CHANGELOG.2000

			CHANGELOG for KAME kit, 2000

$KAME: CHANGELOG.2000,v 1.3 2002/12/10 02:12:08 jinmei Exp $

<200012>
Thu Dec 28 08:48:12 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/sys/miscfs/procfs/procfs_ctl.c:
	  FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs fix

Wed Dec 27 20:52:26 JST 2000 sakane@ydc.co.jp
	* netkey/key.c:
	Added lifetime handler of the policy.  There are two timer
	"lifetime" and "validtime".  "lifetime" means the lifetime of
	the policy.  "validtime" means the duration after the policy
	has not been used.  when these timer will be expired, key_spdexpire()
	is called and the expiration message is sent to the userland.
	the policy can be used without limitiation if both lifetime and
	validtime are zero.

2000-12-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/lib/libinet6/resolv: supported EDNS0. See log on
	Wed Apr 26 12:00:59 JST 2000 by itojun for more details.

2000-12-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/lib/libinet6: supported IPv6 transport of DNS resolver.
	you should updated bsdi4/contrib as well.
	This is just a first step. We have many TODO items on this.

Fri Dec 22 JST 2000 itojun@iijlab.net
	* traceroute6, ping6: revoke root privilege earlier.

2000-12-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/pim6_proto.c: fixed typo in J/P message
	handling.
	* kame/kame/pim6sd/routesock.c: fixed alignment bugs for no SA_LEN
	cases (nothing to do with BSD, though).
	Both fixes were based on KAME PR sys/308 from
	pavlin@catarina.usc.edu.

2000-12-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): correctly initialized
	the "must be zero" field of upcall data. This fix is essential to
	run IPv6 multicast routing daemon.
	Report from: toshiaki.nakatsu@fujixerox.co.jp.

2000-12-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/config.c (getconfig): allowed hosts to
	advertise RA only when router lifetime is set 0 on every
	advertising interface. This restriction would avoid invalid RAs
	advertised from a host by misconfiguration.

2000-12-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_input): all *BSD called
	icmp6_rip6_input(). rip6_input(), which was used by bsdi4 and
	openbsd, was not suitable, because it would return unexpected
	"unknown next header" errors upon receiving (e.g.) icmp6 echo
	request.
	* kame/sys/netinet6/raw_ip6.c (rip6_input): removed icmp6 cases
	according to the above change.

2000-12-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (init_ip6pktopts): added to avoid
	forgetting initialization of packet options. This function is
	called from ip6_pcbopt() and ip6_setpktoptions().
	This change would fix a problem that traceroute6 source routing
	failed by EMSGSIZE.

2000-12-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netkey/key.c (key_cmpspidx_withmask): applied the same
	fix as one introduced on 2000-12-07 (see below) for inbond
	packets.

Wed Dec 20 14:41:11 JST 2000  itojun@iijlab.net
	* netbsd/lib/libinet6/getaddrinfo.c: experimental support for A6
	  records, only for cases where all 128 bits are supplied in a single
	  A6 record (like "A6 0 ::1").  netbsd only.  disabled by default.

Mon Dec 18 01:41:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/usr.sbin/{syslogd, lpr}, freebsd4/usr.bin/logger: sync
	  with FreeBSD-current.
	* freebsd3/ports/qpopper: upgrade to 3.1.2

Fri Dec 15 23:24:58 JST 2000 sakane@ydc.co.jp
	* racoon:
	racoon uses syslog() if both the logging file and -F option are not
	specified when racoon is launched.  Now there are three way to log.
	One is to the standard output.  Second is to syslog.  Third is to the
	file specified by the option.

	nuke YIPSDEBUG() macro, instead racoon use the value "loglevel"
	as logging value.  "loglevel" can be specified either of the following
	capital word, and they are printed with each output as the tag name in
	the logging file.
	INFO: begin negotiation, SA establishment/deletion/expiration.
	NOTIFY: just notifiable.
	WARNING: not error strictly.
	ERROR: system call error. also invalid parameter/format.
	DEBUG1: debugging informatioin.
	DEBUG2: too more verbose. e.g. parsing config.

	XXX The logging level and the tag name are mixed. They may be separated.
	ERROR should be separated because the error of IKE protocol and system
	call are mixed.
	XXX to be more checked.

Wed Dec 13 17:05:36 JST 2000  itojun@iijlab.net
	* netbsd/sbin/racoon: update racoon reachover makefile.  compiles in
	  GSSAPI support if MKKERBEROS is set.

Tue Dec 12 08:56:39 PST 2000  thorpej@zembu.com
	* racoon/Makefile.in
	* racoon/algorithm.c
	* racoon/algorithm.h
	* racoon/cfparse.y
	* racoon/cftoken.l
	* racoon/configure.in
	* racoon/handler.c
	* racoon/handler.h
	* racoon/ipsec_doi.c
	* racoon/isakmp.c
	* racoon/isakmp.h
	* racoon/isakmp_agg.c
	* racoon/isakmp_base.c
	* racoon/isakmp_ident.c
	* racoon/main.c
	* racoon/oakley.c
	* racoon/oakley.h
	* racoon/racoon.conf.5
	* racoon/remoteconf.h
	* racoon/strnames.c
	Added files:
	* racoon/gssapi.c
	* racoon/gssapi.h
	* racoon/README.gssapi
	Implement GSSAPI using Kerberos 5 authentication for Phase 1
	per dratf-ietf-ipsec-isakmp-gss-auth-06.txt.  Implemented by
	Frank van der Linden <fvdl@wasabisystems.com>.

2000-12-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/raw_ip6.c: used by bsdi4 for better code
	sharing. Basically, no new feature change was introduced by this
	change.

Snu Dec 11 JST 2000  itojun@iijlab.net
	* freebsd4/sys/i386/isa/if_lnc.c: cope with VMware ethernet chip
	  emulation, which loops back multicast packet to itself
	  (violates IFF_SIMPLEX behavior).  now DAD on freebsd-on-VMware
	  works fine.  thanks to: Florent Parent
	  <Florent.Parent@viagenie.qc.ca> for help testing.

Sat Dec 10 JST 2000  itojun@iijlab.net
	* racoon/isakmp.c: bounds-check bogus length in isakmp header.

Sat Dec  9 09:08:02 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c (netbsd/openbsd):
	  implement high/low watermark on pmtud host route entries.
	  create up to hiwat host route entries, if icmp6 too big messages is
	  validated.  create up to lowat host route entries, if too big message
	  is not validated (= traffic is from non-connected pcb).
	  XXX hiwat/lowat default values

Fri Dec  8 16:05:04 JST 2000  itojun@iijlab.net
	* netbsd/sys/nfs: avoid IPv6 path MTU discovery if UDP is used as the
	  transport layer.  TODO: make NFS aware of path MTU discovery.

2000-12-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ipsec.c (ipsec6_output_trans): when an ipsec
	SA cannot be found while ipsec is required, send an icmp6
	dst_unreach_admin error (instead of silent discard).
	NOTE: Please be sure to update icmp6.c as well.

2000-12-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_reflect):
	- processed scoped addresses in a generic manner.
	- used in6_selectsrc to determine the source address of the
	  reflected packet.

2000-12-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netkey/key.c (key_cmpspidx_withmask): compared
	sin6_scope_id values only when both two values were
	non-zero. Without this fix, ::/0 would not match fe80::1%ne0,
	which could be a security hole.
	TODO: there seem to be additional misuse about scope in this
	file. We'll have to fix them eventually.

Wed Dec  6 00:22:31 JST 2000  itojun@iijlab.net
	* openbsd: use shared raw ip6 logic.

Tue Dec  5 10:44:53 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c: (non-bsdi) make sure we don't have DAD
	  process, for an IPv6 interface address on detached PCMCIA interfaces.

Mon Dec  4 23:09:51 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc: obsolete KAME pkgsrc tree, at least for now.
	  we should consult NetBSD pkgsrc directory.  KAME pkgsrc uses
	  1.4.2 pkgsrc build framework, which is too old for use with 1.5.

Mon Dec  4 20:27:27 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/udp_usrreq.c: fix IPv4 multicast input path.
	  NetBSD PR 11629.

Mon Dec  4 19:55:10 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_pcb.c (netbsd/openbsd):
	  re-introduce workaround for updating cached routes in unconnected
	  inpcb, on ICMPv6 redirect (otherwise, cached routes will not be
	  updated).  should be revisited.

2000-12-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6.c (make_mld6_msg):
	* kame/kame/mld6query/mld6.c (make_msg):
	* kame/kame/pim6dd/pim6.c (init_pim6):
	made sure to use CMSG_LEN (not CMSG_SPACE) to set to cmsg_len.
	based on a PR from URA Hiroshi <ura@hiru.aoba.yokohama.jp>

2000-12-03  Koji Kawano <K.Kawano@rdmg.mgcs.mei.co.jp>
	* sys/netinet6/in6_prefix.c: missing copy vltime & pltime to
	  ifra(interface)
	  This effects that, if you use prefix command, you can't
	  add address to the interface or vltime = 0 even added.

Sun Dec  3 02:48:51 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_mroute.h: to provide better binary compatibility
	  with *BSD-integrated tree, change operation #.  you'll need to
	  recompile all multicast routing tools as well as the kernel.

Sat Dec  2 17:27:30 JST 2000  itojun@iijlab.net
	* bsdi3, bsdi4, freebsd2, netbsd: do not pass incomplete tcp header
	  to syn_cache_unreach.

Sat Dec  2 17:19:58 JST 2000  itojun@iijlab.net
	* netbsd: catch up with netbsd 1.5.  MIP6/NATPT do not compile.
	  pvcbridge does not work for now.

	  NOTE: if you use anoncvs/cvsup to update from existing tree,
	  make sure to invoke "make TARGET=netbsd clean" before update.
	  symlink can make troubles with update.

Fri Dec  1 21:02:25 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/ports/{ct,v6eval}: upgrade to 1.2.

Fri Dec  1 19:35:18 JST 2000  itojun@iijlab.net
	* openbsd: catch up with openbsd 2.8.  MIP6/NATPT may not work.

	  NOTE: if you use anoncvs/cvsup to update from existing tree,
	  make sure to invoke "make TARGET=openbsd clean" before update.
	  symlink can make troubles with update.

2000-12-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *BSD/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	* *BSD/sys/netinet[6]/{tcp, udp, raw}XXX.c (ctlinput functions):
	added clarifications and improvements:
	- made the ctlinput mechanism more scope aware.
	- considered flow label to detect PCBs to which should be notified a
	  given error (as well as usual detection items such as port
	  numbers).
	- removed meaningless special considerations for PRC_HOSTDEAD
	  cases.

2000-12-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/esp_input.c (esp6_ctlinput): called
	pfctlinput2 to tell applications minimum information about an
	error, even when the notification was encrypted. PCB notification
	functions then might be able to detect an appropriate PCB using
	source and destination addresses and IPv6 flow label.

2000-12-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): called pfctlinput2
	when fragmenting the packet, in order to tell applications the
	proper MTU of the outgoing interface for a particular destinaion.
	The code would be more conformant to rfc2292bis with this change.

2000-12-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (pfctlinput2): was newly added to
	allow the ctlinput mechanism to have additional
	information. Although it could (or even should) be generalize to
	be domain independent, we currently keep the function for INET6
	only, because we don't know the whole effects of this.

<200011>
2000-11-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/route.c (rtredirect): disabled the AF check in the
	beginning of rtredirect, due to which redirection did not work for
	IPv6. Although the check is actually a bit redundant, but
	disabling the check does not have a bad effect.

2000-11-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {kame,bsdi4,openbsd,freebsd[34]}/sys/netinet6/in6_pcb.c
	(in6_pcbnotify): removed a special treatment for rtchange cases,
	which was necessary only when we used the ND6_WAITDELETE neighbor
	cache state for	an unreachable neighbor. This removal would not
	affect the behavior, but make the code simpler.

2000-11-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/mld6.c (init_mld6): allow multicasted packet
	sent to the MLD6 socket to be loop-backed by default. We can do
	this since we don't have to handle DMVRP messages via the MLD6
	socket.
	(based on a question from <toshiaki.nakatsu@fujixerox.co.jp>.)

2000-11-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c ({get, set}_pathmtu): newly added to
	support application-level path MTU discovery. If the -m option is
	specified, ping6 will try to discover path MTU for the destination
	using the IPV6_RECVPATHMTU socket option, and adjust the MTU using
	the IPV6_USE_MTU socket option. This would be useful for those
	OSes that do not perform path MTU discovery unless corresponding
	connected socket exists, like recent versions of NetBSD and
	OpenBSD.

2000-11-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c: added a new ancillary data item
	"IPV6_USE_MTU," which allows an application to specify the MTU of
	the outgoing packet. This item is currently experimental (i.e. not
	described in a standard document.)

Mon Nov 27 04:20:40 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/lftp: upgrade to 2.3.5.

2000-11-27  Koji Kawano <K.Kawano@rdmg.mgcs.mei.co.jp>
	* /kame/freebsd[3,4]/ifconfig
	1. add vltime & pltime parameter setting
	2. add default thier value setting (tentative bug fixing)
	2 is coz that not to add addresses.

2000-11-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/route.c (add_leaf): just ignored an MLD report
	if the node is not the DR for the corresponding subnet.
	The fix was from toshiaki.nakatsu@fujixerox.co.jp.

2000-11-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_bootstrap): even
	when the BSR changes, just schedule an immediate advertisemnet of
	advertisement, instead of actually sending message, in order to
	avoid sending the advertisement to the old BSR.
	In response to: a comment from toshiaki.nakatsu@fujixerox.co.jp.

2000-11-25  Koji Kawano <K.Kawano@rdmg.mgcs.mei.co.jp>
	* kame/freebsdX/net/if_loop.c: fixed duplicated free of pkt's aux data.
	This happens in case of that "ping6 -w -I lo0 ::1" for example.

Fri Nov 24 17:29:30 JST 2000  itojun@iijlab.net
	* libinet6/if_nametoindex.c: conform to RFC2553 (ENXIO if the interface
	  is not found).

Fri Nov 24 15:14:37 JST 2000  itojun@iijlab.net
	* libinet6: compile strl{cpy,cat} for better code sharing.
	  (freebsd2/netbsd142/bsdi3/bsdi4)

Fri Nov 24 01:43:21 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd4/usr.sbin/syslogd: IPv6 enabled syslogd from
	  masahito_endo@ydc.co.jp. '-a' option does not work now.

2000-11-21  Koji Kawano <K.Kawano@rdmg.mgcs.mei.co.jp>
	* kame/freebsd4: we now start to support 4.2-RELEASE.

Tue Nov 21 02:45:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/wwwoffle: upgrade to 2.6.

2000-11-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* [fno]bsd: supported the IPV6_RECVPATHMTU socket option. Not
	compiled as of writing this log.

2000-11-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/racoon/grabmyaddr.c (suitable_ifaddr6): made sure to
	close the temporary socket. Without this, racoon will eventually
	die upon the "too many open files" error.

Fri Nov 17 05:09:07 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/apache13: upgrade to 1.3.14.

Thu Nov 16 01:16:07 JST 2000  itojun@iijlab.net
	* freebsd2/ports/lukemftp: lukemftp (portable NetBSD ftp client),
	  version 1.5.
	* freebsd2/usr.bin/Makefile: we no longer build ftp client, to decrease
	  our maintenance labor.  use lukemftp, or some other ftp client.

2000-11-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_input):
	* bsdi4/sys/netinet6/raw_ipv6.c (rip6_ctlinput):
	* bsdi4/sys/netinet/{tcp,udp}_usrreq.c ({tcp6,udp6}_ctlinput):
	* bsdi4/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	IPV6_RECVPATHMTU socket option support.
	Note that the current implementation is not fully conformant to
	the latest rfc2292bis spec. The implementation uses a special
	control structure to pass both the MTU value and the destination
	to the application, while the spec says the corresponding
	ancillary data just contains the MTU value.
	We are now clarifying it in the IETF ipng ML, and the
	implementation may change after the discussion.
	TODO: transport layer support in other *BSD than bsdi4.

Mon Nov 13 04:28:33 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ncftp3: upgrade to 3.0.2

Sun Nov 12 15:40:29 JST 2000  itojun@iijlab.net
	* bsdi4/libexec/ftpd/ftpd.c: update LPSV/EPSV result code to conform
	  RFC2428.

2000-11-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd: introduced some improvements and new features
	mainly for auto router renumbering (RR):
	- joined all-routers site-local multicast group when RR is enabled,
	  and made the receiving interface configurable via a new command
	  line option "-M".
	- fixed many bugs in handling RR messages.
	- supported lifetimes that decrement in real time, and will expire
	  at a specified time in the future. 3 new parameters for
	  rtadvd.conf were introduced to handle such lifetimes. See
	  rtadvd.conf(5).

Thu Nov  9 20:14:00 JST 2000 sakane@ydc.co.jp
	* racoon:
	check the address is suitable or not before using them when grabing
	all addresses on each interfaces.  tentative, duplicated and
	detached are unsuitable at the moment.

Thu Nov  9 15:30:42 JST 2000 sakane@ydc.co.jp
	* racoon:
	Use both the source address and the destination address to get
	phase1-sa.

Thu Nov  9 09:53:54 JST 2000  itojun@iijlab.net
	* netbsd/libexec/{rshd,rlogind}: do not refer free'ed memory region.
	  KAME PR 302 from ryo@iij.ad.jp

Thu Nov  9 02:21:00 JST 2000  itojun@iijlab.net
	* *bsd*/sys/sys/mbuf.h: make sure we nuke mbuf pointed to by m_aux,
	  on MFREE().  under sys/kern, there are code which calls MFREE()
	  instead of m_free().
	* sys/netinet6?/tcp6?_input.c: reject SYN, if the destination address is
	  a deprecated address and we forbid the use of deprecated address.
	* sys/sys/mbuf.h: get rid of M_ANYCAST6. flag bit is a precious resource
	  (done for freebsd2/bsdi[34]/openbsd/netbsd)

Thu Nov  9 02:17:10 JST 2000 sakane@ydc.co.jp
	*racoon:
	Ignored a acquire message if its destination address matches
	a multicast address.

Thu Nov  9 01:30:20 JST 2000 sakane@ydc.co.jp
	* setkey:
	Print a timestamp on each dump line by using -x option.

2000-11-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/if_indextoname.c (if_indextoname): made sure
	to set ENXIO to errno if an appropriate interface is not found.
	(to be conformant to RFC2553 and its bis)

Wed Nov  8 02:14:22 JST 2000 sakane@ydc.co.jp
	* racoon:
	Fixed to bind a address which is added right now to the kernel. 

2000-11-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sbin/ifconfig/ifconfig.c (in6_status):
	* bsdi4/sbin/ifconfig/ifconfig.c (inet6_status):
	* {net,open}bsd/sbin/ifconfig/ifconfig.c:
	  explicitly state that an address is "deprecated" if preferred
	  lifetime goes into 0.

2000-11-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/rtadvd.c (sock_open): join ff05::2 if router
	renumbering is enabled.

Wed Nov  8 01:27:40 JST 2000  itojun@iijlab.net
	* route6d: do not advertise cloned/dynamic routes.

Tue Nov  7 12:44:07 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/postfix: use 20001005 + IPv6 patch.

Tue Nov  7 01:49:35 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/kame/libinet6/resolv/res_init.c: fix memory leak.

Mon Nov  6 15:46:39 JST 2000  itojun@iijlab.net
	* sys/net/if_stf.c, sys/netinet*/in*gif.c: IFF_LINK2 now controls
	  the use of ingress filter on tunnel outer/inner source address.

2000-11-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4,freebsd[34]}/sys/netinet/tcp_subr.c (tcp6_ctlinput):
	* {bsdi4,openbsd}/sys/netinet/udp_usrreq.c (udp6_ctlinput):
	* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
	* kame/sys/netinet6/udp6_usrreq.c (udp6_ctlinput):
	loosened validation for inner packets of icmp6 errors as much as
	possible.

2000-11-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/sys/netinet/ip_input.c (ip_input): reverted original
	FreeBSD code fragment; twisted ip_id before and after calling
	ip_mforward().
	Reported by: Greg Troxel <gdt@fnord.ir.bbn.com>

Mon Nov  6 00:36:02 JST 2000  itojun@iijlab.net
	* sys/netinet6/udp6_output.c (bsdi4/openbsd): do not mix up
	  inbound and outbound flowlabel value.
	  
Thu Nov  2 23:17:07 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: fix [13]DES on big endian machines.
	  report from shigeru@iij.ad.jp.

Wed Nov  1 23:58:34 JST 2000  itojun@iijlab.net
	* sys/crypto/twofish: fix runtime error check logic.  it has been
	  broken for some time.
	* regress/crypto: regression test for kernel crypto logic.

Wed Nov  1 17:24:31 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_{in,out}put.c: implement flow label manipulation
	  setsockopt, as documented in draft-itojun-ipv6-flowlabel-api-00.txt.
	  the default value can be switched by net.inet6.ip6.auto_flowlabel.
	  experimental.

<200010>
Tue Oct 31 13:33:38 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_{in,out}put.c: implement traffic class manipulation
	  API, as documented in draft-itojun-ipv6-tclass-api-01.txt.
	  experimental.

2000-10-29  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* Fixed NATPT memory leak.  When TCP session is finished, memory
	  which holds tcp information is not freed.

2000-10-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/if.c (if_getmtu): made some clarifications:
	  - first try getifaddrs(), and then do SIOCGIFMTU for safety. The
	    revised logic will relieve environments with poor getifaddrs()
	    implementation.
	  - avoid referring to freed data by delaying to call freeifaddrs().
	* kame/kame/rtadvd/rtadvd.conf.5: insistently noted that the
	configuration file can be omitted for those who do not read
	rtadvd(8).

2000-10-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (defrouter_select): do not install a
	route to the default interface as default route if the node acts
	as a router, because such default route might conflict with a
	default route installed from a user application (e.g. routing
	daemon).

2000-10-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/v6test/getconfig.c (make_{tcp,udp}): TCP/UDP data
	buffer can be specified.
	based on a patch from: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

2000-10-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifscrub): checked the existence of
	dstaddr before calling rtinit(). This fix will solve the KAME PR
	sys/295.

Sun Oct 22 23:08:22 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/in6_pcb.c (freebsd2/bsdi3):
	  don't do anything special against IPv4 mapped address, as we don't
	  support them.

Sat Oct 21 01:40:20 JST 2000  itojun@iijlab.net
	* bindtest: add summary mode (-s).  from yoshfuji.

Fri Oct 20 04:20:12 JST 2000  itojun@iijlab.net
	* openbsd: enable IPv6 PTMUD DoS prevention.  validates TCP6/UDP6 PMTUD 
	  by existence of connected pcb.

Fri Oct 20 03:14:55 JST 2000  itojun@iijlab.net
	* ping6: by default, fragment packet into 1280 bytes (IPv6 minimum MTU).
	  -m will suppress the behavior (send it as is, and obey path MTU
	  discovery).

Thu Oct 19 14:12:04 JST 2000 sakane@ydc.co.jp
	* racoon:
	- check whether the initial contact is acceptable.
	when both ends are using "use" as the policy level, both ends initiate
	the phase 1 and send initial-contacts under each phase 1 SA.  In this
	case, each phase 1 SA will be banished by the another initial-contact.
	Simply calling getcontacted() is the solution to avoid the case.

2000-10-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (add_m6fc): made sure to reset
	the outgoing interfaces list in all cases where a multicast
	routing cache is created or updated.
	In response to a report from Hoerdt Mickael
	<hoerdt@clarinet.u-strasbg.fr>

Thu Oct 19 10:37:05 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: (netbsd only for now) try to prevent
	  DoS attack using path MTU messages.  validate ICMPv6 too big messages
	  using content of TCP/UDP connection table and/or IPsec SAs.
	  framework by thorpej@netbsd.org.  sync with netbsd-current.

	  TODO: think about sendto(2) cases, raw ip6 cases and others.
	  aren't we too restrictive given the fact PMTUD is mandatory for IPv6?
	  TODO: other platforms

Wed Oct 18 18:54:50 JST 2000 sakane@ydc.co.jp
	* racoon:
	- fixed to parse the timer directive in the racoon configuration.
	- the identifier in phase 1 transmitted by peer compared with the user
	  expecting.  If they are not same, racoon just warns it at the moment.
	- Moved the place of calling ipsec_checkid1() after parsing the payload
	  transmitted by peer.
	- bark if DH computation failed.
	- added two function to handle the certificate.
		eay_str2asn1dn(), convert the string into DER.
		eay_cmp_asn1dn(), compare two subjectname.

2000/10/18 18:15:25 JST kjc@csl.sony.co.jp
	the 2nd round of the ALTQ cleanup:
	* add a new discipline, PRIQ (priority queueing).
	  its minor device number is 11.
	* kernel config options:
	  prepend "ALTQ_" to all the ALTQ kernel config options.
	  (e.g., CBQ -> ALTQ_CBQ)
	  eliminate CBQ_RED, CBQ_RIO, HFSC_RED, HFSC_RIO but
	  enable RED/RIO on HFSC/CBQ/PRIQ when RED/RIO is defined.
	* change ioctl numbers to be more consistent among disciplines.
	* altqd:
	  divide altqd.c into altqd.c and libaltq2.c.
	  libaltq2.c contains functions and variables required by libaltq.
	* remove the accounting mode from headers and userland tools.
	  (it was already removed from the kernel)
	* other misc cleanup
	as usual, don't forget to install new include files and rebuild
	userland tools.

2000-10-17  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* NAT-PT can translate fragmented IPv4 packet to IPv4.        
	  You need to write 'options NATPT_NAT' and 'options NATPT_FRAGMENT'
	  into kernel configuration file, and recompile kernel.
	  This function is experimental, and tested only FreeBSD 3.5.

2000/10/17 19:47:21 JST kjc@csl.sony.co.jp
	* freebsd4/sys/alpha/alpha exception.s:
	* freebsd4/sys/alpha/include asm.h:
	import the fix from FreeBSD-current that allows to boot large
	kernels on alpha.
	without this fix, GENERIC.KAME kernels hang after printing
	the copyright.

Mon Oct 16 05:13:56 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mozilla: upgrade to M18

2000-10-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_mtudisc_update): update path
	MTU information only when a corresponding host route already
	exists. Currently for bsdi only.
	This is an experimental fix for the KAME PR sys/292. We may choose
	a different way in the future.

