forked from kame/kame
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG.1998
2741 lines (2197 loc) · 105 KB
/
CHANGELOG.1998
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CHANGELOG for KAME kit, 1998
$KAME: CHANGELOG.1998,v 1.4 2001/07/21 06:06:13 itojun Exp $
<199812>
Thu Dec 31 20:56:12 JST 1998 [email protected]
* kit/ports/ucd-snmp: upgrade base version to ucd-snmp 3.5.3.
Thu Dec 31 03:37:03 1998 Yoshinobu Inoue <[email protected]>
* kit/ports/socks64:
made compilable on KAME FreeBSD 3.0.
(Include if_var.h. Should be removed in the future,
also with removal of in6_var.h)
Wed Dec 30 22:28:58 1998 Yoshinobu Inoue <[email protected]>
* kit/src
Made then compilable on KAME FreeBSD 3.0.
Especially many ifdef's are added to route6d/ifmcstat.c.
Tue Dec 29 18:07:52 1998 Yoshinobu Inoue <[email protected]>
* sys/net,netinet,netinet6
sync with FreeBSD3.0 as much as possible.(mainly netinet6)
Fri Dec 25 22:06:04 1998 Yoshinobu Inoue <[email protected]>
* sys/netinet6/nd6_rtr.c: Added consideration of ndpr_rrf_decrvalid
and ndpr_rrf_decrprefd for address lifetime initialization.
Without this, prefixes allocated by prefix command will be
IN6_IFF_DEPRECATED after some period of time.
Fri Dec 25 17:02:08 JST 1998 [email protected]
* kit/ports/bind8 (FreeBSD): IPv6-ready bind8. named will accept
queries to IPv6 UDP/TCP port 53, dig/nslookup/whatever are able to
make queries toward IPv6 UDP/TCP port 53, and so forth.
1998-12-24 JINMEI, Tatuya <[email protected]>
* in6_proto.c,ip6_input.c,ip6_var.h: removed none_input().
Now a packet whose protocol is IPPROTO_NONE can safely be passed
to the userland.
netinet/in_proto.c was also modified.
Thu Dec 24 19:40:27 1998 Yoshinobu Inoue <[email protected]>
* kit/src/libinet6/resolv/res_debug.c
add ifdef of T_UINFO, T_UID, T_GID, to make it compilable on
FreeBSD 3.0.
1998-12-24 JINMEI, Tatuya <[email protected]>
* probe.c (probe_init): call shutdown() after opening the probe socket
to make the socket `send-only'.
Thu Dec 24 11:46:38 JST 1998 [email protected]
* sys/netinet6/raw_ip6.c: setsockopt(IPV6_CHECSUM) sometimes caused
SEGV due to a bug in mbuf boundary checks. It is now fixed.
Thu Dec 24 03:11:19 JST 1998 [email protected]
* kit/ports/apache13: updated to use new patch.
(fixed args for freeaddrinfo())
Reported by:
Florent Parent <[email protected]>
Andreas Wrede <[email protected]>
Tue Dec 22 20:10:40 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/tcp.c: Before terminating a relay process,
shutdown s_snd. This make opposite-direction relay process
to terminate also.
1998-12-22 JINMEI, Tatuya <[email protected]>
* mld6.c (mld6_input): Fixed a problem that zero divide occurs
when receiving a MLD query with Maximum Response Delay smaller
than 200(including zero).
Thanks to Niels Baggesen <[email protected]> for reporting the
problem and sending a patch.
1998-12-22 JINMEI, Tatuya <[email protected]>
* ip6_output.c (ip6_setmoptions): For link-local multicast
detection, use IN6_IS_ADDR_MC_LINKLOCAL instead of
IPV6_ADDR_INT16_MLL.
Thanks to: Tetsuya Isaki <[email protected]>
1998-12-22 Atsushi Onoe <[email protected]>
* kit/src/libinet6/rcmd.c: fix declaration of iruserok() for
NetBSD.
Sat Dec 19 14:02:44 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/faithd.c, tcp.c
do closelog() and (re)openlog() for child after fork.
check EINTR for select() and read().
Fri Dec 18 12:25:49 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/tcp.c: BUG fix:
fixed select fds settting. add check of send result and retry.
clean-up'ed select routine.
(Thanks for jinmei-san for code review and comment, also thanks for
onoe-san for many background informations)
Thu Dec 17 00:26:18 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/tcp.c: BUG fix; use global integer rcvon and
writeon, to control the set/unset of readfds for s_rcv and
writefds for s_snd in select();
Wed Dec 16 13:30:46 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/faithd.c: BUG fix; give syslog() correct buffer
pointer. This fix the strange syslog() output problem on child
exit.
Wed Dec 16 12:48:53 1998 Yoshinobu Inoue <[email protected]>
* kit/src/faithd/tcp.c
Fork in tcp_relay() for going relay traffic and coming relay traffic.
And in those each process, do non-blocking write() so that OOB data
can be forwarded preferrably.
1998-12-15 Atsushi Onoe <[email protected]>
* kit/src/libinet6/rcmd.c, rresvport_af.c: add compatible wrapper
functions to avoid conflict of symbols.
1998-12-14 Atsushi Onoe <[email protected]>
* kit/usr.bin/telnet/commands.c: support source route for IPv4
and IPv6 (@gw1@gw2@dest).
1998-12-11 JINMEI, Tatuya <[email protected]>
* bgp.c (connect_process): modified some code fragments not to
call fatal even if {set,get}sockopt is failed. This is necessary
to interoperate with some(e.g. Cisco) implementations when the
peer is not listening to the BGP port.
