CHANGELOG

			CHANGELOG for KAME kit

$Id: CHANGELOG,v 1.1131 2000/07/15 16:09:45 itojun Exp $

<200006>
Sun Jul 16 00:57:23 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.h; do not pull sys/queue.h in (it is not
	  necessary anyways)
	* sys/net/pfkeyv2.h: correct conformance to RFC2367 (SADB_[EA]ALG_xx
	  symbol name).  beware: the change breaks backward compatibility.
	  setkey and racoon MUST be recompiled after updating include files.

Sat Jul 15 13:51:59 JST 2000  itojun@iijlab.net
	* kame/route6d: if a routing entry exists for aggregate prefix (-A),
	  do not overwrite it (exit with error).  it should be a safer behavir.

Thu Jul 13 22:27:18 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet6/raw_ipv6.c: enable IPv6 multicast routing
	  related setsockopt.
	* kame/sys/netinet6/ip6_mroute.c: to enable openbsd users to perform
	  netstat -g, make mif6table a non-static variable.  on openbsd
	  file static variables will not appear in kernel symbol table.

Thu Jul 13 16:09:57 JST 2000  itojun@iiljab.net
	* netbsd/pkgsrc/net/bind9: upgrade to 9.0.0rc1.

Thu Jul 13 01:39:26 JST 2000  itojun@iijlab.net
	* sys/kern/uipc_mbuf2.c: cleanup m_pulldown statistics.
	  (1) PULLDOWN_STAT is now a global compilation option (should be
	  put into kernel configuration file).  (2) m_pulldown statistics
	  now belong to mbstat, and available via netstat -m (instead of
	  netstat -sn -f inet6).  suggested by jinmei.

2000-07-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/sys/net/route.h: redefined the route structure so that it
	can support protcols that have large socket address (e.g. IPv6).
	Currently, this is enabled only with the NEW_STRUCT_ROUTE kernel
	compilation option, but will be default once stabilized.
	* many files mainly under the netinet and netinet6 directories
	were also modified with this change.

2000-07-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifloop_request): 
	do not force rtrequest() to return an rtentry when executing the
	DELETE operation, in order to avoid overdecreasing the refcnt.
	Older versions might cause leak of rtentry when you delete an IPv6
	address (via ifconfig, ndp -P, or something).
	Fortunately, address deletion is not issued so often, the bug is
	effectively not very serious. However, if you have chance to
	update your kernel, it is of course recommended to apply this fix.
	In particular, KAME's dtcp or ppp (for IPv6) users are highly
	recommended to upgrade the kernel.
	
2000-07-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.h: commented out the definition of
	ND6_LLINFO_WAITDELETE, which is not used any more.
	* kame/sys/netinet6/nd6.c:
	* kame/sys/netinet6/mip6_md.c:
	* kame/kame/ndp/ndp.c:
	removed ND6_LLINFO_WAITDELETE cases according to the above change.

2000-07-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.h: corrected the type of a member
	of if_set{} from fd_mask to if_mask.
	In response to PR sys/266 from pavlin@catarina.usc.edu.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (rt6_deleteroute): do not
	(automatically) delete the static route in rt6_deleteroute(), even
	if it uses a dead router.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c: some clarifications about neighbor
	cache manipulation (this change does not affect behavior from the
	user side, though):
	- removed the ND6_LLINFO_WAITDELETE status. Actually, we can just
	  call rtrequest(RTM_DELETE) for an unreachable
	  neighbor. Reference to the neighbor cache entry from a cahced
	  route will be freed at the next time the route is used.
	- also, we do not have to call pfctlinput(PRC_HOSTDEAD) in
	  nd6_free() for the same reason.
	- do not set/refer the RTF_REJECT flag in neighbor cache
	  manipulation. It was just for (IPv4) arp-flooding prevention,
	  which is not necessary ND for IPv6.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/route6d/route6d.c: removed "ifndef ADVAPI"
	parts. Since the advanced API has already been standardized,
	implemented, and deployed, we don't need to take care the older
	kernel behavior (which is even confusing).
	* *BSD/usr.sbin/route6d/Makefile: removed the -DADVAPI flag
	according the change.

Mon Jul 10 14:43:40 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 7/3 snapshot.
	* freebsd3/ports/w3m: upgrade to 0.1.11.p.

Sun Jul  9 21:50:54 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet/tcp_input.c, kame/sys/netinet6/tcp6_input.c:
	  be more cautious about tcp option length field.  drop bogus ones
	  earlier.
	  not sure if there is a real threat or not, but it seems that there's
	  possibility for overrun/underrun (like non-NOP option with
	  optlen > cnt).  the bug is from 4.4BSD.

Sun Jul  9 13:39:22 JST 2000  itojun@iijlab.net
	* libinet6/getaddrinfo.c: do not mistakenly accept empty scopeid.

Sun Jul  9 12:29:24 JST 2000  itojun@iijlab.net
	* freebsd4/sys/net/if_ethersubr.c: repair IPV6_JOIN_GROUP(::).

Sat Jul  8 12:11:34 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0b5
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 7/3 snapshot.

Sat Jul  8 10:57:36 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/usr.sbin/inetd: allow square-bracket for the first
	  element on inetd.conf, to disambiguate IPv6 address and colon
	  separator.
	* openbsd/usr.sbin/inetd: handle IPv6 address in first element on
	  inetd.conf line.

Sat Jul  8 09:43:26 JST 2000  itojun@iijlab.net
	* {bsdi3,openbsd,netbsd}/libexec/ftpd: plug setproctitle issue in
	  CERT Advisory CA-2000-13.  NOTE: bsdi3 uses wu-ftpd.  it may have
	  other vulnerabilities left in the code.
	* netbsd/usr.sbin/inetd: improve error handling on getaddrinfo
	  (determine listening socket address).  hints from enami.

Fri Jul  7 21:39:33 JST 2000  itojun@iijlab.net
	* various places: audit use of printf-like functions, including
	  errx?, warnx?, setproctitle, and syslog.  if we pass user-supplied
	  variable alone to these functions, they can be hosed by malicious
	  %-format string.  from openbsd.

Thu Jul  6 20:43:57 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/tcp_*.c: remove IPv4 mapped support completely
	  from inbound packet processing.  there were some corner cases not
	  covered by the code, and it caused SEGV due to inconsistency in
	  address family.  sync with openbsd-current.

2000-07-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/if.c (if_getflags): made sure to close a
	temporary socket to avoid making garbage sockets.

Wed Jul  5 12:08:16 JST 2000  suz@kame.net
	* bsdi3/sys/conf/files.i386, bsdi3/sys/conf/GENERIC.KAME,
	  bsdi3/sys/i386/isa/{if_wi.c,if_wireg.h,wiioctl.h}
	  bsdi3/usr.sbin/wiconfig, bsdi3/usr.sbin/Makefile
	  ported WaveLAN driver and its configuration program from bsdi4
	  (geertj permitted it. Thanks!) 

Wed Jul  5 11:30:39 JST 2000  itojun@iiljab.net
	* {netbsd,openbsd,freebsd4}/lib/libinet6/getaddrinfo.c,
	  kame/libinet6/getaddrinfo.c:
	  return EAI_NODATA, instead of EAI_NONAME, on name resolution errors.
	  EAI_NONAME does not make sense in these situations
	  From: enami

Wed Jul  5 11:02:03 JST 2000  itojun@iijlab.net
	* freebsd4: add netstat -sn -f pfkey.

Wed Jul  5 10:40:53 JST 2000  itojun@iijlab.net
	* freebsd[234]: split IPv6 path MTU discovery-related sysctl from
	  net.inet.ip tree.  FreeBSD SYSCTL_xxx does not have a way to report
	  duplicated definition into the same variable, it bites us many
	  times...

Wed Jul  5 02:25:11 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Implemented INITIAL-CONTACT.
	This message is sent by single notify message after phase 1 established
	immediately.  It means the message is not included last exchange on
	phase 1.  So it can be sent by responder on aggressive/base mode.
	If there is no remote address in contacted list, racoon sends the
	message to peer.  If the message is received, racoon deletes all
	IPsec-SAs relatived to peer's address.  It takes place both initiator
	and responder side.

Tue Jul  4 21:36:16 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Racoon usually runs in background.  If you specify -F option, you make
	her running in foreground.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/mip6.c (mip6_add_ifaddr): use in6_update_ifa()
	to assign an address instead of coping code from in6.c

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_update_ifa): newly added to update
	parameters of an IPv6 interface address.
	Basically, this function does nothing new, but made in6_control()
	simple.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): completely obsoleted
	SIOCSIFADDR_IN6, SIOCSIFDSTADDR_IN6, and SIOCSIFNETMASK_IN6.
	We are quite confident there is no application that used these
	commands, but if one exists, please let us know.

Tue Jul  4 18:33:20 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	don't delete phase 1/2 handler if some internal error occurs.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_is_ifloop_auto): removed an `ifdef'
	part for openbsd, which made the function always return 0.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_unlink_ifa): newly added to release
	various links for in6_ifaddr when deleting an address.
	This function is also called from in6_control(), in order to
	prevent the kernel from keeping a garbage structure on failure of
	address addition.

Tue Jul  4 13:26:56 JST 2000 sakane@ydc.co.jp
	* kame/sys/key.c:
	A patch from <Francis.Dupont@enst-bretagne.fr> applied.
	- fixed a interval to call key_timehandler.
	- fixed a typo.
	- added a value to be returned when some error happen.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): added several
	improvements for sharing a single prefix with multiple addresses:
	- install an interface direct route only when there's no shared
	  prefix. We'll never see unexpected EEXIST errors with this fix.
        - call in6_ifaddloop()/in6_ifremloop() whenever necessary.
        - do not call in6_ifaddloop()/in6_ifremloop() unless necessary.
        - added several clarifications according to the ipv6 address
	  architecture.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/main.c (main_listen_accept): set the receiving
	interface when accepting an on-link bgp connection.
	* kame/kame/bgpd/bgp.c (bgp_process_open): detected a proper peer
	for an incoming IBGP open message with link-local address.
	These changes enabled an IBGP peer using link-local addresses.
	Suggested by: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

Tue Jul  4 10:25:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- Process to send a delete notify message only when phase 2 has
	  been established.
	- added "dead" flag to a schedule.  It is used to mark a schedule
	  already dead.  don't delete a schedule at multiple place.

Tue Jul  4 08:44:11 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/inetd: remove duplicated ipsec initialization code
	  (used on SIGHUP).

2000-07-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/bgp.c (connect_try): made sure to zero-clear a
	newly allocated buffer.
	Report from: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

Mon Jul  3 11:50:12 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/icmp6.h: avoid bitfields in router renumbering packet
	  declaration.  XXX standards?

2000-07-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): immediately discarded
	a packet to an unready (i.e. tentative or duplicated) address with
	logging.
	This change reflected recent discussion in the ipngwg ML.

Sun Jul  2 11:24:52 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_input.c, kame/sys/netinet6/in6_pcb.c:
	  repair netbsd faith support.  (1) tcp6_input dropped faith'ed
	  connections (2) in6_pcblookup_connect() was too strict.

Sat Jul  1 20:57:57 JST 2000  itojun@iijlab.net
	* kame/faithd: make it possible to invoke faithd(8) from inetd(8).
	  benefits: allows us to access-control inbound traffic by using
		hosts.allow(5).
	  possible drawbacks: inetd mode has no chance for multi-connection-
		per-single-process enhancement.  current faithd(8) needs 1
		process per 1 connection anyways.

Fri Jun 30 17:45:23 JST 2000 sakane@ydc.co.jp
	* freebsd[34]/usr.bin/whois.c:
	ported whois for IPv6/4.
	
Thu Jun 29 16:24:35 JST 2000  itojun@iijlab.net
	*/sys/netinet/in.c, kame/sys/netinet6/in6.c:
	  inhibit EEXIST from in{,6}_ifinit().  history: (1) 4.4BSD ignores
	  return value from in_ifinit() completely.  (2) previous kame code
	  tried to handle error case better, the change raised bogus EEXIST
	  to the userland on two-address-from-same-prefix assignment.

Thu Jun 29 10:14:47 JST 2000  itojun@iijlab.net
	* faithd/faithd.c, natptd/main.c, natptlog/natptlog.c: be more careful
	  about arg to syslog(3), to prevent possible buffer overrun.
	  From: deraadt@openbsd.org

2000-06-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6: several minor improvements:
	- daemonized dhcp6c.
	- reactivated dhcp6c agains a SIGHUP signal or change of the
	  default route.
	- changed logging based on syslog(8).

2000-06-28  SUZUKI Shinsuke  <suz@kame.net>
	* kame/sys/netinet6/ip6_fw.c
	ip6fw works on FreeBSD-4.0 + KAME, too.

Wed Jun 28 15:01:09 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improved sending a notify message including delete payload.
	It's sent when one of below situations happens:
		o receiving SADB_DELETE message from kernel.
		o receiving SADB_FLUSH message from kernel.
		o flushing phase2 handler.

Wed Jun 28 01:16:41 JST 2000	SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* freebsd4/INSTALL
	write up configuration-related matters for FreeBSD-4.0

Wed Jun 28 01:12:59 JST 2000  itojun@iijlab.net
	* libinet6/name6.c: correct error handling in DNS name lookups.

Tue Jun 27 23:12:54 JST 2000	SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* bsdi3/sbin/ifconfig/ifconfig.c: fixed error trap when given name 
	corresponds to multiple v6 addresses.

Tue Jun 27 14:01:39 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/emacs: upgrade to 20.7

Tue Jun 27 00:32:20 JST 2000  itojun@iijlab.net
	* netbsd/sys/arch/*/conf/GENERIC.v6: enable PULLDOWN_TEST for all
	  architectures.  this is done because mbuf pullup code in
	  sys/net/if_loop.c has been found to be a source of performance hit,
	  and PULLDOWN_TEST code is found to be stable enough.
	* netbsd/sys/sys/mbuf.h: recover 4.4BSD MINCLSIZE.

Sun Jun 25 21:11:19 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* start to support FreeBSD 3.5-RELEASE. 3.4-RELEASE is obsolete.

Sat Jun 24 23:41:31 JST 2000  itojun@iijlab.net
	* freebsd4/lib/libinet6/getnameinfo.c: correct NIS lookup.  from ume.

Sat Jun 24 16:43:58 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: upgrade to 6/19.

Sat Jun 24 02:20:33 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/wyvern: new port, a simple web server
	* freebsd3/ports/tcpd: new tcpd from Artur Frysiak <wiget@pld.org.pl>
	* freebsd3/ports/wget: fix security hole and use latest IPv6 patch
	* freebsd3/ports/vnc: use latest IPv6 patch

Fri Jun 23 19:49:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/gbatnav: new port, a battleship game
	* freebsd3/ports/mmosaic: upgrade to 3.6.2.

Thu Jun 22 17:40:37 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey:
	delete sadb_x_ident_id_addr.  don't send a pair of addresses
	by including acquire message to a user.

	* kame/kame/racoon/pfkey.c:
	SADB_EXT_IDENTITY_{SRC,DST} is not required to parse SADB_ACQUIRE
	message any more.

Thu Jun 22 17:45:40 JST 2000  itojun@iijlab.net
	* openbsd/sys/dev/ic/xl.c: disable multicast hash filer setup on 905B,
	  since the code does not do the right thing. (sync with
	  openbsd-current)

Thu Jun 22 03:45:41 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/raw_ip6.c, {bsdi4,openbsd}/sys/netinet6/raw_ipv6.c:
	  correct RFC2292bis interface selection support for
	  multicast packets.  KAME PR261.

Wed Jun 21 17:07:55 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_src.c: make in6_recoverscope() friendly with
	  !FAKE_LOOPBACK_IF compilation.  with previous code in6_recoverscope()
	  may fail to convert kernel internal representation into sockaddr_in6.

Wed Jun 21 03:18:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/leafnode+: IPv6 enabled leafnode+-2.10
	  From: yoshfuji@ecei.tohoku.ac.jp

Wed Jun 21 03:00:16 JST 2000  itojun@iijlab.net
	* openbsd/sys/dev/pcmcia/if_wi.c: make IPv6 work on wavelan cards.

2000-06-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_ioctl): made sure to cast the
	argument to in6_aliasreq{} for the SIOCSIFPHYADDR_IN6 command.
	Without this, the validation check would reject correct requests;
	i.e. you couldn't configure IPv6 physical addresses.
	In response to a report from FUJIURA Toyonori <toyo@jp.freebsd.org>

2000-06-20  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* kame/kame/ndp/ndp.c (delete, get)
	supported <link-local_addr>%<link ID> on "ndp -d" and "ndp (addr)".
	
Tue Jun 20 14:55:10 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to 2.1.0
	* freebsd3/ports/bind9: upgrade to 9.0.0b4
	* freebsd3/ports/lftp: upgrade to 2.2.3
	* freebsd3/ports/mozilla: upgrade to M16

Tue Jun 20 12:49:28 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_proto.c: disable rate limitation for ICMPv6 error,
	  since (1) it makes no sense to put less-than-10ms value to here
	  due to UNIX timer resolution, and (2) it seems wrong to rate-limit
	  without considering content of the payload (like ICMPV6 type/code).
	  we still have pps limitation.  based on comments from kjc.

