forked from kame/kame
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG.2001
3313 lines (2775 loc) · 144 KB
/
CHANGELOG.2001
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit
$KAME: CHANGELOG.2001,v 1.3 2002/06/12 11:58:32 jinmei Exp $
<200112>
2001-12-28 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): do not separate
the case for IPV6_RTHDRDSTOPTS and the case for IPV6_DSTOPTS,
according to rfc2292bis-03.
* kame/sys/netinet6/ip6_var.h: accordingly replaced the dest1 and
dest2 members of ip6_recvpktopts{} with a single "dest" member.
2001-12-27 JINMEI, Tatuya <[email protected]>
* *bsd/usr.sbin/ip6addrctl: a dedicated directory was digged in
order for the tool to be compiled as a standard package.
* kame/kame/ip6addrctl: renamed from kame/kame/addrselect
according to the change of the command name.
Thu Dec 27 17:09:51 JST 2001 [email protected]
* dhcp6: use draft 22 Inform/Reply exchange as suggested in
draft-droms-dnsconfig-dhcpv6-00.txt. no backward compatibility
provided.
Thu Dec 27 11:42:38 JST 2001 [email protected]
* kame/sys/netinet6/mip6*
- implemented authdata sub-optoin. this implementation uses
KAME/IPSEC spd/sa database. because of this reason, OpenBSD can't
use authdata sub-option. the spd and sa can be set using
setkey program. the protocol number is currently ipv6-opts(60).
it needs some discussion how to set spd/sa for authdata/mip6.
currently, i do not provide a switch to disable authdata
feature. the users must specify spd and sa between the mn and
ha/cn. otherwise, the home registration/bu operation will fail.
take a look into TODO.mobile-ip6 to understand how to set up
spd/sa for authdata sub-option.
2001-12-25 JINMEI, Tatuya <[email protected]>
* kame/kame/libinet6/ip6opt.c (inet6_opt_next, inet6_opt_find):
- corrected the calculation of the "previous length" returned by
these functions. The returned length should contain the length of
the returned option.
- corrected the option length value returned by these functions so
that the length would only contain the data length (i.e. without
the type and length fields)
2001-12-22 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_src.c (in6_selectroute): corrected a
condition to get a route to the next hop specified by the
IPV6_NEXTHOP option. Also, a statistics counter was incremented
in this function.
2001-12-21 JINMEI, Tatuya <[email protected]>
* kame/kame/addrselect: renamed the program to ip6addrctl so that
the name would describe its function well.
2001-12-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_raw_ctloutput): added as a new
function ip6_raw_ctloutput, which only handles IPV6_CHECKSUM. The
purpose for the separate function is to share the logic by all
*BSD.
A new validation rule to reject odd offset values was added,
according to the latest specification of the advanced API.
2001-12-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): supported a new
IPv6 socket option IPV6_PATHMTU defined in rfc2292bis-03.
Fri Dec 21 14:38:15 JST 2001 [email protected]
* sys/netinet6/in6_gif.c: correct default hoplimit value for
IPvX-over-IPv6 tunnel (has been set to 0 due to #include mistake).
2001-12-20 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c: supported a new IPv6 socket
option IPV6_DONTFRAG as described in rfc2292bis-03. This option
is used to disable IPv6-layer fragmentation.
Thu Dec 20 06:48:57 JST 2001 [email protected]
* kame/racoon:
fixed that the negotiation always failed when "verify_identifier"
was defined with aggressive mode.
2001-12-19 JINMEI, Tatuya <[email protected]>
* kame/kame/libinet6/getaddrinfo.c (get_addrselectpolicy): enabled
for FreeBSD.
2001-12-19 JINMEI, Tatuya <[email protected]>
* kame/kame/addrselect/addrselect.c: used ioctl()s just added below
to set/delete policy entries.
2001-12-19 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/{in6.c, in6_src.c}:
- implemented two new ioctls to set/delete address selection
policy entry
- disabled write operation of net.inet6.ip6.addrselpolicy
accordingly
with these changes, address selection policy can now be installed
on all supported platforms.
2001-12-18 JINMEI, Tatuya <[email protected]>
* kame/{kame,sys}/(many files): replaced mld6_xxx and MLD6_XXX
with mld_xxx and MLD_XXX according to the change below.
2001-12-18 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet/icmp6.h: revised MLD-related definitions:
- used mld_xxx and MLD_xxx instead of mld6_xxx and MLD6_xxx
according to the official defintions in rfc2292bis
- changed the first member of mld_hdr{} from mld_hdr to
mld_icmp6_hdr to avoid name space conflict in C++
Sat Dec 15 01:45:38 JST 2001 [email protected]
* kame/racoon:
Suported the 6144-bit DH MODP group. Fixed some memory leaks.
2001-12-14 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6.c (in6_control): always called
pfxlist_onlink_check() after the process of SIOCAIFADDR_IN6. The
function call was mistakenly put in a wrong block with another
fix.
Based on: a report from <[email protected]>
Fri Dec 14 17:19:56 JST 2001 [email protected]
* kame/sys/netinet6/ip6_mroute.c
- s/nexpire/n6expire/, since this global variable is duplicated.