1998-12-10 SUMIKAWA Munechika <[email protected]>
* syncronized netinet6/* codes of three OSs as much as possible
Thu Dec 10 04:14:59 JST 1998 [email protected]
* sys/neitnet/
* sys/neitnet6/
changed IPPROTO_NONE as return value to IPPROTO_DONE.
and use IPPROTO_NONE only for protocl type value.
also, this fixes mbuf leak bug when received a packet with
IPPROTO_NONE.
1998-12-10 JINMEI, Tatuya <[email protected]>
* src/bgpd: supported `next hop self' when sending a BGP4+ UPDATE
message to an IBGP peer.
1998-12-10 JINMEI, Tatuya <[email protected]>
* src/bgpd/parse.c: changed restriction of using the `preference'
keyword for an EBGP peer only.
Sat Dec 5 04:53:05 JST 1998 [email protected]
* kit/src/racoon:
Soft lifetime is set to 80% of hard lifetime.
This rate can be defined which you like by calling
pfkey_lifetime_rate().
Fri Dec 4 02:26:13 JST 1998 [email protected]
* kit/src/racoon:
It's fixed to handle session for PF_KEY.
It's enable to display the entries on the negotiation of phase 2.
About address semantics for varius case is commented into isakmp.h.
Wed Dec 2 23:44:00 JST 1998 [email protected]
* sys/netinet6: (NetBSD) fixed odd behavior in ND6. Now ND6 works
properly as expected.
Wed Dec 2 13:17:21 JST 1998 [email protected]
* sys/netkey/key.c:
Fixed to hung up the kernel when running two of racoon.
<199811>
Sat Nov 28 00:54:28 JST 1998 [email protected]
* kit/src/route6d: route tag support. route6d can advertise route tag
by "-t 0x1234". rip6query will show the advertised route tag,
if non-zero value is advertised.
Fri Nov 27 JST 1998 [email protected]
* kit/lib/libutil: (FreeBSD) logwtmp() which takes care of IPv6 address
that does not fit UT_HOSTSIZE. (not really tested)
This was intended to replace original shared library by new libutil
to override logwtmp() used by /usr/bin/login. However,
/usr/bin/login records username/hostname by itself. Therefore,
the attempt was failed.
Fri Nov 27 01:54:10 JST 1998 [email protected]
* kit/lib/libskey: (FreeBSD) S/Key library capable of handling
IPv6 hostnames listed in /etc/skey.access.
You can override standard /usr/lib/libskey.so.2.0 by doing
"ldconfig -m /usr/local/v6/lib". By doing so /usr/bin/login
will be able to handle IPv6 hostnames without re-compilation.
To test this add the followin entry to /etc/skey.access and try
a telnet session to ::1.
permit internet ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
"prefixlen" syntax is added.
permit internet ::1/128
Thu Nov 26 10:15:35 JST 1998 [email protected]
- (FreeBSD) support IPv6 firewall
- kit/sbin/ip6fw: controll utility
Wed Nov 25 18:36:46 JST 1998 [email protected]
* kit/libexec/telnetd: perform setsockopt(IP_TOS) only if the perr
is IPv4 host.
Tue Nov 24 18:53:38 JST 1998 [email protected]
* kit/src/racoon:
A new Diffie-Hellman group as number 5 was supported.
Sat Nov 21 06:15:30 JST 1998 [email protected]
* sys/netinet6/icmp6.c: ICMP6 redirect processing was wrong.
routing table update event was not properly propagated toward
upper-layers.
Sat Nov 21 03:55:17 JST 1998 [email protected]
* KAME IPv6 on NetBSD-pmax is now confirmed to work.
From: Feico Dillema <[email protected]>
Date: Fri, 20 Nov 1998 16:53:41 +0100
Subject: (KAME-snap 210) Status Report KAME and NetBSD-1.3.2-pmax
Fri Nov 20 17:00:35 JST 1998 [email protected]
* sys/netinet6/nd6_rtr.c: Update prefix information option processing.
(experimental, FreeBSD/BSDI only)
Add more comments to RA processing code.
Separate prefix lifetime and address lifetime. Address lifetime
will be kept in struct in6_ifaddr. Implement "2 hour" rule for
address lifetime, which prevents DoS attack (hopefully).
TODO: on-link determination must be updated.
* kit/sbin/ifconfig: Add code to print out address lifetime.
It looks too noisy and commented out by default.
Thu Nov 19 23:28:43 JST 1998 [email protected]
* kit/etc/rc.net6: don't assign prefix if $prefix is null
Thu Nov 19 19:03:53 JST 1998 [email protected]
* sys/netinet6/nd6.h: removed reserved field of
the bit field, ndpr_stateflags, to also remove the necessity of
changing the size of reserved field at new bit member addition.
Wed Nov 18 20:48:07 JST 1998 [email protected]
- Header chain chasing support for tcpdump.
To use this, user must specify "ip protochain x" or
"ip6 protochain x".
Since BPF code for header chasing cannot be optimized and is a bit
slow, this is separate from "ip proto x".
For example, "ip6 protochain 6" should capture any IPv6 packet
with TCP header (TCP with AH, or TCP with hop-by-hop option,
can be captured).
Wed Nov 18 10:05:42 JST 1998 [email protected]
* kit/ports/lynx: fix security hole in "rlogin://" URL.
(obtained from bugtraq mailing list)
From: Artur Grabowski ([email protected])
Date: Tue, 17 Nov 1998 17:06:00 +0100
http://www.geek-girl.com/bugtraq/1998_4/0489.html
Wed Nov 18 04:00:32 JST 1998 [email protected]
* kit/src/rtsol/rtsol.c
make compilable on FreeBSD 3.0
1998-11-17 JINMEI, Tatuya <[email protected]>
* src/pim6dd: added to support PIMv6 dense mode.