Tue Jun 20 11:44:19 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0b4.

2000-06-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): corrected logic
	of error detection for sooptcopyin(). This will fix the problem
	that traditional RFC2292 compatible mode did not work for some
	socket options (e.g. IPV6_PKTINFO) on freebsd[34].

Mon Jun 19 18:23:15 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	A path name in configuration file is always complemented if it is
	not begin from slash(/).  If it's begin from slash, a path name
	never be complemented.

Mon Jun 19 16:51:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	If "non_auth" is defined in racoon.conf, any transform of AH proposal
	including "non_auth" is not sent to the peer.

2000-06-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): jumped to the
	"freehdrs" label before making the header chain in order to avoid
	possible memory leak.
	In response to the KAME problem report sys/259.

Mon Jun 19 07:41:31 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_{init,send}.c: be more backward-compatible with
	  past behavior.  some userland code may not initialize
	  nsaddr_list.sa_len.

Mon Jun 19 04:42:55 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 6/12 snapshot from
	  tcpdump.org.

Mon Jun 19 04:15:23 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/sys: Security fix "FreeBSD-SA-00:25 FreeBSD/Alpha
	  platform lacks kernel pseudo-random number generator, some
	  applications fail to detect this."
	  From: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-08&msg=20000612215144.D1A3B37BBF7@hub.freebsd.org

2000-06-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_attach): 
	initialized inp_ip_ttl in udp6_attach for mapped addresses.
	in response to a report from Hideaki YOSHIFUJI
	<yoshfuji@ecei.tohoku.ac.jp> (KAME-snap 2738)

2000-06-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {netbsd, openbsd}/usr.bin/netstat/inet6.c (icmp6_stats): 
	printed number of icmp6 error messages not sent due to rate
	limitation.

Fri Jun 16 05:01:24 JST 2000  itojun@iijlab.net
	* openbsd/sys: sync with OpenBSD 2.7
	  TODO: userland cleanup.  tests (i386/conf/GENERIC.KAME compiles but
	  not tested).
	  kame/openbsd/ports does not work.  we may want to remove those.

	  If you wish to upgrade to KAME-on-OpenBSD 2.7, make sure to
	  perform "make clean" at the top level to nuke symlinks, like:
	  % make TARGET=openbsd clean update prepare

	  make VERY sure that you use kame-supplied tools (like
	  /usr/local/v6/sbin/ping6) instead of normal ones (/sbin/ping6)
	  if you use KAME-enabled kernel.  there are API changes between them.

Thu Jun 15 22:41:16 JST 2000  itojun@iijlab.net
	* kame/sys/netkey/key.c: correct compilation without IPSEC_ESP.
	  From: Matthias Drochner <M.Drochner@fz-juelich.de>

Thu Jun 15 21:22:35 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	Fixed extension length of two key extension when dumping SA.
	setkey was failed to print keys if SA has both encryption and
	authentication keys.

Thu Jun 15 14:44:30 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	CR payload is only made if signature authentication method is applied.

Thu Jun 15 13:29:29 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon/cfparse.y:
	In racoon.conf, the path of configuration file is complemented by
	include directive only if there is no '/' in the path.

Thu Jun 15 13:08:25 JST 2000  iotjun@iijlab.net
	* sys/netinet6/ipsec.[ch]: net.inet.ipsec.inbound_call_ike sysctl
	  MIB is now gone for good.

Thu Jun 15 10:01:47 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_init.c: make _res.nsaddr_list initialization
	  more conservative when resolv.conf is missing (or there is no
	  "nameserver" line).  previous code chokes on IPv4-only kernel.
	  merge from netbsd-current.

2000-06-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (defrouter_msg): was added to tell
	user processes changes about the default router (including
	deletion). This function would be called from defrouter_addreq,
	defrouter_addifreq, and defrouter_delreq.
	Note: this is currently experimental and is only enabled with the
	ND6_USE_RTSOCK kernel compilation option.

Thu Jun 15 02:18:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/zebra: upgrade to 0.87.
	* freebsd3/ports/ruby: use 1.4.4.

Thu Jun 15 02:07:53 JST 2000  itojun@iijlab.net
	* kame/man/man4/inet6.4, *bsd*/usr.sbin/inetd/inetd.8:
	  update wording on IPv4 mapped address and tcp4/tcp6 interaction.

Wed Jun 14 23:35:03 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/libexec/ftpd: correct STAT command output for LPSV.
	* libinet6/resolv/res_query.c: change member name for struct res_target.
	  "class" conflicts with C++ reserved identifier.
	  From: Graham Wheeler <gram@cequrux.com>

2000-06-14  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* sys/net/if_dummy.c, freebsd4/sys/conf/files:
	dummy I/F is available on FreeBSD4.0, too.

	* freebsd4/sys/conf/options, freebsd4/sys/conf/files
	freebsd4/sys/sys/mbuf.h
	FreeBSD-4.0 KAME with MIP6 option is available.
	add mbuf flag M_PROTO6 and use it for M_MIP6TUNNEL.

Wed Jun 14 20:14:47 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: pass encryption failure code up to ESP
	  engine, just in case the encryption routine fails.

Tue Jun 13 21:11:28 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra: upgrade to 0.87.

Tue Jun 13 20:08:38 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/udp_usrreq.c,  openbsd/sys/netinet6/raw_ipv6.c:
	  correct scoped address handling.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_purgeaddr): tried to restore an
	interface direct route if we have an address that shares the same
	prefix with the deleted address.
	This would improve behavior in multi-address environments;
	if you assigned multiple addresses that shared a same prefix and
	then remove one of them, the interface direct route corresponding
	to the address would still remain.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifremloop): always called
	in6_ifloop_request regardless of the result of
	in6_is_ifloop_auto(), in order to make sure to invalidate a stale
	route entry for a deleted address.
	Note: bsdi doesn't need this fix.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): avoided to use the
	cached route for forwarding, if it is down.
	This fix would prevent the input routine from accepting a packet
	to already removed address.

Tue Jun 13 14:29:12 JST 2000  itojun@iijlab.net
	* netbsd/sbin/setkey: move setkey from usr.sbin/setkey to sbin/setkey.
	  we need it for encrypted NFS (sync better with netbsd-current).

Tue Jun 13 14:07:24 JST 2000  itojun@iijlab.net
	* kame/racoon/safefile.c: be more picky about secret file permission.
	  now pre-shared key file (psk.txt) is required to be owned by the
	  uid running racoon (= root), and must not be accessible by others
	  (like 0400).

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (in6_ifadd): made sure to gain a
	reference counter to in6_ifaddr for the autoconfigured address
	in bsdi and freebsd2 cases.
	This fix would be important to those OSes, since the older code
	woulde cause duplicated free when the lifetime for the address
	expired.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/common.c (getifaddr): corrected arguments to
	in6_addrscopebyif().
	In response to a report from Hajimu UMEMOTO<ume@bisd.hitachi.co.jp>

Tue Jun 13 03:39:42 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	send error message against sadb_acquire message to the kernel
	when IPsec-SA negotiation fail.

Mon Jun 12 16:52:29 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/lang/ruby: use 1.4.4.

Mon Jun 12 14:53:22 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Add to handle CR payload on main/aggressive mode.
	No Certificate Authority field is included to CR payload at the moment.
	Becuase any certificate authority are accepted without any check.

Mon Jun 12 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: transmit SADB_X_SA2 from kernel to userland
	  on SADB_ADD and SADB_UPDATE.  without it latest racoon does not work.

Mon Jun 12 12:34:02 JST 2000  itojun@iijlab.net
	* libinet6/getnameinfo.c: use EAI_xx for error code.  rfc2553bis
	  suggests it.  the commit corrects old behavior on invalid socket,
	  where getnameinfo returned 0 (success).

Mon Jun 12 08:51:25 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: correct prefix length match on destination address.
	  the code used source prefix len on comparision by mistake.
	  From: Ronald van der Pol <Ronald.vanderPol@surfnet.nl>

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/usr.[s]bin/netstat/inet6.c (icmp6_stats): printed new
	statistics counters about error messages (see below).

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/icmp6.h: added a new structure icmp6errstat{}
	to count more precise statistics of error messages to be generated.
	* kame/sys/netinet6/icmp6.c (icmp6_errcount): added as a new
	function in order to count the precise statistics.

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/usr.[s]bin/netstat/inet6.c (ip6_stats): printed new
	statistics counters of forward cache for incoming packets (see
	below).

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_var.h (ip6stat): added members to count
	statistics of forward cache for incoming packets.
	* kame/sys/netinet6/ip6_input.c (ip6_input): counted the
	statistics.

Sun Jun 11 17:03:07 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/net,freebsd[23]/ports}/{libpcap,tcpdump}: use
	  2000/6/5 weekly SNAP from tcpdump.org.
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.9.

Sat Jun 10 23:11:41 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	* kame/kame/libipsec/pfkey.c:
	* kame/kame/setkey/parse.y:
	Obsoleted mode specification.  You don't need to specify a mode of
	SA when you get/delete SA by setkey.  Also, it's not need to do
	pfkey_send_delete/pfkey_send_get().

Sat Jun 10 15:42:25 JST 2000 sakane@ydc.co.jp
	* kame/sys/{netkey/key.c,net/pfkeyv2.h}:
	* kame/kame/{stekey,racoon,libipsec}:
	Moved mode/reqid to new extension from sadb_msg header.
	New extension is defined sadb_x_sa2 structure.

Fri Jun  9 10:10:08 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet6/in6_pcb.c, kame/sys/netinet6/in6_src.c:
	  add in6_embedscope() and in6_recoverscope(), to avoid code duplicate
	  for KAME scopeid hack.
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c: add scope consideration
	  to in6_pcbbind.

Thu Jun  8 22:58:24 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: make sure to clear ni_flags on ping6 -w
	  or ping6 -W.  From: yoshfuji

Thu Jun  8 21:40:55 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet6/{udp6_output,raw_ip6,in6_pcb}.c:
	  do not overwrite sockaddr on PRU_SEND nor PRU_CONNECT.
	  (the change is very important)

Wed Jun  7 22:21:43 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_prefix.c: check interface matches when adding
	  new interface addresses, based on new link-local address and
	  prefix information.  old code added new interface address without
	  checking interface match and ended up many bogus new interface
	  addresses.

Tue Jun  6 22:41:24 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/tcp_input.c: fix INP_IPV6_MAPPED configuration
	  onto inpcb.  the mistake caused ND to behave badly (ND tries to
	  update reachability info for IPv4 mapped address - one more reason
	  to hate IPv4 mapped address).
	  From: dab@bsdi.com

Tue Jun  6 22:16:18 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/wwwoffle: upgrade to 2.5e.

Tue Jun  6 21:53:54 JST 2000  itojun@iijlab.net
	* bsdi4/sbin/sysctl: correctly handle IPv6 ipsec/pim entries.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/libexec/tftpd/tftpd.c: do not connect tftp session
	  sockets. Instead, check consistency of the client's local port.
	In response to PR: sys/254

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/tftp/tftp.c:
        - do not blindly copy server's port, but make sure to check its
	  consistency during a session.
        - copy the whole received sockaddr (i.e. not only port) for the
	  next sendto(), which would be safer if the server has bound its
	  local address.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/ports/bind9, netbsd/pkgsrc/net/bind9:
	upgraded to bind-9.0.0b3. KAME users are recommended to use this port,
	because the original version has an API compatibility issue in a
	multi-address environment.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sbin/sysctl/sysctl.c:
	* {netbsd, openbsd}/usr.sbin/sysctl/sysctl.c:
	synch with the change below. (Fortunately, there are no binary
	compatibility issues).

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/pim6_var.h: renamed macro definitions about
	pim6 sysctls to avoid possible conflict.
	Suggested by: Hitoshi Asaeda <asaeda@yamato.ibm.co.jp>

Mon Jun  5 21:56:35 JST 2000  itojun@iijlab.net
	* traceroute6/traceroute6.c: add -f (skip first hops).  the option
	  is common to freebsd4/bsdi4/openbsd/netbsd traceroute(8).

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute6/traceroute6.c (main): set a minimum set of
	socket options as soon as opning a raw socket to avoid
	unintentionally receiving packets without ancillary data.
	Note: this could actually happen when we used an unreachable IPv6
	DNS server.

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_pcbsetport): supported FreeBSD
	3 and later as a separate function, the code which was a part of
	in6_pcbbind().

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_output.c (udp6_output): supported FreeBSD
	3 and later.
	* freebsd[34]/sys/netinet6/udp6_usrreq.c: removed original
	udp6_output().
	* freebsd[34]/sys/conf/files: added netinet6/udp6_output.c

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_send): added some
	validation checks for the passed sockaddr. The previous code seemed
	a bit naive.

Sun Jun  4 22:28:30 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: remove MULTICASTQUERY6 case.
	  it is unnecessary since we have mdnsd, and it was mistake in BIND9
	  that BIND9 replied to multicast queries.

Sun Jun  4 21:57:47 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c: revise upper-layer reachability confirmation
	  hint processing.  count hints from upper-layer, and if the count
	  reaches maximum, try to probe reachability by real ND.
	  sysctl net.inet6.icmp6.nd6_maxnudhint defines maximum # of subsequent
	  upper-layer hints to be accepted.
	  we have removed check against process privilege for IPV6_REACHCONF.

	  we currently have two sources for hints: (1) IPV6_REACHCONF
	  (2292bis setsockopt), and (2) hints from tcp_input.
	  it is still questionable if they are really trustworthy.
	  for example, rogue userland program can use IPV6_REACHCONF to confuse
	  ND process (which is system-wide cache).   also, tcp_input can be
	  hosed by hijack attempts.

Sun Jun  4 12:29:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*: sync with latest MIPv6 patch from ericsson guys.
	  - New addition to eager movement detection: now a second level
	    provided to enhance handoff time a lot. As soon as a
	    new prefix is heard the Mobile Node changes default
	    router. Less stable, router reachability is not assured,
	    but this can make handoff go in less than 0.5 sec. Also:
	    nasty trick used is to run nd6_timer() five times per
	    second. Use "mip6config -e 2" to test.
	  - More consistent function of mip6config and mip6stat.
	  - Fixed some bugs in mip6stat.
	  - Code clean up.

Sun Jun  4 01:12:52 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd3/ports, netbsd/pkgsrc/net}/p5-Socket6: upgrade to 0.07.

Sat Jun  3 08:08:43 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.
	* freebsd3/ports/mod_perl: mod_perl-1.24.tar.gz

2000-06-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput): separated from
	tcp_ctlinput. We believe a separated function would make sense
	in this case.
	Additionaly, the new function now calls syn_cache_unreach().
	IMO, there's been no special reason not to call it.

	* openbsd/sys/netinet/tcp_subr.c (tcp6_ctlinput): applied the same
	fix as bsdi4.
	Also, the ctlinput function now calls in6_pcbnotify(), which was
	unintentionally (IMO) prohibited.

2000-06-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, freebsd[34], openbsd}/sys/netinet6/in6_pcb.c
	  (in6_pcbnotify):
	* kame/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	corrected the algorithm to detect whether in6_rtchage() should
	be called.
	
Fri Jun  2 21:08:22 JST 2000  itojun@iijlab.net
	* freebsd2/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.

Thu Jun  1 04:47:42 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- You must explicitly specify the file name of certificate and
	  private key if you use a certificate.  See README.certificate.
	- fixed to make a index of SPD in responder side when ID type in ID
	  paload is subnet, or when there is no ID payload.
	- supported to negotiate the IPsec-SA of ESP without authentication.
	- Added the direction as an item to compare policy.
	- fixed some crash problems.

Thu Jun  1 02:43:31 JST 2000  itojun@iijlab.net
	* kame/mdnsd: multicast DNS resolver, as specified in
	  draft-aboba-dnsext-mdns-00.txt.  Note that spec conformance is
	  still very low.
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 5/29 weekly snap.

<200005>
2000-05-31  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_mloopback): make a deep copy
	of the IPv6 header only in an M_EXT case. Practically, we'll
	rarely need such an extra copy.

Tue May 30 23:56:04 JST 2000  itojun@iiljab.net
	* sys/netinet6/ip6_output.c: make scopeid handling in multicast
	loopback case (ip6_mloopback) consistent with other cases.

Tue May 30 20:54:23 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: with #define MULTICASTQUERY6, allow
	  multicast address in /etc/resolv.conf "nameserver" line.  By
	  configuring resolv.conf(5) like below:
		nameserver ff02::1%3
	  DNS queries will reach all nodes on the link with link ID "3".
	  With the change, the resolver code changes some of its behaviors:
	  - the resolver code does not check src/dst pair match, if we have
	    multicast address in resolv.conf.  It may or may not raise security
	    issue.
	  - the resolver code does not use connected udp socket for multicast
	    query.

	  highly experimental - note that this change DOES NOT attempt to
	  support multicast DNS queries, as drafted in
	  draft-aboba-dnsext-mdns-00.

2000-05-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/faithd/faithd.c (main): allocated enough memory for
	serverpath and serverarg to prevent possible buffer overrun.

