Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Feb 22, 2001
  1. removed about static_sa.

    sakane authored
  2. * racoon:

    sakane authored
    fixed to check the outbound policy when the responder received the
    1st packet in phase 2.  the tunnel mode and the transport specified
    the pair of IP addresses of the end of the SA had failed.
  3. described about the log file.

    sakane authored
Commits on Feb 21, 2001
  1. * sys/netinet6/{dest6,nd6}.c: make variable length header parsing

    itojun authored
      pickier.
    * openbsd/include/netdb.h: change ai_addrlen from int to socklen_t,
      to conform to 2553bis-03.
  2. change ai_addrlen to socklen_t. now it conforms to

    itojun authored
    draft-ietf-ipngwg-rfc2553bis-03.txt.  backward compatibility concern:
    - should be safe to change signed to unsigned, as we never return
      negative value.
    - sizeof(int) is 4 for all archs, so there's no size change with socklen_t
      (= u_int32_t)
    
    commented by deraadt.
  3. style

    itojun authored
  4. no need to compute nd6 option length twice

    itojun authored
  5. be more picky about option length validation.

    itojun authored
  6. make sure we always check dstoptlen < IP6OPT_MINLEN.

    itojun authored
    "options MIP6" was vulnerable.
  7. add missing soclose() on accept failure.

    itojun authored
  8. make sure to soclose() on failure. from jinmei

    itojun authored
  9. 2.5.1p1

    itojun authored
  10. bsd mbuf management rule in netiso processing - child function frees …

    itojun authored
    …mbuf
    
    on error.
  11. * racoon:

    sakane authored
    changed the proposal order of the protocol in the phase 2.
    If we want to make a packet "IP2 AH ESP IP1 ULP", the SPD in KAME
    expresses AH transport + ESP tunnel.  racoon sent the proposal
    contained such the order.  But lots of implementation interprets
    AH tunnel + ESP tunnel in this case.  racoon changes the order,
    and usually uses this format.  If the option, 'complex_bundle'
    is enable, racoon uses old format.
  12. wording.

    sakane authored
  13. minor cleanups (missing break)

    itojun authored
  14. If we want to make a packet "IP2 AH ESP IP1 ULP", the SPD in KAME exp…

    sakane authored
    …resses
    
    AH transport + ESP tunnel.  So racoon sent the proposal contained such the
    order.  But lots of implementation interprets AH tunnel + ESP tunnel
    in this case.  racoon changes the format, usually uses this format.
    If the option, 'complex_bundle' is enable, racoon uses old format.
  15. * openbsd/usr.sbin/pim6{sd,dd}: compile these on openbsd.

    itojun authored
      not really tested.
    * sys/netinet6/ah_{core,output}.c: one more correction to IPv4 option
      chasing in AH processing.
  16. supply pim6* for openbsd.

    itojun authored
  17. call encap_init on all protosw entry that uses encap[46]_input.

    itojun authored
    this will reduce chances for future mistakes.
  18. call encap_init on every protosw entry that uses encap[46]_input.

    itojun authored
    now encap_init is safe against multiple invocations.
  19. tighten LSRR option header parsing more. the option length must be at…

    itojun authored
    … least
    
    6, as we will try to look at ip address in it.
  20. tighten IPv4 option handling in AH computation more. ip option should be

    itojun authored
    longer than 2 bytes if they are not EOL nor NOP.
  21. no need for global *ehdr.

    itojun authored
  22. need ATOMIC|ADDR on EON

    itojun authored
  23. typo in EON support.

    itojun authored
Commits on Feb 20, 2001
  1. wording.

    jinmei authored
  2. note EON support (ISO over IPv4/6) on netbsd

    itojun authored
  3. typo

    itojun authored
  4. add missing AF_ISO case.

    itojun authored
  5. add IFT_GIF case.

    itojun authored
Something went wrong with that request. Please try again.