(ip_mroute.c also has a global variable "nexpire" on *BSD
except FreeBSD)
2001-12-13 Shin'ichi Fujisawa <[email protected]>
* kame/sys/natpt_{defs,dispatch}.[ch]:
- Add a code to send ICMP "packet too big" message to IPv4
host when IPv4 packet is too big (at most 1232 octets,
excluding the IPv4 header) to translate into IPv6. 1232
comes from 1280 (IPv6 minimum MTU) minus 40 for the IPv6
header and 8 for the Fragment header.
A problem of the host who does not listen to ICMP is still
unsolved.
Thu Dec 13 00:31:47 JST 2001 [email protected]
* kame/racoon:
the retransmission logic has been improved. racoon stores packets
that have been sent. when racoon receives a packet that has been
processed already, racoon will reply the saved packet simply.
the default timer for waiting each negotiation has also been changed.
2001-12-12 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{dispatch,tslot,var}.[ch]:
- Support translation from ICMPv6 that occurred with IPv6 host
into ICMPv4 in "IPv4->IPv6" translation.
This translation is done even if there is no "IPv6->IPv4"
translation rule, but only this ICMPv6 packet is a target of
translation. Because translator examines whether this is
ICMP of return more first than translation rule, eventually
"IPv6->IPv4" translation rule is not adapted to.
2001-12-12 JINMEI, Tatuya <[email protected]>
* kame/kame/libinet6/getaddrinfo.c: implemented more rules for
destination address ordering; matching label, higher precedence,
and longest prefix matching. Due to differences on sysctl, the
first two rules are not available for FreeBSD at this moment.
2001-12-11 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{defs,dispatch,trans,tslot,var}.[ch]:
- Support fragmented IPv4 packet translation.
Fragmented IPv4 packet is translated into fragmented one or
two IPv6 packet. IPv4 packet larger than 1280 bytes
(monolithic or fragmented) is translated into fragmented
two IPv6 pakcets. Sorry, DF flag is not cared yet.
Restrictions:
- Reassembly is not supported.
The following limitation occurs from this restriction.
o Fragmented ICMPv4 packet is not translated into ICMPv6
packet. Because length of ICMPv6 packet is necessary
when translator calculates ICMPv6 checksum, but the
length is not provided without reassembly.
o IPv4 packet which is fragmented and needs conversion
of payload is not translated into IPv6 packet.
i.e. ftp command.
I think there is hardly a case that FTP command or ICMP
packet is fragmented except ICMP ECHO/ECHOREPLY message.
Therefor, I think this restriction is not so serious.
Todo:
- Mind DF flag.
- Send back ICMP "packet too big" message to sender when
DF flag is set and IPv4 packet size is larger than 1280
bytes.
There is a host that sends a IPv4 packet which DF bit is
set but does not listen to an ICMP message. Or an ICMP
"packet too big" message may be dropped at a firewall
prior to this host.
This problem is still under consideration now.
Tue Dec 4 20:58:54 JST 2001 [email protected]
* kame/sys/net/if_hif.[hc]
* kame/sys/netinet6/{mip6.[hc],mip6_binding.c}
* kame/sys/netinet6/nd6_rtr.c
- do movement detection in pfxlist_onlink_check() instead of
nd6_ra_input(). this change makes it possible to utilize
the change of the status of (detached) prefixes to detect
movement.
2001-12-04 JINMEI, Tatuya <[email protected]>
* bsdi4/contrib/bind/src/lib/irs/dns_ho.c (ho_byaddr):
* bsdi4/contrib/bind/src/lib/resolv/res_init.c (res_setoptions):
use ip6.arpa. then ip6.int. as the upper domain for IPv6 reverse
loookups (with the nibble format), unless the "no-ip6-arpa"
resolver option is specified.
Tue Dec 4 10:14:02 JST 2001 [email protected]
* libinet6/name6.c: on IPv6 reverse name lookup, query ip6.arpa
then ip6.int (both using nibble format).
2001-12-03 JINMEI, Tatuya <[email protected]>
* netbsd/sys/netinet/tcp_subr.c (ipsec4_hdrsiz_tcp): corrected
IP+TCP headers to calculate the header size.
This fix is very important, because without the fix the kernel
would bypass the path acquiring SAs even if the policy requires
IPsec.
All KAME netbsd users who use IPsec for TCP/IPv4 should apply this
fix.
Mon Dec 3 21:24:25 JST 2001 [email protected]
* kame/sys/net/if_hif.c, kame/sys/netinet6/mip6*
- change the movement detection algorithm from prefix infomation
based to coa based. this is more stateless addrconf friendly.
- fix incorrect ifa_rtrequest setting in hif_ioctl.
<200111>
2001/11/30 20:51:35 JST [email protected]
* ALTQ works again for openbsd-3.0.
- the ALTQ base is enabled in "sys/conf/GENERIC" but other ALTQ
options are enabled in "openbsd/sys/arch/i386/conf/GENERIC.KAME".
Thu Nov 29 18:32:39 JST 2001 [email protected]
* openbsd: switched to openbsd 3.0. still needs a torture-testing.
ALTQ is unavailable for the moment.
2001-11-28 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{defs,dispatch,trans,tslot,var}.[ch]:
- Support translation from fragmented IPv6 packet to IPv4.
IPv4 packet is also fragmented.
Restriction: The first fragmented packet must have all of
header of ICMP/TCP/UDP, because this translation does not
support assembly of fragmented packets.