Tue May 30 11:18:03 JST 2000  itojun@iijlab.net
	* freebsd[23]/ports/popper, netbsd/pkgsrc/mail/qpopper:
	  mark the port broken for security issue.  users are suggested to
	  remove the installed binary.
	  http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-22&msg=p04320305b5511470392c@[192.168.1.5]

Tue May 30 01:29:04 JST 2000  itojun@iijlab.net
	* freebsd4/sys/net/if_loop.c: check BPF data link layer type (DLT_xx)
	  on call to bpf_mtap() in if_simloop().

	  XXX if_simloop() call from ip6_output() causes junk to be injected
	  to bpf buffer.  we may need some fix separately from this commit.

Tue May 30 00:11:17 JST 2000  itojun@iijlab.net
	* {bsdi4,netbsd}/usr.bin/ftp: internally convert IPv4 mapped address
	  into real IPv4 address.  IPv4 mapped address adds too much confusion
	  to FTP protocol handling.
	  Suggested by: ume

Mon May 29 08:34:58 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/in6_pcb.c (affects netbsd only):
	  bind(2) on AF_INET6 socket with IPv4 mapped address will raise error,
	  instead of making port number duplicate on pcb struct.

Mon May 29 02:26:25 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/tcp_input.c: correct critical typo.  prior to the
	  change, if we have inbound IPv4 TCP traffic to AF_INET6 socket.
	  inp_laddr6 will have ::ff0f:xx.yy.zz.uu, not ::ffff:xx.yy.zz.uu.
	* bsdi4/usr.sbin/netstat/inet.c: do not print IPv4 mapped address
	  as normal IPv4 address, on netstat -an.  print it as is (as IPv4
	  mapped).

Mon May 29 00:43:15 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c (affects netbsd only):
	  correct setsockopt(IPV6_BINDV6ONLY) behavior.

Mon May 29 00:04:15 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/in_pcb.c: remove NRL bind(2) ordering constraint.
	  NRL code forbids wildcard IPv4 bind after wildcard IPv6 bind on
	  the same port number.  it was mistake.  now bind(2) is free from
	  ordering constraint.

Sun May 28 15:33:11 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/5/22 weekly snap.

Sat May 27 23:05:00 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.8.

2000-05-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dtcp/dtcpc.rb: added a new option "-r (static|solict)"
	to specifiy how the default route should be configured.

2000-05-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd: became more conscious of interface status
	(up or down);
        - when an interface becomes down, stop the corresponding timer.
	- when an interface becomes up again, reinitialize the status and
	  restart the timer.
	- simply discard data received on a daed interface.
	- dump if interface is up or dump

Sat May 27 19:07:58 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: add net.inet6.icmp6.errppslimit sysctl MIB.
	  it will let you limit ICMPv6 error messages by pps, not interval.
	  still not sure what is the best way to perform rate limitation...
	  change default parameter for icmp6 error rate/pps limitation
	  to 100usec interval and 200pps (an icmp6 error packet needs to
	  pass both tests to leave the node).

Sat May 27 15:18:58 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: support -N option to probe NI group address at
	  ease.  for example:
	  % ping6 -N -I ne2 lychee
	  will probe NI group address for nodename "lychee", instead of the
	  address resolved for "lychee".

Sat May 27 14:01:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: on in6_ifattach(), join NI group address
	  specified in icmp-name-lookup-04 and beyond.
	  TODO: cope with hostname change events, like sethostname(3).

Fri May 26 00:02:15 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier
	  on HTTP Host: directive.  disallow scoped address if the access is
	  via proxy.
	* openbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier on
	  HTTP Host: directive.  correct Host: directive passing if the
	  access is via proxy.
	  TODO: disallow scoped address if the access is via proxy.

Thu May 25 23:16:01 JST 2000  itojun@iijlab.net
	* bsdi4/usr.bin/telnet/commands.c: use getaddrinfo to be scoped-address
	  friendly.

Thu May 25 21:56:47 JST 2000  itojun@iijlab.net
	* bsdi4/sys/i386/pci/if_exp.c: do not use interrupt for initializing
	  multicast filter.  this will make exp driver to be friendly with
	  IPv6 initialization sequence.  hints from netbsd fxp driver.

2000-05-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/route.c (ifa_ifwithroute): reverted a KAME
	specific change introduced on 2000-02-25 (see this log file).
	The change was an ad-hoc hack and broke BSDI's original
	intention, so we've wanted to clarify the code.

2000-05-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_ifattach.c (in6_ifattach,
	in6_ifattach_addaddr): use rtrequest1() when assigning IPv6
	addresses since this function is more conscious of interfaces than
	rtrequest() and is suitable for link-local addresses.

Thu May 25 01:25:39 JST 2000 sakane@ydc.co.jp
	* kame/sys/{netkey/key.c,netinet6/ipsec.c}:
	* kame/kame/setkey:
	supported IPsec with link local address.
	XXX to be supported by racoon.

Wed May 24 22:42:40 JST 2000  itojun@iijab.net
	* bsdi4/sys/net/if_ppp.c: IPv6 support.  highly experimental.
	* bsdi4/usr.bin/ppp: IPv6CP support.  highly experimental.  solicit
	  test/experience reports.

2000-05-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6s.c: the "-n dnsserv" option can now be
	specified multiple times, when a user wants to set more than one
	server.

Wed May 24 18:59:55 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	fix to check vendor id.  HASH function for vendor id is always MD5.

Wed May 24 18:09:12 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.h: check parameter type to IN6_ARE_ADDR_EQUAL().
	  this should avoid typecast bugs like below.

2000-05-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	corrected the 2nd argument IN6_ARE_ADDR_EQUAL(), which was
	unintentionally "struct in6_addr **"".
	This fix is quite important for stability and users of those OSes
	are recommended to apply it.

Wed May 24 14:32:44 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	supported pre-shared key written by hex string.

Wed May 24 01:29:46 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/pppd: pppd with IPv6 support.  from netbsd-current.
	  no on-demand dialing support at this moment.
	* netbsd/sys/net/if_ppp.c: async ppp kernel code with IPv6 support.
	  from netbsd-current.  it will change ioctl API slightly,
	  and stock netbsd142 pppd may choke.

Tue May 23 21:51:00 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	fix to get local address to be used by sending address.  It was
	enbugged when some macro was removed.

Tue May 23 07:41:08 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	don't bark when the life duration of attribute in SA payload is
	encoded TV format.  It's allowed by RFC.

Tue May 23 07:14:59 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	some fixes.
	- initialize prefixlen at ipsecdoi_id2sockaddr.
	- check sainfo duplicated.
	- improve sainfo2str() to return "anonymous" if sainfo is anonymous
	  record.
	- fix to parase port number specification.
	- change output level during parsing payload.

Tue May 23 01:46:39 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* Remove "options PM" from GENERIC.v6.

	  Now, the facility of v4NAT was integrated by NATPT (some NAT
 	  function is not implemented yet), please use NATPT when you want
 	  to use v4NAT.

Tue May 23 00:27:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/udp6_var.h: make sysctl symbol name meet with
	  IPv4 counterpart.  freebsd2: net.inet6.udp6.maxdgram,
	  netbsd: udp6.sendspace, bsdi3: udp6.sendmax.

Mon May 22 21:08:55 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: disallow negative numbers for ICMPv6 rate limit
	  interval.  use ratecheck(9) if exists (this will make
	  netbsd15/openbsd27 merger easier).

Mon May 22 17:54:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/{ah,esp}_output.c: correct rare error case handling
	  (do not leak mbuf/do not emit incomplete packet).
	* sys/netinet6/ah_*.c: cope with memory allocation failure more
	  gracefully.

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scopedaddrtest/scopedaddrtest.c: a new option "-N" was
	added to specify the NI_NUMERICSCOPE flag for getnameinfo().

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (ip6_sa2str): supported
	the NI_NUMERICSCOPE flag if available.

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {freebsd[234],bsdi3,{net,open}bsd}/include/netdb.h
	(NI_NUMERICSCOPE):
	* bsdi4/contrib/bind/src/include/netdb.h (NI_NUMERICSCOPE):
	the new flag was added as specified in rfc2553bis-00.

Mon May 22 13:19:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: to conform better with icmp-name-lookup-05,
	  make the validation rule more strict for node information query.
	  now, IPv6 destination address must be anycast/unicast for the node,
	  or link-local multicast.
	  there still are spec non-conformance - see comments in icmp6.c.

Mon May 22 12:07:28 JST 2000  itojun@iijlab.net
	* kame/gifconfig/gifconfig.c: correct gif outer (physical) address
	  printing, on non-IPv6 kernel.

Sat May 20 04:59:26 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_{forward,output,input}.c:
	  correct link-local scoped address handling on loopback interface.
	  broken by FAKE_LOOPBACK_IF code committed on 17 May 2000.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): loosened scope check
	in ip6_mdq() for packets forwarded to a register I/F. Without
	this, such packets could be mistakenly discarded.
	In response to: a report from Noriaki Takamiya
	<takamiya@po.ntts.co.jp>
	
Fri May 19 11:41:05 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_mroute.[ch]: add backward compatibility code
	  for 2000/4/12 mrt6msg change (is not used in kame tree).
	  freebsd40 and openbsd27 are shipped with old declaration, so we
	  need to provide backward compat to some degree.

Fri May 19 09:26:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/{usr.bin/fetch, lib/libftpio}: support IPv6.
	  From: ume@mahoroba.org

Fri May 19 00:30:04 JST 2000 itojun@iijlab.net
	* kame/pim6dd/vif.c: allocate uv_querier struct as necessary on
	  initialization.  it will avoid SEGV right after invocation.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/scope6.c (scope6_addr2default): was added to
	get the default scope zone for a specified address.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_output.c (udp6_output):
	* kame/sys/netinet6/raw_ip6.c (rip6_usrreq):
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c:
	* {freebsd[34]}/sys/netinet6/raw_ip6.c:
	* {bsdi4, freebsd[34], openbsd}/sys/netinet6/in6_pcb.c:
	filled default scope zone in sin6_scope_id if unspecified.
        Currently, these are enabled only with the ENABLE_DEFAULT_SCOPE
	kernel compilation option.

2000-05-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_forward.c (ip6_forward): zero-cleared
	embedded link zone IDs in forwarded packets. We forgot this, since
	old kernel did not allow link-scope packets to be forwarded.

2000-05-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ndp/ndp.c (set): supported <link-local_addr>%<link ID>
	for "ndp -s".

Thu May 18 21:15:32 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: upgrade to 5.4.0
	* freebsd3/ports/heimdal: upgrade to 0.2t.
	* freebsd3/ports/w3m: upgrade to 0.1.9.
	* freebsd3/ports/netperf: use latest IPv6 patch.

Thu May 18 16:34:18 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.4.0.

Wed May 17 23:58:14 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc, freebsd[23]/ports}/net/{libpcap,tcpdump}: use 5/15
	  weekly snap.

Wed May 17 21:50:27 JST 2000 sakane@ydc.co.jp
	* {freebsd[234],netbsd}/sys/netinet/ip_output.c:
	call key_spdacquire() if there is no policy entry for IPv4.
	key_spacquire() sends a setup policy request to the policy
	negotiating daemon or something.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): 
	* kame/sys/netinet6/ip6_output.c (ip6_output):
	made scoped addresses more friendly with loopback interfaces;
	if a packet containing scoped addresses in the source or
	destination address fields is going to be sent on a loopback
	interface, pass looutput() the interface to which the scoped
	address(es) belongs.
	For example, you won't see "lo0" when you ping to your own
	link-local address.
	This is currently experimental and enabled only when the
	FAKE_LOOPBACK_IF kernel compile option is specified.

Wed May 17 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: correct node information lookup, when
	  the query is formatted in 05 draft format and IPv6 multicast
	  address is attached as subject.  this will make node to reply to
	  "ping6 -w ff02::1" like before (actually, validation rule is not
	  really conformant to 05 draft.  see comments in source for details).

Wed May 17 19:09:51 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/{squid11, qmail}: upgrade to latest IPv6
	  patch.
	* kame/freebsd3/ports/{quake6, quakedata}: use IPv6-migrated
	  quakeforge.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scope6config/scope6config.c: added a new syntax
	"scope6config default" to see the default zones.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{in6.c, nd6_rtr.c, scope6.c}: introduced the
	notion of "default scope zones":
	- store the default zones in scope6_ids[0]
	- reflect change of default interface to default link
        - added a new ioctl SIOCGSCOPE6DEF to get the default values

2000-05-17  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* bsdi3/sys/net/if_tun.c:
	- fixed mbuf allocation bug on tun?
	- enabled IPv6 addressing on tun?
	* {freebsd[23]/ports,netbsd/pkgsrc/net}/gated-ipv6
	updated to May 11's snapshot

Wed May 17 10:09:42 JST 2000  itojun@iijlab.net
	* kame/sys/net/if_gif.c: with "options XBONEHACK", allow multiple
	  gif tunnels to be configured with the same pair of outer addresses.
	  From: Lars Eggert <larse@isi.edu>
	* kame/sys/net/if_gif.c: always disallow multiple multi-dest tunnels.

2000-05-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/common.c (getifaddr): corrected the 2nd argument
	to in6_matchflags().
	* kame/kame/dhcp6/dhcp6s.c (server6_react_solicit,
	server6_react_request): corrected scope validation for incoming
	packets.

Tue May 16 23:05:56 JST 2000  itojun@iijlab.net
	* kame/route6d/route6d.c: memory leak and bzero() correction.
	* kame/route6d/route6d.c: correct interface address handling
	  for global address on p2p interface.  there seem to be two major
	  models in this arena: cisco (use addr/plen) and gated (advert
	  dest/128 and addr/128).  the code supports both behavior,
	  switchable at compilation time.  default behavior is "gated".
	  we may need to revisit the code later.  Comments from suz on p2p
	  routing model.

Tue May 16 09:44:50 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp/fetch.c: parse RFC2372 ftp URL correctly.
	  (the code is different from netbsd-current code - netbsd-current
	  code works just right, and our version will go away when we switch
	  to kame/netbsd15)

Mon May 15 22:39:20 JST 2000  itojun@iijlab.net
	* openbsd/usr.bin/ftp/fetch.c: parse RFC2372 ftp URL correctly.

2000-05-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/v6test/conf/ext.conf (jumbolack): added to see if the
	target is coformant to the 1st validation in Section 3. of rfc
	2675.

2000-05-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): if ip6_plen == 0 &&
	HbH is included && no jumbo opt, return icmp6 error and discard
	packet. This is a new validation check added in RFC 2675.

Mon May 15 18:25:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: support DNS subject name in NI6 query.
	  receiving node will supress reply, if DNS subject name does not
	  match gethostname(3).  truncated nodename case is little bit
	  questionable, see below.

Mon May 15 15:48:44 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c, kame/ping6/ping6.c:
	  use DNS name encoding for NI6 replies (DNS name).
	  the kernel code tries to be compatible with 03 draft (will reply
	  with pascal string to old "ping6 -w" or current "ping6 -W").
	  truncated nodename case is little bit questionable - many nodes are
	  configured with  non-FQDN nodename, and we're not sure if we can
	  treat such name as FQDN for the node.

Mon May 15 02:35:41 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use tcpdump.org 2000/5/8
	  weekly snap

Sun May 14 JST 2000  itojun@iijlab.net
	* sys/netkey: completely rewrite message management, to avoid possible
	  buffer overrun with corrupted pfkey data stream.  since only root
	  processes are able to connect to pfkey socket, we don't consider
	  this as vulnerability (if a bad guy can inject corrupted data stream
	  to pfkey, he has root privilege and he can do many other things
	  as well).  rewrite still in progress.
	  if you see any breakage with IPsec related operations, please report.
	* sys/netkey: attach better proposal/combination payload to acquire
	  message from the kernel.

2000-05-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat: printed per-interface IPv6 statistics.
	Please try
	% netstat [-p [ip6|icmp6] | -f inet6] -s -I if_name
	for printing statistics on a specified interface.

2000-05-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c (rip6_output):
	- fixed memory leak for outgoing ancillary data
        - use KAME's checksum offset option for outgoing packets
        - count statistics for outgoing ICMPv6 packets
        - be more friendly with nervous compilers
        - code cleanup

Sat May 13 JST 2000  itojun@iijlab.net
	* */usr.bin/telnet/commands.c: improve error message on invalid
	  port name.  gai_strerror() does not give enough detail.
	* netbsd/usr.sbin/inetd/inetd.c: improve error message on address
	  family mismatch.
	* sys/netinet6/icmp6.c: improve icmp6 node information support.
	  we have not been conformant to the latest specification (05).
	  the current code is a mixture of 05 draft and 03 draft.
	  need more fixes (see comment in code for detail).

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/gifconfig/gifconfig.c (in6_status): use getnameinfo
	(instead of inet_ntop) to print IPv6 addresses.

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c (in6_setsockaddr): move
	the embedded link ID of a link-local address to the sin6_scope_id
	field in order to conceal the embedding hack from users.

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6: supported the latest draft (dhcpv6-15).
	Note that this version is not compatible with the previous one,
	and thus you should update whole your DHCPv6 system including
	clients, relays and servers.