2000-10-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput):
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_ctlinput):
	added validation for the TCP or UDP headers of inner
	packets. Without this, a bad remote user could make the kernel
	core-dump.
	(itojun seemed to merge the fix to other *BSDs)

Sun Oct 15 19:18:45 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/squid11: use latest IPv6 patch.
	* freebsd3/ports/lftp: upgrade to 2.3.4.
	* freebsd3/ports/sendmail: sendmail 8.11 now is official version
	so I combine sendmail6 and sendmail.beta into new port 'sendmail'.

Sun Oct 15 17:49:15 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}, freebsd[23]/ports/{libpcap,tcpdump}:
	  use 10/9 weekly snapshot.

Thu Oct 12 04:56:24 JST 2000 sakane@ydc.co.jp
	* kame/racoon: Added two directives, my_identifier and peers_identifer.
	It can be define the identifiers by each peers.  Identifier directive
	will obsoleted in near future.
	XXX peers_identifier should be compared with the value included in ID
	payload sent from the peer.
	XXX asn1dn shoule be able to be specified by user.

Wed Oct 11 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: fix uninitialized variable, which can lead to
	  kernel panic.

Tue Oct 10 23:54:17 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_proto.c: don't call tcp_init twice, if
	  we share tcp stack between IPv4/v6 and we are compiling a kernel
	  with dual stack configuration (netbsd/openbsd/freebsd[34]/bsdi4).
	  from enami@netbsd.org.
	* sys/netinet6/icmp6.c: nuke net.inet6.icmp6.errratelimit.
	* openbsd/sys/conf/GENERIC: move KAME mandatory flags into
	  conf/GENERIC, so that they will get defined for all kernel
	  configuration files.

Tue Oct 10 15:43:58 JST 2000  itojun@iijlab.net
	* kame/rtsold/rtsock.c: watch routing socket for pcmcia/cardbus
	  interface removal.  cease RS if an interface gets removed.
	  (affects NetBSD 1.5 or higher)

Tue Oct 10 03:50:32 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/wu-ftpd: upgrade to latest IPv6 patch. EPSV now
	works. TODO: -s speaks IPv4 only.

Sat Oct  7 16:01:12 JST 2000  itojun@iijlab.net
	* ping6, traceroute, traceroute6, mtrace6, icmp6dump: plug fd_set hole.
	  see openbsd select(2).  from deraadt@openbsd.
	* traceroute: repair savestr() hole.

Thu Oct  5 12:31:12 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: get rid of all uses of random() in IPsec code,
	  where possible (netbsd/freebsd4).  for other operating systems, we
	  have no good random number source like rnd(4), and random() will
	  be used.  you will see one-line warning when you start using IPsec.
	  XXX we may need to think about how IV should be stirred.  the current
	  code uses too much entropy out of rnd(4).

Thu Oct  5 07:41:18 JST 2000  itojun@iijlab.net
	* *bsd*/sys/net/if.c: make sure we have root privilege on SIOCSPHY*
	  operation.  remove SIOCSPHY* handling from in{,6}_control.
	  from: thorpej@netbsd.org

Wed Oct  4 20:39:16 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: supply two sysctl variables,
	  net.key.{esp,ah}_keymin, that control how ACQUIRE messages are
	  formed.  algorithms/key length smaller than the configured value
	  will be filtered out.

Wed Oct  4 07:30:10 JST 2000  itojun@iijlab.net
	* sys/net/pfkeyv2.h, racoon: move AES (rijndael) protocol # to the
	  official one.  note that you now lost interoperability between old
	  racoon and new racoon, when you negotiate rijndael.
	  also note that AES final document is yet to become FIPS standard,
	  so there's some uncertainity window, for like 3 months.

Wed Oct  4 00:29:42 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/lftp: upgrade to 2.3.3.
	* freebsd3/ports/{libpcap,tcpdump}: upgrade to 2000/10/02
	  weekly snap.
	* freebsd3/ports/wu-ftpd: upgrade to 2.6.1.

Tue Oct  3 JST 2000  itojun@iijlab.net
	* libipsec/pfkey.c: tighten header chasing.  we should change some
	  of the function signatures for better protection.

2000-10-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat/main.c:
	* kame/kame/netstat/ipsec.c (ipsec6_stats0):
	printed statistics on IPv6 IPsec by `netstat -s [-p ipsec6]'.

2000-10-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (defrouter_addifreq): use rtrequest1
	with a proper interface address for bsdi4, instead of rtrequest.
	This is necessary for the function to work correctly for a p2p
	interface.

2000-10-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sys/netinet/tcp_subr.c (ipsec4_hdrsiz_tcp):
	* bsdi4/sys/netinet/tcp_subr.c (ipsec_hdrsiz_tcp):
	properly set the ip_hl field before calling ipsec4_hdrsiz().
	Without this, the policy matching routine would misunderstand the
	IP header length, and would failed to detect the position of the
	TCP header. As a consequence, policy matching using specific TCP
	ports would fail.

2000-10-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/crypto/rijndael/rijndael-api-fst.c: avoided assert,
	memcpy, and memset, which are not available in the kernel of some
	BSD variants. It would rather be better to use them from a
	standardization point of view, but it could be undesirable for
	portability among *BSD kernels.

2000-10-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_nbr.c (nd6_ns_input): added several minor
	fixes:
	- do not 'goto bad' unless taddr6 is propery set.
	- adjust the pointer to ip6_hdr after IP6_EXTHDR_{GET, CHECK} for
	  safety.
	- goto bad if check for hoplimit fails (to record the header
	  information).

2000-10-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): check if a
	routing header is contained, in order to store destination option
	headers at proper postions.
	XXX: the check routine is not very efficient.

2000-10-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi[34]/sys/kern/uipc_syscalls.c (sendit): check if cmsg_len is
	0, in order to avoid an infinite loop.

2000-10-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_setpktoptions): supported
	the IPV6_RTHDRDSTOPTS case, which was just forgotten.

2000-10-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c (main): set ND6_INFINITE_LIFETIME
	to ia6t_[pv]ltime as the default values, so that manually
	configured IPv6 addresses have infinite lifetime.

2000-10-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/timer.c: fixed a bug that missed necessary
	braces.
	(applied a patch from Toshiaki.Nakatsu@fujixerox.co.jp)

<200009>
Sun Sep 30 JST 2000  itojun@iijlab.net
	* racoon: disable rc5/idea support by default, due to patent twists.

Fri Sep 29 12:12:16 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: upgrade to 5.5.3.
	* freebsd3/ports/lftp: upgrade to 2.3.2.

Wed Sep 27 00:56:03 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/wget: use latest IPv6 patch(9/15).

Tue Sep 26 17:40:30 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: attach sadb_comb for IPComp SADB_ACQUIRE message.
	  the use of sadb_comb is not on RFC2367; it was discussed in
	  pf_key mailing list and is one of the candidate behavior under
	  current header file declaration.

Tue Sep 26 07:56:17 JST 2000  itojun@iijlab.net
	* libinet6/getnameinfo.c: off-by-1 error in string length valildation.
	  From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
	  NOTE: all users are suggested to upgrade their userland.

Sun Sep 24 07:31:53 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/9/18 weekly snap
	  from tcpdump.org.

Sun Sep 24 04:15:52 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/wwwoffle: upgrade to 2.5e.
	* freebsd3/ports/netcat: netcat 1.10. you must select address
	  family to use -4/-6 option explicitly.

Sun Sep 24 00:38:51 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/tcp_wrapper: upgrade to latest IPv6 patch.
	* freebsd3/ports/lynx: upgrade to 2.8.4dev10

Fri Sep 23 JST 2000 sakane@ydc.co.jp
	* racoon:
	- Converted to binary from string if need.  openssl returns a string
	  even if object should be a binary.
	- fixed to attach the notify of responder life time.  It always was
	  sent.
	- enabled to get multiple subjectAltNames.  verified the ID in the
	  ID payload and one of the subjectAltNames.
	- don't send the attribute of lifetime as bytes when it is not defined
	  in configuration file.
	- nuke certaltname.  It always define explicitly name in the
	  racoon.conf, for example fqdn, user_fqdn.  don't get identifier
	  from the subjectAltName.
	- fixed base mode with RSA signature in initiator case.
	- enable to switch sending CR payload or not.
	- ignored multiple cert payload.  at the moment, racoon take first cert.
	  But it should be took all cert payload.

Sat Sep 23 JST 2000  itojun@iijlab.net
	* racoon: (1) attach key length attribute to rijndael/twofish.
	  they are variable-length ciphers, key length attribute is mandatory.
	  (2) disable kmpstat and racoon admin port, as there's no
	  authentication at all (bad idea for security tools...)
	* sys/netkey/key.c: attach sensible default lifetime to sadb_comb.

Fri Sep 22 23:47:24 JST 2000 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Fixed the meaning of "created".  Then the behavior of
	net.key.blockacq_count is fixed.

Fri Sep 22 JST 2000  itojun@iijlab.net
	* sys/netinet6/ipsec.c: clarify policy lookup.  always pull port
	  number from the packet.  previous code looked up port number from
	  pcb, and did not work right on sendto() with explicit address.
	* sys/netinet6/ip6_forwarding.c: do not try to look at port numbers,
	  as we are forwarding and the packet could be a fragment.
	* sys/netinet6/ipcomp_*.c: (1) stabilize deflate engine.  (2) remove
	  too strong assumption on mbuf chain, make it friendly with
	  m_pulldown cases.  (3) compute outbound byte lifetime based on
	  uncompressed packet.  the behavior now meets inbound behavior.
	  RFC2401 page 23.  (4) fix mbuf leak (compression error cases).
	* racoon: (1) support short phase 2 SPI (16bit instead of 32bit) for
	  IPComp, to meet the latest IPComp draft.  need more checks.
	  (2) stabilize behavior when many phase 1 proposals are presetned.
	  (3) make it possible to build with boehm GC.
	  (4) do not attach IDci/IDcr payload on phase 2 negotiation, if
	  we are negotiating transport mode SAs.  this should help "encrypt
	  everyone's traffic" server configuration, like below:
		spdadd ::/0 ::/0 any -P out ipsec esp/transport//use;
		spdadd ::/0 ::/0 any -P ah ipsec esp/transport//use;
	  the source of this problem is the dual meaning of policy src/dst
	  address space pair ("::/0 ::/0" in the above example).
	  there are two meanings/interpretation of this at this moment:
	  - cloud behind the gateway (tunnel mode case only)
	  - src/dst pair for which i would like to enforce ipsec 
	    tunnel/transport)
	  we may need to split them into two distinct configuration,
	  if there's demand.
	* sys/netkey/keysock.c: stabilize behavior in heavy SADB_ACQUIRE
	  traffic.

Thu Sep 21 03:18:11 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: make it possible to use rijndael and twofish
	  at the same time.  this obsoletes kernel compile option
	  IPSEC_ESP_TWOFISH.
	* sys/netkey/key.c: relax SPI boundary check for IPComp.  at this
	  moment no check is made against wellknown IPComp CPI.
	  need to revisit.
	* sys/netinet6/route6.c: repair cut and paste bug in address validation.
	  from francis dupont.

Wed Sep 20 22:21:57 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/bind9: upgrade to official release 9.0.0

Wed Sep 20 03:10:09 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: make proposal/combination payload on SADB_ACQUIRE
	  message (kernel -> userland) optional, to support ipcomp ACQUIRE
	  messages.  this makes KAME PF_KEY to violate RFC2367.  however,
	  as ipcomp is not covered by RFC2367 (we cannot attach
	  proposal/combination for ipcomp case), we have no other choice.
	* netbsd/sys/netinet/tcp_subr.c: allocate mbuf cluster for tcp header
	  template, only when necessary.   this avoids too aggressive memory
	  usage on heavy load web server, for example.
	  From: Kevin Lahey <kml@dotrocket.com>
	 
Tue Sep 19 07:43:42 JST 2000  itojun@iijlab.net
	* freebsd[234], bsdi[34] tcp code: repair IPsec header size prediction
	  (which avoids fragmentation on IPsec'ed TCP packet).
	  was broken by Sep 19 00:59:30 change.

Tue Sep 19 06:01:33 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: repair IPsec blowfish-cbc (BF_encrypt takes
	  host endian value!).  Aug28 commit log was wrong.  blowfish-cbc has
	  been broken from Aug28 till this commit.
	* sys/netinet6/esp_core.c: nuke old ESP core logic.

Tue Sep 19 02:50:41 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use 9.0.0 (first official release)

Tue Sep 19 00:59:30 JST 2000  itojun@iijlab.net
	* sys/netinet6/ipsec.c: on ipsec policy lookup, properly handle traffic
	  on AF_INET6 socket with IPv4 mapped address (eg IPv4 on wire).
	  NOTE: we still have issue with port number lookup (KAME PR 287).

Sat Sep 16 23:28:32 JST 2000  itojun@iijlab.net
	* freebsd2/ports/wget, netbsd/pkgsrc/net/wget: use latest IPv6 patch
	  (9/15).  it repairs -I option.

2000-09-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_redirect_input): examined the
	gateway (from the routing table) only when the address family of
	the gateway is AF_INET6.
	In response to a report from Jacques A. Vidrine <n@nectar.com> in
	the freebsd-net ML.

Thu Sep 14 10:40:12 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/lfp: upgrade to 2.2.6.

Thu Sep 14 09:24:47 JST 2000  itojun@iijlab.net
	* kame/faithd: repair EPRT translation.  cope with PASV result
	  without paren.

Thu Sep 14 04:01:35 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[234]: hardcode NEW_STRUCT_ROUTE to 1
	* freebsd4/usr.sbin/lpr: IPv6 support from kame/freebsd3

2000-09-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/racoon: was just added for build. It can be
	compiled (at least in my environment) but has not been tested.

Wed Sep 13 15:01:17 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Added some switches into racoon.conf;
	- verifying a certificate or not.
	- verifying the subjectAltName and the sucjectName.
	- sending a certificate or not.

Wed Sep 13 14:56:23 JST 2000  itojun@iijlab.net
	* kame/racoon/doc/FAQ: add racoon FAQ.  will be improved in the near
	  future.

Tue Sep 12 23:48:58 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- Fixed the parameter of ipsecdoi_checkph1proposal() of initiator side.
	  RFC 2409 says the last byte is not included the padding length.
	- Fixed to parse the responder's proposal on initiator.  Error happened
	  that the responder responded second proposal.

Tue Sep 12 17:52:01 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_input.c: workaround to recent IPv6 ESP problem
	  (started early Sep with ESP core crypto engine rewrite).
	  perform m_pullup2 equivalent on IPv6 ESP transport mode, to avoid
	  non-continuous mbuf.  (this is not necessary for m_pulldown case)
	  KAME PR 283.  Thanks to TAHI guys and users@jp.ipv6.org.

2000-09-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_forward.c (ip6_forward): if the incoming
	interface equals to the outgoing one, and the link attached to the
	interface is point-to-point, then immediately drop the packet and
	send an ICMPv6 destination unreachable error message.
	This is currently experimental and needs the PROHIBIT_P2PREDIRECT
	kernel compilation option.

Tue Sep 12 14:21:27 JST 2000  itojun@iijlab.net
	* kame/faithd: change default behavior with no arguments.
	  old behavior (relay telnet session) does not seem like a sensible
	  default - the behavior is historical.  now faithd will die with
	  usage on no argument.
	  WARNING: you may need to change startup scripts, if you rely upon
	  old "no argument" behavior.

Tue Sep 12 00:37:48 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Enabled to negotiate unique SAs.  For example, you can configured
	each SAs of TCP and UDP between two nodes.

Mon Sep 11 14:54:04 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0rc5.

2000-09-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_join_prune):
	improved the algorithm of random delay calculation; the result of
	the previous algorithm was always 0 in spite of using random().
        This fix was based on a comment from
	Toshiaki.Nakatsu@fujixerox.co.jp.

2000-09-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (pim6_input): added validation
	for the IP version of inner packets.

2000-09-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_register): improved
	robustness:
	- added validation for the length of register messages.
	- added validation for the IP version of inner packets, according
	  to the recent discussion in the IETF pim ML.

Fri Sep  8 15:58:38 JST 2000 sakane@ydc.co.jp
	* freebsd3/ports/apache13, netbsd/pkgsrc/www/apache13:
	  apache 1.3.12 + latest IPv6 patch.
	  Fixed to parse the hostinfo when proxy case.

Thu Sep  7 14:03:06 JST 2000  itojun@iijlab.net
	* rtadvd/config.c: use getifaddrs to grab list of configured interface
	  address prefixes.  previous code used routing table dump, and can be
	  confused by misconfigured routing table (result in bogus prefix
	  information option to be attached to RA).
	  suppress bogus warning on source link-layer address option, attached
	  to RA packets.

	  XXX uses RTM_ADD/DELETE to check for new interface addresses.  should
	  they be RTM_NEWADDR/DELADDR?

2000-09-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c (pr_nodeaddr): printed address lifetime
	according to the latest specification.
	This change was based on a patch from Hideaki YOSHIFUJI
	<yoshfuji@v6.linux.or.jp>.

2000-09-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (ni6_store_addrs): conformed to the
	latest (05 or later) specification:
	- put TTL (valid lifetime) of each address before the address
	  itself.
	- put preferred addresses before deprecated ones.

Wed Sep  6 16:32:42 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: update to 5.5.1
	* freebsd3/ports/w3m: IPv6 ftp support

Wed Sep  6 16:20:45 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: update to 5.5.1

Wed Sep  6 16:08:52 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/xmms: xmms-1.2.2 with IPv6 patch
	  From: ume@mahoroba.org

Mon Sep  4 10:47:06 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/lynx: upgrade to 2.8.4dev9

Fri Sep  1 22:14:27 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/rsync: use latest IPv6 patch.
	   - freeaddrinfo(NULL) was executed when reverse looking up of
	     the client was failed in server mode.
	   - -4/-6 options did not work in rsync client mode.
	  Reported by: matusita@jp.FreeBSD.org
	  Submitted by: yoshfuji@v6.linux.or.jp

Fri Sep  1 JST 2000  itojun@iijlab.net
	* kame/rtadvd/if.c: repair interface MTU lookup.
	  From koji@jp.above.net.

Fri Sep  1 02:30:02 JST 2000  itojun@iijlab.net
	* {net,open}bsd/lib/libinet6/getaddrinfo.c: on /etc/hosts lookup, set
	  "official host name" (the leftmost hostname) into ai_canonname.
	  this is to synchronize with practice in gethostby*.
	  comment from ume.
	* sys/crypto: repair behavior on LP64 architecture.  blowfish and
	  des did not work at all (or behave strange), due to issues in SSLeay.
	* kame/racoon: allow comment line in pre-shared key setting.

<200008>
Thu Aug 31 23:47:31 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Enable to send either the DN or SubjectAltName as ID payload.
	Compared between the value of ID payload and the name of the
	certificate if it needed.

Thu Aug 31 20:04:27 JST 2000  itojun@iijlab.net
	* freebsd2/ports/sendmail.beta: upgrade to 8.11.0.

Thu Aug 31 15:18:39 JST 2000 sakane@ydc.co.jp
	* kame/kame/pfkey.c:
	- Fixed to check if kernel supports the algorithm.  the routine
	  overrided the map of algorithms supported whenever a user calls
	  pfkey_recv_register().
	- added ipsec_check_keylen2().  It's called with sa-type instead
	  supported-type.
	- added pfkey_set_supported().  It's called with sadb_msg buffer,
	  and make the map.

Thu Aug 31 01:57:06 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/heimdal: upgrade to 0.3b but now it is broken due
	  to use old 2292API.
	
2000-08-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/ip_input.c (ip_forward): made the code
	friendly with a BSDI's official patch.
	From: Takashi Taniguchi <tani@iij.ad.jp>

2000-08-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (ni6_input):
	* kame/sys/netinet6/icmp6.c (ni6_addrs):
	* kame/sys/netinet6/icmp6.c (ni6_store_addrs):
	some corrections and clarfications about nodeinfo node addresses:
	- fixed misuse of the A flag
	- fixed a bug to produce truncated responses
	- checked the subject address instead of ip6_dst in ni6_addrs
	- updated comment based on the latest draft(06)

Wed Aug 30 15:02:27 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c, sys/netinet6/in6_ifattach.c:
	  downcase hostname/DNS name, before computing NI group address.
	  From: yoshfuji

2000-08-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (prelist_update): reverted the
	original two-hour rule for updating address lifetime in RFC 2462.
	We've adopted the "Jim Bound algorithm", but we found no strong
	reason to do so through recent discussions.

Tue Aug 29 16:29:49 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/8/28 weekly snap
	  from tcpdump.org.
	* freebsd2/ports/{libpcap,tcpdump}: use 2000/8/28 weekly snap
	  from tcpdump.org.

2000-08-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (prelist_update): clarification
	about the "two-hour" rule in RFC 2462 (currently disabled,
	though)
	- do not take into account if the pakcet is authenticated unless
	  storedlifetime <= TWOHOUR.
	- changed the semantics of storedlifetime
	  from "Valid Lifetime in the previously received advertisement"
	  to "*remaining* lifetime of the stored entry".

Tue Aug 29 01:45:33 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: experimental twofish/rijndael (AES
	  candidate) support in kernel IPsec, based on
	  draft-ietf-ipsec-ciph-aes-cbc-00.txt.  only either of them can be
	  enabled.  by default, rijndael is used.  if you define
	  IPSEC_ESP_TWOFISH in your kernel configuration file, twofish is used.
	  (this is due to library namespace issue - we are using the sample
	  code submitted to AES, and they use conflicting symbols)
	  TODO: racoon support

Mon Aug 28 23:22:59 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: revisit ESP crypto algorithm handling.
	  use block cipher code from esp_cbc_{en,de}crypt(), so that we can
	  easily switch the block cipher code, and reuse mbuf chasing part.
	* sys/netinet6/esp_core.c: it looks that the old blowfish support code
	  has some bug.  switch to the new codebase.  old codebase and
	  new codebase does not interop with each other.  the code will be
	  bringed into *BSD after we go through real interop tests.
	  [[the commit log was found to be wrong - blowfish was broken from
	  Aug28 to Sep19]]

Mon Aug 28 02:25:14 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: stir ESP IV better.  on some of operating system
	  platforms, kernel malloc() gives region with almost constant content.
	  IPSEC USERS ARE STRONGLY SUGGESTED TO UPDATE.

Sun Aug 27 21:25:44 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: ESP internal function API change;
	  algo->{en,de}crypt frees mbuf on error.

2000-08-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_lifaddr_ioctl): made
	SIOC[DG]LIFADDR scope-aware; fe80::/64 (not /10) will be accepted
	to specify a link-local address.
	In response to a report from Francis Dupont
	<Francis.Dupont@enst-bretagne.fr>.

Thu Aug 24 20:17:26 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	It is possible to verify the signer chain in the certificate.
	You must have all of the certificate of each authorities before
	the certificate verification.
	Also racoon can output a readable certificate to the logfile during
	debugging.
	XXX the caomparison between ID value and Subject{,Alt}Name is not yet.

Thu Aug 24 16:07:40 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9, freebsd3/ports/bind9: use bind
	  9.0.0rc4.

Thu Aug 24 16:01:26 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Fixed IV processing.  IV mismatching happened when a peer sent a
	encrypted informational exchange on phase 1.  Also added a comment
	about IV processing in handler.h.  And deleted ivd in IV hander
	because it is useless.

Wed Aug 23 22:42:19 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Added the behavior of PFS selection in the case of "strict"/"claim".
	If PFS is not required by the responder, the responder obeys the 
	proposal.  If PFS is required by both sides and if the responder's
	group is not equal to the initiator's one, then the responder reject
	the proposal. 

Wed Aug 23 18:13:50 JST 2000 kjc@csl.sony.co.jp
	* add ALTQ support to the dc driver and ethernet bridging of openbsd.

Wed Aug 23 15:20:59 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Added a level of "exact" to "proposal_check" directive.  When the
	responder define it, the responder will reject the proposal if each
	lifetime/lifebytes/pfs are not same between the initiator and the
	responder.

Wed Aug 23 14:18:44 JST 2000  itojun@iijlab.net
	* netbsd/sbin/ping6: provide stddev value at the end, to follow 
	  practice in netbsd ping(8).

Wed Aug 23 13:19:59 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/squid11: use latest IPv6 patch.

Wed Aug 23 12:30:02 JST 2000  itojun@iijlab.net
	* sys/netinet6/route6.c: dropped COMPAT_RFC2292 clause.
	  it still have binary backward compatible behavior with RFC2292,
	  modulo strict/loose bit.

Wed Aug 23 10:43:07 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Enabled to check PFS group strictly.  It can be done by
	defining "strict" to "proposal_check" in "remote" directive.

Tue Aug 22 17:19:46 JST 2000	suz@sdl.hitachi.co.jp
	* kame/sys/netinet6/in6_ifattach.c (in6_ifattach): application 
	using routing-socket (e.g. zebra) can detect automatic addition 
	of linklocal I/F address by RTM_NEWADDR message.
	
Mon Aug 21 13:33:12 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd4/ports/{ct, v6eval}: TAHI test tools

Mon Aug 21 19:17:17 JST 2000 sakane@ydc.co.jp
	* freebsd3/ports/apache13: apache 1.3.12 + latest IPv6 patch

2000-08-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/route6.c (ip6_rthdr0): made the code friendly
	with the old advanced API (RFC2292). Note that the kernel
	compilation option "COMPAT_RFC2292" is necessary to enable this.

2000-08-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (prelist_update): corrected the
	interpretation of "StoredLifetime" in the "Jim Bound algorithm".
	Pointed out by OKABE Nobuo <Nobuo_Okabe@yokogawa.co.jp>.

Mon Aug 21 13:33:12 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/{ct, v6eval}: upgrade to 1.1

2000-08-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mforward): do not forward
	packets with the unspecified source address. This is rather more
	serious than unicast cases, because some MLD packets can be sent
	with the unspecified source address (although such packets must
	normally set 1 to the hop limit field).

Sun Aug 20 20:14:36 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/zebra: upgrade to 0.88.

Sun Aug 20 20:23:03 JST 2000  itojun@iijlab.net
	* freebsd3/ports/rsync, netbsd/pkgsrc/net/rsync: upgrade to 2.4.5.

