forked from kame/kame
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
3453 lines (2824 loc) · 146 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit
$Id: CHANGELOG,v 1.1131 2000/07/15 16:09:45 itojun Exp $
<200006>
Sun Jul 16 00:57:23 JST 2000 itojun@iijlab.net
* sys/netinet6/in6.h; do not pull sys/queue.h in (it is not
necessary anyways)
* sys/net/pfkeyv2.h: correct conformance to RFC2367 (SADB_[EA]ALG_xx
symbol name). beware: the change breaks backward compatibility.
setkey and racoon MUST be recompiled after updating include files.
Sat Jul 15 13:51:59 JST 2000 itojun@iijlab.net
* kame/route6d: if a routing entry exists for aggregate prefix (-A),
do not overwrite it (exit with error). it should be a safer behavir.
Thu Jul 13 22:27:18 JST 2000 itojun@iijlab.net
* openbsd/sys/netinet6/raw_ipv6.c: enable IPv6 multicast routing
related setsockopt.
* kame/sys/netinet6/ip6_mroute.c: to enable openbsd users to perform
netstat -g, make mif6table a non-static variable. on openbsd
file static variables will not appear in kernel symbol table.
Thu Jul 13 16:09:57 JST 2000 itojun@iiljab.net
* netbsd/pkgsrc/net/bind9: upgrade to 9.0.0rc1.
Thu Jul 13 01:39:26 JST 2000 itojun@iijlab.net
* sys/kern/uipc_mbuf2.c: cleanup m_pulldown statistics.
(1) PULLDOWN_STAT is now a global compilation option (should be
put into kernel configuration file). (2) m_pulldown statistics
now belong to mbstat, and available via netstat -m (instead of
netstat -sn -f inet6). suggested by jinmei.
2000-07-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* *bsd*/sys/net/route.h: redefined the route structure so that it
can support protcols that have large socket address (e.g. IPv6).
Currently, this is enabled only with the NEW_STRUCT_ROUTE kernel
compilation option, but will be default once stabilized.
* many files mainly under the netinet and netinet6 directories
were also modified with this change.
2000-07-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_ifloop_request):
do not force rtrequest() to return an rtentry when executing the
DELETE operation, in order to avoid overdecreasing the refcnt.
Older versions might cause leak of rtentry when you delete an IPv6
address (via ifconfig, ndp -P, or something).
Fortunately, address deletion is not issued so often, the bug is
effectively not very serious. However, if you have chance to
update your kernel, it is of course recommended to apply this fix.
In particular, KAME's dtcp or ppp (for IPv6) users are highly
recommended to upgrade the kernel.
2000-07-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.h: commented out the definition of
ND6_LLINFO_WAITDELETE, which is not used any more.
* kame/sys/netinet6/nd6.c:
* kame/sys/netinet6/mip6_md.c:
* kame/kame/ndp/ndp.c:
removed ND6_LLINFO_WAITDELETE cases according to the above change.
2000-07-11 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_mroute.h: corrected the type of a member
of if_set{} from fd_mask to if_mask.
In response to PR sys/266 from pavlin@catarina.usc.edu.
2000-07-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (rt6_deleteroute): do not
(automatically) delete the static route in rt6_deleteroute(), even
if it uses a dead router.
2000-07-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6.c: some clarifications about neighbor
cache manipulation (this change does not affect behavior from the
user side, though):
- removed the ND6_LLINFO_WAITDELETE status. Actually, we can just
call rtrequest(RTM_DELETE) for an unreachable
neighbor. Reference to the neighbor cache entry from a cahced
route will be freed at the next time the route is used.
- also, we do not have to call pfctlinput(PRC_HOSTDEAD) in
nd6_free() for the same reason.
- do not set/refer the RTF_REJECT flag in neighbor cache
manipulation. It was just for (IPv4) arp-flooding prevention,
which is not necessary ND for IPv6.
2000-07-10 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/route6d/route6d.c: removed "ifndef ADVAPI"
parts. Since the advanced API has already been standardized,
implemented, and deployed, we don't need to take care the older
kernel behavior (which is even confusing).
* *BSD/usr.sbin/route6d/Makefile: removed the -DADVAPI flag
according the change.
Mon Jul 10 14:43:40 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/{libpcap,tcpdump}: use 7/3 snapshot.
* freebsd3/ports/w3m: upgrade to 0.1.11.p.
Sun Jul 9 21:50:54 JST 2000 itojun@iijlab.net
* *bsd*/sys/netinet/tcp_input.c, kame/sys/netinet6/tcp6_input.c:
be more cautious about tcp option length field. drop bogus ones
earlier.
not sure if there is a real threat or not, but it seems that there's
possibility for overrun/underrun (like non-NOP option with
optlen > cnt). the bug is from 4.4BSD.
Sun Jul 9 13:39:22 JST 2000 itojun@iijlab.net
* libinet6/getaddrinfo.c: do not mistakenly accept empty scopeid.
Sun Jul 9 12:29:24 JST 2000 itojun@iijlab.net
* freebsd4/sys/net/if_ethersubr.c: repair IPV6_JOIN_GROUP(::).
Sat Jul 8 12:11:34 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/bind9: use bind 9.0.0b5
* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 7/3 snapshot.
Sat Jul 8 10:57:36 JST 2000 itojun@iijlab.net
* {netbsd,openbsd}/usr.sbin/inetd: allow square-bracket for the first
element on inetd.conf, to disambiguate IPv6 address and colon
separator.