Thu May 11 19:28:22 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- fix to get lifetime/lifebyte from doi attribute.
	- fix to lifetime/lifebyte handling.
	  lifetime of 0 should not be included a packet.  0 of lifebyte should
	  not be included in a packet although 0 means not to care of the
	  lifetime of bytes.  If there is such case, it is rejected.
	- modify racoon.conf.5.
	- update version to 20000501 means proposal parser is fixed.

	They are reported from <Francis.Dupont@enst-bretagne.fr>.

Wed May 10 14:07:22 JST 2000  itojun@iijlab.net
	* sys/netinet/* (all platforms): correct more boundary checking issues
	  in ip options processing.  This was 4.4BSD issue, and all *BSD
	  platforms are not very careful in parsing ip options.
	  
Wed May 10 02:07:33 JST 2000  itojun@iijlab.net
	* sbin/ping6: correct outbound NI query packet with -aw.
	  we should have attached Subject data, which was defined in
	  04 draft. (we are now in 05)
	* sys/netinet6/icmp6.c: improve inbound NI query packet validation.

Tue May  9 22:11:56 JST 2000  itojun@iijlab.net
	* all platforms: correct NetBSD Security Advisory 2000-002, problem (2).
	  this applies to all BSD-based operating systems.  Kernel upgrade
	  is suggested if you run serious services with KAME kernel.

Mon May  8 23:24:34 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use tcpdump.org 2000/5/8
	  weekly snap.

Mon May  8 23:08:24 JST 2000  itojun@iijlab.net
	* libinet6/name6.c: correct resolver error code handling (h_errno,
	  like last arg for getipnodebyname).

Mon May  8 17:20:17 JST 2000  itojun@iijlab.net
	* freebsd4: ipsec now compiles (not tested at all).
	  brave testers wanted.

Sat May  6 01:48:14 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/{libpcap, tcpdump}: upgrade to 2000/05/01.
	* freebsd[23]/ports/tcp_wrapper: upgrade to latest IPv6 patch.
	* {freebsd[23]/ports,netbsd/pkgsrc/net}/mtr: upgrade to 0.42.
	* freebsd3/ports/vat6: upgrade to latest IPv6 patch.

Sat May  6 00:30:39 JST 2000  itojun@iijlab.net
	* */include/netdb.h, kame/libinet6/getnameinfo.c: 
	  2nd arg of getnameinfo() is socklen_t, not size_t.
	  this was changed somewhere before rfc2553.  we forgot to catch
	  up with the change.

Sat May  6 00:55:30 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mozilla: upgrade to M15. From: ume

Fri May  5 23:19:10 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3: INET6 and IPSEC* defines are moved from opt_inet.h to
	  opt_inet6.h and opt_ipsec.h

Fri May  5 15:59:21 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/in6_ifattach.c: stabilize in6_ifdetach() again.
	  previous code touched uninitialized pointers.
	* openbsd/sys/net/if.c: cope with pcmcia card removal.

2000-05-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6_proto.c (accept_listener_query): 
	corrected incoming MLD query message handling.

Thu May  4 13:10:16 JST 2000  itojun@iijlab.net
	* openbsd/lib/libinet6/getaddrinfo.c: translate resolver error codes
	  in h_errno into getaddrinfo error code.  without this, EAI_FAIL
	  is always returned and it made no sense.
	  From: deraadt@openbsd.org

Mon May  1 19:38:32 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/5/1 weekly snap.

Mon May  1 18:24:04 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: avoid panic on ip6fw kernel configuration
	  on IPv6 packet outputs (usually, DAD on reboot).

Mon May  1 14:05:02 JST 2000  itojun@iijlab.net
	* kame/libinet6/name6.c: use BIND 4.9.7 DNS answer parser to remove
	  any of vulnerability old name6.c might have.

Mon May  1 12:22:53 JST 2000  itojun@iijlab.net
	* kame/libinet6: have more sanity check against validity of CNAME.
	  (there were some advisory about this in the past, IIRC)

<200004>
2000-04-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d: did timeout the MLD querier correctly.

2000-04-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c: call ip6_mrouter_done() when the
	ip6_mrouter socket is closed in order to avoid remaining a garbage
	socket in the kernel.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/ports/bind9/Makefile: upgraded to bind-9.0.0b2.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/cfparse.y:
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_bootstrap):
	ignored node-local and link-local group prefixes in the
	configuration file and received bootstrap messages.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): do not try NUD unless the
	gateway is a real neighbor. We can now enable NUD on a p2p link
	even when
	- assigning a pair of source and destinaion addresses on the p2p
	  link (with the /128 mask), or
	- installing a direct route to the p2p link using an AF_LINK
	  gateway or a node's own address on another interface.

Sat Apr 29 02:11:18 JST 2000  itojun@iijlab.net
	* freebsd4: fix various kame/freebsd4 sync issue, including KAME
	  PR 244.  there can be more issues left - pls report if you find one.
	* */libinet6/getaddrinfo.c, kame/libinet6/name6.c: correct
	  FILTER_V4MAPPED code.  avoid unaligned memory accesses.

2000-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd: filled the suggested hash mask length in
	bootstrap messages. Also, that field is now configurable.
	In response to a report from Olivier TOGNI
	<togni@dpt-info.u-strasbg.fr>.

Fri Apr 28 19:30:18 JST 2000  itojun@iijlab.net
	* ports/pkgsrc for zebra (openbsd, freebsd[23], netbsd):
	  upgrade to 0.86.

2000-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute6/traceroute6.c (main): always printed the
	source address of proving packets.

Fri Apr 28 13:34:27 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/rsync, netbsd/pkgsrc/net/rsync: upgrade to 2.4.3

Fri Apr 28 00:41:36 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: correct in6_ifdetach().
	  free oia, not ia.  there are more problems, Lennart says.
	  From: Lennart Augustsson <augustss@augustsson.net>

2000-04-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/udp_usrreq.c: removed udp6_output() to use a
	shared version defined in netinet6/udp6_output().

2000-04-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet/in_pcb.c (in_pcbnotify):
	* openbsd/sys/netinet/in_pcb.c (in_pcbnotifyall): 
	prevented an infinite loop, which could happen if an IPv6 PCB
	entry exists and notification to the PCB list occurs.
	OpenBSD users who use the 20000424 snap release are strongly
	recommended to apply this fix.

Thu Apr 27 12:32:34 JST 2000  itojun@iijlab.net
	* freebsd4/lib/libinet6/getaddrinfo.c: getaddrinfo.c obeys
	  configured resolve order.  From: ume

Thu Apr 27 10:35:47 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: disallow $HOSTALIASES for setuid binary.

Thu Apr 27 05:06:35 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	vendorid directive is obsoleted.  vendorid should not be configurable.

Wed Apr 26 21:23:49 JST 2000  itojun@iijlab.net
	* {net,open}bsd/lib/libinet6/getaddrinfo.c:
	  disable AI_ADDRCONFIG support since it does not handle PF_UNSPEC
	  case.  From: ume

Wed Apr 26 19:20:54 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_{comp,send}.c: incorporate strict boundary
	  checking from BIND 4.9.7.  simplify #ifdefs.
	* libinet6/resolv/res_send.c: force fragment to minimum IPv6 MTU when
	  we send a UDP query to IPv6 DNS server.  this avoids path MTU
	  discovery from affecting name resolution.

Wed Apr 26 17:44:18 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_query.c: clarify reasons for setbuf().
	* freebsd4: sync with latest gif and stf code (compiled, need more
	  testing)

Wed Apr 26 12:00:59 JST 2000  itojun@iijlab.net
	* libinet6/resolv: allow users to switch use of EDNS0 query packet,
	  by "options edns0" in /etc/resolv.conf.   BIND9 DNS server must be
	  listed on "nameserver" line if you use EDNS0 query packet, since
	  BIND4/8 will choke with EDNS0 packets.  highly experimental.
	  (not available in freebsd4 and bsdi4 due to resolver differences)

Tue Apr 25 16:46:56 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* v4 traceroute (in NAT-PT w/ v4NAT) works.

Tue Apr 25 16:21:24 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/ip_ipip.c: re-enable support for ipip interface.
	  sync with netbsd-current.

Tue Apr 25 11:39:22 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpr: allow lp=port@host. NetBSD PR 9975.
	* netbsd/usr.sbin/lpr: don't SEGV on rp=numerichost.
	  From: hiro@takechi.org

Tue Apr 25 04:09:09 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	* kame/kame/setkey:
	In the case of ICMP{,V6}, check address family and upper layer protocol.

Tue Apr 25 03:54:32 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	enable VPN negotiation again.

	XXX AS before, racoon can NOT negotiate the socket based SA.

2000-04-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/if.c (ifa_ifwithnet): reverted a change on
	2000-02-25, since the logic is not related with our latest code.

Mon Apr 24 22:13:09 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc (netbsd/freebsd2): upgrade to 4/24 snapshot.

Mon Apr 24 21:39:23 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- enable to define some algorithm each algorithm class.
	- use internal SPD, don't SPDGET in order to get SP entry.
	- fix to negotiate phase 2 with multiple transform in a single protocol.

Mon Apr 24 17:22:51 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improve phase 2 configuration and parse phase 2 SA payload.
	Racoon takes security protocols to be negotiated at phase 2 from
	kernel's SPD.
	User can define algorithms, lifetime and pfs by "sainfo" directive.

	XXX At the moment, racoon can NOT negotiate the SA for VPN.  Because
	I don't clarify to define the relation between the values of ID
	payloads and a pair of src/dst which cause the SA negotiation to
	begin. Also racoon can NOT negotiate the socket based SA.  Because
	there is not any SP entry for socket in the kernel's SPD.

Mon Apr 24 13:08:42 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.3.8.

Sun Apr 23 14:21:32 JST 2000  itojun@iijlab.net
	* freebsd2/usr.bin/ftp: use RFC2732 URL format for Host: HTTP directive.
	* openbsd/usr.bin/ftp: support RFC2732 URL format (bracket around
	  IPv6 numeric address).

2000-04-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): do not check scope
	boundary for packets through a PIM register tunnel. Without this
	change, an RP will not be able to forward packets received on a
	register tunnel. However, this blindly relies on the routing
	daemon's behavior. We'll eventually need more reliable fix.

2000-04-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/netstat/route.c (routename6): fill in the
	sin6_socpe_id field of a local variable to support
	<scope_addr>%<scope_id> extension.

Fri Apr 21 20:13:09 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet{,6}/in{,6}_pcb.c: on in{,6}_pcbnotify, make sure
	  to touch pcbs that meets address family of incoming packet.

2000-04-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/ip_output.c (in_mrejoin): skipped PF_INET6
	entries. This is a fix of a serious bug and should be applied if
	you use	IPv6 multicasting.

Thu Apr 20 21:32:02 JST 2000  itojun@iijlab.net
	* sbin/route/route.c (freebsd[23], netbsd, bsdi[34]):
	  use scoped address notation when printing IPv6 link-local multicast
	  addresses.

2000-04-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/ripng.c (rip_sockinit): do not bind ff02::9 on
	the RIPng socket. Without this fix, bgpd can't accept unicasted
	RIPng messages.
	In response to a report from masahito_endo@ydc.co.jp

Thu Apr 20 18:22:26 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc (netbsd): upgrade to 4/17 snapshot.
	* libpcap/tcpdump pkgsrc (openbsd): added port for 4/17 snapshot.

2000-04-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c (rip6_ctloutput): 
	- just (implicitly) call ip6_ctloutput for IPV6_CHECKSUM.
	- added multicast routing socket options.
	
Wed Apr 19 17:18:25 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* v4NAT in NATPT works.
	  - v4 traceroute does not work yet.  I will fix it soon.
	  - FTP active transfer process does not work.
	    When you want to use ftp, use passve mode instead of active.

Wed Apr 19 10:52:56 JST 2000  itojun@iijlab.net
	* sys/netinet{,6}/in{,6}_gif.c: do not attempt to transmit packet
	  if we are apparently making infinite loop.
	* sys/netinet6/in6_gif.c: always fragment encapsulated IPv6 packet
	  to minimum IPv6 MTU.  otherwise, inner layer (like IPv4 in
	  IPv4-in-IPv6) needs to retransmit to kick path MTU discovery in
	  the outer layer - too painful.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): added scope boundary
	check.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scope6config/scope6config.c: added to configure and
	view the scope zone identifiers of a particular interface.
	XXX: should eventually be merged into ifconfig or something.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/scope6.c: added to configure/mangement IPv6
	scopes. Two new ioctls were also added to set/get scope zone
	identifiers.

Tue Apr 18 13:12:40 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/udp6_output.c: for better code sharing, split
	  udp6_output() from udp6_usrreq.c.

Tue Apr 18 12:44:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improve phase1 DH group check.
	dh_group must be defined by each proposal in a configuration file.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6relay.c: added to support DHCPv6 relay
	agent. The implementation currently handles DHCP Solicit and
	Advertise messages only.

Tue Apr 18 03:10:01 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mmosaic: multicast Mosaic.

Tue Apr 18 02:35:54 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- use getifaddrs to get addresses.
	- fix to define logging level by hexa-decimal string.
	- tiny fix to print error/warn message during parsing configuration
	  file.

2000-04-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_usrreq.c (udp6_output): 
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_output):
	considered byte order of an embedded link-identifier.

Mon Apr 17 20:32:27 JST 2000  kjc@csl.sony.co.jp
	* add ALTQ support to freebsd4.

Mon Apr 17 21:05:48 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: support priority between attached
	  interfaces.  see comments for more detail.
	* sys/net/if_gif.c: gif prioritized match support (between LINK0 and
	  !LINK0 - LINK0 is less preferred) is now recovered.

Mon Apr 17 15:52:19 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.7.

Mon Apr 17 13:32:48 JST 2000  itojun@iijlab.net
	* kame/ndp/ndp.c: remove leftover from IPv4 arp logic in set() and
	  delete().  this caused infinite loop in certain oruting setup.

Mon Apr 17 11:37:44 JST 2000  itojun@iijlab.net
	* sys/netinet/in_gif.c: reject packets with IPv4 broadcast address
	  on outer IPv4 source.  this is suggested in ngtrans-mech-05.

2000-04-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6[cs].c: tiny clarifications;
	- shutdown(0) for write only sockets
	- do not set IPV6_MULTICAST_IF for a read-only socket.

Fri Apr 14 18:18:18 JST 2000  itojun@iijlab.net
	* ports/pkgsrc for libpcap and tcpdump (freebsd[23], netbsd):
	  upgrade to use 2000/4/3 snapshot.

Fri Apr 14 17:39:27 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: simplify gif interface attachment to ip_encap
	  dispatcher.  add martian/ingress filters against outer source,
	  as suggested in ngtrans-mech-05.

Fri Apr 14 13:26:44 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/tcp_input.c: use path MTU value on routing
	  table when computing MSS, only if layer 3 supports path MTU
	  discovery.  (openbsd has no IPv4 path mtu discovery.  a node may
	  propose too large mss if we use rmx_mtu value)
	  From: Hugh Graham <hugh@openbsd.org>

Fri Apr 14 01:00:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: require root privilege on IPV6_REACHCONF
	  ancillary message (experimental, from jinmei).

Thu Apr 13 23:13:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: correct icmp6 extension header traversal,
	  to avoid sending icmp6 error against icmp6 error.  found by
	  TAHI test.

2000-04-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet/tcp_input.c (tcp_input): do not call
	ND6_HINT() if the connection status is LISTEN.

2000-04-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_nud_hint): do not change a
	neighbor's status unless the old status is probably reachable
	(i.e. the link-layer address has already been resolved).
	In response to: KAME PR sys/235.

Wed Apr 12 22:11:02 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/ncftp3, netbsd/pkgsrc/net/ncftp3: upgrade to 3.0.1.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6[cs].c: tiny fixes to decrease compilation
	errors;
	- corrected arguments for inet_pton().
	- supplemented a header file.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6.c (accept_mld6): reflected the change
	of mrt6msg{}; check the overlaid MLD6 type field instead of
	msg_controllen to detect if received packets are control messages
	or real MLD6 messages.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.h: changed the order of members of
	mrt6msg{} to overlay the structure onto the MLD6 header (not IPv6
	header.)
	Suggested by: pavlin@catarina.usc.edu

Wed Apr 12 13:28:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mbone/vat6: pkgsrc for vat6 (IPv6-ready vat).
	  From: ichiro@ichiro.org

Wed Apr 12 01:24:40 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: cleanup IPv6 interface initialization
	  in in6_ifattach().  be more persistent about initialization,
	  to cope with manually configured link-locals.

2000-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/gifconfig/gifconfig.c: supported a new description
	"gifconfig ifname delete", which removes already specified physical
	addresses on the interface.

2000-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_ioctl): supported a new ioctl
	SIOCDIFPHYADDR in order to allow a user to remove
	already specified physical addresses on a gif interface.

Tue Apr 11 14:58:10 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: revise interface identifier lookup.
	  we no longer cache EUI64, due to KAME PR 236.
	  NOTE: you may see interface identifier changes due to lookup
	  policy change.  be careful when you upgrade the kernel (you may
	  experience address mismatch with DNS database, for example)

Mon Apr 10 14:38:00 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/sendmail.beta, freebsd2/ports/sendmail.beta:
	  use 8.10.1. (not really beta already...)

