Subject: KAME/NetBSD-1.4 is available
To: None <tech-net@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 05/17/1999 12:02:01
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9800.926910077.1@coconut.itojun.org>
Content-Transfer-Encoding: 7bit
(please notice Reply-to line)
Hello, this is Jun-ichiro Hagino of KAME project (which is a projecdt
doing IPv6/IPsec work on *BSDs).
We start supporting NetBSD-1.4 with our KAME kits. snapshot
is available at ftp://ftp.kame.net/pub/kame/snap/, every Monday.
Please visit http://www.kame.net/ for details.
itojun
------- =_aaaaaaaaaa0
Content-Type: message/rfc822
by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id LAA09327
for <itojun@itojun.org>; Mon, 17 May 1999 11:45:26 +0900 (JST)
by orange.kame.net (8.9.1+3.1W/3.7W/smtpfeed 0.89) id LAA21822;
Mon, 17 May 1999 11:45:20 +0900 (JST)
To: snap-users@kame.net
From: itojun@iijlab.net
Date: Mon, 17 May 1999 11:45:16 +0900
Message-ID: <9313.926909116@coconut.itojun.org>
Reply-To: snap-users@kame.net
Subject: (KAME-snap 618) KAME SNAP 19990517
Errors-To: owner-snap-users@kame.net
Sender: owner-snap-users@kame.net
Sorry to be late, I overslept :-)
New SNAP kits are ready for you.
IMPORTANT: ping6 -w is now not interoperable between past SNAP/STABLE
kits and future KAME kits, due to IANA official icmp6 type number
assignment.
- fixed ICMP6 type value for node information query/response
(now follows IANA assignments). due to this change, ping6 -w
is NOT interoperable with past KAME SNAP kits and STABLE kits.
- KAME/NetBSD-1.4 is now available (highly experimental).
KAME/NetBSD-1.3.3 will be obsoleted in a few weeks.
- IPsec improvements (FreeBSD228 and BSDI): racoon aggressive mode
support, pfkey socket stabilizations, memory leak fix in SAD/SPD,
expire fix, IPv6 IPsec tunnel mode support, AH DoS attack avoidance
- default multicast hoplimit can be configured by sysctl MIB
net.inet6.ip6.defmcasthlim.
- explicit bind(2) to IPv6 anycast address is now prohibited, because
sending packets to that socket will result in packet with anycast
source address. (behavior needs review and improvement)
- IPV6_DSTOPT processing
- ip6fw on FreeBSD3
- sbcreatecontrol() allocates mbuf cluster if necessary.
- v6test now works on loopback
- dual-stack finger/fingerd (FreeBSD228)
- port upgrade: ssh, zebra, icecast, inn
itojun
---
CHANGELOG for KAME kit
$Id: CHANGELOG,v 1.1.2.24.2.23.2.154.2.206.2.397 1999/05/16 13:37:05 itojun Exp $
<199905>
Sun May 16 22:33:41 JST 1999 itojun@iijlab.net
* kit/sbin/ifconfig (NetBSD 1.4): change behavior of "ifconfig
interface" to print all the interface address available, not just
inet addresses. The behavior looks more natural to me.
Sun May 16 03:38:03 JST 1999 itojun@iijlab.net
* sys/netinet6/in6_ifattach.c (NetBSD 1.4):
Add link-local address to the ethernet interfaces (and join
mandatory multicast groups), when the interface is made IFF_UP.
In NetBSD, pcmcia interfaces are not initialized until IFF_UP,
so there seems to be no other option.
Good thing is that now we do not need to call in6_ifattach() from
drivers. It is of course okay to call in6_ifattach() from drivers,
if you are sure that the driver is proprely initialized.
NOTE: this change may break some of the userland tools, which checks
IPv6 interface address BEFORE bringing the interface up.
Sun May 16 01:01:24 JST 1999 itojun@iijlab.net
* kit/pkgsrc/security/ssh, kit/ports/ssh: upgrade to 1.2.27 with
latest IPv6 patch.
Sun May 16 00:32:52 JST 1999 itojun@iijlab.net
* KAME/NetBSD-1.4 is now buildable (both kernel and userland).
* kit/usr.bin/netstat: add support for "netstat -p tcp6 -P
<tcp6cb address>".
Sat May 15 08:20:30 JST 1999 itojun@iijlab.net
* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.65.
Fri May 14 21:18:45 JST 1999 itojun@iijlab.net
* sys/netkey/key.c (BSDI, FreeBSD228): To transmit SADB_ACQUIRE
messages correctly from the kernel, changed the mbuf allocation
policy in key_sendup(). Now we allocate non-cluster mbuf chain
for most cases.
Previously we allocated cluster mbuf for most of the cases, and
this caused PF_KEY socket to be considered full and sbappendaddr()
to fail. This is due to wasted space on cluster mbufs
(sbspace() checks both actual data size and mbuf area size).
Fri May 14 11:50:15 JST 1999 itojun@iijlab.net
* sys/netinet6 (BSDI, FreeBSD228): in IPv6 IPsec, tunnel mode now
works as well.
