			CHANGELOG for KAME kit

$Id: CHANGELOG,v 1.1.2.24.2.23.2.154.2.206.2.432 1999/05/30 16:48:51 jinmei Exp $

<199905>
1999-05-31  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_output): zero-clear the reserved field of a
	Fragment header in an outgoing packet.

Mon May 31 01:18:04 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Added more checking the ID payload in phase 2.  Draft said that IDr2
	must be immediatelly followed by IDi2.  We allow the illegal case,
	but logged.

1999-05-31  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	*  (kernel): added new sysctls, net.inet.ip.gifttl and
	net.inet6.ip6.gifhlim. They specify TTL or hop limit for a gif
	encapsulated packet.
	Notes:
  	  BSDI users should update /usr/local/v6/sbin/sysctl to access
	  these sysctl names.
	  Not compiled on NetBSD yet.

1999-05-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd/timer.c (age_routes): reflect changes even if the
	unicast routing table does not change. I believe this is a bug of
	the original pimdd.
	This fix is necessary in order to handle expiration of the prune timer
	when the forwarding cache entry still exists.

Fri May 28 1999  itojun@iijlab.net, sakane@ydc.co.jp
	The following changes affect FreeBSD228, NetBSD14, BSDI version of
	KAME, not others.
	* sys/netinet6/ipsec.c: On IPsec operation on listening socket, do
	  not share security policy structure among sockets.  This is better
	  because it allows more efficient SAD entry lookup, and it will
	  leave less obsolete SPDs kept in the kernel.
	* kit/src/setkey: add -l option (to be used with -D), which generate
	  summary of SAD every 1 seconds.  This is good for tracing IKE daemon.
	* kit/src/racoon: so many changes and fixes.
	  - At this moment racoon does not support proposal group with multiple
	    proposal (say, ESP proposal and AH proposal with same proposal
	    ID #).  Now racoon ignores such proposal from initiator when it
	    behaves as responder, and filters out such proposal in
	    configuration file when behaves as initiator.
	  - Transmit INVALID_COOKIE informational exchange when no matching
	    ISAKMP SA is found for phase 2 packet.
	  - Reload of configuration (on SIGHUP) now works correctly.
	  - Be more strict about configuration file.  Die if there's no
	    required items listed on configuration file.
	  - Fix lifetime attribute parsing.  if the lifetime value is out of
	    range (due to malformed packet, maybe), use default lifetime.
	    Previously it sets lifetime to 0 and this caused problems.
	  - Clarify many of internal structures, such as diffie-hellman
	    primes and keys (mainly for future support of new group mode).
	  - racoon now checks phase 2 soft lifetime.  Now rekey can be done
	    more smoothly (TODO: phase 1 soft lifetime check).
	  - racoon is now more robust against duplicated packets (due to
	    resend from the peer).
	  - Phase 1 now supports various encryption algorithms, incl. Blowfish
	    and CAST128.  Key length can be negotiated properly.
	  - Delete payload support.  racoon accepts delete payload from peer.
	    racoon transmits delete payload if SADB_DELETE is received,
	    thus SAD delete operation from setkey command will generate delete
	    payload.  Need more support in other occasions.
	  - Many improvements in debugging output.
	  - So many minor bug fixes.

Fri May 28 07:34:54 JST 1999  itojun@iijlab.net
	* kit/src/setkey: Setkey no longer display dead SAs in the kenrel with
	  -D.  To see dead SAs as well, specify -a with -D.

Fri May 28 02:09:23 JST 1999  itojun@iijlab.net
	* kit/src/racoon:
	  - Do not listen to wildcard socket (grab list of addresses and
	    perform specific bind(2)).  This is to prevent broadcast DoS attack
	    to IKE daemon.  If you specify wildcard address in the config file,
	    warning will appear.

Thu May 27 05:16:34 JST 1999  itojun@iijlab.net
	* sys/net{inet6,key}/Makefile (NetBSD 1.4): include files can be
	  installed by "cd kame/sys; make incinstall".
	  (NOTE: this does not follow kame/kit/INSTALL)
	      
	  Subject: (KAME-snap 632) header file installation on NetBSD 1.4
	  From: Erik Bertelsen <erik@mediator.uni-c.dk>

Thu May 27 01:51:14 JST 1999  itojun@iijlab.net
	* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade IPv6 patch.
	  now instructions on configuring IPv6 UDP multicast audio streaming
	  is provided.

Wed May 26 1999  itojun@iijlab.net
	* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 0.66.

Wed May 26 1999  itojun@iijlab.net
	* kit/src/traceroute: fix order of privilege control.  (IPsec
	  setsockopt must be performed with root privilege)
	* kit/sbin/ping (NetBSD 1.4): clarification on IPsec policy
	  configuration.  NetBSD ping command transmits dummy ping toward
	  loopback address (for flushing route cache in ip_output).  We do
	  not need IPsec for this operation so we specify "bypass" policy
	  for the operation.

Tue May 25 03:32:12 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- Fixed to manage the exchange status.  i.e. There is no limit really
	  for payload ordering.
	- Supported idea, blowfish, rc5, cast.  But not tested.
	- Called libcrypt for checking weak key.
	- clean up

Sun May 23 06:51:35 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- Check Notify messages in phase 1, but still ignore.
	- Ignore multiple SA in phase 2.
	- Fixed sending localport number in ISAKMP packet.  It was a constant
	  of 500.
	- Insert actual port in use into ID payload.
	- Delete ADMIN_PROTO_IKE from admin.h.  IKE is not protocol.
	- Improved kmpstat.  print the information if error.
	- Improved PF_KEY messaging by timer.
	      pfkey_send_{timer,try}:  is to send PFKEY message.
	      pfkey_acquire_{timer,try}:  is to wait to get IKE.
	- Fixed remote directive in racoon.conf more than tree.  cftab was
	  broken when there was not anonymous entry in the first remote entry.
	- Fixed local test mode.  There is a bit strange, but it works.
	- Fixed some of crash problems.
	- clean up.  There are same processing in various places.
	  They should be merged.

	CAUTION: There is rekeying issue.
	         There may be crash problem in aggressive mode.

Sat May 22 21:44:09 JST 1999  itojun@iijlab.net
	* sys/dev/ic/midway.c (NetBSD 1.4): import changes in ALTQ 1.2 PVC ATM
	  code (only for Adaptec/ENI ATM driver - no ALTQ support in NetBSD).
	  NOTE: compiles but not checked
	* sys/i386/pci/midway.c (BSDI): import changes in ALTQ 1.2 PVC ATM
	  code (only for Adaptec/ENI ATM driver - no ALTQ support in BSDI).
	  NOTE: currently broken
	* sys, kit/ports/altq (FreeBSD228): update ALTQ to 1.2.  userland
	  tools must be installed by using kit/ports/altq.

	  From: Kenjiro Cho <kjc@csl.sony.co.jp>

Sat May 22 21:13:47 JST 1999  itojun@iijlab.net
	* sys/net/if_gif.c: call if_up() on positive edge of IFF_UP,
	  to send up RTM_IFINFO to the userland.

	  TOOD: more checks to other drivers (sometimes non-KAME issue
	  but we need RTM_IFINFO message for routing daemons).

1999-05-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* kit/src/pim6dd: supported group-basis output filter. See
	pim6dd.conf(5), which is also updated.

Sat May 22 14:34:59 JST 1999  itojun@iijlab.net
	* sys/dev/pci/aeon.c (NetBSD 1.4): fix aeon crypto pci card driver
	  for NetBSD 1.4.  No test performed yet (I don't have encryption-
	  enabled card anyway, I can't buy one in Japan!).

Sat May 22 1999  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c (NetBSD 1.4): fix dangling pointer
	  on link-local address addition failures.

Sat May 22 04:17:01 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_rtr.c (NetBSD 1.4): Simply call rtrequest() from
	  defrouter_addreq(), rather than re-implement the behavior.  This is
	  much simpler and avoids bug due to misuse of memory allocator.
	  TODO: check if it was the right fix, there may be special requirement
	  in defrouter_addreq(), which we have forgotten.

	  This fixes misterious "panic on long suspend/resume session" bug.
	  This was generated when aged routes, which were generated by
	  defrouter_addreq, are get purged (so kernel panic can be raised
	  by ndp -R).
	  defrouter_addreq() allocated struct rtentry by R_Malloc, but
	  NetBSD 1.4 now uses "pool" allocator in net/route.c.
	  Then defrouter_addreq() inserted struct rtentry allocated by
	  R_Malloc onto the routing table.  Kernel panic'ed if you try to
	  call pool_put() with pointer to non-pool region (happens on route
	  purge).

	  The bug was a bit hard to track.  I spent few days to find a
	  repeatable steps to make the kernel panic, spent 4 hours to find the
	  cause.  IMHO new allocators/deallocators (like pool_{get,put})
	  should provide more sanity checks (especially for alloc/free pool
	  mismatches) when DIAGNOSTIC is defined.  Current DIAGNOSTIC code did
	  not help me much.  I should do this next time...

Fri May 21 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c (NetBSD 1.4): synchronized ND6 code
	  with BSDI.  This includes experimental fix for duplicated ND6
	  detection (see CHANGELOG entry on Fri Apr 8 1999).

Thu May 20 16:36:20 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/www/lynx, kit/ports/lynx: use latest IPv6 patch.
	  now numeric IPv6 address is supported under "http://[::1]:80/"
	  format.

Thu May 20 16:05:27 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/net/rsync, kit/ports/rsync: IPv6-ready rsync 2.3.1.

Thu May 20 12:12:09 JST 1999  itojun@iijlab.net
	* kit/src/libinet6/getaddrinfo.c: filter out AFs that are not
	  supported by the kernel.  This takes effect when you use AI_PASSIVE
	  on IPv4 only node (previously both :: and 0.0.0.0 are returned)

	  NOTE: this change requires full rebuild of "kit" tree.  be sure
	  to remove /usr/local/v6/lib/*.a before rebuild.

	  From: Alexander Fung <amfung@bbn.com>

Thu May 20 06:18:11 JST 1999 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Check the each values of lifetime.  If the value is zero then
	kernel ignores its lifetime.  Actually, we do check the addtime
	and bytes.

Thu May 20 04:38:44 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Don't use the sockets failed to call socket().

Thu May 20 01:42:24 JST 1999  itojun@iijlab.net
	* kit/usr.bin/finger, kit/libexec/fingerd (NetBSD 1.4):
	  dual-stack fingerd/finger.

Wed May 19 21:48:12 JST 1999  itojun@iijlab.net
	* sys/netinet{,6}/ip{,6}_output.c (F228/N14/BSDI):
	  hide some of IPsec error code from the userland.  (need elaborate)
	  some of IPsec errors (such as "no SA") should be shown as packet loss
	  to the users.

Wed May 19 15:17:11 JST 1999  itojun@iijlab.net
	* sys/netinet6/frag6.c: Do not use mbuf to keep fragment queue, as
	  this does not contain messages.  use malloc() instead.
	  This avoids dtom().

	  From: Craig Metz <cmetz@inner.net>

Tue May 18 22:13:59 JST 1999  itojun@iijlab.net
	* sys/netinet/ip_output.c (BSDI/NetBSD14/FreeBSD228):
	  even if SO_DONTROUTE is speicfied, we need to use struct route and
	  route the packet, for IPsec tunnel mode processing.  handle struct
	  route accordingly.

Tue May 18 22:06:29 JST 1999  shin@nd.net.fujitsu.co.jp
	* kern/uipc_socket.c, sys/socketvar.h, netinet6/ip6_output.c
	(FreeBSD 3.1):
	-moved sooptmcopyout to ip6_output.c with some modification.
	-added ip6_soooptmcopyin().
	-use those functions in ip6_ctloutput() when coping option data between
	 soopt and mbuf chain.

Tue May 18 02:17:06 JST 1999  itojun@iijlab.net
	* sys/netinet6, sys/netkey (NetBSD 1.4): merge in new IPsec policy
	  engine.  Now (1) racoon is usable, (2) IPv6 IPsec including tunnel
	  mode is available, (3) policy engine is much more flexible.
	* kit/src: enable build of IPsec-supporting programs on NetBSD.
	* kit/sbin/ping (NetBSD 1.4): support ipsec policy specification
	  by -E option (-P was already occupied).

Sun May 16 22:33:41 JST 1999  itojun@iijlab.net
	* kit/sbin/ifconfig (NetBSD 1.4): change behavior of "ifconfig
	  interface" to print all the interface address available, not just
	  inet addresses.  The behavior looks more natural to me.

Sun May 16 03:38:03 JST 1999  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c (NetBSD 1.4):
	  Add link-local address to the ethernet interfaces (and join
	  mandatory multicast groups), when the interface is made IFF_UP.
	  In NetBSD, pcmcia interfaces are not initialized until IFF_UP,
	  so there seems to be no other option.
	  Good thing is that now we do not need to call in6_ifattach() from
	  drivers.  It is of course okay to call in6_ifattach() from drivers,
	  if you are sure that the driver is proprely initialized.

	  NOTE: this change may break some of the userland tools, which checks
	  IPv6 interface address BEFORE bringing the interface up.

Sun May 16 01:01:24 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/security/ssh, kit/ports/ssh: upgrade to 1.2.27 with
	  latest IPv6 patch.

Sun May 16 00:32:52 JST 1999  itojun@iijlab.net
	* KAME/NetBSD-1.4 is now buildable (both kernel and userland).
	* kit/usr.bin/netstat: add support for "netstat -p tcp6 -P
	  <tcp6cb address>".

Sat May 15 08:20:30 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/net/zebra, kit/ports/zebra: upgrade to 0.65.

Fri May 14 21:18:45 JST 1999  itojun@iijlab.net
	* sys/netkey/key.c (BSDI, FreeBSD228): To transmit SADB_ACQUIRE
	  messages correctly from the kernel, changed the mbuf allocation
	  policy in key_sendup().  Now we allocate non-cluster mbuf chain
	  for most cases.

	  Previously we allocated cluster mbuf for most of the cases, and
	  this caused PF_KEY socket to be considered full and sbappendaddr()
	  to fail.  This is due to wasted space on cluster mbufs
	  (sbspace() checks both actual data size and mbuf area size).

Fri May 14 11:50:15 JST 1999  itojun@iijlab.net
	* sys/netinet6 (BSDI, FreeBSD228): in IPv6 IPsec, tunnel mode now
	  works as well.

	  Note: IPv6 spec suggests the originating node to process HBH option
	  on the packet from the node itself (the originating node is
	  considered as "first hop").  However, we do not do this when
	  you apply IPv6 IPsec tunel onto the packet, since HBH option is
	  already encrypted when it is to be processed.  This should be
	  fixed, however, IMHO this is very rare case.

Thu May 13 22:56:06 JST 1999  itojun@iijlab.net
	* kit/src/v6test/v6test.c: support interface with DLT_NULL
	  bpf encapsulation (i.e. loopback interfaces).

1999-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/v6test/getconfig.c (make_ah): added to support
	authentication header.
	Also added some new tests in ext.conf.

Thu May 13 21:25:51 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Aggressive mode was supported, but not tested sufficiently.
	XXX There must be Vender ID in fixed place of payload.  TO BE MODIFIED.

1999-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* uipc_socket2.c (sbcreatecontrol): if a given control message
	is larger than MLEN, allocate an mbuf cluster and store the
	message into the cluster.
	Also, implemented more strict length check.
	This fix is only for FreeBSD(2 and 3) and NetBSD. A similar fix
	for BSDI was already done.

Thu May 13 20:18:37 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/netinet6/ip6_fw.c, sys/i386/conf/GENERIC.v6 (FreeBSD3.1):
	made compilabel and bootable with ip6fw enabled.
	not tested well enough.

Thu May 13 20:04:35 JST 1999  itojun@iijlab.net
	* sys/netinet6/ah_core.c: drop IPv6 AH packet with too many
	  extension headers, to avoid DoS attacks.
	  Use net.inet6.ip6.hdrnestlimit to configure the number of extension
	  headers allowed.

1999-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd/trace.c (accept_mtrace): added to support the
	response part of mtrace(not tested yet).

1999-05-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_setpktoptions): added the IPV6_DSTOPTS case,
	which allowed user to specify destination options headers for an
	outgoing packet.
	(compilable, but not tested yet)

1999-05-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6_pcb.c (in6_pcbbind): prevented binding a socket to an
	address if it's anycast, notready, detached or deprecated.

1999-05-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* netstat/inet6.c: sync icmp6names[] with the latest kernel.

1999-05-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.h:  changed the size of icmp6stat.icp6s_{in, out}hist from
	ICMP6_MAXTYPE + 1 to 256 since the former made the kernel
	vulnerable.

1999-05-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* added a sysctl net.inet6.ip6.defmcasthlim, which gets or
	specifies the default hop limit for an outgoing IPv6 multicast
	packet.
	Note that BSDI users must update both kernel and kit/sbin/sysctl
	to enable the new sysctl.

Wed May 12 14:57:54 JST 1999  itojun@iijlab.net
	* kit/libexec/fingerd, kit/usr.bin/finger (FreeBSD228): finger daemon/
	  client fixed for dualstack support.

Wed May 12 14:12:44 JST 1999  itojun@iijlab.net
	* kit/ports/inn (FreeBSD228/31): IPv6-enabled netnews server,
	  version 2.2.
	  From: Satosi KOBAYASI <kobayasi@north.ad.jp>

Wed May 12 10:33:32 JST 1999  itojun@iijlab.net
	* sys/netinet6/icmp6.h: node information query/response got the
	  official ICMPv6 type, so use the official number.
	  NOTE: need recompilation in userland (ping6), and old KAME and new
	  KAME will not interoperate due to the overwrap in number...

Wed May 12 02:29:13 JST 1999 sakane@kame.net
	* sys/netkey/key.c (FreeBSD228/BSDI):
	Fixed to expire SA.  It can't be sent SADB_EXPIRE message due
	to my mistake.
	Added test implement for lifetime by byte counts.
	You must be careful to set its value otherwise it causes many
	SA to be set.
		e.g.	time limit = 22896000(s)
			byte limit = 100(KB)

Tue May 11 18:48:37 JST 1999  sakane@kame.net
	* kit/ports/icecast, kit/pkgsrc/audio/icecast: upgrade to latest
	  IPv6 patch, with song name broadcasting/request hack.

Tue May 11 18:26:06 JST 1999  itojun@ijilab.net
	* sys/netkey (FreeBSD228/BSDI): strictly perform reference count on
	  SPD/SAD.  Now netkey seems to have almost no memory leaks.
	* sys/netkey/key.c, kit/src/setkey/setkey.c (FreeBSD228/BSDI):
	  throw results of SADB_DUMP and SADB_X_SPDDUMP message as separate
	  message to pfkey socket.  This should be more reasonable as each
	  of the result (for single SAD/SPD entry) has sadb_msg header.

Mon May 10 03:16:49 JST 1999  itojun@iijlab.net
	* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.1.

Sun May  9 16:39:31 JST 1999  itojun@iijlab.net
	* kit/ports/ruby, kit/pkgsrc/lang/ruby: update to use latest IPv6
	  patch.

Sun May  9 03:51:09 JST 1999  itojun@iijlab.net
	* kit/src/racoon: get/set proper source/destination address for IKE
	  packets, using IP_RECVDSTADDR and IPv6 advanced API.
	  this is needed to support hosts with more than 1 IP addresses
	  (i.e. most of IPv6 node needs this).
	  TODO: scoped IPv6 addresses support (link-local and site-local).

Sat May  8 23:13:53 JST 1999 sakane@ydc.co.jp
	* sys/netkey:
	Fixed tick counter problem, that is timeout() re-sets lifetime to 1(s)
	when you use too big lifetime.  Now the timer about IPsec key
	management is processed in key_timehandler().

Sat May  8 18:53:29 JST 1999  itojun@iijlab.net
	* sys/netinet, sys/netinet6 (BSDI, FreeBSD228): Inherit IPsec policy
	  configuration on tcp socket, across accept() operation (in the past
	  IPsec policy must be configured after accept()).
	  Now, you can configure IPsec policy onto listening tcp socket,
	  and wait for new conncection to come by accept().   The new socket
	  returned by accept() has the same IPsec policy as the listening tcp
	  socket.  This should be more natural behavior to the programmers,
	  and this behavior is inevitable for protecting SYN/SYN ACK packet
	  from attackers.

Sat May  8 15:21:01 JST 1999  itojun@iijlab.net
	* kit/src/inet6d: Add quickhack to specify IPsec policy by specially
	  formatted comment line (starting with "#@").  Experimental and
	  is subject to change in the near future.
	* sys/netinet, sys/netkey (BSDI, FreeBSD228): fixed IPsec policy
	  engine for IPv6 IPsec via IKE.

Fri May  7 13:59:16 JST 1999  itojun@iijlab.net
	* kit/src/tcpdump/print-ospf6.c: decode ospf6 packets.
	  NOTE: do not forget to perform "make distclean" (or, "make clean"
	  in kit directory).  otherwise, old Makefile calls build failure.

Fri May  7 02:25:23 JST 1999  itojun@iijlab.net
	* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to zebra 0.64.
	  now OSPF6 is ready for testing (but not for actual use - kernel
	  routing table will NOT be updated).

Thu May  6 14:18:12 JST 1999  itojun@iijlab.net
	* kit/src/tcpdump/print-pim.c: added pim dm decode routines.
	  (need pim-noisy network to debug this...)

Thu May  6 17:32:06 JST 1999  itojun@iijlab.net
	* sys/netinet6 (FreeBSD228): (1) separate IPv6 IPsec (transport-mode)
	  output processing into ipsec6_output_trans(), for cross-OS
	  portability.
	  (2) Multiple transport-mode IPsec headers can be inserted, in any
	  order.
	  (3) Most of IPsec output functions now returns int, instead of
	  struct mbuf * (no mbuf head pointer will be modified).
	  It is for better uniformity, and better error code handling.
	  (4) Some of the IPsec fuctions assume certain property from mbuf
	  chain.  See comments for those assumptions.

	  TODO: tunnel mode

Wed May  5 13:31:28 JST 1999  itojun@iijlab.net:
	* kit/ports/tcp_wrapper: IPv6-ready tcp_wrappers_7.6.tar.gz
	  NOTE: this is separate from kit/ports/tcpd.  kit/ports/tcpd is a
	  rewrite of tcp_wrappers for IPv6 (similar functionality but
	  completely separate codebase).  kit/ports/tcp_wrapper is IPv6-
	  enabled tcp_wrapper.

	  From: Hajimu UMEMOTO <ume@mahoroba.org>

1999-05-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/tcpdump/print-pim.c (pimv2_print): fixed a bug that a wrong
	position was referred as the PIM version field.
	Repored by Mickael Hoerdt <mhoerdt@iutsud.u-strasbg.fr>

Wed May  5 06:03:59 JST 1999  itojun@iiljab.net
	* sys/dev/en/midway.c (FreeBSD3): pvc interface did not have the
	  IPv6 link-local address.  There was some patch slipped off during
	  the merge.

	  From: Scott Mace <smace@intt.org>
	  PR: 95

1999-05-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/libpcap: supported a new protocol type `pim';
	you can now invoke tcpdump like `tcpdump pim'.

Tue May  4 14:38:58 JST 1999  itojun@iijlab.net
	* sys/netinet6/ip6_output.c (FreeBSD228): make multiple transport-mode
	  AH on IPv6 work corretly.
	  add some sanity check to forbid inbound/outbound jumbogram packet
	  with AH (jumbogram and AH is ill-suited, spec-wise).

Tue May  4 13:25:51 JST 1999  itojun@iijlab.net
	* sys/netinet6/ip6_output.c (FreeBSD228): support IPv6 IPsec
	  (transport mode only) with new policy engine.  To do this I've
	  changed some part of IPv6 option header construction routines,
	  so kick me if I've added any bugs.

Sun May  2 12:34:26 JST 1999  itojun@iijlab.net
	* kit/src/route6d/route6d.c: implement inbound route filter option (-L).

Sat May  1 13:45:36 JST 1999  itojun@iijlab.net
	* kit/usr.sbin/inetd (FreeBSD 2.2.8): Add quickhack to specify
	  IPsec policy by specially formatted comment line (starting with
	  "#@").  Experimental and is subject to change in the near future.

Sat May  1 JST 1999  itojun@iijlab.net
	* kit/src/libipsec/ipsec_policy.c: Added 2nd argument (int len) to
	  ipsec_set_policy(), to make it safer against buffer overflow.
	  Update the parser to be more strict about the IPsec policy string
	  grammar.

