Permalink
Commits on Dec 10, 2000
  1. drop packet if it looks to be truncated/length field is bogus.

    be sure to dummy read the packet if memory allocation is failed.
    
    XXX more sanity check
    itojun committed Dec 10, 2000
Commits on Dec 9, 2000
  1. add missing "\n" for printf in TV_DELTA.

    report by Chris Cappuccio <chris@dqc.org>
    kjc committed Dec 9, 2000
  2. * sys/netinet6/icmp6.c (netbsd/openbsd):

      implement high/low watermark on pmtud host route entries.
      create up to hiwat host route entries, if icmp6 too big messages is
      validated.  create up to lowat host route entries, if too big message
      is not validated (= traffic is from non-connected pcb).
      XXX hiwat/lowat default values
    itojun committed Dec 9, 2000
  3. openbsd/netbsd: implement hiwat/lowat on pmtud host route entries.

    allow non-validated too big message, if we are < lowat.
    allow validated too big message, if we are < hiwat.
    XXX pick a victim and allow validated too big message, if we are in
    lowat < x < hiwat.
    itojun committed Dec 9, 2000
Commits on Dec 8, 2000
  1. from pcbnotify logic, always call icmp6_mtudisc_update, with validation

    results.  it is up to icmp6_mtudisc_update, whether to install the pmtu result
    into the routing table, or to ignore it.
    this is to allow non-validated icmp6 too big messages to be installed
    if # of pmtud-generated routing entry is small enough.
    itojun committed Dec 8, 2000
  2. maintain # of rt_timer entries.

    XXX check if there any possibility for inconsistency.
    itojun committed Dec 8, 2000
  3. avoid pmtud on nfs (netbsd)

    itojun committed Dec 8, 2000
  4. to avoid PMTUD, set IPV6_USE_MIN_MTU for now.

    itojun committed Dec 8, 2000
Commits on Dec 7, 2000
  1. re-enabled mld6.c, which seemd to be unintentionally disabled while d…

    …isabling
    
    miP6 stuff...
    jinmei committed Dec 7, 2000
  2. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* kame/sys/netinet6/ipsec.c (ipsec6_output_trans): when an ipsec
    	SA cannot be found while ipsec is required, send an icmp6
    	dst_unreach_admin error (instead of silent discard).
    	NOTE: Please be sure to update icmp6.c as well.
    jinmei committed Dec 7, 2000
  3. when an ipsec SA cannot be found while ipsec is required,

    send an icmp6 dst_unreach_admin error (instead of silent discard).
    XXX should be blocked by an ifdef?
    jinmei committed Dec 7, 2000
  4. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* kame/sys/netinet6/icmp6.c (icmp6_reflect):
    	- processed scoped addresses in a generic manner.
    	- used in6_selectsrc to determine the source address of the
    	  reflected packet.
    jinmei committed Dec 7, 2000
  5. in icmp6_reflect(),

      use in6_xxxscope to handle scoped addresses, not directly embed IDs.
      revisited the source address selection.
    jinmei committed Dec 7, 2000
  6. 2000-12-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* kame/sys/netkey/key.c (key_cmpspidx_withmask): compared
    	sin6_scope_id values only when both two values were
    	non-zero. Without this fix, ::/0 would not match fe80::1%ne0,
    	which could be a security hole.
    	TODO: there seem to be additional misuse about scope in this
    	file. We'll have to fix them eventually.
    jinmei committed Dec 7, 2000
Commits on Dec 6, 2000
  1. If there is a phase 2 handler against the policy identifier in

    the acquire message, and if
       1. its state is less than PHASE2ST_ESTABLISHED, then racoon
          should ignore such a acquire message becuase the phase 2
          is just negotiating.
       2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
          has to prcesss such a acquire message becuase racoon may
          lost the expire message.
    sakane committed Dec 6, 2000
  2. remove NATPT and MIP6, they may mislead people

    itojun committed Dec 6, 2000
  3. natpt does not work at all

    itojun committed Dec 6, 2000
  4. get rid of openbsd-only raw ip6 handler.

    itojun committed Dec 6, 2000
  5. indent

    itojun committed Dec 6, 2000
Commits on Dec 5, 2000
  1. in key_cmpspidx_withmask(), compare scope ID only when both two IDs are

    non zero.
    I'm not sure this is the best fix, but without this,
    ::/0 would never matches a scoped address...
    jinmei committed Dec 5, 2000
  2. in6_ifdetach is not necessary for bsdi

    (I'm not sure if the condition "_BSDI_VERSION >= 199802" is really necessary.
     can we really ignore bsdi3?)
    jinmei committed Dec 5, 2000
  3. * openbsd: use shared raw ip6 logic.

    itojun committed Dec 5, 2000
  4. switch openbsd raw ip6 input to shared code.

    TODO: bsdi4, compatibility check, more cleanups.
    XXX #define overrides are ugly.  we should synchronize inpcb member names.
    itojun committed Dec 5, 2000
  5. typo

    itojun committed Dec 5, 2000
  6. s/inp_csumoffset/in6p_cksum/, for easier code sharing.

    for userland, old name is available via #define
    itojun committed Dec 5, 2000
  7. revive the warning about using -m option on delete/get operation.

    It will remain until snap users will confirm to remove them.
    sakane committed Dec 5, 2000
  8. The modification of 1.172 was incorrect. key_delete/get can select th…

    …e SA
    
    without the mode.  Because SA can be distinguished by only the destination
    address and protocol, SPI at local system.  Note that a mode is just optional
    information of SA.
    The original problem was that there was a bug in key_add().
    sakane committed Dec 5, 2000
  9. tcp/faith

    itojun committed Dec 5, 2000
  10. '-m' option is obsoleted. Because SA can be distinguished by only

    the destination address and protocol, SPI at local system.
    sakane committed Dec 5, 2000
  11. $KAME$

    itojun committed Dec 5, 2000
  12. previous commit was incorrect. don't send a mode in SADB_SA2 message

    on delete/get operation.  Because SA must be distinguished by only both
    the destination address and protocol and SPI at local system.
    sakane committed Dec 5, 2000