* openbsd/usr.sbin/inetd: handle IPv6 address in first element on
inetd.conf line.
Sat Jul 8 09:43:26 JST 2000 itojun@iijlab.net
* {bsdi3,openbsd,netbsd}/libexec/ftpd: plug setproctitle issue in
CERT Advisory CA-2000-13. NOTE: bsdi3 uses wu-ftpd. it may have
other vulnerabilities left in the code.
* netbsd/usr.sbin/inetd: improve error handling on getaddrinfo
(determine listening socket address). hints from enami.
Fri Jul 7 21:39:33 JST 2000 itojun@iijlab.net
* various places: audit use of printf-like functions, including
errx?, warnx?, setproctitle, and syslog. if we pass user-supplied
variable alone to these functions, they can be hosed by malicious
%-format string. from openbsd.
Thu Jul 6 20:43:57 JST 2000 itojun@iijlab.net
* openbsd/sys/netinet/tcp_*.c: remove IPv4 mapped support completely
from inbound packet processing. there were some corner cases not
covered by the code, and it caused SEGV due to inconsistency in
address family. sync with openbsd-current.
2000-07-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd/if.c (if_getflags): made sure to close a
temporary socket to avoid making garbage sockets.
Wed Jul 5 12:08:16 JST 2000 suz@kame.net
* bsdi3/sys/conf/files.i386, bsdi3/sys/conf/GENERIC.KAME,
bsdi3/sys/i386/isa/{if_wi.c,if_wireg.h,wiioctl.h}
bsdi3/usr.sbin/wiconfig, bsdi3/usr.sbin/Makefile
ported WaveLAN driver and its configuration program from bsdi4
(geertj permitted it. Thanks!)
Wed Jul 5 11:30:39 JST 2000 itojun@iiljab.net
* {netbsd,openbsd,freebsd4}/lib/libinet6/getaddrinfo.c,
kame/libinet6/getaddrinfo.c:
return EAI_NODATA, instead of EAI_NONAME, on name resolution errors.
EAI_NONAME does not make sense in these situations
From: enami
Wed Jul 5 11:02:03 JST 2000 itojun@iijlab.net
* freebsd4: add netstat -sn -f pfkey.
Wed Jul 5 10:40:53 JST 2000 itojun@iijlab.net
* freebsd[234]: split IPv6 path MTU discovery-related sysctl from
net.inet.ip tree. FreeBSD SYSCTL_xxx does not have a way to report
duplicated definition into the same variable, it bites us many
times...
Wed Jul 5 02:25:11 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
Implemented INITIAL-CONTACT.
This message is sent by single notify message after phase 1 established
immediately. It means the message is not included last exchange on
phase 1. So it can be sent by responder on aggressive/base mode.
If there is no remote address in contacted list, racoon sends the
message to peer. If the message is received, racoon deletes all
IPsec-SAs relatived to peer's address. It takes place both initiator
and responder side.
Tue Jul 4 21:36:16 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
Racoon usually runs in background. If you specify -F option, you make
her running in foreground.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/mip6.c (mip6_add_ifaddr): use in6_update_ifa()
to assign an address instead of coping code from in6.c
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_update_ifa): newly added to update
parameters of an IPv6 interface address.
Basically, this function does nothing new, but made in6_control()
simple.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_control): completely obsoleted
SIOCSIFADDR_IN6, SIOCSIFDSTADDR_IN6, and SIOCSIFNETMASK_IN6.
We are quite confident there is no application that used these
commands, but if one exists, please let us know.
Tue Jul 4 18:33:20 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
don't delete phase 1/2 handler if some internal error occurs.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_is_ifloop_auto): removed an `ifdef'
part for openbsd, which made the function always return 0.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_unlink_ifa): newly added to release
various links for in6_ifaddr when deleting an address.
This function is also called from in6_control(), in order to
prevent the kernel from keeping a garbage structure on failure of
address addition.
Tue Jul 4 13:26:56 JST 2000 sakane@ydc.co.jp
* kame/sys/key.c:
A patch from <Francis.Dupont@enst-bretagne.fr> applied.
- fixed a interval to call key_timehandler.
- fixed a typo.
- added a value to be returned when some error happen.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_control): added several
improvements for sharing a single prefix with multiple addresses:
- install an interface direct route only when there's no shared
prefix. We'll never see unexpected EEXIST errors with this fix.
- call in6_ifaddloop()/in6_ifremloop() whenever necessary.
- do not call in6_ifaddloop()/in6_ifremloop() unless necessary.
- added several clarifications according to the ipv6 address
architecture.
2000-07-04 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/bgpd/main.c (main_listen_accept): set the receiving
interface when accepting an on-link bgp connection.
* kame/kame/bgpd/bgp.c (bgp_process_open): detected a proper peer
for an incoming IBGP open message with link-local address.
These changes enabled an IBGP peer using link-local addresses.
Suggested by: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>
Tue Jul 4 10:25:13 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
- Process to send a delete notify message only when phase 2 has
been established.
- added "dead" flag to a schedule. It is used to mark a schedule
already dead. don't delete a schedule at multiple place.
Tue Jul 4 08:44:11 JST 2000 itojun@iijlab.net
* netbsd/usr.sbin/inetd: remove duplicated ipsec initialization code
(used on SIGHUP).