Sun Aug 19 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: repair mbuf manipulation in outgoing
	  jumbogram support 
	* sys/netinet6: some pedant fix for memory access alignment constraint.
	* sys/netinet6/ip6_output.c: add diagnostic code for advanced API
	  memory allocation (there seem to be some memory leak, need
	  correction)

Fri Aug 18 23:53:15 JST 2000  itojun@iijlab.net
	* sys/crypto/rc5: drop IPsec RC5 support.

Fri Aug 18 20:29:23 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* remove kame/kame/sys/netpm/*.[ch] because this code is obsolete.

	  NOTICE: If you want to cleanup old symlinks,
	  perform "make TARGET=netbsd clean", in the top directory.
	  Of course, you should select TARGET name for proper one.

Fri Aug 18 14:22:15 JST 2000	suz@sdl.hitachi.co.jp
	* kame/sys/netinet6/in6.c: always assign prefixlen 128
	  for non-linklocal prefix of P2P and loopback I/F.
	  This feature is enabled only when you define 
	  "USE_FIXED_P2P_PLEN" macro.
	
Fri Aug 18 11:34:01 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra: upgrade to 0.88.

Thu Aug 17 19:27:34 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra: upgrade to 0.88pre2.

Thu Aug 17 10:19:13 JST 2000  itojun@iijlab.net
	* openbsd: change kernel headers to use "NEW_STRUCT_ROUTE" definition.
	  kernel can panic if you don't define it in kernel configuration file.

Wed Aug 16 15:41:28 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/wget: upgrade to latest IPv6 patch.
	  IPv6 FTP is now available.

2000-08-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c: set some IPv6 related parameters
	to a correct variable. Without this fix, for example, an IPv6
	anycast address couldn't be configured with the ifconfing command.

Tue Aug 15 22:28:09 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/apache13: apache 1.3.12 + latest IPv6 patch
	* freebsd3/ports/mrt: mrt 2.2.2a-Aug11
	* freebsd3/ports/lynx: upgrade to 2.7.4dev7 which IPv6 patch was
	  merged.
	* freebsd3/ports/python: use latest IPv6 patch.

Tue Aug 15 18:16:14 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/lang/python: use latest IPv6 patch.
	* netbsd/pkgsrc/lang/python-current: python 1.6b1 + IPv6 patch
	* netbsd/pkgsrc/www/apache13: apache 1.3.12 + latest IPv6 patch
	* netbsd/pkgsrc/net/mrt: mrt 2.2.2a-Aug11

Tue Aug 15 16:41:23 JST 2000  itojun@iijlab.net
	* netbsd: change kernel headers to use "NEW_STRUCT_ROUTE" definition.
	  kernel can panic if you don't define it in kernel configuration file.

Tue Aug 15 16:39:43 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/postfix: postfix 20000531 + IPv6 patch.

Tue Aug 15 16:24:51 JST 2000  itojun@iijlab.net
	* kame/sys/net/if_stf.c, kame/sys/netinet/in_gif.c:
	  repair IN_MULTICAST() check for bsdi/freebsd.
	  IN_MULTICAST() and IN_CLASS[A-D] macro has different endianness
	  in *BSDs.

Mon Aug 14 21:22:20 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/devel/boehm-gc: upgrade to 5.0a7
	* netbsd/pkgsrc/www/w3m: upgrade to 0.1.10

Mon Aug 14 18:15:54 JST 2000	suz@kame.net
	* freebsd{2,3}/sbin/ifconfig/ifconfig.c
	+ don't assign dummy address to an interface when it's brought
	  up by "ifconfig up". (same fix has to be done on FreeBSD-4.0)

Mon Aug 14 16:07:45 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/openssl: update to 0.9.5a.
	* netbsd/pkgsrc/mail/postfix-current: postfix 20000531 + IPv6 patch.

Mon Aug 14 13:05:11 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/mozilla: upgrade to M17.

Sun Aug 13 11:09:44 JST 2000  itojun@iijlab.net
	* kame/rtsold/rtsold.c: add -a flag, to autoprobe interface.
	  suggested by thorpej@netbsd.org

Sun Aug 13 09:45:09 JST 2000  itojun@iijlab.net
	* kame/route6d: repair LP64 problem.  from thorpej@netbsd.org

2000-08-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd: implemented an experimental (and KAME
	proprietary) hello option "additional addresses".
	* kame/kame/pim6sd/route.c (set_incoming): when upstream router
	determination, consider neighbor's additional addresses got
	through the new option. This solves a case of mismatch between RP
	and PIM neighbor.

2000-08-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/main.c (cleanup): upon receipt of SIGTERM,
	inform all neighbors the termination by sending a hello message
	with 0 holdtime.

2000-08-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/netstat/if.c (intpr): supported IPv6 scoped
	addresses format.

2000-08-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_bootstrap): added a
	pair of braces to avoid unintentional failure.
	In response to the PR kit/279 from Daniel Elphick
	<de@ecs.soton.ac.uk>

2000-08-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/ports/bind9/: upgraded to 9.0.0rc2.

2000-08-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd4/include/.prepare: was added to ignore ifaddrs.h
	conflict between the FreeBSD's original version and the KAME's
	shared version.
	In response to a report from Tetsuya Isaki
	<isaki@net.ipc.hiroshima-u.ac.jp>

2000-08-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c (pr_pack): printed multple sets of
	bitmaps for NI supported QTYPEs.
	(from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>)

Fri Aug 11 12:00:47 JST 2000	suz@kame.net
	* bsdi3/sys/netiso: if NEW_STRUCT_ROUTE is defined, just use
	`struct route' instead of struct route_iso.
	(compilable, but not tested)

Thu Aug 10 04:42:35 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Implemented responder lifetime selection.  It does not conform to
	the description of RFC2407 completely.  There are three type of the
	behavior by specifing the value of "proposal_check" in "remote"
	directive.
	In phase 2 case, a RESPONDER-LIFETIME notify payload includes into
	the exchange if needed.  To send the payload is not processed in
	phase 1 case yet.

Thu Aug 10 01:19:58 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: upgrade to 9.0.0rc2.

Wed Aug  9 22:37:14 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: support compresed DNS label string.  be more
	  picky about DNS label validation.

Mon Aug  7 23:59:51 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: correct sendto() timeout retry loop.
	  old code made infinite loop in EINTR-busy environment.
	  NetBSD PR 6410.

2000-08-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netiso: if NEW_STRUCT_ROUTE is defined, just use
	`struct route' instead of struct route_iso.
	(compilable, but not tested)

Sun Aug  6 05:41:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd4: we now start to support 4.1-RELEASE.

Fri Aug  4 00:16:00 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: support icmp6 node information
	  "supported query types" query, by ping6 -t.

Thu Aug  3 05:36:23 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Improved to check a packet which is processed or not.  The way is
	to compare between the hash of a packet has been processed and the
	list of hashs which are processed before.

Thu Aug  3 03:00:36 JST 2000 sakane@ydc.co.jp
	* kame/sys/{netkey/{key.c,keydb.h},netinet6/ipsec.h}:
	Improved lifetime handling.  It uses real time instead of tick.
	XXX year 2038 problem remains.

Thu Aug  3 00:49:58 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Tryed sending DELETE message against ISAKMP/IPsec SAs deleted
	before racoon terminates.

Thu Aug  2 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: implement icmp6 nodeinfo "supported qtypes".
	* sys/netinet6: remove bogus DIAGNOSTIC cases for sizeof(ro.ro_dst).

Tue Aug  1 23:53:36 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ja-mnews: upgrade to 1.22PL4.

2000-08-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netiso/tp_inet.c (tpip_output_dg):
	* bsdi4/sys/netiso/tp_inet.c (tpip_ctlinput):
	adjusted arguments to ip_output() and in_pcbnotify() for the
	KAME code.

Tue Aug  1 04:03:29 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	No weak key check perform on racoon.  She leaves this check to kernel.

Tue Aug  1 00:20:44 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/lib/libftpio: try IPv4 if IPv6 connecting was
	failed.
	From: FreeBSD-current

<200007> 
Mon Jul 31 23:26:19 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd4/sys/net/if_types.h: move private use IFT_xx to
	  0xf0 for syncing FreeBSD-current.
	* kame/freebsd3/sys/net/if_types.h: sort IFT_xx for syncing
	  FreeBSD-current.
	WARNING: you must recomplie all KAME applications.

2000-07-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/(various files): made FAKE_LOOPBACK_IF default
	(as previously announced). At this moment, the older behavior can
	be specified by the "OLD_LOOPBACK_IF" kernel compilation option.

2000-07-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c: made ND6_USE_RTSOCK option default.

2000-07-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/vif.c (init_vifs):
	* kame/kame/pim6sd/cfparse.y (phyint_config):
	made sure to check if a valid global address exists after parsing
	the configuration file, in order to avoid unexpected hang up.
	From: Kengo NAGAHASHI <kenken@wide.ad.jp>

Sat Jul 29 JST 2000  itojun@iijlab.net
	* freebsd2/bsdi3: repair NEW_STRUCT_ROUTE support.

Sat Jul 29 07:57:41 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 2000/7/24 weekly snap
	  from tcpdump.org.

Fri 28 Jul 18:56:23 JST 2000  kjc@csl.sony.co.jp
	* make altqd aware of token bucket regulators
	 - install a token bucket regulator when an interface is
	   attached unless there is already one installed.
	 - remove the installed tbr when the interface is detached.

Fri Jul 28 12:46:55 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_output.c: add missing call to tcp6_quench().
	* GENERIC.v6 config file for all *BSD:
	  enable NEW_STRUCT_ROUTE and FAKE_LOOPBACK_IF for torture-testing,
	  which will be enabled by default soon.

Thu Jul 27 22:40:51 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_forward.c: do not forward packets with unspecified
	  IPv6 source.  this is not on the documents, but it seems to have got
	  rough consensus on ipngwg (July 2000).

Thu Jul 27 12:16:52 JST 2000  itojun@iijlab.net
	* tcp6 layer (all *BSD):
	  be proactive about unspecified IPv6 source address.  pcb layer uses
	  unspecified address (::) to mean "unbounded" or "unconnected",
	  and can be confused by packets from outside.

Wed Jul 26 JST 2000  itojun@iijlab.net
	* sys/netinet6: repair faith support.  there are couple of mistakes
	  we had: (1) m->m_pkthdr.rcvif no longer points to faith* interface,
	  however, tcp/udp/icmp6 layer tried to check rcvif.  this results in
	  mysterious icmp6 reply from faith relaying node, for translated
	  destinations.  (2) in many places "faith.h" was not included 

Wed 26 Jul 19:55:19 JST 2000  kjc@csl.sony.co.jp
	* add tbrconfig(8), a tool to configure a token bucket regulator
	  for an interface.  
	  (need ALTQ configured in the kernel.  A SMP box should have
	   ALTQ_NOPCC not to use processor cycle counter)
	  tbrconfig(8) is originally written for tuning ALTQ, but
	  can be used as a handy tool to rate-limit an interface.
	  for example, to rate-limit the fxp0 interface up to 25Mbps,
	    # tbrconfig fxp0 25M auto
	  see tbrconfig(8) for more details.

Wed Jul 26 12:52:50 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Fixed to get a destination address when a packet is received from
	a peer.  It happened when a interface had similar multiple addresses.

Wed Jul 26 11:08:23 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: reject IPv6 packet with IPv4 mapped
	  address in the header.  this makes more sense as we cannot be
	  put into SIIT environment (no BSD supports non-INET kernel
	  compilation).  This is an undo for a change on Mar 28 2000.

Wed Jul 26 11:01:41 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/7/24 weekly snap
	  from tcpdump.org.

2000-07-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/telnet/commands.c (tn): set the source address
	specfied by the -s option correctly.
	KAME PR sys/272.

Tue 25 Jul 19:12:42 JST 2000  kjc@csl.sony.co.jp
	* the first round of ALTQ interface mega cleanup:
	  - cleanup the system interface to the rest of the kernel.
	  (the second round cleans up altq internals.)
	* bring in the new output queue model.
	  the new model removes "#ifdef ALTQ" from most of the
	  drivers, and thus, touches all the drivers used by ALTQ.
	  - the type of if_snd in struct ifnet is changed from
	    struct ifqueue to struct ifaltq.
	  - the altq related fields are moved from struct ifnet
	    to struct ifaltq.
	  - use the newly introduced IFQ_XXX macros instead of
	    IF_XXX macros
	* the new altq mechanism consists of classifier, queueing
	  discipline, and token bucket regulator.
	  - add token bucket regulator to control network devices.
	    tbr decouples driver tuning from disciplines.
	* other changes:
	  - removed 2 kernel config options
	    ALTQ_ACCOUNT: should be part of classifier
	    AFMAP: doesn't really belong to altq
	  - added kernel option
	    ALTQ_NOPPC: do not use processor cycle counter
	  - support alpha architecture on netbsd/openbsd.
	    make use of alpha_rpcc() for a high resolution clock.
	  - add new driver support: ex, wi, tun, ppp
	  - some other style(9) cleanup

Mon Jul 24 23:34:26 JST 2000  itojun@iijlab.net
	* *bsd*/usr.bin/telnet/commands.c: do not use IPV6_PKTOPTIONS in
	  2292bis API environment.  IPv6 source route is temporarily disabled.
	* libinet6/if_nameindex.c: malloc length computation bug.  from kjc.

Mon Jul 24 09:31:25 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.h: try to provide binary backward compatibility for
	  RFC2292 API, deployed into freebsd40/netbsd15/openbsd27.
	  TODO: check 2292/bis-on-TCP behavior.
	  PLEASE RECOMPILE ALL KAME USERLAND BINARIES.

Mon Jul 24 08:22:29 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/netperf: use the latest IPv6 patch (7/21).

Sat Jul 22 01:05:03 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Trying to conform with draft-ietf-mobileip-ipv6-12.  If "support_mip6"
	in remote directive is on, both values of ID payloads in phase 2
	exchange are always used as the addresses of end-point of IPsec-SAs.

Sat Jul 22 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: cache intermediate key for ESP encryption
	  algorithms, into SAs.  this will drastically improve performance
	  for algorithms with long key setup time (blowfish).
	  KAME PR 229.  suggested by sommerfeld.

Fri Jul 21 22:37:44 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/sendmail.beta: use 8.11.0.
	* netbsd/pkgsrc/net/netperf: use the latest IPv6 patch (7/21).

2000-07-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/bgp.c: clarification about the advanced API;
	do not use IPV6_PKTOPTIONS in pure RFC2292 (i.e. not 2292bis)
	paths.

Thu Jul 20 01:52:59 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 7/17 weekly snap.
	* freebsd3/ports/mtr: use latest IPv6 patch.

Wed Jul 19 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- when racoon is running local test mode, AND initial contact is
	  received, don't delete phase 2 SA.
	- more improve to delete phase 1 SA on receiving initial contact.

Wed Jul 19 22:22:47 JST 2000  itojun@iijlab.net
	* kame/rtsold/rtsol.c, kame/rtadvd/rtadvd.c: ip6_var.h requires
	  sys/queue.h.
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 7/17 weekly snap.

Tue Jul 18 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- don't send notify message in processing of information exchange.
	- fixed a possible memory leak when error occure.
	- added some message about comparing each values in proposal.
	- improved to delete phase1 SA when delete message is received OR
	  initial contact is received.

Mon Jul 17 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- commented when id payload of subnet type with full bit masked.

Mon Jul 17 18:45:11 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: allow ESP with no authentication.  it was
	  mistakenly forbidden with the recent key.c change.

Mon Jul 17 03:31:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ruby: upgrade to 1.4.5.

Sun Jul 16 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- commented when id payload of subnet type with full bit masked.
	- racoon.conf are updated about padding option.

Sun Jul 16 16:44:24 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_forward.c: enable IPSEC_IPV6FWD case by default.
	  (actually, previous default behavior was wrong as it transmits
	  forwarded packets in clear, even though the policy asks for
	  encryption)

Sun Jul 16 14:32:58 JST 2000  itojun@iijlab.net
	* kame/ping6: 
	  - check duplicated replies for node information query (*)
	  - fill nonce field for node information query (*)
	  - use generic icmp6 printer for echo/echo reply/ni reply/ni reply,
	    when ident/nonce does not match
	  - clarlify outgoing packet construction a bit
	  (*) based on patch from yoshfuji, cleaned up by itojun

Sun Jul 16 13:26:12 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: ICMPv6 node information query now based on
	  06 draft (ping6 -w).

Sun Jul 16 00:57:23 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.h; do not pull sys/queue.h in (it is not
	  necessary anyways)
	* sys/net/pfkeyv2.h: correct conformance to RFC2367 (SADB_[EA]ALG_xx
	  symbol name).  beware: the change breaks backward compatibility.
	  setkey and racoon MUST be recompiled after updating include files.

Sat Jul 15 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- fixed the place of checking whether delete payload is protected
	  when delete notification is received.
	- When a IKE node receive a delete payload, the node always delete
	  outbount SAs only.  So destination IP address have to check before
	  SA will be deleted.
	- Delete phase 1 handler when a delete notification has been received.
	  Renamed purge_spi() to purge_ipsec_spi() accompanied with above
	  chanege.
	- commented about the reason why we don't send delete payload
	  for outbound SAs.
	- added a option to randomize values in a padding.  clarified to
	  randomize length.
	- fixed some of memory leak.

Sat Jul 15 13:51:59 JST 2000  itojun@iijlab.net
	* kame/route6d: if a routing entry exists for aggregate prefix (-A),
	  do not overwrite it (exit with error).  it should be a safer behavir.

Fri Jul 14 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- enable to switch sending initial contact.
	- try to send delete payload on phase 1 when phase 1 sa is deleted
	- fixed to compare address family in two sockaddrs.
	- fixed making a length of IPv6 ID payload.  it was used a length of
	  struct in_addr.
	- fixed a part of sending a notification on phase 2.
	- fixed making a ID payload of type of IPv4 address.  There was
	  unnecessary space in a address part.

Thu Jul 13 22:27:18 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet6/raw_ipv6.c: enable IPv6 multicast routing
	  related setsockopt.
	* kame/sys/netinet6/ip6_mroute.c: to enable openbsd users to perform
	  netstat -g, make mif6table a non-static variable.  on openbsd
	  file static variables will not appear in kernel symbol table.

Thu Jul 13 16:09:57 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: upgrade to 9.0.0rc1.

Thu Jul 13 01:39:26 JST 2000  itojun@iijlab.net
	* sys/kern/uipc_mbuf2.c: cleanup m_pulldown statistics.
	  (1) PULLDOWN_STAT is now a global compilation option (should be
	  put into kernel configuration file).  (2) m_pulldown statistics
	  now belong to mbstat, and available via netstat -m (instead of
	  netstat -sn -f inet6).  suggested by jinmei.

2000-07-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/sys/net/route.h: redefined the route structure so that it
	can support protcols that have large socket address (e.g. IPv6).
	Currently, this is enabled only with the NEW_STRUCT_ROUTE kernel
	compilation option, but will be default once stabilized.
	* many files mainly under the netinet and netinet6 directories
	were also modified with this change.

2000-07-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifloop_request): 
	do not force rtrequest() to return an rtentry when executing the
	DELETE operation, in order to avoid overdecreasing the refcnt.
	Older versions might cause leak of rtentry when you delete an IPv6
	address (via ifconfig, ndp -P, or something).
	Fortunately, address deletion is not issued so often, the bug is
	effectively not very serious. However, if you have chance to
	update your kernel, it is of course recommended to apply this fix.
	In particular, KAME's dtcp or ppp (for IPv6) users are highly
	recommended to upgrade the kernel.
	
2000-07-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.h: commented out the definition of
	ND6_LLINFO_WAITDELETE, which is not used any more.
	* kame/sys/netinet6/nd6.c:
	* kame/sys/netinet6/mip6_md.c:
	* kame/kame/ndp/ndp.c:
	removed ND6_LLINFO_WAITDELETE cases according to the above change.

2000-07-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.h: corrected the type of a member
	of if_set{} from fd_mask to if_mask.
	In response to PR sys/266 from pavlin@catarina.usc.edu.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (rt6_deleteroute): do not
	(automatically) delete the static route in rt6_deleteroute(), even
	if it uses a dead router.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c: some clarifications about neighbor
	cache manipulation (this change does not affect behavior from the
	user side, though):
	- removed the ND6_LLINFO_WAITDELETE status. Actually, we can just
	  call rtrequest(RTM_DELETE) for an unreachable
	  neighbor. Reference to the neighbor cache entry from a cahced
	  route will be freed at the next time the route is used.
	- also, we do not have to call pfctlinput(PRC_HOSTDEAD) in
	  nd6_free() for the same reason.
	- do not set/refer the RTF_REJECT flag in neighbor cache
	  manipulation. It was just for (IPv4) arp-flooding prevention,
	  which is not necessary ND for IPv6.

2000-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/route6d/route6d.c: removed "ifndef ADVAPI"
	parts. Since the advanced API has already been standardized,
	implemented, and deployed, we don't need to take care of the older
	kernel behavior (which is even confusing).
	* *BSD/usr.sbin/route6d/Makefile: removed the -DADVAPI flag
	according the change.

Mon Jul 10 14:43:40 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 7/3 snapshot.
	* freebsd3/ports/w3m: upgrade to 0.1.11.p.

Sun Jul  9 21:50:54 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet/tcp_input.c, kame/sys/netinet6/tcp6_input.c:
	  be more cautious about tcp option length field.  drop bogus ones
	  earlier.
	  not sure if there is a real threat or not, but it seems that there's
	  possibility for overrun/underrun (like non-NOP option with
	  optlen > cnt).  the bug is from 4.4BSD.

Sun Jul  9 13:39:22 JST 2000  itojun@iijlab.net
	* libinet6/getaddrinfo.c: do not mistakenly accept empty scopeid.

Sun Jul  9 12:29:24 JST 2000  itojun@iijlab.net
	* freebsd4/sys/net/if_ethersubr.c: repair IPV6_JOIN_GROUP(::).

Sat Jul  8 12:11:34 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0b5
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 7/3 snapshot.

Sat Jul  8 10:57:36 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/usr.sbin/inetd: allow square-bracket for the first
	  element on inetd.conf, to disambiguate IPv6 address and colon
	  separator.
	* openbsd/usr.sbin/inetd: handle IPv6 address in first element on
	  inetd.conf line.

Sat Jul  8 09:43:26 JST 2000  itojun@iijlab.net
	* {bsdi3,openbsd,netbsd}/libexec/ftpd: plug setproctitle issue in
	  CERT Advisory CA-2000-13.  NOTE: bsdi3 uses wu-ftpd.  it may have
	  other vulnerabilities left in the code.
	* netbsd/usr.sbin/inetd: improve error handling on getaddrinfo
	  (determine listening socket address).  hints from enami.

Fri Jul  7 21:39:33 JST 2000  itojun@iijlab.net
	* various places: audit use of printf-like functions, including
	  errx?, warnx?, setproctitle, and syslog.  if we pass user-supplied
	  variable alone to these functions, they can be hosed by malicious
	  %-format string.  from openbsd.

Thu Jul  6 20:43:57 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/tcp_*.c: remove IPv4 mapped support completely
	  from inbound packet processing.  there were some corner cases not
	  covered by the code, and it caused SEGV due to inconsistency in
	  address family.  sync with openbsd-current.

2000-07-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/if.c (if_getflags): made sure to close a
	temporary socket to avoid making garbage sockets.

Wed Jul  5 12:08:16 JST 2000  suz@kame.net
	* bsdi3/sys/conf/files.i386, bsdi3/sys/conf/GENERIC.KAME,
	  bsdi3/sys/i386/isa/{if_wi.c,if_wireg.h,wiioctl.h}
	  bsdi3/usr.sbin/wiconfig, bsdi3/usr.sbin/Makefile
	  ported WaveLAN driver and its configuration program from bsdi4
	  (geertj permitted it. Thanks!) 

Wed Jul  5 11:30:39 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd,freebsd4}/lib/libinet6/getaddrinfo.c,
	  kame/libinet6/getaddrinfo.c:
	  return EAI_NODATA, instead of EAI_NONAME, on name resolution errors.
	  EAI_NONAME does not make sense in these situations
	  From: enami

Wed Jul  5 11:02:03 JST 2000  itojun@iijlab.net
	* freebsd4: add netstat -sn -f pfkey.

Wed Jul  5 10:40:53 JST 2000  itojun@iijlab.net
	* freebsd[234]: split IPv6 path MTU discovery-related sysctl from
	  net.inet.ip tree.  FreeBSD SYSCTL_xxx does not have a way to report
	  duplicated definition into the same variable, it bites us many
	  times...

Wed Jul  5 02:25:11 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Implemented INITIAL-CONTACT.
	This message is sent by single notify message after phase 1 established
	immediately.  It means the message is not included last exchange on
	phase 1.  So it can be sent by responder on aggressive/base mode.
	If there is no remote address in contacted list, racoon sends the
	message to peer.  If the message is received, racoon deletes all
	IPsec-SAs relatived to peer's address.  It takes place both initiator
	and responder side.

Tue Jul  4 21:36:16 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Racoon usually runs in background.  If you specify -F option, you make
	her running in foreground.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/mip6.c (mip6_add_ifaddr): use in6_update_ifa()
	to assign an address instead of coping code from in6.c

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_update_ifa): newly added to update
	parameters of an IPv6 interface address.
	Basically, this function does nothing new, but made in6_control()
	simple.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): completely obsoleted
	SIOCSIFADDR_IN6, SIOCSIFDSTADDR_IN6, and SIOCSIFNETMASK_IN6.
	We are quite confident there is no application that used these
	commands, but if one exists, please let us know.

Tue Jul  4 18:33:20 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	don't delete phase 1/2 handler if some internal error occurs.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_is_ifloop_auto): removed an `ifdef'
	part for openbsd, which made the function always return 0.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_unlink_ifa): newly added to release
	various links for in6_ifaddr when deleting an address.
	This function is also called from in6_control(), in order to
	prevent the kernel from keeping a garbage structure on failure of
	address addition.

Tue Jul  4 13:26:56 JST 2000 sakane@ydc.co.jp
	* kame/sys/key.c:
	A patch from <Francis.Dupont@enst-bretagne.fr> applied.
	- fixed a interval to call key_timehandler.
	- fixed a typo.
	- added a value to be returned when some error happen.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): added several
	improvements for sharing a single prefix with multiple addresses:
	- install an interface direct route only when there's no shared
	  prefix. We'll never see unexpected EEXIST errors with this fix.
        - call in6_ifaddloop()/in6_ifremloop() whenever necessary.
        - do not call in6_ifaddloop()/in6_ifremloop() unless necessary.
        - added several clarifications according to the ipv6 address
	  architecture.