Sat Apr  8 09:49:57 JST 2000  itojun@iijlab.net
	* gated-ipv6 ports/pkgsrc (netbsd/freebsd[23]): upgrade to 3/9 snapshot.

Fri Apr  7 23:14:53 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.6.

Thu Apr  6 14:41:26 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: reject spdadd if address family does not match
	  between SA address pair and SPD filter.  for example, the following
	  attempt will return EINVAL:
	    # setkey -c
	    spdadd ::1 ::1 any -P out ipsec esp/tunnel/10.1.1.1-10.1.1.1/use;
	    ^D

Thu Apr  6 14:51:03 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon/cfparse.y:
	  disable algorithm direcitive.
	  if there is in the config file, parser will bark as warning.
	  if strength is used the file, parser will stop to parse config file.

Tue Apr  4 17:48:20 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: support IPV6_USE_MIN_MTU in 2292bis
	  advanced API.  We support it in setsockopt (IPv6 UDP only) and
	  in ancillary data.

Mon Apr  3 12:36:01 JST 2000  itojun@iijlab.net
	* */lib/libpcap, */usr.sbin/tcpdump: remove to avoid duplicated effort
	  with tcpdump.org.  if you want them, use pkgsrc/ports.

Mon Apr  3 12:15:32 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/heimdal: use 0.2r.

Mon Apr  3 09:52:23 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc/ports (freebsd[23], netbsd):
	  upgrade to 2000/3/27 weekly snapshot.

Sun Apr  2 22:05:03 JST 2000  itojun@iijlab.net
	* totd pkgsrc/ports (openbsd, netbsd, freebsd[23]): upgrade to 1.1p4.

Sat Apr  1 22:47:12 JST 2000  itojun@iijlab.net
	* sys/sys/socket.h (all platforms): avoid namespace pollution
	  for CMSG_ALIGN().

<200003>
Thu Mar 30 2000  itojun@iijlab.net
	* libinet6: by defining USE_EDNS0, resolver will make queries with
	  EDNS0 UDP buffer size report. (experimental since BIND4/8 chokes
	  with EDNS0 packet)

Thu Mar 30 14:10:35 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4: turn off gif and faith temporally.
	  basic catching up was done. I checked ping[46]/telnet6/ssh[46]
	  work on KAME-current/FreeBSD4.
	  (Now I have alpha box only. I do not check it on x86 environment)
	  TODO:
	    gif, faith, altq, IPsec(encap4_input), mip6, natpt
	* freebsd2/ports/emacs20: upgrade to 20.6.

Wed Mar 29 16:34:20 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ncftp3: upgrade to 3.0.0.
	* freebsd3: remove MAPPED_ADDR_ENABLED option to easily code
	  sharing with freebsd4. you can turn on/off mapped-addr
	  supporting by sysctl instead of it.

Wed Mar 29 16:00:24 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0beta2.

Tue Mar 28 23:09:59 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: SIIT assumes that routers forward native
	  IPv6 packet with IPv4 mapped address just like for normal packets.
	  move IPv4 mapped address src/dst check downwards.
	* sys/net/if_stf.c: make IPv4 ingress filtering rule more strict.
	  drop packet if there's no route found for IPv4 source, or
	  IPv4 compatible IPv6 source.

Tue Mar 28 21:45:54 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/ncftp3: upgrade to 3.0.0.

Tue Mar 28 10:35:50 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/socks64: upgrade to latest patch.

Tue Mar 28 09:03:03 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/devel/unproven-pthreads: upgrade to 0.12.

Tue Mar 28 00:40:38 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/isakmpd: OpenBSD isakmpd snapshot as of
	  2000/2/20.

Sun Mar 26 20:05:55 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.3.4.

Sat Mar 25 16:55:37 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/sys: import FreeBSD 4.0-RELEASE. This is just
	  virgin import. Migration does not ended yet.

Sat Mar 25 14:52:06 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/socks64: upgrade to latest patch.

Thu Mar 23 02:36:12 JST 2000  itojun@iijlab.net
	* kame/route6d: don't advertise reject/blackhole static routes.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_output): was copied from
	netinet6/udp6_usrreq.c to separate UDP output routine from that of
	IPv4, since KAME's UDP6 output had completely different logic from
	original udp_output.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_pcbsetport): was moved from
	in6_src.c for sharing with bsdi4.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd: retained rejected or blackhole routes to prevent
	accepting or advertising such routes unexpectedly.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[23]/sbin/route/route.c (getaddr): use getifaddrs() instead
	of SIOCGIFCONF to examine all interface addresses.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {freebsd[23], bsdi[34]}/sbin/route/route.c: supported extended
	format for IPv6 scoped addresses. For example, you can install an
	IPv6 link-local gateway like
	# route add add -inet6 3ffe:: fe80::1234%ed0 -prefixlen 16
	instead of
	# route add add -inet6 3ffe:: fe80:1::1234 -prefixlen 16
	(where 1 embedded in the link-local address is the inteface index
	 of ed0).
	
Wed Mar 22 17:57:21 JST 2000  itojun@iijlab.net
	* netbsd: synchronize userland with 1.4.1 -> 1.4.2 changes.
	  TODO: boot floppies (netbsd/distrib).

Wed Mar 22 16:29:19 JST 2000  itojun@iijlab.net
	* {ports,pkgsrc}/net/bind8: upgrade to latest patch.  this avoids
	  invalid use of netinet6/in6.h.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/dump.c: supported the SIGUSR1 signal to let
	rtadvd dump its internal status into a file upon receipt of the
	signal.

Wed Mar 22 16:12:02 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	- improve key_spdget() to get a policy by policy id.
	- add key_spddelete2() to delete policy by policy id.
	* kame/sys/net/pfkeyv2.h:
	- add a new member, sadb_x_policy_id, into sadb_x_policy structure.
	- add a new message type, SADB_X_SPDDELETE2 in order to distinguish
	  key_spddelete().
	* kame/kame/libipsec:
	- simplify pfkey_send_spdget(). no require src/dst addresses.
	- add pfkey_send_spddelete2() to delete policy by policy id.

Wed Mar 22 15:52:48 JST 2000  itojun@iijlab.net
	* netbsd/sys: synchronize with NetBSD 1.4.2.  userland still needs
	  some work.

2000-03-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): set the
	INP_IPV6_MCAST flag after ip6_setmoptions() for an NRL pcb.
	Without this, bsdi4/openbsd would panic when an application using
	IPv6 multicasting is terminated.
	This fix would solve KAME PR sys/224.
	
Tue Mar 21 21:56:04 JST 2000  itojun@iijlab.net
	* freebsd[23]/sys/kern/uipc_socket.c: correct freebsd bug in sanity
	  check for socket timeout value.  netbsd uipc_socket.c 1.18 -> 1.19.
	  (FreeBSD PR should be issued separately)
	  From: Eric Lemiere <elemiere@matra-ms2i.fr>

Tue Mar 21 18:23:14 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: disable too strong check against
	  packets with IPv4 compatible address.  this (wrongly) forbids
	  auto tunnel relaying case in RFC1933.  we may want to re-enable it
	  whenever mech-xx discussion goes to more secure settings.

Mon Mar 20 21:16:30 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump},
	  freebsd[23]/ports/{libpcap,tcpdump}: upgrade to weekly snapshot
	  as of 2000/03/20.
	* netbsd/pkgsrc/mail/sendmail.beta, freebsd2/ports/sendmail.beta:
	  upgrade to 8.10.0 (not really beta).

2000-03-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): just sent packets on a p2p
	interface where NUD is disabled. Without this fix, the following
	would not work:
	# route add -inet6 default ::1 -ifp gif0
	Also note that you'll have to do like
	# ndp -i gif0 -nud
	to disable NUD.

Sat Mar 18 12:09:15 JST 2000  itojun@iijlab.net
	* sync with latest ericsson mobile-ip6.
	  major changes include:
	  - options MIP6_{MN,HA} gone. SIOCSATTACH_MIP6 now selects MN or HA
	    functionality.  Same usage as before.
	  - Memory leaks, bug and other irritating things found and eliminated.
	  - Code clean-up.
	  - Pretty stable thing now (in FreeBSD3), we tortured it a bit at
	    Connectathon.
	  - Better source address selection.
	  - Delete neighbor cache working better?
	  - README and TODO updated.
	  - Proxy delete implemented.

Sat Mar 18 10:27:03 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/mtr: install binary as non-suid root.
	  unbroken pkgsrc.

Sat Mar 18 01:16:26 JST 2000  itojun@iijlab.net
	* ports/packages for mtr and lynx: mark them BROKEN for vulnerability
	  reported on bugtraq.  we recommend you to remove them from your KAME
	  box by using pkg_delete(8), if you have installed them.

Sat Mar 18 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/sys/netinet/in.c, sys/netinet6/in6.c: backout
	  memory leak fix on interface address addition failure, added
	  Mar 11 2000.  the fix was too strict and made it impossible to
	  add two interface addresses in same prefix.
	  KAME PR 218.  From: Kazuto Ushioda <x-y-z@3si.co.jp>

Thu Mar 16 22:33:52 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: in res_queryN,
	  try to visit all of the requests given.  don't stop even if
	  AAAA query returns SERVFAIL.  some of old name servers return
	  SERVFAIL or NXDOMAIN on AAAA queries, if there's no AAAA records.
	  NetBSD PR: 9621

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/cfparse.y: correclty parsed data_timeout
	In response to a report from <Benoit.HILT@colmar.uha.fr>

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ndp/ndp.c: added additional arguments for the -i
	option to set some ND-related parameters per i/f basis.
	Note: you should update kernel and include files before
	recompiling ndp.

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c: performed NUD on p2p links. A new
	member of nd_ifinio{} and a new ioctl (SIOCSIFINFO_FLAGS) were
	added to turn on/off the feature.

2000-03-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c: added a new option 'H', which specifies
	to try reverse-lookup of IPv6 addresses. ping6 now does not try
	reverse-lookup by default. We hope that this change will decrease
	a report like "ping6 does not work with a global address".

Tue Mar 14 10:04:42 JST 2000  itojun@iijlab.net
	* libinet6/getnameinfo.c: configure return value correctly, when
	  name lookup is asked and there's no DNS records.
	  KAME PR: 222, From: Noriaki Takamiya

Mon Mar 13 21:29:32 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: fix error handling in
	  YP name lookup.
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c, kame/libinet6/name6.c:
	  filter out IPv4 mapped address in DNS/YP/hosts database, as they
	  are not supposed to appear on those places.  There are real-world
	  example with incorrect use exist, and it makes trouble with
	  IPv6-only node.

Mon Mar 13 19:36:55 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Add "strict_address" in listen directive.  It requires all addresses
	for ISAKMP to be bound.

Mon Mar 13 14:09:54 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{tcpdump,libpcap}, freebsd2/ports/{tcpdump,libpcap}:
	  upgrade to 20000228.

Sun Mar 12 13:58:34 JST 2000  itojun@iijlab.net
	* {openbsd,netbsd}/sys/netinet/in.c: undo interface address addition
	  attempt, when in_ifinit() fails.

Sun Mar 12 11:06:55 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc,openbsd/ports}/net/zebra, freebsd2/ports/zebra:
	  upgrade to 0.85.

Sun Mar 12 00:25:06 JST 2000  itojun@iijlab.net
	* sys/net/if_stf.c: now compiles on all the platforms we have.
	  (freebsd3 compilation is not tested by myself).  TODO: more tests
	* {bsdi3,bsdi4,freebsd2,freebsd3}/sys/net/if_types.h: move private
	  interface types to 0xf0 and upwards.

Fri Mar 10 23:00:45 JST 2000  itojun@iijlab.net
	* {bsdi3,bsdi4,freebsd2,netbsd,openbsd}/sys/net/rtsock.c: fix problem
	  in route_output, when rnh_lookup returned RNF_ROOT radix node.
	  This seems to be BSD problem, not KAME problem.
	  (freebsd3 have already fixed this in a different manner)
	  openbsd/netbsd-current are fixed as well.
	  KAME PR: 217

Fri Mar 10 06:11:03 JST 2000  itojun@iijlab.net
	* sys/netinet/icmp6.h: fix member name of icmp6_filter to be
	  compatible with RFC2292. (member name is icmp6_filt, not icmp6_filter)
	  From: Francis Dupont

Fri Mar 10 01:05:05 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_core.c: add strict mbuf boundary checks for IPv4/v6
	  AH computation.  now IPv4/v6 AH processing are m_pulldown safe.

Thu Mar  9 22:15:33 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey,netinet6:
	implement pfkey function for policy management.
		key_spdupdate() replace a policy entry.
		key_spdsetidx() set a policy index.
		key_spdget() gets a policy entry.
		key_spdacquire() send request for starting IKE nagotiation.
	XXX key_spdacquire() is not tested.

Thu Mar  9 22:08:17 JST 2000 sakane@ydc.co.jp
	* kame/kame/libipsec/pfkey.c:
	implement pfkey libraries.
		pfkey_send_spdupdate() replace a policy entry.
		pfkey_send_spdsetidx() set a policy index.
		pfkey_send_spdget() gets a policy entry.

Thu Mar  9 18:06:30 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_output.c: avoid mbuf memory leak, or unauthenticated
	  packet transmission, on IPv6 AH checksum failure.

Thu Mar  9 17:48:58 JST 2000 sakane@ydc.co.jp
	* kame/freebsd3/sys/netinet/ip_output.c
	* kame/kame/sys/netinet6/ip6_output.c:
	- Fix ipsec_get_policy().
	- Avoid double free of mbuf.  it has been free when error occured
	  at soopt_mcopyout().
	They are only in FreeBSD3.  Not tested yet in Others paltforms.

Thu Mar  9 17:40:46 JST 2000 sakane@ydc.co.jp
	* kame/kame/libipsec/test-policy.c:
	  Improved test program for ipsec_{set|get}_policy.

Thu Mar  9 15:06:53 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* Add v4 NAT into NATPT.
	* Now, Options NATPT_NAT is necessary to use this function,
	  but this option becomes needless soon.

2000-03-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/sys/netinet/tcp_input.c (tcp_input): did not try to
	access to ip6_inputopts unless it's really an IPv6 packet.
	In response to: a report from Noriaki Takamiya
	<takamiya@po.ntts.co.jp>

Thu Mar  9 09:41:53 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_core.c: except the first AH, treat AH checksum as
	  immutable if there are multiple AH present on a packet.
	  note that AH spec does not talk about this case very much, and use
	  of multiple AH is very rare.
	  (no interoperability between KAME code prior to this change, and
	  after this change)
	* bgpd/cfparse.y: fix endian issue.  found by tahi team.

2000-03-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scopedaddrtest: was added to check the precise
	behavior of KAME's scoped address support in the getXXXinfo
	functions.

2000-03-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (getnameinfo): tried to parse
	IPv6 scoped addresses according to the new format
	(<addr>%<scopeid>).
	* kame/kame/libinet6/getnameinfo.c (ip6_parsenumeric): was added
	for the above purpose.

Tue Mar  7 19:10:21 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- Fixed to check OpenSSL version number.  reported by
	  <stomomi@ebina.hitachi.co.jp>.
	- Since we don't support pre-0.9.4 any more, drop INCLUDE_PATH_OPENSSL,
	  SSLVER and HAVE_OPENSSLV_H

Tue Mar  7 11:36:03 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	enable SADB_X_SPDSETIDX.  It can set a policy index into SPD.

2000-03-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6dd/pim6.c (init_pim6): corrected the initilization
	process so that pim6dd does not access to NULL pointers.
	From: Olivier TOGNI <togni@dpt-info.u-strasbg.fr>

Tue Mar  7 07:16:29 JST 2000 sakane@ydc.co.jp
	* kame/kame/setkey:
	Fix replay window size as default to 0 when manual setting.
	It means responder doesn't check sequence number.

Mon Mar  6 16:54:29 JST 2000  itojun@iijlab.net
	* kame/libinet6/getnameinfo.c: comment out NI_NOFQDN support,
	  since the behavior is specwise incorrect.

Mon Mar  6 13:38:59 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: add new api, encap_attach_func(), which
	  allows you to attach decapsulator with packet matcher function.
	* sys/net/if_stf.c: 6to4 tunnel support. (compiles on netbsd only at
	  this moment)

Mon Mar  6 11:19:24 JST 2000  itojun@iijlab.net
	* netbsd/libexec/{rlogind,rshd}/{rlogind,rshd}.c:
	  reject connection from IPv4 mapped address (IPv4 connection via
	  AF_INET6 socket).

Sun Mar  5 11:41:24 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: correct SA lookup, so that we can always get/use
	  proper SA even if we use sendto(2).
	  From: Greg Troxel <gdt@ir.bbn.com>

Sat Mar  4 02:01:16 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.4.

Fri Mar  3 22:11:59 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/sys/netinet/ip_input.c: remove merge mistake,
	  which affected TTL value for ressembled packet.  NetBSD PR 9412.

Fri Mar  3 00:36:58 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/w3m: upgrade to 0.1.6.

Thu Mar  2 21:30:50 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/usr.bin/{fstat, sockstat}: support AF_INET6.
	* freebsd3/ports/{v6eval, ct}: upgrade to 0.6 but this port is now
	  broken.

