Commits on Apr 11, 2001
  1. improved getcertsbyname(). it will use lwres_getrrsetbyname() for get…

    …ting
    
    CERT RR if HAVE_LWRES is defined.
    XXX the response in my test environment cannot be valid,
    XXX so it is need more improvement.
    sakane committed Apr 11, 2001
  2. Supported to get a certificate from CERT RR of DNS.

    XXX need more testing.
    XXX should be arranged too many certificate stuff in racoon.conf.
    sakane committed Apr 11, 2001
  3. fixed comments.

    sakane committed Apr 11, 2001
  4. 2001-04-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* kame/sys/netinet6/ip6_output.c (ip6_pcbopt):
    	* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions):
    	prevented invalid (anycast or unready) addresses from being
    	specified as the packet's source address using the IPV6_PKTINFO
    	socket option or ancillary data.
    jinmei committed Apr 11, 2001
  5. prevented invalid (anycast or unready) addresses from being specified

    packets' source address using IPV6_PKTINFO socket option or ancillary data.
    jinmei committed Apr 11, 2001
  6. fixed comment.

    sakane committed Apr 11, 2001
Commits on Apr 10, 2001
  1. a bit improved payload check in rsasig case.

    sakane committed Apr 10, 2001
  2. Note latest round of racoon bug fixes from

    George Yang <gyang@zembu.com>.
    thorpej committed Apr 10, 2001
  3. quick_r2send(): Make sure to vfree(data) if we fail to allocate

    a new body.  Fixes memory leak.  From George Yang <gyang@zembu.com>.
    thorpej committed Apr 10, 2001
  4. get_ph2approvalx(): When we find a matching saprop, make sure to

    flushsaprop(pr0), as the returned saprop is a copy.  Fixes a memory
    leak.  From George Yang <gyang@zembu.com>.
    thorpej committed Apr 10, 2001
  5. ph1_main(): Add the message to the received-list before

    processing to ensure the packet isn't processed twice
    in case of an error.
    
    quick_main(): Add the message to the received-list before
    processing to ensure the packet isn't processed twice
    in case of an error.
    
    isakmp_post_acquire(): Don't unbind the phase1/phase2
    handlers; let the caller do it.
    
    isakmp_newcookie(): Plug memory leaks.
    
    From George Yang <gyang@zembu.com>.
    thorpej committed Apr 10, 2001
  6. pk_recvacquire(): Make sure the phase1 and phase2 handlers

    are unbound before the phase2 handler is deleted.
    thorpej committed Apr 10, 2001
  7. you can advertise route information option by rtadvd.

    (assigned temporary route-information option type = 9)
    suz committed Apr 10, 2001
  8. noted on router-preference

    suz committed Apr 10, 2001
Commits on Apr 9, 2001
  1. comment out a debug printf.

    is the case important?  if it is very important, make it panic in DIANGOSTIC.
    this one gets visited if we run NFS server on NetBSD 1.5.1_BETA, i'm still
    trying to hunt the source down.
    itojun committed Apr 9, 2001
  2. printed error code after failure of in6_addmulti in in6_update_ifa().

    (just for diagnosis)
    jinmei committed Apr 9, 2001
Commits on Apr 8, 2001
Commits on Apr 7, 2001
  1. 2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* bsdi4/sys/netinet/in_proto.c (inetsw[]): set ipsec_sysctl
    	correctly.  Without this, "netstat -p ipsec -s" does not work.
    jinmei committed Apr 7, 2001
  2. 2001-04-07 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    	* bsdi4/sys/netinet/tcp_input.c (tcp_peer_mss): avoided
    	IPv6 fragmentation when IPV6_USE_MIN_MTU is required.
    jinmei committed Apr 7, 2001
Commits on Apr 6, 2001
  1. * racoon:

    implemented to generate the policy in the responder side automatically.
    If the responder does not have any policy in SPD during phase 2
    negotiation, and the directive is set on, then racoon will choice
    the first proposal in the SA payload from the initiator, and generate
    policy entries from the proposal.  This function is for the responder,
    and ignored in the initiator case.
    XXX should be checked tunnel mode case.
    sakane committed Apr 6, 2001
  2. If the responder does not have any policy in SPD during phase 2 negot…

    …iation,
    
    and the directive is set on, then racoon will choice the first proposal
    in the SA payload from the initiator, and generate policy entries from
    the proposal.  This function is for the responder, and ignored in the
    initiator case.
    
    XXX only transport mode case is checked.  should be checked tunnel mode case.
    XXX need more consideration about many case.
    sakane committed Apr 6, 2001
  3. updated about anonymous client.

    sakane committed Apr 6, 2001
  4. avoid hardcoded constant

    itojun committed Apr 6, 2001
  5. description for "discard" was missing.

    itojun committed Apr 6, 2001
  6. visit sbin/route

    itojun committed Apr 6, 2001
  7. sync with 1.5.1_ALPHA

    itojun committed Apr 6, 2001
  8. print RTF_CLONED routes with "c".

    itojun committed Apr 6, 2001
  9. cope with interface address addition to p2p interfaces better.

    from IIJ SEIL team.  hope i made no mistakes on merge...
    
    XXX kernel problem (NetBSD-current at least) - if we do not specify
    destination address on SIOCAIFADDR_IN6 to p2p interface, routing socket messges
    will not come up to the userland.
    itojun committed Apr 6, 2001
  10. In oakley_delivm(), use vfree() to free vchar_t buffers,

    not normal free(), thus plugging a memory leak.  Found by
    George Yang <gyang@zembu.com> with the help of Boehm-GC.
    thorpej committed Apr 6, 2001
Commits on Apr 5, 2001
  1. setsockopt is in chapter 2, not 3.

    itojun committed Apr 5, 2001
  2. recover $KAME$

    itojun committed Apr 5, 2001
  3. a/the fixes from netbsd-current

    itojun committed Apr 5, 2001
Commits on Apr 4, 2001
  1. Add support for the Dmalloc debugging malloc library. This

    library gives very nice memory usage statistics and leak
    information.
    thorpej committed Apr 4, 2001