2000-07-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/main.c (main_listen_accept): set the receiving
	interface when accepting an on-link bgp connection.
	* kame/kame/bgpd/bgp.c (bgp_process_open): detected a proper peer
	for an incoming IBGP open message with link-local address.
	These changes enabled an IBGP peer using link-local addresses.
	Suggested by: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

Tue Jul  4 10:25:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- Process to send a delete notify message only when phase 2 has
	  been established.
	- added "dead" flag to a schedule.  It is used to mark a schedule
	  already dead.  don't delete a schedule at multiple place.

Tue Jul  4 08:44:11 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/inetd: remove duplicated ipsec initialization code
	  (used on SIGHUP).

2000-07-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/bgp.c (connect_try): made sure to zero-clear a
	newly allocated buffer.
	Report from: Tomomi Suzuki <stomomi@ebina.hitachi.co.jp>

Mon Jul  3 11:50:12 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/icmp6.h: avoid bitfields in router renumbering packet
	  declaration.  XXX standards?

2000-07-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): immediately discarded
	a packet to an unready (i.e. tentative or duplicated) address with
	logging.
	This change reflected recent discussion in the ipngwg ML.

Sun Jul  2 11:24:52 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_input.c, kame/sys/netinet6/in6_pcb.c:
	  repair netbsd faith support.  (1) tcp6_input dropped faith'ed
	  connections (2) in6_pcblookup_connect() was too strict.

Sat Jul  1 20:57:57 JST 2000  itojun@iijlab.net
	* kame/faithd: make it possible to invoke faithd(8) from inetd(8).
	  benefits: allows us to access-control inbound traffic by using
		hosts.allow(5).
	  possible drawbacks: inetd mode has no chance for multi-connection-
		per-single-process enhancement.  current faithd(8) needs 1
		process per 1 connection anyways.

<200006>
Fri Jun 30 17:45:23 JST 2000 sakane@ydc.co.jp
	* freebsd[34]/usr.bin/whois.c:
	ported whois for IPv6/4.
	
Thu Jun 29 16:24:35 JST 2000  itojun@iijlab.net
	*/sys/netinet/in.c, kame/sys/netinet6/in6.c:
	  inhibit EEXIST from in{,6}_ifinit().  history: (1) 4.4BSD ignores
	  return value from in_ifinit() completely.  (2) previous kame code
	  tried to handle error case better, the change raised bogus EEXIST
	  to the userland on two-address-from-same-prefix assignment.

Thu Jun 29 10:14:47 JST 2000  itojun@iijlab.net
	* faithd/faithd.c, natptd/main.c, natptlog/natptlog.c: be more careful
	  about arg to syslog(3), to prevent possible buffer overrun.
	  From: deraadt@openbsd.org

2000-06-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6: several minor improvements:
	- daemonized dhcp6c.
	- reactivated dhcp6c agains a SIGHUP signal or change of the
	  default route.
	- changed logging based on syslog(8).

2000-06-28  SUZUKI Shinsuke  <suz@kame.net>
	* kame/sys/netinet6/ip6_fw.c
	ip6fw works on FreeBSD-4.0 + KAME, too.

Wed Jun 28 15:01:09 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improved sending a notify message including delete payload.
	It's sent when one of below situations happens:
		o receiving SADB_DELETE message from kernel.
		o receiving SADB_FLUSH message from kernel.
		o flushing phase2 handler.

Wed Jun 28 01:16:41 JST 2000	SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* freebsd4/INSTALL
	write up configuration-related matters for FreeBSD-4.0

Wed Jun 28 01:12:59 JST 2000  itojun@iijlab.net
	* libinet6/name6.c: correct error handling in DNS name lookups.

Tue Jun 27 23:12:54 JST 2000	SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* bsdi3/sbin/ifconfig/ifconfig.c: fixed error trap when given name 
	corresponds to multiple v6 addresses.

Tue Jun 27 14:01:39 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/emacs: upgrade to 20.7

Tue Jun 27 00:32:20 JST 2000  itojun@iijlab.net
	* netbsd/sys/arch/*/conf/GENERIC.v6: enable PULLDOWN_TEST for all
	  architectures.  this is done because mbuf pullup code in
	  sys/net/if_loop.c has been found to be a source of performance hit,
	  and PULLDOWN_TEST code is found to be stable enough.
	* netbsd/sys/sys/mbuf.h: recover 4.4BSD MINCLSIZE.

Sun Jun 25 21:11:19 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* start to support FreeBSD 3.5-RELEASE. 3.4-RELEASE is obsolete.

Sat Jun 24 23:41:31 JST 2000  itojun@iijlab.net
	* freebsd4/lib/libinet6/getnameinfo.c: correct NIS lookup.  from ume.

Sat Jun 24 16:43:58 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: upgrade to 6/19.

Sat Jun 24 02:20:33 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/wyvern: new port, a simple web server
	* freebsd3/ports/tcpd: new tcpd from Artur Frysiak <wiget@pld.org.pl>
	* freebsd3/ports/wget: fix security hole and use latest IPv6 patch
	* freebsd3/ports/vnc: use latest IPv6 patch

Fri Jun 23 19:49:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/gbatnav: new port, a battleship game
	* freebsd3/ports/mmosaic: upgrade to 3.6.2.

Thu Jun 22 17:40:37 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey:
	delete sadb_x_ident_id_addr.  don't send a pair of addresses
	by including acquire message to a user.

	* kame/kame/racoon/pfkey.c:
	SADB_EXT_IDENTITY_{SRC,DST} is not required to parse SADB_ACQUIRE
	message any more.

Thu Jun 22 17:45:40 JST 2000  itojun@iijlab.net
	* openbsd/sys/dev/ic/xl.c: disable multicast hash filer setup on 905B,
	  since the code does not do the right thing. (sync with
	  openbsd-current)

Thu Jun 22 03:45:41 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/raw_ip6.c, {bsdi4,openbsd}/sys/netinet6/raw_ipv6.c:
	  correct RFC2292bis interface selection support for
	  multicast packets.  KAME PR261.

Wed Jun 21 17:07:55 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_src.c: make in6_recoverscope() friendly with
	  !FAKE_LOOPBACK_IF compilation.  with previous code in6_recoverscope()
	  may fail to convert kernel internal representation into sockaddr_in6.

Wed Jun 21 03:18:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/leafnode+: IPv6 enabled leafnode+-2.10
	  From: yoshfuji@ecei.tohoku.ac.jp

Wed Jun 21 03:00:16 JST 2000  itojun@iijlab.net
	* openbsd/sys/dev/pcmcia/if_wi.c: make IPv6 work on wavelan cards.

2000-06-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_ioctl): made sure to cast the
	argument to in6_aliasreq{} for the SIOCSIFPHYADDR_IN6 command.
	Without this, the validation check would reject correct requests;
	i.e. you couldn't configure IPv6 physical addresses.
	In response to a report from FUJIURA Toyonori <toyo@jp.freebsd.org>

2000-06-20  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* kame/kame/ndp/ndp.c (delete, get)
	supported <link-local_addr>%<link ID> on "ndp -d" and "ndp (addr)".
	
Tue Jun 20 14:55:10 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to 2.1.0
	* freebsd3/ports/bind9: upgrade to 9.0.0b4
	* freebsd3/ports/lftp: upgrade to 2.2.3
	* freebsd3/ports/mozilla: upgrade to M16

Tue Jun 20 12:49:28 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_proto.c: disable rate limitation for ICMPv6 error,
	  since (1) it makes no sense to put less-than-10ms value to here
	  due to UNIX timer resolution, and (2) it seems wrong to rate-limit
	  without considering content of the payload (like ICMPV6 type/code).
	  we still have pps limitation.  based on comments from kjc.

Tue Jun 20 11:44:19 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0b4.

2000-06-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): corrected logic
	of error detection for sooptcopyin(). This will fix the problem
	that traditional RFC2292 compatible mode did not work for some
	socket options (e.g. IPV6_PKTINFO) on freebsd[34].

Mon Jun 19 18:23:15 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	A path name in configuration file is always complemented if it is
	not begin from slash(/).  If it's begin from slash, a path name
	never be complemented.

Mon Jun 19 16:51:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	If "non_auth" is defined in racoon.conf, any transform of AH proposal
	including "non_auth" is not sent to the peer.

2000-06-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): jumped to the
	"freehdrs" label before making the header chain in order to avoid
	possible memory leak.
	In response to the KAME problem report sys/259.

Mon Jun 19 07:41:31 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_{init,send}.c: be more backward-compatible with
	  past behavior.  some userland code may not initialize
	  nsaddr_list.sa_len.

Mon Jun 19 04:42:55 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 6/12 snapshot from
	  tcpdump.org.

Mon Jun 19 04:15:23 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/sys: Security fix "FreeBSD-SA-00:25 FreeBSD/Alpha
	  platform lacks kernel pseudo-random number generator, some
	  applications fail to detect this."
	  From: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-08&msg=20000612215144.D1A3B37BBF7@hub.freebsd.org

2000-06-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_attach): 
	initialized inp_ip_ttl in udp6_attach for mapped addresses.
	in response to a report from Hideaki YOSHIFUJI
	<yoshfuji@ecei.tohoku.ac.jp> (KAME-snap 2738)

2000-06-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {netbsd, openbsd}/usr.bin/netstat/inet6.c (icmp6_stats): 
	printed number of icmp6 error messages not sent due to rate
	limitation.

Fri Jun 16 05:01:24 JST 2000  itojun@iijlab.net
	* openbsd/sys: sync with OpenBSD 2.7
	  TODO: userland cleanup.  tests (i386/conf/GENERIC.KAME compiles but
	  not tested).
	  kame/openbsd/ports does not work.  we may want to remove those.

	  If you wish to upgrade to KAME-on-OpenBSD 2.7, make sure to
	  perform "make clean" at the top level to nuke symlinks, like:
	  % make TARGET=openbsd clean update prepare

	  make VERY sure that you use kame-supplied tools (like
	  /usr/local/v6/sbin/ping6) instead of normal ones (/sbin/ping6)
	  if you use KAME-enabled kernel.  there are API changes between them.

Thu Jun 15 22:41:16 JST 2000  itojun@iijlab.net
	* kame/sys/netkey/key.c: correct compilation without IPSEC_ESP.
	  From: Matthias Drochner <M.Drochner@fz-juelich.de>

Thu Jun 15 21:22:35 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	Fixed extension length of two key extension when dumping SA.
	setkey was failed to print keys if SA has both encryption and
	authentication keys.

Thu Jun 15 14:44:30 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	CR payload is only made if signature authentication method is applied.

Thu Jun 15 13:29:29 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon/cfparse.y:
	In racoon.conf, the path of configuration file is complemented by
	include directive only if there is no '/' in the path.

Thu Jun 15 13:08:25 JST 2000  itojun@iijlab.net
	* sys/netinet6/ipsec.[ch]: net.inet.ipsec.inbound_call_ike sysctl
	  MIB is now gone for good.

Thu Jun 15 10:01:47 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_init.c: make _res.nsaddr_list initialization
	  more conservative when resolv.conf is missing (or there is no
	  "nameserver" line).  previous code chokes on IPv4-only kernel.
	  merge from netbsd-current.

2000-06-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (defrouter_msg): was added to tell
	user processes changes about the default router (including
	deletion). This function would be called from defrouter_addreq,
	defrouter_addifreq, and defrouter_delreq.
	Note: this is currently experimental and is only enabled with the
	ND6_USE_RTSOCK kernel compilation option.

Thu Jun 15 02:18:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/zebra: upgrade to 0.87.
	* freebsd3/ports/ruby: use 1.4.4.

Thu Jun 15 02:07:53 JST 2000  itojun@iijlab.net
	* kame/man/man4/inet6.4, *bsd*/usr.sbin/inetd/inetd.8:
	  update wording on IPv4 mapped address and tcp4/tcp6 interaction.

Wed Jun 14 23:35:03 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/libexec/ftpd: correct STAT command output for LPSV.
	* libinet6/resolv/res_query.c: change member name for struct res_target.
	  "class" conflicts with C++ reserved identifier.
	  From: Graham Wheeler <gram@cequrux.com>

2000-06-14  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* sys/net/if_dummy.c, freebsd4/sys/conf/files:
	dummy I/F is available on FreeBSD4.0, too.

	* freebsd4/sys/conf/options, freebsd4/sys/conf/files
	freebsd4/sys/sys/mbuf.h
	FreeBSD-4.0 KAME with MIP6 option is available.
	add mbuf flag M_PROTO6 and use it for M_MIP6TUNNEL.

Wed Jun 14 20:14:47 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_core.c: pass encryption failure code up to ESP
	  engine, just in case the encryption routine fails.

Tue Jun 13 21:11:28 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra: upgrade to 0.87.

Tue Jun 13 20:08:38 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/udp_usrreq.c,  openbsd/sys/netinet6/raw_ipv6.c:
	  correct scoped address handling.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_purgeaddr): tried to restore an
	interface direct route if we have an address that shares the same
	prefix with the deleted address.
	This would improve behavior in multi-address environments;
	if you assigned multiple addresses that shared a same prefix and
	then remove one of them, the interface direct route corresponding
	to the address would still remain.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifremloop): always called
	in6_ifloop_request regardless of the result of
	in6_is_ifloop_auto(), in order to make sure to invalidate a stale
	route entry for a deleted address.
	Note: bsdi doesn't need this fix.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): avoided to use the
	cached route for forwarding, if it is down.
	This fix would prevent the input routine from accepting a packet
	to already removed address.

Tue Jun 13 14:29:12 JST 2000  itojun@iijlab.net
	* netbsd/sbin/setkey: move setkey from usr.sbin/setkey to sbin/setkey.
	  we need it for encrypted NFS (sync better with netbsd-current).

Tue Jun 13 14:07:24 JST 2000  itojun@iijlab.net
	* kame/racoon/safefile.c: be more picky about secret file permission.
	  now pre-shared key file (psk.txt) is required to be owned by the
	  uid running racoon (= root), and must not be accessible by others
	  (like 0400).

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6_rtr.c (in6_ifadd): made sure to gain a
	reference counter to in6_ifaddr for the autoconfigured address
	in bsdi and freebsd2 cases.
	This fix would be important to those OSes, since the older code
	woulde cause duplicated free when the lifetime for the address
	expired.

2000-06-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/common.c (getifaddr): corrected arguments to
	in6_addrscopebyif().
	In response to a report from Hajimu UMEMOTO<ume@bisd.hitachi.co.jp>

Tue Jun 13 03:39:42 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	send error message against sadb_acquire message to the kernel
	when IPsec-SA negotiation fail.

Mon Jun 12 16:52:29 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/lang/ruby: use 1.4.4.

Mon Jun 12 14:53:22 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Add to handle CR payload on main/aggressive mode.
	No Certificate Authority field is included to CR payload at the moment.
	Becuase any certificate authority are accepted without any check.

Mon Jun 12 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: transmit SADB_X_SA2 from kernel to userland
	  on SADB_ADD and SADB_UPDATE.  without it latest racoon does not work.

Mon Jun 12 12:34:02 JST 2000  itojun@iijlab.net
	* libinet6/getnameinfo.c: use EAI_xx for error code.  rfc2553bis
	  suggests it.  the commit corrects old behavior on invalid socket,
	  where getnameinfo returned 0 (success).

Mon Jun 12 08:51:25 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: correct prefix length match on destination address.
	  the code used source prefix len on comparision by mistake.
	  From: Ronald van der Pol <Ronald.vanderPol@surfnet.nl>

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/usr.[s]bin/netstat/inet6.c (icmp6_stats): printed new
	statistics counters about error messages (see below).

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/icmp6.h: added a new structure icmp6errstat{}
	to count more precise statistics of error messages to be generated.
	* kame/sys/netinet6/icmp6.c (icmp6_errcount): added as a new
	function in order to count the precise statistics.

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* *bsd*/usr.[s]bin/netstat/inet6.c (ip6_stats): printed new
	statistics counters of forward cache for incoming packets (see
	below).

2000-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_var.h (ip6stat): added members to count
	statistics of forward cache for incoming packets.
	* kame/sys/netinet6/ip6_input.c (ip6_input): counted the
	statistics.

Sun Jun 11 17:03:07 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/net,freebsd[23]/ports}/{libpcap,tcpdump}: use
	  2000/6/5 weekly SNAP from tcpdump.org.
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.9.

Sat Jun 10 23:11:41 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	* kame/kame/libipsec/pfkey.c:
	* kame/kame/setkey/parse.y:
	Obsoleted mode specification.  You don't need to specify a mode of
	SA when you get/delete SA by setkey.  Also, it's not need to do
	pfkey_send_delete/pfkey_send_get().

Sat Jun 10 15:42:25 JST 2000 sakane@ydc.co.jp
	* kame/sys/{netkey/key.c,net/pfkeyv2.h}:
	* kame/kame/{stekey,racoon,libipsec}:
	Moved mode/reqid to new extension from sadb_msg header.
	New extension is defined sadb_x_sa2 structure.

Fri Jun  9 10:10:08 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet6/in6_pcb.c, kame/sys/netinet6/in6_src.c:
	  add in6_embedscope() and in6_recoverscope(), to avoid code duplicate
	  for KAME scopeid hack.
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c: add scope consideration
	  to in6_pcbbind.

Thu Jun  8 22:58:24 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: make sure to clear ni_flags on ping6 -w
	  or ping6 -W.  From: yoshfuji

Thu Jun  8 21:40:55 JST 2000  itojun@iijlab.net
	* *bsd*/sys/netinet6/{udp6_output,raw_ip6,in6_pcb}.c:
	  do not overwrite sockaddr on PRU_SEND nor PRU_CONNECT.
	  (the change is very important)

Wed Jun  7 22:21:43 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_prefix.c: check interface matches when adding
	  new interface addresses, based on new link-local address and
	  prefix information.  old code added new interface address without
	  checking interface match and ended up many bogus new interface
	  addresses.

Tue Jun  6 22:41:24 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/tcp_input.c: fix INP_IPV6_MAPPED configuration
	  onto inpcb.  the mistake caused ND to behave badly (ND tries to
	  update reachability info for IPv4 mapped address - one more reason
	  to hate IPv4 mapped address).
	  From: dab@bsdi.com

Tue Jun  6 22:16:18 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/wwwoffle: upgrade to 2.5e.

Tue Jun  6 21:53:54 JST 2000  itojun@iijlab.net
	* bsdi4/sbin/sysctl: correctly handle IPv6 ipsec/pim entries.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/libexec/tftpd/tftpd.c: do not connect tftp session
	  sockets. Instead, check consistency of the client's local port.
	In response to PR: sys/254

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/tftp/tftp.c:
        - do not blindly copy server's port, but make sure to check its
	  consistency during a session.
        - copy the whole received sockaddr (i.e. not only port) for the
	  next sendto(), which would be safer if the server has bound its
	  local address.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/ports/bind9, netbsd/pkgsrc/net/bind9:
	upgraded to bind-9.0.0b3. KAME users are recommended to use this port,
	because the original version has an API compatibility issue in a
	multi-address environment.

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sbin/sysctl/sysctl.c:
	* {netbsd, openbsd}/usr.sbin/sysctl/sysctl.c:
	synch with the change below. (Fortunately, there are no binary
	compatibility issues).

2000-06-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/pim6_var.h: renamed macro definitions about
	pim6 sysctls to avoid possible conflict.
	Suggested by: Hitoshi Asaeda <asaeda@yamato.ibm.co.jp>

Mon Jun  5 21:56:35 JST 2000  itojun@iijlab.net
	* traceroute6/traceroute6.c: add -f (skip first hops).  the option
	  is common to freebsd4/bsdi4/openbsd/netbsd traceroute(8).

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute6/traceroute6.c (main): set a minimum set of
	socket options as soon as opening a raw socket to avoid
	unintentionally receiving packets without ancillary data.
	Note: this could actually happen when we used an unreachable IPv6
	DNS server.

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_pcbsetport): supported FreeBSD
	3 and later as a separate function, the code which was a part of
	in6_pcbbind().

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_output.c (udp6_output): supported FreeBSD
	3 and later.
	* freebsd[34]/sys/netinet6/udp6_usrreq.c: removed original
	udp6_output().
	* freebsd[34]/sys/conf/files: added netinet6/udp6_output.c

2000-06-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet6/udp6_usrreq.c (udp6_send): added some
	validation checks for the passed sockaddr. The previous code seemed
	a bit naive.

Sun Jun  4 22:28:30 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: remove MULTICASTQUERY6 case.
	  it is unnecessary since we have mdnsd, and it was mistake in BIND9
	  that BIND9 replied to multicast queries.

Sun Jun  4 21:57:47 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c: revise upper-layer reachability confirmation
	  hint processing.  count hints from upper-layer, and if the count
	  reaches maximum, try to probe reachability by real ND.
	  sysctl net.inet6.icmp6.nd6_maxnudhint defines maximum # of subsequent
	  upper-layer hints to be accepted.
	  we have removed check against process privilege for IPV6_REACHCONF.

	  we currently have two sources for hints: (1) IPV6_REACHCONF
	  (2292bis setsockopt), and (2) hints from tcp_input.
	  it is still questionable if they are really trustworthy.
	  for example, rogue userland program can use IPV6_REACHCONF to confuse
	  ND process (which is system-wide cache).   also, tcp_input can be
	  hosed by hijack attempts.

Sun Jun  4 12:29:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*: sync with latest MIPv6 patch from ericsson guys.
	  - New addition to eager movement detection: now a second level
	    provided to enhance handoff time a lot. As soon as a
	    new prefix is heard the Mobile Node changes default
	    router. Less stable, router reachability is not assured,
	    but this can make handoff go in less than 0.5 sec. Also:
	    nasty trick used is to run nd6_timer() five times per
	    second. Use "mip6config -e 2" to test.
	  - More consistent function of mip6config and mip6stat.
	  - Fixed some bugs in mip6stat.
	  - Code clean up.

Sun Jun  4 01:12:52 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd3/ports, netbsd/pkgsrc/net}/p5-Socket6: upgrade to 0.07.

Sat Jun  3 08:08:43 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.
	* freebsd3/ports/mod_perl: mod_perl-1.24.tar.gz

2000-06-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_subr.c (tcp6_ctlinput): separated from
	tcp_ctlinput. We believe a separated function would make sense
	in this case.
	Additionaly, the new function now calls syn_cache_unreach().
	IMO, there's been no special reason not to call it.

	* openbsd/sys/netinet/tcp_subr.c (tcp6_ctlinput): applied the same
	fix as bsdi4.
	Also, the ctlinput function now calls in6_pcbnotify(), which was
	unintentionally (IMO) prohibited.

2000-06-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, freebsd[34], openbsd}/sys/netinet6/in6_pcb.c
	  (in6_pcbnotify):
	* kame/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	corrected the algorithm to detect whether in6_rtchage() should
	be called.
	
Fri Jun  2 21:08:22 JST 2000  itojun@iijlab.net
	* freebsd2/ports/{libpcap,tcpdump}: use 2000/5/29 weekly snap.

Thu Jun  1 04:47:42 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- You must explicitly specify the file name of certificate and
	  private key if you use a certificate.  See README.certificate.
	- fixed to make a index of SPD in responder side when ID type in ID
	  paload is subnet, or when there is no ID payload.
	- supported to negotiate the IPsec-SA of ESP without authentication.
	- Added the direction as an item to compare policy.
	- fixed some crash problems.

Thu Jun  1 02:43:31 JST 2000  itojun@iijlab.net
	* kame/mdnsd: multicast DNS resolver, as specified in
	  draft-aboba-dnsext-mdns-00.txt.  Note that spec conformance is
	  still very low.
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 5/29 weekly snap.

<200005>
2000-05-31  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_mloopback): make a deep copy
	of the IPv6 header only in an M_EXT case. Practically, we'll
	rarely need such an extra copy.

Tue May 30 23:56:04 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: make scopeid handling in multicast
	loopback case (ip6_mloopback) consistent with other cases.

Tue May 30 20:54:23 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: with #define MULTICASTQUERY6, allow
	  multicast address in /etc/resolv.conf "nameserver" line.  By
	  configuring resolv.conf(5) like below:
		nameserver ff02::1%3
	  DNS queries will reach all nodes on the link with link ID "3".
	  With the change, the resolver code changes some of its behaviors:
	  - the resolver code does not check src/dst pair match, if we have
	    multicast address in resolv.conf.  It may or may not raise security
	    issue.
	  - the resolver code does not use connected udp socket for multicast
	    query.

	  highly experimental - note that this change DOES NOT attempt to
	  support multicast DNS queries, as drafted in
	  draft-aboba-dnsext-mdns-00.

2000-05-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/faithd/faithd.c (main): allocated enough memory for
	serverpath and serverarg to prevent possible buffer overrun.

Tue May 30 11:18:03 JST 2000  itojun@iijlab.net
	* freebsd[23]/ports/popper, netbsd/pkgsrc/mail/qpopper:
	  mark the port broken for security issue.  users are suggested to
	  remove the installed binary.
	  http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-22&msg=p04320305b5511470392c@[192.168.1.5]

Tue May 30 01:29:04 JST 2000  itojun@iijlab.net
	* freebsd4/sys/net/if_loop.c: check BPF data link layer type (DLT_xx)
	  on call to bpf_mtap() in if_simloop().

	  XXX if_simloop() call from ip6_output() causes junk to be injected
	  to bpf buffer.  we may need some fix separately from this commit.

Tue May 30 00:11:17 JST 2000  itojun@iijlab.net
	* {bsdi4,netbsd}/usr.bin/ftp: internally convert IPv4 mapped address
	  into real IPv4 address.  IPv4 mapped address adds too much confusion
	  to FTP protocol handling.
	  Suggested by: ume

Mon May 29 08:34:58 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/in6_pcb.c (affects netbsd only):
	  bind(2) on AF_INET6 socket with IPv4 mapped address will raise error,
	  instead of making port number duplicate on pcb struct.