2000-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/dump.c: used %qu instead of %llu for printing
	a u_quad_t value.
	XXX: although %qu is not standardized, FreeBSD 3.1 and olders do
	not handle %llu correctly.

Thu Mar  2 16:44:18 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: for IPv6 address, don't configure broadcast
	  address (ifa_dstaddr) in ifaddr structure.  this is to avoid
	  returning broadcast addresses via routing socket.
	  From: Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>

2000-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ifmcstat/ifmcstat.c (ifname): corrected invalid access
	to kernel internal pointers in !(nbsd||obsd) cases.

Thu Mar  2 02:01:48 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*.c: bring in update from ericsson for mobile-ip6.

Wed Mar  1 18:46:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/setkey:
	  Fix to delete a SPD entry.  "spddelete" can work.

Wed Mar  1 18:36:27 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/emacs: upgrade to 20.6.

Wed Mar  1 12:38:07 JST 2000  itojun@iijlab.net
	* libpcap/gencode.c: fix "ip host foo" or "ip6 host foo" where foo has
	  both A and AAAA.  From: Bill Fenner, FreeBSD PR: 17083

Wed Mar  1 03:27:06 JST 2000  itojun@iijlab.net
	* libinet6/rthdr.c: fix alignment constraint in rthdr_*.
	  From: shin@kame.net for freebsd-current
	* */sys/kern/uipc_socket2.c: fix ancillary data padding at the end,
	  in sbcreatecontrol().

Wed Mar  1 01:30:43 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/udp_usrreq.c: always use in4_cksum() for
	  inbound udp4 checksum.
	* bsdi4/sys/netinet/udp_usrreq.c: always use in4_cksum() for inbound
	  udp4 checksum.  fix ipsec checks on multicast.  add jumbogram
	  consideration a bit.  undo temporary pcbconnect correctly on
	  udp6 scope check failure.

<200002>
Tue Feb 29 13:30:10 JST 2000  itojun@iijlab.net
	* */sys/netinet{,6}/in{,6}_proto.c: call encap_init().  From: jinmei
	* */sys/netinet{,6}/tcp{,6}_subr.c: make sure to send valid TCP window
	  size option, even when we have socket buffer size >= 65536.
	  FreeBSD PR 16914.

Mon Feb 28 23:26:03 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/icmp6.c: fix ICMPv6 redirect input.  the bug
	  can result in invalid ND entry.

Mon Feb 28 20:14:15 JST 2000  itojun@iijlab.net
	* kame/sys/netinet*/*.h: wrap xxCTL_VARS by #ifdef __bsdi__,
	  since it is only for BSDI.

Mon Feb 28 19:01:44 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpr/lpd: fix breakage due to unsynchronized change
	  between rcmd.c and lpd.c (lpd should be reorganized to not use
	  __ivaliduser_sa...).

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c (main): added a new modifier "c" for the
	-a option, which means target's IPv4 compatible and IPv4 mapped
	addresses are required.

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/icmp6.h (NI_NODEADDR_FLAG_xxx): rearranged
	according to ipngwg-icmp-name-lookups-05.
	Note: this version is not compatible with previous ones.

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/{advapitest, bgpd, pim6dd, pim6sd, rtsold, rrenumd,
	traceroute6, rtadvd}: treated CMSG_SPACE() as a function, not a
	constant macro, and avoided to put it in a definition of a static
	array as a result.

Sun Feb 27 18:27:51 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_init.c: allow extended scoped IPv6 address format
	  into "nameserver" line in /etc/resolv.conf.

Sun Feb 27 17:49:32 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: add OS-specific
	  getaddrinfo, which keeps search order declared in /etc/nsswitch.conf
	  or /etc/resolv.conf.

Sun Feb 27 16:43:04 JST 2000  itojun@iijlab.net
	* */sys/sys/socket.h: use ALIGNBYTES, instead of sizeof(long) - 1,
	  for CMSG alignment.  without it CMSG alignment is not spec
	  conformant if
		ALIGNBYTES > sizeof(long) - 1.
	  this add dependency from sys/socket.h to machine/param.h - which may
	  not be right.

	  NOTE: recompile all IPv6 userland, if you are on architecture
	  with ALIGNBYTES != sizeof(long) - 1.
	  TODO: make it future adaptable by using sysctl hw.alignbytes.
	  (maybe for *bsd-current?)

Sat Feb 26 20:46:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_input.c: with IPv6 ESP, correctly handle
	  off != sizeof(ip6) case.
	* sys/netinet6/ah_input.c: with IPv4 AH (m_pulldown case),
	  strip off AH from the packet.  this is to make some of IPv4
	  transport layer code work correctly (specifically, ICMPv4 will
	  transmit wrong packet if we don't strip AH here)

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_input.c (tcp_input): made the variable
	"ip" consistent with "ip6" in order to avoid possible pointer
	mismatches.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/in_gif.c (in_gif_ioctl):
	* kame/sys/netinet6/in6_gif.c (in6_gif_ioctl):
	  - prevented in[6]_gif_ioctl from making dangling pointers after
	    freeing old ones. Without this fix, kernel would panic when we
	    tried to execute gifconfig multiple times on a single gif.
	  - call encap_detach before encap_attach().
	    If detach was called after attach, we'd not be able to delete
	    an existing pair of phyaddrs.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi[34]/sys/netinet/in.c (in_control): called gif_ioctl() for
	gif related ioctls. We need this for initializing encapsulation
	switch.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c: filled a valid pointer in
	af_stab[MASK] of the afswitch structure for IPv6.
	Disabled inet6_auto(), since KAME assigns a link-local address in
	the kernel.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/v6test/getconfig.c (make_ip6): made ipv6 version and
	traffic class fields configurable.
	* kame/kame/v6test/conf/ext.conf: added new tests "badver" and
	"tclass" to aset non-default values to version and traffic class
	fields, respectively.

Sat Feb 26 03:03:21 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/heimdal: upgrade to 0.2q.
	* openbsd: sys tree was broken for 4 days since "m->m_pkthdr.aux"
	  change.  sorry for this.  now we properly initialize aux pointer
	  and the kernel boots fine.

Fri Feb 25 18:03:58 JST 2000  itojun@iijlab.net
	* kame/traceroute/ifaddrlist.c: ignore 0.0.0.0, it is meaningless
	  as source.  if you run ISC DHCP client and lease expires, the address
	  appears as interface address.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/if.c (ifa_ifwithnet):
	* bsdi4/sys/net/route.c (ifa_ifwithroute):
	loosened restriction on p2p interfaces. It was too strict for
	KAME's IPv6 support.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {(net|open)bsd, freebsd3}/sys/netinet/tcp_input.c:
	* kame/sys/netinet6/tcp6_input.c:
	prevented from storing 2292bis IPv6 options in a listening
	socket. Ancillary data on a listening socket was meaningless and
	even harmful for applications.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	RFC2292bis support:
	* bsdi4/sys/netinet/tcp_output.c (tcp_output): 	
	  passed IPv6 output options to ip6_ouput().
	* bsdi4/sys/netinet/tcp_input.c: 
	  passed specified IPv6 optional data to a user as ancillary data.
	* bsdi4/sys/netinet/in_pcb.c (in_pcbdetach):
	  fixed memory leak of received IPv6 options.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (ip6_sa2str, getnameinfo):
	  changes according to the recent discussion:
	  - always print scope_id of an IPv6 address with non-zero
	    sin6_scope_id (by default), even for a global unicast address.
	  - use numeric numbers as the last resort of a scope_id string.

Fri Feb 25 01:49:00 JST 2000  itojun@iijlab.net
	* */sys/net/rtsock.c: wrap BBN hack (honor ifp/ifa on RTM_ADD),
	  into #ifdef BBNHACK.  it conflicts with proxy NDP and mobile-ip6.
	  (see CHANGELOG entry on Tue Nov 17 14:57:51)

Fri Feb 25 01:34:11 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: net.inet6.icmp6.nd6_proxyall was obsoleted.
	  use "ndp -s <v6> <mac> proxy" if you need the same functionality.

Fri Feb 25 01:34:37 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/openssh: make buildable.
	* freebsd3/ports/heimdal: upgrade to 0.2q.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/{traceroute6, ping6}/Makefile: enabled IPsec
	related	definitions.

Thu Feb 24 18:59:14 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_icmp.c (except openbsd):
	  don't transmit ICMPv4 packet back if the original packet was
	  encrypted.  if we send those, we may mistakingly leak secret
	  information.  From: jinmei

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/vmstat: was just imported. We don't have to
	modify the code, but it should be recompiled to support additional
	memory types used in the kernel.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): clarified address
	management ioctls:
	- invalidated SIOCSIFDSTADDR_IN6 and SIOCSIFNETMASK_IN6. They are
	  not very suitable in an IPv6 era, when we can assign multiple
	  addresses on a single interface.
	- added strict validations for address families of arguments.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat/{main.c, inet6.c(added)}: printed KAME's
	statistics for IPv6 and ICMPv6 instead of original ones.

Thu Feb 24 JST 2000  itojun@iijlab.net
	* libinet6/getifaddrs.c: bring in freeifaddrs().  this is in sync
	  with bsdi4 change.  From: dab@bsdi.com
	* bsdi4: enable kernel IPsec code by default.  it looks to be working
	  fine now, thanks to jinmei's efforts.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ah_input.c (ah4_input): prevented
	re-translating the byte order of the ip_id field on bsdi4.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/netstat/ipsec.c: 
	* bsdi4/usr.sbin/netstat:
	modified to print KAME's IPsec statistics.
	
2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute/traceroute.c (send_probe): 
	* bsdi4/usr.sbin/traceroute/Makefile: 
	changed a bit to calculate a UDP checksum correctly on bsdi4.

Wed Feb 24 08:49:50 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	 enbale to define DH group by a number of group.
	 old way to define like "modp768" is kept.

Wed Feb 23 21:26:21 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  fixed to compute RSA signature.  SIGN was computed including OID.
	  Now, racoon gets a interoperability with isakmp-test.ssh.fi.
	  TODO: must be check the signer of certificate.

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* (all OSes)/usr.sbin/{bgpd, pim6[ds]d}/Makefile: added the
	-DHAVE_GETIFADDRS compile option.
	Note: please be sure to update the whole tree, do "make prepare",
	update include files, and then rebuild the whole kit.

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/config.c (config_vifs_from_kernel): used
	getifaddrs().

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.pco.jp>
	* kame/kame/bgpd/if.c (ifconfig): use getifaddrs (if available)
	instead of SIOCGIFCONF, since the former interface is more
	friendly and safer.

Wed Feb 23 JST 2000  itojun@iijlab.net
	* libinet6/getifaddrs.c: bring in getifaddrs(3) from BSDI4 (it is
	  under redistributable Berkeley license).  SIOCGIFCONF is very hard to
	  use correctly, due to (1) alignment constraints in 64bit arch
	  (2) try-and-error memory allocation since there's no way to estimate
	  required buffer size beforehand.  We hope to bring this function
	  into *BSD.

Tue Feb 22 14:56:59 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/openssh: upgrade to 1.2.2 and mark as broken. we
	  need volunteers to make buildable this port.

Tue Feb 22 00:59:54 JST 2000  itojun@iijlab.net
	* sys/kern/uipc_mbuf{,2}.c, sys/sys/mbuf.h: allow mbuf attachment to
	  m->m_pkthdr.aux.  this would be useful to pass around extra
	  information across protocol handlers.  current consumers are
	  sys/netinet/ip_encap.c (extra data passing - mainly for struct ifnet)
	  and sys/netinet6/ipsec.c (socket policy passing).
	  careful about mbuf memory leak if you try using it...

	  NOTE: it is necessary to clear m_pkthdr on mbuf allocation.
	  there are drivers that does NOT use MGETHDR to allocate packet
	  header mbuf.  these drivers may need fixes.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/(several files): added initialization for IPsec. Now
	the kernel can be built and run with the IPSEC option (though we
	may need some more work to stabilize it).

Mon Feb 21 20:48:13 JST 2000  itojun@iijlab.net
	* {freebsd[23],netbsd}/usr.sbin/racoon/Makefile.inc:
	  add library paths for "USA resident" case (link separate librsaref).

Mon Feb 21 15:53:56 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/apache: upgrade to 1.3.11 with IPv6 patch.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/zlib.[ch]: were (blindly) copied from
	bsdi3/sys/net/. The kernel will be able to be built with the IPSEC
	option with these files, but we've not fully tested the KAME IPsec
	stuff on bsdi4. Please do not try it for now.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/conf/files: removed ptr_xxx functions, which have been
	obsoleted.

Mon Feb 21 13:42:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd3/ports,netbsd/pkgsrc/security}/heimdal: upgrade to 0.2p.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd: tons of changes and improvements including:
	+ static routes support
	+ input/output filter for BGP4+ routes
	+ configurable description about RIPng interfaces and BGP4+ peers
	+ exportation of interface direct routes to IBGP peers
	+ configurable logging level
	+ collecting much more statistics
	+ new configuration parser using lex and yacc
	(TODO: revise bgpd.conf.5 accordingly)

Sun Feb 20 23:45:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/{tcpdump,libpcap}: upgrade to 2/14 weekly snapshot.
	* freebsd[23]/ports/apache13: upgrade to latest IPv6 patch.

Sat Feb 19 22:12:10 JST 2000  itojun@iijlab.net
	* sys/netinet6: sync with latest ericsson mobile-ip6.
	* sys/netinet/ip_encap.[ch]: struct encaptab is now visible to
	  outside, read-only, on encap_attach().

2000-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c: enabled KAME original functions.

2000-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/in.c (in_control): added gif related ioctls.

Sat Feb 19 11:40:58 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* sys/netinet6/natpt*: Now, this translator can handle connection from
	  outside v4 (global) to inside v6 (private).  This translation is
	  done when packet is coming toward particular address and port, so
	  you must know this particular port number before making connection.

	- kernel:
		many changes in netinet6/natpt_*.[ch]
		add in4_len2mask() in netinet/in.c to call in_len2mask().

	- userland:
		slightly changed natptconfig command syntax.
		can log ipv4, ipv6 and mbuf.

Sat Feb 19 02:52:09 JST 2000  itojun@iijlab.net
	* {openbsd,netbsd,bsdi4}/sys/sys/socket.h: fix 64bit alignment issue
	  in 64bit architecture.
	  From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

Fri Feb 18 20:09:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/audio/mpg123: upgrade to latest IPv6 patch.
	* netbsd/pkgsrc/net/{tcpdump,libpcap}: upgrade to 2/14 weekly snapshot.

Fri Feb 18 02:31:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/apache13: upgrade to 1.3.11.

Thu Feb 17 22:30:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- support RSA signature authentication method on main/aggressive/base
	  mode.  There is a tips in racoon/doc/README.certificate.
	  Local test is done.  But between isakmp-test.ssh.fi and racoon,
	  to verify signature is failed.
	  TODO: to be check issuer of signature.

Thu Feb 17 16:52:56 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd[23]/ports, netbsd/pkgsrc/net}/rsync: upgrade to 2.4.1.

Thu Feb 17 15:15:02 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: fix bogus gifconfig failure, on multiple gif
	  configuration.
	  From: Takahiro Yugawa <yugawa@itjit.ad.jp>

Thu Feb 17 14:36:07 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c: better support for proxy NDP (per ND entry,
	  just like arp -s).  routing entry marked with RTF_ANNONUCE
	  (= RTF_PROTO2) will get announced by proxy ND.  on ND table, proxy
	  NDP entry will stay as permanent/reachable entry.
	  
	  To use this stuff, you need to backout bbn changes in rtsock.c.
	  otherwise ndp -s will not work and you can not set proxy ND entry.
	  (bbn rt_setif() overwrites sockaddr_dl in gateway portion)

	  TODO:
	  - proxy NA delay on output (RFC2461 7.2.8)
	  - anycast NA delay on output (RFC2461 7.2.7)
	* */usr.sbin/ndp: proxy ND support (ndp -s has "proxy" keyword added).

	  TODO: proxy ND for global address X, where X is outside of prefixes
	  assigned to the interface we would do proxy ND.  currently we try to
	  grab link-layer information from RTM_GET.  so if X is outside of
	  configured prefixes, we can't configure X for proxy NDing, or static
	  ND entry.  we may need to explicitly pass "interface" information
	  to ndp -s.

Thu Feb 17 00:40:39 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: fix IFF_LINK0 (multi destination mode), which
	  was broken during ip_encap.c migration.

Wed Feb 16 23:57:53 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/lib/libftpio: add '229 Entering Extended Passive
	  Mode' from RFC2426
	* freebsd2/ports/mpg123: upgrade to latest IPv6 patch and sync
	  with FreeBSD-current.

Wed Feb 16 22:45:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  stop racoon to start when it's failed to open addresses specified
	  in racoon.conf.

Wed Feb 16 12:17:05 JST 2000  itojun@iijlab.net
	* libinet6/getaddrinfo.c: add experimental support for post-RFC2553
	  getaddrinfo(AI_ADDRCONFIG).  the semantics of AI_ADDRCONFIG is
	  still very vague so do not expect stable behavior.

2000-02-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c (rip6_ctloutput):
	prohibited the ICMP6_FILTER socket option unless the level is
	IPPROTO_ICMPV6.