<199904>
Fri Apr 30 18:57:48 JST 1999 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Modified that kernel DOESN'T send SADB_EXPIRE message to user land
	if SA is not used until expiration soft lifetime.  Otherwise kernel
	sends SADB_EXPIRE message with the values of current lifetime.

Fri Apr 30 17:53:43 JST 1999  itojun@iijlab.net
	* kit/src/route6d/route6d.c: Take care of dynamic interface adress
	  addition/removal, interface state change, and static route change.
	  Sideeffect: You can specify interfaces which are down, into the
	  command line options (like -N).  Those interfaces can be used by
	  "ifconfig up" later.

Fri Apr 30 03:44:48 JST 1999  itojun@iijlab.net
	* kit/ports/apache13, kit/pkgsrc/www/apache13: upgrade IPv6 patch to
	  the latest one.
	* kit/ports/zebra, kit/pkgsrc/net/zebra: use master distribution 0.63.

Thu Apr 29 22:26:34 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- Fixed proposal length when transform payload was created.
	- Fixed the way to deal with nonces.  When phase 2 rekeying happened,
	  and to reverse initiator and responder happened, then I dealed with
	  nonces reversely.  Those effected to compute hash and keymat.
	- Merged isakmp_compute_hash1() and isakmp_compute_hash2().

Thu Apr 29 17:26:48 JST 1999 sakane@ydc.co.jp
	* kit/src/tcpdump/print-isakmp.c:
	Fixed a trivial bugs.  It was mistaken to print transform id.

Thu Apr 29 16:26:44 JST 1999  itojun@iijlab.net
	* kit/sbin/ifconfig (BSDI): make "prefixlen" keyword work properly
	  as expected (sorry I'm embarrassed).

1999-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* netstat/mroute6.c (mroute6pr): when printing the multicast
	forwarding cache whose incoming interface is unknown, print
	`---' instead of the magic number itself.
	Note that the kernel source should also be updated.

1999-04-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd/vif.c (start_vif): set random delay before sending
	the 1st PIM hello message in order to avoid hello message storm in
	a bootstrap phase.
	suggested by: Mickael Hoerdt <mhoerdt@iutsud.u-strasbg.fr>

Thu Apr 29 01:25:36 JST 1999  itojun@iijlab.net
	* kit/src/dtcp: Dynamic Tunnel Configuration Protocol daemon/client.
	  It will let you configure IPv6-over-IPv4 tunnel dynamically with
	  APOP-like authentication.
	  The protocol was proposed by Peter Tattam of Trumpet.
	  NOTE: you'll need to install IPv6-ready ruby interpreter, by using
	  kit/ports/ruby (or kit/pkgsrc/lang/ruby).

	  From: Peter Tattam <peter@jazz-1.trumpet.com.au>

1999-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd/pim6.c (send_pim6): used sendmsg() with IPV6_PKTINFO
	cmsg instead of sendto in order to specify the outgoing interface
	and the source address.
	Thanks to:
	  Mickael Hoerdt <mhoerdt@iutsud.u-strasbg.fr> for finding a
	  problem in the old version and sending a patch.

1999-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd/main.c (main): modified to call init_routesock after
	making a child process, since the pid to access the routing socket
	must be consistent.
	Thanks to:
	  David PATE <pate@dpt-info.u-strasbg.fr> for finding the problem.
	  Mickael Hoerdt <mhoerdt@iutsud.u-strasbg.fr> for sending a patch.

1999-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_mroute.c (del_m6if): added a sanity check in del_m6if to
	prevent kernel hangups, and modified to use in6_ifreq{} instead of
	ifreq{} to avoid invalid memory access.

Wed Apr 28 19:26:48 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/audio/icecast, kit/ports/icecast:
	  use new IPv6 patch.  It is now possible to transfer mp3 files
	  over UDPv[46] multicast packets.  This is really fun!

Wed Apr 28 14:30:22 JST 1999  itojun@iijlab.net
	* sys/netinet{,6} (BSDI 3.1): sync IPsec policy management code with
	  FreeBSD 2.2.8.  This automatically removes many bugs in IPsec code,
	  simplifies policy management (but SPD is now mandatory), and adds
	  flexibility in packet formats.
	  However, IPv6 IPsec is now broken.  Also, IPv4 IPsec is unstable
	  due to memory management bugs.
	  TODO: regress tests

Wed Apr 28 14:28:28 JST 1999  itojun@iijlab.net
	* sys/netinet{,6} (FreeBSD 2.2.8): do not strip TCP/UDP header from
	  mbuf, until ipsec policy engine checks the headers.

Wed Apr 28 05:19:07 JST 1999 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Fixed the way to search SPD.  It always searched outbound SPD.

Tue Apr 27 02:59:50 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- Racoon become to do exchange tunnel mode.  She gets the
	encryption mode from kernel by PF_KEY and set to SA payload later,
	so ignores the directive "encryption mode".  
		XXX: There have been rekeying problems yet.
	I believe that it's local address of phase 1 as proxy address
	whenever doing pfkey_update, and it's remote address of phase 1
	as proxy address whenever doing pfkey_update.

	- Added IPSECDOI_ATTR_ENC_MODE_DEFAULT as transport mode
	for the default of encryption mode.

	- Arranged the function to set SA attribute.

Tue Apr 27 02:13:26 JST 1999 sakane@ydc.co.jp
	* sys/netinet/ip_input.c,sys/netinet6/ip6_input.c:
	Stoped to remove M_AUTHIPDGM, not M_AUTHIPHDR, from m_flags.
	It caused checking policy of ESP inbound tunnel to be failed.

	NOTE: I believe that M_AUTHIPHDR will obstruct as such above
	when checking AH inbound tunnel policy, too.

Mon Apr 26 09:35:34 JST 1999  itojun@iijlab.net
	* sys/i386/isa/kms.c (BSDI): Keyboard mouse driver implemented by
	  Keisuke Uehara <kei@wide.ad.jp>.  Makes cursor keypad behave as
	  mouse cursor movement.  /dev/kms0 will speak bus mouse protocol.

	  Not very KAME thing, but is really useful addition for notebooks.

1999-04-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgp.c: for passively opened BGP4+ connection, use
	the configured value of local preference.
	Thanks to fujisaki@nttslb.slab.ntt.co.jp for pointing it out.

Fri Apr 23 15:32:45 JST 1999  itojun@iijlab.net
	* kit/ports/fwtk6 (FreeBSD 2.2.8): TIS firewall toolkit, modified for
	  IPv6 connections.  NOTE: you'll need to get original fwtk 2.1 by
	  yourself (you must read and agree the license agreement from TIS).

	  From: Hajimu UMEMOTO <ume@mahoroba.org>

Fri Apr 23 01:07:41 JST 1999 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Fixed the problem that key_get(), and rarely key_dump(), return error
	code but error didn't happen.
	
Thu Apr 22 18:16:06 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	'path' directive is added for post-command execution.
	NOTE: This do update PATH, not to be added.

Thu Apr 22 17:45:16 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Before post-command excution, set local and remote addresses of
	phase 1 to environment value named RACOON_INFO.

1999-04-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6_rtr.c (in6_ifdel): made sure that leave the solicited-node
	multicast address associated with the deleted address. Also
	call in6_savemkludge() before freeing the ifaddr structure.

1999-04-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* mld6.c (mld6_sendpkt): looped an MLD6 packet back to the sending
	node if	the node is a multicast router, which has been disabled by
	`ifdef notyet' although we already have multicast routing.

1999-04-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6.c (in6_control): automatically embed a link-local interface
	index of a destination address specified via the
	SIOCAIFADDR_IN6 command.

1999/04/22 16:36:54 JST shin@nd.net.fujitsu.co.jp
	* sys/netinet/tcp_input.c (FreeBSD3.1):
	Bug Fix: call ip6_savecontrol() also other than when
	accepting the connection.

Thu Apr 22 12:41:14 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Fixed the problem of phase 2 negotiation.  Now it gets success
	the negotiation of phase 2.
		XXX: There is phase *1* rekeying problem while phase *2*
		     negotiation.

Thu Apr 22 06:10:52 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- Added new directive "post-command" for racoon configuration.  When
	  IKE phase 1 negotiation has been finished, then this is excuted.
	  "post-command" consists three directive;
		"exec" defines to excute command when phase 1
			negotiation has been completed.
		"success" defines to excute command when `exec' command
			was success.
		"failure" defines to excute command when `exec' command
			was failure.
	- kmpstat can trigger to start negotiation of phase 1.  Usage is
	  that, e.g.
		# kmpstat establish-sa ike inet 192.168.0.1

1999-04-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtadvd/config.c (getconfig): clear the configuration buffer
	if the specified does not exist in the configuration file, which
	is necessary to avoid to use a configuration for another interface
	by mistake.
	* src/rtadvd/if.c (get_next_msg): added RTM_GET case in the search
	loop.
	
Wed Apr 21 11:44:11 JST 1999  itojun@iijlab.net
	* kit/src/rtsol: bring interface down, then up, before sending RS.
	  This is a workaround for pcmcia ethernet card drivers (used on
	  notebooks).  It looks that some of the drivers do not initialize
	  multicast packet filter properly on suspend/resume session, and
	  RA (to ff02::1) cannot be received on the interface after resume.
	  It looks that down-then-up solves most of the cases.

	  TODO: if this solves the problem, /etc/pccard.conf (or
	  /etc/card.conf) should perform down-then-up on resume.

Wed Apr 21 04:01:21 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	- TODO has been updated.

	- With port numbers and prefixes, phase 2 exchange is available.
		We need some time for the stability.  It's on testing to do
		exchanging IPsec tunnel mode.
	- It's became to begin phase 2 negotiation by IPsec-SA expiration.

	- s/LDUR/LD/ and s/LTYPE/LD_TYPE/, because of clarification.
	- Begin the trying to manage IPsec SA by queue(3).  But I have no
		idea to manage the SA parameters directly.
	- Begin the trying to manage the IPsec-SA exchange by IPsec SA list.
		XXX MUST support multi SA exchange.
	- Modified some code for ANSI-C.
	- A lot of modification.

Wed Apr 21 00:58:39 JST 1999  shin@nd.net.fujitsu.co.jp
	* kit/src/rrenumd:
	-parser fix for recognizing match{-,_}prefix and use{-,_}prefix
	-cmsghdr related msglen operaton bug fix
	-enabled sending to IPv4 destination
	 (though, receiver side is also need to be enhanced to receive it)

Tue Apr 20 21:19:16 JST 1999  itojun@iijlab.net
	* kit/sys/netinet/altq_red.c: fix IPv6 header parsing code.

	  From: hiddy@sfc.wide.ad.jp

1999/04/20 17:55:31 JST shin@nd.net.fujitsu.co.jp
	* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c
	synced between BSDs

Tue Apr 20 15:26:49 JST 1999  itojun@iijlab.net
	* kit/usr.bin/vmstat (BSDI, FreeBSD 2.2.8, NetBSD): source code
	  included in the tree (just need a recompilation, to make "vmstat -m"
	  work).

Tue Apr 20 10:45:44 JST 1999  itojun@iijlab.net
	* kit/ports/zebra (FreeBSD 2.2.8/3.1):
	* kit/pkgsrc/net/zebra (NetBSD): upgraded to 19990420 snapshot.

Tue Apr 20 10:36:52 JST 1999 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Modified a bit of ipsec_setsecidx() to get IP address
	and port from mbuf.
	ASSUMED: basic header is placed continuously in a mbuf.

Mon Apr 19 21:02:24 JST 1999  itojun@iijlab.net
	* kit/ports/mpg123 (FreeBSD 2.2.8, 3.1):
	* kit/pkgsrc/audio/mpg123 (NetBSD): MPEG audio layer 3 player.
	  (embeded HTTP support code is updated for IPv6 HTTP)

Mon Apr 19 19:35:35 JST 1999  itojun@iijlab.net
	* kit/ports/icecast (FreeBSD 2.2.8, 3.1):
	* kit/pkgsrc/audio/icecast (NetBSD): icecast MP3 broadcasting system.
	  based on version 1.1.3 of the original distribution.

Mon Apr 19 19:32:44 JST 1999 shin@nd.net.fujitsu.co.jp
	* sys/netinet/tcp.h,tcp_input.c,tcp_output.c,tcp_subr.c, tcp_var.h
	  sys/netinet6/ip6_output.c,ip6_var.h (FreeBSD3.1):
	mainly fixes for considering IPv6 more enough on mss calcuration.
	-added v6mssdflt
	-added sysctl for setting v6mssdflt
	-added ip6_exthdrsiz() and let it check supposed sending v6 ext
	 headers total len, and remove that from mss
	-made output checksum part more clear(I belive essentially no change)

Mon Apr 19 15:04:43 JST 1999 sumikawa@ebina.hitachi.co.jp
	* kit/ports/rev_v6_address (FreeBSD 2.2.8): a representing PTR
	  records tool for mainting DNS.
	* kit/ports/geta (FreeBSD 2.2.8): GET Address - simple IPv4/IPv6
	  address resolver

Mon Apr 19 14:24:43 JST 1999  itojun@iijlab.net
	* sys/netinet6: Add automatic flow-labelling support in kernel,
	  for all operating systems.
	  (see CHANGELOG entry on Sun Apr  4 02:24:00 JST 1999)

Sun Apr 18 16:45:18 JST 1999 sakane@ydc.co.jp
	* sys/netkey/keyv2.h
	Added PFKEY_ADDR_PREFIX() for convenience.
	Fixed the word, s/PFKEY_ADDR_PORT/PFKEY_ADDR_PROTO/

Sun Apr 18 09:39:25 JST 1999  itojun@iijlab.net
	* kit/ports/libident6 (FreeBSD 2.2.8): identd library for
	  IPv6 connetions.
	* kit/ports/pident6d (FreeBSD 2.2.8): identd for IPv6 connetions.

	  From: Hajimu UMEMOTO <ume@mahoroba.org>

Sat Apr 17 13:13:41 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/lang/python (NetBSD): python 1.5.2 with IPv6 support.

Sat Apr 17 11:22:29 JST 1999  itojun@iijlab.net
	* kit/ports/python (FreeBSD 2.2.8): python 1.5.1 with IPv6 support.

Sat Apr 17 01:33:01 JST 1999  itojun@iijlab.net
	* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade to 1999/4/16 snapshot.

Fri Apr 16 18:16:04 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/, kit/ports/altq (FreeBSD31):
	updated ALTQ to 1.1.3

Fri Apr 16 10:20:39 JST 1999  itojun@iijlab.net
	* kit/ports/sendmail6, kit/pkgsrc/mail/sendmail6:
	  upgrade to 8.9.3 + IPv6 patch version W3.2.

Thu Apr 15 18:04:49 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/netinet/tcp_input.c, tcp_subr.c (FreeBSD3.1):
	rewrite tcp_respond() because it has incorrect pointer
	reference bug. this caused keep alive packet with incorrect
	checksum, and let long lived tcp connection die.
	now tcp should become more stable.

Thu Apr 15 14:53:34 JST 1999  itojun@iijlab.net
	* kit/ports/mediator: added port directory for Mediator DNS relay
	  resolver daemon.  NOTE: the master distribution is restricted so
	  most of you will not be able to compile this.
	* kit/ports/kaffe: port for IPv6-ready kaffe (IPv6 patch by INRIA
	  guys).  Not finished yet.

Thu Apr 15 08:57:24 JST 1999  shigeya@foretune.co.jp
	* kit/src/man: add kame(4).

Thu Apr 14 JST 1999  itojun@iijlab.net
	* kit/src/libinet6: Made getaddrinfo.c and getnameinfo.c compilable
	  on most platforms (do not define INET6).  This should be useful
	  when making applications IPv6-aware (supply KAME getaddrinfo.c in
	  "missing" directory and use AC_REPLACE_FUNCS(getaddrinfo) in
	  configure.in).

Wed Apr 14 20:57:13 JST 1999 sakane@ydc.co.jp
	* kit/src/racoon:
	Added the sending some administration commands to kmpstat.
		reload config, show schedule, show several SA,
		delete several SA, flush several SAs, establish several SA
	Added to handle some administration commands to admin.c.  There are
	some commands have not been supported yet, and these aren't tested
	sufficiently.
		XXX: should be specified the efficient formats for
		the communication which is between racoon and kmpstat.
	Changed default port for administration.
	racoon.conf is obsoleted by ibm.conf.

Wed Apr 14 18:26:14 JST 1999  itojun@iijlab.net
	* kit/ports/{ct,v6eval} (FreeBSD 2.2.8): TAHI IPv6 conformance test
	  kit, released today (0.1).  See http://www.tahi.org/ for details.

1999-04-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* raw_ip6.c (rip6_usrreq):  fixed a bug of (possible) NULL pointer
	access in PRU_CONNECT case in rip6_usrreq. FreeBSD 3.1 version
	has the same problem in rip6_connect(), which was fixed	as well.

Wed Apr 14 01:20:23 JST 1999  itojun@iijlab.net
	* kit/ports/ruby, kit/pkgsrc/lang/ruby:
	  upgrade to ruby 1.2.5 with latest IPv6 patch.

Tue Apr 13 18:06:03 JST 1999  itojun@iijlab.net
	* kit/ports/ruby, kit/pkgsrc/lang/ruby:
	  object oriented scripting language "ruby" 1.2.4 with IPv6 support.

Tue Apr 13 10:45:00 JST 1999 sakane@ydc.co.jp
	* kit/src/libipsec:
	Added EIPSEC_INVAL_PREFIXLEN into ipsec_strerror.h.
	To handle prefix, added `prefixlen' to the parameter
	in pfkey_send_{add,update,delete,get}().

Mon Apr 12 21:21:59 JST 1999  itojun@iijlab.net
	* sys/netinet/in_gif.c, sys/netinet6/in6_gif.c:
	  (1) check IFF_LINK0 on ingress, as specified in the manpage.
	  (2) do not encapsulate if IFF_LINK0 is down and physical destination
	      address is not configured.
	  (3) check if physical source equals to dst on the packet, on egress
	      when IFF_LINK is enabled.

Mon Apr 12 11:34:02 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c: clear tentative bit without DAD, when
	  net.inet6.ip6.dad_count equals 0. (this is a bug - sorry)

Sun Apr 11 21:04:05 JST 1999 shin@nd.net.fujitsu.co.jp
	* usr.sbin/inetd (FreeBSD3.1):
	enabled to specify tcp6 as protocol type in inet6d.conf.
	when it is specified, the opened AF_INET6 socket don't accept
	IPv4 connection.

Sun Apr 11 18:18:56 JST 1999 shin@nd.net.fujitsu.co.jp
	* kit/ports/ppp (FreeBSD):
	  IPv6 patch level upgrade.
	  -filter specification bug fix 
	  -added debug mode(never become daemon in any mode) 
	  -when using ppp created ifid, try to use common ifid at first 
	   on any ppp connection. 

1999-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/libinet6/ip6opt.c : implemented inet6_option_alloc(),
	inet6_option_next() and inet6_option_find() functions.

1999-04-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_savecontrol): implemented IN6P_HOPOPTS,
	IN6P_DSTOPTS and IN6P_RTHDR options in order to get Hop-by-hop
	options, destination options and routing headers by a userland
	application.

Sat Apr 10 12:17:08 JST 1999  itojun@iijlab.net
	* sys/netinet6/in6_gif.c, sys/netinet/in_gif.c:
	  Add ECN friendly mode to gif interface.  "ifconfig gifX ilnk1"
	  should enable "ECN allowed" behavior (see draft-ipsec-ecn-00),
	  and ECN bits will be copied on ingress and egress.

	  "Copying ECN bit on ingress" violates of RFC1933 (which says
	  that outer IPv4 TOS bit should be 0).  This should be used under
	  mutual agreement with tunnel endpoint.

Fri Apr  9 22:53:28 JST 1999  itojun@iijlab.net
	* kit/ports/zebra, kit/pkgsrc/net/zebra: upgrade original distribution
	  to 1999/4/8 snapshot.  ospf6d is in the tree but not compilable.
	  we really are looking forward to test ospf6d!

Fri Apr  9 22:24:44 JST 1999  itojun@iijlab.net
	* kit/src/route6d/route6d.c: avoid hardcoding # of interfaces.
	  now you should be able to handle as many interfaces as you can.
	  # of interfaces is obtained on startup time, so it cannot handle
	  dynamically added interfaces at runtime.

Fri Apr  9 JST 1999  itojun@iijlab.net
	* sys/netinet6: implement setsockopt(IPV6_FAITH) for NetBSD and BSDI.
	  (see CHANGELOG on Fri Apr  2 20:00:23 JST 1999)

Fri Apr  9 20:44:55 JST 1999  itojun@iijlab.net
	* sys/netinet/ip_ecn.[ch]: move ECN friendly ingress/egress code into
	  separate function, for better code reuse.
	  Populate ECN friendly IPsec tunnel code to all the platforms.

1999/04/09 20:26:03 JST shin@nd.net.fujitsu.co.jp
    usr.bin/netstat (FreeBSD3.1):
	-print only inet socket at "-f inet" 
	-print inet6 socket at "-f inet6" 
	-print inet6 addr correctly for inet6 socket 

Fri Apr  8 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
	  Implement heuristics against DAD NS loopback.  See source code
	  for detail; it may be better than dad_ignore_ns, but not very
	  perfect and may violate spec anyway.

1999-04-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6.c (nd6_output): if the interface is other than Ethernet and
	FDDI, simply put the packet into the interface instead of tring
	to resolve the next hop.

1999-04-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* raw_ip6.c (rip6_usrreq): for PRU_BIND, added a check to see
	if the specified address is valid(e.g. not deprececated).
	For PRU_CONNECT, used in6_selectsrc() in order to fill in the
	source address field.

Thu Apr  8 20:14:45 JST 1999  itojun@iijlab.net
	* kit/src/faithd: get # of interfaces by using if_nameindex().

Thu Apr  8 19:39:01 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c (BSDI): (experimental)
	  ignore incoming DAD NS packet, if dad_ignore_ns is set to 1.

	  By setting dad_ignore_ns to 1 (by bpatch maybe), you'll be able to
	  ignore DAD faults by drivers which loops packets back to itself
	  on promisc mode.
	  However, (1) you'll not be able to detect simultaneous DAD activity
	  on the subnet, nor same MAC address on the subnet (-> SparcStation2)
	  (2) it is not spec conformant behavior.

	  I dunno how many drivers are faulty, but at least BSDI mz driver
	  (which is my favorite) is broken, so would like to test this code.

Thu Apr  8 17:06:32 JST 1999  itojun@iijlab.net
	* kit/src/v6test: changed config file directory to PREFIX/share/v6test.

Thu Apr  8 17:01:42 JST 1999  itojun@iijlab.net
	* kit/src/libinet6/getaddrinfo.c: (1) do not attach canonname
	  "localhost" to ::1 and 127.0.0.1.  The name may not be ubiquitously
	  available.
	  (2) add comment about get_addr() call when AI_CANONNAME is given for
	  numeric address.  it is a bit strange that we do addr->name
	  translation here...

1999-04-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_output): If a hop-by-hop options header is
	contained in an outgoing packet, examine and process it,
	which behavior is required in the base IPv6 spec(RFC 2460).
	Note that some other code relating to option processing was
	also modified.

1999-04-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_insert_jumboopt): fixed a bug that
	the function does not adjust the length field of an already
	existing hop-by-hop header.
	Thanks to Kenjiro Komaki <komaki@mt.cs.keio.ac.jp> for finding the
	problem.

Wed Apr  7 23:42:55 JST 1999  itojun@iijlab.net
	* kit/etc/rc.net6: add "sleep" after interface configuration.  now
	  DAD will be performed for global addresses too, and we have to
	  wait till DAD's completion before invoking daemons.

Wed Apr  7 18:46:17 JST 1999  itojun@iijlab.net
	* kit/lib/libftpio(FreeBSD 2.2.8): try EPSV in IPv4 case too,
	  because EPSV behaves better for translators.  Also, try EPRT in
	  IPv4 case too.

Wed Apr  7 18:02:28 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/netinet6/nd6_rtr.c: don't care link local addr
	  state and every time do DAD in in6_ifadd().