Mon May 29 02:26:25 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/tcp_input.c: correct critical typo.  prior to the
	  change, if we have inbound IPv4 TCP traffic to AF_INET6 socket.
	  inp_laddr6 will have ::ff0f:xx.yy.zz.uu, not ::ffff:xx.yy.zz.uu.
	* bsdi4/usr.sbin/netstat/inet.c: do not print IPv4 mapped address
	  as normal IPv4 address, on netstat -an.  print it as is (as IPv4
	  mapped).

Mon May 29 00:43:15 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c (affects netbsd only):
	  correct setsockopt(IPV6_BINDV6ONLY) behavior.

Mon May 29 00:04:15 JST 2000  itojun@iijlab.net
	* bsdi4/sys/netinet/in_pcb.c: remove NRL bind(2) ordering constraint.
	  NRL code forbids wildcard IPv4 bind after wildcard IPv6 bind on
	  the same port number.  it was mistake.  now bind(2) is free from
	  ordering constraint.

Sun May 28 15:33:11 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/5/22 weekly snap.

Sat May 27 23:05:00 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.8.

2000-05-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dtcp/dtcpc.rb: added a new option "-r (static|solict)"
	to specifiy how the default route should be configured.

2000-05-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd: became more conscious of interface status
	(up or down);
        - when an interface becomes down, stop the corresponding timer.
	- when an interface becomes up again, reinitialize the status and
	  restart the timer.
	- simply discard data received on a daed interface.
	- dump if interface is up or dump

Sat May 27 19:07:58 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: add net.inet6.icmp6.errppslimit sysctl MIB.
	  it will let you limit ICMPv6 error messages by pps, not interval.
	  still not sure what is the best way to perform rate limitation...
	  change default parameter for icmp6 error rate/pps limitation
	  to 100usec interval and 200pps (an icmp6 error packet needs to
	  pass both tests to leave the node).

Sat May 27 15:18:58 JST 2000  itojun@iijlab.net
	* kame/ping6/ping6.c: support -N option to probe NI group address at
	  ease.  for example:
	  % ping6 -N -I ne2 lychee
	  will probe NI group address for nodename "lychee", instead of the
	  address resolved for "lychee".

Sat May 27 14:01:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: on in6_ifattach(), join NI group address
	  specified in icmp-name-lookup-04 and beyond.
	  TODO: cope with hostname change events, like sethostname(3).

Fri May 26 00:02:15 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier
	  on HTTP Host: directive.  disallow scoped address if the access is
	  via proxy.
	* openbsd/usr.bin/ftp/fetch.c: do not transmit scope identifier on
	  HTTP Host: directive.  correct Host: directive passing if the
	  access is via proxy.
	  TODO: disallow scoped address if the access is via proxy.

Thu May 25 23:16:01 JST 2000  itojun@iijlab.net
	* bsdi4/usr.bin/telnet/commands.c: use getaddrinfo to be scoped-address
	  friendly.

Thu May 25 21:56:47 JST 2000  itojun@iijlab.net
	* bsdi4/sys/i386/pci/if_exp.c: do not use interrupt for initializing
	  multicast filter.  this will make exp driver to be friendly with
	  IPv6 initialization sequence.  hints from netbsd fxp driver.

2000-05-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/route.c (ifa_ifwithroute): reverted a KAME
	specific change introduced on 2000-02-25 (see this log file).
	The change was an ad-hoc hack and broke BSDI's original
	intention, so we've wanted to clarify the code.

2000-05-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_ifattach.c (in6_ifattach,
	in6_ifattach_addaddr): use rtrequest1() when assigning IPv6
	addresses since this function is more conscious of interfaces than
	rtrequest() and is suitable for link-local addresses.

Thu May 25 01:25:39 JST 2000 sakane@ydc.co.jp
	* kame/sys/{netkey/key.c,netinet6/ipsec.c}:
	* kame/kame/setkey:
	supported IPsec with link local address.
	XXX to be supported by racoon.

Wed May 24 22:42:40 JST 2000  itojun@iijlab.net
	* bsdi4/sys/net/if_ppp.c: IPv6 support.  highly experimental.
	* bsdi4/usr.bin/ppp: IPv6CP support.  highly experimental.  solicit
	  test/experience reports.

2000-05-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6s.c: the "-n dnsserv" option can now be
	specified multiple times, when a user wants to set more than one
	server.

Wed May 24 18:59:55 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	fix to check vendor id.  HASH function for vendor id is always MD5.

Wed May 24 18:09:12 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.h: check parameter type to IN6_ARE_ADDR_EQUAL().
	  this should avoid typecast bugs like below.

2000-05-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c (in6_pcbnotify):
	corrected the 2nd argument IN6_ARE_ADDR_EQUAL(), which was
	unintentionally "struct in6_addr **"".
	This fix is quite important for stability and users of those OSes
	are recommended to apply it.

Wed May 24 14:32:44 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	supported pre-shared key written by hex string.

Wed May 24 01:29:46 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/pppd: pppd with IPv6 support.  from netbsd-current.
	  no on-demand dialing support at this moment.
	* netbsd/sys/net/if_ppp.c: async ppp kernel code with IPv6 support.
	  from netbsd-current.  it will change ioctl API slightly,
	  and stock netbsd142 pppd may choke.

Tue May 23 21:51:00 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	fix to get local address to be used by sending address.  It was
	enbugged when some macro was removed.

Tue May 23 07:41:08 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	don't bark when the life duration of attribute in SA payload is
	encoded TV format.  It's allowed by RFC.

Tue May 23 07:14:59 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	some fixes.
	- initialize prefixlen at ipsecdoi_id2sockaddr.
	- check sainfo duplicated.
	- improve sainfo2str() to return "anonymous" if sainfo is anonymous
	  record.
	- fix to parase port number specification.
	- change output level during parsing payload.

Tue May 23 01:46:39 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* Remove "options PM" from GENERIC.v6.

	  Now, the facility of v4NAT was integrated by NATPT (some NAT
 	  function is not implemented yet), please use NATPT when you want
 	  to use v4NAT.

Tue May 23 00:27:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/udp6_var.h: make sysctl symbol name meet with
	  IPv4 counterpart.  freebsd2: net.inet6.udp6.maxdgram,
	  netbsd: udp6.sendspace, bsdi3: udp6.sendmax.

Mon May 22 21:08:55 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: disallow negative numbers for ICMPv6 rate limit
	  interval.  use ratecheck(9) if exists (this will make
	  netbsd15/openbsd27 merger easier).

Mon May 22 17:54:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/{ah,esp}_output.c: correct rare error case handling
	  (do not leak mbuf/do not emit incomplete packet).
	* sys/netinet6/ah_*.c: cope with memory allocation failure more
	  gracefully.

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scopedaddrtest/scopedaddrtest.c: a new option "-N" was
	added to specify the NI_NUMERICSCOPE flag for getnameinfo().

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (ip6_sa2str): supported
	the NI_NUMERICSCOPE flag if available.

2000-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {freebsd[234],bsdi3,{net,open}bsd}/include/netdb.h
	(NI_NUMERICSCOPE):
	* bsdi4/contrib/bind/src/include/netdb.h (NI_NUMERICSCOPE):
	the new flag was added as specified in rfc2553bis-00.

Mon May 22 13:19:29 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: to conform better with icmp-name-lookup-05,
	  make the validation rule more strict for node information query.
	  now, IPv6 destination address must be anycast/unicast for the node,
	  or link-local multicast.
	  there still are spec non-conformance - see comments in icmp6.c.

Mon May 22 12:07:28 JST 2000  itojun@iijlab.net
	* kame/gifconfig/gifconfig.c: correct gif outer (physical) address
	  printing, on non-IPv6 kernel.

Sat May 20 04:59:26 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_{forward,output,input}.c:
	  correct link-local scoped address handling on loopback interface.
	  broken by FAKE_LOOPBACK_IF code committed on 17 May 2000.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): loosened scope check
	in ip6_mdq() for packets forwarded to a register I/F. Without
	this, such packets could be mistakenly discarded.
	In response to: a report from Noriaki Takamiya
	<takamiya@po.ntts.co.jp>
	
Fri May 19 11:41:05 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_mroute.[ch]: add backward compatibility code
	  for 2000/4/12 mrt6msg change (is not used in kame tree).
	  freebsd40 and openbsd27 are shipped with old declaration, so we
	  need to provide backward compat to some degree.

Fri May 19 09:26:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/{usr.bin/fetch, lib/libftpio}: support IPv6.
	  From: ume@mahoroba.org

Fri May 19 00:30:04 JST 2000 itojun@iijlab.net
	* kame/pim6dd/vif.c: allocate uv_querier struct as necessary on
	  initialization.  it will avoid SEGV right after invocation.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/scope6.c (scope6_addr2default): was added to
	get the default scope zone for a specified address.

2000-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_output.c (udp6_output):
	* kame/sys/netinet6/raw_ip6.c (rip6_usrreq):
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c:
	* {freebsd[34]}/sys/netinet6/raw_ip6.c:
	* {bsdi4, freebsd[34], openbsd}/sys/netinet6/in6_pcb.c:
	filled default scope zone in sin6_scope_id if unspecified.
        Currently, these are enabled only with the ENABLE_DEFAULT_SCOPE
	kernel compilation option.

2000-05-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_forward.c (ip6_forward): zero-cleared
	embedded link zone IDs in forwarded packets. We forgot this, since
	old kernel did not allow link-scope packets to be forwarded.

2000-05-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ndp/ndp.c (set): supported <link-local_addr>%<link ID>
	for "ndp -s".

Thu May 18 21:15:32 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: upgrade to 5.4.0
	* freebsd3/ports/heimdal: upgrade to 0.2t.
	* freebsd3/ports/w3m: upgrade to 0.1.9.
	* freebsd3/ports/netperf: use latest IPv6 patch.

Thu May 18 16:34:18 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.4.0.

Wed May 17 23:58:14 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc, freebsd[23]/ports}/net/{libpcap,tcpdump}: use 5/15
	  weekly snap.

Wed May 17 21:50:27 JST 2000 sakane@ydc.co.jp
	* {freebsd[234],netbsd}/sys/netinet/ip_output.c:
	call key_spdacquire() if there is no policy entry for IPv4.
	key_spacquire() sends a setup policy request to the policy
	negotiating daemon or something.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): 
	* kame/sys/netinet6/ip6_output.c (ip6_output):
	made scoped addresses more friendly with loopback interfaces;
	if a packet containing scoped addresses in the source or
	destination address fields is going to be sent on a loopback
	interface, pass looutput() the interface to which the scoped
	address(es) belongs.
	For example, you won't see "lo0" when you ping to your own
	link-local address.
	This is currently experimental and enabled only when the
	FAKE_LOOPBACK_IF kernel compile option is specified.

Wed May 17 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: correct node information lookup, when
	  the query is formatted in 05 draft format and IPv6 multicast
	  address is attached as subject.  this will make node to reply to
	  "ping6 -w ff02::1" like before (actually, validation rule is not
	  really conformant to 05 draft.  see comments in source for details).

Wed May 17 19:09:51 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* kame/freebsd3/ports/{squid11, qmail}: upgrade to latest IPv6
	  patch.
	* kame/freebsd3/ports/{quake6, quakedata}: use IPv6-migrated
	  quakeforge.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scope6config/scope6config.c: added a new syntax
	"scope6config default" to see the default zones.

2000-05-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{in6.c, nd6_rtr.c, scope6.c}: introduced the
	notion of "default scope zones":
	- store the default zones in scope6_ids[0]
	- reflect change of default interface to default link
        - added a new ioctl SIOCGSCOPE6DEF to get the default values

2000-05-17  SUZUKI Shinsuke  <suz@sdl.hitachi.co.jp>
	* bsdi3/sys/net/if_tun.c:
	- fixed mbuf allocation bug on tun?
	- enabled IPv6 addressing on tun?
	* {freebsd[23]/ports,netbsd/pkgsrc/net}/gated-ipv6
	updated to May 11's snapshot

Wed May 17 10:09:42 JST 2000  itojun@iijlab.net
	* kame/sys/net/if_gif.c: with "options XBONEHACK", allow multiple
	  gif tunnels to be configured with the same pair of outer addresses.
	  From: Lars Eggert <larse@isi.edu>
	* kame/sys/net/if_gif.c: always disallow multiple multi-dest tunnels.

2000-05-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/common.c (getifaddr): corrected the 2nd argument
	to in6_matchflags().
	* kame/kame/dhcp6/dhcp6s.c (server6_react_solicit,
	server6_react_request): corrected scope validation for incoming
	packets.

Tue May 16 23:05:56 JST 2000  itojun@iijlab.net
	* kame/route6d/route6d.c: memory leak and bzero() correction.
	* kame/route6d/route6d.c: correct interface address handling
	  for global address on p2p interface.  there seem to be two major
	  models in this arena: cisco (use addr/plen) and gated (advert
	  dest/128 and addr/128).  the code supports both behavior,
	  switchable at compilation time.  default behavior is "gated".
	  we may need to revisit the code later.  Comments from suz on p2p
	  routing model.

Tue May 16 09:44:50 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp/fetch.c: parse RFC2372 ftp URL correctly.
	  (the code is different from netbsd-current code - netbsd-current
	  code works just right, and our version will go away when we switch
	  to kame/netbsd15)

Mon May 15 22:39:20 JST 2000  itojun@iijlab.net
	* openbsd/usr.bin/ftp/fetch.c: parse RFC2372 ftp URL correctly.

2000-05-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/v6test/conf/ext.conf (jumbolack): added to see if the
	target is coformant to the 1st validation in Section 3. of rfc
	2675.

2000-05-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_input): if ip6_plen == 0 &&
	HbH is included && no jumbo opt, return icmp6 error and discard
	packet. This is a new validation check added in RFC 2675.

Mon May 15 18:25:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: support DNS subject name in NI6 query.
	  receiving node will supress reply, if DNS subject name does not
	  match gethostname(3).  truncated nodename case is little bit
	  questionable, see below.

Mon May 15 15:48:44 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c, kame/ping6/ping6.c:
	  use DNS name encoding for NI6 replies (DNS name).
	  the kernel code tries to be compatible with 03 draft (will reply
	  with pascal string to old "ping6 -w" or current "ping6 -W").
	  truncated nodename case is little bit questionable - many nodes are
	  configured with  non-FQDN nodename, and we're not sure if we can
	  treat such name as FQDN for the node.

Mon May 15 02:35:41 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/{libpcap,tcpdump}: use tcpdump.org 2000/5/8
	  weekly snap

Sun May 14 JST 2000  itojun@iijlab.net
	* sys/netkey: completely rewrite message management, to avoid possible
	  buffer overrun with corrupted pfkey data stream.  since only root
	  processes are able to connect to pfkey socket, we don't consider
	  this as vulnerability (if a bad guy can inject corrupted data stream
	  to pfkey, he has root privilege and he can do many other things
	  as well).  rewrite still in progress.
	  if you see any breakage with IPsec related operations, please report.
	* sys/netkey: attach better proposal/combination payload to acquire
	  message from the kernel.

2000-05-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat: printed per-interface IPv6 statistics.
	Please try
	% netstat [-p [ip6|icmp6] | -f inet6] -s -I if_name
	for printing statistics on a specified interface.

2000-05-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c (rip6_output):
	- fixed memory leak for outgoing ancillary data
        - use KAME's checksum offset option for outgoing packets
        - count statistics for outgoing ICMPv6 packets
        - be more friendly with nervous compilers
        - code cleanup

Sat May 13 JST 2000  itojun@iijlab.net
	* */usr.bin/telnet/commands.c: improve error message on invalid
	  port name.  gai_strerror() does not give enough detail.
	* netbsd/usr.sbin/inetd/inetd.c: improve error message on address
	  family mismatch.
	* sys/netinet6/icmp6.c: improve icmp6 node information support.
	  we have not been conformant to the latest specification (05).
	  the current code is a mixture of 05 draft and 03 draft.
	  need more fixes (see comment in code for detail).

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/gifconfig/gifconfig.c (in6_status): use getnameinfo
	(instead of inet_ntop) to print IPv6 addresses.

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4,openbsd}/sys/netinet6/in6_pcb.c (in6_setsockaddr): move
	the embedded link ID of a link-local address to the sin6_scope_id
	field in order to conceal the embedding hack from users.

2000-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6: supported the latest draft (dhcpv6-15).
	Note that this version is not compatible with the previous one,
	and thus you should update whole your DHCPv6 system including
	clients, relays and servers.

Thu May 11 19:28:22 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- fix to get lifetime/lifebyte from doi attribute.
	- fix to lifetime/lifebyte handling.
	  lifetime of 0 should not be included a packet.  0 of lifebyte should
	  not be included in a packet although 0 means not to care of the
	  lifetime of bytes.  If there is such case, it is rejected.
	- modify racoon.conf.5.
	- update version to 20000501 means proposal parser is fixed.

	They are reported from <Francis.Dupont@enst-bretagne.fr>.

Wed May 10 14:07:22 JST 2000  itojun@iijlab.net
	* sys/netinet/* (all platforms): correct more boundary checking issues
	  in ip options processing.  This was 4.4BSD issue, and all *BSD
	  platforms are not very careful in parsing ip options.
	  
Wed May 10 02:07:33 JST 2000  itojun@iijlab.net
	* sbin/ping6: correct outbound NI query packet with -aw.
	  we should have attached Subject data, which was defined in
	  04 draft. (we are now in 05)
	* sys/netinet6/icmp6.c: improve inbound NI query packet validation.

Tue May  9 22:11:56 JST 2000  itojun@iijlab.net
	* all platforms: correct NetBSD Security Advisory 2000-002, problem (2).
	  this applies to all BSD-based operating systems.  Kernel upgrade
	  is suggested if you run serious services with KAME kernel.

Mon May  8 23:24:34 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use tcpdump.org 2000/5/8
	  weekly snap.

Mon May  8 23:08:24 JST 2000  itojun@iijlab.net
	* libinet6/name6.c: correct resolver error code handling (h_errno,
	  like last arg for getipnodebyname).

Mon May  8 17:20:17 JST 2000  itojun@iijlab.net
	* freebsd4: ipsec now compiles (not tested at all).
	  brave testers wanted.

Sat May  6 01:48:14 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/{libpcap, tcpdump}: upgrade to 2000/05/01.
	* freebsd[23]/ports/tcp_wrapper: upgrade to latest IPv6 patch.
	* {freebsd[23]/ports,netbsd/pkgsrc/net}/mtr: upgrade to 0.42.
	* freebsd3/ports/vat6: upgrade to latest IPv6 patch.

Sat May  6 00:30:39 JST 2000  itojun@iijlab.net
	* */include/netdb.h, kame/libinet6/getnameinfo.c: 
	  2nd arg of getnameinfo() is socklen_t, not size_t.
	  this was changed somewhere before rfc2553.  we forgot to catch
	  up with the change.

Sat May  6 00:55:30 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mozilla: upgrade to M15. From: ume

Fri May  5 23:19:10 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3: INET6 and IPSEC* defines are moved from opt_inet.h to
	  opt_inet6.h and opt_ipsec.h

Fri May  5 15:59:21 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/in6_ifattach.c: stabilize in6_ifdetach() again.
	  previous code touched uninitialized pointers.
	* openbsd/sys/net/if.c: cope with pcmcia card removal.

2000-05-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6_proto.c (accept_listener_query): 
	corrected incoming MLD query message handling.

Thu May  4 13:10:16 JST 2000  itojun@iijlab.net
	* openbsd/lib/libinet6/getaddrinfo.c: translate resolver error codes
	  in h_errno into getaddrinfo error code.  without this, EAI_FAIL
	  is always returned and it made no sense.
	  From: deraadt@openbsd.org

Mon May  1 19:38:32 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump}: use 2000/5/1 weekly snap.

Mon May  1 18:24:04 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: avoid panic on ip6fw kernel configuration
	  on IPv6 packet outputs (usually, DAD on reboot).

Mon May  1 14:05:02 JST 2000  itojun@iijlab.net
	* kame/libinet6/name6.c: use BIND 4.9.7 DNS answer parser to remove
	  any of vulnerability old name6.c might have.

Mon May  1 12:22:53 JST 2000  itojun@iijlab.net
	* kame/libinet6: have more sanity check against validity of CNAME.
	  (there were some advisory about this in the past, IIRC)

<200004>
2000-04-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d: did timeout the MLD querier correctly.

2000-04-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c: call ip6_mrouter_done() when the
	ip6_mrouter socket is closed in order to avoid remaining a garbage
	socket in the kernel.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/ports/bind9/Makefile: upgraded to bind-9.0.0b2.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/cfparse.y:
	* kame/kame/pim6sd/pim6_proto.c (receive_pim6_bootstrap):
	ignored node-local and link-local group prefixes in the
	configuration file and received bootstrap messages.

2000-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): do not try NUD unless the
	gateway is a real neighbor. We can now enable NUD on a p2p link
	even when
	- assigning a pair of source and destinaion addresses on the p2p
	  link (with the /128 mask), or
	- installing a direct route to the p2p link using an AF_LINK
	  gateway or a node's own address on another interface.

Sat Apr 29 02:11:18 JST 2000  itojun@iijlab.net
	* freebsd4: fix various kame/freebsd4 sync issue, including KAME
	  PR 244.  there can be more issues left - pls report if you find one.
	* */libinet6/getaddrinfo.c, kame/libinet6/name6.c: correct
	  FILTER_V4MAPPED code.  avoid unaligned memory accesses.

2000-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd: filled the suggested hash mask length in
	bootstrap messages. Also, that field is now configurable.
	In response to a report from Olivier TOGNI
	<togni@dpt-info.u-strasbg.fr>.

Fri Apr 28 19:30:18 JST 2000  itojun@iijlab.net
	* ports/pkgsrc for zebra (openbsd, freebsd[23], netbsd):
	  upgrade to 0.86.

2000-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute6/traceroute6.c (main): always printed the
	source address of proving packets.

Fri Apr 28 13:34:27 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/rsync, netbsd/pkgsrc/net/rsync: upgrade to 2.4.3

Fri Apr 28 00:41:36 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: correct in6_ifdetach().
	  free oia, not ia.  there are more problems, Lennart says.
	  From: Lennart Augustsson <augustss@augustsson.net>

2000-04-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/udp_usrreq.c: removed udp6_output() to use a
	shared version defined in netinet6/udp6_output().

2000-04-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet/in_pcb.c (in_pcbnotify):
	* openbsd/sys/netinet/in_pcb.c (in_pcbnotifyall): 
	prevented an infinite loop, which could happen if an IPv6 PCB
	entry exists and notification to the PCB list occurs.
	OpenBSD users who use the 20000424 snap release are strongly
	recommended to apply this fix.

Thu Apr 27 12:32:34 JST 2000  itojun@iijlab.net
	* freebsd4/lib/libinet6/getaddrinfo.c: getaddrinfo.c obeys
	  configured resolve order.  From: ume

Thu Apr 27 10:35:47 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_send.c: disallow $HOSTALIASES for setuid binary.

Thu Apr 27 05:06:35 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	vendorid directive is obsoleted.  vendorid should not be configurable.

Wed Apr 26 21:23:49 JST 2000  itojun@iijlab.net
	* {net,open}bsd/lib/libinet6/getaddrinfo.c:
	  disable AI_ADDRCONFIG support since it does not handle PF_UNSPEC
	  case.  From: ume

Wed Apr 26 19:20:54 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_{comp,send}.c: incorporate strict boundary
	  checking from BIND 4.9.7.  simplify #ifdefs.
	* libinet6/resolv/res_send.c: force fragment to minimum IPv6 MTU when
	  we send a UDP query to IPv6 DNS server.  this avoids path MTU
	  discovery from affecting name resolution.

Wed Apr 26 17:44:18 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_query.c: clarify reasons for setbuf().
	* freebsd4: sync with latest gif and stf code (compiled, need more
	  testing)

Wed Apr 26 12:00:59 JST 2000  itojun@iijlab.net
	* libinet6/resolv: allow users to switch use of EDNS0 query packet,
	  by "options edns0" in /etc/resolv.conf.   BIND9 DNS server must be
	  listed on "nameserver" line if you use EDNS0 query packet, since
	  BIND4/8 will choke with EDNS0 packets.  highly experimental.
	  (not available in freebsd4 and bsdi4 due to resolver differences)

Tue Apr 25 16:46:56 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* v4 traceroute (in NAT-PT w/ v4NAT) works.

Tue Apr 25 16:21:24 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/ip_ipip.c: re-enable support for ipip interface.
	  sync with netbsd-current.

Tue Apr 25 11:39:22 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpr: allow lp=port@host. NetBSD PR 9975.
	* netbsd/usr.sbin/lpr: don't SEGV on rp=numerichost.
	  From: hiro@takechi.org

Tue Apr 25 04:09:09 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	* kame/kame/setkey:
	In the case of ICMP{,V6}, check address family and upper layer protocol.

Tue Apr 25 03:54:32 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	enable VPN negotiation again.

	XXX AS before, racoon can NOT negotiate the socket based SA.

2000-04-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/if.c (ifa_ifwithnet): reverted a change on
	2000-02-25, since the logic is not related with our latest code.

Mon Apr 24 22:13:09 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc (netbsd/freebsd2): upgrade to 4/24 snapshot.

Mon Apr 24 21:39:23 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- enable to define some algorithm each algorithm class.
	- use internal SPD, don't SPDGET in order to get SP entry.
	- fix to negotiate phase 2 with multiple transform in a single protocol.

Mon Apr 24 17:22:51 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improve phase 2 configuration and parse phase 2 SA payload.
	Racoon takes security protocols to be negotiated at phase 2 from
	kernel's SPD.
	User can define algorithms, lifetime and pfs by "sainfo" directive.

	XXX At the moment, racoon can NOT negotiate the SA for VPN.  Because
	I don't clarify to define the relation between the values of ID
	payloads and a pair of src/dst which cause the SA negotiation to
	begin. Also racoon can NOT negotiate the socket based SA.  Because
	there is not any SP entry for socket in the kernel's SPD.

Mon Apr 24 13:08:42 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.3.8.

Sun Apr 23 14:21:32 JST 2000  itojun@iijlab.net
	* freebsd2/usr.bin/ftp: use RFC2732 URL format for Host: HTTP directive.
	* openbsd/usr.bin/ftp: support RFC2732 URL format (bracket around
	  IPv6 numeric address).

2000-04-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): do not check scope
	boundary for packets through a PIM register tunnel. Without this
	change, an RP will not be able to forward packets received on a
	register tunnel. However, this blindly relies on the routing
	daemon's behavior. We'll eventually need more reliable fix.