2000-02-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c (rip6_input): re-enabled filter
	for incoming ICMPv6 packets.

Tue Feb 15 00:42:32 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/pident6d: upgrade to latest IPv6 patch and sync
	  with FreeBSD-current.

Mon Feb 14 22:36:47 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.2.7.
	* freebsd[23]/sys/net: remove "options TAHI".  installed new patch
	  to support TAHI test suite (lets userland program to specify
	  ethernet hardware address).

Sun Feb 13 04:26:17 JST 2000  itojun@iijlab.net
	* libinet6/get{addr,name}info.c: based on most recent discussion,
	  flip the order for extended scoped address notation again
	  (now fe80::1%de0).

Sat Feb 12 16:49:15 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.3.

Fri Feb 11 15:06:19 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/ip_input.c: fix infinite packet forwarding loop
	  for packet toward address on !IFF_UP interface.
	  NetBSD PR9387 from nrt@iij.ad.jp.

Fri Feb 11 02:42:16 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: revisit input logic for tunnelled packets.
	  move outer address match logic from in{,6}_gif_input() to
	  encap[46]_input(), so that other guys (like mobile-ip6, 6to4,
	  6over4, whatever) can match packets based on not only by proto #,
	  but also by src/dst with masks.
	  see comment on ip_encap.c for detail - I hate tunnelling.  really.
	  TODO: we do not really support subnet match for input logic.  it
		needs careful ordering of packet matching table in encap[46],
		so that we can check for better match earlier.
		(since we have mask parameter for both src and dst, it is
		not trivial to define total order among entries)
	  TODO: change ipip_input() to conform to this framework?
	  CAVEAT: IFF_LINK0 for gif is not working with this change, i'll try
		to clean it up.
	* allow raw ip{,6} output for proto #4 and #41.

Fri Feb 11 01:48:16 JST 2000  itojun@iijlab.net
	* sys/netinet6/raw_ip6.c: implement rip6_ctlinput(), so that we can
	  notify of route changes to raw ip6 layer (not ready for
	  freebsd3/openbsd at this moment).
	* sys/net/if_gif.c: properly check outer address family during
	  initialization.

Thu Feb 10 22:56:51 JST 2000  itojun@iijlab.net
	* bsdi[34]/sys/i386/isa/if_cce.c: fix mbuf allocation on inbound packet.
	  From: SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* bsdi3/sbin/ifconfig/ifconfig.c: fix error trap on bogus IPv6 hostname.
	  From: SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>

Thu Feb 10 13:45:53 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/openssl: add openssl pkgsrc for 0.9.4
	  (only because netbsd 1.4.1 did not include it).

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_reflect): do not use a
	duplicated address as source of reflected packets.

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6ifa_ifpforlinklocal): an additional
	argument was added in order to specify ignoring some kind of
	addresses (e.g. duplicated or anycast).
	Several callers of this function were also modified so that they'd
	not send packets with invalid link-local sources.

Wed Feb  9 14:20:08 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- try to support certificate ISAKMP_CERT_X509SIGN.  But not tested.
	  There is a problem that OpenSSL0.9.4 can not read a certificate which
	  is issued by CA1 at isakmp-test.ssh.fi.
	  TODO: to be check signature of CA.
	- move a part of functions of certificate into crypto_openssl.c.
	  signing.c will be merged into crypto_openssl.c.

Wed Feb  9 04:28:50 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to 1.2.2
	* freebsd3/ports/apache12: remove this port since it's too old.
	* freebsd3/sys/netinet/tcp_output.c: get mbuf cluster if the size
	  of IP header and TCP header are over MHLEN. This fix avoid to
	  panic when some tcp options are used.
	    PR: fbsd3/191
	    From: bmah@ca.sandia.gov

Wed Feb  9 01:09:21 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/gated-ipv6, freebsd[23]/ports/net/gated-ipv6:
	  upgrade base version to gated-ipv6, 2000/2/3.

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c: removed in6_canforward() according to
	the recent clarification in ip6_forward().

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_forward.c (ip6_forward): if a forwarded
	packet is going to break a scope boundary, return an icmp6
	destination unreachable (beyond scope) error.

Tue Feb  8 23:13:32 JST 2000 sakane@ydc.co.jp
	* kame/racoon:
	  man page updated against recent modification.

Tue Feb  8 20:54:13 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/bind9: bind9 beta.
	* freebsd3/ports/ssh: fix freeaddrinfo(NULL) bug, which cause by
	  mis-patched FreeBSD specific patch(patches/patch-al)

Tue Feb  8 03:00:45 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*: mobile-ip6 code from Ericsson.  currently
	  build tree is made available for netbsd and freebsd2.
	  for other platforms, build tree will be populated soon.
	  not really tested by KAME team yet.
	* kame/rtadvd: modified for mobile-ip6 support.
	* kame/mip6config, kame/mip6stat: mobile-ip6 controllers.

Mon Feb  7 21:32:13 JST 2000  itojun@iijlab.net
	* sys/netinet6/{ip6,icmp6,in6.h}, sys/netinet/{ip6,icmp6,in.h}:
	  to promote RFC2553/2292 conforming applications, we now disallow
	  direct inclusion of the following files:
		netinet6/ip6.h
		netinet6/icmp6.h
		netinet6/in6.h
	  users need to include the following items instead:
		netinet/ip6.h
		netinet/icmp6.h
		netinet/in.h (pulls in both IPv4 and IPv6 decls)
	* sys/netkey/keyv2.h, sys/net/pfkeyv2.h:
	  similarly, to promote RFC2367 conforming applications, inclusion of
	  netkey/keyv2.h is now disallowed.  include net/pfkeyv2.h instead.
	  (based on discussion in kame team)

Mon Feb  7 03:03:42 JST 2000  itojun@iijlab.net
	* sys/net/rtsock.c (except bsdi[34])
	  avoid panic on RTM_IFINFO, due to decreased MHLEN.
	  From: Conny Larsson <conny@verkstad.net>

Sun Feb  6 17:56:47 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_output.c: optimize mbuf allocation on output.
	  allocate cluster only when necessary.

2000-02-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/bgp_input.c (bgp_read): 
	* kame/kame/bgpd/main.c (main_listen_accept):
	Prevented blocking on a socket for a BGP4+ connection caused by
	ancillary data.
	Note: this fix needs the latest kernel. Older kernel might panic
	with the latest bgpd.

Sun Feb  6 00:27:25 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_input.c: remove too-strong assumption about mbuf
	  alignment.

Sat Feb  5 16:40:20 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c, kame/ndp: give more information about
	  prefix on ndp -p.  the kernel manages two separate prefix
	  table: one for RAs a host listened, and another is for RAs
	  a router will advertise (the latter will be modified by
	  router renumbering).

Sat Feb  5 14:09:07 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: pkgsrc for bind9 beta.
	* netbsd/pkgsrc/devel/unproven-pthreads: pthread package required
	  for bind9.

2000-02-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getaddrinfo.c (explore_numeric_scope): 
	* kame/kame/libinet6/getnameinfo.c (getnameinfo):
	Revised the format for scoped addresses by agreement with MSR.
	Two big changes are included:
	- The scope ID portion is now placed before the address
	- The delimiter character is changed to '%'
	So for example, we can specify a link-local address on the
	interface ne0 like ne0%fe80::1234
	The scopedaddr-format draft will soon be revised as well according
	to this change.

Fri Feb  4 23:36:26 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: improve in6_ifdetach() for cleaning
	  up structures that depend on struct ifnet/ifaddr.  should be
	  made more elegant...

Fri Feb  4 02:09:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/frag6.c: be LP64 environment friendly.  do not reuse
	  ip6 header portion on reassembly.
	  notified by NetBSD PR 9340 from iwamoto@sat.t.u-tokyo.ac.jp.

Fri Feb  4 01:20:15 JST 2000  itojun@iijlab.net
	* netbsd/sys/dev/ic/smc91cxx.c: fix promisc mode for sm* interface.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* (for all OSes)/netstat/inet6.c (ip6_stats): print statistics
	  about source address selection.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifawithscope): revised source
	address selection algorithm. In short, the new algorithm is as
	follows:
	- search for an address that has enough scope for a given
	  destination.
	- if more than one address has enough scope, choose one that
	  matches longest against the destination address.
	- if there is no other reasons to choose one, an address on the
	  outgoing I/F are preferred.
	TODO: update the IMPLEMENTATION file as well.

Thu Feb  3 20:23:06 JST 2000  itojun@iijlab.net
	* sys/netinet6/{icmp6,nd6*}.c: implement m_pulldown cases for
	  ND and redirect.
	* sys/kern/uipc_mbuf2.c: add more m_pulldown statistics to compare
	  its efficiency against m_pullup{,2}.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6.c (make_mld6_msg): corrected HBH header
	length in the 2292bis case.
	In response to: kit/198 from ryuji-so@is.aist-nara.ac.jp

Thu Feb  3 02:22:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: improve multicast kludge list management.
	  clear dangling pointer, update ifnet refcnt correctly.

Wed Feb  2 22:53:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: improve in6_ifdetach().  remove
	  static route to linklocal allnode multicast (ff02:x::/32).
	  remove multicast kludge entries as well, if exists.

Wed Feb  2 16:16:01 JST 2000  itojun@iijlab.net
	* bsdi4/sys: fix ifindex manipulation to be compatible with KAME.
	  from kato@wide.ad.jp.  (in NAT, ppp and ATM code)

Wed Feb  2 15:39:40 JST 2000  kjc@csl.sony.co.jp
	* add a new traffic conditioner type, tswtcm (time sliding
	  window three color marker) to altq.  it is described
	  in draft-fang-diffserv-tc-tswtcm-00.txt.

Wed Feb  2 12:55:44 JST 2000  itojun@iijlab.net
	* kame/rtadvd: router renumbering input needs to be explicitly
	  enabled with command line option (-R).  this is for security issue
	  in router renumbering protocol - it requires use of IPv6 IPsec
	  over site-local multicast.  (IPsec issue should be improved)

Tue Feb  1 12:45:02 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/games/quake6, freebsd[23]/ports/quake6}:
	  quake over IPv6.

Tue Feb  1 01:52:20 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/echoping: echoping 2.2.0 with IPv6 support.
	* freebsd3/ports/lynx: upgrade 2.8.2rel1 with current IPv6 patch.

Tue Feb  1 01:11:34 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/mail,freebsd3/ports}/soldpop3d: pop3 daemon from
	  poland.
	* kame/racoon: simplify the configure process.  allow it to be compiled
	  on openssl-integrated platform (netbsd15), even without rsa headers/
	  libraries (cert support will automatically be disabled).

<200001>
Mon Jan 31 16:25:42 JST 2000  itojun@iijlab.net
	* non-openbsd: don't reuse m->m_pkthdr.rcvif for passing extra
	  inforation necessary for ipsec.  use ipsec_[sg]etsocket() and
	  m->m_pkthdr.aux.
	* kame/sys/crypto/sha1.[ch]: const poisoning.
	  
Mon Jan 31 00:42:47 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/{sendmail,smtpfeed}: upgrade smtpfeed to 1.04.
	  synchronize with latest NetBSD pkgsrc.

Sun Jan 30 15:30:14 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: fix behavior on non-IPv6 node.  From shin.
	* kame/libinet6/getaddrinfo: fix AI_ADDRCONFIG concern when
	  getipnodebyname() is used as backend.
	* netbsd/pkgsrc/net/echoping: echoping 2.2.0 with IPv6 support.

Sat Jan 29 16:20:31 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipsec.c (and other ipsec items):
	  cleanup include file dependencies and namespace polution, like
	  prototypes and #define KERNEL.
	* kame/sys/netinet6/ip6_input.c: fix ip6_savecontrol() to be friendly
	  with m_pulldown() environment.  now it does not modify mbuf chain
	  at all.  therefore, calling ip6_savecontrol() will not invalidate
	  pointers into mbuf chain (like "uh" in udp6_input).

Fri Jan 28 15:37:46 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipsec.c, kame/sys/netkey/key.c,
	  */sys/netinet{,6}/ip{,6}_input.c: pass policy message buffer length
	  down.  this is to avoid key_msg2sp() from making buffer overrun
	  on invalid input from the userland.

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/tcp6_usrreq.c (tcp6_usrreq):
	* {bsdi4,netbsd,openbsd}/sys/netinet/tcp_usrreq.c (tcp_usrreq):
	* freebsd3/sys/netinet/tcp_usrreq.c (tcp_usr_rcvd):
	Do not call tcp[6]_output by the PRU_RCVD request unless the
	associated socket is connected. This fix will prevent kernel panic
	when a user receives an ancillary data object on a listening
	socket.

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/advapitest: was added mainly for debugging. The tools
	would also be useful as references for developing an "advanced"
	IPv6 application using the advanced API (RFC2292 or 2292bis).

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_pcb.h (and many related places):
	  changed the type of the in6p_inputopts member of the in[6]pcb
	  structure to a pointer type in order to avoid compilation and
	  binary compatibility issues.
	  I believe this fix solves all the recent problem reports due to
	  the member.
	  It is recommended to recompile both the kernel and all the
	  userland applications with this fix.

Thu Jan 27 15:04:12 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/rsync, freebsd[23]/ports/rsync: upgrade to
	  2.3.2 with latest IPv6 patch.

Thu Jan 27 06:20:08 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/irc: upgrade to 2.10.3.

Thu Jan 27 00:29:51 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/in6_pcb.c: make IPV6_PORTRANGE actually work.
	  (netbsd/bsdi3/freebsd2)

Wed Jan 26 23:00:30 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/pchar, netbsd/pkgsrc/net/pchar,
	  openbsd/ports/net/pchar: upgrade to 1.1.1.

Wed Jan 26 14:16:00 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: from the specification, AI_CANONNAME
	  does not imply reverse query.  ai_canonname has the same meaning as
	  h_name (in struct hostent), nothing more.

Wed Jan 26 12:04:42 JST 2000  itojun@iijlab.net
	* kame/libinet6/bindresvport.c: remove bindresvport_af(), implement
	  bindresvport_sa().

Wed Jan 26 06:12:38 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/irssi: upgrade to 0.7.23.

Wed Jan 26 03:33:41 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/net,freebsd[23]/ports}/{libpcap,tcpdump}:
	  famous packet capturing tool, from tcpdump.org codebase.  it
	  contains identical code as kame/{libpcap,tcpdump} so we plan
	  to avoid duplicate maintenance (put all libpcap/tcpdump
	  efforts into tcpdump.org).

Tue Jan 25 20:30:32 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipcomp_core.c: don't attach Adler32 checksum
	  to compressed data.  see ipsec wg mailing list (Jan 2000) for
	  details.

Tue Jan 25 17:21:15 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: make rcmd() behavior to IPv4-only, for safety
	  (see 2292bis for reasons).  implement rcmd_af().
	  KAME-supplied rlogin(1) and rsh(1) may not work right due to the
	  change.

Mon Jan 24 23:37:38 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.1.

Mon Jan 24 17:28:25 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/fetchmail: upgrade to 5.2.4.

Mon Jan 24 12:49:34 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/irssi: new port: irssi-0.7.22, GTK based irc
	  client.

Sun Jan 23 13:24:00 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: remove #ifdef FAITH (and use of
	  environment varaible GAI).  this has been broken for a long time
	  (means noone is using it), and this shouldn't be here.
	  if you would like to set FAITH'ed prefix, use totd or /etc/hosts.

2000-01-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_reset_rcvopt): fixed a bug
	that a freed pointer could not be re-initialized, which might
	cause kernel panic.

Sat Jan 22 02:01:57 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/lftp: new port: lftp-2.1.6, ftp client.

Fri Jan 21 21:17:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/irc: upgrade to 2.10.3, make it buildable again.

Fri Jan 21 12:59:51 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/totd, openbsd/ports/net/totd,
	  freebsd[23]/ports/totd: upgrade to 1.1p2.
	  From: Feico Dillema

Thu Jan 20 18:41:40 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/lang/python, freebsd[23]/ports/python:
	  upgrade to latest IPv6 patch.

Wed Jan 19 22:04:22 2000 kjc@csl.sony.co.jp
	remove ECN support from TCP in freebsd3.
	it was removed in altq-2.0 and provided as a separate patch.

Wed Jan 19 21:47:19 2000 kjc@csl.sony.co.jp
	add atm pvc support tools included in the altq release.
	- pvcsif:    create pvc sub-interface
	- pvctxctl:  set vpi:vci and shaper
	- pvcbridge: set pvc bridge mode

Wed Jan 19 20:35:42 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* NAT-PT translator and its command become compilable on
	  freebsd2, freebsd3, netbsd, and bsdos3.

Wed Jan 19 06:44:02 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  improved the way to define a certificate type.
	  If signature method as `authentication method' is defined,
	  `identifier' is defined subjectname.
	  `certificate_type' is defined certificate type.
	  XXX why isn't certificate type negotiated in IKE ?

Wed Jan 19 05:15:50 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	ignore certificate request, not error.  Should be handled.

Wed Jan 19 02:39:23 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpd: IPv6 and multiple listening socket support.
	  NetBSD PR 9050 from Feico Dillema.