Tue Nov 27 19:03:30 JST 2001 [email protected]
* kame/sys/crypto/cast128,kame/sys/netinet6/esp_core.c:
fixed the cast128 calculation with a short cipher key length.
the memory was overridden when the key length was less than 16 bytes.
Tue Nov 27 16:03:20 JST 2001 [email protected]
* kame/kame/pim6sd/:
- SSM prefix definition is now based on draft-ietf-ipngwg-uni-
based-mcast-03.txt
- joins all MLDv2 routers group on all interfaces listening to MLDv2
- updated MLDv2-related code (from Mickael Hoerdt)
- never uses timer with id == 0, since it means "unspecified"
- frees/discards/resets everything with regard to the stopping VIF.
Tue Nov 27 01:35:26 JST 2001 [email protected]
* kame/kame/racoon:
- when racoon receives a IKE packet, it checks the value of the
responder's cookie strictly.
- fixed to recover the state when a error happens during the phase1
negotiation. the return value was overwritten a illegal value.
- added a debugging code to find memory leaks. two memory leaks
have been fixed.
2001-11-26 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c(ip6_output): initialized the last
argument to ip6_process_hopopts(), because the callee requires it
to be 0 when a jumbo payload option is contained.
(We may have to reconsider the requirement, though.)
2001-11-25 JINMEI, Tatuya <[email protected]>
* freebsd4/{altq*, hroute6d, ppp, pvc*, ifconfig}/Makefile:
linked KAME's libinet6 in order to make sure to use the latest
getaddrinfo() and getnameinfo(). Those applications may not work
well with libc due to latest changes of handling IPv6 scoped
addresses, particularly the lack of NI_WITHSCOPEID.
Wed Nov 21 14:17:10 JST 2001 [email protected]
* sys/netinet/ip_output.c: update outgoing interface only if ipsec
tunnel mode encapsulation is applied. the change is necessary to
use IPsec over multicast (like IP_MULTICAST_IF).
Mon Nov 19 14:34:06 JST 2001 [email protected]
* sys/netinet6/udp6_output.c: initialize IPv4 source address on packet
correctly, when IPv4 mapped address is used on AF_INET6 socket.
affects bsdi4 only.
Thu Nov 15 20:09:26 JST 2001 [email protected]
* kame/sys/netinet6/mip6*
- fix a binding request bug. now CN sends a binding request for
the mobile node of a expiring binding cache.
- add auth sub-option handling.
currently zero-length auth sub-option (means no auth) is
sent/received with bu.
- stop using in6_control() for address handling. instead,
use in6_update_ifa/in6_purgeaddr.
2001-11-15 Shin'ichi Fujisawa <[email protected]>
* kame/kame/natptconfig/showsubs.c:
- Invert the source and destination address of the remote side
of "natptconfig show xlate" command output.
Prior to this change, "natptconfig show xlate" command
indicates it in order having with kernel internal table.
However this output is against intuition (and does not fit
header line either).
2001-11-15 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_rule.c:
- Adapt a translation rule when packet is TCP and only SYN
flag is set. Until now, this NAT-PT starts translation
even if TCP packet with no SYN flag is coming. However,
this behavior seems no good, action was changed in this way.
2001-11-14 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/raw_ip6.c (rip6_usrreq):
* freebsd4/sys/netinet6/raw_ip6.c (rip6_send):
allow (with warning messages) an unspecified address family for
the destination address to provide backward compatibility to
buggy(!) applications.
We may change our mind later on this.
2001-11-13 JINMEI, Tatuya <[email protected]>
* kame/kame/(many files): removed all references to
NI_WITHSCOPEID.
2001-11-13 JINMEI, Tatuya <[email protected]>
* *bsd/lib/libinet6/Makefile: added scope.c to SRCS in order to
deal with scope zone IDs. The library functions defined in the
file are KAME specific, and not standard ones.
2001-11-13 JINMEI, Tatuya <[email protected]>
* kame/kame/rtsold/rtsold.c (ifconfig): got a proper link ID for
each interface.
* kame/kame/rtsold/rtsol.c (sendpacket):
* kame/kame/rtsold/probe.c (sendprobe):
set the link ID for the outgoing link-local packet.
2001-11-13 JINMEI, Tatuya <[email protected]>
* kame/kame/rtsold/rtsol.c (sockopen): initialize the family and
the length members of a sockaddr_in6 structure correctly.
2001-11-13 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/raw_ip6.c (rip6_usrreq):
* freebsd4/sys/netinet6/raw_ip6.c (rip6_send):
validated the length and the address family of the destination for
the send operation. This fix is correct per se, but breaks
backward compatibility to old rtsol(d) due to a bug of the
application(s).
2001-11-13 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/(many files): changed the way of qualifying
the zone of address scope. The current code basically assumes the
application sets the scope zone correctly, and only uses the
default zone value as the last resort (if configured so).
However, a workaround was provided for backward compatibility; the
kernel also tries to disambiguate the scope zone after selecting
the source address and the outgoing interface.
2001-11-10 JINMEI, Tatuya <[email protected]>
* kame/kame/ping6/ping6.c (main): used a pair of the
IPV6_UNICAST_HOPS and IPV6_MULTICAST_HOPS socket options
instead of the IPV6_HOPLIMIT sticky option, because the usage
of IPV6_HOPLIMIT might be disabled in a future version of
rfc2292bis.