Wed Apr  7 17:28:17 JST 1999  itojun@iijlab.net
	* kit/src/ndp: Print out expired prefix as "expired",
	  not by negative lifetime value.
	* kit/sbin/ifconfig: Do not print negative value for interface address 
	  lifetime.  This sometimes happens if you invoke ifconfig on the
	  expiration time.
	* sys/netinet6/nd6*.c: Fix RA prefix information validation for
	  lifetime values.  It now works as expected (RFC2462 5.5.3 (e) or
	  Jim Bound's rule - default is Jim Bound's rule).
	  (1) Do not remove prefix information in the kernel (struct
	      nd6_prefix) on expiration.  Will be removed after
	      NDPR_KEEP_EXPIRED seconds.  We need old prefix information for
	      validation purposes.
	  (2) Do not remove interface address when prefix information is
	      removed.  Their lifetime is managed separately.
	  (3) Clarify validation rules for lifetime fields in RA prefix
	      information.

Wed Apr  7 14:29:46 JST 1999  itojun@iijlab.net
	* sys/net/if.c (except BSDI 3.1): fix where we call in6_if_up() on
	  ioctls.  (this is a routine to trap IFF_UP positive edge -
	  mainly for DAD)

1999-04-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6.c (nd6_output): was newly implemented, which is called from
	ip6_output instead of ifp->if_output. The change mainly aims to
	perform neighbor unreachability detection even if the outgoing
	interface is not up.
	NOTE: The change is still experimental and needs more tests.
	So, it is not enabled unless the `NEWIP6OUTPUT' kernel
	configuration option is specified.

Wed Apr  7 03:06:54 JST 1999  itojun@iijlab.net
	* kit/libexec/ftpd (NetBSD): fix EPRT.
	* kit/usr.bin/ftp (NetBSD, FreeBSD2): try EPSV in IPv4 case too,
	  because EPSV behaves better for translators.  Also, try EPRT in
	  IPv4 case too.

1999-04-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* FreeBSD 2.2.8: merged Alteon Gigabit Ether driver from
	http://www.freebsd.org/~wpaul/Alteon/
	We believe that it supports IPv6 as well, but we have not
	tested yet.

Tue Apr  6 22:25:41 JST 1999  itojun@iijlab.net
	* kit/src/libpcap: Allow tcpdump on ATM interface for FreeBSD.
	  DLT type for ATM is defined in OS-supplied bpf.h, so follow that
	  value in libpcap/net/bpf.h.

Tue Apr  6 19:40:52 JST 1999  itojun@iijlab.net
	* kit/etc/rc.net6: on router, perform "ifconfig up" before configuring
	  interface to wait for DAD's completion. 

Tue Apr  6 18:50:27 JST 1999  itojun@iijlab.net
	* kit/ports/ucd-snmp, kit/pkgsrc/net/ucd-snmp:
	  upgrade to 3.6.1 with latest IPv6 patch.
	  NOTE: on NetBSD, snmpnetstat is not working right.  this is a bug in
	  original distribution (ucd-snmp 3.6.1).

Tue Apr  6 18:00:08 JST 1999  itojun@iijlab.net
	* kit/Makefile: install documents in kit/* into
	  $(PREFIX)/share/doc/kame (usually PREFIX = /usr/local/v6).

Tue Apr  6 12:45:51 JST 1999  itojun@iijlab.net
	* kit/src/rtadvd: If old prefix configuration directive ("addr"
	  without "addrs") appears on rtadvd.conf, show warning to syslog and
	  exit.  This should help people who forgot to update old
	  configuration file.

1999-04-05  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* [NetBSD]in6.c (in6_control): fixed a bug that `ifconfig delete'
	does not work correctly.

Mon Apr  5 17:39:54 JST 1999  itojun@iijlab.net
	* kit/ports/lynx (FreeBSD 2.2.8/3.1)
	* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.
	  IPv4 numeric address in URL is now handled correctly.
	  (this was broken by IPv6 patch...)

Mon Apr  5 13:00:48 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/net/ucd-snmp: (NetBSD 1.3.3)
	  GNU_CONFIGURE settings in bsd.pkg.mk caused trouble with ucd-snmp,
	  and snmpd hanged up on some specific queries.  Now it is fixed and
	  working fine.
	  From: yuo@nui.org

Mon Apr  5 04:17:51 JST 1999  shin@nd.net.fujitsu.co.jp
	* kit/ports/ppp (FreeBSD):
	  IPv6 patch level upgrade.
	  some more debug, improvement, and man fix. 
	    -set ifid only for link local addr 
	    -search MYADDRINET6 first, and then MYADDR 

Sun Apr  4 02:24:00 JST 1999  itojun@iijlab.net
	* sys/netinet6: Add automatic flow-labelling support in kernel.
	  tcp6 inbound and outbound connection, and udp6 outbound packets
	  after connect(), will have flow label field filled in with a sequence
	  number (will be unique for 2^20 connections).  Flow label portion
	  of sin6_flowinfo will be ignored.
	  This can be turned off by setting net.inet6.ip6.auto_flowlabel sysctl
	  variable into 0 (default is 1).  If the value is 0, the value
	  in sin6_flowinfo will be used.
	  (experimental, KAME/FreeBSD 2.2.8 only)

	  Background:
	  Semantics of flow label is still rather vague.  The semantics of
	  sin6_flowinfo field is also vabue.  Some of us fear that,
	  if we leave it as is, nobody will be using flow label.  We would
	  like to start by (1) marking as many connections as possible
	  with flow labels, then (2) try some QoS/diffserv things with the
	  marked traffic, then (3) think about how we should go forward.

	  TODO: other better support for flowlabel, such as filling
	  sin6_flowinfo on inbound traffic.

1999-04-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtsold: changed to watch interface flags and to probe
	advertising routers when an interface becomes up or down.

Sat Apr  3 11:27:18 JST 1999  itojun@iijlab.net
	* kit/ports/lynx (FreeBSD 2.2.8/3.1)
	* kit/pkgsrc/www/lynx (NetBSD 1.3.3): updated IPv6 patch.

Fri Apr  2 20:00:23 JST 1999  itojun@iijlab.net
	* sys/netinet6, kit/src/faithd: implement setsockopt(IPV6_FAITH).
	  setsockopt(IPV6_FAITH) is now required to accept TCP
	  conection toward FAITH-relayed prefixes.  This will affect
	  faithd daemon only, and this will protect other daemons (like
	  sendmail or httpd) from mistakingly accepting FAITH'ed TCP
	  connections.
	  (experimental, KAME/FreeBSD 2.2.8 only)

Fri Apr  2 20:00:23 JST 1999  itojun@iijlab.net
	* sys/netinet6/icmp6.c: Receive important ICMPv6 messages toward
	  FAITH'ed prefixes.  This is required to make PMTUD work for
	  FAITH'ed TCP6 connections.

1999/04/02 16:33:03 JST shin@nd.net.fujitsu.co.jp
	* kit/src/rtadvd:
	Check dest interface's if_flagss and if not IFF_UP, don't send RA
	to the interface. If it become IFF_UP again, restart sending RA to it. 
	Also, made if.h and added some common definitions to it. 
	Some debug on rtmsg type checking procedure. 

Fri Apr  2 12:55:28 JST 1999  shin@nd.net.fujitsu.co.jp
	* kit/ports/ppp (FreeBSD 2.2.8, 3.1):
	update v6 patch level. fix several bugs and man fix.

1999-04-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* if.c (ifioctl): if an interface's mtu is changed by SIOCSIFMTU,
	also change the ND6 level mtu associated with the interface.

1999-04-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_output): prevented IPv6 level fragmentation
	on a link that does not support link-level fragmentation.
	XXX: currently we don't have any method to check if a link
	supports link-level fragmentation.
	
<199903>
Wed Mar 31 12:42:28 JST 1999  itojun@iijlab.net
	* kit/src/faithd: stabilize plain TCP relay.
	  - connection timeout will be measured for both diretions - timeout
	    won't happen if there's some data stream for either of the
	    directions.
	    TODO: tcp.c shouldn't fork(), for process table conservation...
	  - explicitly set SO_SNDTIMEO, to correctly detect write overflow
	    (= client side or server side disconnected the connection during
	    write)
 
Wed Mar 31 12:42:28 JST 1999  itojun@iijlab.net
	* sys/netinet6: remove old FAITH implementation and user interface
	  knob, namely net.inet6.ip6.faith_prefix.
	* kit/src/faith: make it a shell script for backward compatibility.

Tue Mar 30 23:21:05 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_rtr.c: (1) do not use tentative or duplicated
	  link-local address as the seed for autoconfiguration.
	  (2) changed how kernel detects "fresh" prefix on RA packet.

Tue Mar 30 12:32:33 JST 1999  itojun@iijlab.net
	* sys/netinet6 (FreeBSD 3): merge in new faith code.
	  Now all operating systems are "new faith" ready.
	  (see changelog on Thu Mar 11 00:27:55 JST 1999 for details)

Tue Mar 30 02:04:12 JST 1999  itojun@iijlab.net
	* kit/src/faithd: disconnect inactive sessions in 30 minutes,
	  to avoid stale connection to chewing up system resources.
	  TODO: should it be configurable?

Mon Mar 29 18:41:06 JST 1999  itojun@iijlab.net
	* sys/netinet6/in6.c, kit/sbin/ifconfig: (NetBSD and FreeBSD 2.2.8)
	  Support "ifconfig vltime" and "ifconfig pltime" for altering
	  interface address lifetime.
	  See CHANGELOG on Wed Mar 24 15:06:25 JST 1999 for detail.

Mon Mar 29 17:20:23 JST 1999  itojun@iijlab.net
	NetBSD pkgsrc catch-ups.
	* kit/pkgsrc/net/wget: port for wget 1.5.3.
	* kit/pkgsrc/net/zebra: upgraded to 19990327 snapshot.
	* kit/pkgsrc/net/apache: upgraded to 1.3.6 + latest IPv6 patch.
	* kit/pkgsrc/net/ncftp3: upgrade to use latest IPv6 patch
	  (see CHANGELOG on Thu Mar 25 16:21:11 JST 1999 by sumikawa).

1999-03-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_setmoptions): when joining a node-local scope
	multicast group, choose the loopback interface as the default
	interface.

1999-03-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_output), in6_pcb.c (in6_selectsrc):
  	  added some consideration for node-local multicast addresses:
	  - route outgoing packets to the loopback interface
	  - choose the source address from the loopback
	  interface(typically it's the loopback address, ::1).

1999/03/29 01:42:43 JST shin@nd.net.fujitsu.co.jp
	* kit/ports/ppp:
	upgrade to 990309 version.

Mon Mar 29 01:41:04 JST 1999  itojun@iijlab.net
	* kit/ports/zebra (FreeBSD 2.2.8): upgrade to 19990327 snapshot.

1999/03/29 00:35:42 JST shin@nd.net.fujitsu.co.jp
	* sys/net/if_tun.c (FreeBSD2.2.8, 3.1):
	-Bug Fix: return ENOBUFS when M_PREPEND fails
	-removed unused function

Sun Mar 28 00:37:36 JST 1999  itojun@iijlab.net
	* sys/netinet{,6}/tcp{,6}_subr.c: fix mbuf length computation bug
	  in ipsec[46]_hdrsiz_tcp().
	  From: Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>

Sat Mar 27 07:17:34 JST 1999  sumikawa@ebina.hitachi.co.jp

	* kit/ports/wget: (FreeBSD 2.2.8): wget 1.5.3 with IPv6 support
	patch (by shimojou@ebina.hitachi.co.jp)

1999-03-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_redirect_output): fixed memory leak, that occurs
	in a case where the function is called but no redirect should be
	sent.

Fri Mar 26 20:51:28 JST 1999  itojun@iijlab.net
	* sys/netinet6: IPsec tunnel is now friendly with ECN (Explicit
	  Congestion Notification).  Behavior can be configured in per-host
	  manner with sysctl, not per-SA manner.
	  http://www.aciri.org/floyd/papers/draft-ipsec-ecn-00.txt

Fri Mar 26 12:11:03 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/sys/netinet/in_pcb.c (FreeBSD 3.1):
	Bug Fix: added necessary next list entry replacement in for loop.
	Also, use LIST macro.
	Now infinite loop problem should have been fixed.

Fri Mar 26 03:04:10 JST 1999  itojun@iijlab.net
	* kit/ports/apache13 (FreeBSD 2.2.8): update to apache 1.3.6.
	  (need some regression test...)

Fri Mar 26 JST 1999  itojun@iijlab.net
	* sys/netinet6/ip6_output.c: boundary check for
	  IPV6_{UNI,MULTI}CAST_HOPS is added as described in spec.

Thu Mar 25 16:21:11 JST 1999  sumikawa@ebina.hitachi.co.jp
	* kit/ports/ncftp3 (FreeBSD 2.2.8): update port
	  - try 'EPSV' connection first on IPv4 and IPv6 passive
	    connection
	  - remove hard coded number

Thu Mar 25 15:32:54 JST 1999  itojun@iijlab.net
	* kit/src/faithd: fix "my address" determination.  previous code
	  was caress about sin6_scope_id and sin6_port when comparing
	  interface address with getsockname().

Thu Mar 25 13:41:08 JST 1999  itojun@iijlab.net
	* kit/src/faithd: -p option lets you get IPv4 privileged src port
	  (port < 1024).

1999/03/24 23:26:50 JST shin@nd.net.fujitsu.co.jp
	* kit/ports/perl5 (FreeBSD 3.1):
	upgraded to perl5.005_55.(developer release)

Wed Mar 24 15:06:25 JST 1999  itojun@iijlab.net
	* sys/netinet6/in6.c, kit/sbin/ifconfig (BSDI):
	  ioctl interface is modified to allow (privileged) userland program
	  to modify interface address lifetime.  ifconfig option "vltime" nad
	  "pltime" are implemented.

Tue Mar 23 21:56:52 JST 1999  itojun@iijlab.net
	* sys/dev/pci/aeon.c (NetBSD 1.3.3): Invertex AEON crypto/compression
	  card driver (ported from OpenBSD).

	  TODO: compression support in the driver
	  TODO: userland interface (/dev/lzs? /dev/md5? /dev/sha1?)
	  TODO: hook for KAME IPsec (this is a hard one...)

Tue Mar 23 19:05:00 JST 1999  itojun@iijlab.net
	* kit/sbin/ifconfig: add -L option, which displays address lifetime
	  for IPv6 addresses.

Tue Mar 23 18:03:41 JST 1999  itojun@iijlab.net
	* sys/netinet6 (NetBSD 1.3.3): merge in new faith code.
	  (see changelog on Thu Mar 11 00:27:55 JST 1999 for details)

Tue Mar 23 10:30:46 JST 1999  itojun@iijlab.net
	* kit/src/ndp: generate timestamp on "ndp -t -A 1", to make output
	  merge-able with tcpdump's output.

1999-03-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/ping6: added -a option in order to support the ICMP node
	information node addresses Qtype.

1999-03-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c: supported ICMPv6 node information the FQDN and node
	addresses Qtypes.

1999-03-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6.c (in6_setmaxmtu): was newly added to recalculate the
	maximum MTU for outgoing IPv6 packets. The function is called
	when there is a possibility of a change of the MTU.

Fri Mar 19 04:18:00 JST 1999  sakane@ydc.co.jp
	* kit/src/libipsec:
	For handling tunnel mode, Added parameter for proxy address to
	pfkey_send_add() and pfkey_send_update().

Thu Mar 18 17:56:19 JST 1999  itojun@iijlab.net
	* kit/src/faithd: update faith_prefix determination.

	if USE_ROUTE is defined, faithd will determine faith_prefix
	by the following
	algorithm:
	- if the getsockname() matches any of my interface address,
	  it is toward myself (not for translator).
	- otherwise, it is for translator.
	This behavior is for new "faith" pseudo interface support,
	implemented in BSDI and FreeBSD 2.2.8 (at this moment).
	sysctl MIB for faith_prefix is meaningless in this case.

	if USE_ROUTE is not defined, faithd will determine faith_prefix
	by the following algorithm:
	- if the getsockname() matches faith_prefix (registered
	  via sysctl) it is for translator.
	- otherwise, it is for myself.
	This behavior is for old "faith" implementation.

Thu Mar 18 15:28:28 JST 1999  itojun@iijlab.net
	* kit/bin/route/route.c (BSD/OS 3.1): allow interface route to be
	  added by "route add -inet6 foobaa -interface if0". 

Thu Mar 18 14:27:24 JST 1999  itojun@iijlab.net
	* sys/netinet6 (BSD/OS 3.1): remove HYDRANGEA_COMPAT compile option,
	  which is VERY obsolete.  If there's anybody relied on this, please
	  migrate to advanced API.

Thu Mar 18 14:20:56 JST 1999  itojun@iijlab.net
	* sys/netinet6 (BSD/OS 3.1): merge in new faith code.  userland should
	  be updated soon.
	  (see changelog on Thu Mar 11 00:27:55 JST 1999 for details)

Wed Mar 17 16:39:18 JST 1999  shin@nd.net.fujitsu.co.jp
	* kit/ports (FreeBSD 3.1): updated and made buildable many ports
	as FreeBSD 2.2.8 update.
	  added: ncftp3, squid11, wbd
	  updated: apach13(to 1.3.4), mrt(to 1.5.2a), heimdal(to 0.1c),
		sendmail6(to 8.9.2), gated-ipv6 (to snapshot-0399),
		lynx(to 2.8.1rel.1), tcptrace(to 5.1.1), vat6(to 19981109),
		vnc(to 3.3.2r3)
	TODO: buildability check -> XFree86, mozilla
	      to be compilable -> perl5, ppp, ucd-snmp
	      update(also with kernel) -> altq

Wed Mar 17 09:15:12 JST 1999 sakane@ydc.co.jp
	* sys/netkey/keyv2.h
	Added two macros for utilization to make sadb message,
	PFKEY_ADDR_PORT() and PFKEY_ADDR_SADDR().

Wed Mar 17 08:32:29 JST 1999 sakane@ydc.co.jp
	* kit/src/libipsec
	Fixed pfkey_sadump() to print the values of lifetime extension.

1999-03-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* sys/netinet6/ip6_output.c (ip6_output): changed to use the MTU
	for fragmentation advertised via RA (if specified) instead of the
	link MTU.

1999-03-16  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/traceroute6/traceroute6.c: support source route (-g)
	option.

1999-03-16  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/rthdr.c: fix return value of inet6_rthdr_getaddr().

Tue Mar 16 15:24:22 JST 1999 sakane@ydc.co.jp
	* src/netinet6,netinet,netkey
	* kit/src/libipsec,setkey,racoon,ping6,traceroute,traceroute6
	* kit/sbin/ping:
	* kit/usr.bin/telnet:

	IPsec policy engine has been changed drastically.
	Now it's NOT valid for old syntax to manage SPD by setkey.
	You must use new syntax to configurate that.
		XXX MUST be written many manuals.

	The policy is managed by either setsockopt() or setkey
	like following:
	
	By calling setsockopt(3):

		To set policy,
		setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, len);
		setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, len);
	
		To delete policy,
		close(s);

		To get policy,
		getsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, policy, &len);
		getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, policy, &len);

		`policy' is the binary data formated sadb_x_policy defined
		netkey/keyv2.h.  You can make `policy' you want by calling
		ipsec_set_policy(). for example:

		ipsec_set_policy(buffer, "ipsec ah/use esp/use/10.0.0.1");
			NOTE: You must allocate buffer sufficiently.
		
	By setkey command for administrater:
		spdadd 10.0.0.1 10.0.0.2 icmp -P bypass;
		spdadd 3ffe:501:4819::1 3ffe:501:481d::1 tcp -P ah/use;
	
		The argument `policy' follow to -P option is below,

		policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
		policy_type := "discard", "none", "ipsec"
		ipsec_request := protocol "/" level ["/" proxy_address]
		protocol := "esp", "ah"
		level := "default", "use", "require"
	
	Some user land command can configurate policy.
		i.g.
		ping -P "ipsec ah/require/192.168.0.1" 10.0.0.1
		telnet -P "ipsec ah/use esp/use" 10.0.0.2
	
		The argument `policy' follow to -P option is below,

		policy := policy_type [ipsec_request [ipsec_reqeust[...]]]
		policy_type := "ipsec", "entrust", "bypass"
		ipsec_request := protocol "/" level ["/" proxy_address]
		protocol := "esp", "ah"
		level := "default", "use", "require"
	
		Be attention to `policy_type' against the case of using setkey.
	
		XXX traceroute6 and ping6 were fixed, but don't use IPsec
		XXX because kernel hasn't had IPsec code for IPv6 yet.
  
	Added IPsec library for users convenience.

	Racoon
		synchronized new ipsec.
		output warning message in configure when using OpenSSL.
	
	Calcurated hdr size of ESP/AH that predicted along with policy.
	Returned max header size if no SA present.
	
	Modified INBOUND policy check.
		Added rejecting code to icmp{,6}_input.

		Added a flag of mbuf:
			M_AUTHIPDGM that is set when ther is ICV in packet.

		Re-arranged mbuf flags about IPsec.
			M_AUTHIPDHR     data origin authentication for IP header
			M_DECRYPTED     confidentiality
			M_AUTHIPDGM     data origin authentication

		Merged rejecting code about INET{,6}

	Fixed callout_handle for FreeBSD3.x. XXX NOT tested.
	Mereged key_newsa() and key_newsa2().
	Arranged the code of key_setsaval().
	
	Taking IN_ADDR in sockaddr as network byte order.
	XXX that is violate to section 2. PF_KEY Message Format in RFC2367.

	Changed semantics of sadb_lifetime_usetime.
		XXX expiration check.
		We operate CURRENT sadb_lifetime_usetime as the time,
		in seconds, when association was last used.  For HARD and SOFT,
		the number of seconds after the last use of the association
		until it expires.
	
		We select the number of flows as the conecpt of
		sadb_lifetime_allocations. So we increment the one
		whenever calling {esp,ah}_{in,out}put.
	
	Fixed memory leak when calling key_sendup without socket registerd.
	That caused kernel to be crash when using SADB_X_PROMISC or mulsti
	sockets registerd by SADB_REGISTER.
	
	Added to fix m_len in ipsec?_in_reject() when following both situation.
		- internet PCB exists.
		- m_pkthdr.len != m_len.
		XXX It's quick hack.
		XXX With either socket or pcb, we should call IPsec stack.

	Enclosed the part of identity extension processing in key_acquire().
	XXX identity extension must be a record per src/dst or nothing.
	XXX We don't have the way to regist proper identity record, By PF_KEY ?
	
Tue Mar 16 13:50:26 JST 1999  itojun@iijlab.net
	* kit/ports/gated-ipv6 (FreeBSD 2.2.8):
	* kit/pkgsrc/net/gated-ipv6 (NetBSD 1.3.3):
	  update to use 99/3 snapshot.  this is based on public snapshot
	  and should require no manual fetching (correct me if I'm wrong).

Tue Mar 16 06:30:58 JST 1999  itojun@iijlab.net
	* sys/netinet6/icmp6.c: do not generate icmp6 error against redirects.
	  this is a bit experimental but this change is decided in ipngwg.

Mon Mar 15 19:38:54 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/libexec/ftpd (FreeBSD 3.1):
	-enabled data connection on v4 mapped addr connection
	-enabled passive mode for AF_INET (also on v4 mapped addr)
	-enabled TCP_NOPUSH
	-added PORTRANGE option for AF_INET6 (experimental?)

Mon Mar 15 14:39:33 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/sys/netinet6/in6_ifattach.c (FreeBSD 3.1):
	Bug Fix: correctly link ::1 to lo0 ifaddr list.

Sun Mar 14 06:42:10 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/sys/netinet/tcp_subr.c (FreeBSD 3.1):
	fixed ip length of reset packet at tcp_respond(). 

Sun Mar 14 02:07:05 JST 1999  itojun@iijlab.net
	* kit/ports/apache13 (FreeBSD 2.2.8):
	* kit/pkgsrc/www/apache13 (NetBSD 1.3.3):
	  update IPv6 patch to version 19990314.
	  Now NameVirtualHost accepts hostname and port separately.

1999-03-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgp.c (bgp_process_update): fixed memory leak.
	If you use BGP4+ using bgpd, you should apply the fix.

Fri Mar 12 14:47:57 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/sys/net/if_spppsubr.c (FreeBSD 3.1):
	merged cisco_hdlc support for sppp. 
	(patch is given from fujiwara@rcac.tdi.co.jp. thanks very much!)