2000-04-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/usr.bin/netstat/route.c (routename6): fill in the
	sin6_socpe_id field of a local variable to support
	<scope_addr>%<scope_id> extension.

Fri Apr 21 20:13:09 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet{,6}/in{,6}_pcb.c: on in{,6}_pcbnotify, make sure
	  to touch pcbs that meets address family of incoming packet.

2000-04-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/ip_output.c (in_mrejoin): skipped PF_INET6
	entries. This is a fix of a serious bug and should be applied if
	you use	IPv6 multicasting.

Thu Apr 20 21:32:02 JST 2000  itojun@iijlab.net
	* sbin/route/route.c (freebsd[23], netbsd, bsdi[34]):
	  use scoped address notation when printing IPv6 link-local multicast
	  addresses.

2000-04-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/ripng.c (rip_sockinit): do not bind ff02::9 on
	the RIPng socket. Without this fix, bgpd can't accept unicasted
	RIPng messages.
	In response to a report from masahito_endo@ydc.co.jp

Thu Apr 20 18:22:26 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc (netbsd): upgrade to 4/17 snapshot.
	* libpcap/tcpdump pkgsrc (openbsd): added port for 4/17 snapshot.

2000-04-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c (rip6_ctloutput): 
	- just (implicitly) call ip6_ctloutput for IPV6_CHECKSUM.
	- added multicast routing socket options.
	
Wed Apr 19 17:18:25 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* v4NAT in NATPT works.
	  - v4 traceroute does not work yet.  I will fix it soon.
	  - FTP active transfer process does not work.
	    When you want to use ftp, use passve mode instead of active.

Wed Apr 19 10:52:56 JST 2000  itojun@iijlab.net
	* sys/netinet{,6}/in{,6}_gif.c: do not attempt to transmit packet
	  if we are apparently making infinite loop.
	* sys/netinet6/in6_gif.c: always fragment encapsulated IPv6 packet
	  to minimum IPv6 MTU.  otherwise, inner layer (like IPv4 in
	  IPv4-in-IPv6) needs to retransmit to kick path MTU discovery in
	  the outer layer - too painful.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.c (ip6_mdq): added scope boundary
	check.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scope6config/scope6config.c: added to configure and
	view the scope zone identifiers of a particular interface.
	XXX: should eventually be merged into ifconfig or something.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/scope6.c: added to configure/mangement IPv6
	scopes. Two new ioctls were also added to set/get scope zone
	identifiers.

Tue Apr 18 13:12:40 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/udp6_output.c: for better code sharing, split
	  udp6_output() from udp6_usrreq.c.

Tue Apr 18 12:44:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	improve phase1 DH group check.
	dh_group must be defined by each proposal in a configuration file.

2000-04-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6relay.c: added to support DHCPv6 relay
	agent. The implementation currently handles DHCP Solicit and
	Advertise messages only.

Tue Apr 18 03:10:01 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mmosaic: multicast Mosaic.

Tue Apr 18 02:35:54 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- use getifaddrs to get addresses.
	- fix to define logging level by hexa-decimal string.
	- tiny fix to print error/warn message during parsing configuration
	  file.

2000-04-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/udp6_usrreq.c (udp6_output): 
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_output):
	considered byte order of an embedded link-identifier.

Mon Apr 17 20:32:27 JST 2000  kjc@csl.sony.co.jp
	* add ALTQ support to freebsd4.

Mon Apr 17 21:05:48 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: support priority between attached
	  interfaces.  see comments for more detail.
	* sys/net/if_gif.c: gif prioritized match support (between LINK0 and
	  !LINK0 - LINK0 is less preferred) is now recovered.

Mon Apr 17 15:52:19 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.7.

Mon Apr 17 13:32:48 JST 2000  itojun@iijlab.net
	* kame/ndp/ndp.c: remove leftover from IPv4 arp logic in set() and
	  delete().  this caused infinite loop in certain oruting setup.

Mon Apr 17 11:37:44 JST 2000  itojun@iijlab.net
	* sys/netinet/in_gif.c: reject packets with IPv4 broadcast address
	  on outer IPv4 source.  this is suggested in ngtrans-mech-05.

2000-04-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6[cs].c: tiny clarifications;
	- shutdown(0) for write only sockets
	- do not set IPV6_MULTICAST_IF for a read-only socket.

Fri Apr 14 18:18:18 JST 2000  itojun@iijlab.net
	* ports/pkgsrc for libpcap and tcpdump (freebsd[23], netbsd):
	  upgrade to use 2000/4/3 snapshot.

Fri Apr 14 17:39:27 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: simplify gif interface attachment to ip_encap
	  dispatcher.  add martian/ingress filters against outer source,
	  as suggested in ngtrans-mech-05.

Fri Apr 14 13:26:44 JST 2000  itojun@iijlab.net
	* openbsd/sys/netinet/tcp_input.c: use path MTU value on routing
	  table when computing MSS, only if layer 3 supports path MTU
	  discovery.  (openbsd has no IPv4 path mtu discovery.  a node may
	  propose too large mss if we use rmx_mtu value)
	  From: Hugh Graham <hugh@openbsd.org>

Fri Apr 14 01:00:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: require root privilege on IPV6_REACHCONF
	  ancillary message (experimental, from jinmei).

Thu Apr 13 23:13:52 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: correct icmp6 extension header traversal,
	  to avoid sending icmp6 error against icmp6 error.  found by
	  TAHI test.

2000-04-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[34]/sys/netinet/tcp_input.c (tcp_input): do not call
	ND6_HINT() if the connection status is LISTEN.

2000-04-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_nud_hint): do not change a
	neighbor's status unless the old status is probably reachable
	(i.e. the link-layer address has already been resolved).
	In response to: KAME PR sys/235.

Wed Apr 12 22:11:02 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/ncftp3, netbsd/pkgsrc/net/ncftp3: upgrade to 3.0.1.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/dhcp6/dhcp6[cs].c: tiny fixes to decrease compilation
	errors;
	- corrected arguments for inet_pton().
	- supplemented a header file.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6.c (accept_mld6): reflected the change
	of mrt6msg{}; check the overlaid MLD6 type field instead of
	msg_controllen to detect if received packets are control messages
	or real MLD6 messages.

2000-04-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_mroute.h: changed the order of members of
	mrt6msg{} to overlay the structure onto the MLD6 header (not IPv6
	header.)
	Suggested by: pavlin@catarina.usc.edu

Wed Apr 12 13:28:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mbone/vat6: pkgsrc for vat6 (IPv6-ready vat).
	  From: ichiro@ichiro.org

Wed Apr 12 01:24:40 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: cleanup IPv6 interface initialization
	  in in6_ifattach().  be more persistent about initialization,
	  to cope with manually configured link-locals.

2000-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/gifconfig/gifconfig.c: supported a new description
	"gifconfig ifname delete", which removes already specified physical
	addresses on the interface.

2000-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_ioctl): supported a new ioctl
	SIOCDIFPHYADDR in order to allow a user to remove
	already specified physical addresses on a gif interface.

Tue Apr 11 14:58:10 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: revise interface identifier lookup.
	  we no longer cache EUI64, due to KAME PR 236.
	  NOTE: you may see interface identifier changes due to lookup
	  policy change.  be careful when you upgrade the kernel (you may
	  experience address mismatch with DNS database, for example)

Mon Apr 10 14:38:00 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/sendmail.beta, freebsd2/ports/sendmail.beta:
	  use 8.10.1. (not really beta already...)

Sat Apr  8 09:49:57 JST 2000  itojun@iijlab.net
	* gated-ipv6 ports/pkgsrc (netbsd/freebsd[23]): upgrade to 3/9 snapshot.

Fri Apr  7 23:14:53 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.6.

Thu Apr  6 14:41:26 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: reject spdadd if address family does not match
	  between SA address pair and SPD filter.  for example, the following
	  attempt will return EINVAL:
	    # setkey -c
	    spdadd ::1 ::1 any -P out ipsec esp/tunnel/10.1.1.1-10.1.1.1/use;
	    ^D

Thu Apr  6 14:51:03 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon/cfparse.y:
	  disable algorithm direcitive.
	  if there is in the config file, parser will bark as warning.
	  if strength is used the file, parser will stop to parse config file.

Tue Apr  4 17:48:20 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: support IPV6_USE_MIN_MTU in 2292bis
	  advanced API.  We support it in setsockopt (IPv6 UDP only) and
	  in ancillary data.

Mon Apr  3 12:36:01 JST 2000  itojun@iijlab.net
	* */lib/libpcap, */usr.sbin/tcpdump: remove to avoid duplicated effort
	  with tcpdump.org.  if you want them, use pkgsrc/ports.

Mon Apr  3 12:15:32 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/heimdal: use 0.2r.

Mon Apr  3 09:52:23 JST 2000  itojun@iijlab.net
	* libpcap/tcpdump pkgsrc/ports (freebsd[23], netbsd):
	  upgrade to 2000/3/27 weekly snapshot.

Sun Apr  2 22:05:03 JST 2000  itojun@iijlab.net
	* totd pkgsrc/ports (openbsd, netbsd, freebsd[23]): upgrade to 1.1p4.

Sat Apr  1 22:47:12 JST 2000  itojun@iijlab.net
	* sys/sys/socket.h (all platforms): avoid namespace pollution
	  for CMSG_ALIGN().

<200003>
Thu Mar 30 2000  itojun@iijlab.net
	* libinet6: by defining USE_EDNS0, resolver will make queries with
	  EDNS0 UDP buffer size report. (experimental since BIND4/8 chokes
	  with EDNS0 packet)

Thu Mar 30 14:10:35 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4: turn off gif and faith temporally.
	  basic catching up was done. I checked ping[46]/telnet6/ssh[46]
	  work on KAME-current/FreeBSD4.
	  (Now I have alpha box only. I do not check it on x86 environment)
	  TODO:
	    gif, faith, altq, IPsec(encap4_input), mip6, natpt
	* freebsd2/ports/emacs20: upgrade to 20.6.

Wed Mar 29 16:34:20 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ncftp3: upgrade to 3.0.0.
	* freebsd3: remove MAPPED_ADDR_ENABLED option to easily code
	  sharing with freebsd4. you can turn on/off mapped-addr
	  supporting by sysctl instead of it.

Wed Mar 29 16:00:24 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: use bind 9.0.0beta2.

Tue Mar 28 23:09:59 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: SIIT assumes that routers forward native
	  IPv6 packet with IPv4 mapped address just like for normal packets.
	  move IPv4 mapped address src/dst check downwards.
	* sys/net/if_stf.c: make IPv4 ingress filtering rule more strict.
	  drop packet if there's no route found for IPv4 source, or
	  IPv4 compatible IPv6 source.

Tue Mar 28 21:45:54 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/ncftp3: upgrade to 3.0.0.

Tue Mar 28 10:35:50 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/socks64: upgrade to latest patch.

Tue Mar 28 09:03:03 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/devel/unproven-pthreads: upgrade to 0.12.

Tue Mar 28 00:40:38 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/isakmpd: OpenBSD isakmpd snapshot as of
	  2000/2/20.

Sun Mar 26 20:05:55 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.3.4.

Sat Mar 25 16:55:37 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd4/sys: import FreeBSD 4.0-RELEASE. This is just
	  virgin import. Migration does not ended yet.

Sat Mar 25 14:52:06 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/socks64: upgrade to latest patch.

Thu Mar 23 02:36:12 JST 2000  itojun@iijlab.net
	* kame/route6d: don't advertise reject/blackhole static routes.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/udp_usrreq.c (udp6_output): was copied from
	netinet6/udp6_usrreq.c to separate UDP output routine from that of
	IPv4, since KAME's UDP6 output had completely different logic from
	original udp_output.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_src.c (in6_pcbsetport): was moved from
	in6_src.c for sharing with bsdi4.

2000-03-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd: retained rejected or blackhole routes to prevent
	accepting or advertising such routes unexpectedly.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[23]/sbin/route/route.c (getaddr): use getifaddrs() instead
	of SIOCGIFCONF to examine all interface addresses.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {freebsd[23], bsdi[34]}/sbin/route/route.c: supported extended
	format for IPv6 scoped addresses. For example, you can install an
	IPv6 link-local gateway like
	# route add add -inet6 3ffe:: fe80::1234%ed0 -prefixlen 16
	instead of
	# route add add -inet6 3ffe:: fe80:1::1234 -prefixlen 16
	(where 1 embedded in the link-local address is the inteface index
	 of ed0).
	
Wed Mar 22 17:57:21 JST 2000  itojun@iijlab.net
	* netbsd: synchronize userland with 1.4.1 -> 1.4.2 changes.
	  TODO: boot floppies (netbsd/distrib).

Wed Mar 22 16:29:19 JST 2000  itojun@iijlab.net
	* {ports,pkgsrc}/net/bind8: upgrade to latest patch.  this avoids
	  invalid use of netinet6/in6.h.

2000-03-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtadvd/dump.c: supported the SIGUSR1 signal to let
	rtadvd dump its internal status into a file upon receipt of the
	signal.

Wed Mar 22 16:12:02 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	- improve key_spdget() to get a policy by policy id.
	- add key_spddelete2() to delete policy by policy id.
	* kame/sys/net/pfkeyv2.h:
	- add a new member, sadb_x_policy_id, into sadb_x_policy structure.
	- add a new message type, SADB_X_SPDDELETE2 in order to distinguish
	  key_spddelete().
	* kame/kame/libipsec:
	- simplify pfkey_send_spdget(). no require src/dst addresses.
	- add pfkey_send_spddelete2() to delete policy by policy id.

Wed Mar 22 15:52:48 JST 2000  itojun@iijlab.net
	* netbsd/sys: synchronize with NetBSD 1.4.2.  userland still needs
	  some work.

2000-03-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_ctloutput): set the
	INP_IPV6_MCAST flag after ip6_setmoptions() for an NRL pcb.
	Without this, bsdi4/openbsd would panic when an application using
	IPv6 multicasting is terminated.
	This fix would solve KAME PR sys/224.

Tue Mar 21 21:56:04 JST 2000  itojun@iijlab.net
	* freebsd[23]/sys/kern/uipc_socket.c: correct freebsd bug in sanity
	  check for socket timeout value.  netbsd uipc_socket.c 1.18 -> 1.19.
	  (FreeBSD PR should be issued separately)
	  From: Eric Lemiere <elemiere@matra-ms2i.fr>

Tue Mar 21 18:23:14 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: disable too strong check against
	  packets with IPv4 compatible address.  this (wrongly) forbids
	  auto tunnel relaying case in RFC1933.  we may want to re-enable it
	  whenever mech-xx discussion goes to more secure settings.

Mon Mar 20 21:16:30 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{libpcap,tcpdump},
	  freebsd[23]/ports/{libpcap,tcpdump}: upgrade to weekly snapshot
	  as of 2000/03/20.
	* netbsd/pkgsrc/mail/sendmail.beta, freebsd2/ports/sendmail.beta:
	  upgrade to 8.10.0 (not really beta).

2000-03-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c (nd6_output): just sent packets on a p2p
	interface where NUD is disabled. Without this fix, the following
	would not work:
	# route add -inet6 default ::1 -ifp gif0
	Also note that you'll have to do like
	# ndp -i gif0 -nud
	to disable NUD.

Sat Mar 18 12:09:15 JST 2000  itojun@iijlab.net
	* sync with latest ericsson mobile-ip6.
	  major changes include:
	  - options MIP6_{MN,HA} gone. SIOCSATTACH_MIP6 now selects MN or HA
	    functionality.  Same usage as before.
	  - Memory leaks, bug and other irritating things found and eliminated.
	  - Code clean-up.
	  - Pretty stable thing now (in FreeBSD3), we tortured it a bit at
	    Connectathon.
	  - Better source address selection.
	  - Delete neighbor cache working better?
	  - README and TODO updated.
	  - Proxy delete implemented.

Sat Mar 18 10:27:03 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/mtr: install binary as non-suid root.
	  unbroken pkgsrc.

Sat Mar 18 01:16:26 JST 2000  itojun@iijlab.net
	* ports/packages for mtr and lynx: mark them BROKEN for vulnerability
	  reported on bugtraq.  we recommend you to remove them from your KAME
	  box by using pkg_delete(8), if you have installed them.

Sat Mar 18 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/sys/netinet/in.c, sys/netinet6/in6.c: backout
	  memory leak fix on interface address addition failure, added
	  Mar 11 2000.  the fix was too strict and made it impossible to
	  add two interface addresses in same prefix.
	  KAME PR 218.  From: Kazuto Ushioda <x-y-z@3si.co.jp>

Thu Mar 16 22:33:52 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: in res_queryN,
	  try to visit all of the requests given.  don't stop even if
	  AAAA query returns SERVFAIL.  some of old name servers return
	  SERVFAIL or NXDOMAIN on AAAA queries, if there's no AAAA records.
	  NetBSD PR: 9621

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6sd/cfparse.y: correclty parsed data_timeout
	In response to a report from <Benoit.HILT@colmar.uha.fr>

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ndp/ndp.c: added additional arguments for the -i
	option to set some ND-related parameters per i/f basis.
	Note: you should update kernel and include files before
	recompiling ndp.

2000-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/nd6.c: performed NUD on p2p links. A new
	member of nd_ifinio{} and a new ioctl (SIOCSIFINFO_FLAGS) were
	added to turn on/off the feature.

2000-03-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c: added a new option 'H', which specifies
	to try reverse-lookup of IPv6 addresses. ping6 now does not try
	reverse-lookup by default. We hope that this change will decrease
	a report like "ping6 does not work with a global address".

Tue Mar 14 10:04:42 JST 2000  itojun@iijlab.net
	* libinet6/getnameinfo.c: configure return value correctly, when
	  name lookup is asked and there's no DNS records.
	  KAME PR: 222, From: Noriaki Takamiya

Mon Mar 13 21:29:32 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: fix error handling in
	  YP name lookup.
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c, kame/libinet6/name6.c:
	  filter out IPv4 mapped address in DNS/YP/hosts database, as they
	  are not supposed to appear on those places.  There are real-world
	  example with incorrect use exist, and it makes trouble with
	  IPv6-only node.

Mon Mar 13 19:36:55 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	Add "strict_address" in listen directive.  It requires all addresses
	for ISAKMP to be bound.

Mon Mar 13 14:09:54 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/{tcpdump,libpcap}, freebsd2/ports/{tcpdump,libpcap}:
	  upgrade to 20000228.

Sun Mar 12 13:58:34 JST 2000  itojun@iijlab.net
	* {openbsd,netbsd}/sys/netinet/in.c: undo interface address addition
	  attempt, when in_ifinit() fails.

Sun Mar 12 11:06:55 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc,openbsd/ports}/net/zebra, freebsd2/ports/zebra:
	  upgrade to 0.85.

Sun Mar 12 00:25:06 JST 2000  itojun@iijlab.net
	* sys/net/if_stf.c: now compiles on all the platforms we have.
	  (freebsd3 compilation is not tested by myself).  TODO: more tests
	* {bsdi3,bsdi4,freebsd2,freebsd3}/sys/net/if_types.h: move private
	  interface types to 0xf0 and upwards.

Fri Mar 10 23:00:45 JST 2000  itojun@iijlab.net
	* {bsdi3,bsdi4,freebsd2,netbsd,openbsd}/sys/net/rtsock.c: fix problem
	  in route_output, when rnh_lookup returned RNF_ROOT radix node.
	  This seems to be BSD problem, not KAME problem.
	  (freebsd3 have already fixed this in a different manner)
	  openbsd/netbsd-current are fixed as well.
	  KAME PR: 217

Fri Mar 10 06:11:03 JST 2000  itojun@iijlab.net
	* sys/netinet/icmp6.h: fix member name of icmp6_filter to be
	  compatible with RFC2292. (member name is icmp6_filt, not icmp6_filter)
	  From: Francis Dupont

Fri Mar 10 01:05:05 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_core.c: add strict mbuf boundary checks for IPv4/v6
	  AH computation.  now IPv4/v6 AH processing are m_pulldown safe.

Thu Mar  9 22:15:33 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey,netinet6:
	implement pfkey function for policy management.
		key_spdupdate() replace a policy entry.
		key_spdsetidx() set a policy index.
		key_spdget() gets a policy entry.
		key_spdacquire() send request for starting IKE nagotiation.
	XXX key_spdacquire() is not tested.

Thu Mar  9 22:08:17 JST 2000 sakane@ydc.co.jp
	* kame/kame/libipsec/pfkey.c:
	implement pfkey libraries.
		pfkey_send_spdupdate() replace a policy entry.
		pfkey_send_spdsetidx() set a policy index.
		pfkey_send_spdget() gets a policy entry.

Thu Mar  9 18:06:30 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_output.c: avoid mbuf memory leak, or unauthenticated
	  packet transmission, on IPv6 AH checksum failure.

Thu Mar  9 17:48:58 JST 2000 sakane@ydc.co.jp
	* kame/freebsd3/sys/netinet/ip_output.c
	* kame/kame/sys/netinet6/ip6_output.c:
	- Fix ipsec_get_policy().
	- Avoid double free of mbuf.  it has been free when error occured
	  at soopt_mcopyout().
	They are only in FreeBSD3.  Not tested yet in Others paltforms.

Thu Mar  9 17:40:46 JST 2000 sakane@ydc.co.jp
	* kame/kame/libipsec/test-policy.c:
	  Improved test program for ipsec_{set|get}_policy.

Thu Mar  9 15:06:53 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* Add v4 NAT into NATPT.
	* Now, Options NATPT_NAT is necessary to use this function,
	  but this option becomes needless soon.

2000-03-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd3/sys/netinet/tcp_input.c (tcp_input): did not try to
	access to ip6_inputopts unless it's really an IPv6 packet.
	In response to: a report from Noriaki Takamiya
	<takamiya@po.ntts.co.jp>

Thu Mar  9 09:41:53 JST 2000  itojun@iijlab.net
	* sys/netinet6/ah_core.c: except the first AH, treat AH checksum as
	  immutable if there are multiple AH present on a packet.
	  note that AH spec does not talk about this case very much, and use
	  of multiple AH is very rare.
	  (no interoperability between KAME code prior to this change, and
	  after this change)
	* bgpd/cfparse.y: fix endian issue.  found by tahi team.

2000-03-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/scopedaddrtest: was added to check the precise
	behavior of KAME's scoped address support in the getXXXinfo
	functions.

2000-03-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (getnameinfo): tried to parse
	IPv6 scoped addresses according to the new format
	(<addr>%<scopeid>).
	* kame/kame/libinet6/getnameinfo.c (ip6_parsenumeric): was added
	for the above purpose.

Tue Mar  7 19:10:21 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- Fixed to check OpenSSL version number.  reported by
	  <stomomi@ebina.hitachi.co.jp>.
	- Since we don't support pre-0.9.4 any more, drop INCLUDE_PATH_OPENSSL,
	  SSLVER and HAVE_OPENSSLV_H

Tue Mar  7 11:36:03 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	enable SADB_X_SPDSETIDX.  It can set a policy index into SPD.

2000-03-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6dd/pim6.c (init_pim6): corrected the initilization
	process so that pim6dd does not access to NULL pointers.
	From: Olivier TOGNI <togni@dpt-info.u-strasbg.fr>

Tue Mar  7 07:16:29 JST 2000 sakane@ydc.co.jp
	* kame/kame/setkey:
	Fix replay window size as default to 0 when manual setting.
	It means responder doesn't check sequence number.

Mon Mar  6 16:54:29 JST 2000  itojun@iijlab.net
	* kame/libinet6/getnameinfo.c: comment out NI_NOFQDN support,
	  since the behavior is specwise incorrect.

Mon Mar  6 13:38:59 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: add new api, encap_attach_func(), which
	  allows you to attach decapsulator with packet matcher function.
	* sys/net/if_stf.c: 6to4 tunnel support. (compiles on netbsd only at
	  this moment)

Mon Mar  6 11:19:24 JST 2000  itojun@iijlab.net
	* netbsd/libexec/{rlogind,rshd}/{rlogind,rshd}.c:
	  reject connection from IPv4 mapped address (IPv4 connection via
	  AF_INET6 socket).

Sun Mar  5 11:41:24 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: correct SA lookup, so that we can always get/use
	  proper SA even if we use sendto(2).
	  From: Greg Troxel <gdt@ir.bbn.com>

Sat Mar  4 02:01:16 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.4.

Fri Mar  3 22:11:59 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/sys/netinet/ip_input.c: remove merge mistake,
	  which affected TTL value for ressembled packet.  NetBSD PR 9412.

Fri Mar  3 00:36:58 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/w3m: upgrade to 0.1.6.

Thu Mar  2 21:30:50 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/usr.bin/{fstat, sockstat}: support AF_INET6.
	* freebsd3/ports/{v6eval, ct}: upgrade to 0.6 but this port is now
	  broken.

2000-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/dump.c: used %qu instead of %llu for printing
	a u_quad_t value.
	XXX: although %qu is not standardized, FreeBSD 3.1 and olders do
	not handle %llu correctly.

Thu Mar  2 16:44:18 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: for IPv6 address, don't configure broadcast
	  address (ifa_dstaddr) in ifaddr structure.  this is to avoid
	  returning broadcast addresses via routing socket.
	  From: Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>

2000-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ifmcstat/ifmcstat.c (ifname): corrected invalid access
	to kernel internal pointers in !(nbsd||obsd) cases.

Thu Mar  2 02:01:48 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*.c: bring in update from ericsson for mobile-ip6.

Wed Mar  1 18:46:24 JST 2000 sakane@ydc.co.jp
	* kame/kame/setkey:
	  Fix to delete a SPD entry.  "spddelete" can work.

Wed Mar  1 18:36:27 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/emacs: upgrade to 20.6.

Wed Mar  1 12:38:07 JST 2000  itojun@iijlab.net
	* libpcap/gencode.c: fix "ip host foo" or "ip6 host foo" where foo has
	  both A and AAAA.  From: Bill Fenner, FreeBSD PR: 17083

Wed Mar  1 03:27:06 JST 2000  itojun@iijlab.net
	* libinet6/rthdr.c: fix alignment constraint in rthdr_*.
	  From: shin@kame.net for freebsd-current
	* */sys/kern/uipc_socket2.c: fix ancillary data padding at the end,
	  in sbcreatecontrol().