Pim6dd was based on pimdd developed at the University of Oregon.
Tue Nov 17 16:08:45 JST 1998 [email protected]
* kit/src/gifconfig/gifconfig.8
manual update for gif multi dest extensions contributed from
also descriptions about IPv6 support and enable switch of this
extension by link0 flag on/off is also added.
Tue Nov 17 14:57:51 JST 1998 [email protected]
* sys/net/if.c,if.h,if_gif.c,route.c,route.h,rtsock.c
* sys/netinet/in_gif.c,in_gif.h
* sys/neitnet6/in6_gif.c,in6_gif.h
* kit/sbin/route/route.8,route.c
merged gif multi dest extensions contributed from [email protected].
IPv6 support and enable switch of this extension by link0 flag on/off
is also added.
Tue Nov 17 01:51:12 JST 1998 [email protected]
* kit/src/gifconfig.c:
support of printing physical IPv6 address value
Mon Nov 16 22:14:50 JST 1998 [email protected]
* sys/net/if_gif.c: Bug Fix
added SIOC{S,G}IF{PHY,PSRC,PDST}*_IN6 ioctls to enable gif
tunneling over IPv6.
Mon Nov 16 17:57:26 JST 1998 [email protected]
* kit/src/libinet6/rcmd.c: Update ahost (1st argument)
only if canonical hostname is available. This is to preserve
the original behavior.
Sat Nov 14 18:25:06 JST 1998 [email protected]
* kit/usr.bin/telnet/commands.c (FreeBSD/NetBSD): preserve original
behavior.
- if the hostname to connect to is numeric, perform canonical name
lookup (look for PTR record, i.e. gethostbyaddr).
- if the hostname is non-numeric, do not perform canonical name
lookup.
* kit/usr.bin/telnet/commands.c (BSDI): preserve original behavior.
- never perform canonical name lookup.
Fri Nov 13 01:36:57 JST 1998 [email protected]
* sys/crypto/sha1.c: fixed SHA-1 computation bug when the data source
is sized multiple of 64bytes. Thanks goes to Chris Winters
<[email protected]> for detailed bug report!
Thu Nov 12 20:14:19 JST 1998 [email protected]
* sys/netinet6/in6.c: avoid hardcoding prefixlen == 64bit in
SIOC[ADG]LIFADDR processing.
bitwidth of interface id is always 64bit (defined in RFC2373),
but prefixlen may NOT be 64bit. RFC2373 allows non-RFC2374 address
encoding scheme. (see figure on page 8)
Thu Nov 12 19:53:34 JST 1998 [email protected]
* kit/src/rrenumd/rrenumd.c
"AE" options added for rrenumd authentication and
encryption.
Thu Nov 12 16:13:53 JST 1998 [email protected]
* kit/src/{libpcap,tcpdump}: support IPv6 address in pcap expression.
tcpdump host ::1
tcpdump net 3ffe:0501::/32
TODO: libpcap now requires getaddrinfo() if --enable-ipv6 is specified.
configure should check the existence and use alternatives
(missing/getaddrinfo.c?) if none found.
TODO: "gateway" syntax is not working in --enable-ipv6 setting.
Wed Nov 12 11:43:54 JST 1998 [email protected]
* sys/net/if_dummy.c: correct if_type to IFT_DUMMY
Wed Nov 11 18:16:56 JST 1998 [email protected]
* sys/netinet/in.c: implement SIOC[ADG]LIFADDR.
Wed Nov 11 14:16:00 JST 1998 [email protected]
* kit/libexec/ftpd(FreeBSD): perform ioctl(IP_TOS) and
setsockopt(TCP_NOPUSH) to be performed only in IPv4 ftp connection.
login.cap is now supported (but never tested).
logwtmp() is fixed to log IPv6 numeric hostname as much as possible.
I dunno if it is right or not.
(previously logged as "invalid hostname")
Wed Nov 11 13:56:59 JST 1998 [email protected]
* kit/src/rtsol: use SIOC[ADG]LIFADDR when possible. this is mainly
for test purposes, but looks nice.
Wed Nov 11 12:02:10 JST 1998 [email protected]
* sys/netinet6/in6.c: support SIOC[ADG]LIFADDR for IPv6 address.
see ipngwg mailing list #6621 (October 10). IPv6 address support
will be added when IPv6 version is confirmed to be working right.
Tue Nov 10 16:23:50 JST 1998 [email protected]
* sys/netinet/ip_output.c: (FreeBSD) prevent ipfw code from SEGV.
NOTE: we are still wondering whether ipfw code works right with
KAME or not. Your inputs and bug reports would be really helpful.
Tue Nov 10 16:10:26 JST 1998 [email protected]
* kit/ports/ssh: update IPv6 patch to 1.4.
Tue Nov 10 12:31:53 JST 1998 [email protected]
* kit/src/racoon: eliminate u_int{8,16,32}. use u_int{8,16,32}_t for
better portability.
* kit/src/racoon: support lifetime type "kb". NOTE: no kernel support
for expiration yet.
Tue Nov 10 00:21:04 JST 1998 [email protected]
* sys/netinet6: accumulate bytes transferred over SA, so that we can
define lifetime by bytes (sadb_lifetime_bytes) in the future.
* kit/src/setkey: display bytes transferred over SA.