2001-11-10 JINMEI, Tatuya <[email protected]>
* {kame, *BSD}/sys/netinet6/various files: introduced a new sysctl
variable "net.inet[6].ip6.use_defaultzone" to enable the notion of
default scope zone. When the variable is non-0, the kernel will
try to set an appropriate zone ID for an address given from an
application if its scope zone is ambiguous.
2001-11-10 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_setpktoption): disabled the
check for the address part of IPV6_PKTINFO, and let
in6_selectsrc() do the check.
* kame/sys/netinet6/in6_src.c (in6_selectsrc): validate the
address specified by IPV6_PKTINFO. This change will introduce
additional cost when the option is specified as a sticky option,
but this type of usage should be rare and can be ignored.
2001-11-10 JINMEI, Tatuya <[email protected]>
* freebsd4/sys/netinet6/in6_pcb.c (in6_pcbladdr, in6_pcbbind):
set the default scope zone ID when unspecified.
* freebsd4/sys/netinet6/in6_pcb.c (in6_setsockaddr,
in6_setpeeraddr): use in6_recoverscope(), which is more generic.
Thu Nov 8 14:59:31 JST 2001 [email protected]
* bsdi4/sbin/ifconfig/ifconfig.c: support "tunnel" and "deletetunnel"
keyword for setting/removing gif physical address.
2001-11-08 Shin'ichi Fujisawa <[email protected]>
* kame/kame/natptconfig/{cfparse,yylex}.[cy]:
- Keyword "proto" is necessary before protocol when you write
protocol dependant rule. It is written that "proto" is
necessary in man page, and "natptconfig show rules" command
also indicates "proto".
2001-11-07 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6.c (in6_update_ifa): when a user (perhaps
mistakenly) tried to install an IPv6 address with 0 valid
lifetime, just returned without any operation that had side
effects. There should be no difference on the behaviour from the
user's side, but the code should be safer than before because of
the lack of the effects.
Wed Nov 7 12:30:49 JST 2001 [email protected]
* kame/sys/netinet6/mip6_var.h,mip6_binding.c
- add ifnet info to the binding cache structure
to distinguish one bc on the home link from the other bcs
which has a same interface identifier on the other link.
(need to recompile mip6control)
Wed Nov 7 10:48:51 JST 2001 [email protected]
* kame/kame/racoon:
racoon will compare between the list of "sainfo" and the initiator's
proposal even when "generate_policy" is defined.
2001-11-06 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.c (nd6_purge): corrected purging the
default router list in nd6_purge(), so that both two loops would
surely start from the head of the list. Otherwise, we'd see some
garbage routers after purging the interface.
2001-11-06 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6.c (in6_update_ifa): set address lifetimes
before calling in6_ifinit(). The previous code should be correct,
but at least this one should not be wrong. Additionally, it
surely solves the situation that configuring an IPv6 address on
some NetBSD PCMCIA cards causes kernel panic.
Suggested by {karino, sugyo}@kame.
Tue Nov 6 17:03:39 JST 2001 [email protected]
* kame/sys/netinet6/ipsec.c:
fixed the behavior when there is no inbound policy for the ipsec
tunneled packet.
when there is no suitable inbound policy for the packet of the ipsec
tunnel mode, the kernel never decapsulate the tunneled packet
as the ipsec tunnel mode even when the system wide policy is "none".
then the kernel leaves the generic tunnel module to process this
packet. if there is no rule of the generic tunnel, the packet
is rejected and the statistics will be counted up.
Tue Nov 6 16:47:45 JST 2001 [email protected]
* kame/sys/netinet6/udp6_usrreq.c, netbsd/sys/netinet/udp_usrreq.c:
remove in6_mcmatch(). now sockets after bind(2) won't grab packets
to joined multicast groups (behavior now looks like 4.4BSD IPv4
code).
2001-11-04 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (defrouter_select): do not override
a working router unless the new one is really better. "better"
means (1) the old router is not known to be reachable, or (2) the
new router has a really higher preference value than the old one.
2001-11-04 JINMEI, Tatuya <[email protected]>
clarified cached route manipulation:
* kame/sys/netinet6/in6_src.c (in6_selectroute): check if the
cached route is up before using the cache. With this check, we
can select more appropriate source addresses.
* kame/sys/netinet6/ip6_output.c (ip6_output): removed the check
for the cached route to avoid redundancy.
Sun Nov 4 15:29:28 JST 2001 [email protected]
* kame/kame/v6test/cksum.c: calculates PIM checksum without
encapsulated packet if it is a Register message.
2001-11-02 JINMEI, Tatuya <[email protected]>
* bsdi4/sys/netinet/in.c (in_control): fixed a bug that the kernel
can panic in process of the SIOCSIFADDR ioctl unless the
COMPAT_IFIOCTL kernel compilation option is specified.
<200110>
2001-10-31 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (defrtrlist_update): corrected the
default router selection algorithm so that round-robin will surely
be performed when there's no reachable router.
Also, do not try to install more than one default router,
regardless of the availability of the multipath routing. This is
because I'm not sure about the benefits for stub hosts comparing
to the risk of making the code complicated and the possibility of
introducing bugs. (the previous code was actually buggy.)