Note: IPv6 spec suggests the originating node to process HBH option
on the packet from the node itself (the originating node is
considered as "first hop"). However, we do not do this when
you apply IPv6 IPsec tunel onto the packet, since HBH option is
already encrypted when it is to be processed. This should be
fixed, however, IMHO this is very rare case.
Thu May 13 22:56:06 JST 1999 itojun@iijlab.net
* kit/src/v6test/v6test.c: support interface with DLT_NULL
bpf encapsulation (i.e. loopback interfaces).
1999-05-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* src/v6test/getconfig.c (make_ah): added to support
authentication header.
Also added some new tests in ext.conf.
Thu May 13 21:25:51 JST 1999 sakane@ydc.co.jp
* kit/src/racoon:
Abbressive mode was supported, but not tested sufficiently.
XXX There must be Vender ID in fixed place of payload. TO BE MODIFIED.
1999-05-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* uipc_socket2.c (sbcreatecontrol): if a given control message
is larger than MLEN, allocate an mbuf cluster and store the
message into the cluster.
Also, implemented more strict length check.
This fix is only for FreeBSD(2 and 3) and NetBSD. A similar fix
for BSDI was already done.
Thu May 13 20:18:37 JST 1999 shin@nd.net.fujitsu.co.jp
* sys/netinet6/ip6_fw.c, sys/i386/conf/GENERIC.v6 (FreeBSD3.1):
made compilabel and bootable with ip6fw enabled.
not tested well enough.
Thu May 13 20:04:35 JST 1999 itojun@iijlab.net
* sys/netinet6/ah_core.c: drop IPv6 AH packet with too many
extension headers, to avoid DoS attacks.
Use net.inet6.ip6.hdrnestlimit to configure the number of extension
headers allowed.
1999-05-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* src/pim6dd/trace.c (accept_mtrace): added to support the
response part of mtrace(not tested yet).
1999-05-13 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* ip6_output.c (ip6_setpktoptions): added the IPV6_DSTOPTS case,
which allowed user to specify destination options headers for an
outgoing packet.
(compilable, but not tested yet)
1999-05-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* in6_pcb.c (in6_pcbbind): prevented binding a socket to an
address if it's anycast, notready, detached or deprecated.
1999-05-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* netstat/inet6.c: sync icmp6names[] with the latest kernel.
1999-05-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* icmp6.h: changed the size of icmp6stat.icp6s_{in, out}hist from
ICMP6_MAXTYPE + 1 to 256 since the former made the kernel
vulnerable.
1999-05-12 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>
* added a sysctl net.inet6.ip6.defmcasthlim, which gets or
specifies the default hop limit for an outgoing IPv6 multicast
packet.
Note that BSDI users must update both kernel and kit/sbin/sysctl
to enable the new sysctl.
Wed May 12 14:57:54 JST 1999 itojun@iijlab.net
* kit/libexec/fingerd, kit/usr.bin/finger (FreeBSD228): finger daemon/
client fixed for dualstack support.
Wed May 12 14:12:44 JST 1999 itojun@iijlab.net
* kit/ports/inn (FreeBSD228/31): IPv6-enabled netnews server,
version 2.2.
From: Satosi KOBAYASI <kobayasi@north.ad.jp>
Wed May 12 10:33:32 JST 1999 itojun@iijlab.net
* sys/netinet6/icmp6.h: node information query/response got the
official ICMPv6 type, so use the official number.
NOTE: need recompilation in userland (ping6), and old KAME and new
KAME will not interoperate due to the overwrap in number...
Wed May 12 02:29:13 JST 1999 sakane@kame.net
* sys/netkey/key.c (FreeBSD228/BSDI):
Fixed to expire SA. It can't be sent SADB_EXPIRE message due
to my mistake.
Added test implement for lifetime by byte counts.
You must be careful to set its value otherwise it causes many
SA to be set.
e.g. time limit = 22896000(s)
byte limit = 100(KB)
Tue May 11 18:48:37 JST 1999 sakane@kame.net
* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade to latest
IPv6 patch, with song name broadcasting/request hack.
Tue May 11 18:26:06 JST 1999 itojun@ijilab.net
* sys/netkey (FreeBSD228/BSDI): strictly perform reference count on
SPD/SAD. Now netkey seems to have almost no memory leaks.
* sys/netkey/key.c, kit/src/setkey/setkey.c (FreeBSD228/BSDI):
throw results of SADB_DUMP and SADB_X_SPDDUMP message as separate
message to pfkey socket. This should be more reasonable as each
of the result (for single SAD/SPD entry) has sadb_msg header.
Mon May 10 03:16:49 JST 1999 itojun@iijlab.net
* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.1.
Sun May 9 16:39:31 JST 1999 itojun@iijlab.net
* kit/ports/ruby, kit/pkgsrc/lang/ruby: update to use latest IPv6
patch.
Sun May 9 03:51:09 JST 1999 itojun@iijlab.net
* kit/src/racoon: get/set proper source/destination address for IKE
packets, using IP_RECVDSTADDR and IPv6 advanced API.
this is needed to support hosts with more than 1 IP addresses
(i.e. most of IPv6 node needs this).
TODO: scoped IPv6 addresses support (link-local and site-local).
------- =_aaaaaaaaaa0--