Mon Nov 9 15:51:28 JST 1998 [email protected]
* sys/netkey/key.c: pass FQDN and USERFQDN identity extension
on ACQUIRE message. we need to check if it is allowed to pass
multiple identity extension to userland (racoon dislikes this).
Mon Nov 9 15:10:16 JST 1998 [email protected]
* kit/src/setkey: changed the meaning of -h flag.
was: print usage and exit, now: display hexadecimal dump on -x.
Sat Nov 7 00:29:19 JST 1998 [email protected]
* kit/src/rrenumd/Makefile, lexer.l, rrenumd.8, rrenumd.conf.5
man update, and fixed lexer file to support comment in conf file.
1998-11-06 JINMEI, Tatuya <[email protected]>
* src/bgpd/bgp_input.c (bgp_read): fixed a problem that bgpd
stopped when an ETIMEDOUT error occurred on a BGP socket.
Fri Nov 6 16:27:07 JST 1998 [email protected]
* sys/crypto/cast128/cast128.c: speed up by replacing core functions
by macros.
Message-Id: <[email protected]>
Date: Sat, 31 Oct 1998 02:06:40 +0900
From: Tomomi Suzuki <[email protected]>
Fri Nov 6 14:00:30 JST 1998 [email protected]
* sys/netinet6: ND6 cleanups.
- remove old lladdr caching code. utilize nd6_cache_lladdr.
- if we got RS/RA/NS/redir packet without lladdr, make an neighbor
cache entry with NOSTATE state (= considered PASSIVE).
- checked relationship between neighbor cache and defrouter list. it
seems fine (there will be no defrouter list without neighbor cache).
Thu Nov 5 JST 1998 [email protected]
* kit/src/route6d: ripng fix: update route lifetime only if the
advertisement is from same gw, with same metric. (see p13 of RFC2080)
Thanks to: [email protected]
Thu Nov 5 21:14:01 JST 1998 [email protected]
* kit/src/libinet6/resolv/res_debug.c
Made this really compilable on FreeBSD 3.0.
Thu Nov 5 20:33:02 JST 1998 [email protected]
* kit/src/libinet6/ifname.c
* kit/src/libinet6/resolv/res_debug.c
* kit/src/ndp/ndp.c
* kit/src/prefix/prefix.c
Made compilable on FreeBSD 3.0.
Now prefix assignment seems to be successful.
Thu Nov 5 04:26:55 JST 1998 [email protected]
* sys/netinet6/in6_prefix.c
BUG FIX: fixed matched prefix length validity check to comply
with spec.
Thu Nov 5 02:59:55 JST 1998 [email protected]
* kit/src/Makefile
added rrenumd to SUBDIR.
Thu Nov 5 02:45:59 JST 1998 [email protected]
* kit/src/rrenumd/rrenumd.c, parser.y, lexer.l, Makefile, rrenumd.8
fixed bugs and now it seems to be sending valid rrenum msgs.
* kit/src/rtadvd/rrenum.c,rtadv.c
fixed bugs and now seems to be successfully renumbering when
received rrenum msgs from rrenumd.
* kit/src/prefix/prefix.c
changed default value of use_prefix length.
Wed Nov 4 23:41:05 JST 1998 [email protected]
* sys/netinet6/esp*: cleanup ESP pad length processing.
base spec requires 4n, cbc algorithms require 8n.
* sys/netinet6/ah_core.c: make sure to skip ifindex portion
in ip6 src/dst address.
Wed Nov 4 JST 1998 [email protected]
* kit/src/racoon: fix IPv6 ID payload.
* sys/netkey/key.c: changed internal structure for SA management.
SA will be held into per-state linked list, not per-protocol
linked list.
Wed Nov 4 00:29:02 JST 1998 [email protected]
* kit/src/tcpdump: try checking buggy implementation of CAST128.
SSLeay 0.9.0b has a bug in encryption round # on short keys -
rounds should be 12 for key <= 80bits.
Tue Nov 3 19:58:13 JST 1998 [email protected]
* sys/crypto/blowfish: fixed cbc mode processing. now it should be
interoperable with other implementations (need testing).
Mon Nov 2 01:02:30 JST 1998 [email protected]
* kit/ports/gated-ipv6: pathname of original distribution changed.
<199810>
Mon Oct 31 JST 1998 [email protected]
* kit/src/racoon: AH algorithm must be determined by hash algorithm
type attribute, not the transform type.
* kit/src/racoon: sanity checker for config file improved.
* sys/netinet6/esp_output.c: fixed a serious bug in ESP tunnel output,
which mistakes policy determination and send packets in clear (simple
tunnel, not ESP tunnel) in some configuration.
* kit/src/tcpdump: ID payload now printed properly.
* kit/src/racoon: parser improvements. makefile improvements.
link print-isakmp.c from tcpdump so that packets can be monitored
after decryption, in debug mode.
Fri Oct 30 21:52:50 JST 1998 [email protected]
* sys/netinet6, kit/usr.bin/netstat: gather more stats on
IPsec operations.
Thu Oct 29 JST 1998 [email protected]
* kit/src/racoon: ignore notification payload on phase 1 negotiation
(responder-lifetime). this is necessary for interop with RedCreek
when responder-lifetime does not match.
* kit/src/racoon: compute long cipher key for phase 1 properly
(for example 3DES)
* kit/src/racoon: phase 2 quick mode: attach fake ID payload for
debugging (configurable)
* kit/src/racoon: ignore commit bit (we don't support this yet)
* kit/src/racoon: bug fix in DELETE payload processing.