Wed Mar  1 01:30:43 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/udp_usrreq.c: always use in4_cksum() for
	  inbound udp4 checksum.
	* bsdi4/sys/netinet/udp_usrreq.c: always use in4_cksum() for inbound
	  udp4 checksum.  fix ipsec checks on multicast.  add jumbogram
	  consideration a bit.  undo temporary pcbconnect correctly on
	  udp6 scope check failure.

<200002>
Tue Feb 29 13:30:10 JST 2000  itojun@iijlab.net
	* */sys/netinet{,6}/in{,6}_proto.c: call encap_init().  From: jinmei
	* */sys/netinet{,6}/tcp{,6}_subr.c: make sure to send valid TCP window
	  size option, even when we have socket buffer size >= 65536.
	  FreeBSD PR 16914.

Mon Feb 28 23:26:03 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/icmp6.c: fix ICMPv6 redirect input.  the bug
	  can result in invalid ND entry.

Mon Feb 28 20:14:15 JST 2000  itojun@iijlab.net
	* kame/sys/netinet*/*.h: wrap xxCTL_VARS by #ifdef __bsdi__,
	  since it is only for BSDI.

Mon Feb 28 19:01:44 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpr/lpd: fix breakage due to unsynchronized change
	  between rcmd.c and lpd.c (lpd should be reorganized to not use
	  __ivaliduser_sa...).

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/ping6/ping6.c (main): added a new modifier "c" for the
	-a option, which means target's IPv4 compatible and IPv4 mapped
	addresses are required.

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/icmp6.h (NI_NODEADDR_FLAG_xxx): rearranged
	according to ipngwg-icmp-name-lookups-05.
	Note: this version is not compatible with previous ones.

2000-02-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/{advapitest, bgpd, pim6dd, pim6sd, rtsold, rrenumd,
	traceroute6, rtadvd}: treated CMSG_SPACE() as a function, not a
	constant macro, and avoided to put it in a definition of a static
	array as a result.

Sun Feb 27 18:27:51 JST 2000  itojun@iijlab.net
	* libinet6/resolv/res_init.c: allow extended scoped IPv6 address format
	  into "nameserver" line in /etc/resolv.conf.

Sun Feb 27 17:49:32 JST 2000  itojun@iijlab.net
	* {netbsd,openbsd}/lib/libinet6/getaddrinfo.c: add OS-specific
	  getaddrinfo, which keeps search order declared in /etc/nsswitch.conf
	  or /etc/resolv.conf.

Sun Feb 27 16:43:04 JST 2000  itojun@iijlab.net
	* */sys/sys/socket.h: use ALIGNBYTES, instead of sizeof(long) - 1,
	  for CMSG alignment.  without it CMSG alignment is not spec
	  conformant if
		ALIGNBYTES > sizeof(long) - 1.
	  this add dependency from sys/socket.h to machine/param.h - which may
	  not be right.

	  NOTE: recompile all IPv6 userland, if you are on architecture
	  with ALIGNBYTES != sizeof(long) - 1.
	  TODO: make it future adaptable by using sysctl hw.alignbytes.
	  (maybe for *bsd-current?)

Sat Feb 26 20:46:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_input.c: with IPv6 ESP, correctly handle
	  off != sizeof(ip6) case.
	* sys/netinet6/ah_input.c: with IPv4 AH (m_pulldown case),
	  strip off AH from the packet.  this is to make some of IPv4
	  transport layer code work correctly (specifically, ICMPv4 will
	  transmit wrong packet if we don't strip AH here)

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/tcp_input.c (tcp_input): made the variable
	"ip" consistent with "ip6" in order to avoid possible pointer
	mismatches.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet/in_gif.c (in_gif_ioctl):
	* kame/sys/netinet6/in6_gif.c (in6_gif_ioctl):
	  - prevented in[6]_gif_ioctl from making dangling pointers after
	    freeing old ones. Without this fix, kernel would panic when we
	    tried to execute gifconfig multiple times on a single gif.
	  - call encap_detach before encap_attach().
	    If detach was called after attach, we'd not be able to delete
	    an existing pair of phyaddrs.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi[34]/sys/netinet/in.c (in_control): called gif_ioctl() for
	gif related ioctls. We need this for initializing encapsulation
	switch.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c: filled a valid pointer in
	af_stab[MASK] of the afswitch structure for IPv6.
	Disabled inet6_auto(), since KAME assigns a link-local address in
	the kernel.

2000-02-26  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/v6test/getconfig.c (make_ip6): made ipv6 version and
	traffic class fields configurable.
	* kame/kame/v6test/conf/ext.conf: added new tests "badver" and
	"tclass" to aset non-default values to version and traffic class
	fields, respectively.

Sat Feb 26 03:03:21 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/heimdal: upgrade to 0.2q.
	* openbsd: sys tree was broken for 4 days since "m->m_pkthdr.aux"
	  change.  sorry for this.  now we properly initialize aux pointer
	  and the kernel boots fine.

Fri Feb 25 18:03:58 JST 2000  itojun@iijlab.net
	* kame/traceroute/ifaddrlist.c: ignore 0.0.0.0, it is meaningless
	  as source.  if you run ISC DHCP client and lease expires, the address
	  appears as interface address.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/if.c (ifa_ifwithnet):
	* bsdi4/sys/net/route.c (ifa_ifwithroute):
	loosened restriction on p2p interfaces. It was too strict for
	KAME's IPv6 support.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {(net|open)bsd, freebsd3}/sys/netinet/tcp_input.c:
	* kame/sys/netinet6/tcp6_input.c:
	prevented from storing 2292bis IPv6 options in a listening
	socket. Ancillary data on a listening socket was meaningless and
	even harmful for applications.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	RFC2292bis support:
	* bsdi4/sys/netinet/tcp_output.c (tcp_output): 	
	  passed IPv6 output options to ip6_ouput().
	* bsdi4/sys/netinet/tcp_input.c: 
	  passed specified IPv6 optional data to a user as ancillary data.
	* bsdi4/sys/netinet/in_pcb.c (in_pcbdetach):
	  fixed memory leak of received IPv6 options.

2000-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getnameinfo.c (ip6_sa2str, getnameinfo):
	  changes according to the recent discussion:
	  - always print scope_id of an IPv6 address with non-zero
	    sin6_scope_id (by default), even for a global unicast address.
	  - use numeric numbers as the last resort of a scope_id string.

Fri Feb 25 01:49:00 JST 2000  itojun@iijlab.net
	* */sys/net/rtsock.c: wrap BBN hack (honor ifp/ifa on RTM_ADD),
	  into #ifdef BBNHACK.  it conflicts with proxy NDP and mobile-ip6.
	  (see CHANGELOG entry on Tue Nov 17 14:57:51)

Fri Feb 25 01:34:11 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: net.inet6.icmp6.nd6_proxyall was obsoleted.
	  use "ndp -s <v6> <mac> proxy" if you need the same functionality.

Fri Feb 25 01:34:37 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/openssh: make buildable.
	* freebsd3/ports/heimdal: upgrade to 0.2q.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/{traceroute6, ping6}/Makefile: enabled IPsec
	related	definitions.

Thu Feb 24 18:59:14 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_icmp.c (except openbsd):
	  don't transmit ICMPv4 packet back if the original packet was
	  encrypted.  if we send those, we may mistakingly leak secret
	  information.  From: jinmei

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/vmstat: was just imported. We don't have to
	modify the code, but it should be recompiled to support additional
	memory types used in the kernel.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_control): clarified address
	management ioctls:
	- invalidated SIOCSIFDSTADDR_IN6 and SIOCSIFNETMASK_IN6. They are
	  not very suitable in an IPv6 era, when we can assign multiple
	  addresses on a single interface.
	- added strict validations for address families of arguments.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/usr.sbin/netstat/{main.c, inet6.c(added)}: printed KAME's
	statistics for IPv6 and ICMPv6 instead of original ones.

Thu Feb 24 JST 2000  itojun@iijlab.net
	* libinet6/getifaddrs.c: bring in freeifaddrs().  this is in sync
	  with bsdi4 change.  From: dab@bsdi.com
	* bsdi4: enable kernel IPsec code by default.  it looks to be working
	  fine now, thanks to jinmei's efforts.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ah_input.c (ah4_input): prevented
	re-translating the byte order of the ip_id field on bsdi4.

2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/netstat/ipsec.c: 
	* bsdi4/usr.sbin/netstat:
	modified to print KAME's IPsec statistics.
	
2000-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/traceroute/traceroute.c (send_probe): 
	* bsdi4/usr.sbin/traceroute/Makefile: 
	changed a bit to calculate a UDP checksum correctly on bsdi4.

Wed Feb 24 08:49:50 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	 enbale to define DH group by a number of group.
	 old way to define like "modp768" is kept.

Wed Feb 23 21:26:21 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  fixed to compute RSA signature.  SIGN was computed including OID.
	  Now, racoon gets a interoperability with isakmp-test.ssh.fi.
	  TODO: must be check the signer of certificate.

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* (all OSes)/usr.sbin/{bgpd, pim6[ds]d}/Makefile: added the
	-DHAVE_GETIFADDRS compile option.
	Note: please be sure to update the whole tree, do "make prepare",
	update include files, and then rebuild the whole kit.

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/config.c (config_vifs_from_kernel): used
	getifaddrs().

2000-02-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.pco.jp>
	* kame/kame/bgpd/if.c (ifconfig): use getifaddrs (if available)
	instead of SIOCGIFCONF, since the former interface is more
	friendly and safer.

Wed Feb 23 JST 2000  itojun@iijlab.net
	* libinet6/getifaddrs.c: bring in getifaddrs(3) from BSDI4 (it is
	  under redistributable Berkeley license).  SIOCGIFCONF is very hard to
	  use correctly, due to (1) alignment constraints in 64bit arch
	  (2) try-and-error memory allocation since there's no way to estimate
	  required buffer size beforehand.  We hope to bring this function
	  into *BSD.

Tue Feb 22 14:56:59 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd2/ports/openssh: upgrade to 1.2.2 and mark as broken. we
	  need volunteers to make buildable this port.

Tue Feb 22 00:59:54 JST 2000  itojun@iijlab.net
	* sys/kern/uipc_mbuf{,2}.c, sys/sys/mbuf.h: allow mbuf attachment to
	  m->m_pkthdr.aux.  this would be useful to pass around extra
	  information across protocol handlers.  current consumers are
	  sys/netinet/ip_encap.c (extra data passing - mainly for struct ifnet)
	  and sys/netinet6/ipsec.c (socket policy passing).
	  careful about mbuf memory leak if you try using it...

	  NOTE: it is necessary to clear m_pkthdr on mbuf allocation.
	  there are drivers that does NOT use MGETHDR to allocate packet
	  header mbuf.  these drivers may need fixes.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/(several files): added initialization for IPsec. Now
	the kernel can be built and run with the IPSEC option (though we
	may need some more work to stabilize it).

Mon Feb 21 20:48:13 JST 2000  itojun@iijlab.net
	* {freebsd[23],netbsd}/usr.sbin/racoon/Makefile.inc:
	  add library paths for "USA resident" case (link separate librsaref).

Mon Feb 21 15:53:56 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/www/apache: upgrade to 1.3.11 with IPv6 patch.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/net/zlib.[ch]: were (blindly) copied from
	bsdi3/sys/net/. The kernel will be able to be built with the IPSEC
	option with these files, but we've not fully tested the KAME IPsec
	stuff on bsdi4. Please do not try it for now.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/conf/files: removed ptr_xxx functions, which have been
	obsoleted.

Mon Feb 21 13:42:28 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd3/ports,netbsd/pkgsrc/security}/heimdal: upgrade to 0.2p.

2000-02-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd: tons of changes and improvements including:
	+ static routes support
	+ input/output filter for BGP4+ routes
	+ configurable description about RIPng interfaces and BGP4+ peers
	+ exportation of interface direct routes to IBGP peers
	+ configurable logging level
	+ collecting much more statistics
	+ new configuration parser using lex and yacc
	(TODO: revise bgpd.conf.5 accordingly)

Sun Feb 20 23:45:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/{tcpdump,libpcap}: upgrade to 2/14 weekly snapshot.
	* freebsd[23]/ports/apache13: upgrade to latest IPv6 patch.

Sat Feb 19 22:12:10 JST 2000  itojun@iijlab.net
	* sys/netinet6: sync with latest ericsson mobile-ip6.
	* sys/netinet/ip_encap.[ch]: struct encaptab is now visible to
	  outside, read-only, on encap_attach().

2000-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sbin/ifconfig/ifconfig.c: enabled KAME original functions.

2000-02-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet/in.c (in_control): added gif related ioctls.

Sat Feb 19 11:40:58 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* sys/netinet6/natpt*: Now, this translator can handle connection from
	  outside v4 (global) to inside v6 (private).  This translation is
	  done when packet is coming toward particular address and port, so
	  you must know this particular port number before making connection.

	- kernel:
		many changes in netinet6/natpt_*.[ch]
		add in4_len2mask() in netinet/in.c to call in_len2mask().

	- userland:
		slightly changed natptconfig command syntax.
		can log ipv4, ipv6 and mbuf.

Sat Feb 19 02:52:09 JST 2000  itojun@iijlab.net
	* {openbsd,netbsd,bsdi4}/sys/sys/socket.h: fix 64bit alignment issue
	  in 64bit architecture.
	  From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

Fri Feb 18 20:09:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/audio/mpg123: upgrade to latest IPv6 patch.
	* netbsd/pkgsrc/net/{tcpdump,libpcap}: upgrade to 2/14 weekly snapshot.

Fri Feb 18 02:31:47 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/apache13: upgrade to 1.3.11.

Thu Feb 17 22:30:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- support RSA signature authentication method on main/aggressive/base
	  mode.  There is a tips in racoon/doc/README.certificate.
	  Local test is done.  But between isakmp-test.ssh.fi and racoon,
	  to verify signature is failed.
	  TODO: to be check issuer of signature.

Thu Feb 17 16:52:56 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* {freebsd[23]/ports, netbsd/pkgsrc/net}/rsync: upgrade to 2.4.1.

Thu Feb 17 15:15:02 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: fix bogus gifconfig failure, on multiple gif
	  configuration.
	  From: Takahiro Yugawa <yugawa@itjit.ad.jp>

Thu Feb 17 14:36:07 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c: better support for proxy NDP (per ND entry,
	  just like arp -s).  routing entry marked with RTF_ANNONUCE
	  (= RTF_PROTO2) will get announced by proxy ND.  on ND table, proxy
	  NDP entry will stay as permanent/reachable entry.
	  
	  To use this stuff, you need to backout bbn changes in rtsock.c.
	  otherwise ndp -s will not work and you can not set proxy ND entry.
	  (bbn rt_setif() overwrites sockaddr_dl in gateway portion)

	  TODO:
	  - proxy NA delay on output (RFC2461 7.2.8)
	  - anycast NA delay on output (RFC2461 7.2.7)
	* */usr.sbin/ndp: proxy ND support (ndp -s has "proxy" keyword added).

	  TODO: proxy ND for global address X, where X is outside of prefixes
	  assigned to the interface we would do proxy ND.  currently we try to
	  grab link-layer information from RTM_GET.  so if X is outside of
	  configured prefixes, we can't configure X for proxy NDing, or static
	  ND entry.  we may need to explicitly pass "interface" information
	  to ndp -s.

Thu Feb 17 00:40:39 JST 2000  itojun@iijlab.net
	* sys/net/if_gif.c: fix IFF_LINK0 (multi destination mode), which
	  was broken during ip_encap.c migration.

Wed Feb 16 23:57:53 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/lib/libftpio: add '229 Entering Extended Passive
	  Mode' from RFC2426
	* freebsd2/ports/mpg123: upgrade to latest IPv6 patch and sync
	  with FreeBSD-current.

Wed Feb 16 22:45:13 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  stop racoon to start when it's failed to open addresses specified
	  in racoon.conf.

Wed Feb 16 12:17:05 JST 2000  itojun@iijlab.net
	* libinet6/getaddrinfo.c: add experimental support for post-RFC2553
	  getaddrinfo(AI_ADDRCONFIG).  the semantics of AI_ADDRCONFIG is
	  still very vague so do not expect stable behavior.

2000-02-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* {bsdi4, openbsd}/sys/netinet6/raw_ipv6.c (rip6_ctloutput):
	prohibited the ICMP6_FILTER socket option unless the level is
	IPPROTO_ICMPV6.

2000-02-15  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi4/sys/netinet6/raw_ipv6.c (rip6_input): re-enabled filter
	for incoming ICMPv6 packets.

Tue Feb 15 00:42:32 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/pident6d: upgrade to latest IPv6 patch and sync
	  with FreeBSD-current.

Mon Feb 14 22:36:47 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/fetchmail: upgrade to 5.2.7.
	* freebsd[23]/sys/net: remove "options TAHI".  installed new patch
	  to support TAHI test suite (lets userland program to specify
	  ethernet hardware address).

Sun Feb 13 04:26:17 JST 2000  itojun@iijlab.net
	* libinet6/get{addr,name}info.c: based on most recent discussion,
	  flip the order for extended scoped address notation again
	  (now fe80::1%de0).

Sat Feb 12 16:49:15 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.3.

Fri Feb 11 15:06:19 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/ip_input.c: fix infinite packet forwarding loop
	  for packet toward address on !IFF_UP interface.
	  NetBSD PR9387 from nrt@iij.ad.jp.

Fri Feb 11 02:42:16 JST 2000  itojun@iijlab.net
	* sys/netinet/ip_encap.c: revisit input logic for tunnelled packets.
	  move outer address match logic from in{,6}_gif_input() to
	  encap[46]_input(), so that other guys (like mobile-ip6, 6to4,
	  6over4, whatever) can match packets based on not only by proto #,
	  but also by src/dst with masks.
	  see comment on ip_encap.c for detail - I hate tunnelling.  really.
	  TODO: we do not really support subnet match for input logic.  it
		needs careful ordering of packet matching table in encap[46],
		so that we can check for better match earlier.
		(since we have mask parameter for both src and dst, it is
		not trivial to define total order among entries)
	  TODO: change ipip_input() to conform to this framework?
	  CAVEAT: IFF_LINK0 for gif is not working with this change, i'll try
		to clean it up.
	* allow raw ip{,6} output for proto #4 and #41.

Fri Feb 11 01:48:16 JST 2000  itojun@iijlab.net
	* sys/netinet6/raw_ip6.c: implement rip6_ctlinput(), so that we can
	  notify of route changes to raw ip6 layer (not ready for
	  freebsd3/openbsd at this moment).
	* sys/net/if_gif.c: properly check outer address family during
	  initialization.

Thu Feb 10 22:56:51 JST 2000  itojun@iijlab.net
	* bsdi[34]/sys/i386/isa/if_cce.c: fix mbuf allocation on inbound packet.
	  From: SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>
	* bsdi3/sbin/ifconfig/ifconfig.c: fix error trap on bogus IPv6 hostname.
	  From: SUZUKI Shinsuke <suz@sdl.hitachi.co.jp>

Thu Feb 10 13:45:53 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/security/openssl: add openssl pkgsrc for 0.9.4
	  (only because netbsd 1.4.1 did not include it).

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_reflect): do not use a
	duplicated address as source of reflected packets.

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6ifa_ifpforlinklocal): an additional
	argument was added in order to specify ignoring some kind of
	addresses (e.g. duplicated or anycast).
	Several callers of this function were also modified so that they'd
	not send packets with invalid link-local sources.

Wed Feb  9 14:20:08 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	- try to support certificate ISAKMP_CERT_X509SIGN.  But not tested.
	  There is a problem that OpenSSL0.9.4 can not read a certificate which
	  is issued by CA1 at isakmp-test.ssh.fi.
	  TODO: to be check signature of CA.
	- move a part of functions of certificate into crypto_openssl.c.
	  signing.c will be merged into crypto_openssl.c.

Wed Feb  9 04:28:50 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to 1.2.2
	* freebsd3/ports/apache12: remove this port since it's too old.
	* freebsd3/sys/netinet/tcp_output.c: get mbuf cluster if the size
	  of IP header and TCP header are over MHLEN. This fix avoid to
	  panic when some tcp options are used.
	    PR: fbsd3/191
	    From: bmah@ca.sandia.gov

Wed Feb  9 01:09:21 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/gated-ipv6, freebsd[23]/ports/net/gated-ipv6:
	  upgrade base version to gated-ipv6, 2000/2/3.

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c: removed in6_canforward() according to
	the recent clarification in ip6_forward().

2000-02-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_forward.c (ip6_forward): if a forwarded
	packet is going to break a scope boundary, return an icmp6
	destination unreachable (beyond scope) error.

Tue Feb  8 23:13:32 JST 2000 sakane@ydc.co.jp
	* kame/racoon:
	  man page updated against recent modification.

Tue Feb  8 20:54:13 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/bind9: bind9 beta.
	* freebsd3/ports/ssh: fix freeaddrinfo(NULL) bug, which cause by
	  mis-patched FreeBSD specific patch(patches/patch-al)

Tue Feb  8 03:00:45 JST 2000  itojun@iijlab.net
	* sys/netinet6/mip6*: mobile-ip6 code from Ericsson.  currently
	  build tree is made available for netbsd and freebsd2.
	  for other platforms, build tree will be populated soon.
	  not really tested by KAME team yet.
	* kame/rtadvd: modified for mobile-ip6 support.
	* kame/mip6config, kame/mip6stat: mobile-ip6 controllers.

Mon Feb  7 21:32:13 JST 2000  itojun@iijlab.net
	* sys/netinet6/{ip6,icmp6,in6.h}, sys/netinet/{ip6,icmp6,in.h}:
	  to promote RFC2553/2292 conforming applications, we now disallow
	  direct inclusion of the following files:
		netinet6/ip6.h
		netinet6/icmp6.h
		netinet6/in6.h
	  users need to include the following items instead:
		netinet/ip6.h
		netinet/icmp6.h
		netinet/in.h (pulls in both IPv4 and IPv6 decls)
	* sys/netkey/keyv2.h, sys/net/pfkeyv2.h:
	  similarly, to promote RFC2367 conforming applications, inclusion of
	  netkey/keyv2.h is now disallowed.  include net/pfkeyv2.h instead.
	  (based on discussion in kame team)

Mon Feb  7 03:03:42 JST 2000  itojun@iijlab.net
	* sys/net/rtsock.c (except bsdi[34])
	  avoid panic on RTM_IFINFO, due to decreased MHLEN.
	  From: Conny Larsson <conny@verkstad.net>

Sun Feb  6 17:56:47 JST 2000  itojun@iijlab.net
	* netbsd/sys/netinet/tcp_output.c: optimize mbuf allocation on output.
	  allocate cluster only when necessary.

2000-02-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/bgpd/bgp_input.c (bgp_read): 
	* kame/kame/bgpd/main.c (main_listen_accept):
	Prevented blocking on a socket for a BGP4+ connection caused by
	ancillary data.
	Note: this fix needs the latest kernel. Older kernel might panic
	with the latest bgpd.

Sun Feb  6 00:27:25 JST 2000  itojun@iijlab.net
	* sys/netinet6/esp_input.c: remove too-strong assumption about mbuf
	  alignment.

Sat Feb  5 16:40:20 JST 2000  itojun@iijlab.net
	* sys/netinet6/nd6.c, kame/ndp: give more information about
	  prefix on ndp -p.  the kernel manages two separate prefix
	  table: one for RAs a host listened, and another is for RAs
	  a router will advertise (the latter will be modified by
	  router renumbering).

Sat Feb  5 14:09:07 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/bind9: pkgsrc for bind9 beta.
	* netbsd/pkgsrc/devel/unproven-pthreads: pthread package required
	  for bind9.

2000-02-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/getaddrinfo.c (explore_numeric_scope): 
	* kame/kame/libinet6/getnameinfo.c (getnameinfo):
	Revised the format for scoped addresses by agreement with MSR.
	Two big changes are included:
	- The scope ID portion is now placed before the address
	- The delimiter character is changed to '%'
	So for example, we can specify a link-local address on the
	interface ne0 like ne0%fe80::1234
	The scopedaddr-format draft will soon be revised as well according
	to this change.

Fri Feb  4 23:36:26 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: improve in6_ifdetach() for cleaning
	  up structures that depend on struct ifnet/ifaddr.  should be
	  made more elegant...

Fri Feb  4 02:09:41 JST 2000  itojun@iijlab.net
	* sys/netinet6/frag6.c: be LP64 environment friendly.  do not reuse
	  ip6 header portion on reassembly.
	  notified by NetBSD PR 9340 from iwamoto@sat.t.u-tokyo.ac.jp.

Fri Feb  4 01:20:15 JST 2000  itojun@iijlab.net
	* netbsd/sys/dev/ic/smc91cxx.c: fix promisc mode for sm* interface.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* (for all OSes)/netstat/inet6.c (ip6_stats): print statistics
	  about source address selection.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6.c (in6_ifawithscope): revised source
	address selection algorithm. In short, the new algorithm is as
	follows:
	- search for an address that has enough scope for a given
	  destination.
	- if more than one address has enough scope, choose one that
	  matches longest against the destination address.
	- if there is no other reasons to choose one, an address on the
	  outgoing I/F are preferred.
	TODO: update the IMPLEMENTATION file as well.

Thu Feb  3 20:23:06 JST 2000  itojun@iijlab.net
	* sys/netinet6/{icmp6,nd6*}.c: implement m_pulldown cases for
	  ND and redirect.
	* sys/kern/uipc_mbuf2.c: add more m_pulldown statistics to compare
	  its efficiency against m_pullup{,2}.

2000-02-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/pim6[ds]d/mld6.c (make_mld6_msg): corrected HBH header
	length in the 2292bis case.
	In response to: kit/198 from ryuji-so@is.aist-nara.ac.jp

Thu Feb  3 02:22:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6.c: improve multicast kludge list management.
	  clear dangling pointer, update ifnet refcnt correctly.

Wed Feb  2 22:53:03 JST 2000  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: improve in6_ifdetach().  remove
	  static route to linklocal allnode multicast (ff02:x::/32).
	  remove multicast kludge entries as well, if exists.

Wed Feb  2 16:16:01 JST 2000  itojun@iijlab.net
	* bsdi4/sys: fix ifindex manipulation to be compatible with KAME.
	  from kato@wide.ad.jp.  (in NAT, ppp and ATM code)

Wed Feb  2 15:39:40 JST 2000  kjc@csl.sony.co.jp
	* add a new traffic conditioner type, tswtcm (time sliding
	  window three color marker) to altq.  it is described
	  in draft-fang-diffserv-tc-tswtcm-00.txt.