The bug was found by recent TAHI tests, and was reported by Yukiyo
Akisada <[email protected]>
2001-10-31 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{rule,tslot}.c:
kame/kame/natptconfig/{cfparse,defs,misc,showsubs,yylex}.[chy]:
- Support IPv4 -> IPv6 translation.
Translation is restricted, one ipv4 host can connect to ipv6
host. This connection is one-on-one. So, if you want to
connect more than one IPv6 host, same number of IPv4 addresses
are necessary.
For example, assume you add following rule.
map from daddr 10.21.32.252
to daddr 2001:240:10a:5555:260:8ff:feb0:96f4
(I bend this line because line is long, but describe it in
single line)
IPv4 packet destined to this IPv4 address described just after
first "daddr" is a target of translation of IPv4->IPv6, and is
redirected to 2001:240:10a:5555:260:8ff:feb0:96f4, also
described just after second "daddr".
This IPv4 address (10.21.32.252 in above example) had better
not to be NAT-PT box address. It will be easy to use ifconfig
command. For example,
ifconfig fxp0 inet 10.21.32.252 netmask 255.255.255.0 alias
Of course, change interface name, ip address and netmask in
accordance with your network.
Tue Oct 30 00:01:35 JST 2001 [email protected]
* kame/sys/netkey/key.c:
the system wide policy should be returned when no policy found
in the SPD. the packet was rejected in ipsec[46]_tunnel_validate().
Fri Oct 26 22:29:15 JST 2001 [email protected]
* kame/sys/netinet6/mip6.c
- add a binding request sending code.
2001-10-26 JINMEI, Tatuya <[email protected]>
* freebsd4/usr.sbin/ppp/ipv6cp.c (ipcp_SetIPv6address): embedded the
link ID to the link-local addresses of both ends.
* freebsd4/usr.sbin/ppp/ncpaddr.c (adjust_linklocal): do not move
the embedded value to sin6_scope_id, since the kernel routing
engine does not understand this form.
* freebsd4/usr.sbin/ppp/ipv6cp.c (ipv6cp_Layer{Up,Down}): read
ppp.linkup and ppp.linkdown for IPv6. I'm not 100% sure if this
can be done without other fixes.
Fri Oct 26 18:27:29 JST 2001 [email protected]
* mip6
- changed the mip6 ioctl request structure. (this REQUIRES UPDATING
the mip6control command you are using.)
- protected the mip6 ioctl path by splnet() during retreiving
binding cache entries.
Fri Oct 26 10:06:23 JST 2001
* kame/kame/racoon:
fixed that the negotiation of the tunnel mode always failed.
2001-10-25 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{defs,rule,transtslot}.[ch]:
kame/kame/natptconfig/{cfparse,misc,showsubs,yylex}.[cy]:
- Support bi-directional IPv4 NAT.
This NAT binds global address to private address
one-on-one statically. Sessions can be initiated from
hosts in the public network as well as the private
network. So, if you can set nat session as bidirectional,
you can connect to the host located behind this NAT from
public IPv4 network.
You need several IPv4 address, an equal number of host to
be connected to. Sorry, manual page is not ready yet.
2001-10-25 JINMEI, Tatuya <[email protected]>
* kame/kame/ndp/ndp.c (dump): skipped non-host routes when
printing neighbor cache entries, since they were just confusing.
2001-10-25 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.c (nd6_rtrequest): ignored a route when it
is created by cloning and is not a neighbor. Otherwise, it could
mistakenly regard a cloned route to an off-link destination as
an on-link neighbor, and create a neighbor cache. Then we'd see
some strange neighbor solicitations to the destination.
Some additional clarifications on this file were made with this
fix.
2001-10-25 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_gif.c (in6_gif_output): let ip6_output()
(and a subroutine) to validate the cache and to make a new one, in
order to avoid missing logic and code duplication.
* kame/sys/netinet/in_gif.c (in_gif_output):
added a check if the cached route (per gif) is up before using it.
This should be verified for all type of cached routes, but we've
forgotten the check. With this change, FreeBSD will be able to
reflect a change of route for the other end point of the tunnel
as soon as possible.
(OpenBSD IPv6 only)merged recent changes into the openbsd specific
code path.
2001-10-25 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.h: removed the ndpr_addr member from the
nd_prefix structure, which was effectively not used anywhere. The
structure is kernel-internal, so there should be no compatibility
issue to existing applications.
2001-10-25 Shin'ichi Fujisawa <[email protected]>
* kame/kame/natptconfig/{cfparse.y,defs.h,yylex.c}:
- Add "daddr" keyword to specify that translator converts
destination address, and add element of struct ruletab{}
to hold this address.
- Add translation rule to convert IPv4->IPv6. I am sorry,
many of them do not work yet.
2001-10-25 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.c (nd6_is_addr_neighbor): corrected an
expression to detect whether a given address matches an on-link
prefix. The previous one mistakenly detected every address as
on-link.
2001-10-25 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{rule,tslot}.c:
kame/kame/natptconfig/{misc,showsubs}.c:
- Change dport handling (destination port mapping) to use a
new member of cSlot structure.
Wed Oct 24 13:43:34 JST 2001 [email protected]
* kame/sys/netinet/ip6.h, kame/sys/netinet6/mip6*
change the packet format of binding update/ack
according to the latest draft.