2000-07-03 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/bgpd/bgp.c (connect_try): made sure to zero-clear a
newly allocated buffer.
Report from: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>
Mon Jul 3 11:50:12 JST 2000 itojun@iijlab.net
* kame/sys/netinet/icmp6.h: avoid bitfields in router renumbering packet
declaration. XXX standards?
2000-07-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_input.c (ip6_input): immediately discarded
a packet to an unready (i.e. tentative or duplicated) address with
logging.
This change reflected recent discussion in the ipngwg ML.
Sun Jul 2 11:24:52 JST 2000 itojun@iijlab.net
* netbsd/sys/netinet/tcp_input.c, kame/sys/netinet6/in6_pcb.c:
repair netbsd faith support. (1) tcp6_input dropped faith'ed
connections (2) in6_pcblookup_connect() was too strict.
Sat Jul 1 20:57:57 JST 2000 itojun@iijlab.net
* kame/faithd: make it possible to invoke faithd(8) from inetd(8).
benefits: allows us to access-control inbound traffic by using
hosts.allow(5).
possible drawbacks: inetd mode has no chance for multi-connection-
per-single-process enhancement. current faithd(8) needs 1
process per 1 connection anyways.
Fri Jun 30 17:45:23 JST 2000 sakane@ydc.co.jp
* freebsd[34]/usr.bin/whois.c:
ported whois for IPv6/4.
Thu Jun 29 16:24:35 JST 2000 itojun@iijlab.net
*/sys/netinet/in.c, kame/sys/netinet6/in6.c:
inhibit EEXIST from in{,6}_ifinit(). history: (1) 4.4BSD ignores
return value from in_ifinit() completely. (2) previous kame code
tried to handle error case better, the change raised bogus EEXIST
to the userland on two-address-from-same-prefix assignment.
Thu Jun 29 10:14:47 JST 2000 itojun@iijlab.net
* faithd/faithd.c, natptd/main.c, natptlog/natptlog.c: be more careful
about arg to syslog(3), to prevent possible buffer overrun.
From: deraadt@openbsd.org
2000-06-28 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/dhcp6: several minor improvements:
- daemonized dhcp6c.
- reactivated dhcp6c agains a SIGHUP signal or change of the
default route.
- changed logging based on syslog(8).
2000-06-28 SUZUKI Shinsuke <suz@kame.net>
* kame/sys/netinet6/ip6_fw.c
ip6fw works on FreeBSD-4.0 + KAME, too.
Wed Jun 28 15:01:09 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
improved sending a notify message including delete payload.
It's sent when one of below situations happens:
o receiving SADB_DELETE message from kernel.
o receiving SADB_FLUSH message from kernel.
o flushing phase2 handler.
Wed Jun 28 01:16:41 JST 2000 SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
* freebsd4/INSTALL
write up configuration-related matters for FreeBSD-4.0
Wed Jun 28 01:12:59 JST 2000 itojun@iijlab.net
* libinet6/name6.c: correct error handling in DNS name lookups.
Tue Jun 27 23:12:54 JST 2000 SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
* bsdi3/sbin/ifconfig/ifconfig.c: fixed error trap when given name
corresponds to multiple v6 addresses.
Tue Jun 27 14:01:39 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/emacs: upgrade to 20.7
Tue Jun 27 00:32:20 JST 2000 itojun@iijlab.net
* netbsd/sys/arch/*/conf/GENERIC.v6: enable PULLDOWN_TEST for all
architectures. this is done because mbuf pullup code in
sys/net/if_loop.c has been found to be a source of performance hit,
and PULLDOWN_TEST code is found to be stable enough.
* netbsd/sys/sys/mbuf.h: recover 4.4BSD MINCLSIZE.
Sun Jun 25 21:11:19 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* start to support FreeBSD 3.5-RELEASE. 3.4-RELEASE is obsolete.
Sat Jun 24 23:41:31 JST 2000 itojun@iijlab.net
* freebsd4/lib/libinet6/getnameinfo.c: correct NIS lookup. from ume.
Sat Jun 24 16:43:58 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/{libpcap,tcpdump}: upgrade to 6/19.
Sat Jun 24 02:20:33 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/wyvern: new port, a simple web server
* freebsd3/ports/tcpd: new tcpd from Artur Frysiak <wiget@pld.org.pl>
* freebsd3/ports/wget: fix security hole and use latest IPv6 patch
* freebsd3/ports/vnc: use latest IPv6 patch
Fri Jun 23 19:49:28 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/gbatnav: new port, a battleship game
* freebsd3/ports/mmosaic: upgrade to 3.6.2.
Thu Jun 22 17:40:37 JST 2000 sakane@ydc.co.jp
* kame/sys/netkey:
delete sadb_x_ident_id_addr. don't send a pair of addresses
by including acquire message to a user.
* kame/kame/racoon/pfkey.c:
SADB_EXT_IDENTITY_{SRC,DST} is not required to parse SADB_ACQUIRE
message any more.
Thu Jun 22 17:45:40 JST 2000 itojun@iijlab.net
* openbsd/sys/dev/ic/xl.c: disable multicast hash filer setup on 905B,
since the code does not do the right thing. (sync with
openbsd-current)
Thu Jun 22 03:45:41 JST 2000 itojun@iijlab.net
* kame/sys/netinet6/raw_ip6.c, {bsdi4,openbsd}/sys/netinet6/raw_ipv6.c:
correct RFC2292bis interface selection support for
multicast packets. KAME PR261.
