			CHANGELOG for KAME kit
$KAME: CHANGELOG,v 1.2103 2002/03/17 19:51:29 jinmei Exp $

<200203>
2002-03-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ah_input.c (ah6_ctlinput):
	* kame/sys/netinet6/esp_input.c (esp6_ctlinput):
	corrected arguments to key_allocsa().  This fix is very important
	if you use IPsec, because key_allocsa() in recent snaps has a
	strong validation check which will cause kernel panic against
	bogus values.

2002-03-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): do not update the
	"dst" address, which is the next-hop address, for multicast
	destinations.  Otherwise, the layer 2 destination address would be
	bogus.

2002-03-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet6/udp6_usrreq.c (udp6_input): corrected
	address matching rules for incoming multicast packets, as
	suggested by Konstantin KABASSANOV <Konstantin.Kabassanov@lip6.fr>
	Without the change, multicast applications that binds the
	receiving socket with the multicast address would fail to accept
	incoming packets.

Fri Mar 15 19:45:40 JST 2002  itojun@iijlab.net
	* sys/netinet6/frag6.c: implement real lock around IPv6 reassembly code.
	  (netbsd/openbsd only)

Fri Mar 15 18:28:20 JST 2002  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_subr.c: have tcp6_drain().

2002-03-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c:
	- made sure to attach packet addresses to every mbuf even after
	  m_copy().
	- added a supplement function m_copy_withpktaddrs() for this
	  purpose.
	Thanks to: "Konstantin KABASSANOV" <Konstantin.Kabassanov@lip6.fr>
	for finding the problem and testing patches.

2002-03-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/wru: added the -z option to specify the zone of the
	destination, particularly for the default destination, ff02::1.

2002-03-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput): loosened the
	assertion check for the "inner" source.  The check was so strong
	that it caused kernel panic when the function called from
	ip6_output() via pfctlinput2().
	bsdi4 KAME snap users are recommended to apply this fix.

Sun Mar  3 01:51:54 JST 2002 Keiichi SHIMA <keiichi@iij.ad.jp>
	* kame/sys/netinet6/{in6.c|mip6.c|mip_var.h|nd6_rtr.c}
	check the CoA when p2p address (like gif) is set.  this enables
	you to use MIP6 with molec.

2002-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput, and related
	functions):
	- applied recent clarifications in rfc2292bis:
	  + ignored IPV6_DONTFRAG and IPV6_RECVPATHMTU for TCP sockets
	  + disallowed to set non-unspecified address by IPV6_PKTINFO for
	    TCP sockets
	- corrected the return value from getsocketopt for IPV6_DONTFRAG and
	  IPV6_USE_MIN_MTU

2002-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_redirect_output): included
	a target link layer address option in the redirect message for an
	on-link destination as well as for a better router.  This behavior
	should be correct according to the specification.

<200202>
Tue Feb 26 16:05:53 2002  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/ports/ppp: awkhulhak ppp

2002-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet6/in6_pcb.c (in6_mapped_sockaddr,
	in6_mapped_peeraddr): do not convert the unspecified address (::)
	to the mapped address form.  Otherwise, get{peer, sock}name(2) for
	an AF_INET6 wildcard address would return ::ffff:0.0.0.0.

2002-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet/tcp_syncache.c (syncache_socket): when
	making a PCB entry from a syn cache, do not forget to copy
	inc_isipv6.
	* freebsd4/sys/netinet/tcp_usrreq.c (tcp6_usr_connect): set
	inc_isipv6 when connecting to a non-mapped AF_INET6 address.

	All FreeBSD users are recommended to apply this fix.   Without
	these changes, we would fail to update a stale cached route.

2002-02-25 SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* sys/netinet6/in6_src.c (in6_selectsrc):
	fixed a bug that sendmsg() on raw socket sometimes fails by ENXIO,
	due to the inconsistency between embedded zone-id and the calculated
	outgoing interface-id.

Mon Feb 25 10:58:09 JST 2002  itojun@iijlab.net
	* sys/netinet/ip_input.c: enforce ipsec policy checking on forwarding
	  case (the portion was lost during transition to PR_LASTHDR).
	  From: Greg Troxel <gdt@ir.bbn.com>

2002-02-24  SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* kame/route6d/route6d.c:
	not remove global addresses on loopback interface from routing
	table by route aging.