Fri Mar 12 14:47:12 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/sys/netinet6/in6.c (FreeBSD 3.1):
	Bug Fix: free correct ifa pointer at SIOCDIFADDR_IN6.
	Also removed ifa(not so used), and use &ia->ia_ifa instead.
	(kernel panic at IPv6 address remove problem is fixed)

Thu Mar 11 19:07:50 JST 1999  shin@nd.net.fujitsu.co.jp
	* src/usr.bin/netstat (FreeBSD 3.1):
	enabled "netstat -s -f inet6"

Thu Mar 11 17:42:18 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/netinet/tcp_*(FreeBSD 3.1):
	Bug Fix: 
	   -backup ip_ver after in_cksum() at tcp_input() for later ver check. 
	   -add isipv6 arg to tcp_respond() and not check ip_ver in it. 
	   -fixed some tcp_template related macro definitions. 
	  (Now kernel panic problem seems to be fixed!) 

Thu Mar 11 00:27:55 JST 1999  itojun@iijlab.net
	* sys (FreeBSD 2.2.8): experimental update to FAITH firewall-oriented
	  TCP relaying code.  Now we have pseudo interface called faith[0-9].

	  Packets routed toward faith[0-9] interface will be sent to the
	  upper-layers for TCP relaying.  Userland part (faithd daemon) is
	  unchanged.  There's no "faith prefix" (faith -p foo) configuration
	  necessary.  You'll just need to set up routing table toward
	  faith[0-9], and then enable faith (faith -e).

	  For backward compatibility, the kernel will behave just as before
	  if you have no pseudo interface faith[0-9] configured.

Wed Mar 10 16:11:19 JST 1999  itojun@iijlab.net
	* kit/lib/libskey/Makefile: (FreeBSD 2.2.8):
	  Do not build shlib for IPv6-ready libskey by default.
	  NOTE: Please remove /usr/local/v6/lib/libskey.* if you are unsure
	  about the side effects.

	  If a user installs shlib version of libskey to /usr/local/v6/lib,
	  and she does not add /usr/local/v6/lib into shlib search path,
	  ftpd will fail to communicate with ftp (because of "shlib version
	  too old" message they become out of sync).  We go for safer side.

Tue Mar  9 11:07:40 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/netinet/tcp_subr.c (FreeBSD 3.1.0)
	Bug Fix: correctly copy t_template into IPv6 or IPv4
	header.  (However, kernel panic problem is not seemed to be
	fixed yet.)
	
Mon Mar  8 22:39:09 JST 1999  itojun@iijlab.net
	* kit/ports/heimdal (FreeBSD 2.2.8)
	* kit/pkgsrc/security/heimdal (NetBSD 1.3.3)
	  update master distribution to 0.1c.

Mon Mar  8 12:44:11 JST 1999  itojun@iijlab.net
	* kit/ports/ethereal (FreeBSD 2.2.8): ethereal packet analyzer 0.5.1
	  with IPv6 support patch.

Wed Mar  3 23:05:32 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6.c: if non-host route is given to nd6_resolve(),
	  lookup again by itself.  This case happens when non-clone route
	  lookup is performed in upper layers (for example, NetBSD PRU_CONNECT
	  code in raw_ip6.c) and the route is given all the way down to
	  nd6_resolve(), via ip6_output() and ether_output().

	  XXX check side-effects with care

Wed Mar  3 20:06:05 JST 1999  itojun@iijlab.net
	* sys (FreeBSD 3.1): remove files that are removed during 3.0-RELEASE
	  to 3.1-RELEASE, from KAME repository.  sync GENERIC.v6 to GENERIC.

1999-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6.c (nd6_slowtimo): newly implemented. The function is called
	once an hour and recomputes new random values of reachable time if
	necessary.

1999-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* mbuf.h (MINCLSIZE) [FreeBSD 2.2.8 and BSDI 3.1]:
	changed the definition from MHLEN+MLEN to MHLEN+1 in order to
	conform to a KAME's requirement for device drivers.
	Note: The change may cause unexpected problems. In such a case,
	we'll restore the old definition.

1999-03-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/libinet6/ifname.c (if_nameindex): allocated enough memory
	to store temporary data instead of using fixed size arrays
	in order to handle arbitrary number of interfaces.
	* src/libinet6/ifname.c (if_indextoname): fixed a bug about
	the return value of the function.

<199902>
Sun Feb 28 12:20:11 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/security/heimdal (NetBSD 1.3.3):
	  provides easy installation for "heimdal" kerberos5 implementation.

Sat Feb 27 17:38:51 JST 1999  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c: revised warning messages on neighbor
	  solicitation packet input.  it is now more informative.

Sat Feb 27 03:13:01 JST 1999  itojun@iijlab.net
	* sys/netinet/ip_output.c, sys/netinet6/ip6_output.c:
	  getsockopt(ipsec related policy variable) caused kernel to SEGV
	  due to uninitialized pointer access.

Fri Feb 26 17:12:55 JST 1999  itojun@iijlab.net
	* Source-address determination for NS output is now conformant to the
	  spec.  The kernel will try to use the source address for the
	  prompting packet as the source address, when possible.
	  This may save a NS/NA exchange roundtrip.
	  
	  Previously KAME always use scope-wise source address selection.
	  However, it looks that scope-wise selection is not best suitable for
	  NS output case. (old code is #if 0'ed and kept for a while)

Fri Feb 26 15:28:28 JST 1999  itojun@iijlab.net
	* kit/ports/wbd (FreeBSD 2.2.8): use tcl/tk 8.0.
	  From: ishii@csl.sony.co.jp

Fri Feb 26 14:58:58 JST 1999  itojun@iijlab.net
	* kit/ports/vnc: ORL is now AT&T Lab Cambridge, due to buyout.
	  master distribution URL has changed.
	  Reference: http://www.uk.research.att.com/vnc/announcement.html

Fri Feb 25 JST 1999  itojun@iijlab.net
	* kit/src/man: repository for manpages that are not specific to
	  userland programs, such as inet6(4) or ipsec(4).

Thu Feb 25 16:20:42 JST 1999  itojun@iijlab.net
	* sys/netinet/tcp_{input,output}.c (NetBSD 1.3.3):
	  IPv4 TCP now takes care about IPsec header sizes.  Therefore,
	  there will be no extra fragmentation necessary.

	  XXX need more considerations on how to achieve this behavior

Thu Feb 25 13:27:03 JST 1999  itojun@iijlab.net
	* sys/netinet/{esp,ah}_input.c: mbuf manipulation for IPsec tunnel
	  case is fixed.  m_freem() was called twice for single mbuf,
	  and it made a node to hang up some time later.

1999-02-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* frag6.c (frag6_input): changed the processing when an incoming
	fragment overlaps some existing fragments in the reassembly queue;
	drop it instead of adjusting existing ones, which processing is better
	from a security point of view.

Thu Feb 25 01:05:59 JST 1999  itojun@iijlab.net
	* sys/netinet6/esp_output.c: merge esp4_output() and esp6_output() into
	  single function, esp_output().  this is for better code sharing
	  and less maintenance cost.  cluster mbuf copying code (by jinmei)
	  is now used for both IPv4 and IPv6.

1999-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtadvd: added -c command line option to specify the
	configuration file.

Wed Feb 24 22:26:24 JST 1999  itojun@iijlab.net
	* sys/netinet/ip_icmp.c: Our code does not parse chained header
	  in icmp4 notification processing at this moment.  Therefore, we
	  can't send notification to tcp layer for packet like "IPv4 AH TCP".
	  (The problem is NOT fixed, this log is just for memorandum)

1999-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_input): added `goto deliver' at the last
	of the ICMP6_PACKET_TOO_BIG case.

1999-02-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* esp_output.c (esp6_output): before encryption, copied all mbufs
	with cluster that is refereed more than once. This is inefficient,
	but necessary to handle cases of TCP retransmission.
	TODO: Similar process is necessary for esp4_output, too.

Wed Feb 24 19:48:09 JST 1999  itojun@iijlab.net
	* sys/netinet6/icmp6.c: implement icmp6 rate limit check as separate
	  function.  implement rate limiting in icmp6 redirect.

Tue Feb 23 17:20:10 JST 1999  itojun@iijlab.net
	* kit/ports/tcptrace (FreeBSD 2.2.8)
	* kit/pkgsrc/net/tcptrace (NetBSD 1.3.3): upgrade base version to 5.1.1.

Tue Feb 23 15:26:19 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/www/squid11 (NetBSD 1.3.3): new package for "squid" web
	  cache 1.1.22, with IPv6 support.

Tue Feb 23 00:12:16 JST 1999  itojun@iijlab.net
	* kit/ports/heimdal (FreeBSD 2.2.8): upgrade to 0.1b.

Mon Feb 22 18:19:25 JST 1999  itojun@iijlab.net
	* sys/netinet6/icmp6.c: icmp6_redirect_output():
	  changed handling of redirect header option, based on discussions
	  on IPv6imp mailing list.  we now pad the original packet, if
	  the original packet is not 8-byte aligned.
	  (previously we always truncate the original packet)

Mon Feb 22 12:32:58 JST 1999  sumikawa@ebina.hitachi.co.jp
	* kit/ports/ncftp3 (FreeBSD 2.2.8): update to beta 18

Mon Feb 22 12:13:23 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/net/ncftp3 (NetBSD 1.3.3): Ncftp 3.0 beta 18, with IPv6
	  support.

Mon Feb 22 01:19:28 JST 1999  sumikawa@ebina.hitachi.co.jp
	* kit/ports/ncftp3 (FreeBSD 2.2.8): IPv6 ports for Ncftp 3.0 beta 17

Sun Feb 21 07:16:44 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/net/mrt (NetBSD 1.3.3): update to 1.5.2a.

Sat Feb 20 01:08:22 JST 1999  itojun@iijlab.net
	* kit/ports/vat6 (FreeBSD 2.2.8): library dependency path was wrong.
	  From: Martti Kuparinen <martti@research.zopps.fi>

Fri Feb 19 19:57:31 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/dev/ppbus/if_plip.c (FreeBSD 3.1): undefed TIMEOUT after
	if.h inclusion, as temporal workaround for macro name conflict
	with sys/net/if_altq.h.

Fri Feb 19 19:52:11 JST 1999  shin@nd.net.fujitsu.co.jp
	* sys/i386/conf/GENERIC.v6 (FreeBSD 3.1): update as changes in
	GENERIC.

Fri Feb 19 19:32:04 JST 1999  itojun@iijlab.net
	* kit/ports/heimdal (FreeBSD 2.2.8): upgrade base version to 0.1a.

Fri Feb 19 16:41:49 JST 1999  shin@nd.net.fujitsu.co.jp
	* (FreeBSD 3.1): 3.0 -> 3.1 diffs.

Fri Feb 19 16:11:49 JST 1999  shin@nd.net.fujitsu.co.jp
	* kit/Makefile.kit (FreeBSD 3.0): changed ports tag name from
	kame_300 to kame_310.

Fri Feb 19 15:48:25 JST 1999  shin@nd.net.fujitsu.co.jp
	* usr.bin/telnet/commands.c
	* usr.bin/netstat/main.c, mroute6.c
	* libexec/rlogind/rlogind.c
	fix of conflict at merging FreeBSD 3.1. (all conflicts merged
	but no compile check yet)

Thu Feb 18 22:37:39 JST 1999  shin@nd.net.fujitsu.co.jp
	* libexec/rshd/rshd.c
	* usr.bin/Makefile
	* usr.bin/fetch/fetch.1,fetch.h,ftp.c,http.c,main.c
	* usr.bin/ftp/ftp.c
	fixed conflicts importing from FreeBSD 3.1. (still one more)

Thu Feb 18 20:10:45 JST 1999  shin@nd.net.fujitsu.co.jp
	* usr.bin/netstat/mbuf.c
	* usr.bin/rsh/rsh.c
	* usr.bin/telnet/telnet.1
	* usr.bin/tftp/main.c,tftp.c
	* sys/conf/files,
	* sys/i386/conf/GENERIC,LINT,Makefile.i386
	* sys/i386/isa/if_ed.c,if_ep.c,if_lnc.c,sio.c,if_fe.c
	* sys/net/bridge.c
	* sys/netinet/ip_input.c
	fixed conflicts importing from FreeBSD 3.1. (there is still more)

Thu Feb 18 16:35:58 JST 1999  shin@nd.net.fujitsu.co.jp
	* libexec/Makefile
	* sys/netinet/ip_mroute.c, ip_output.c, tcp_input.c, tcp_subr.c,
	  tcp_var.h, udp_var.h
	* sys/netkey/key.c, key_debug.c
	* sys/pci/if_en_pci.c, sys/pci/if_tx.c
	* sys/sys/malloc.h
	fixed conflict of FreeBSD 3.1 merging. (there is still more)

Thu Feb 18 11:11:57 JST 1999  k-sugyou@kame.net
	* kit/ports/squid11 (FreeBSD 2.2.8): package for squid-1.1.22 +
	  ipv6 patch.

1999-02-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_input, BSDI): merged the "goto ours" hack
	from FreeBSD; use the routing table instead of linear search
        of ifaddrs.
	
1999-02-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: fixed a bug that bgpd is core dumped when failing
	to redistribute BGP updates.
	
1999-02-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_input): removed a redundant check in the
	determination whether to accept an incoming packet.
	
Wed Feb 10 01:14:50 1999  Yoshinobu Inoue  <shin@kame213.kame.net>
	* sys/netinet/ip_fw.c (FreeBSD 3.0): added inclusion of
	ip6.h with "ifdef INET6".

Wed Feb 10 00:26:58 1999  Yoshinobu Inoue  <shin@kame213.kame.net>
	* sys/net/tcp_output.c (FreeBSD 3.0): removed unused debug
	code.

Tue Feb  9 22:41:36 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/net/if.c (FreeBSD 3.0): add "if 0" in ifa_ifwithnet() 
	to disable P2P dst check for adding route to 
	P2P interfaces(including gif), because usually IPv6 link local
	destination address of P2P interface is unknown.
	This is just a addition of same patch which had already been
	applied to KAME FreeBSD2.2.X.

Fri Feb  5 16:32:16 CET 1999  itojun@iijlab.net
	* kit/src/libinet6/getnameinfo.c: avoid function static variables
	  for better thread safe-ness.

Fri Feb  5 14:36:49 CET 1999  itojun@iijlab.net
	* kit/ports/mrt (FreeBSD 2.2.8-RELEASE): update to 1.5.2a.

Wed Feb  3 19:34:54 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/Makefile (FreeBSD 3.0): copy bgpd.conf.5 (sync with other
	BSDs)

Wed Feb  3 19:24:20 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/pci/if_xl.c (FreeBSD 3.0): catch up to 1.22.2.1 (RELENG_3
	branch in FreeBSD CVS repository, to sync with KAME FreeBSD 2.2.8.

Wed Feb  3 16:38:48 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/net/rtsock.c: work around to reset gw to correct
	value at RTM_CHANGE. (this fixes IPv4 on-link communication
	problem by "routed -q")

Wed Feb  3 12:47:52 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet6: sync between KAME FreeBSD 2.2.8 and 3.0. (Also
	changed draft reference to rfc reference)

Tue Feb  2 19:39:41 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netkey/key.c, key_debug.c, keysock.c, keyv2.h : sync between
        KAME FreeBSD 2.2.8 and 3.0. (Also changed draft reference to rfc
        reference)

Tue Feb  2 18:58:45 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netkey/key.c: sync between KAME FreeBSD 2.2.8 and 3.0

Tue Feb  2 18:23:26 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet6/in6_var.h (FreeBSD 3.0-RELEASE): added SANITY CHECK
	for IFP_TO_IA6(). (sync with KAME FreeBSD 2.2.8)

Tue Feb  2 16:40:55 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/prefix/prefix.c: init keeplen as (64 - uselen), because that
	spec seems to be natural and easy to use.

Tue Feb  2 13:25:32 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet/udp_usrreq.c (FreeBSD 3.0-RELEASE): Bug Fix:
	fixed wrong pcb pointer reference in udp_input(). this will fix
	the kernel halt bug at udp_input.

Mon Feb  1 01:44:46 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/i386/isa/if_lnc.h,if_lnc.c (FreeBSD 3.0-RELEASE):
	Merged multicast support of 3.0 branch. Also allocate mbuf cluster
	for packets which don't fit in one mbuf. However, no operational
	check yet.

<199901>
Sun Jan 31 13:42:16 JST 1999  itojun@iijlab.net
	* kit/ports/heimdal (FreeBSD 2.2.8-RELEASE): upgrade to 0.0u.

1999-01-29  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgpd.conf.5: added an example of configuration
	
Fri Jan 29 14:05:06 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/www/lynx (NetBSD 1.3.3): package for lynx 2.8.1rel1 +
	  IPv6 support.  ncurses is disabled for Japanese/Asian language
	  supports.

Fri Jan 29 13:53:30 JST 1999  itojun@iijlab.net
	* kit/ports/lynx (FreeBSD 2.2.8): upgrade to lynx 2.8.1rel1 + IPv6
	  support.  ncurses is disabled for Japanese/Asian language supports.

Thu Jan 28 18:29:03 JST 1999  sumikawa@ebina.hitachi.co.jp
	* removed kit/ports/im (FreeBSD 2.2.8/3.0): our patches already
	  contains a standard package in FreeBSD 2.2.8/3.0

Wed Jan 27 23:20:28 JST 1999  itojun@iijlab.net
	* kit/ports/wbd (FreeBSD 2.2.8): multicast shared whiteboard tool.

Tue Jan 26 15:45:19 JST 1999  itojun@iijlab.net
	* sys/pci/if_xl.c (FreeBSD 2.2.8): catch up to 1.5.2.16 (RELENG_2_2
	  branch) in FreeBSD CVS repository.
	  http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/pci/if_xl.c
  
	  this fixes bugs in xl_start() and xl_txeof(), which could lead your
	  machine to hangup by mbuf cluster shortage.  merged in for
	  convenience.

Thu Jan 21 02:56:47 JST 1999  itojun@iijlab.net
	* sys (FreeBSD 2.2.8): incorporate ALTQ 1.1.3.
	* kit/ports/altq (FreeBSD 2.2.8): use ALTQ 1.1.3.
	* kit/pkgsrc/net/altq (NetBSD 1.3.3): use ALTQ 1.1.3.  However,
	  as the package directory only compiles ATM PVC tools, there should
	  be no significant changes.

Wed Jan 20 15:07:45 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* (FreeBSD 3.0): removed src/sys files that are already removed
	from FreeBSD 3.0.
	sys/i386/scsi        93cx6.c 93cx6.h advansys.c advansys.h 
	                     aic7xxx.c aic7xxx.h bt.c btreg.h 

Tue Jan 19 20:42:17 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* (FreeBSD 3.0): removed src/sys files that are already removed
	from FreeBSD 3.0.
	sys/scsi             README cd.c ch.c od.c pt.c scsi_all.h 
                             scsi_base.c scsi_cd.h scsi_changer.h 
                             scsi_debug.h scsi_disk.h scsi_driver.c 
                             scsi_driver.h scsi_generic.h scsi_ioctl.c 
                             scsi_message.h scsi_sense.c scsi_tape.h 
                             scsi_worm.h scsiconf.c scsiconf.h 
                             sctarg.c sd.c ssc.c st.c su.c uk.c worm.c 
	sys/kern             init_sysvec.c kern_opt.c 
	sys/conf             files.newconf 
	sys/dev/ppbus        vpo.h 
	sys/dev/slice        disklabel.c mbr.c slice.4 slice.h 
                             slice_base.c slice_device.c 
                             slices.thought 
	sys/i386/eisa        aha1742.c aic7770.c bt74x.c 	
	sys/i386/i386/       mountroot.c
	sys/i386/include     conf.h 
	sys/i386/isa         aha1542.c bt5xx-445.c 
	sys/pci              aic7870.c bt9xx.c 
	sys/sys              dpt.h netbsd_syscall.h netbsd_syscall.mk 
	sys/vm               device_pager.h 

Tue Jan 19 19:23:36 JST 1999  itojun@iijlab.net
	* kit/ports/tcptrace (FreeBSD 2.2.8/3.0)
	* kit/pkgsrc/net/tcptrace (NetBSD): tcptrace 5.1.0, with tiny
	  patch for IPv6 support.

Tue Jan 19 14:00:26 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/sys/net/if_spppsubr.c (FreeBSD 3.0): wrapped def of macro
	UNTIMEOUT and TIMEOUT by ifndef, because that is also defined
	in net/if_altq.h.

Tue Jan 19 13:02:00 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/sys/sys/systm.h, src/sys/kern/subr_prf.c (FreeBSD 3.0):
	imported from FreeBSD-current.
	* src/sys/kern/init_sysvec.c, kern_opt.c  (FreeBSD 3.0):
	removed files which are already removed from FreeBSD 3.0.

Tue Jan 19 11:39:04 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/sys/net/if_sppp.h, if_spppsubr.c (FreeBSD 3.0): imported
	from FreeBSD-current.

Tue Jan 19 11:03:30 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/Makefile.kit (FreeBSD 3.0): removed target include-300.diff
	because that is not necessary for usual developer any more.

Tue Jan 19 10:42:47 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/sys/netinet/ip_input.c (FreeBSD 3.0): changed ip_reass()
	to return (struct mbuf *). if 0'ed m_pullup of mbuf cluster.
	left m_pkthdr.len calculation part in ip_reass() as KAME patched,
	to prefer readability for now.
	Thank you for w.knowles@niwa.cri.nz for finding out this problem
	and contributing patch.

Mon Jan 18 20:09:15 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/Makefile(FreeBSD 3.0): Separate make-unnecessary dir from
	SUBDIR. Added checking and linking of etc dir.

Mon Jan 18 20:03:17 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/include/Makefile(FreeBSD 3.0): mkdir install dir under
	/usr/include, if it doesn't exist. now you can make, make install
	header files under kit/usrc/include.

Mon Jan 18 19:23:57 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* src/etc(FreeBSD 3.0): import of /usr/src/etc from 3.0 RELEASE.

Mon Jan 18 18:29:09 JST 1999  itojun@iijlab.net
	* kit/ports/socks64 (FreeBSD 2.2.8/3.0)
	* kit/pkgsrc/net/socks64 (NetBSD)
	  upgrade original distribution to socks5 1.0r8 with new socks64(IPv6)
	  patch.
	  NOTE: NEC now requires you to fetch the distribution from their
	  webpage by yourself, with signing a form.

Mon Jan 18 11:44:12 JST 1999  itojun@iijlab.net
	* sys (FreeBSD 2.2.8 and 3.0): backout KAME changes to sys/protosw.h,
	  and made netinet packet processing compatible with traditional BSD
	  way.  See below (Jan 16 21:13) for more details.

Mon Jan 18 03:31:02 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/net (FreeBSD 3.0): Sync some files with kame_228.
	(However, if_spppsubr.c is not yet. INET6 support for this code
	will need to be reimplemented)

Mon Jan 18 03:26:28 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet/ip_input.c (FreeBSD 3.0): Bug fix: Prevent kernel
	panic when fragmentation occurred. Patch contributed by Wayne
	Knowles.  However, this might be temporal fix. Will need to change
	ip_reass() to meet KAME mbuf requirement.

Sun Jan 17 21:13:44 JST 1999  itojun@iijlab.net
	* sys (BSDI): backout KAME changes to sys/protosw.h, and made netinet
	  packet processing compatible with traditional BSD way.  See
	  below (Jan 16 21:13) for more details.

Sat Jan 16 14:48:09 GMT 1999  itojun@iijlab.net
	* kit/pkgsrc/net/altq (NetBSD): altq 1.1.2 package.   This package
	  installs ATM PVC tools only, as there's no ALTQ support in NetBSD
	  yet.
	* sys/net/if_atm*, sys/dev/ic/midway* (NetBSD):
	  ATM PVC pseudo device (pvc0) support from altq 1.1.2.
	  Refer to manpage and http://www.kame.net/newsletter/19980701/ for
	  details and usage.

Sat Jan 16 21:13:43 JST 1999  itojun@iijlab.net
	* sys (NetBSD): eliminate all warnings by:
	  - backout KAME changes to sys/protosw.h, and
	  - define netinet6/ip6protosw.h for IPv6 protocol switch.
	  Now the kernel compiles without warnings.  Even with -Werror it
	  compiles fine (tested on i386 architecture).
  