Wed Jun 21 17:07:55 JST 2000 itojun@iijlab.net
* sys/netinet6/in6_src.c: make in6_recoverscope() friendly with
!FAKE_LOOPBACK_IF compilation. with previous code in6_recoverscope()
may fail to convert kernel internal representation into sockaddr_in6.
Wed Jun 21 03:18:47 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/leafnode+: IPv6 enabled leafnode+-2.10
From: yoshfuji@ecei.tohoku.ac.jp
Wed Jun 21 03:00:16 JST 2000 itojun@iijlab.net
* openbsd/sys/dev/pcmcia/if_wi.c: make IPv6 work on wavelan cards.
2000-06-20 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/net/if_gif.c (gif_ioctl): made sure to cast the
argument to in6_aliasreq{} for the SIOCSIFPHYADDR_IN6 command.
Without this, the validation check would reject correct requests;
i.e. you couldn't configure IPv6 physical addresses.
In response to a report from FUJIURA Toyonori <toyo@jp.freebsd.org>
2000-06-20 SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
* kame/kame/ndp/ndp.c (delete, get)
supported <link-local_addr>%<link ID> on "ndp -d" and "ndp (addr)".
Tue Jun 20 14:55:10 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/openssh: upgrade to 2.1.0
* freebsd3/ports/bind9: upgrade to 9.0.0b4
* freebsd3/ports/lftp: upgrade to 2.2.3
* freebsd3/ports/mozilla: upgrade to M16
Tue Jun 20 12:49:28 JST 2000 itojun@iijlab.net
* sys/netinet6/in6_proto.c: disable rate limitation for ICMPv6 error,
since (1) it makes no sense to put less-than-10ms value to here
due to UNIX timer resolution, and (2) it seems wrong to rate-limit
without considering content of the payload (like ICMPV6 type/code).
we still have pps limitation. based on comments from kjc.
Tue Jun 20 11:44:19 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/bind9: use bind 9.0.0b4.
2000-06-19 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): corrected logic
of error detection for sooptcopyin(). This will fix the problem
that traditional RFC2292 compatible mode did not work for some
socket options (e.g. IPV6_PKTINFO) on freebsd[34].
Mon Jun 19 18:23:15 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
A path name in configuration file is always complemented if it is
not begin from slash(/). If it's begin from slash, a path name
never be complemented.
Mon Jun 19 16:51:24 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
If "non_auth" is defined in racoon.conf, any transform of AH proposal
including "non_auth" is not sent to the peer.
2000-06-19 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_output): jumped to the
"freehdrs" label before making the header chain in order to avoid
possible memory leak.
In response to the KAME problem report sys/259.
Mon Jun 19 07:41:31 JST 2000 itojun@iijlab.net
* libinet6/resolv/res_{init,send}.c: be more backward-compatible with
past behavior. some userland code may not initialize
nsaddr_list.sa_len.
Mon Jun 19 04:42:55 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 6/12 snapshot from
tcpdump.org.
Mon Jun 19 04:15:23 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd4/sys: Security fix "FreeBSD-SA-00:25 FreeBSD/Alpha
platform lacks kernel pseudo-random number generator, some
applications fail to detect this."
From: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-08&msg=20000612215144.D1A3B37BBF7@hub.freebsd.org
2000-06-18 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_attach):
initialized inp_ip_ttl in udp6_attach for mapped addresses.
in response to a report from Hideaki YOSHIFUJI
<yoshfuji@ecei.tohoku.ac.jp> (KAME-snap 2738)
2000-06-16 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* {netbsd, openbsd}/usr.bin/netstat/inet6.c (icmp6_stats):
printed number of icmp6 error messages not sent due to rate
limitation.
Fri Jun 16 05:01:24 JST 2000 itojun@iijlab.net
* openbsd/sys: sync with OpenBSD 2.7
TODO: userland cleanup. tests (i386/conf/GENERIC.KAME compiles but
not tested).
kame/openbsd/ports does not work. we may want to remove those.
If you wish to upgrade to KAME-on-OpenBSD 2.7, make sure to
perform "make clean" at the top level to nuke symlinks, like:
% make TARGET=openbsd clean update prepare
make VERY sure that you use kame-supplied tools (like
/usr/local/v6/sbin/ping6) instead of normal ones (/sbin/ping6)
if you use KAME-enabled kernel. there are API changes between them.
Thu Jun 15 22:41:16 JST 2000 itojun@iijlab.net
* kame/sys/netkey/key.c: correct compilation without IPSEC_ESP.
From: Matthias Drochner <M.Drochner@fz-juelich.de>
Thu Jun 15 21:22:35 JST 2000 sakane@ydc.co.jp
* kame/sys/netkey/key.c:
Fixed extension length of two key extension when dumping SA.
setkey was failed to print keys if SA has both encryption and
authentication keys.
Thu Jun 15 14:44:30 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
CR payload is only made if signature authentication method is applied.
Thu Jun 15 13:29:29 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon/cfparse.y:
In racoon.conf, the path of configuration file is complemented by
include directive only if there is no '/' in the path.
Thu Jun 15 13:08:25 JST 2000 iotjun@iijlab.net
* sys/netinet6/ipsec.[ch]: net.inet.ipsec.inbound_call_ike sysctl
MIB is now gone for good.