2002-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_rtrequest): rejected the process of
	RESOLVE when the interface does not need neighbor caches.
	Otherwise, this function would mistakenly try to make a neighbor
	cache for an stf interface.
	Based on a report from Ross Finlayson <finlayson@live.com> at the
	freebsd-net ML.

2002-02-23  SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* kame/pim6sd/{pim6_proto.c, route.c}:
	pim6sd doesn't crash now when receiving (*,*,RP) entry.

Thu Feb 21 23:48:38 JST 2002 sakane@kame.net
	* kame/kame/racoon:
	to specify the identifier in "sainfo" directive is deprecated.
	the identifier should be always made from SPD.

2002-02-20  SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* freebsd4/sys/net/if.c (): 
	fixed a kernel crash that occurs when you enable IPv6 Multicast 
	on VLAN interface.

2002-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_setmoptions): fixed kernel
	panic in the case of IPV6_LEAVE_GROUP without an interface.
	The kernel would choose the group based on the address only with
	fix.
	Note, however, that ambiguity on the scope zone of the address
	would not be allowed by default.  This particularly means that you
	should always specify the interface for interface or link local
	groups.
	Based on: a report from Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

2002-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/tcp6_subr.c (tcp6_respond): called
	ip6_getpktaddrs() correctly.  NULL pointers would be referred to
	without this fix.
	Based on: a report from Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

2002-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_init2): called nd6_ifattach()
	for the loopback interface, in order to make sure to initialize
	the nd_ifinfo structure for the interface.

2002/02/19 16:05:42 JST	kjc@csl.sony.co.jp
	* reduce differences from netbsd-current and openbsd-3.0:
	 - use ALTQ_DECL() for altq only variables.
	 - make IFQ_ENQUEUE() take 4 args even for the non-altq case
	 - the return type of altq_etherclassify() is changed from
	   int to void.
	   the function prototype is moved to if_altq.h.
	* add more altq supported drivers and link types.
	  most of the remaining drivers are supported by now.

2002-02-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.h: stopped defining the route_in6{}
	structure for bsdi4 regardless of local configuration options.
	We'll never need this because BSD/OS has merged the "new" route{}
	structure, which can store all socket addresses.
	* kame/sys/netinet6/{mld6.c, route6.h}: always included route.h
	based on the change above.

2002-02-18 Shin'ichi Fujisawa	<fujisawa@kame.net>
	* kame/sys/netinet6/natpt_*.[ch]:
	* kame/kame/natptconfig/*.[chly58]:
	- About natptcofig command
	  - Add "-q" option to suppress error message.
	  - Change it to return non ZERO value when detects syntax error.
	- NAT-PT rule has rule number.
	  You can omit rule number when setting NAT-PT.  In this case,
	  behaviour of natptconfig command is same as previous.
	  Rules can be deleted individually; Rule number can be
	  renumbered;
	- see natptconfig(8) and natpt.conf(5) for more detail.

2002-02-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): cleanup; removed a
	duplicated check for mapped source or destination addresses.

2002-02-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/mld6.c (mld6_start_listening): added an
	assertion in the case of this function was called before
	mld6_init().

2002-02-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_init2): stopped calling
	in6_ifattach(lo0).  We in fact do not need to call in6_ifattach()
	at this stage.  Additionally, in6_ifattach() has a bad effect of
	sending packets even though some parts of the kernel are not ready
	for sending.

2002-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/{netinet6, netkey}/: changed the definition of
	in6_multi{} to contain a full sockaddr_in6 of the multicast
	address.  Related functions were also modified accordingly.

	* kame/kame/ifmcstat/ifmcstat.c (in6_multientry):
	* {netbsd, openbsd}/usr.bin/netstat/if.c (intpr):
	Modified according to the change above.  These tools should
	be rebuilt as well as the kernel.

Mon Feb  8 JST 2002 sakane@kame.net
	* freebsd4: sync with 4.5-RELEASE

2002-02-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/in6_pcb.c (in6_pcbbind): correctly separated
	IPv4-mapped address case in in6_pcbbind().  Reported from bsdi.

2002-02-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6: supported a new option '-g gateway' to allow a
	specific next hop.

2002-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/sysctl/sysctl.c (sysctl_key): supported net.key.*
	sysctls.

2002-02-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
	* openbsd/sys/netinet/udp_usrreq.c (udp6_ctlinput):
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_ctlinput):
	corrected arguments to ip6_pcbnotify().

2002-02-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet/tcp_subr.c (tcp_respond): correctly reset
	returned IPv6 header.  This is essential when the original packet
	contains an IPv6 extension header.