Wed Feb  2 12:55:44 JST 2000  itojun@iijlab.net
	* kame/rtadvd: router renumbering input needs to be explicitly
	  enabled with command line option (-R).  this is for security issue
	  in router renumbering protocol - it requires use of IPv6 IPsec
	  over site-local multicast.  (IPsec issue should be improved)

Tue Feb  1 12:45:02 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/games/quake6, freebsd[23]/ports/quake6}:
	  quake over IPv6.

Tue Feb  1 01:52:20 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/echoping: echoping 2.2.0 with IPv6 support.
	* freebsd3/ports/lynx: upgrade 2.8.2rel1 with current IPv6 patch.

Tue Feb  1 01:11:34 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/mail,freebsd3/ports}/soldpop3d: pop3 daemon from
	  poland.
	* kame/racoon: simplify the configure process.  allow it to be compiled
	  on openssl-integrated platform (netbsd15), even without rsa headers/
	  libraries (cert support will automatically be disabled).

<200001>
Mon Jan 31 16:25:42 JST 2000  itojun@iijlab.net
	* non-openbsd: don't reuse m->m_pkthdr.rcvif for passing extra
	  inforation necessary for ipsec.  use ipsec_[sg]etsocket() and
	  m->m_pkthdr.aux.
	* kame/sys/crypto/sha1.[ch]: const poisoning.
	  
Mon Jan 31 00:42:47 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/mail/{sendmail,smtpfeed}: upgrade smtpfeed to 1.04.
	  synchronize with latest NetBSD pkgsrc.

Sun Jan 30 15:30:14 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: fix behavior on non-IPv6 node.  From shin.
	* kame/libinet6/getaddrinfo: fix AI_ADDRCONFIG concern when
	  getipnodebyname() is used as backend.
	* netbsd/pkgsrc/net/echoping: echoping 2.2.0 with IPv6 support.

Sat Jan 29 16:20:31 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipsec.c (and other ipsec items):
	  cleanup include file dependencies and namespace polution, like
	  prototypes and #define KERNEL.
	* kame/sys/netinet6/ip6_input.c: fix ip6_savecontrol() to be friendly
	  with m_pulldown() environment.  now it does not modify mbuf chain
	  at all.  therefore, calling ip6_savecontrol() will not invalidate
	  pointers into mbuf chain (like "uh" in udp6_input).

Fri Jan 28 15:37:46 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipsec.c, kame/sys/netkey/key.c,
	  */sys/netinet{,6}/ip{,6}_input.c: pass policy message buffer length
	  down.  this is to avoid key_msg2sp() from making buffer overrun
	  on invalid input from the userland.

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/tcp6_usrreq.c (tcp6_usrreq):
	* {bsdi4,netbsd,openbsd}/sys/netinet/tcp_usrreq.c (tcp_usrreq):
	* freebsd3/sys/netinet/tcp_usrreq.c (tcp_usr_rcvd):
	Do not call tcp[6]_output by the PRU_RCVD request unless the
	associated socket is connected. This fix will prevent kernel panic
	when a user receives an ancillary data object on a listening
	socket.

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/advapitest: was added mainly for debugging. The tools
	would also be useful as references for developing an "advanced"
	IPv6 application using the advanced API (RFC2292 or 2292bis).

2000-01-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/in6_pcb.h (and many related places):
	  changed the type of the in6p_inputopts member of the in[6]pcb
	  structure to a pointer type in order to avoid compilation and
	  binary compatibility issues.
	  I believe this fix solves all the recent problem reports due to
	  the member.
	  It is recommended to recompile both the kernel and all the
	  userland applications with this fix.

Thu Jan 27 15:04:12 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/rsync, freebsd[23]/ports/rsync: upgrade to
	  2.3.2 with latest IPv6 patch.

Thu Jan 27 06:20:08 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/irc: upgrade to 2.10.3.

Thu Jan 27 00:29:51 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/in6_pcb.c: make IPV6_PORTRANGE actually work.
	  (netbsd/bsdi3/freebsd2)

Wed Jan 26 23:00:30 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd[23]/ports/pchar, netbsd/pkgsrc/net/pchar,
	  openbsd/ports/net/pchar: upgrade to 1.1.1.

Wed Jan 26 14:16:00 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: from the specification, AI_CANONNAME
	  does not imply reverse query.  ai_canonname has the same meaning as
	  h_name (in struct hostent), nothing more.

Wed Jan 26 12:04:42 JST 2000  itojun@iijlab.net
	* kame/libinet6/bindresvport.c: remove bindresvport_af(), implement
	  bindresvport_sa().

Wed Jan 26 06:12:38 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/irssi: upgrade to 0.7.23.

Wed Jan 26 03:33:41 JST 2000  itojun@iijlab.net
	* {netbsd/pkgsrc/net,freebsd[23]/ports}/{libpcap,tcpdump}:
	  famous packet capturing tool, from tcpdump.org codebase.  it
	  contains identical code as kame/{libpcap,tcpdump} so we plan
	  to avoid duplicate maintenance (put all libpcap/tcpdump
	  efforts into tcpdump.org).

Tue Jan 25 20:30:32 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipcomp_core.c: don't attach Adler32 checksum
	  to compressed data.  see ipsec wg mailing list (Jan 2000) for
	  details.

Tue Jan 25 17:21:15 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: make rcmd() behavior to IPv4-only, for safety
	  (see 2292bis for reasons).  implement rcmd_af().
	  KAME-supplied rlogin(1) and rsh(1) may not work right due to the
	  change.

Mon Jan 24 23:37:38 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/ethereal: upgrade to 0.8.1.

Mon Jan 24 17:28:25 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/fetchmail: upgrade to 5.2.4.

Mon Jan 24 12:49:34 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/irssi: new port: irssi-0.7.22, GTK based irc
	  client.

Sun Jan 23 13:24:00 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: remove #ifdef FAITH (and use of
	  environment variable GAI).  this has been broken for a long time
	  (means noone is using it), and this shouldn't be here.
	  if you would like to set FAITH'ed prefix, use totd or /etc/hosts.

2000-01-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_reset_rcvopt): fixed a bug
	that a freed pointer could not be re-initialized, which might
	cause kernel panic.

Sat Jan 22 02:01:57 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/lftp: new port: lftp-2.1.6, ftp client.

Fri Jan 21 21:17:35 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/irc: upgrade to 2.10.3, make it buildable again.

Fri Jan 21 12:59:51 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/totd, openbsd/ports/net/totd,
	  freebsd[23]/ports/totd: upgrade to 1.1p2.
	  From: Feico Dillema

Thu Jan 20 18:41:40 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/lang/python, freebsd[23]/ports/python:
	  upgrade to latest IPv6 patch.

Wed Jan 19 22:04:22 2000 kjc@csl.sony.co.jp
	remove ECN support from TCP in freebsd3.
	it was removed in altq-2.0 and provided as a separate patch.

Wed Jan 19 21:47:19 2000 kjc@csl.sony.co.jp
	add atm pvc support tools included in the altq release.
	- pvcsif:    create pvc sub-interface
	- pvctxctl:  set vpi:vci and shaper
	- pvcbridge: set pvc bridge mode

Wed Jan 19 20:35:42 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* NAT-PT translator and its command become compilable on
	  freebsd2, freebsd3, netbsd, and bsdos3.

Wed Jan 19 06:44:02 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	  improved the way to define a certificate type.
	  If signature method as `authentication method' is defined,
	  `identifier' is defined subjectname.
	  `certificate_type' is defined certificate type.
	  XXX why isn't certificate type negotiated in IKE ?

Wed Jan 19 05:15:50 JST 2000 sakane@ydc.co.jp
	* kame/kame/racoon:
	ignore certificate request, not error.  Should be handled.

Wed Jan 19 02:39:23 JST 2000  itojun@iijlab.net
	* netbsd/usr.sbin/lpd: IPv6 and multiple listening socket support.
	  NetBSD PR 9050 from Feico Dillema.

Wed Jan 19 00:15:50 JST 2000  itojun@iijlab.net
	* kame/libinet6/bindresvport.c: bring in bindresvport_af() from
	  openbsd-current.  the function signature and behavior is under
	  debate in ipngwg mailing list, so I thought it would be good to
	  bring it in and try using it, to see any pros/cons we might have
	  in particular proposal (and other proposals).
	  (available in netbsd, openbsd, freebsd2 and freebsd3)

Tue Jan 18 22:48:35 JST 2000  itojun@iijlab.net
	* kame/libinet6/rresvport_af.c: preserve old rresvport() behavior.
	  it needs to honor parameter (*port) if given.  previous behavior
	  was broken.
	  From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>

Tue Jan 18 16:30:05 JST 2000 kjc@csl.sony.co.jp
	update ALTQ from 2.0 to 2.1.
	this version supports openbsd in addition to freebsd2, freebsd3
	and netbsd.
	kernel:
	- altq related files are moved from "sys/net" and "sys/netinet"
	  to "sys/altq" not to bloat the standard directories.
	- rename the altq kernel config file from ALTQ to ALTQ.v4 since
	  it's only for IPv4 and GENERIC.v6 has ALTQ already defined.
	  for openbsd/netbsd, on non-i386 architecture: read IMPLEMENTATION
	  section 5 for installation details.
	userland:
	- the following altq tools are added to the tree:
	  lib/altqlib, usr.sbin/altqd, user.bin/altqstat.
	- install MAKEDEV.altq to /dev.

	NOTE: be sure to cleanup old symlinks, by "make TARGET=netbsd clean",
	in the top directory.

2000-01-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.h: changed the type of the
	icmp6_n[il]_nonece member of the icmp6_{namelookup, nodeinfo}
	structures from u_int64_t to u_int8_t[8] in order to avoid
	possible alignment problems.
	From: Ryota HIROSE <hirose@comm.yamaha.co.jp>

Tue Jan 18 13:57:28 JST 2000  itojun@iijlab.net
	* freebsd3/sys/netinet6/udp6_usrreq.c: fix panic on udp6_ctlinput.
	  from: ume@mahoroba.org
	* kame/rtadvd: obey RFC2461 6.2.5 when rtadvd dies with SIGTERM.
	  read manpage for more details.

Tue Jan 18 12:36:24 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3: good bye __ss_{len,family}, hello ss_{len,family}.

Tue Jan 18 01:43:10 JST 2000  itojun@iijlab.net
	* openbsd/usr.bin/fstat: make it IPv6 ready.  based on NetBSD PR 9199
	  by Hiroshi Ura.

Tue Jan 18 00:46:09 JST 2000  itojun@iijlab.net
	* kame/libinet6/getaddrinfo.c: don't filter out AFs that are not
	  supported by the kernel, when we do address resolution of FQDN.
	  the previous behavior was broken.

Mon Jan 17 13:47:13 JST 2000  itojun@iijlab.net
	* netbsd/pkgsrc/net/zebra, freebsd3/ports/zebra,
	  openbsd/ports/net/zebra: upgrade to 0.84a.

Mon Jan 17 2000  sakane@ydc.co.jp, itojun@kame.net
	* racoon: tons of improvements into our IKE daemon.
	  - SA bundle is now handled correctly (both phase 1/2)
	  - will not SEGV even if last packet in phase 1/2 get resent
	  - KEYMAT generation will take care of long keys correctly
	  - phase 1/2 userfqdn support (ashley-laurent hack)
	  - don't attach DH group type for well-known groups
	  - key length handling is fixed
	  - phase 1 base mode
	  - byte lifetime bug fix (but introduced new bug so still buggy)
	  - parser fixes (issue with DH group setting)
	  - fix variable-length spi support (don't hardcode it to 32bit)
	  - ipcomp negotiation fix
	* kernel ipsec: fix SA reference counting.  now dangling SAs will be
	  cleaned up correctly. (removes incorrect fix on Jan 8 2000)

Mon Jan 17 03:36:44 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/sys/netkey/keysock.c: this file was removed. Now
	  freebsd3 uses shared one, kame/sys/netkey/keysock.c

	  NOTICE: If you use freebsd3 via cvsup/anoncvs, you must clean
	  your source tree and relink shared sources.
	  % cd kame; make TARGET=freebsd3 clean prepare

Mon Jan 17 02:25:54 JST 2000  itojun@iijlab.net
	* {netbsd,bsdi3,freebsd2}/netstat: try to share souce code across OS
	  platforms as much as possible.  we are able to share ipsec.c without
	  too much troubles.  will try to do it for other platforms, and other
	  portions (like inet6.c).

Sun Jan 16 23:30:16 JST 2000  itojun@iijlab.net
	* kame/sys/net{inet6,key}: cleanup ipsec logging.  all logs will be
	  generated to syslog, with proper priority (for example, sequence
	  number cycle will be logged with LOG_WARNING).  you can
	  suppress/enable logs by setting net.inet.ipsec.debug (or
	  net.inet6.ipsec6.debug).   even if you supress logs, you can check
	  "netstat -sn" to understand what was happend to ipsec stack.

Sun Jan 16 21:49:38 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/fstat: make it IPv6 ready.
	  NetBSD PR: 9199
	  From: ura@hiru.aoba.yokohama.jp

Sat Jan 15 03:56:50 JST 2000  itojun@iijlab.net
	* kame/sys/netinet6/ipcomp_core.c: change default deflate window size
	  for inbound to default (2^15).  without this change we can't
	  interoperate with some of IPcomp implementations.
	  see changelog entry on Nov 5 1999.

2000-01-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_copypktopts): was added in
	order to copy the in6p_outputopts member from a listening PCB to a
	corresponding accepting one. TCP input routines are also modified
	to call the function.

2000-01-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_input.c (ip6_savecontrol): was modified in
	order to conform to Section 4.1 of rfc2292bis-01; TCP
	implementation now passes incoming packet infomration to a user
	(as ancillary data) only when some changes of the content exist.
	Note that this change introduced various related changes of
	transport layers on all the platforms. Please be careful updating.

Fri Jan 14 13:55:19 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/fetchmail: Upgrade to 5.2.3 and sync with
	  FreeBSD-current.

Fri Jan 14 12:15:27 JST 2000  itojun@iijlab.net
	* kame/libinet6/rcmd.c: avoid passing dangling pointer to **ahost.
	  we copy the value (ai_canonname, or hp->h_name) to static buffer
	  to keep semantics of rcmd() - requires no free() to the caller.
	  From: Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>

Fri Jan 14 02:16:16 JST 2000  itojun@itojun.org
	* kame/libpcap/inet.c: improve warning message when libpcap fails to
	  get IPv4 address on the interface it runs on.

Wed Jan 12 17:21:40 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/ruby: Upgrade to 1.4.3 and sync with
	  FreeBSD-cuurent. No extra IPv6 patch is necessary anymore.

Wed Jan 12 15:40:05 JST 2000  itojun@iijlab.net
	* {bsdi3,netbsd,freebsd2}/usr.sbin/inetd: allow multiple IPsec policy
	  string specifier (separated by semicolon).  to be integrated into
	  other operating systems as well.

Wed Jan 12 05:13:33 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/mrt, netbsd/pkgsrc/net/mrt: Upgrade to 2.1.2a.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_pcbopt): made the
	IPV6_NEXTHOP socket option removal by specifying the option
	with 0 length according to the following mail:
	Message-ID: <Roam.SIMC.2.0.6.947118462.12265.nordmark@jurassic>
	From: Erik Nordmark <Erik.Nordmark@eng.sun.com>
	Date: Wed, 5 Jan 2000 16:27:42 -0800 (PST)

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* freebsd[23]/sbin/route/route.c (getaddr): corrected a bug in
	examining interface flags for the RTA_GATEWAY case in getaddr();
	use a separate variable and ioctl in order to get correct flags.
	Note that this fix may introduce a stricter check for arguments of
	the `-interface' modifiers; now you can specify point-to-pointer
	interfaces only, which was the intention of the code.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bsdi3/sbin/route/route.c (getaddr): reverted the change for the
	"-interface XXX" modifier. We can use the -ifp modifier to
	accomplish the motivation.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{in6.h, ip6_output}: disabled the following
	socket options, that were just derived from IPv4 and were not
	standards any more;
	IPV6_OPTIONS, IPV6_RECVOPTS, IPV6_RECVRETOPTS, IPV6_RECVDSTADDR,
	and IPV6_RETOPTS.

2000-01-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/net/if_gif.c (gif_output): changed the (default) upper
	limit of how many times gif_output can be called.
	Now no nesting is allowed by default, since some systems do not
	allow so many recursive calls in kernel.

Sun Jan  9 10:32:59 JST 2000  sakane@ydc.co.jp
	massive clarification to racoon ISAKMP daemon.
	- Merged Eric Lemiere's code for limited certificate support.
	- There are two management hander.
		"Phase 1 handler" is to manage ISAKMP SA.  It is created when
		phase 1 exchange on both initiator and responder side will be
		started.
		"Phase 2 handler" is to manage IPsec SAs.  It is created when
		pfkey acquire message will be received, and when 1st message
		in phase 2 will be received on responder side.
	- Vendor id will be sent after negotiating hasn algorithm.
	  When we receive vendor id before negotiating it, we use default hash
	  algorithm MD5 to check.
	- Post command deleted.
	- msgid_t delted.
	- don't release management handler.  do it only if retry will be
	  timed up.
	- separate the function of isakmp exchange.  one is to check received
	  data.  other is to reply.  the reason is for handling to resend.
	- change name "dir" to "side" in order to distinguish from policy
	  direction.
	- If initiator request PFS, but responder is not ready to do that,
	  responder stops the negotiation.  If initiator don't request PFS,
	  but responder require it, also responder stops the negotiation.

Sun Jan  9 03:03:39 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/heimdal: upgrade to 0.2l.
	* freebsd3/usr.sbin/inetd: support IDENT.
	  From: Hajimu UMEMOTO <ume@mahoroba.org>

Sat Jan  8 23:53:23 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey/key.c:
	  - fix kenrel crash when flushing SAD.
	  - for stability, increment refcnt of SA when key_getsavbyspi() called.
	  - add some error message
	  - fix errno at key_update().

Sat Jan  8 04:40:33 JST 2000  itojun@iijlab.net
	* kame/sys/netinet/{frag6,ip6_input,nd6_nbr}.c:
	  use arc4random() on openbsd.  it should give better random value
	  for initializing sequence numbers.
	  From: deraadt@openbsd.org

Sat Jan  8 03:20:05 JST 2000  itojun@iijlab.net
	* /sys/netinet/udp_usrreq.c, kame/sys/netinet6/udp6_usrreq.c:
	  drop incoming udp packet with dst port = 0.  it is, or seems to be,
	  illegal based on RFC768 (99% sure but 1% in doubt).
	  with traditional 4.4BSD code, udp socket will mistakingly accept
	  such packets after socket() and before first bind()/connect().
	  this can be used to confuse, or de-synchronize, udp-based protocols.

Sat Jan  8 00:37:28 2000  Shin'ichi Fujisawa  <fujisawa@kame.net>
	* kame/sys/netinet6/natpt*.[ch]: NAT-PT translator. 
	* kame/kame/{natptconfig,natptd,natptlog}: translator configulation
	  command and natpt related commands.

	- These NAT-PT translator and commands are now under development.
	  Its user interface and overall functionality are subject to
	  future improvements and changes.  So, please be careful when you
	  try it.

	- At this time, this translator works on FreeBSD228 only.  Please
	  wait a while to works on other platforms.

Sat Jan  8 00:09:44 2000  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* freebsd3/ports/openssh: upgrade to current source of OpenBSD,
	  which support IPv6 in default.  Any additional patches does not
	  neccesary anymore.

2000-01-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/ip6_output.c (ip6_output): do not insert a
	dest options header (even if specified by a user) that should be
	placed before a routing header, unless a routing header really
	exists.

2000-01-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/rtsold: use raw ip6 socket for probing interface
	status instead of a separate UDP socket, in order to avoid
	receiving unexpected UDP datagrams.
	In response to: kit/187

2000-01-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/icmp6.c (icmp6_input): upper layer detection
	in notifying an icmp6 error was improved:
	- if the erroneous packet contains a routing header, examine the
	header to determine the final destination and use it to update
	path MTU.
	- if the erroneous packet contains a fragment header, stop
	chasing the header chain unless it is the first fragment.

	With the former fix the kernel will perform path MTU discovery
	correctly even if triggered packets contain a routing header.

	* A new function icmp6_mtudisc_update() was added to cleanup the
	code.

Thu Jan  6 16:43:52 JST 2000  itojun@iijlab.net
	* sys/netkey/key.c: when searching IPsec SA for inbound IPsec traffic,
	  do not check src match according to RFC2401.  it looks that IPsec
	  specs do not really agree with each other about what should be
	  in IPsec SA, and what should be matched.  see comment lines near
	  key_allocsa().

Thu Jan  6 13:49:43 JST 2000  itojun@iijlab.net
	* sys/netinet6/ip6_input.c: add missing case for net.inet6.ip6.rr_prune
	  for openbsd and netbsd.
	* netbsd/pkgsrc/net/zebra, freebsd[23]/ports/zebra: upgrade to 0.83a.

Thu Jan  6 01:40:50 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.c: avoid panic on getsockopt(ICMPV6_FILTER).
	  From: shigeya@foretune.co.jp
	* {openbsd,bsdi4}/sys/netinet6/raw_ipv6.c: clarify rip6_ctloutput().

Wed Jan  5 19:44:12 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/systat, openbsd/usr.bin/systat:
	  make systat IPv6 ready.  "netstat" subcommand is changed for this.

Wed Jan  5 13:27:43 JST 2000  itojun@iijlab.net
	* kame/libinet6/getnameinfo.c: allow reverse lookup for v4 loopback
	  network (127.0.0.0/8).
	* kame/libinet6/rcmd.c: implement iruserok_sa().  iruserok_af() does
	  not make sense as it is not scope-aware.
	  nuke ruserok_af(), as ruserok() takes string hostname and is af
	  independent already.  we don't really need ruserok_af().
	  iruserok_af() is kept for backward compatibility.  we'll nuke it
	  afterwards.

Wed Jan  5 02:49:05 JST 2000  itojun@iijlab.net
	* netbsd: add net.inet6.ip6.bindv6only sysctl.  this is a replacement
	  of net.inet6.ip6.mapped_addr, which was bitwise opposite to
	  IPV6_BINDV6ONLY.
	  if set to 1: AF_INET6 listening socket will grab IPv6 traffic only.
	  if set to 0: AF_INET6 listening socket will grab IPv4 traffic as well,
		  as if it was from v4 mapped address (described in rfc1933).
	  default value is 1 (i.e. AF_INET6 socket grabs IPv6 traffic only).
	  the variable controls inbound direction only; you can always use
	  v4 mapped address for outgoing connections.

	  "options INET6_BINDV6ONLY" will remove the code completely and
	  hardcodes behavior to net.inet6.ip6.bindv6only=1 case.

	  "options MAPPED_ADDR_ENABLED" and net.inet6.ip6.mapped_addr were
	  obsoleted on netbsd (were introduced on Dec 21 1999).

2000-01-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/{bgpd, pim6[ds]d, ping6, traceroute6}: were modified
	to use rfc2292bis by default. Related Makefiles were also
	modified.

2000-01-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/kame/libinet6/{ip6opt.c, rthdr.c}: implemented some new
	functions introduced in rfc2292bis (see TODO.2292bis for more
	details).
	All the new functions except rcmd_af and rexec_af are now
	available.

2000-01-04  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kame/sys/netinet6/{various files}: implemented the new advanced
	API (rfc2292bis). The kernel part is now almost finished (see
	TODO.2292bis for more details).
	
	Note about lower compatibility: I believe the new kernel is
	fairly compatible with the old API (i.e. RFC2292).

	There are few compatibility issues in interfaces using ancillary
	data. I believe the compatibility issues won't practically bother
	you.

	You don't have to care compatibility when setting a socket option
	except IPV6_HOPLIMIT. If you use the option but don't want to
	migrate to the new API, you have two choices. One is to use
	IPV6_RECVHOPLIMIT instead of IPV6_HOPLIMIT and just keep the other
	code. The other is to define COMPAT_RFC2292 in your kernel
	configuration file and recompile the kernel. Then the kernel will
	handle IPV6_HOPLIMIT in the RFC2292 manner.

	Unfortunately, it is impossible to ensure compatibility for
	getting socket options whose semantics in the new API is different
	than in RFC2292. If you don't want to use the new API but want to
	do getsockopt for such options (I believe the possibility is very
	rare, though) define COMPAT_RFC2292 in your kernel configuration
	file and recompile the kernel. Then the kernel will handle the
	options in the RFC2292 manner.

	Please note that the new API is enabled by default in any case.

Tue Jan  4 18:59:08 JST 2000 sakane@ydc.co.jp
	* kame/sys/netkey:
	  don't check sequence number at key_update() even if SA initiator.
	  don't change sequence number passed from userland at key_getspi()
	  instead of the value of sequence number.
	  They can be re-enable to define IPSEC_DOSEQCHECK.

Sun Jan  2 22:59:45 JST 2000  itojun@iijlab.net
	* kame/libinet6/name6.c: don't bark even if we see T_SIG and other
	  record types.

	  KAME PR: 184
	  From: Assar Westerlund <assar@sics.se>

Sun Jan  2 22:07:54 JST 2000  itojun@iijlab.net
	* kame/tcpdump/isakmp.h, kame/racoon/isakmp.h:
	  avoid use of bitfield on packet format definition.  it is
	  non-portable.
	* kame/Makefile.inc: added it to share definitions across top-level
	  Makefile and platform Makefile (like netbsd/Makefile).
	  NOTE: if you use anoncvs, you may need to checkout Makefile.inc
	  manually.

Sun Jan  2 03:46:57 JST 2000  itojun@iijlab.net
	* sys/netinet6/icmp6.[ch]: add net.inet6.icmp6.nodeinfo sysctl MIB,
	  which enables/disables node information query processing in the
	  kernel.

Sat Jan  1 03:02:02 JST 2000  itojun@iijlab.net
	* netbsd/usr.bin/ftp: fix "ftp URL" behavior.  it failed if the
	  specified URL is in certain condition due to bug in IPv6 support.

Sat Jan  1 JST 2000
	* happy Y2K from KAME team!