Wed Jan 19 00:15:50 JST 2000  itojun@iijlab.net
	* kame/libinet6/bindresvport.c: bring in bindresvport_af() from
	  openbsd-current.  the function signature and behavior is under
	  debate in ipngwg mailing list, so I thought it would be good to
	  bring it in and try using it, to see any pros/cons we might have
	  in particular proposal (and other proposals).
	  (available in netbsd, openbsd, freebsd2 and freebsd3)

Tue Jan 18 22:48:35 JST 2000  itojun@iijlab.net
	* kame/libinet6/rresvport_af.c: preserve old rresvport() behavior.
	  it needs to honor parameter (*port) if given.  previous behavior
	  was broken.
	  From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>

Tue Jan 18 16:30:05 JST 2000 kjc@csl.sony.co.jp
	update ALTQ from 2.0 to 2.1.
	this version supports openbsd in addition to freebsd2, freebsd3
	and netbsd.
	kernel:
	- altq related files are moved from "sys/net" and "sys/netinet"
	  to "sys/altq" not to bloat the standard directories.
	- rename the altq kernel config file from ALTQ to ALTQ.v4 since
	  it's only for IPv4 and GENERIC.v6 has ALTQ already defined.
	  for openbsd/netbsd, on non-i386 architecture: read IMPLEMENTATION
	  section 5 for installation details.
	userland:
	- the following altq tools are added to the tree:
	  lib/altqlib, usr.sbin/altqd, user.bin/altqstat.
	- install MAKEDEV.altq to /dev.

	NOTE: be sure to cleanup old symlinks, by "make TARGET=netbsd clean",
	in the top directory.

2000-01-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.h: changed the type of the
	icmp6_n[il]_nonece member of the icmp6_{namelookup, nodeinfo}
	structures from u_int64_t to u_int8_t[8] in order to avoid
	possible alignment problems.
	From: Ryota HIROSE <hirose@comm.yamaha.co.jp>

Tue Jan 18 13:57:28 JST 2000  itojun@iijlab.net
	* freebsd3/sys/netinet6/udp6_usrreq.c: fix panic on udp6_ctlinput.
	  from: ume@mahoroba.org
	* kame/rtadvd: obey RFC2461 6.2.5 when rtadvd dies with SIGTERM.
	  read manpage for more details.

Tue Jan 18 12:36:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3: good bye __ss_{len,family}, hello ss_{len,family}.

Tue Jan 18 01:43:10 JST 2000  itojun@iijlab.net
	* openbsd/usr.bin/fstat: make it IPv6 ready.  based on NetBSD PR 9199
	  by Hiroshi Ura.

Tue Jan 18 00:46:09 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: don't filter out AFs that are not
	  supported by the kernel, when we do address resolution of FQDN.
	  the previous behavior was broken.

Mon Jan 17 13:47:13 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra, freebsd3/ports/zebra,
	  openbsd/ports/net/zebra: upgrade to 0.84a.

Mon Jan 17 2000  sakane@ydc.co.jp, itojun@kame.net
	* racoon: tons of improvements into our IKE daemon.
	  - SA bundle is now handled correctly (both phase 1/2)
	  - will not SEGV even if last packet in phase 1/2 get resent
	  - KEYMAT generation will take care of long keys correctly
	  - phase 1/2 userfqdn support (ashley-laurent hack)
	  - don't attach DH group type for well-known groups
	  - key length handling is fixed
	  - phase 1 base mode
	  - byte lifetime bug fix (but introduced new bug so still buggy)
	  - parser fixes (issue with DH group setting)
	  - fix variable-length spi support (don't hardcode it to 32bit)
	  - ipcomp negotiation fix
	* kernel ipsec: fix SA reference counting.  now dangling SAs will be
	  cleaned up correctly. (removes incorrect fix on Jan 8 2000)

Mon Jan 17 03:36:44 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/sys/netkey/keysock.c: this file was removed. Now
	  freebsd3 uses shared one, kame/sys/netkey/keysock.c

	  NOTICE: If you use freebsd3 via cvsup/anoncvs, you must clean
	  your source tree and relink shared sources.
	  % cd kame; make TARGET=freebsd3 clean prepare

Mon Jan 17 02:25:54 JST 2000  itojun@iijlab.net
	* {netbsd,bsdi3,freebsd2}/netstat: try to share souce code across OS
	  platforms as much as possible.  we are able to share ipsec.c without
	  too much troubles.  will try to do it for other platforms, and other
	  portions (like inet6.c).

Sun Jan 16 23:30:16 JST 2000  itojun@iijlab.net
	* kame/sys/net{inet6,key}: cleanup ipsec logging.  all logs will be
	  generated to syslog, with proper priority (for example, sequence
	  number cycle will be logged with LOG_WARNING).  you can
	  suppress/enable logs by setting net.inet.ipsec.debug (or
	  net.inet6.ipsec6.debug).   even if you supress logs, you can check
	  "netstat -sn" to understand what was happend to ipsec stack.

Sun Jan 16 21:49:38 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/fstat: make it IPv6 ready.
	  NetBSD PR: 9199
	  From: ura@hiru.aoba.yokohama.jp

Sat Jan 15 03:56:50 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipcomp_core.c: change default deflate window size
	  for inbound to default (2^15).  without this change we can't
	  interoperate with some of IPcomp implementations.
	  see changelog entry on Nov 5 1999.

2000-01-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_copypktopts): was added in
	order to copy the in6p_outputopts member from a listening PCB to a
	corresponding accepting one. TCP input routines are also modified
	to call the function.

2000-01-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): was modified in
	order to conform to Section 4.1 of rfc2292bis-01; TCP
	implementation now passes incoming packet infomration to a user
	(as ancillary data) only when some changes of the content exist.
	Note that this change introduced various related changes of
	transport layers on all the platforms. Please be careful updating.

Fri Jan 14 13:55:19 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: Upgrade to 5.2.3 and sync with
	  FreeBSD-current.

Fri Jan 14 12:15:27 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: avoid passing dangling pointer to **ahost.
	  we copy the value (ai_canonname, or hp->h_name) to static buffer
	  to keep semantics of rcmd() - requires no free() to the caller.
	  From: Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>

Fri Jan 14 02:16:16 JST 2000  itojun@itojun.org
	* kame/libpcap/inet.c: improve warning message when libpcap fails to
	  get IPv4 address on the interface it runs on.

Wed Jan 12 17:21:40 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ruby: Upgrade to 1.4.3 and sync with
	  FreeBSD-cuurent. No extra IPv6 patch is necessary anymore.

Wed Jan 12 15:40:05 JST 2000  itojun@iijlab.net
	* {bsdi3,netbsd,freebsd2}/usr.sbin/inetd: allow multiple IPsec policy
	  string specifier (separated by semicolon).  to be integrated into
	  other operating systems as well.

Wed Jan 12 05:13:33 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mrt, netbsd/pkgsrc/net/mrt: Upgrade to 2.1.2a.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_pcbopt): made the
	IPV6_NEXTHOP socket option removal by specifying the option
	with 0 length according to the following mail:
	Message-ID: <Roam.SIMC.2.0.6.947118462.12265.nordmark@jurassic>
	From: Erik Nordmark <Erik.Nordmark@eng.sun.com>
	Date: Wed, 5 Jan 2000 16:27:42 -0800 (PST)

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[23]/sbin/route/route.c (getaddr): corrected a bug in
	examining interface flags for the RTA_GATEWAY case in getaddr();
	use a separate variable and ioctl in order to get correct flags.
	Note that this fix may introduce a stricter check for arguments of
	the `-interface' modifiers; now you can specify point-to-pointer
	interfaces only, which was the intention of the code.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sbin/route/route.c (getaddr): reverted the change for the
	"-interface XXX" modifier. We can use the -ifp modifier to
	accomplish the motivation.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{in6.h, ip6_output}: disabled the following
	socket options, that were just derived from IPv4 and were not
	standards any more;
	IPV6_OPTIONS, IPV6_RECVOPTS, IPV6_RECVRETOPTS, IPV6_RECVDSTADDR,
	and IPV6_RETOPTS.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_output): changed the (default) upper
	limit of how many times gif_output can be called.
	Now no nesting is allowed by default, since some systems do not
	allow so many recursive calls in kernel.

Sun Jan  9 10:32:59 JST 2000  sakane@ydc.co.jp
	massive clarification to racoon ISAKMP daemon.
	- Merged Eric Lemiere's code for limited certificate support.
	- There are two management hander.
		"Phase 1 handler" is to manage ISAKMP SA.  It is created when
		phase 1 exchange on both initiator and responder side will be
		started.
		"Phase 2 handler" is to manage IPsec SAs.  It is created when
		pfkey acquire message will be received, and when 1st message
		in phase 2 will be received on responder side.
	- Vendor id will be sent after negotiating hasn algorithm.
	  When we receive vendor id before negotiating it, we use default hash
	  algorithm MD5 to check.
	- Post command deleted.
	- msgid_t delted.
	- don't release management handler.  do it only if retry will be
	  timed up.
	- separate the function of isakmp exchange.  one is to check received
	  data.  other is to reply.  the reason is for handling to resend.
	- change name "dir" to "side" in order to distinguish from policy
	  direction.
	- If initiator request PFS, but responder is not ready to do that,
	  responder stops the negotiation.  If initiator don't request PFS,
	  but responder require it, also responder stops the negotiation.

Sun Jan  9 03:03:39 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/heimdal: upgrade to 0.2l.
	* freebsd3/usr.sbin/inetd: support IDENT.
	  From: Hajimu UMEMOTO <ume@mahoroba.org>

Sat Jan  8 23:53:23 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	  - fix kenrel crash when flushing SAD.
	  - for stability, increment refcnt of SA when key_getsavbyspi() called.
	  - add some error message
	  - fix errno at key_update().

Sat Jan  8 04:40:33 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/{frag6,ip6_input,nd6_nbr}.c:
	  use arc4random() on openbsd.  it should give better random value
	  for initializing sequence numbers.
	  From: deraadt@openbsd.org

Sat Jan  8 03:20:05 JST 2000  itojun@iijlab.net
	* /sys/netinet/udp_usrreq.c, kame/sys/netinet6/udp6_usrreq.c:
	  drop incoming udp packet with dst port = 0.  it is, or seems to be,
	  illegal based on RFC768 (99% sure but 1% in doubt).
	  with traditional 4.4BSD code, udp socket will mistakingly accept
	  such packets after socket() and before first bind()/connect().
	  this can be used to confuse, or de-synchronize, udp-based protocols.

Sat Jan  8 00:37:28 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* kame/sys/netinet6/natpt*.[ch]: NAT-PT translator. 
	* kame/kame/{natptconfig,natptd,natptlog}: translator configulation
	  command and natpt related commands.

	- These NAT-PT translator and commands are now under development.
	  Its user interface and overall functionality are subject to
	  future improvements and changes.  So, please be careful when you
	  try it.

	- At this time, this translator works on FreeBSD228 only.  Please
	  wait a while to works on other platforms.

Sat Jan  8 00:09:44 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to current source of OpenBSD,
	  which support IPv6 in default.  Any additional patches does not
	  neccesary anymore.

2000-01-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): do not insert a
	dest options header (even if specified by a user) that should be
	placed before a routing header, unless a routing header really
	exists.

2000-01-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtsold: use raw ip6 socket for probing interface
	status instead of a separate UDP socket, in order to avoid
	receiving unexpected UDP datagrams.
	In response to: kit/187

2000-01-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_input): upper layer detection
	in notifying an icmp6 error was improved:
	- if the erroneous packet contains a routing header, examine the
	header to determine the final destination and use it to update
	path MTU.
	- if the erroneous packet contains a fragment header, stop
	chasing the header chain unless it is the first fragment.

	With the former fix the kernel will perform path MTU discovery
	correctly even if triggered packets contain a routing header.

	* A new function icmp6_mtudisc_update() was added to cleanup the
	code.

Thu Jan  6 16:43:52 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: when searching IPsec SA for inbound IPsec traffic,
	  do not check src match according to RFC2401.  it looks that IPsec
	  specs do not really agree with each other about what should be
	  in IPsec SA, and what should be matched.  see comment lines near
	  key_allocsa().

Thu Jan  6 13:49:43 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: add missing case for net.inet6.ip6.rr_prune
	  for openbsd and netbsd.
	* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.83a.

Thu Jan  6 01:40:50 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: avoid panic on getsockopt(ICMPV6_FILTER).
	  From: shigeya@foretune.co.jp
	* {openbsd,bsdi4}/sys/netinet6/raw_ipv6.c: clarify rip6_ctloutput().

Wed Jan  5 19:44:12 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/systat, openbsd/usr.bin/systat:
	  make systat IPv6 ready.  "netstat" subcommand is changed for this.

Wed Jan  5 13:27:43 JST 2000  itojun@iijlab.net
	* kame/libinet6/getnameinfo.c: allow reverse lookup for v4 loopback
	  network (127.0.0.0/8).
	* kame/libinet6/rcmd.c: implement iruserok_sa().  iruserok_af() does
	  not make sense as it is not scope-aware.
	  nuke ruserok_af(), as ruserok() takes string hostname and is af
	  independent already.  we don't really need ruserok_af().
	  iruserok_af() is kept for backward compatibility.  we'll nuke it
	  afterwards.

Wed Jan  5 02:49:05 JST 2000  itojun@iijlab.net
	* netbsd: add net.inet6.ip6.bindv6only sysctl.  this is a replacement
	  of net.inet6.ip6.mapped_addr, which was bitwise opposite to
	  IPV6_BINDV6ONLY.
	  if set to 1: AF_INET6 listening socket will grab IPv6 traffic only.
	  if set to 0: AF_INET6 listening socket will grab IPv4 traffic as well,
		  as if it was from v4 mapped address (described in rfc1933).
	  default value is 1 (i.e. AF_INET6 socket grabs IPv6 traffic only).
	  the variable controls inbound direction only; you can always use
	  v4 mapped address for outgoing connections.

	  "options INET6_BINDV6ONLY" will remove the code completely and
	  hardcodes behavior to net.inet6.ip6.bindv6only=1 case.

	  "options MAPPED_ADDR_ENABLED" and net.inet6.ip6.mapped_addr were
	  obsoleted on netbsd (were introduced on Dec 21 1999).

2000-01-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/{bgpd, pim6[ds]d, ping6, traceroute6}: were modified
	to use rfc2292bis by default. Related Makefiles were also
	modified.

2000-01-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/{ip6opt.c, rthdr.c}: implemented some new
	functions introduced in rfc2292bis (see TODO.2292bis for more
	details).
	All the new functions except rcmd_af and rexec_af are now
	available.

2000-01-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{various files}: implemented the new advanced
	API (rfc2292bis). The kernel part is now almost finished (see
	TODO.2292bis for more details).
	
	Note about lower compatibility: I believe the new kernel is
	fairly compatible with the old API (i.e. RFC2292).

	There are few compatibility issues in interfaces using ancillary
	data. I believe the compatibility issues won't practically bother
	you.

	You don't have to care compatibility when setting a socket option
	except IPV6_HOPLIMIT. If you use the option but don't want to
	migrate to the new API, you have two choices. One is to use
	IPV6_RECVHOPLIMIT instead of IPV6_HOPLIMIT and just keep the other
	code. The other is to define COMPAT_RFC2292 in your kernel
	configuration file and recompile the kernel. Then the kernel will
	handle IPV6_HOPLIMIT in the RFC2292 manner.

	Unfortunately, it is impossible to ensure compatibility for
	getting socket options whose semantics in the new API is different
	than in RFC2292. If you don't want to use the new API but want to
	do getsockopt for such options (I believe the possibility is very
	rare, though) define COMPAT_RFC2292 in your kernel configuration
	file and recompile the kernel. Then the kernel will handle the
	options in the RFC2292 manner.

	Please note that the new API is enabled by default in any case.

Tue Jan  4 18:59:08 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey:
	  don't check sequence number at key_update() even if SA initiator.
	  don't change sequence number passed from userland at key_getspi()
	  instead of the value of sequence number.
	  They can be re-enable to define IPSEC_DOSEQCHECK.

Sun Jan  2 22:59:45 JST 2000  itojun@iijlab.net
	* kame/libinet6/name6.c: don't bark even if we see T_SIG and other
	  record types.

	  KAME PR: 184
	  From: Assar Westerlund <assar@sics.se>

Sun Jan  2 22:07:54 JST 2000  itojun@iijlab.net
	* kame/tcpdump/isakmp.h, kame/racoon/isakmp.h:
	  avoid use of bitfield on packet format definition.  it is
	  non-portable.
	* kame/Makefile.inc: added it to share definitions across top-level
	  Makefile and platform Makefile (like netbsd/Makefile).
	  NOTE: if you use anoncvs, you may need to checkout Makefile.inc
	  manually.

Sun Jan  2 03:46:57 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.[ch]: add net.inet6.icmp6.nodeinfo sysctl MIB,
	  which enables/disables node information query processing in the
	  kernel.

Sat Jan  1 03:02:02 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp: fix "ftp URL" behavior.  it failed if the
	  specified URL is in certain condition due to bug in IPv6 support.

Sat Jan  1 JST 2000
	* happy Y2K from KAME team!