TODO: handle it more properly, (i.e. remove SA if possible)
* kit/src/racoon: send and check Vendor ID. (does nothing tricky
at this moment)
* kit/src/racoon: phase 2 AH proposal must include authentication
method attribute. reject non-conforming proposal on config file,
and on the packet from the peer.
* kit/src/racoon: filter out phase 2 proposal that does not match
the SA type requested from the kernel. For example, AH proposals
will be filtered out when ESP SA is requested.
* kit/src/racoon: improve parser code.
Wed Oct 28 JST 1998 [email protected]
* kit/src/racoon: SA payload fixes. (1) SAi_b must be the whole
SA payload sent from the initiator. (2) responder must send the
selected proposal only, not the whole payload.
* kit/src/racoon: phase 2 PFS fix. config file format has changed.
one must specify PFS DH group in phase 2 configuration, not per-
transform configuration.
* kit/src/racoon: ESP with authentication is now supported.
generate longer KEYMAT for this.
* kit/src/racoon: improve warnings on ATTR payload format.
* kit/src/racoon: bark if there's no "remote anonymous" section.
* kit/src/tcpdump: isakmp and ipsec improvements.
Wed Oct 28 13:54:48 JST 1998 [email protected]
* kit/src/racoon: better PFS (Perfect Forward Secrecy) support.
RFC keyed MD5 support. ignore Vendor ID payload (we may check
content of Vendor ID payload in the future).
Tue Oct 27 23:28:45 GMT 1998 [email protected]
* kit/src/racoon:
In phase 1, using real address as ID payload,
if ID was not specified in config file.
Tue Oct 27 22:37:30 GMT 1998 [email protected]
* kit/src/racoon:
Applied t_id except hash_t when decision AH algorithm.
Wed Oct 28 07:05:57 JST 1998 [email protected]
* kit/src/setkey: support keyed SHA1.
* sys/netkey: add more information about supported algorithms into
SADB_REGISTER message.
* sys/netinet6: cleanup AH/ESP algorithm table. add key length
information into the table.
Tue Oct 27 22:06:26 GMT 1998 [email protected]
* kit/src/racoon:
Added Some comment about checking payload.
Implemented new SA payload parser.
Removed enc_t in ipsec_sa structure.
Supported to handle key length per algorithm.
Mon Oct 26 11:34:13 JST 1998 [email protected]
* sys/netinet6: IPv4 options processing. not tested.
I believe that it will not work if there's source route option,
since ip_dooptions() rewrites the ip header.
Sun Oct 25 15:21:37 JST 1998 [email protected]
* kit/src/rtsol: avoid kvm_read(). use ioctl() instead, to grab
interface information.
Sun Oct 25 JST 1998 [email protected]
* sys/netinet6: add more sanity checks in esp{4,6}_input() and
ah{4,6}_input(), to avoid panic in heavy ipsec sessions.
Sat Oct 24 03:02:43 JST 1998 [email protected]
Added parser to rrenumd. But not seems to be working yet.
Also man is not up to date.
Thu Oct 22 04:05:15 JST 1998 [email protected]
* sys/netkey, kit/src/racoon:
Fixed the behavior about ACQUIRE, GETSPI, UPDATE and ADD.
There were some mistakes. Changed that kernel doesn't make a entry
for acquiring when SADB_ACQUIRE.
Wed Oct 21 22:57:25 JST 1998 [email protected]
* made rfc AH work again.
* fix ipsec{4,6}_hdrsiz() (bug caused SEGV on AH tunnel case)
* wrap IF_ENQUEUE() by splimp()
Wed Oct 21 19:44:45 JST 1998 [email protected]
* midway.c(en ATM driver on FreeBSD/BSDI): fix transmit buffer
management. in specific condition driver stops xmit'ing.
Wed Oct 21 15:52:23 JST 1998 [email protected]
* kit/src/racoon:
Begin to handle Information Exchange. need more coding.
1998-10-21 JINMEI, Tatuya <[email protected]>
* if_gif.c (gif_input): put incoming packets to a network layer
queue instead of directly calling an input function to prevent
too many recursive function calls.
Wed Oct 21 13:16:39 JST 1998 [email protected]
* kit/ports/gated-ipv6: port for famous routing daemon, GateDaemon IPv6.
Wed Oct 21 12:11:38 JST 1998 [email protected]
* kit/src/racoon:
changed the way to compute KEYMAT.
changed the handling SPI and KEYMAT in pfkey_update() and pfkey_add().
NOTE: When SA expire, racoon will be strange behavior. To be fixed.
Wed Oct 21 01:19:41 JST 1998 [email protected]
* sys/netinet6: Update AH tunnel authenticity checking code.
Consider outer IP header authentic (if it gets authenticated),
and assume nothing (no authenticity) to inner IP header.
* sys/netinet6: more IPsec statistics.
Tue Oct 20 16:47:00 JST 1998
* sys/netinet{,6}: make AH tunnel mode working for IPv4.
* sys/netinet6: more statistics for AH.
* sys/netinet6: better sanity checks for IPv4 AH/ESP tunnel.
Tue Oct 20 13:54:27 JST 1998 [email protected]
* sys/netinet6: make des-derived work. need interop tests.
Mon Oct 19 19:48:25 JST 1998 [email protected]
* remove unused code/defines in ipsec.
* log() fixes.
* mark des-derived not working by rejecting it in esp_descbc_mature().
(iv management is not right)
1998-10-19 JINMEI, Tatuya <[email protected]>
* netstat/inet6.c (pim6_stats): added to print PIM for IPv6 statistics.
Mon Oct 19 17:39:48 JST 1998
* sys/netkey/key.c: variable "sab" was defined twice in key_checksab()
and it made all packets to be sent in clear. it is now fixed.
sorry for your troubles.
