(plain netbsd-current/1.5 are not affected)
…fore calculating IPv4 ah checksum because FreeBSD4 doesn't modify the one at ip_input(). Only FreeBSD, openbsd and bsdi3 does. The problem doesn't appear on the FreeBSD original tree.
* kame/kame/pim6[ds]d/mld6_proto.c: clarifications and cleanups; - removed an incorrect check in accept_listener_query(), which was rather harmful. - ignore queries if the receiving node is the querier. - removed a redundant check in accept_listener_query(). - removed the al_old member the listaddr structure, and all references to the member. This should be safe, because there is effectively no use of the member. This change should also make the code more conformant to RFC 2710. All the changes were based on comments from Mickael Hoerdt <firstname.lastname@example.org>.
the variable. based on comments from Mickael Hoerdt <email@example.com>
harmful. from Mickael Hoerdt <firstname.lastname@example.org> - ignore queries if the receiving node is the querier.
copy TTL (or hop limit) value from inner to outer IP header. From: Ronald.vanderPol@surfnet.nl
XXX we should sync up with whatever ume did on freebsd-current.
Supported to get a certificate from DNS CERT RR. Also getcertsbyname() is implemented In order to get CERT RRs. This function can use lwres.a if HAVE_LWRES is defined when racoon is compiled. XXX need more local test and interoperability test. XXX should be arranged too many certificate stuff in racoon.conf.
…ting CERT RR if HAVE_LWRES is defined. XXX the response in my test environment cannot be valid, XXX so it is need more improvement.
XXX need more testing. XXX should be arranged too many certificate stuff in racoon.conf.
* kame/sys/netinet6/ip6_output.c (ip6_pcbopt): * kame/sys/netinet6/ip6_output.c (ip6_setpktoptions): prevented invalid (anycast or unready) addresses from being specified as the packet's source address using the IPV6_PKTINFO socket option or ancillary data.
packets' source address using IPV6_PKTINFO socket option or ancillary data.