	  Good thing about the change: KAME should be more friendly with
		other protocol families (such as netns, but not really tested).
	  Bad point: if kernel receives an IPv4 packet with too many chained
		headers, input processing routine may chew up the kernel stack.
		For example, if the kernel receives IPv4 packet with tons of
		IPsec headers, kernel stack overflow (and panic) may result.
		For IPv6, we use KAME onion-peeling mechanism and is safer
		from kernel stack usage point of view.
 
1999-01-16  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: heavy improvements;
	- many bugs were fix, including backup route recovery and
	  search algorithm for peers.
	- supported a new configuration option to specify the local address
	  for a BGP4+ connection.
	- separated BGP input buffers per peer base and implemented
	  non blocking read to prevent deadlock.

1999-01-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: bug fix;
	- Some fixes about memory management(including memory leak and
	  duplicated free)
	- Fixed a problem that bgpd sometimes mistakenly regards a doubly
	  opened connection as a fatal error(and stops).

Wed Jan 13 17:38:01 JST 1999  itojun@iijlab.net
	* kit/ports/ucd-snmp (FreeBSD), kit/pkgsrc/net/ucd-snmp (NetBSD):
	  upgrade IPv6 patch for ucd-snmp 3.5.3 port.  Now it is available on
	  NetBSD too.

Wed Jan 13 12:51:48 JST 1999  itojun@iijlab.net
	* kit/ports/sendmail6: (FreeBSD) upgrade master distribution to
	  8.9.2+new IPv6 patch.
	* kit/pkgsrc/mail/sendmail6: (NetBSD) upgrade master distribution to
	  8.9.2+new IPv6 patch.

Wed Jan 13 11:07:58 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/net/rtsock.c: removed unused variable. (as netbsd fix)

Wed Jan 13 00:25:43 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/libexec/route6d/udp6stat.c: Bug fix: wrong pointer was freed.
	
Tue Jan 12 17:26:48 JST 1999  itojun@iiljab.net
	* kit/libexec/ftpd, kit/usr.bin/ftp: (NetBSD) added EPRT/EPSV support.

Tue Jan 12 16:03:30 JST 1999  itojun@iijlab.net
	* kit/pkgsrc/www/apache13: (NetBSD) upgrade base version to 1.3.4.
	* kit/ports/apache13: (FreeBSD) upgrade base version to 1.3.4.

Tue Jan 12 02:49:57 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/route6d/udp6stat.c
	Display protocol version(v4, v6) of pcb entries.

Tue Jan 12 02:20:51 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/route6d/udp6stat.c
	Made it also work on KAME for FreeBSD 3.0.

Mon Jan 11 23:09:40 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/libexec/ftpd/ftpcmd.y: Bug fix: fixed == to =.

1999-01-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_input): fixed a bug that prevented hosts from
	receiving non-link local multicast packets.
	TODO: more clarification of error codes from ip6_mforward() so that
	we can accept packets unless the errors are fatal.
	Thanks to: Niels Baggesen <Niels.Baggesen@uni-c.dk>
	
Fri Jan  8 14:36:01 JST 1999  itojun@iijlab.net
	* kit/pkgsrc: (NetBSD) package building system for NetBSD.  We'll be
	  adding IPv6-ready packages into here.
		mail: fetchmail qpopper sendmail6
		net: bind8 mrt socks64 v6tun wu-ftpd zebra
		security: ssh tcpd6
		www: apache13
	  are ready at this moment.  Note that some of the packages are
	  derived from KAME/FreeBSD ports, and they may install files
	  into different places from standard NetBSD packages.

Thu Jan  7 23:59:24 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/usr.sbin/lpr/lpd/lpd.c: changed (caddr_t *) to caddr_t.

1999-01-07  Atsushi Onoe <onoe@sm.sony.co.jp>
	* sys/sys/socket.h, sys/net/if.h: change the member name of
	  struct sockaddr_storage: e.g. ss_family -> __ss_family;
	  and define IF_NAMESIZE in if.h to conform bsd-api-new-05.

	  NOTE: some of applications in "port" collection fails to compile
	  due to the change.  Please be warned.

1999-01-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgp.c: some bug fixes and enhancements;
	- allowed the `prepend' keyword to takes an argument, which specifies
	  number of iteration of prepending. See bgpd.conf.5.
	- fixed a bug that an off-link IBGP next-hop is mistakenly
	  installed to kernel in some cases.

Thu Jan  7 15:41:19 JST 1999  itojun@iijlab.net
	* sys/netkey/keydb.h: KMALLOC/KFREE macro used in pfkey/ipsec conflict
	  with NetBSD/FreeBSD IP filter code.  avoided the conflict for all
	  of OSes we support.

Thu Jan  7 15:13:13 1999  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet6/nd6_rtr.c: 
	Previous fix for address lifetime initialization was incomplete.
	Added missing fixes, and put same parts into new function,
	in6_init_address_ltimes().

Thu Jan  7 15:01:49 JST 1999  itojun@iijlab.net
	* kit/src/send-pr: kame-send-pr is now provided so that command line
	  users can submit KAME problem reports at ease.

Tue Jan  5 18:26:15 JST 1999  itojun@iijlab.net
	* kit/ports/vnc: upgrade base version to 3.3.2r3.
	* kit/ports/mrt: upgrade base version to 1.5.1a.
	* kit/ports/fetchmail: upgrade base version to 4.7.4.
	* kit/ports/zebra: upgrade base version to 981222.
	* kit/ports/qmail: qmail 1.03 with IPv6 support.  Testers wanted
	  (I'm biased to sendmail).

<199812>
Thu Dec 31 20:56:12 JST 1998  itojun@iijlab.net
	* kit/ports/ucd-snmp: upgrade base version to ucd-snmp 3.5.3.

Thu Dec 31 03:37:03 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/ports/socks64:
	made compilable on KAME FreeBSD 3.0.
	(Include if_var.h. Should be removed in the future,
	also with removal of in6_var.h)

Wed Dec 30 22:28:58 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src
	Made then compilable on KAME FreeBSD 3.0.
	Especially many ifdef's are added to route6d/ifmcstat.c.

Tue Dec 29 18:07:52 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/net,netinet,netinet6
	sync with FreeBSD3.0 as much as possible.(mainly netinet6)

Fri Dec 25 22:06:04 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* sys/netinet6/nd6_rtr.c: Added consideration of ndpr_rrf_decrvalid
	and ndpr_rrf_decrprefd for address lifetime initialization.
	Without this, prefixes allocated by prefix command will be
	IN6_IFF_DEPRECATED after some period of time.

Fri Dec 25 17:02:08 JST 1998  itojun@iijlab.net
	* kit/ports/bind8 (FreeBSD): IPv6-ready bind8.  named will accept
	  queries to IPv6 UDP/TCP port 53, dig/nslookup/whatever are able to
	  make queries toward IPv6 UDP/TCP port 53, and so forth.

1998-12-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6_proto.c,ip6_input.c,ip6_var.h: removed none_input().
	Now a packet whose protocol is IPPROTO_NONE can safely be passed
	to the userland.
	netinet/in_proto.c was also modified.

Thu Dec 24 19:40:27 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/libinet6/resolv/res_debug.c
	add ifdef of T_UINFO, T_UID, T_GID, to make it compilable on
	FreeBSD 3.0.

1998-12-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* probe.c (probe_init): call shutdown() after opening the probe socket
	to make the socket `send-only'.

Thu Dec 24 11:46:38 JST 1998  itojun@iijlab.net
	* sys/netinet6/raw_ip6.c: setsockopt(IPV6_CHECSUM) sometimes caused
	  SEGV due to a bug in mbuf boundary checks.  It is now fixed.

Thu Dec 24 03:11:19 JST 1998  itojun@iijlab.net
	* kit/ports/apache13: updated to use new patch.
	  (fixed args for freeaddrinfo())
	  Reported by:
		Florent Parent <Florent.Parent@viagenie.qc.ca>
		Andreas Wrede <andreas@planix.com>

Tue Dec 22 20:10:40 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/tcp.c: Before terminating a relay process,
	shutdown s_snd.  This make opposite-direction relay process
	to terminate also.

1998-12-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* mld6.c (mld6_input): Fixed a problem that zero divide occurs
	when receiving a MLD query with Maximum Response Delay smaller
	than 200(including zero).
	Thanks to Niels Baggesen <Niels.Baggesen@uni-c.dk> for reporting the
	problem and sending a patch.

1998-12-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_output.c (ip6_setmoptions): For link-local multicast
	detection, use IN6_IS_ADDR_MC_LINKLOCAL instead of
	IPV6_ADDR_INT16_MLL.
	Thanks to: Tetsuya Isaki <isaki@se.hiroshima-u.ac.jp>

1998-12-22  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/rcmd.c: fix declaration of iruserok() for
	NetBSD.

Sat Dec 19 14:02:44 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/faithd.c, tcp.c
	do closelog() and (re)openlog() for child after fork.
	check EINTR for select() and read().

Fri Dec 18 12:25:49 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/tcp.c: BUG fix:
	fixed select fds settting. add check of send result and retry.
	clean-up'ed select routine.
	(Thanks for jinmei-san for code review and comment, also thanks for
	onoe-san for many background informations)

Thu Dec 17 00:26:18 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/tcp.c: BUG fix; use global integer rcvon and
	writeon, to control the set/unset of readfds for s_rcv and
        writefds for s_snd in select();

Wed Dec 16 13:30:46 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/faithd.c: BUG fix; give syslog() correct buffer
	pointer. This fix the strange syslog() output problem on child
	exit.

Wed Dec 16 12:48:53 1998  Yoshinobu Inoue  <shin@nd.net.fujitsu.co.jp>
	* kit/src/faithd/tcp.c
	Fork in tcp_relay() for going relay traffic and coming relay traffic.
	And in those each process, do non-blocking write() so that OOB data
	can be forwarded preferrably.

1998-12-15  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/rcmd.c, rresvport_af.c: add compatible wrapper
	functions to avoid conflict of symbols.

1998-12-14  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/usr.bin/telnet/commands.c: support source route for IPv4
	and IPv6 (@gw1@gw2@dest).

1998-12-11  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* bgp.c (connect_process): modified some code fragments not to
	call fatal even if {set,get}sockopt is failed. This is necessary
	to interoperate with some(e.g. Cisco) implementations when the
	peer is not listening to the BGP port.

1998-12-10  SUMIKAWA Munechika  <sumikawa@ebina.hitachi.co.jp>
	* syncronized netinet6/* codes of three OSs as much as possible	

Thu Dec 10 04:14:59 JST 1998 shin@nd.net.fujitsu.co.jp
        * sys/neitnet/
        * sys/neitnet6/
        changed IPPROTO_NONE as return value to IPPROTO_DONE.
        and use IPPROTO_NONE only for protocl type value.
        also, this fixes mbuf leak bug when received a packet with
        IPPROTO_NONE.

1998-12-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: supported `next hop self' when sending a BGP4+ UPDATE
	message to an IBGP peer.

1998-12-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/parse.c: changed restriction of using the `preference'
	keyword for an EBGP peer only.

Sat Dec  5 04:53:05 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	Soft lifetime is set to 80% of hard lifetime.
	This rate can be defined which you like by calling
	pfkey_lifetime_rate().

Fri Dec  4 02:26:13 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	It's fixed to handle session for PF_KEY.
	It's enable to display the entries on the negotiation of phase 2.
	About address semantics for varius case is commented into isakmp.h.

Wed Dec  2 23:44:00 JST 1998  itojun@iijlab.net
	* sys/netinet6: (NetBSD) fixed odd behavior in ND6.  Now ND6 works
	  properly as expected.

Wed Dec  2 13:17:21 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Fixed to hung up the kernel when running two of racoon.

<199811>
Sat Nov 28 00:54:28 JST 1998  itojun@iijlab.net
	* kit/src/route6d: route tag support.  route6d can advertise route tag
	  by "-t 0x1234".   rip6query will show the advertised route tag,
	  if non-zero value is advertised.

Fri Nov 27 JST 1998  itojun@iijlab.net
	* kit/lib/libutil: (FreeBSD) logwtmp() which takes care of IPv6 address
	  that does not fit UT_HOSTSIZE.  (not really tested)
	  This was intended to replace original shared library by new libutil
	  to override logwtmp() used by /usr/bin/login.  However,
	  /usr/bin/login records username/hostname by itself.  Therefore,
	  the attempt was failed.

Fri Nov 27 01:54:10 JST 1998  itojun@iijlab.net
	* kit/lib/libskey: (FreeBSD) S/Key library capable of handling
	  IPv6 hostnames listed in /etc/skey.access.
	  You can override standard /usr/lib/libskey.so.2.0 by doing
	  "ldconfig -m /usr/local/v6/lib".  By doing so /usr/bin/login
	  will be able to handle IPv6 hostnames without re-compilation.
	  To test this add the followin entry to /etc/skey.access and try
	  a telnet session to ::1.
		permit internet ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
	  "prefixlen" syntax is added.
		permit internet ::1/128

Thu Nov 26 10:15:35 JST 1998  k-sugyou@kame.net
	- (FreeBSD) support IPv6 firewall
	- kit/sbin/ip6fw: controll utility

Wed Nov 25 18:36:46 JST 1998  itojun@iijlab.net
	* kit/libexec/telnetd: perform setsockopt(IP_TOS) only if the perr
	  is IPv4 host.

Tue Nov 24 18:53:38 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	A new Diffie-Hellman group as number 5 was supported.

Sat Nov 21 06:15:30 JST 1998  itojun@iijlab.net
	* sys/netinet6/icmp6.c: ICMP6 redirect processing was wrong.
	  routing table update event was not properly propagated toward
	  upper-layers.

Sat Nov 21 03:55:17 JST 1998  itojun@iijlab.net
	* KAME IPv6 on NetBSD-pmax is now confirmed to work.

	  From: Feico Dillema <dillema@acm.org>
	  Date: Fri, 20 Nov 1998 16:53:41 +0100
	  Subject: (KAME-snap 210) Status Report KAME and NetBSD-1.3.2-pmax 

Fri Nov 20 17:00:35 JST 1998  itojun@iijlab.net
	* sys/netinet6/nd6_rtr.c: Update prefix information option processing.
	  (experimental, FreeBSD/BSDI only)
	  Add more comments to RA processing code.
	  Separate prefix lifetime and address lifetime.  Address lifetime
	  will be kept in struct in6_ifaddr.  Implement "2 hour" rule for
	  address lifetime, which prevents DoS attack (hopefully).
	  TODO: on-link determination must be updated.
	* kit/sbin/ifconfig: Add code to print out address lifetime.
	  It looks too noisy and commented out by default.

Thu Nov 19 23:28:43 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/etc/rc.net6: don't assign prefix if $prefix is null

Thu Nov 19 19:03:53 JST 1998 shin@nd.net.fujitsu.co.jp
	* sys/netinet6/nd6.h: removed reserved field of
	the bit field, ndpr_stateflags, to also remove the necessity of
	changing the size of reserved field at new bit member addition.

Wed Nov 18 20:48:07 JST 1998  itojun@iijlab.net
	- Header chain chasing support for tcpdump.
	  To use this, user must specify "ip protochain x" or
	  "ip6 protochain x".
	  Since BPF code for header chasing cannot be optimized and is a bit
	  slow, this is separate from "ip proto x".

	  For example, "ip6 protochain 6" should capture any IPv6 packet
	  with TCP header (TCP with AH, or TCP with hop-by-hop option,
	  can be captured).
	
Wed Nov 18 10:05:42 JST 1998  itojun@iijlab.net
	* kit/ports/lynx: fix security hole in "rlogin://" URL.
	  (obtained from bugtraq mailing list)

	  From: Artur Grabowski (art@STACKEN.KTH.SE)
	  Date: Tue, 17 Nov 1998 17:06:00 +0100
      
	  http://www.geek-girl.com/bugtraq/1998_4/0489.html
	 
Wed Nov 18 04:00:32 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/src/rtsol/rtsol.c
	make compilable on FreeBSD 3.0

1998-11-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/pim6dd: added to support PIMv6 dense mode.
	Pim6dd was based on pimdd developed at the University of Oregon.

Tue Nov 17 16:08:45 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/src/gifconfig/gifconfig.8
	manual update for gif multi dest extensions contributed from
	dwiggins@bbn.com.
	also descriptions about IPv6 support and enable switch of this
	extension by link0 flag on/off is also added.

Tue Nov 17 14:57:51 JST 1998 shin@nd.net.fujitsu.co.jp
	* sys/net/if.c,if.h,if_gif.c,route.c,route.h,rtsock.c
	* sys/netinet/in_gif.c,in_gif.h
	* sys/neitnet6/in6_gif.c,in6_gif.h
	* kit/sbin/route/route.8,route.c

	merged gif multi dest extensions contributed from dwiggins@bbn.com.
	IPv6 support and enable switch of this extension by link0 flag on/off
	 is also added.

Tue Nov 17 01:51:12 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/src/gifconfig.c:
	support of printing physical IPv6 address value

Mon Nov 16 22:14:50 JST 1998 shin@nd.net.fujitsu.co.jp
	* sys/net/if_gif.c: Bug Fix
	added SIOC{S,G}IF{PHY,PSRC,PDST}*_IN6 ioctls to enable gif
	tunneling over IPv6.

Mon Nov 16 17:57:26 JST 1998  itojun@iijlab.net
	* kit/src/libinet6/rcmd.c: Update ahost (1st argument)
	  only if canonical hostname is available.  This is to preserve
	  the original behavior.

Sat Nov 14 18:25:06 JST 1998  itojun@iijlab.net
	* kit/usr.bin/telnet/commands.c (FreeBSD/NetBSD): preserve original
	  behavior.
	  - if the hostname to connect to is numeric, perform canonical name
	    lookup (look for PTR record, i.e. gethostbyaddr).
	  - if the hostname is non-numeric, do not perform canonical name
	    lookup.
	* kit/usr.bin/telnet/commands.c (BSDI): preserve original behavior.
	  - never perform canonical name lookup.

Fri Nov 13 01:36:57 JST 1998  itojun@iijlab.net
	* sys/crypto/sha1.c: fixed SHA-1 computation bug when the data source
	  is sized multiple of 64bytes.  Thanks goes to Chris Winters
	  <winters@itd.nrl.navy.mil> for detailed bug report!

Thu Nov 12 20:14:19 JST 1998  itojun@iijlab.net
	* sys/netinet6/in6.c: avoid hardcoding prefixlen == 64bit in
	  SIOC[ADG]LIFADDR processing.

	  bitwidth of interface id is always 64bit (defined in RFC2373),
	  but prefixlen may NOT be 64bit.  RFC2373 allows non-RFC2374 address
	  encoding scheme.  (see figure on page 8)

Thu Nov 12 19:53:34 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/rrenumd/rrenumd.c
	"AE" options added for rrenumd authentication and
	encryption.

Thu Nov 12 16:13:53 JST 1998  itojun@iijlab.net
	* kit/src/{libpcap,tcpdump}: support IPv6 address in pcap expression.
		tcpdump host ::1
		tcpdump net 3ffe:0501::/32

	TODO: libpcap now requires getaddrinfo() if --enable-ipv6 is specified.
		configure should check the existence and use alternatives
		(missing/getaddrinfo.c?) if none found.
	TODO: "gateway" syntax is not working in --enable-ipv6 setting.

Wed Nov 12 11:43:54 JST 1998  shin@nd.net.fujitsu.co.jp
	* sys/net/if_dummy.c: correct if_type to IFT_DUMMY

Wed Nov 11 18:16:56 JST 1998  itojun@iijlab.net
	* sys/netinet/in.c: implement SIOC[ADG]LIFADDR.

Wed Nov 11 14:16:00 JST 1998  itojun@iijlab.net
	* kit/libexec/ftpd(FreeBSD): perform ioctl(IP_TOS) and
	  setsockopt(TCP_NOPUSH) to be performed only in IPv4 ftp connection.
	  login.cap is now supported (but never tested).
	  logwtmp() is fixed to log IPv6 numeric hostname as much as possible.
	  I dunno if it is right or not.
	  (previously logged as "invalid hostname")

Wed Nov 11 13:56:59 JST 1998  itojun@iijlab.net
	* kit/src/rtsol: use SIOC[ADG]LIFADDR when possible.  this is mainly
	  for test purposes, but looks nice.

Wed Nov 11 12:02:10 JST 1998  itojun@iijlab.net
	* sys/netinet6/in6.c: support SIOC[ADG]LIFADDR for IPv6 address.
	  see ipngwg mailing list #6621 (October 10).  IPv6 address support
	  will be added when IPv6 version is confirmed to be working right.

Tue Nov 10 16:23:50 JST 1998  itojun@iijlab.net
	* sys/netinet/ip_output.c: (FreeBSD) prevent ipfw code from SEGV.
	  NOTE: we are still wondering whether ipfw code works right with
	  KAME or not.  Your inputs and bug reports would be really helpful.

Tue Nov 10 16:10:26 JST 1998  itojun@iijlab.net
	* kit/ports/ssh: update IPv6 patch to 1.4.

Tue Nov 10 12:31:53 JST 1998  itojun@iijlab.net
	* kit/src/racoon: eliminate u_int{8,16,32}.  use u_int{8,16,32}_t for
	  better portability.
	* kit/src/racoon: support lifetime type "kb".  NOTE: no kernel support
	  for expiration yet.

Tue Nov 10 00:21:04 JST 1998  itojun@iijlab.net
	* sys/netinet6: accumulate bytes transferred over SA, so that we can
	  define lifetime by bytes (sadb_lifetime_bytes) in the future.
	* kit/src/setkey: display bytes transferred over SA.

Mon Nov  9 15:51:28 JST 1998  itojun@iijlab.net
	* sys/netkey/key.c: pass FQDN and USERFQDN identity extension
	  on ACQUIRE message.  we need to check if it is allowed to pass
	  multiple identity extension to userland (racoon dislikes this).

Mon Nov  9 15:10:16 JST 1998  itojun@iijlab.net
	* kit/src/setkey: changed the meaning of -h flag.
	  was: print usage and exit, now: display hexadecimal dump on -x.

Sat Nov  7 00:29:19 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/rrenumd/Makefile, lexer.l, rrenumd.8, rrenumd.conf.5
	man update, and fixed lexer file to support comment in conf file.

1998-11-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgp_input.c (bgp_read): fixed a problem that bgpd
	stopped when an ETIMEDOUT error occurred on a BGP socket.

Fri Nov  6 16:27:07 JST 1998  itojun@iijlab.net
	* sys/crypto/cast128/cast128.c: speed up by replacing core functions
	  by macros.

	Message-Id: <19981031020640N.suzuki@grelot.elec.ryukoku.ac.jp>
	Date: Sat, 31 Oct 1998 02:06:40 +0900
	From: Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>

Fri Nov  6 14:00:30 JST 1998  itojun@iijlab.net
	* sys/netinet6: ND6 cleanups.
	- remove old lladdr caching code.  utilize nd6_cache_lladdr.
	- if we got RS/RA/NS/redir packet without lladdr, make an neighbor
	  cache entry with NOSTATE state (= considered PASSIVE).
	- checked relationship between neighbor cache and defrouter list.  it
	  seems fine (there will be no defrouter list without neighbor cache).

Thu Nov  5 JST 1998  itojun@iijlab.net
	* kit/src/route6d: ripng fix: update route lifetime only if the
	  advertisement is from same gw, with same metric. (see p13 of RFC2080)

	Thanks to: ikuo@intec.co.jp

Thu Nov  5 21:14:01 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/libinet6/resolv/res_debug.c
	Made this really compilable on FreeBSD 3.0.

Thu Nov  5 20:33:02 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/libinet6/ifname.c
	* kit/src/libinet6/resolv/res_debug.c
	* kit/src/ndp/ndp.c
	* kit/src/prefix/prefix.c
	Made compilable on FreeBSD 3.0.
	Now prefix assignment seems to be successful.

Thu Nov  5 04:26:55 JST 1998  shin@nd.net.fujitsu.co.jp
	* sys/netinet6/in6_prefix.c
	BUG FIX: fixed matched prefix length validity check to comply
	with spec.

Thu Nov  5 02:59:55 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/Makefile
	added rrenumd to SUBDIR.