Thu Jun 15 10:01:47 JST 2000 itojun@iijlab.net
* libinet6/resolv/res_init.c: make _res.nsaddr_list initialization
more conservative when resolv.conf is missing (or there is no
"nameserver" line). previous code chokes on IPv4-only kernel.
merge from netbsd-current.
2000-06-15 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (defrouter_msg): was added to tell
user processes changes about the default router (including
deletion). This function would be called from defrouter_addreq,
defrouter_addifreq, and defrouter_delreq.
Note: this is currently experimental and is only enabled with the
ND6_USE_RTSOCK kernel compilation option.
Thu Jun 15 02:18:24 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/zebra: upgrade to 0.87.
* freebsd3/ports/ruby: use 1.4.4.
Thu Jun 15 02:07:53 JST 2000 itojun@iijlab.net
* kame/man/man4/inet6.4, *bsd*/usr.sbin/inetd/inetd.8:
update wording on IPv4 mapped address and tcp4/tcp6 interaction.
Wed Jun 14 23:35:03 JST 2000 itojun@iijlab.net
* {netbsd,openbsd}/libexec/ftpd: correct STAT command output for LPSV.
* libinet6/resolv/res_query.c: change member name for struct res_target.
"class" conflicts with C++ reserved identifier.
From: Graham Wheeler <gram@cequrux.com>
2000-06-14 SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
* sys/net/if_dummy.c, freebsd4/sys/conf/files:
dummy I/F is available on FreeBSD4.0, too.
* freebsd4/sys/conf/options, freebsd4/sys/conf/files
freebsd4/sys/sys/mbuf.h
FreeBSD-4.0 KAME with MIP6 option is available.
add mbuf flag M_PROTO6 and use it for M_MIP6TUNNEL.
Wed Jun 14 20:14:47 JST 2000 itojun@iijlab.net
* sys/netinet6/esp_core.c: pass encryption failure code up to ESP
engine, just in case the encryption routine fails.
Tue Jun 13 21:11:28 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/zebra: upgrade to 0.87.
Tue Jun 13 20:08:38 JST 2000 itojun@iijlab.net
* openbsd/sys/netinet/udp_usrreq.c, openbsd/sys/netinet6/raw_ipv6.c:
correct scoped address handling.
2000-06-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_purgeaddr): tried to restore an
interface direct route if we have an address that shares the same
prefix with the deleted address.
This would improve behavior in multi-address environments;
if you assigned multiple addresses that shared a same prefix and
then remove one of them, the interface direct route corresponding
to the address would still remain.
2000-06-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6.c (in6_ifremloop): always called
in6_ifloop_request regardless of the result of
in6_is_ifloop_auto(), in order to make sure to invalidate a stale
route entry for a deleted address.
Note: bsdi doesn't need this fix.
2000-06-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_input.c (ip6_input): avoided to use the
cached route for forwarding, if it is down.
This fix would prevent the input routine from accepting a packet
to already removed address.
Tue Jun 13 14:29:12 JST 2000 itojun@iijlab.net
* netbsd/sbin/setkey: move setkey from usr.sbin/setkey to sbin/setkey.
we need it for encrypted NFS (sync better with netbsd-current).
Tue Jun 13 14:07:24 JST 2000 itojun@iijlab.net
* kame/racoon/safefile.c: be more picky about secret file permission.
now pre-shared key file (psk.txt) is required to be owned by the
uid running racoon (= root), and must not be accessible by others
(like 0400).
2000-06-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/nd6_rtr.c (in6_ifadd): made sure to gain a
reference counter to in6_ifaddr for the autoconfigured address
in bsdi and freebsd2 cases.
This fix would be important to those OSes, since the older code
woulde cause duplicated free when the lifetime for the address
expired.
2000-06-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/dhcp6/common.c (getifaddr): corrected arguments to
in6_addrscopebyif().
In response to a report from Hajimu UMEMOTO<ume@bisd.hitachi.co.jp>
Tue Jun 13 03:39:42 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
send error message against sadb_acquire message to the kernel
when IPsec-SA negotiation fail.
Mon Jun 12 16:52:29 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/lang/ruby: use 1.4.4.
Mon Jun 12 14:53:22 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
Add to handle CR payload on main/aggressive mode.
No Certificate Authority field is included to CR payload at the moment.
Becuase any certificate authority are accepted without any check.
Mon Jun 12 JST 2000 itojun@iijlab.net
* sys/netkey/key.c: transmit SADB_X_SA2 from kernel to userland
on SADB_ADD and SADB_UPDATE. without it latest racoon does not work.
Mon Jun 12 12:34:02 JST 2000 itojun@iijlab.net
* libinet6/getnameinfo.c: use EAI_xx for error code. rfc2553bis
suggests it. the commit corrects old behavior on invalid socket,
where getnameinfo returned 0 (success).
Mon Jun 12 08:51:25 JST 2000 itojun@iijlab.net
* sys/netkey/key.c: correct prefix length match on destination address.
the code used source prefix len on comparision by mistake.
From: Ronald van der Pol <Ronald.vanderPol@surfnet.nl>
2000-06-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* *bsd*/usr.[s]bin/netstat/inet6.c (icmp6_stats): printed new
statistics counters about error messages (see below).
2000-06-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet/icmp6.h: added a new structure icmp6errstat{}
to count more precise statistics of error messages to be generated.
