KAME tree gets more and more
      out-of-date.
Commits on May 22, 2007
  1. RFC3946 (by pekka savola) has all the details on 6to4 packet filtering.

    itojun committed May 22, 2007
    refer draft-{itojun,cmetz}-*-harmful*.txt and
    draft-ietf-v6ops-security-overview-06.txt (again, by pekka savola).
Commits on May 17, 2007
  1. 2007-05-17 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei committed May 17, 2007
    	* kame/sys/netinet6/icmp6.c: Disabled responding to NI queries
    	from a global address by default as specified in RFC4620.
    	It can be re-enabled by setting the 0x8 flag of
    	net.inet6.icmp6.nodeinfo.
  2. - Disabled responding to NI queries from a global address by default as

    jinmei committed May 17, 2007
      specified in RFC4620.  A new flag for icmp6_nodeinfo was added to enable the
      feature.
    - Also cleaned up the code so that the semantics of the icmp6_nodeinfo
      flags is clearer (i.e., defined specific macro names instead of using
      hard-coded values).
  3. disable aes-ctr for now, block size for aes-ctr is 1 (stream cipher)

    itojun committed May 17, 2007
    but we do not deal with stream cipher today.
Commits on May 13, 2007
  1. we finally have T-shirt page

    itojun committed May 13, 2007
  2. s/yea/yeah/

    itojun committed May 13, 2007
  3. update crypto export/import issues URL

    itojun committed May 13, 2007
Commits on May 11, 2007
  1. update crypto law URL

    itojun committed May 11, 2007
Commits on May 8, 2007
  1. too big default - reduce it

    itojun committed May 8, 2007
  2. clarifying some points in the previous code comment as well as some m…

    jinmei committed May 8, 2007
    …inor
    
    style changes
Commits on May 6, 2007
  1. comment on "drop packets with more than 1 routing header" code.

    itojun committed May 6, 2007
    suggested by jinmei.
Commits on May 5, 2007
  1. typo: s/baned/banned/

    itojun committed May 5, 2007
Commits on May 4, 2007
  1. - added some comments

    suz committed May 4, 2007
    - removed an unnecesary code
Commits on May 3, 2007
  1. drop packets with more than 1 routing headers.

    itojun committed May 3, 2007
    from claudio@openbsd
Commits on Apr 21, 2007
  1. oops

    itojun committed Apr 21, 2007
Commits on Apr 20, 2007
  1. disable type 0 routing header (for now - we'll make sure to enable it,

    itojun committed Apr 20, 2007
    hopefully soon - but do not hold your breath).
    
    http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
Commits on Apr 8, 2007
  1. ignore "unrecognized" router alert options so that the router can

    jinmei committed Apr 8, 2007
    forward packets containing such a router alert option.  Actually, this code
    only treats IP6OPT_RTALERT_MLD as "recognized".
    
    pointed out by Andrew McDonald
Commits on Mar 30, 2007
  1. removed duplicated macro definition.

    keiichi committed Mar 30, 2007
  2. added PHYNEXTHOP ioctl macros.

    keiichi committed Mar 30, 2007
Commits on Mar 27, 2007
  1. s/register //

    itojun committed Mar 27, 2007
    use sizeof() instead of hardcoded number