Sun Oct 18 JST 1998
* kit/src/tcpdump: add some code to dump isakmp packets,
on udp port 500. However, most part of the exchange is encrypted
(and that part cannot be decoded).
1998-10-17 JINMEI, Tatuya <[email protected]>
* src/bgpd/bgp.c (bgp_process_update): Several bugs were fixed.
The bugs were mostly about BGP4+ route reflector.
Thu Oct 15 16:17:09 JST 1998 [email protected]
* sys/netinet6 and kit/usr.bin/netstat: added some ipsec statistics.
1998-10-14 JINMEI, Tatuya <[email protected]>
* src/bgpd/dump.c: added to dump bgpd status to a file. The status
includes various information such as bgpd internal routing table
and BGP4+ per peer status. Please do not forget to execute the
configure command before compiling.
Man pages were also updated.
Sat Oct 14 18:31:25 JST 1998 [email protected]
* kit/etc/rc.net6
changed to use "prefix" command instead of "ifconfig" command
in router case.
Wed Oct 14 17:44:36 JST 1998 [email protected]
* kit/sys/netkey, kit/sys/net/rtsock.c: PF_KEY and PF_ROUTE sockets
are stabilized. it should work fine against severe tests.
location of splnet() was wrong.
Sat Oct 14 16:06:16 JST 1998 [email protected]
* kit/src/Makefile
added "prefix" command as to be installed by default.
Wed Oct 14 11:30:27 JST 1998 [email protected]
* kit/sys/netkey: properly handle IPv6 address passed by SADB_ACQUIRE.
* kit/src/racoon: IPv6 support. guess IPv6 stack type, socket/bind
to IPv6 unspecified addr, and so forth. need more confirmation on
portability.
Sat Oct 14 11:05:48 JST 1998 [email protected]
*sys/netinet6/in6_var.h
*sys/netinet6/in6_prefix.c
changed bit field structure member size from u_long to u_char,
because BSDI suppose the size differently between kernel
and userland.
And merged some diffs of in6_prefix.c between BSD variants.
now "prefix" command seems to work on BSDI.
Wed Oct 14 03:52:11 JST 1998 [email protected]
* kit/ports/apache13: Port for apache 1.3.3. For non-FreeBSD OSes,
IPv6 patch is available from ftp://ftp.kame.net/pub/kame/misc/.
* kit/ports/apache12: renamed from kit/ports/apache (port for apache
1.2.6). 1.3.3 is highly recommended over 1.2.6.
Tue Oct 13 23:45:04 JST 1998 [email protected]
* kit/src/setkey: add -x option, which dumps all the message
transmitted to PF_KEY socket. (uses SADB_X_PROMISC).
Tue Oct 13 23:27:36 JST 1998 [email protected]
* sys/netkey: support SADB_X_PROMISC. maybe good for debuggin'.
Tue Oct 13 21:21:27 JST 1998 [email protected]
* kit/src/racoon: make racoon code free from CPU endian.
now racoon works on KAME on NetBSD/sparc too.
(namely, eay_bn2v() and eay_v2bn() are updated)
Tue Oct 13 15:35:16 JST 1998 [email protected]
* kit/src/racoon: be more strict about checking SSLeay's existence.
previously we checked md5.h, but some operating systems have md5.h
by default.
Tue Oct 13 14:22:32 JST 1998 [email protected]
* sys/netkey: Add splnet() to prevent race condition.
* sys/netkey/keysock.c: Changed the way sadb_msg is sent to userland.
PF_KEY defines three ways to send sadb_msg to userland:
(1) to requesting process only, (2) to all listening processes, and
(3) to all registered processes. The implementation now conforms
to this.
1998-10-12 Atsushi Onoe <[email protected]>
* kit/src/libinet6/name6.c
use res_query() for reverse lookup instead of res_search().
allow IPv4-compat address for getipnodebyaddr(), do not perform
any query for "::" to conform bsd-api-new-02.
allow misalign address for getipnodebyaddr().
Sun Oct 11 23:31:35 JST 1998 [email protected]
* sys/net*: (NetBSD) IPsec is now working. Now we need to perform
bunch of tests...
Sun Oct 11 22:52:24 JST 1998 [email protected]
* sys/netinet6/{esp,ah}_core.c: bark if no secret key is specified
for esp/ah algorithms that require secret key.
Sat Oct 11 22:35:59 JST 1998 [email protected]
*kit/src/prefix/prefix.8
*kit/src/prefix/prefix.c
added several checking of missing args, and changed some default
behaviour.
Sun Oct 11 20:37:06 JST 1998 [email protected]
* kit/{sbin,usr.sbin}/sysctl and sys/netkey (NetBSD and BSDI):
add net.key.* sysctl MIBs. for FreeBSD we already got net.key.*.
Sat Oct 11 01:03:17 JST 1998 [email protected]
*sys/netinet6/in6_prefix.c
changed "panic" to "log(LOG_ERR...)" in bit_copy().
Sat Oct 11 00:42:15 JST 1998 [email protected]
*kit/src/prefix/prefix.8
*kit/src/prefix/prefix.c
update usage description of man and program.
Sun Oct 10 JST 1998 [email protected]
* sys/netinet6 and kit/sbin/ifconfig (NetBSD): fix ifconfig to
some extent, so that we can check status of if address flags (such as
"anycast"). there are some fixes necessary (ioctl API design issues).
Sat Oct 10 14:46:50 JST 1998 [email protected]
*kit/src/prefix/prefix.c
fixed usage description.
removed unused function.