Thu Nov  5 02:45:59 JST 1998  shin@nd.net.fujitsu.co.jp
	* kit/src/rrenumd/rrenumd.c, parser.y, lexer.l, Makefile, rrenumd.8
	fixed bugs and now it seems to be sending valid rrenum msgs.
	* kit/src/rtadvd/rrenum.c,rtadv.c
	fixed bugs and now seems to be successfully renumbering when
	received rrenum msgs from rrenumd.
	* kit/src/prefix/prefix.c
	changed default value of use_prefix length.

Wed Nov  4 23:41:05 JST 1998  itojun@iijlab.net
	* sys/netinet6/esp*: cleanup ESP pad length processing.
	  base spec requires 4n, cbc algorithms require 8n.
	* sys/netinet6/ah_core.c: make sure to skip ifindex portion
	  in ip6 src/dst address.

Wed Nov  4 JST 1998  itojun@iijlab.net
	* kit/src/racoon: fix IPv6 ID payload.
	* sys/netkey/key.c: changed internal structure for SA management.
	  SA will be held into per-state linked list, not per-protocol
	  linked list.

Wed Nov  4 00:29:02 JST 1998  itojun@iijlab.net
	* kit/src/tcpdump: try checking buggy implementation of CAST128.
	  SSLeay 0.9.0b has a bug in encryption round # on short keys - 
	  rounds should be 12 for key <= 80bits.

Tue Nov  3 19:58:13 JST 1998  itojun@iijlab.net
	* sys/crypto/blowfish: fixed cbc mode processing.  now it should be
	  interoperable with other implementations (need testing).

Mon Nov  2 01:02:30 JST 1998  itojun@iijlab.net
	* kit/ports/gated-ipv6: pathname of original distribution changed.

<199810>
Mon Oct 31 JST 1998  itojun@iijlab.net
	* kit/src/racoon: AH algorithm must be determined by hash algorithm
	  type attribute, not the transform type.
	* kit/src/racoon: sanity checker for config file improved.
	* sys/netinet6/esp_output.c: fixed a serious bug in ESP tunnel output,
	  which mistakes policy determination and send packets in clear (simple
	  tunnel, not ESP tunnel) in some configuration.
	* kit/src/tcpdump: ID payload now printed properly.
	* kit/src/racoon: parser improvements.  makefile improvements.
	  link print-isakmp.c from tcpdump so that packets can be monitored
	  after decryption, in debug mode.

Fri Oct 30 21:52:50 JST 1998  itojun@iijlab.net
	* sys/netinet6, kit/usr.bin/netstat: gather more stats on
	  IPsec operations.

Thu Oct 29 JST 1998  itojun@iijlab.net
	* kit/src/racoon: ignore notification payload on phase 1 negotiation
	  (responder-lifetime).  this is necessary for interop with RedCreek
	  when responder-lifetime does not match.
	* kit/src/racoon: compute long cipher key for phase 1 properly
	  (for example 3DES)
	* kit/src/racoon: phase 2 quick mode: attach fake ID payload for
	  debugging (configurable)
	* kit/src/racoon: ignore commit bit (we don't support this yet)
	* kit/src/racoon: bug fix in DELETE payload processing.
		TODO: handle it more properly, (i.e. remove SA if possible)
	* kit/src/racoon: send and check Vendor ID. (does nothing tricky
	  at this moment)
	* kit/src/racoon: phase 2 AH proposal must include authentication
	  method attribute.  reject non-conforming proposal on config file,
	  and on the packet from the peer.
	* kit/src/racoon: filter out phase 2 proposal that does not match
	  the SA type requested from the kernel.  For example, AH proposals
	  will be filtered out when ESP SA is requested.
	* kit/src/racoon: improve parser code.

Wed Oct 28 JST 1998  itojun@iijlab.net
	* kit/src/racoon: SA payload fixes.  (1) SAi_b must be the whole
	  SA payload sent from the initiator.  (2) responder must send the
	  selected proposal only, not the whole payload.
	* kit/src/racoon: phase 2 PFS fix.  config file format has changed.
	  one must specify PFS DH group in phase 2 configuration, not per-
	  transform configuration.
	* kit/src/racoon: ESP with authentication is now supported.
	  generate longer KEYMAT for this.
	* kit/src/racoon: improve warnings on ATTR payload format.
	* kit/src/racoon: bark if there's no "remote anonymous" section.
	* kit/src/tcpdump: isakmp and ipsec improvements.

Wed Oct 28 13:54:48 JST 1998  itojun@iijlab.net
	* kit/src/racoon: better PFS (Perfect Forward Secrecy) support.
	  RFC keyed MD5 support.  ignore Vendor ID payload (we may check
	  content of Vendor ID payload in the future).

Tue Oct 27 23:28:45 GMT 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	In phase 1, using real address as ID payload,
	if ID was not specified in config file.

Tue Oct 27 22:37:30 GMT 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	Applied t_id except hash_t when decision AH algorithm.

Wed Oct 28 07:05:57 JST 1998  itojun@iijlab.net
	* kit/src/setkey: support keyed SHA1.
	* sys/netkey: add more information about supported algorithms into
	  SADB_REGISTER message.
	* sys/netinet6: cleanup AH/ESP algorithm table.  add key length
	  information into the table.

Tue Oct 27 22:06:26 GMT 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	Added Some comment about checking payload.
	Implemented new SA payload parser.
	Removed enc_t in ipsec_sa structure.
	Supported to handle key length per algorithm.

Mon Oct 26 11:34:13 JST 1998  itojun@iijlab.net
	* sys/netinet6: IPv4 options processing.  not tested.
	  I believe that it will not work if there's source route option,
	  since ip_dooptions() rewrites the ip header.

Sun Oct 25 15:21:37 JST 1998  itojun@iijlab.net
	* kit/src/rtsol: avoid kvm_read().  use ioctl() instead, to grab
	  interface information.

Sun Oct 25 JST 1998  itojun@iijlab.net
	* sys/netinet6: add more sanity checks in esp{4,6}_input() and
	  ah{4,6}_input(), to avoid panic in heavy ipsec sessions.

Sat Oct 24 03:02:43 JST 1998 shin@nd.net.fujitsu.co.jp
	Added parser to rrenumd. But not seems to be working yet.
	Also man is not up to date.

Thu Oct 22 04:05:15 JST 1998 sakane@ydc.co.jp
	* sys/netkey, kit/src/racoon:
	Fixed the behavior about ACQUIRE, GETSPI, UPDATE and ADD.
	There were some mistakes.  Changed that kernel doesn't make a entry
	for acquiring when SADB_ACQUIRE.

Wed Oct 21 22:57:25 JST 1998  itojun@iijlab.net
	* made rfc AH work again.
	* fix ipsec{4,6}_hdrsiz() (bug caused SEGV on AH tunnel case)
	* wrap IF_ENQUEUE() by splimp()

Wed Oct 21 19:44:45 JST 1998  itojun@iijlab.net
	* midway.c(en ATM driver on FreeBSD/BSDI): fix transmit buffer
	  management.  in specific condition driver stops xmit'ing.

Wed Oct 21 15:52:23 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	Begin to handle Information Exchange. need more coding.

1998-10-21  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* if_gif.c (gif_input): put incoming packets to a network layer
	queue instead of directly calling an input function to prevent
	too many recursive function calls.
	
Wed Oct 21 13:16:39 JST 1998  itojun@iijlab.net
	* kit/ports/gated-ipv6: port for famous routing daemon, GateDaemon IPv6.

Wed Oct 21 12:11:38 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	changed the way to compute KEYMAT.
	changed the handling SPI and KEYMAT in pfkey_update() and pfkey_add().
	NOTE: When SA expire, racoon will be strange behavior. To be fixed.

Wed Oct 21 01:19:41 JST 1998  itojun@iijab.net
	* sys/netinet6: Update AH tunnel authenticity checking code.
	  Consider outer IP header authentic (if it gets authenticated),
	  and assume nothing (no authenticity) to inner IP header.
	* sys/netinet6: more IPsec statistics.

Tue Oct 20 16:47:00 JST 1998
	* sys/netinet{,6}: make AH tunnel mode working for IPv4.
	* sys/netinet6: more statistics for AH.
	* sys/netinet6: better sanity checks for IPv4 AH/ESP tunnel.
	  
Tue Oct 20 13:54:27 JST 1998  itojun@iijlab.net
	* sys/netinet6: make des-derived work.  need interop tests.

Mon Oct 19 19:48:25 JST 1998  itojun@iijlab.net
	* remove unused code/defines in ipsec.
	* log() fixes.
	* mark des-derived not working by rejecting it in esp_descbc_mature().
	  (iv management is not right)

1998-10-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* netstat/inet6.c (pim6_stats): added to print PIM for IPv6 statistics.

Mon Oct 19 17:39:48 JST 1998
	* sys/netkey/key.c: variable "sab" was defined twice in key_checksab()
	  and it made all packets to be sent in clear.  it is now fixed.
	  sorry for your troubles.

Sun Oct 18 JST 1998
	* kit/src/tcpdump: add some code to dump isakmp packets,
	  on udp port 500.  However, most part of the exchange is encrypted
	  (and that part cannot be decoded).

1998-10-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/bgp.c (bgp_process_update): Several bugs were fixed.
	The bugs were mostly about BGP4+ route reflector.

Thu Oct 15 16:17:09 JST 1998  itojun@iijlab.net
	* sys/netinet6 and kit/usr.bin/netstat: added some ipsec statistics.

1998-10-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd/dump.c: added to dump bgpd status to a file. The status
	includes various information such as bgpd internal routing table
	and BGP4+ per peer status. Please do not forget to execute the
	configure command before compiling.
	Man pages were also updated.

Sat Oct 14 18:31:25 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/etc/rc.net6
	changed to use "prefix" command instead of "ifconfig" command
	in router case.

Wed Oct 14 17:44:36 JST 1998  itojun@iijlab.net
	* kit/sys/netkey, kit/sys/net/rtsock.c: PF_KEY and PF_ROUTE sockets
	  are stabilized.  it should work fine against severe tests.
	  location of splnet() was wrong.

Sat Oct 14 16:06:16 JST 1998 shin@nd.net.fujitsu.co.jp
	* kit/src/Makefile
	added "prefix" command as to be installed by default.

Wed Oct 14 11:30:27 JST 1998  itojun@iijlab.net
	* kit/sys/netkey: properly handle IPv6 address passed by SADB_ACQUIRE.
	* kit/src/racoon: IPv6 support.  guess IPv6 stack type, socket/bind
	  to IPv6 unspecified addr, and so forth.  need more confirmation on
	  portability.

Sat Oct 14 11:05:48 JST 1998 shin@nd.net.fujitsu.co.jp
	*sys/netinet6/in6_var.h
	*sys/netinet6/in6_prefix.c
	changed bit field structure member size from u_long to u_char,
	because BSDI suppose the size differently between kernel
	and userland.
	And merged some diffs of in6_prefix.c between BSD variants.
	now "prefix" command seems to work on BSDI.

Wed Oct 14 03:52:11 JST 1998  itojun@iijlab.net
	* kit/ports/apache13: Port for apache 1.3.3.  For non-FreeBSD OSes,
	  IPv6 patch is available from ftp://ftp.kame.net/pub/kame/misc/.
	* kit/ports/apache12: renamed from kit/ports/apache (port for apache
	  1.2.6).  1.3.3 is highly recommended over 1.2.6.

Tue Oct 13 23:45:04 JST 1998  itojun@iijlab.net
	* kit/src/setkey: add -x option, which dumps all the message
	  transmitted to PF_KEY socket. (uses SADB_X_PROMISC).

Tue Oct 13 23:27:36 JST 1998  itojun@iijlab.net
	* sys/netkey: support SADB_X_PROMISC.  maybe good for debuggin'.

Tue Oct 13 21:21:27 JST 1998  itojun@iijlab.net
	* kit/src/racoon: make racoon code free from CPU endian.
	  now racoon works on KAME on NetBSD/sparc too.
	  (namely, eay_bn2v() and eay_v2bn() are updated)

Tue Oct 13 15:35:16 JST 1998  itojun@iijlab.net
	* kit/src/racoon: be more strict about checking SSLeay's existence.
	  previously we checked md5.h, but some operating systems have md5.h
	  by default.

Tue Oct 13 14:22:32 JST 1998  itojun@iijlab.net
	* sys/netkey: Add splnet() to prevent race condition.
	* sys/netkey/keysock.c: Changed the way sadb_msg is sent to userland.
	  PF_KEY defines three ways to send sadb_msg to userland:
	  (1) to requesting process only, (2) to all listening processes, and
	  (3) to all registered processes.   The implementation now conforms
	  to this.

1998-10-12  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/name6.c
	use res_query() for reverse lookup instead of res_search().
	allow IPv4-compat address for getipnodebyaddr(), do not perform
	any query for "::" to conform bsd-api-new-02.
	allow misalign address for getipnodebyaddr().

Sun Oct 11 23:31:35 JST 1998  itojun@iijlab.net
	* sys/net*: (NetBSD) IPsec is now working.  Now we need to perform
	  bunch of tests...

Sun Oct 11 22:52:24 JST 1998  itojun@iijlab.net
	* sys/netinet6/{esp,ah}_core.c: bark if no secret key is specified
	  for esp/ah algorithms that require secret key.

Sat Oct 11 22:35:59 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/prefix/prefix.8
	*kit/src/prefix/prefix.c
	added several checking of missing args, and changed some default
	behaviour.

Sun Oct 11 20:37:06 JST 1998  itojun@iijlab.net
	* kit/{sbin,usr.sbin}/sysctl and sys/netkey (NetBSD and BSDI):
	  add net.key.* sysctl MIBs.  for FreeBSD we already got net.key.*.

Sat Oct 11 01:03:17 JST 1998 shin@nd.net.fujitsu.co.jp
	*sys/netinet6/in6_prefix.c
	changed "panic" to "log(LOG_ERR...)" in bit_copy().

Sat Oct 11 00:42:15 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/prefix/prefix.8
	*kit/src/prefix/prefix.c
	update usage description of man and program.

Sun Oct 10 JST 1998  itojun@iijlab.net
	* sys/netinet6 and kit/sbin/ifconfig (NetBSD): fix ifconfig to
	  some extent, so that we can check status of if address flags (such as
	  "anycast").  there are some fixes necessary (ioctl API design issues).

Sat Oct 10 14:46:50 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/prefix/prefix.c
	fixed usage description.
	removed unused function.

Sat Oct 10 03:27:44 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/prefix/Makefile
	Made compilable on NetBSD
	also, this command seems to work on NetBSD

Sat Oct 10 02:59:02 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/sbin/ifconfig.c
		  ifconfig.8
	removed prefix related enhance(because they are moved to
	new "prefix" command)

Sat Oct 10 02:42:00 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/prefix/Makefile
			prefix.c
			prefix.8
	Newly added these files.
	Actually these are prefix related functions from
	current KAME FreeBSD sbin/ifconfig.
	Same functions in sbin/ifconfig will be removed.
	Only working on FreeBSD now.
	TODO: operational check on BSDI
	      compile check on NetBSD
	      complete man page

Sat Oct 10 01:54:58 JST 1998 shin@nd.net.fujitsu.co.jp
	*sys/netinet6/in6_prefix.c
	Bug Fix:
	  change ">>" to ">>=". (discovered by itojun)

Fri Oct  9 21:48:19 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/sbin/ifconfig/ifconfig.c
	enabled "-a" for prefix renumbering commands
	print usage for prefix related commands
	shorten long parameters.

Fri Oct  9 20:02:21 JST 1998 shin@nd.net.fujitsu.co.jp
	*kit/src/rtadvd/rrenum.c
	*kit/sbin/ifconfig/ifconfig.c
	*sys/netinet6/in6_prefix.c
	supported SIOCAIFPREFIX_IN6, SIOCCIFPREFIX_IN6,
	SIOCSGIFPREFIX_IN6, by ifconfig.
	And fixed several kernel bugs discovered using those commands.
	Now prefix renumbering by ifconfig seems to be working well.

1998/10/09 17:06:51 JST shin@nd.net.fujitsu.co.jp
    i386/conf            Makefile.i386 
  separated SYSTEM_LD macro into 2 case, where "-g" is defined and not.

1998/10/09 13:32:16 JST  shin@nd.net.fujitsu.co.jp
    i386/conf            Makefile.i386 
  add "ulimit" to SYSTEM_LD macro, not only to SYSTEM_LD_TAIL macro.

Fri Oct  9 11:52:33 JST 1998  itojun@iijlab.net
	* kit/src/faithd: improve command/result parsing in ftp translation.
	  support EPSV ALL.  reject PORT and PASV from client as it is bogus
	  for IPv6 ftp connection.

Thu Oct  8 21:09:30 JST 1998  itojun@iijlab.net
	* kit/src/faithd: redesign ftp.d completely, to make the translator
	  code more context-free.  Also, EPSV/EPRT is supported.

	  TODO: utilize "EPSV ALL" for improved performance,
	  better error recovery

1998-10-08  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* if_gif.c (gif_output): prevented infinite call of gif_output
	by introducing a counter variable which is static in this
	function. Note that this approach may introduce MUTEX problem
	when using kernel thread.

Tue Oct  7 18:20:01 JST 1998 shin@nd.net.fujitsu.co.jp
	implemented following cmd in kernel.
		SIOCSGIFPREFIX_IN6
		SIOCAIFPREFIX_IN6
		SIOCCIFPREFIX_IN6

	TODO: enhance ifconfig and rrenumd to utilize these cmds,
	      and test kernel behavior

1998-10-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_mroute.c: implemented kernel-level IPv6 multicast
	forwarding. It can be compiled, but there have been no userland
	routing daemon yet. So it will not effectively work for a while.

Wed Oct  7 13:04:01 JST 1998  itojun@iijlab.net
	* take care of IPsec tunnel in computing MTU and TCP MSS.
	  ipsec{4,6}_hdrsiz is defined for this.
	  {esp,ah}*_hdrsiz_* are deprecated.

Wed Oct  7 1998  itojun@iijlab.net
	* experimental ND6 code is enabled in KAME/BSDI and KAME/FreeBSD.
	  we are trying to figure out the following spec flaws:
	  - discovery-v2-03 talks almost nothing about how to manage neighbor
	    cache entry on reception of RA/RS/NS/redirect without link-layer
	    address option.
	  - IsRouter flag sometimes becomes out-of-sync, due to neighbor
	    cache expiration/creation rules.
	  we are still thinking about the spec, and changing nd6_cache_lladdr().
	  the experimental code works just fine so the change will not bite
	  you.

Wed Oct  7 00:33:03 JST 1998  itojun@iijlab.net
	* kit/lib/libftpio: (FreeBSD only) Fixed IPv4 non-passive ftp.
	  (bind failed due to wrong argument)

Tue Oct  6 18:28:13 JST 1998  itojun@iijlab.net
	If a packet is to be forwarded over IPsec tunnel, and it couldn't
	due to "too big and don't fragment", report the correct tunnel MTU
	toward the originator.
	tunnel MTU = if MTU - sizeof(IP header) - ESP/AH headers/paddings

	To test this, you may need
		sysctl -w net.inet.ipsec.dfbit=1
	to set DF bit on the outer IP header.

Tue Oct  6 13:48:42 JST 1998  itojun@iijlab.net
	* sys/netinet6/ipsec.c: changed the way IPsec tunnel is created.
	  (see ipsec4_encapsulate() in sys/netinet6/ipsec.c)
	* sys/netinet6/ipsec.c: define new sysctl MIB, net.inet.ipsec.dfbit,
	  to allow users to control DF bit treatment (copy/clear/set) on
	  ipsec tunnel encapsulation.
	  NOTE: this is per-host configuration, not a per-interface
	  configuration defined in draft-ietf-ipsec-arch-sec-07.txt.

Tue Oct  6 13:13:19 JST 1998 shin@nd.net.fujitsu.co.jp
	fix for rtr renumbering related structure's member name and
	  order change at ifconfig, rrenumd, rtadvd
	maybe minimum implementation of router renumbering at rtadvd completed

Tue Oct  6 12:57:50 JST 1998 shin@nd.net.fujitsu.co.jp
	changed router renumbering related structure's member name and order.
	added same interface check for SIOC*IFPREFIX_IN6 cmds.
	added in6_rrenumreq structure for advanced ioctls for rtr renumbering
	defined, SIOCAIFPREFIX_IN6, SIOCCIFPREFIX_IN6, SIOCSGIFPREFIX_IN6
	
	TODO: implement new SIOC*PREFIX_IN6 cmds in kernel

Mon Oct  5 17:20:13 JST 1998
	* Eliminate clause 3 from our KAME copyright notice, as we've heard
	  that 4-clause BSD copyright irritates people very much.

Mon Oct  5 10:46:05 JST 1998
	* kit/ports/sendmail6: make it buildable, by removing -I/usr/src/sys
	  from site.config-v6.kame.

1998/10/03 00:59:54 JST shin@nd.net.fujitsu.co.jp
    ports/mozilla        Makefile 
    ports/mozilla/files  md5 
  Patch level up.
    -IPv6 hostname with AAAA record,
     or numarical IPv6 address escaped by [  ],
     can be specified as proxy server.
    -adopted __res_state structure change.

1998/10/02 23:54:27 JST shin@nd.net.fujitsu.co.jp
    src/ndp              ndp.c 
    netinet6             nd6.h nd6.c nd6_nbr.c 
  Added "ln_expire" to llinfo_nd6 structure, and "expire" to
  in6_nbrinfo structure.
  NDP use them for state transition and rt_expire is no more used.
  Also, ndp command is changed to use ln_expire to display each
  entry's expire time.

Fri Oct  2 13:13:01 JST 1998  itojun@iijlab.net
	* kit/ports/apache: distribute IPv6 patch separately, from
	  ftp://ftp.kame.net/pub/kame/misc/.

Thu Oct  1 22:50:38 JST 1998  itojun@iijlab.net
	* kit/src/rtadvd: add capability "nolladdr" which controls
	  the presence of source link-layer address option on RA packets.
	  (mostly for debugging)
	* kit/src/ndp: add option "-A" which tries "-a" (show NDP entries)
	  repeatedly.

Thu Oct  1 11:12:25 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: mark this port broken as it is not buildable
	  due to the change in resolver (see below).

<199809>
1998-09-30  Atsushi Onoe <onoe@sm.sony.co.jp>
	* sys/net/if_atmsubr.c, sys/dev/en/midway.c:
	  fix bugs to allow "ifconfig up" for ATM-PVC interface without
	  assigning IPv4 address.

1998-09-30  Atsushi Onoe <onoe@sm.sony.co.jp>
	* include/resolv.h, kit/src/libinet6/resolv/:
	  restore struct __res_state to original to keep binary
	  compatibility (avoid SEGV on NetBSD).
	  change default configuration options for resolver.
	* kit/src/libinet6/name6.c:
	  change syntax for AI_ALL (now needs AI_V4MAPPED) to conform to
	  bsd-api-new-02(a).
	* include/netdb.h, kit/src/libinet6/name6.c:
	  add AI_V4MAPPED_CFG to return conditional answer of IPv4-mapped
	  IPv6 address depends on whether kernel's mapped_addr flag is set.
	  Also change the definition of AI_DEFAULT to (AI_V4MAPPED_CFG|
	  AI_ADDRCONFIG).
	* kit/src/libinet6/getaddrinfo.c:
	  support AI_NUMERICHOST flag to conform to bsd-api-new-02a.
	  replace CHECK_KERNPROTO by AI_ADDRCONFIG of getipnodebyname().
	  fix 'a.foo.bar and a.v6.foo.bar' problem in PF_UNSPEC case.

Wed Sep 30 13:26:22 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c:
	check to be zero of acq_seq, because zero is reserved
	as handling SADB_EXPIRE.

1998/09/30 12:48:37 JST shin@nd.net.fujitsu.co.jp
    netinet6             ip6_input.c 
  Don't think packets destined to RTF_GATEWAY route as "goto ours".

1998/09/30 02:59:38 JST shin@nd.net.fujitsu.co.jp
    netinet6             ip6_output.c 
  Copy m_flags(M_MCAST) to fragmented packets to disable
  neighbor resolution procedure for them.
  (because neighbor resolution waiting queue length is
  for only one packet)

1998/09/30 02:24:11 JST shin@nd.net.fujitsu.co.jp
    .                    USAGE 
  small grammar fix

1998/09/29 10:09:00 JST shin@nd.net.fujitsu.co.jp
    usr.sbin             Makefile 
  Commented out ppp and added suggestion to use kit/ports/ppp.
  Still leave dir of kit/usr.sbin/ppp for a while.