Wed Oct 24 11:15:40 2001 SUMIKAWA Munechika <[email protected]>
* freebsd4: fix the bug IPv6 over vlan do not work when updating
freebsd4.4
2001-10-23 JINMEI, Tatuya <[email protected]>
added a per-gif timer to refresh a (possibly) stale cached route
towards the tunnel end. Based on a comment from [email protected].
* kame/sys/net/if_gif.h: added a new member "rtcache_expire" to
introduce per-gif timer (see below).
* kame/sys/netinet/in6_gif.c (in6_gif_output):
* kame/sys/netinet/in_gif.c (in_gif_output):
purged the cached route after in[6]_gif_rtcachetime seconds.
2001-10-23 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_gif.c (in6_gif_output):
* kame/sys/netinet/in_gif.c (in_gif_output):
Corrected the loop prevention algorithm. The current one is not
effective, because it tries to detect the loop condition only
when generating a new route, and it does not remove the cached
route even when a loop is detected.
Luckily, the bug does not necessarily mean we'll see infinite
loop, since we have another mechanism for loop prevention in
gif_output().
2001-10-23 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c: NULL-clear m->m_pkthdr.rcvif
before calling ip6_mforward(). [KAME PR sys/387]
2001-10-23 JINMEI, Tatuya <[email protected]>
* kame/kame/v6test: removed the -c option introduced on
2001-09-16, just because we do not need the function.
Tue Oct 23 10:11:07 JST 2001 [email protected]
* kame/kame/racoon:
racoon gives up the negotiation when racoon cannot find any pre-shared
key in the case of the aggressive mode AND verify_identifier is set on.
Mon Oct 22 18:28:07 JST 2001 [email protected]
* kame/sys/netinet6/mip6_binding.c
- fix a bug of the updating routine of the BC entries
of CNs when the unregistering has finished.
Mon Oct 22 14:54:26 JST 2001 [email protected]
* nodeinfod: support IPv4 node addresses.
* sys/netinet6/icmp6.c: do not respond to IPv4 node addresses query,
with a bogus packet.
Sat Oct 20 03:09:33 JST 2001 [email protected]
* freebsd4/sys/netinet/udp_usrreq.c:
the data in the ip header should be restored when the extended udp
header and data checksum is calculated. this caused some trouble
in the code which the ip header is not modified. for example,
inbound policy lookup failed.
Fri Oct 19 16:57:58 2001 SUMIKAWA Munechika <[email protected]>
* freebsd4/ports/{ct,v6eval}: upgrade to 1.3.
Fri Oct 19 15:41:09 JST 2001 [email protected]
* sys/netinet6/nd6.c: repair binary backward compatibility breakage
for SIOCGPRLST_IN6 ioctl.
Fri Oct 19 09:54:19 JST 2001 [email protected]
* kame/sys/key.c:
the value of the prefixlen in the sadb_address structure is fixed.
when pfkey message relative to SA is sent, the prefixlen was incorrect.
reported by <[email protected]>.
Thu Oct 18 17:16:19 JST 2001 [email protected]
* kame/sys/netinet6/mip6*
- fix a bug that a HA sends wrong seq number when issuing a
'too small seqno' binding ack.
Thu Oct 18 14:25:36 JST 2001 [email protected]
* kame/sys/netinet6/ip6_output.c
do not touch any extention headers during the mip6 processing
if IPV6_FORWARDING is set.
2001-10-17 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_trans.c:
- Fix a bug to miscalculate when compute a checksum in IPv4 ->
IPv4 translation.
- Remove natpt_recalculateTCP4Checksum() and related include
file. This function became useless by modification mentioned above.
Wed Oct 17 00:03:54 JST 2001 [email protected]
* kame/kame/racoon:
fixed the internal value of the wild card of the upper layer protocol.
the value of the wile card is differnt between the kernel and IKE
protocol. reported by <[email protected]>.
Tue Oct 16 23:56:34 JST 2001 [email protected]
* kame/kame/racoon:
to compare the policy between own policy and peer's policy in the
responder side, it should be loose. for example, the initiator
proposes "any", and the responder requires "tcp", this case is
admitted. also, the initiator proposes "tcp", and the responder
accepts "any", this case is admitted too. however this behavior
should be considered.
Tue Oct 16 19:22:52 JST 2001 [email protected]
* kame/sys/netinet6/mip6_binding.c
fix the bug of the validation routine of an incoming tunneled
packet from a homeagent to a mobile node.
Tue Oct 16 16:09:22 JST 2001 [email protected]
* bsdi4/sys/netinet/ip_icmp.c:
do not panic even if last arg to icmp_error() is NULL.
this situation can happen when ICMPv4 too big is generated.
from markus@openbsd. bsdi4 only.
Mon Oct 15 21:25:29 JST 2001 [email protected]
* icmp6.c
swap the ip6_src and the address in the homeaddress destopt
(if exists) in icmp6_error() routine.
2001-10-15 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{defs.h,trans.c}
- Fix a bug to miscalculate when compute a checksum in
IPv6 -> IPv4 translation.
Thu Oct 11 21:57:50 JST 2001 [email protected]
mip6
* fix BU list management function.