* kame/sys/netinet6/icmp6.c (icmp6_errcount): added as a new
function in order to count the precise statistics.
2000-06-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* *bsd*/usr.[s]bin/netstat/inet6.c (ip6_stats): printed new
statistics counters of forward cache for incoming packets (see
below).
2000-06-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_var.h (ip6stat): added members to count
statistics of forward cache for incoming packets.
* kame/sys/netinet6/ip6_input.c (ip6_input): counted the
statistics.
Sun Jun 11 17:03:07 JST 2000 itojun@iijlab.net
* {netbsd/pkgsrc/net,freebsd[23]/ports}/{libpcap,tcpdump}: use
2000/6/5 weekly SNAP from tcpdump.org.
* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.9.
Sat Jun 10 23:11:41 JST 2000 sakane@ydc.co.jp
* kame/sys/netkey/key.c:
* kame/kame/libipsec/pfkey.c:
* kame/kame/setkey/parse.y:
Obsoleted mode specification. You don't need to specify a mode of
SA when you get/delete SA by setkey. Also, it's not need to do
pfkey_send_delete/pfkey_send_get().
Sat Jun 10 15:42:25 JST 2000 sakane@ydc.co.jp
* kame/sys/{netkey/key.c,net/pfkeyv2.h}:
* kame/kame/{stekey,racoon,libipsec}:
Moved mode/reqid to new extension from sadb_msg header.
New extension is defined sadb_x_sa2 structure.
Fri Jun 9 10:10:08 JST 2000 itojun@iijlab.net
* *bsd*/sys/netinet6/in6_pcb.c, kame/sys/netinet6/in6_src.c:
add in6_embedscope() and in6_recoverscope(), to avoid code duplicate
for KAME scopeid hack.
* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c: add scope consideration
to in6_pcbbind.
Thu Jun 8 22:58:24 JST 2000 itojun@iijlab.net
* kame/ping6/ping6.c: make sure to clear ni_flags on ping6 -w
or ping6 -W. From: yoshfuji
Thu Jun 8 21:40:55 JST 2000 itojun@iijlab.net
* *bsd*/sys/netinet6/{udp6_output,raw_ip6,in6_pcb}.c:
do not overwrite sockaddr on PRU_SEND nor PRU_CONNECT.
(the change is very important)
Wed Jun 7 22:21:43 JST 2000 itojun@iijlab.net
* sys/netinet6/in6_prefix.c: check interface matches when adding
new interface addresses, based on new link-local address and
prefix information. old code added new interface address without
checking interface match and ended up many bogus new interface
addresses.
Tue Jun 6 22:41:24 JST 2000 itojun@iijlab.net
* bsdi4/sys/netinet/tcp_input.c: fix INP_IPV6_MAPPED configuration
onto inpcb. the mistake caused ND to behave badly (ND tries to
update reachability info for IPv4 mapped address - one more reason
to hate IPv4 mapped address).
From: dab@bsdi.com
Tue Jun 6 22:16:18 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/www/wwwoffle: upgrade to 2.5e.
Tue Jun 6 21:53:54 JST 2000 itojun@iijlab.net
* bsdi4/sbin/sysctl: correctly handle IPv6 ipsec/pim entries.
2000-06-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd3/libexec/tftpd/tftpd.c: do not connect tftp session
sockets. Instead, check consistency of the client's local port.
In response to PR: sys/254
2000-06-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd3/usr.bin/tftp/tftp.c:
- do not blindly copy server's port, but make sure to check its
consistency during a session.
- copy the whole received sockaddr (i.e. not only port) for the
next sendto(), which would be safer if the server has bound its
local address.
2000-06-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd3/ports/bind9, netbsd/pkgsrc/net/bind9:
upgraded to bind-9.0.0b3. KAME users are recommended to use this port,
because the original version has an API compatibility issue in a
multi-address environment.
2000-06-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi3/sbin/sysctl/sysctl.c:
* {netbsd, openbsd}/usr.sbin/sysctl/sysctl.c:
synch with the change below. (Fortunately, there are no binary
compatibility issues).
2000-06-06 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/pim6_var.h: renamed macro definitions about
pim6 sysctls to avoid possible conflict.
Suggested by: Hitoshi Asaeda <asaeda@yamato.ibm.co.jp>
Mon Jun 5 21:56:35 JST 2000 itojun@iijlab.net
* traceroute6/traceroute6.c: add -f (skip first hops). the option
is common to freebsd4/bsdi4/openbsd/netbsd traceroute(8).
2000-06-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/traceroute6/traceroute6.c (main): set a minimum set of
socket options as soon as opning a raw socket to avoid
unintentionally receiving packets without ancillary data.
Note: this could actually happen when we used an unreachable IPv6
DNS server.
2000-06-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_src.c (in6_pcbsetport): supported FreeBSD
3 and later as a separate function, the code which was a part of
in6_pcbbind().
2000-06-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/udp6_output.c (udp6_output): supported FreeBSD
3 and later.
* freebsd[34]/sys/netinet6/udp6_usrreq.c: removed original
udp6_output().
* freebsd[34]/sys/conf/files: added netinet6/udp6_output.c
2000-06-05 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_send): added some
validation checks for the passed sockaddr. The previous code seemed
a bit naive.
Sun Jun 4 22:28:30 JST 2000 itojun@iijlab.net
* libinet6/resolv/res_send.c: remove MULTICASTQUERY6 case.
it is unnecessary since we have mdnsd, and it was mistake in BIND9
that BIND9 replied to multicast queries.