Sat Oct 10 03:27:44 JST 1998 [email protected]
*kit/src/prefix/Makefile
Made compilable on NetBSD
also, this command seems to work on NetBSD
Sat Oct 10 02:59:02 JST 1998 [email protected]
*kit/sbin/ifconfig.c
ifconfig.8
removed prefix related enhance(because they are moved to
new "prefix" command)
Sat Oct 10 02:42:00 JST 1998 [email protected]
*kit/src/prefix/Makefile
prefix.c
prefix.8
Newly added these files.
Actually these are prefix related functions from
current KAME FreeBSD sbin/ifconfig.
Same functions in sbin/ifconfig will be removed.
Only working on FreeBSD now.
TODO: operational check on BSDI
compile check on NetBSD
complete man page
Sat Oct 10 01:54:58 JST 1998 [email protected]
*sys/netinet6/in6_prefix.c
Bug Fix:
change ">>" to ">>=". (discovered by itojun)
Fri Oct 9 21:48:19 JST 1998 [email protected]
*kit/sbin/ifconfig/ifconfig.c
enabled "-a" for prefix renumbering commands
print usage for prefix related commands
shorten long parameters.
Fri Oct 9 20:02:21 JST 1998 [email protected]
*kit/src/rtadvd/rrenum.c
*kit/sbin/ifconfig/ifconfig.c
*sys/netinet6/in6_prefix.c
supported SIOCAIFPREFIX_IN6, SIOCCIFPREFIX_IN6,
SIOCSGIFPREFIX_IN6, by ifconfig.
And fixed several kernel bugs discovered using those commands.
Now prefix renumbering by ifconfig seems to be working well.
1998/10/09 17:06:51 JST [email protected]
i386/conf Makefile.i386
separated SYSTEM_LD macro into 2 case, where "-g" is defined and not.
1998/10/09 13:32:16 JST [email protected]
i386/conf Makefile.i386
add "ulimit" to SYSTEM_LD macro, not only to SYSTEM_LD_TAIL macro.
Fri Oct 9 11:52:33 JST 1998 [email protected]
* kit/src/faithd: improve command/result parsing in ftp translation.
support EPSV ALL. reject PORT and PASV from client as it is bogus
for IPv6 ftp connection.
Thu Oct 8 21:09:30 JST 1998 [email protected]
* kit/src/faithd: redesign ftp.d completely, to make the translator
code more context-free. Also, EPSV/EPRT is supported.
TODO: utilize "EPSV ALL" for improved performance,
better error recovery
1998-10-08 JINMEI, Tatuya <[email protected]>
* if_gif.c (gif_output): prevented infinite call of gif_output
by introducing a counter variable which is static in this
function. Note that this approach may introduce MUTEX problem
when using kernel thread.
Tue Oct 7 18:20:01 JST 1998 [email protected]
implemented following cmd in kernel.
SIOCSGIFPREFIX_IN6
SIOCAIFPREFIX_IN6
SIOCCIFPREFIX_IN6
TODO: enhance ifconfig and rrenumd to utilize these cmds,
and test kernel behavior
1998-10-07 JINMEI, Tatuya <[email protected]>
* ip6_mroute.c: implemented kernel-level IPv6 multicast
forwarding. It can be compiled, but there have been no userland
routing daemon yet. So it will not effectively work for a while.
Wed Oct 7 13:04:01 JST 1998 [email protected]
* take care of IPsec tunnel in computing MTU and TCP MSS.
ipsec{4,6}_hdrsiz is defined for this.
{esp,ah}*_hdrsiz_* are deprecated.
Wed Oct 7 1998 [email protected]
* experimental ND6 code is enabled in KAME/BSDI and KAME/FreeBSD.
we are trying to figure out the following spec flaws:
- discovery-v2-03 talks almost nothing about how to manage neighbor
cache entry on reception of RA/RS/NS/redirect without link-layer
address option.
- IsRouter flag sometimes becomes out-of-sync, due to neighbor
cache expiration/creation rules.
we are still thinking about the spec, and changing nd6_cache_lladdr().
the experimental code works just fine so the change will not bite
you.
Wed Oct 7 00:33:03 JST 1998 [email protected]
* kit/lib/libftpio: (FreeBSD only) Fixed IPv4 non-passive ftp.
(bind failed due to wrong argument)
Tue Oct 6 18:28:13 JST 1998 [email protected]
If a packet is to be forwarded over IPsec tunnel, and it couldn't
due to "too big and don't fragment", report the correct tunnel MTU
toward the originator.
tunnel MTU = if MTU - sizeof(IP header) - ESP/AH headers/paddings
To test this, you may need
sysctl -w net.inet.ipsec.dfbit=1
to set DF bit on the outer IP header.
Tue Oct 6 13:48:42 JST 1998 [email protected]
* sys/netinet6/ipsec.c: changed the way IPsec tunnel is created.
(see ipsec4_encapsulate() in sys/netinet6/ipsec.c)
* sys/netinet6/ipsec.c: define new sysctl MIB, net.inet.ipsec.dfbit,
to allow users to control DF bit treatment (copy/clear/set) on
ipsec tunnel encapsulation.
NOTE: this is per-host configuration, not a per-interface
configuration defined in draft-ietf-ipsec-arch-sec-07.txt.