* introduce MIP6_ALLOW_COA_FALLBACK kernel option.
this allows you to use a coa as a src address if the peer
doesn't recognize a home address destination option.
may arouse a mip6 believe's anger, but very useful.
Wed Oct 10 17:38:05 JST 2001 [email protected]
* kame/kame/racoon:
Fixed racoon crash when uni-directional policy is defined.
racoon negoticate two SAs even in the case of the uni-directional
policy.
Wed Oct 10 04:52:54 JST 2001 [email protected]
* bsdi4: use PULLDOWN_TEST (m_pulldown) codepath. improves conformance
when ipv6 extension headers are present.
Wed Oct 10 10:27:24 JST 2001 [email protected]
* netbsd/sys/netinet/raw_ip.c: fix a typo which could lead to kernel
panic when ICMPv4 is returned against raw ip socket.
reported by kato@wide
2001-10-10 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd/rtadvd.c (find_prefix, prefix_match): corrected
prefix calculation:
- avoid invalid pointer access when bytelen is a multiple of 8
- avoid using the right shift operator to make the code look safer
2001-10-09 JINMEI, Tatuya <[email protected]>
* kame/kame/rtadvd/config.c (getconfig): made configuration parser
compatible with FreeBSD 4.4-RELEASE, in terms of the route
information option:
- allowed rtrXXX instead of rtXXX.
- made route lifetime optional.
In any case, some warning messages are printed as well, so that the
user can notice the change and fix the configuration.
Tue Oct 9 08:43:04 JST 2001 [email protected]
* kame/kame/racoon/schedule.c:
the entry of the schedule is marked with dead before the function in
the entry will be called. some schedules, check_rtsock(),
check_flushsa_stub, woulbe be remained in the scheduler even after they
were excuted. sched_scrub_param() is unnecessary probably anymore.
2001-10-04 JINMEI, Tatuya <[email protected]>
* bsdi4/contrib/bind/src/lib/irs/dns_ho.c (add_hostent):
calculated alignment correctly. Without this fix, gethostbyname()
would not work correctly when the function handles more than one
address.
This is a back merge of a fix from bsdi to BSD/OS 4.3 (beta).
2001-10-02 [email protected]
* freebsd4/lib/libinet6/Makefile
- "options insecure1" is available on FreeBSD4-KAME, too.
(you have to rebuild applications to enjoy this feature)
2001-10-01 Shin'ichi Fujisawa <[email protected]>
* kame/kame/{natptconfig,natptlog}:
- Add contents of manual page.
- Separate contents of configuration file as natpt.conf.5.
<200109>
2001-09-26 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_ifattach.c (in6_ifattach): calls
nd6_ifattach() before creating addresses. This is necessary
because an MLD packet may be sent during the creation procedure,
in which a valid nd_ifinfo entry can be referred to.
Wed Sep 26 14:30:46 JST 2001 [email protected]
* kame/kame/racoon:
new directive "verify_identifier" has been added. it can be strict
to check the identifier in the ID payload transmitted by the peer.
the default is off.
Wed Sep 26 00:01:08 JST 2001 [email protected]
* kame/sys/netkey/key.c:
* kame/kame/setkey:
the syntax how to define a policy of a ICMPv6 type and/or a code
has been changed. the previous modification at Fri Sep 21 broke
a backward compatibility, and had no sense. when the policy doesn't
require IPsec for an inbound Neighbor Solicitation with any source
/destination address, the specification is the following;
spdadd ::/0 ::/0 icmp6 135,0 -P out none;
2001-09-25 JINMEI, Tatuya <[email protected]>
* kame/kame/addrselect/: a tool to configure the policy table (see
below). This program is also an experimental stuff.
2001-09-25 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_src.c: implemented the policy table for
source address selection, according to
draft-ietf-ipngwg-default-addr-select-05.
The policy table can be configured via the sysctl(3) interface
(except for FreeBSD, at this moment). This implementation is
still experimental, and might be changed in the near future.
2001-09-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.c (fill_[dp]rlist): added as shared
subroutines for nd6_sysctl_[dp]rlist (for FreeBSD) and nd6_sysctl
(for other *BSDs), in order to centralize the complicated logic.
2001-09-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (defrouter_select): removed the
default route if there was neither a default router nor the
default interface.
2001-09-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/in6_src.c (in6_selectroute): made sure to fill
in retifp and retrt, regardless of the return value. Without this
change, the kernel could panic, since ip6_output() refers to the
returned ifp even in error cases.
All versions of the kernel after the 20010730 snap should be
upgraded to fix this problem.
2001-09-21 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/(various files): fixed integer overflow for
valid and preferred lifetimes;
- introduced new members in nd_prefix{} and in6_ifaddr{} to record
the timestamp of the latest update
- check expiration based on the difference between the current
time and the timestamp, not on the explicit expiration times
Fri Sep 21 14:19:02 JST 2001 [email protected]
* kame/sys/netinet6/ipsec.c:
When the value of the upper layer of the security policy index (spidx)
structure is ICMPv6, the port field in "src" of the spidx means ICMPv6
type, and the port field in "dst" of the spidx specifies ICMPv6 code.