Sun Jun 4 21:57:47 JST 2000 itojun@iijlab.net
* sys/netinet6/nd6.c: revise upper-layer reachability confirmation
hint processing. count hints from upper-layer, and if the count
reaches maximum, try to probe reachability by real ND.
sysctl net.inet6.icmp6.nd6_maxnudhint defines maximum # of subsequent
upper-layer hints to be accepted.
we have removed check against process privilege for IPV6_REACHCONF.
we currently have two sources for hints: (1) IPV6_REACHCONF
(2292bis setsockopt), and (2) hints from tcp_input.
it is still questionable if they are really trustworthy.
for example, rogue userland program can use IPV6_REACHCONF to confuse
ND process (which is system-wide cache). also, tcp_input can be
hosed by hijack attempts.
Sun Jun 4 12:29:41 JST 2000 itojun@iijlab.net
* sys/netinet6/mip6*: sync with latest MIPv6 patch from ericsson guys.
- New addition to eager movement detection: now a second level
provided to enhance handoff time a lot. As soon as a
new prefix is heard the Mobile Node changes default
router. Less stable, router reachability is not assured,
but this can make handoff go in less than 0.5 sec. Also:
nasty trick used is to run nd6_timer() five times per
second. Use "mip6config -e 2" to test.
- More consistent function of mip6config and mip6stat.
- Fixed some bugs in mip6stat.
- Code clean up.
Sun Jun 4 01:12:52 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* {freebsd3/ports, netbsd/pkgsrc/net}/p5-Socket6: upgrade to 0.07.
Sat Jun 3 08:08:43 2000 SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* freebsd3/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.
* freebsd3/ports/mod_perl: mod_perl-1.24.tar.gz
2000-06-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput): separated from
tcp_ctlinput. We believe a separated function would make sense
in this case.
Additionaly, the new function now calls syn_cache_unreach().
IMO, there's been no special reason not to call it.
* openbsd/sys/netinet/tcp_subr.c (tcp6_ctlinput): applied the same
fix as bsdi4.
Also, the ctlinput function now calls in6_pcbnotify(), which was
unintentionally (IMO) prohibited.
2000-06-02 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* {bsdi4, freebsd[34], openbsd}/sys/netinet6/in6_pcb.c
(in6_pcbnotify):
* kame/sys/netinet6/in6_pcb.c (in6_pcbnotify):
corrected the algorithm to detect whether in6_rtchage() should
be called.
Fri Jun 2 21:08:22 JST 2000 itojun@iijlab.net
* freebsd2/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.
Thu Jun 1 04:47:42 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
- You must explicitly specify the file name of certificate and
private key if you use a certificate. See README.certificate.
- fixed to make a index of SPD in responder side when ID type in ID
paload is subnet, or when there is no ID payload.
- supported to negotiate the IPsec-SA of ESP without authentication.
- Added the direction as an item to compare policy.
- fixed some crash problems.
Thu Jun 1 02:43:31 JST 2000 itojun@iijlab.net
* kame/mdnsd: multicast DNS resolver, as specified in
draft-aboba-dnsext-mdns-00.txt. Note that spec conformance is
still very low.
* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 5/29 weekly snap.
<200005>
2000-05-31 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/ip6_output.c (ip6_mloopback): make a deep copy
of the IPv6 header only in an M_EXT case. Practically, we'll
rarely need such an extra copy.
Tue May 30 23:56:04 JST 2000 itojun@iiljab.net
* sys/netinet6/ip6_output.c: make scopeid handling in multicast
loopback case (ip6_mloopback) consistent with other cases.
Tue May 30 20:54:23 JST 2000 itojun@iijlab.net
* libinet6/resolv/res_send.c: with #define MULTICASTQUERY6, allow
multicast address in /etc/resolv.conf "nameserver" line. By
configuring resolv.conf(5) like below:
nameserver ff02::1%3
DNS queries will reach all nodes on the link with link ID "3".
With the change, the resolver code changes some of its behaviors:
- the resolver code does not check src/dst pair match, if we have
multicast address in resolv.conf. It may or may not raise security
issue.
- the resolver code does not use connected udp socket for multicast
query.
highly experimental - note that this change DOES NOT attempt to
support multicast DNS queries, as drafted in
draft-aboba-dnsext-mdns-00.
2000-05-30 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/faithd/faithd.c (main): allocated enough memory for
serverpath and serverarg to prevent possible buffer overrun.
Tue May 30 11:18:03 JST 2000 itojun@iijlab.net
* freebsd[23]/ports/popper, netbsd/pkgsrc/mail/qpopper:
mark the port broken for security issue. users are suggested to
remove the installed binary.
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-22&msg=p04320305b5511470392c@[192.168.1.5]
Tue May 30 01:29:04 JST 2000 itojun@iijlab.net
* freebsd4/sys/net/if_loop.c: check BPF data link layer type (DLT_xx)
on call to bpf_mtap() in if_simloop().
XXX if_simloop() call from ip6_output() causes junk to be injected
to bpf buffer. we may need some fix separately from this commit.
Tue May 30 00:11:17 JST 2000 itojun@iijlab.net
* {bsdi4,netbsd}/usr.bin/ftp: internally convert IPv4 mapped address
into real IPv4 address. IPv4 mapped address adds too much confusion
to FTP protocol handling.