2002-02-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat/inet.c (ipsec6_stats): supported printing
	statistics for IPsec over IPv6.

2002-02-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* many kernel files: totally revised IPv6 scoped address
	architecture in the kernel.
	- sticked to use sockaddr_in6, not in6_addr, as much as possible
	- did not refer to ip6_src/ip6_dst (which may have ambiguity on
	  scope zones), but used full sockaddr_in6 structures attached to
	  the packet
	- replaced special cases for link-local addresses with code that
	  used generic functions such as in6_addr2zoneid()
        - additional cleanups mainly for scoped address handling

	The change is so big and we'll need some more time to stabilize
	the code.  It is not recommended to use the latest code for
	purposes that need stable behavior.

<200201>
2002-01-29 Shin'ichi Fujisawa	<fujisawa@kame.net>
	* kame/sys/netinet6/natpt_{defs,rule,soctl,usrreq}.[ch]:
	* kame/kame/natptconfig/misc.c:
	- Change NATPT related ioctl macro name which begin with
	  "SIOC" to name which begin with "NATPT".  "SIOC" as ioctl
	  macro name prefix is too general.

Mon Jan 28 17:19:19 JST 2002 keiichi@iij.ad.jp
	* kame/sys/netnet6/{mip6.c,mip6_binding.c,mip6.h}
	- fix a bug in the processing routine of the authentication data
	  sub-option.
	- change the default security policy for protecting bu/ba.
	  if compiled for ID-15, IPsec = 0 and authdata = 1.
	  if compiled for ID-13, IPsec = 1.

Mon Jan 28 14:09:21 JST 2002  itojun@iijlab.net
	* bsdi4: upgrade base version to BSD/OS 4.3.

2002-01-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): handled
	getsockopt(IPV6_RTHDR) correctly.
	In response to: KAME PR 403 from ylg@logique.jussieu.fr

Sat Jan 26 11:50:54 JST 2002 sakane@kame.net
	* kame/kame/racoon:
	the port number in the phase1 identifier is set 500
	when the identifier type is the ip address
	although it is described ambiguity in RFC2407 4.6.2.

2002-01-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): checked the
	IPV6_MINMTU flag in ip6_output as well as the IP6PO_MINMTU flag in
	the outgoing packet options.  The former can still be set by
	icmp6_reflect or gif_output.

Mon Jan 21 21:07:25 JST 2002 keiichi@iij.ad.jp
	* kame/sys/netinet6/mip6*,kame/kame/mip6control/
	add swithces to enable/disable
	- the check code of bu/ba if they are protected by the ipsec.
	- the check code of bu/ba if they are protected by the authdata.
	to enable/disable those switches, use mip6cotrol.
	
2002-01-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_pcb.h:
	* {bsdi4, freebsd, openbsd}/sys/netinet/in_pcb.h:
	- added foreign/local socket address structures to in[6]pcb{} in order
	  to have scope zone information of IPv6 addresses
	- changed [fl]addr and [fl]port as shortcut macro
	* kame/sys/netinet6/in6_pcb.c (in6_pcballoc): 
	* {bsdi4, freebsd, openbsd}/sys/netinet/in_pcb.c (in_pcballoc):
	- set sin6_family and sin6_len when allocating an AF_INET6 pcb

	Note: this change implicitly affected applications that referred
	to the in[6]pcb structure (e.g. netstat).  Be sure to update
	header files and recompile all KAME applications.

2002-01-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/wru: allowed the user to omit the hostname, in which
	case the command used ff02::1 disambiguating the link zone using
	the default interface.

2002-01-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/route6.c (ip6_rthdr0): made the source routing
	code more scope-aware:
	- it now considers all type of scopes (i.e. not only link-local
	  addresses).
	- it conforms to the forwarding rule described in the scoping arch
	  draft.

2002-01-21 SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* kame/kame/pim6sd/mldv2_proto.c:
	- fixed a bug that MLDv2 Report crashes pim6sd.

2002-01-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	improved the support of IPv6 scoped addresses:
	* kame/sys/netinet6/ip6_var.h: added sockaddr_in6 structures to
	record source and destinaion addresses with scope information.
	* kame/sys/netinet6/ip6_input.c (ip6_input): recorded the
	addresses.
	* kame/sys/netinet6/ip6_forward.c(ip6_forward): used the recorded
	addresses to check scope breakage and to get a route.