Mon Sep 28 17:40:18 JST 1998  itojun@iijlab.net
	* sys/netinet6/in6.h: Renamed IPV6_{JOIN,LEAVE}_MEMBERSHIP into
	  IPV6_{JOIN,LEAVE}_GROUP to conform to bsd-api-new-02a.

1998/09/26 14:13:27 JST shin@nd.net.fujitsu.co.jp
    src/rtadvd           rrenum.c 
  Adopted to router-renum-05.txt.
  And still supporting, not finished.

1998/09/25 16:34:20 JST shin@nd.net.fujitsu.co.jp
    src/rrenumd          rrenumd.c 
  Change router renumbering packet formats as new draft
  (router-renum-05.txt)

1998/09/25 16:31:44 JST shin@nd.net.fujitsu.co.jp
    netinet6             icmp6.h 
  Change router renumbering packet formats as new draft
  (router-renum-05.txt)
  Also, changed values type to u_int{8,16,32}_t as same as
  other icmp6 structure.

Thu Sep 24 21:51:19 JST 1998  itojun@iijlab.net
	* sys/sys/socket.h: Changed CMSG_xxx macro defs.  Previously, ALIGN()
	  was used (based on advanced API document).  However, ALIGN() in
	  advanced API and ALIGN() in BSD unix variants (machine/param.h) have
	  very different meanings.  So, now we've defined CMSG_ALIGN().

Thu Sep 24 19:42:22 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail: Update the IPv6 patch for sendmail to be used.
	  It is now 891+3.1W.  (W means WIDE sendmail patchkit)
	  IPv6 patch has been distributed separately, but now it is merged
	  into WIDE sendmail patchkit.

1998-09-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: Added new feature to restrict RIPng routes filtering
	routes that do not match a list of prefixes.
	Filtering function is also clarified and `default restrict'
	attribute disappeared. Instead, `filterin default' and/or
	`filterout default' attributes should be used.
	Note that configuration files which used older filtering functions
	should be rewritten.
	The manpage was also updated, which should be read carefully.

Thu Sep 24 13:19:26 JST 1998  itojun@iijlab.net
	* sys: (KAME/FreeBSD) updated ALTQ kernel part to 1.1.2.
	* kit/ports/altq: (KAME/FreeBSD) use ALTQ 1.1.2.

	  From: Kenjiro Cho <kjc@csl.sony.co.jp>

Thu Sep 24 13:19:26 JST 1998  itojun@iijlab.net
	* sys: (KAME/BSDI) Revamp PVC ATM code.  It is now compatible with
	  KAME/FreeBSD code.  Userland tools must be fetched from ALTQ
	  package. (ftp://ftp.csl.sony.co.jp/pub/kjc/)
	* kit/src/apconfig: (KAME/BSDI) removed because it is not needed
	  any more.

	  From: Kenjiro Cho <kjc@csl.sony.co.jp>

1998/09/24 00:03:18 JST shin@nd.net.fujitsu.co.jp
    src/rtadvd           rrenum.h 
  Router Renumbering related header.
   (Very sorry, I forgotten to add this)

1998/09/23 10:49:27 JST shin@nd.net.fujitsu.co.jp
    netinet6             icmp6.c icmp6.h in6.c in6.h in6_proto.c 
                         in6_var.h nd6.c nd6.h nd6_nbr.c nd6_rtr.c 
  Sync with FreeBSD/BSDI/NetBSD
  Only for files and places where I changed recently or I thought I can do.

Wed Sep 23 01:43:54 JST 1998 sakane@ydc.co.jp
	sys/netinet6/esp_core.c:
	Modified to do check DES weak key.

Tue Sep 22 22:59:21 JST 1998  itojun@iijlab.net
	* src/faith: clarify options.  improve behavior on error. 
		usage: faith [-de] [-p prefix]
			-d: disable
			-e: enable
			-p: configure prefix

1998/09/22 14:59:36 JST shin@nd.net.fujitsu.co.jp
    src/rtadvd           config.c rrenum.c rtadvd.c 
  When noticed new prefix addition, try to get the prefix information via
  SIOCGIFPREFIX.
  If can get it, and its origin is from RA, ignore it.
  Also router renumbering support is proceeding.(still need more work)

1998/09/22 14:55:40 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6_rtr.c 
  Change rt_request() to rtinit() in in6_ifadd() to let it send
  rtmsg to rtsock. Thus rtadvd become able to know that new prefix
  is added.

1998-09-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/ndp/ndp.c: option name clarification;
	  - replaced -F option with -H option
	  - replaced -Fp with -P
	  - replaced -Fr with -R

1998/09/22 00:51:14 JST shin@nd.net.fujitsu.co.jp
  Modified files:        (Branch: kame_227)
    ports/mozilla        Makefile 
  Removed files:         (Branch: kame_227)
    ports/mozilla/patches patch-bj patch-bk 
  Modification of sockaddr_in6 structure as kernel change.
  Change of library linking order so that libinet6 is linked for
  gethostbyname2(), not libc. (by sugyo-san)
  Patches/patch-* are deleted and now the total patch file is retrieved
  from ftp://ftp.kame.net/pub/kame/misc.

1998/09/21 22:19:26 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_prefix.c nd6.h nd6_rtr.c 
  Bug FIX:
    Correctly init setting ndpr_prefix's lifetimes.
  Added prefix lifetime argument check.
  Also, don't age nd_prefix entries whose ndpr_rrf_decrvalid and/or
  ndpr_rrf_decrprefd is 0.

1998/09/21 22:14:49 JST shin@nd.net.fujitsu.co.jp
    sbin/ifconfig        ifconfig.c 
  Bug Fix
    Don't break from arg check loop, when encountered an unknown arg,
    even if "prefix" command was specified.

1998/09/21 20:54:10 JST shin@nd.net.fujitsu.co.jp
    sbin/ifconfig        ifconfig.8 
  Added description about prefix related add/delete extension.

Mon Sep 21 19:40:10 JST 1998 sakane@ydc.co.jp
	sys/netinet6:
	Fixed to check replay counter.
	It's available to define variable window size.

1998/09/21 17:57:59 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_prefix.c nd6_rtr.c 
  Bug Fix:
    Point ndpr_prefix from ndpr_ifpr.ifpr_prefix in prelist_add()
    where ndpr's memory is allocated.
    Not in in6_prefix_ctl() which use stack to keep ndpr structure.
    Now prefix deletion seems to work.

1998/09/20 13:06:00 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_prefix.c nd6.h nd6_rtr.c 
  Put 2 cases in in6_prefix_ioctl into 1.
  Let prelist_add(), prelist_update() return errno.

1998/09/20 11:29:12 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_prefix.c nd6.h nd6_rtr.c 
  Moved if_prefixlist link/unlink into prelist_add/prelist_remove.
  But prefix deletion via SIOCDIFPREFIX is not working yet.

1998/09/20 11:28:52 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_prefix.c nd6.h nd6_rtr.c 
  Moved if_prefixlist link/unlink into prelist_add/prelist_remove.
  But prefix deletion via SIOCDIFPREFIX is not working yet.

1998/09/20 11:21:46 JST shin@nd.net.fujitsu.co.jp
    sbin/ifconfig        ifconfig.c 
  Set in6_prereq's prefixlen in in6_getprefixlen()
  Also changed the way of printing error message at prefix set/delete.

1998/09/19 17:57:21 JST shin@nd.net.fujitsu.co.jp
    netinet6             ah_core.c ah_input.c ah_output.c dest6.c 
                         esp_core.c esp_input.c esp_output.c 
                         frag6.c icmp6.c in6_ifattach.c in6_pcb.c 
                         in6_proto.c in6_rmx.c ip6_forward.c 
                         ip6_input.c ip6_output.c ipsec.c mld6.c 
                         nd6.c nd6_nbr.c raw_ip6.c tcp6_input.c 
                         tcp6_subr.c tcp6_usrreq.c udp6_usrreq.c 
  Include in_var.h instead of in6_var.h
  (Because just happen to found it)

1998/09/19 17:44:39 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c in6_prefix.c nd6.h nd6_rtr.c 
  Correct initialization of setting prefix contents.
  Let prelist_update() and prelist_add() return nd_prefix structure.
  Now prefix addition works but deletion is not yet.

1998/09/19 01:43:51 JST shin@nd.net.fujitsu.co.jp
    sbin/ifconfig        ifconfig.c 
  Added prefix set/delete operation. But not seems to be working now.
  TODO debugging to make it work right.

1998/09/19 01:41:13 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_var.h nd6.h nd6_rtr.c in6_prefix.c 
  Changed macro name NDPR_ORIG* to PR_ORIG*, and also moved its defs
  from nd6.h to in6_var.h.
  Changed the place of failsafe check in in6_prefix.c.

Fri Sep 18 13:54:11 JST 1998  itojun@iijlab.net
	* kit/libexec/ftpd: add support for "EPSV num" and "EPSV ALL",
	  so that we can interoperate with NRL ftp client.
	  "EPSV ALL" support is a fake, it will just get accepted and do
	  nothing.

Fri Sep 18 04:57:37 JST 1998  itojun@iijlab.net
	* sys/netinet6/ip6.h: router alert option type is now "5", not "14".
	  some of userland tools (such as tcpdump) need recompilation.
	  (ftp://playground.sun.com/pub/ipng/assignments/ipv6-parameters.txt)

1998/09/17 23:10:01 JST shin@nd.net.fujitsu.co.jp
    conf                 files 
    net                  if.h 
    netinet6             in6.c in6_proto.c in6_var.h nd6.h 
                         nd6_rtr.c tcp6_input.c 
    netinet6             in6_prefix.c 
  Support prefix SET,GET,DEL command over ioctl.
  (implementation/confirmation from application is not yet)
  Linked ifprefix(nd_prefix) entries from ifnet structure.
  So if_prefixlist member is added to the end of ifnet structure.
  All user-land applications which looks net/if.h should be recompiled.
  And Bug Fix (discovered by jinmei san):
    Still a sockaddr_in6 is used as an in6_addr in nd6_rtr.c
  So Replaced temporal sockaddr_in6 by nd_prefix->ndpr_prefix.

1998/09/17 18:25:44 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6_rtr.c 
  Bug Fix:
    Copy only RA flags on RA receipt which already has correspondent
    nd_prefix entry. (discovered by jinmei san)
    Also, set ndpr_dynamic for nd_prefix entry created by receiving RA.
    And only update dynamic nd_prefix entry when RA is received.

1998/09/17 15:04:03 JST shin@nd.net.fujitsu.co.jp
    src/ndp              ndp.c 
  As kernel structure definition change,
  As kernel structure definition change, changed flags to bit field.

1998-09-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/traceroute6/traceroute6.c: Added -l option, which specifies
	to print both numerical addresses and host names.
	Because of this addition, the default format changed from printing both
	to printing only host names.

Thu Sep 17 12:51:41 JST 1998 fujisawa@kame.net
	Add SuMiRe nat/protocol router.

Thu Sep 17 04:05:03 JST 1998 sakane@ydc.co.jp
	sys/netkey/key.c:
	SAB do become mature when SA with proxy have become mature.

Tue Sep 15 09:45:35 JST 1998 sakane@ydc.co.jp
	kit/src/setkey,sys/netkey/keyv2.h:
	It's changed that the name of extension flags for padding.
	Each are seq to seq-pad, zero to zero-pad, random to random-pad.
	It's available to define cyclic sequence number for replay prevention.
	This is not to be used.

Tue Sep 15 07:41:57 JST 1998 sakane@ydc.co.jp
	sys/netkey/keydb.h:
	mistaken key length was supplied by _KEYLEN().

1998/09/14 22:49:20 JST shin@nd.net.fujitsu.co.jp
    net                  if.h 
    netinet6             nd6.c nd6.h nd6_rtr.c 
  Preparing for prefix addition over ioctl.
  Modified nd_prefix structure to link it to protocol independent interface
  prefix list.(which is not yet implemented)
  Also, some nd_prefix member name is changed to avoid name collision.

Mon Sep 14 20:56:03 JST 1998 sakane@ydc.co.jp
	kit/src/racoon:
	It's available to handle expiration, but I don't know
	to handle HARD lifetime.  How should I do when key had been exchanged
	by expiration of SOFT lifetime. Now, SADB_EXPIRE HARD is ignored.

Mon Sep 14 20:47:01 JST 1998 sakane@ydc.co.jp
	sys/netkey/key.c:
	Set expiration time when new SA generated as LARVAL by SADB_GETSPI.

Mon Sep 14 17:30:22 JST 1998 sakane@ydc.co.jp
	kit/src/racoon,kit/src/setkey,sys/netkey/key.c:
	Infinite loop had occurred in kdebug_sadb().

Mon Sep 14 14:10:59 JST 1998 sakane@ydc.co.jp
	kit/src/racoon:
	Fixed a bug that racoon generated many ISAKMP-SA
	per a destination address.

Mon Sep 14 04:24:17 JST sakane@ydc.co.jp
	kit/src/racoon:
	Many items was fixed.
	racoon can exchange KEY in limited environment.
	see TODO.

Mon Sep 14 04:00:07 JST sakane@ydc.co.jp
	kit/src/setkey:
	Fixed calculation `diff time' when setkey -D.

1998/09/10 13:32:42 JST shin@nd.net.fujitsu.co.jp
    src/rtadvd           Makefile rtadvd.c 
    src/rtadvd           rrenum.c 
  Supporting receiving rr message. Some message checking was added.
  Still message processing need to be added.

1998/09/10 13:30:34 JST shin@nd.net.fujitsu.co.jp
    netinet6             icmp6.c 
  Added message validity check for ICMP6_ROUTER_RENUMBERING message

1998-09-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* Set hop limit field for an outgoing packets to the value
	advertised by a router, when user did not specify to use
	a special value.

1998/09/09 22:31:38 JST shin@nd.net.fujitsu.co.jp
    src/faithd           faithd.c 
  Change waitpid() to wait3() to prevent child become zombie.

1998/09/09 15:36:29 JST shin@nd.net.fujitsu.co.jp
    src/rrenumd          rrenumd.c 
  Moved(and merged) router renumbering struct definition into
  sys/netinet6/icmp6.h
  And changes related to it.

1998/09/09 15:34:46 JST shin@nd.net.fujitsu.co.jp
    netinet6             icmp6.h 
  Merged router renumbering struct definition in user-land into kernel.

1998/09/09 14:48:02 JST shin@nd.net.fujitsu.co.jp
    i386/conf            Makefile.i386 
  Added 'ulimit -d 65536'

Mon Sep 7 15:55:59 1998 sakane@ydc.co.jp
	sys/netkey, kit/src/setkey, kit/src/racoon:
	fixed that length in sadb_ext is a multiple of 64 bits.

Mon Sep 7 12:00:49 1998 sakane@ydc.co.jp
	sys/netkey/key.c, kit/src/setkey:
	change the rule of prefixlen.
	key_check() doesn't take care of prefixlen.
	you can specify 0.0.0.0/0 as wildcard.

1998/09/07 20:14:50 JST shin@nd.net.fujitsu.co.jp
    src/tcpdump          print-icmp6.c 
  Print router renumbering message.(just code type name)

1998/09/07 18:46:58 JST shin@nd.net.fujitsu.co.jp
    src/rrenumd          Makefile rrenumd.8 rrenumd.c
  Initial add of rrenumd. Very ADHOC. Even more, receiving side is notyet.

1998-09-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6_rtr.c (rt6_flush): newly defined to purge all the entries
	  of the routing table when their router is removed from the
	  Default Router List.

1998-09-03  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/ping6/ping6.c (main): fixed a problem that the -n option
	didn't work.

Thu Sep  3 18:52:35 JST 1998  itojun@iijlab.net
	* src/tcpdump/print-ip6.c: fixed flowlabel field.
	* src/tcpdump/print-vjc.c: fix for NetBSD (anyway it won't be
	  used)

	submitted by: Niels Baggesen <Niels.Baggesen@uni-c.dk>

1998-09-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/ndp: -F option can be specified with -r and/or -p option
	to flush the default router list and the prefix list,
	respectively. Note that both the kernel and the ndp command
	should be up to date.

1998-09-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6.c (nd6_ioctl): added 2 new ioctls; SIOCSRTRFLUSH_IN6 and
	SIOCSPFXFLUSH_IN6. The former is to flush all default routers
	in the default router list, and the latter is to flush all the
	prefixes and the addresses derived from them in the prefix list.
	
1998-09-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtsold/rtsold.c (main): added -m option, which is for
	mobile stations.

<199808>
1998-08-28  Atsushi Onoe <onoe@sm.sony.co.jp>
	* change getnodeby{host,addr} to getipnodeby{host,addr}
	to conform to bsd-api-new-02.
	* support host resolver selection (dns, /etc/hosts) for each OS
	(/etc/host.conf for FreeBSD, /etc/irs.conf for BSD/OS,
	 /etc/resolv.conf for NetBSD).

Fri Aug 28 14:39:27 JST 1998 sumikawa@ebina.hitachi.co.jp
	* added mld6query command, which sent Multicast Listner
	Discovery(draft-ietf-ipngwg-mld-00.txt) query and print 
	MLD report.
	* ip6_input.c: fixed HBH options check bugs.
	* ip6_output.c: enbale to join all multicast group(::) for
	super user.

Fri Aug 28 13:29:58 JST 1998 sakane@kame.net
	* sys/netkey:
	Fixed that reference count about SAD and SPD.

1998-08-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtsold: Implemented a daemon version of rtsol. Many
	imporvements were made such as;
	- Auto solicitaion when re-attach to a link
	- Source link-layer address option for Router Solicitations

1998-08-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* netstat/inet6.c (inet6print):  Defined GETSERVBYPORT6, which
	calls getservbyport replacing the second argument "tcp6" with
	"tcp", "udp6" with "udp", resp.
	- Replace getservbyport with the new macro for more friendly
	outputs of netstat -f inet6.

1998-08-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_reflect): Changed the default way when a returned
	ICMP packet exceeds the path MTU; RFC 1885 required to truncate
	it, but it was canceled in the new spec.

Tue Aug 25 07:25:24 JST 1998 sakane@ydc.co.jp
	* kit/src/setkey
	It is available to define hard and soft lifetime extension,
	and to display about lifetime.

Mon Aug 24 10:40:21 JST 1998 sakane@ydc.co.jp
	* sys/netkey:
	Begin to implement handling for SA expiration.
	Now, if you define lifetime then SA will be removed on time.
	But it is used sadb_lifetime_addtime as expiration time.

1998/08/22 00:41:35 JST shin@nd.net.fujitsu.co.jp
    ports/ppp/patches    patch-ad 
  Socks support. Don't use getaddrinfo for socks yet, because
  wrap function of getaddrinfo is not supported by usuall socks library.

1998/08/21 19:53:21 JST shin@nd.net.fujitsu.co.jp
  Modified files:
    ports/ppp/pkg        PLIST 
  Added files:
    ports/ppp/patches    patch-ab patch-ac 
  Removed files:
    ports/ppp/patches    patch-aa 
  V6 support for ports/ppp.

1998-08-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* sbin/ifconfig/ifconfig.c (in6_status): printed a new flag
	`detached' for an IPv6 address, when it could be considered as
	off-link(see below).
	
1998-08-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	Added some mechanism to make IPv6 router and prefix discovery be
	compatible with mobile environment. If we move from one network
	to another, this feature detects the fact automatically and treat
	the older prefixes(and addresses derived from them) as off-link
	even if their lifetime are not expired.
	Note that the new feature is not available for FreeBSD 2.2.6.

Thu Aug 20 15:17:17 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: added a patch supplied by sendmail.org
	 that avoids duplicated "Content-transfer-encoding".

Wed Aug 19 17:24:20 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c:
	Fixed to call key_kill().
	(Thanks, chippo@cdsec.com.)

1998-08-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6_rtr.c: Heavily changed to store advertising router list
	in prefix list.
	* kit/src/ndp/ndp.c (plist): changed to print the router list
	stored in each prefix list entry.
	Note that both the kernel and ndp command should be recompiled.
	
Wed Aug 19 16:33:55 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon:
	racoon has been working on limited environment.
	see TODO.

Wed Aug 19 16:30:48 JST 1998  itojun@iijlab.net
	* kit/ports/wu-ftpd: redistribute IPv6 patch separately
	  from ftp://ftp.kame.net/pub/kame/misc, so that non-FreeBSD
	  users can enjoy wu-ftpd6 patch.
	  added EPRT/EPSV support.

Wed Aug 19 15:20:27 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c:
	htonl(spi) when doing SADB_GETSPI.

Wed Aug 19 14:14:16 JST 1998  itojun@iijlab.net
	* kit/lib/libftpio and kit/usr.bin/fetch:
	  support EPRT/EPSV (draft-ietf-ftpext-ftp-over-ipv6-02).

Wed Aug 19 12:48:55 JST 1998  itojun@iijlab.net
	* kit/usr.bin/ftp and kit/libexec/ftpd:
	  support EPRT/EPSV (draft-ietf-ftpext-ftp-over-ipv6-02).
	  caveats:
	  - proxy mode is not working
	  - lacks AF negotiation
	  - ftp tries EPRT/EPSV first, then tries LPRT/LPSV.  I dunno
	    if it is a good thing, or a bad thing.

Wed Aug 19 08:40:15 JST 1998 sakane@ydc.co.jp
	* kit/src/racoon: Constants have been compliant with
	  both ipsec-doi-10 and isakmp-oakley-08.

Tue Aug 18 18:04:08 JST 1998  itojun@iijlab.net
	* kit/ports/mrt: udpate base version to 1.4.8a-980728.
	* kit/ports/popper: update base version to 2.53.
	* kit/ports/fechmail: update base version to 4.5.5.
	  Also, the ipv6 support for the port was broken
	  (nobody tried this, it seems).  It is now working properly.

1998/08/18 16:05:39 JST shin@nd.net.fujitsu.co.jp
    netinet6             ip6_input.c 
  Removed link local addr ours check.
  (To allow multiple link local addr. Also, its not necessary
  at least in FreeBSD KAME, because it does more general ours check
  by looking up routing table.)

Mon Aug 16 1998  itojun@iijlab.net
	* kit and sys: To conform to bsd-api-new-02, "struct sockaddr_in6"
	  need to be changed.  *Remove* sin6_ifindex and Reorder structure
	  member.
	  NOTE: you need a FULL recompilation of userland programs!!

Sun Aug 15 1998  itojun@iijlab.net
	* kit and sys: changed IPV6_{ADD,DROP}_MEMBERSHIP to 
	  IPV6_{JOIN,LEAVE}_MEMBERSHIP, to conform to bsd-api-new-02.
	  old def is kept for one week (one snapshot).

Thu Aug 13 16:43:30 JST 1998  itojun@iijlab.net
	* kit/libexec/tftpd: address-family independent "tftpd" daemon.

Thu Aug 13 16:22:50 JST 1998  itojun@iijlab.net
	* kit/usr.bin/tftp: address-family independent "tftp" command.

Thu Aug 13 11:23:58 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: port updated to support sendmail 8.9.1a.

	  port update submitted by: Issei Suzuki <issei@mikage.t-cnet.or.jp>

1998-08-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: supported several new features;
          - BGP routes can be advertised without sync with
	    RIPng(optional).
	  - RIPng default route generation
	  - RIPng route filter

Mon Aug 10 17:04:17 JST 1998  itojun@iijlab.net
	* kit/ports/vnc: vnc 3.3.2 with VNC-over-IPv6 capability.

Sat Aug  8 17:27:10 JST 1998  itojun@iijlab.net
	* kit/ports/altq, sys: update ALTQ to 1.1.1.
	* kit/ports/heimdal: install sample configuration file.

1998-08-07  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* nd6.c (nd6_timer): proper handling for unresolved packets
	in INCOMPLETE state; send ICMP6_DST_UNREACH to the originator.

Fri Aug  7 17:33:11 JST 1998  itojun@iijlab.net
	* sys/netinet6/nd6_nbr.c: fix handling of anycast address in DAD
	  routine.  previously anycast addresses are marked "tentative"
	  forever.

Fri Aug  7 17:07:32 JST 1998  itojun@iijlab.net
	* kit/src/rtsol: add option "-v" (verbose).
	  more proper handling of interface, while DAD is performed.
	  RS retry behavior now conforms to internet-draft.
	  (try RS until we got an RA, or we've sent MAX_ROUTER_SOLICITATIONS
	  RS packets)

1998-08-06  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_error): Implemented rate limitation of ICMPv6
	error messages. The limitation interval is configurable via sysctl
	net.inet6.icmp6.errratelimit in micro seconds(note that 0 means no
	limitation). Because of this change, sysctl(for BSDI and NetBSD)
	and netstat should be re-installed.