Suggested by: ume
Mon May 29 08:34:58 JST 2000 itojun@iijlab.net
* kame/sys/netinet/in6_pcb.c (affects netbsd only):
bind(2) on AF_INET6 socket with IPv4 mapped address will raise error,
instead of making port number duplicate on pcb struct.
Mon May 29 02:26:25 JST 2000 itojun@iijlab.net
* bsdi4/sys/netinet/tcp_input.c: correct critical typo. prior to the
change, if we have inbound IPv4 TCP traffic to AF_INET6 socket.
inp_laddr6 will have ::ff0f:xx.yy.zz.uu, not ::ffff:xx.yy.zz.uu.
* bsdi4/usr.sbin/netstat/inet.c: do not print IPv4 mapped address
as normal IPv4 address, on netstat -an. print it as is (as IPv4
mapped).
Mon May 29 00:43:15 JST 2000 itojun@iijlab.net
* sys/netinet6/ip6_output.c (affects netbsd only):
correct setsockopt(IPV6_BINDV6ONLY) behavior.
Mon May 29 00:04:15 JST 2000 itojun@iijlab.net
* bsdi4/sys/netinet/in_pcb.c: remove NRL bind(2) ordering constraint.
NRL code forbids wildcard IPv4 bind after wildcard IPv6 bind on
the same port number. it was mistake. now bind(2) is free from
ordering constraint.
Sun May 28 15:33:11 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/5/22 weekly snap.
Sat May 27 23:05:00 JST 2000 itojun@iijlab.net
* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.8.
2000-05-27 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/dtcp/dtcpc.rb: added a new option "-r (static|solict)"
to specifiy how the default route should be configured.
2000-05-27 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/rtadvd: became more conscious of interface status
(up or down);
- when an interface becomes down, stop the corresponding timer.
- when an interface becomes up again, reinitialize the status and
restart the timer.
- simply discard data received on a daed interface.
- dump if interface is up or dump
Sat May 27 19:07:58 JST 2000 itojun@iijlab.net
* sys/netinet6/icmp6.c: add net.inet6.icmp6.errppslimit sysctl MIB.
it will let you limit ICMPv6 error messages by pps, not interval.
still not sure what is the best way to perform rate limitation...
change default parameter for icmp6 error rate/pps limitation
to 100usec interval and 200pps (an icmp6 error packet needs to
pass both tests to leave the node).
Sat May 27 15:18:58 JST 2000 itojun@iijlab.net
* kame/ping6/ping6.c: support -N option to probe NI group address at
ease. for example:
% ping6 -N -I ne2 lychee
will probe NI group address for nodename "lychee", instead of the
address resolved for "lychee".
Sat May 27 14:01:29 JST 2000 itojun@iijlab.net
* sys/netinet6/in6_ifattach.c: on in6_ifattach(), join NI group address
specified in icmp-name-lookup-04 and beyond.
TODO: cope with hostname change events, like sethostname(3).
Fri May 26 00:02:15 JST 2000 itojun@iijlab.net
* netbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier
on HTTP Host: directive. disallow scoped address if the access is
via proxy.
* openbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier on
HTTP Host: directive. correct Host: directive passing if the
access is via proxy.
TODO: disallow scoped address if the access is via proxy.
Thu May 25 23:16:01 JST 2000 itojun@iijlab.net
* bsdi4/usr.bin/telnet/commands.c: use getaddrinfo to be scoped-address
friendly.
Thu May 25 21:56:47 JST 2000 itojun@iijlab.net
* bsdi4/sys/i386/pci/if_exp.c: do not use interrupt for initializing
multicast filter. this will make exp driver to be friendly with
IPv6 initialization sequence. hints from netbsd fxp driver.
2000-05-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* bsdi4/sys/net/route.c (ifa_ifwithroute): reverted a KAME
specific change introduced on 2000-02-25 (see this log file).
The change was an ad-hoc hack and broke BSDI's original
intention, so we've wanted to clarify the code.
2000-05-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/sys/netinet6/in6_ifattach.c (in6_ifattach,
in6_ifattach_addaddr): use rtrequest1() when assigning IPv6
addresses since this function is more conscious of interfaces than
rtrequest() and is suitable for link-local addresses.
Thu May 25 01:25:39 JST 2000 sakane@ydc.co.jp
* kame/sys/{netkey/key.c,netinet6/ipsec.c}:
* kame/kame/setkey:
supported IPsec with link local address.
XXX to be supported by racoon.
Wed May 24 22:42:40 JST 2000 itojun@iijab.net
* bsdi4/sys/net/if_ppp.c: IPv6 support. highly experimental.
* bsdi4/usr.bin/ppp: IPv6CP support. highly experimental. solicit
test/experience reports.
2000-05-24 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* kame/kame/dhcp6/dhcp6s.c: the "-n dnsserv" option can now be
specified multiple times, when a user wants to set more than one
server.
Wed May 24 18:59:55 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
fix to check vendor id. HASH function for vendor id is always MD5.
Wed May 24 18:09:12 JST 2000 itojun@iijlab.net
* sys/netinet6/in6.h: check parameter type to IN6_ARE_ADDR_EQUAL().
this should avoid typecast bugs like below.
2000-05-24 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c (in6_pcbnotify):
corrected the 2nd argument IN6_ARE_ADDR_EQUAL(), which was