2002-01-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_output.c (udp6_output): corrected the
	length argument to in_cksum (bsdi4 only).

2002-01-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/sys/netinet/in_pcb.c (in_pcbladdr):
	* {freebsd4, netbsd, openbsd}/sys/netinet/ip_output.c (ip_output):
	* {netbsd, openbsd}/sys/netinet/in_pcb.c (in_selectsrc):
	- check the address family of the destination cached in a PCB.
	- clear the cached destination before getting another cached
	  route.  Otherwise, garbage in the padding space (which might be
	  filled in if it was used for IPv6) could annoy rtalloc.

	Note for OpenBSD: though Openbsd actually does not need these
	fixes since it does not support IPv4-mapped IPv6 addresses, the
	fixes are at least not harmful and will avoid possible bugs in the
	future if it will ever support mapped addresses.

2002-01-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_selectroute): checked the
	address family of a cached destination, in case of sharing the
	cache with IPv4.
	In response to: a bug report from Vineet Goel in the snap-users
	ML.

2002-01-20 SUZUKI, Shinsuke <suz@sdl.hitachi.co.jp>
	* kame/kame/pim6{dd,sd}/mld6.c:
	fixed a bug that (*,G) entry diminishes due to a failure of
	MLD Query advertisement.

2002-01-18 Shin'ichi Fujisawa	<fujisawa@kame.net>
	* kame/sys/netinet6/natpt_*.[chly]:
	  kame/kame/natptconfig/natpt_{defs,dispatch}.[ch]:
	- Change a method of modification or reference of NAT-PT local
	  variable.  Natptconfig show subcommand does not read
	  /dev/kmem any more when refer to variable.

2002-01-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_rip6_input): if the received
	data is small enough but in an mbuf cluster, copy the data to a
	separate mbuf that does not use a cluster.
	This change will reduce the possiblity of packet loss in the
	socket layer.

2002-01-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/wru: was added as a separate command for ICMPv6 node
	information queries.  The first motivation of this command is to
	provide the ability to handle the queries and responses with
	platforms that do not support 'ping6 -w'.  Though this command is
	just a subset of 'ping6 -w' at this moment, it has some useful
	properties comparing to the existing command.  For example, wru
	only sends a single query even for a multicast destination.  In
	this case, it collects replies during a certain amount of period,
	prints the result, and then exits.

2002-01-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_selectif): do not use a
	rejected or black hole route to pick the outgoing interface.
	Otherwise, we could disambiguate a scoped destination with the
	invalid route and would see some confusing results.

2002-01-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): do not accept packets
	to a destination that has a rejected or blackhole host route.

2002-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* (many kernel files): cleaned up the code to receive extension
	headers (and other optional information) on TCP sockets.  As a
	result, the kernel TCP stack does not pass the information to
	applications. All related functions were removed with this change,
	while the "imputopts" member in the PCB structure was remained
	just in case.

2002-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_clearpktopts): avoided NULL
	pointer reference.  The reference should have occurred in very
	rare cases, but it is recommended to upgrade the kernel the
	20011231 snap and later.

2002-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): do not compare
	the previous value of each option to decide if the option should
	be passed to application.  This part has been removed from the
	advanced API spec.

2002/01/07 21:26:21 JST kjc@csl.sony.co.jp
	add ECN (Explicit Congestion Notification) support (RFC3168).
	the ECN implementation consists of 3 independent components:
	  - marking mechanism in ALTQ
	  - tunnel-egress and fragment reassenbly rules in layer-3
	  - TCP mechanisms

	to enable ECN support in TCP, build a kernel with TCP_ECN
	and turn it on by sysctl -w net.inet.tcp.ecn=1
	netstat(1) shows the ECN related statistics.

	a simple example setup for ALTQ to mark packets on interface xl0:
		interface xl0 bandwidth 3M red ecn

2002-01-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/ip_icmp.c (icmp_input): passed applications
	icmp6 error packets that contained ipv6 over ipv4 packets,
	even if the error packet did not have enough length to store the
	whole IPv6 packets.  traceroute -6 in fact needed this behavior.

2002-01-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute: added a new option "-6" to send IPv6 over
	IPv4 probe packets.  This option will specifically be useful to
	see if an intermediate router rejects the tunneled packets.

2002-01-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.h: restricted the use of
	IPV6_RECVRTHDRDSTOPTS in the kernel.  This option was obsoleted in
	rfc2292bis-03.