Tue Oct 6 13:13:19 JST 1998 [email protected]
fix for rtr renumbering related structure's member name and
order change at ifconfig, rrenumd, rtadvd
maybe minimum implementation of router renumbering at rtadvd completed
Tue Oct 6 12:57:50 JST 1998 [email protected]
changed router renumbering related structure's member name and order.
added same interface check for SIOC*IFPREFIX_IN6 cmds.
added in6_rrenumreq structure for advanced ioctls for rtr renumbering
defined, SIOCAIFPREFIX_IN6, SIOCCIFPREFIX_IN6, SIOCSGIFPREFIX_IN6
TODO: implement new SIOC*PREFIX_IN6 cmds in kernel
Mon Oct 5 17:20:13 JST 1998
* Eliminate clause 3 from our KAME copyright notice, as we've heard
that 4-clause BSD copyright irritates people very much.
Mon Oct 5 10:46:05 JST 1998
* kit/ports/sendmail6: make it buildable, by removing -I/usr/src/sys
from site.config-v6.kame.
1998/10/03 00:59:54 JST [email protected]
ports/mozilla Makefile
ports/mozilla/files md5
Patch level up.
-IPv6 hostname with AAAA record,
or numarical IPv6 address escaped by [ ],
can be specified as proxy server.
-adopted __res_state structure change.
1998/10/02 23:54:27 JST [email protected]
src/ndp ndp.c
netinet6 nd6.h nd6.c nd6_nbr.c
Added "ln_expire" to llinfo_nd6 structure, and "expire" to
in6_nbrinfo structure.
NDP use them for state transition and rt_expire is no more used.
Also, ndp command is changed to use ln_expire to display each
entry's expire time.
Fri Oct 2 13:13:01 JST 1998 [email protected]
* kit/ports/apache: distribute IPv6 patch separately, from
ftp://ftp.kame.net/pub/kame/misc/.
Thu Oct 1 22:50:38 JST 1998 [email protected]
* kit/src/rtadvd: add capability "nolladdr" which controls
the presence of source link-layer address option on RA packets.
(mostly for debugging)
* kit/src/ndp: add option "-A" which tries "-a" (show NDP entries)
repeatedly.
Thu Oct 1 11:12:25 JST 1998 [email protected]
* kit/ports/sendmail6: mark this port broken as it is not buildable
due to the change in resolver (see below).
<199809>
1998-09-30 Atsushi Onoe <[email protected]>
* sys/net/if_atmsubr.c, sys/dev/en/midway.c:
fix bugs to allow "ifconfig up" for ATM-PVC interface without
assigning IPv4 address.
1998-09-30 Atsushi Onoe <[email protected]>
* include/resolv.h, kit/src/libinet6/resolv/:
restore struct __res_state to original to keep binary
compatibility (avoid SEGV on NetBSD).
change default configuration options for resolver.
* kit/src/libinet6/name6.c:
change syntax for AI_ALL (now needs AI_V4MAPPED) to conform to
bsd-api-new-02(a).
* include/netdb.h, kit/src/libinet6/name6.c:
add AI_V4MAPPED_CFG to return conditional answer of IPv4-mapped
IPv6 address depends on whether kernel's mapped_addr flag is set.
Also change the definition of AI_DEFAULT to (AI_V4MAPPED_CFG|
AI_ADDRCONFIG).
* kit/src/libinet6/getaddrinfo.c:
support AI_NUMERICHOST flag to conform to bsd-api-new-02a.
replace CHECK_KERNPROTO by AI_ADDRCONFIG of getipnodebyname().
fix 'a.foo.bar and a.v6.foo.bar' problem in PF_UNSPEC case.
Wed Sep 30 13:26:22 JST 1998 [email protected]
* sys/netkey/key.c:
check to be zero of acq_seq, because zero is reserved
as handling SADB_EXPIRE.
1998/09/30 12:48:37 JST [email protected]
netinet6 ip6_input.c
Don't think packets destined to RTF_GATEWAY route as "goto ours".
1998/09/30 02:59:38 JST [email protected]
netinet6 ip6_output.c
Copy m_flags(M_MCAST) to fragmented packets to disable
neighbor resolution procedure for them.
(because neighbor resolution waiting queue length is
for only one packet)
1998/09/30 02:24:11 JST [email protected]
. USAGE
small grammar fix
1998/09/29 10:09:00 JST [email protected]
usr.sbin Makefile
Commented out ppp and added suggestion to use kit/ports/ppp.
Still leave dir of kit/usr.sbin/ppp for a while.
Mon Sep 28 17:40:18 JST 1998 [email protected]
* sys/netinet6/in6.h: Renamed IPV6_{JOIN,LEAVE}_MEMBERSHIP into
IPV6_{JOIN,LEAVE}_GROUP to conform to bsd-api-new-02a.
1998/09/26 14:13:27 JST [email protected]
src/rtadvd rrenum.c
Adopted to router-renum-05.txt.
And still supporting, not finished.
1998/09/25 16:34:20 JST [email protected]
src/rrenumd rrenumd.c
Change router renumbering packet formats as new draft
(router-renum-05.txt)
1998/09/25 16:31:44 JST [email protected]
netinet6 icmp6.h
Change router renumbering packet formats as new draft
(router-renum-05.txt)
Also, changed values type to u_int{8,16,32}_t as same as
other icmp6 structure.
Thu Sep 24 21:51:19 JST 1998 [email protected]
* sys/sys/socket.h: Changed CMSG_xxx macro defs. Previously, ALIGN()
was used (based on advanced API document). However, ALIGN() in
advanced API and ALIGN() in BSD unix variants (machine/param.h) have
very different meanings. So, now we've defined CMSG_ALIGN().
Thu Sep 24 19:42:22 JST 1998 [email protected]
* kit/ports/sendmail: Update the IPv6 patch for sendmail to be used.