For example, the following means the policy doesn't require IPsec for
an inbound Neighbor Solicitation.
spdadd ::/0[135] ::/0 icmp6 -P in none;
2001-09-20 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6_rtr.c (prelist_update): corrected the
definition of "storedlifetime" (used in the two-hour rule) for an
address that has an infinite lifetime. Without this special
case, the lifetime of such an address would unintentionally be
decreased.
2001-09-19 JINMEI, Tatuya <[email protected]>
* kame/kame/v6test/: added some tiny improvements/corrections:
- added missing NTOHS
- corrected checksum calculation for packets with routing headers
- made the checksum calculation routine against invalid packets
The fist two were based on comments from Yutaka Shimizu
2001-09-19 Shin'ichi Fujisawa <[email protected]>
* freebsd4/sys/netinet/udp_usrreq.c:
- Remove 'static' attribute from variable "udpcksum".
* kame/kame/sys/netinet6/natpt_trans.c:
- Examine net.inet.udp.checksum when making UDP packet.
* kame/sys/netinet6/natpt_{defs.h,{dispatch,trans,tslot}.c}:
- traceroute6 works. I forgot to review it.
Wed Sep 19 19:06:06 JST 2001 [email protected]
* sys/netinet6/ip6_{in,out}put.c: make IPV6_TCLASS socket option to
take int, not u_int8_t. follows the latest 2292bis draft.
(backward binary compatibility is provided for bsdi43)
Thu Sep 20 01:00:08 JST 2001 [email protected]
* kame/kame/rtsold:
improved the -a option. it can probe a interface automatically when
the interface wake up. it can be started anytime even when there is no
network interface on the list of intarfaces in the kernel.
2001-09-18 JINMEI, Tatuya <[email protected]>
* kame/kame/libinet6/resolv/res_send.c (res_send):
* bsdi4/contrib/bind/src/lib/resolv/res_send.c (res_nsend):
if a UDP response from a "wrong" server is truncated (and if we
allow to accept such responses), fall back to TCP with the "wrong"
address, in order to avoid connecting to an anycast address.
2001-09-16 [email protected]
* kame/kame/v6test/testcap.[ch](tgetnum), getconfig.c: fixed a
bug that you sometimes cannot specify a value if its MSB is on.
* kame/kame/v6test/cksum.c(cksum6), v6test.c(main), v6test.1:
added an option not to generate checksum automatically.
2001-09-15 JINMEI, Tatuya <[email protected]>
* kame/kame/v6test/getconfig.c (make_rthdr): fixed routing header
generation.
2001-09-13 JINMEI, Tatuya <[email protected]>
* bsdi4/usr.bin/telnet/commands.c (tn): made it sure to terminate
the loop of connection attempt correctly, based on a comment from
2001-09-13 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/nd6.c (nd6_timer): before calling
icmp6_error(), embedded scope zone ID (if necessary) for the
erroneous packet.
Thu Sep 13 08:15:21 JST 2001 [email protected]
* kame/sys/netkey/key.c:
newer SA is prefered for a out-bound packet than old one
when net.key.prefered_oldsa is set to zero.
Thu Sep 13 08:12:46 JST 2001 [email protected]
* kame/sys/netinet6/ipsec.c:
fixed to process a IPv6 packet when ah transport after esp tunnel
should be applied. the SA of AH transport could not be selected
from the SAD because of this bug.
Wed Sep 12 16:19:42 JST 2001 [email protected]
* kame/racoon/proposal.c:
fixed to compare pfs values in two proposals in the case of
"claim" mode. reported by <[email protected]>
2001-09-13 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/scope6.c (in6_addr2zoneid): changed the return
value type from u_int32_t to int64_t, so that the caller can tell
an error from valid "4+28" ID values. All the callers of this
function were also modified accordingly, with stricter validation
checks.
2001-09-03 Shin'ichi Fujisawa <[email protected]>
* kame/sys/netinet6/natpt_{rule.h,trans.c,var.h}:
- Support tftp translation. Tftp6 client can connect to tftp4
server.
2001-09-10 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/udp6_output.c (udp6_output): (bsdi4 and
netbsd) when sending IPv4 packets represented as IPv4-mapped IPv6
address, passed socket option to ip_output() so that the function
would handle broadcasted packet correctly. For bsdi4, also merged
all-ones broadcast cases from udp_usrreq.c.
2001-09-07 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions): checked if
each cmsghdr pointer had enough size to store the structure.
This could be a security fix, but I think the current code is
practically safe enough. That is, we do not have to be in a harry
to merge this fix to *BSDs.
2001-09-06 JINMEI, Tatuya <[email protected]>
* *bsd/sys/sys/socket.h (CMSG_FIRSTHDR): checked msg_controllen
in CMSG_FIRSTHDR as described in RFC2292, particularly in case
that the kernel returns an empty list for some reasons.
(based on a note from David Borman <[email protected]>)
2001-09-05 JINMEI, Tatuya <[email protected]>
* bsdi4/contrib/bind/src/lib/resolv/res_send.c (res_nsend):
* kame/kame/libinet6/resolv/res_send.c (res_send):
when "insecure1" is specified, do not connect datagram sockets,
so that the kernel can accept responses from an "unknown" server.
2001-09-05 JINMEI, Tatuya <[email protected]>
* kame/sys/netinet6/ip6_input.c (ip6_sysctl): (bsdi4 only) made
net.inet[6].ip6.v6only modifiable.