Thu Aug  6 08:08:00 JST 1998  itojun@iijlab.net
	* kit/src/tcpdump: flipped the meaning of -R flag.  tcpdump now assumes
	  new AH/ESP packet format by default. (by adding -R it will handle
	  packets as old AH/ESP)

Wed, 5 Aug JST 1998 sakane@ydc.co.jp
	* sys/netkey:
	key_bbcmp() has replaced.
	(thanks to wdk@squeak.zl2bkc.niwa.cri.nz)

Sun Aug  3 1998  itojun@iijlab.net
	* sys/netinet6/esp_core.c: blowfish has a big key schedule struct,
	  which caused kernel stack overflow on call to esp_blowfish_cbc_xx().
	  made the key schedule variable a static var.

Sun Aug  2 01:35:59 JST 1998  itojun@iijlab.net
	* kit/src/traceroute: LBL traceroute, with IPsec-related modification.
	* kit/ports/traceroute: removed (since it is imported into
	  kit/src/traceroute).

Sat Aug  1 11:59:39 JST 1998  itojun@iijlab.net
	* kit/src/traceroute6: disable IPsec in sender side.
	  "traceroute" protocol is not friendly with IPsec.  If you try
	  a traceroute toward your IPsec peer, you will not be able to
	  get the expected result.
	  (we may have to think about enabling IPsec, later)
	* kit/ports/traceroute: LBL traceroute, with the same care as above.

Sat Aug  1 10:10:12 JST 1998  itojun@iijlab.net
	* kit/ports/ssh: updated to 1.2.26 IPv6 patchlevel 1.2.

	  ssh kit updated by: kick@wide.ad.jp
	  port update submitted by: Issei Suzuki <issei@mikage.t-cnet.or.jp>

Sat Aug  1 05:17:43 JST 1998  itojun@iijlab.net
	* netkey/key.c: in key_mature(), perform more checks for the incoming
	  key association.  xx_mature() in {ah,esp}_core.c implement algorithm-
	  dependent checks.
	* IPsec: changed some of the kernel internal API for ESP/AH algorithms.

<199807>
1998-07-31  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_redirect_input): Supported received redirects
	which redirect to on-link destinations. Some ND related functions
	were also modified to accomplish this.

1998/07/30 17:57:15 JST shin@nd.net.fujitsu.co.jp
  kit/ports/ppp - Imported sources
  current source of user-level ppp command maintained at www.awfulhak.org.

Thu Jul 30 13:08:47 JST 1998  itojun@iijlab.net
	* 3DES ivlen has fixed (must be 8)

Thu Jul 30 13:08:47 JST 1998  sakane@ydc.co.jp
	* ipsec: support BYPASS policy 

Thu Jul 30 11:09:06 JST 1998  itojun@iijlab.net
	* ipsec interoperability fixes.
	  - use more proper ivlen for each of the algorithms
	  - padding rule fix (mainly for null encryption algorithm)
	  - loosen payload length check for ESP (must be multiple of 4)

1998/07/29 21:43:11 JST shin@nd.net.fujitsu.co.jp
    netinet6             ipsec.c 
  Changed dport to sport(Though anyway it is inside of #if 0)

Wed Jul 29 21:20:34 JST 1998  sakane@ydc.co.jp
	* sys/netinet6/esp_input.c: treat ESP NULL authentication alrogithm
	  specially.  do not perform sequence number check.

Wed Jul 29 17:48:34 JST 1998  itojun@iijlab.net
	* sys/netinet6/esp_core.c: 3DES code had a bug that caused SEGV.
	  (wrong pointer was passed as key buffer)

Wed Jul 29 1998  itojun@iijlab.net
	* sys/netinet6/ipsec.c: upper-layer protocol check code in
	  ipsec[46]_getindex() was wrong.  it needs to care about fragmentation
	  but it does not.  commented out for safety. (to be fixed)

Wed Jul 29 1998  itojun@iijlab.net
	* kit/src/libpcap: "tcpdump tcp" now works as expected.

Tue Jul 28 19:16:48 JST 1998  k-sugyou@kame.net
	* kit/ports/newbie: updated to 0.21p7.

1998/07/28 18:26:26 JST shin@nd.net.fujitsu.co.jp
    src/rtadvd           rtadvd.conf 
    Added "addrs#1" for sample configuration which is necessary to
    announce a prefix not assigned to the interface.

Tue Jul 28 1998  itojun@iijlab.net
	* kit/ports/wu-ftpd: updated to 2.4.2beta18.
	* kit/ports/sendmail6: updated to 8.9.1 IPv6 patchlevel 2.

1998-07-28  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/name6.c:
	re-support sethostent(), endhostent(), gethostent(), and
	gethostbyname2 (RES_USE_INET6 stuffs) for compatibility.
	h_aliases, h_addr_list of hostent structure must be a pointer
	of array, not NULL pointer.

Tue Jul 28 07:09:50 JST 1998 sakane@ydc.co.jp
	* sys/netinet6/ipsec.c
	Remove the routines of the check to reject
	when both the packet encrypted and policy was NONE.
	Are they need ?

Tue Jul 28 04:25:48 JST 1998 sakane@ydc.co.jp
	* kit/src/setkey
	Changed the place in the command to specify the upper layer protocol,
	and use `any' token as wildcard.
	For examples,
		add ::1 ::1 0x100 ...;     -> add ::1 ::1 any 0x100 ...;
		add ::1 ::1 0x100 tcp ...; -> add ::1 ::1 tcp 0x100 ...;
	Sorry, it means that you must modify your configuration for IPsec.
	Corrected to specify the IP address, port, prefix and SPI.
	Modified the output to dump for the upper layer protocol of wildcard.

Tue Jul 28 02:41:56 JST 1998 sakane@ydc.co.jp
	* netinet6/ipsec6.[ch]
	Remove use_{in,out}bound_spd, spd_priority and outbound_call_ike.
	It causes system to change the IPsec definition.
	When SP entry found, IPsec processing will be worked regardless
	of def_policy.  If you want to do IPsec when no SP entry defined,
	be set the def_policy to 2.  At this time, if no SA entry found,
	IKEd will be called by kernel.
	TODO:	The part of calling IKEd must be stable.

Thu Jul 23 19:08:57 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c
	Modified the behavior of SADB_ACQIURE and SADB_REGISTER.
	It's be possible for kernel to receive SADB_ACQUIRE message
	from user land process, and send SADB_ACQUIRE message
	to KMd registerd.  Also, It's be possible to send algorithms
	supported by kernel up to the KMd.
	TODO:	sadb_supprted should be from {ah,esp}_algorithms.
		entry acquired should be free by lifetime.

1998-07-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_input,ip6_hopopts_input):
	Router Alert Option support.

1998/07/23 07:32:30 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c nd6_nbr.c 
  Set Solicited Node Multicast Addr for p2p destaddr only on interface
  with same IPv6 prefix.
  Also, set proxy=1 when doing proxy NA.

1998/07/22 22:01:51 JST	shin@nd.net.fujitsu.co.jp
    netinet6             nd6_nbr.c in6.c 
  Support of Proxy NDP reply.

1998/07/22 19:41:52 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c 
  Join and leave Solicited Node Multicast addr for proxy NDPing
  PPP dest addr.
  And some other small fixes.

1998-07-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	Implemented MLD(Multicast Listener Discovery) host part.

1998-07-22  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/libinet6/ip6opt.c: inet6_option_init() and inet6_option_append()
	were newly implemented.

Fri Jul 17 03:33:44 JST 1998  itojun@iijlab.net
	* kit/src/hroute6d: install RTF_REJECT route for aggregated prefixes,
	  so that there will be no bogus packet loop at the border routers.

Thu Jul 16 23:11:45 JST 1998  sumikawa@ebina.hitachi.co.jp
	* src/ndp, sys/netinet6/nd*
	  - added -i options.
	* Neighbour Discovery
	  - supported multiple prefixes
	  - removing unreached router from default router list
	  - rewrote linked list handlings
	  - fixed pruning bug

Thu Jul 16 20:14:26 JST 1998  itojun@iijlab.net
	* kit/ports/ucd-snmp: SNMP daemon/client.  There are very few
	  IPv6 MIBs implemented at this moment.  We'll implement more in
	  the future.

Thu Jul 16 00:46:47 JST 1998 sakane@ydc.co.jp
	* sys/netkey/key.c
	Fixed the format for debug message.

1998/07/15 19:36:03 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6_var.h 
  Added some in6_ifaddr operating macros.
  And optimized IN6_ARE_MASKED_ADDR_EQUAL().

1998/07/15 19:00:59 JST shin@nd.net.fujitsu.co.jp
    src/route6d          ifmcstat.c 
  Only update mc from if6a.ia6_multiaddrs.lh_first when mc != 0.
  (because now only top if6a has non zero ia6_multiaddrs.lh_first)
  Also, added fe, fxp, cnw to havearpcom(p) list.

1998/07/15 17:59:36 JST shin@nd.net.fujitsu.co.jp
    usr.sbin/ppp         ip.c ipv6.c 
  Do SIOCDIFADDR_IN6 for those addresses on which SIOCAIFADDR_IN6 failed,
  to remove possible gabage routes.

1998/07/15 16:18:15 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c 
  Bug Fix:
    When deleting an IPv6 addr, many kinds of miserable things happens
    by dual IFAFREE at SIOCAIFADDR_IN6 in in6_control().

1998-07-14  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6.c: implemented multicast kludge to save multicast addresses
	linked from sockets when deleting all the unicast addresses.

Mon Jul 13 23:47:54 JST 1998 sakane@ydc.co.jp
	Fixed the cause of memory leak in ipsec.c.  There might be in.

Mon Jul 13 21:19:33 JST 1998 sakane@ydc.co.jp
	* kit/src/setkey
	Changed how to parse hexadecimal strings.
	It's possible to specify a key by hexadecimal string with `0x'.
	The quoted strings still too. 

1998-07-13  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	Changed the way to manage multicast groups in a socket;
	use list of multicast memberships instead of static array
	to eliminate limitation of number of multicast groups per socket.

Mon Jul 13 10:27:20 JST 1998  itojun@iijlab.net
	* kit/src/pluto: removed pluto IKE daemon.  we'll concentrte on 
	  racoon IKE daemon.

1998/07/13 03:38:32 JST shin@nd.net.fujitsu.co.jp
    netinet6             icmp6.h in6_proto.c nd6.h nd6.c 
  Add sysctl variable "nd6_proxyall" to switch on/off Proxy Neighbor
  Advertisement.

1998/07/13 03:35:39 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c 
  Add a check if IFF_LOOPBACK and/or IFF_LOOPBACK is set, to
  in6_is_ifloop_auto().
  Also, modified some comments.

1998/07/12 19:06:39 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6_rtr.c 
  Compare received reachable timer with basereachable timer.

1998/07/12 18:45:39 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6_rtr.c 
  Don't recompute reachable timer, if received RA's one is 0.
  And then, if current reachable timer value is 0(may be by some error)
  always recompute the reachable timer.

1998/07/12 18:29:04 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6.h 
  Bug fix:
   Kernel halts by 0 devide at ND_COMPUTE_RTIME(0).
   So Changed "random() %" to "random() &". This may not give mathmatically
   perfect random value, but I believe it is practically not a problem,
   and also performance become better.

1998/07/10 17:22:27 JST shin@nd.net.fujitsu.co.jp
    netinet6             in6.c 
  Bug fix:
  Every local address of p2p link is same, so its loopback entry is
  deleted when deleteing one of it, and consequently, became not able to
  receive packets sent to the local address.
  So only delete the p2p local addr loopback entry, when there is only
  one of same addresses remains.

Fri Jul 10 19:55:49 JST 1998  itojun@iijlab.net
	* kit/ports/heimdal: export control-free kerberos5 implementation.
	  Please be aware that it is not really tested very much.

Fri Jul 10 1998  itojun@iijlab.net
	* kit/ports/vat6: famous videoconferencing system for IPv6.
	  Please be aware that it is not tested at all, so it is marked
	  as BROKEN.

1998-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/ping6/ping6.c (summary): added fflush at the end of the
	function.
	Submitted by: koba@flab.fujitsu.co.jp

1998-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ip6_input.c (ip6_input): removed a quick hack for link-local
	addresses on point-to-point interfaces. We believe there is no
	problem.

1998-07-10  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6_proto.c: changed the default value of icmp6_rediraccept
	from 0 to 1.
	KAME kernel now safely handles received redirects if they redirect 
	to a better router. We'll soon support the redirects to on-link
	destinations.

1998-07-09  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/name6.c:
	  fixed handling IPv4 literal address and /etc/hosts.
	  IPv4-mapped address support is commented out until kernel will
	  accept it.

1998-07-08  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/name6.c, include/netdb.h:
	  support getnodebyname(), getnodebyaddr(), freehostent().
	  old interfaces (ex. gethostbyname2) are left for compatibility.

Wed Jul  8 02:19:06 JST 1998  itojun@iijlab.net
	* sys/netinet6/in6_ifattach.c: do not make interfaces IFF_UP on
	  assignment of link-local unicast address.
	* sys/net/if.c: perform IPv6 DAD on interface state changes,
	  i.e. ioctl().
	* kit/src/rtsol: make the interface up if it is not.
	  try to send RS repeatedly, if the interface is under DAD state.

1998/07/08 00:48:53 JST shin@nd.net.fujitsu.co.jp
    net                  if_tun.c 
  Stop to up unused tun* interfaces at default. They are up'ed after they
  are configured and began to used.(and address is assigned)
  (suggested by itojun)

Mon Jul  6 12:51:52 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: update to sendmail 8.9.1+IPv6 patchlevel 1.

1998/07/02 23:54:19 JST shin@nd.net.fujitsu.co.jp
    usr.sbin/ppp         Makefile ipcp.c ipv6cp.c 
  Added compile option for connectiong with remote sppp.

1998/07/02 17:04:10 JST shin@nd.net.fujitsu.co.jp
    netinet6             nd6.c 
    netinet6             in6_ifattach.c 
    When many continuous p2p interface exist, specified ifp's if_index
    in nd6_ifattach() become so large that nd_ifinfo[if_index] could
    point over the nd_ifinfo[] area, and break arbitrary memory value.
    When if_index value is big, multiply new nd_ifinfo size several time
    until the size become enough for specified ifp's if_index.

Thu Jul  2 16:50:13 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: update to sendmail 8.9.0+IPv6 patchlevel 4.

Thu Jul  2 12:46:08 JST 1998  itojun@iijlab.net
	* kit/ports/popper: upgraded to use qpopper 2.52.

1998-07-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.c (icmp6_rip6_input): Removed IPV6_STRIPHDR socket option
	and related code.
	* raw_ip6.c (rip6_input): ditto.
	* src/icmp6dump,ping6, rtadvd, tcpdump6: ditto.

1998-07-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd: supported metric addition for incoming RIPng routes.

Wed Jul  1 16:30:48 JST 1998  itojun@iijlab.net
	* kit/src/route6d: add -T, -N options (advertise default route only,
	  and restrict interfaces to handle)

	  Submitted by: kick@wide.ad.jp

Wed Jul  1 13:47:37 JST 1998  itojun@iijlab.net
	* everywhere: ALTQ (alternate queueing framework) merged into
	  KAME/FreeBSD kit. (not for BSDI nor NetBSD)
	  Good things: It makes ATM driver more concrete, and you can play
		with ALTQ.
	  Things to be fixed: IPv6-over-ATM support has to be checked.
		Userland tool (apconfig) is now unusable due to difference in
		the ATM driver.   Userland tools must be installed via
		kit/ports/altq.

	  For more information about ALTQ, visit the following URL:
		http://www.csl.sony.co.jp/person/kjc/software.html

1998-07-01  Atsushi Onoe <onoe@sm.sony.co.jp>
	* sys/net/if{,_mib}.c: fix index value of ifnet_addrs[] to 1 origin,
	  for sysctl net.link.generic.ifdata.<index> to work.

1998-07-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ports/popper: Supported the qpopper2.5, in which buffer overrun
	bugs were fixed.

Wed Jul  1 06:35:39 JST 1998  itojun@iijlab.net
	* kit/libexec/rshd: bugfix on INET6 connection.
	  Submitted by: ume@calm.imasy.org
	* kit/src/tcpdump: check AF field on CISCO HDLC packet.
	  Submitted from: fujiwara@rcac.tdi.co.jp

Wed Jul  1 01:06:08 JST 1998  itojun@iijlab.net
	* sys/dev/en/midway*: moved "midway*" files from sys/pci to
	  sys/dev/en, to help ALTQ merge.

<199806>
1998-06-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd:
	  - supported synchronization of RIPng and BGP4+
	  - small bug fix of route aggregation
	
Tue Jun 30 13:35:15 JST 1998  itojun@iijlab.net
	* sysctl MIB for net.inet6.ip6.xxx has changed. (previous def was bad)
	  past:
		mib[0] = CTL_NET; mib[1] = PF_INET6; mib[2] = IPPROTO_IP;
	  now:
		mib[0] = CTL_NET; mib[1] = PF_INET6; mib[2] = IPPROTO_IPV6;

1998-06-30  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/route6d/route6d.c (ripalarm): when aging routes,
	check whether rrt list is empty or not after aging. If it
	lacks, route6d may be core dumped.
	
1998/06/29 19:58:02 JST shin@nd.net.fujitsu.co.jp
    usr.sbin/ppp         command.c ipv6.c ipv6cp.c 
    net                  rtsock.c 
    netinet6             in6.c 
  Made it possible to assigne IPv6 link local addr to kernel, when
  kernel have none.
  Please update with kernel.

Mon Jun 29 13:15:05 JST 1998  itojun@iijlab.net
	* sys/netinet6/{ah,esp}_core.c: renamed {ah,esp}.c into
	  {ah,esp}_core.c, to avoid file name collision in NetBSD kernel
	  source tree (with Sun ethernet driver).

Mon Jun 29 02:20:01 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: update to sendmail 8.9.0+IPv6 patchlevel 3.

Sun Jun 28 10:48:30 JST 1998  itojun@iijlab.net
	* kit/ports/sendmail6: update to sendmail 8.9.0+IPv6 patchlevel 1.

Fri Jun 27 1998  itojun@iijlab.net
	* sys: Kernel now compiles with "options MROUTING".  (I have never
	  tried IPv4 multicast code with KAME kernel, though)

	  TODO: more cleaner way to deal with MBone stuff with gif interface.

Fri Jun 26 23:06:54 JST 1998  itojun@iijlab.net
	* sys: TCP MSS computation takes care of the room occupied by
	  transport-mode IPsec (ESP/AH).  This helps TCP to be performed
	  without packet fragmentation.
	  The functionality was implemented in WIDE Hydrangea days, and
	  removed by PFKEY-v2 merge.  It is now become available again.

Fri Jun 26 20:44:23 JST 1998  itojun@iijlab.net
	* sys/netinet/ip_output.c: If IPsec'ed packet is too big for the
	  interface, turn DF bit off and fragment it.  This is the last
	  resort for TCP packet with DF bit set.  THIS IS A QUICKHACK!
	  This applies only for non-AH, and non-forwarding (packet from myself)
	  case.  In AH case, we can't modify IP header (DF bit).
	  In forwarding case, ICMP more fragment message should be sent to
	  the originating node.

	  TODO: more consideration to path MTU discovery, as gateway and as
	  originator/final destination

Fri Jun 26 15:55:12 JST 1998  itojun@iijlab.net
	* sys/netinet6/esp_*.c: Some cleanup for ESP tunnel mode.
	  Now KAME host is able to serve as ESP tunnel gateway.

	  TODO: AH tunnel
	  TODO: better relationship with gif tunnel

1998-06-25  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* raw_ip6.c (rip6_input): striped all the extension headers
	including IP6 header for a socket on which IN6P_STRIPHDR
	was set. This feature will soon be default, not optional.

Thu Jun 25 02:23:06 JST 1998  itojun@iijlab.net
	* kit/src/libinet6/getaddrinfo.c: cleanup hostname == NULL case.
	  If AI_PASSIVE is specified in "hint" structure, return anyaddr
	  (0.0.0.0 or ::).  If not, return loopback address (127.0.0.1 or ::1).

Wed Jun 24 16:30:00 JST 1998  sumikawa@ebina.hitachi.co.jp
	* src/ndp, sys/netinet6/nd*
	- added -r, -p and -F options.

1998-06-24  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtadvd:
	- Implemented dynamic prefix addition and deletion by watching
	  the routing table.
	- Now rtadvd is completely independent of the configuration file.
	  It works even if the config file does not exist.

Wed Jun 24 13:39:59 JST 1998 sakane@ydc.co.jp
	sys/netkey/, sys/netinet{,6}/
	* Fixed the behavior when the SPD is refered.
	* Modified
	* Adjusted ipsecstat's members.
	kit/src/setkey/
	* Modified debug mode and verbose mode.
	* Fixed man page and sample script in sample.cf.

1998-06-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/bgpd:
	- fixed many bugs including infinite loop.
	- route aggregation can be specified per interface base.

Tue Jun 23 18:25:12 JST 1998  itojun@iijlab.net
	* kit/ports/socks64: updated socks64 patch from flab.
	  Now socks64 patch is fetchable, so you can build it yourself.

1998-06-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* icmp6.h (ICMP6_ROUTER_RENUMBERING): newly defined. Because of
	this, the definition of FQDN query and reply was changed. So
	you may have to update both kernel and userland applications.

1998-06-23  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* usr.sbin/portmap/from_local.c (find_local): rewrote the function
	using sysctl interface. The older versions had the too strict
	limitation on number of interface addresses. If you find some
	trouble about /usr/sbin/portmap, we recommend you to replace it with
	/usr/local/v6/sbin/portmap.
	
Tue Jun 23 02:58:40 JST 1998  itojun@iijlab.net
	* kit/ports/v6tun: upgrade to 1.1.
	* kit/ports/ssh: upgrade to 1.2.23 + IPv6 patch 1.1.

	  Submitted by: kick@wide.ad.jp

Tue Jun 23 1998  itojun@iijlab.net
	* sys/netinet6/raw_ip6.c: upper-layer checksum was fixed.  In the past
	  by invoking rtadvd kernel hangs up, due to stale pointers.

1998-06-18  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtadvd:
	- Added RA consistency check.
	- Added received RS/RA validation
	- Implemented timer related functions.
	- Implemented rate limitation of sending RAs.
	- maxinterval and mininterval were configurable.

Thu Jun 18 04:36:01 JST 1998  sumikawa@ebina.hitachi.co.jp

	* kit/ports/im: Email and NetNews user interface

Thu Jun 18 04:36:43 JST 1998 sakane@kame.net
	sys/netkey/, sys/netinet{,6}/, kit/src/setkey/
	* Restructed both SPD and SAD in kernel IPsec module.
	  There are two SPD. One is the based socket, and the another is
	  in the system mainly to handle the packet forwarding.
	* Some systemwide IPsec's parameters has been replaced into ipsec.h,
	  and add new parameters to handle the SPD's functions.
	* Add some commands for SPD management to `setkey'.
	* Add a module for acquiring KEY, but not tested.
	* Fixed when a PF_KEY socket was opened without PF_KEY_V2 as
	  its protocol.
	  Suggested by <suzuki@grelot.elec.ryukoku.ac.jp>.

Tue Jun 16 21:50:40 JST 1998 k-sugyou@kame.net
    ports/mozilla
  update to use mozilla-19980603

1998/06/16 13:32:45 JST shin@nd.net.fujitsu.co.jp
    usr.sbin/ppp         command.c filter.c ipv6cp.c 
  Log:
  Several small fixes.
  BCOPY->memcpy. Removed some func's obsolete arg. If_id initialization
  for server.

1998/06/15 21:33:31 JST shin@nd.net.fujitsu.co.jp
    net                  if_sppp.h if_spppsubr.c 

  IPV6CP of PPP support for sppp.
  But only communication over serial cable is tested using slsppp driver
  from fujiwara san. (At leaset, ping6 to remote link local addr is OK.)
  Also, token negotiation is not supported yet.

1998/06/14 00:42:36 JST shin@nd.net.fujitsu.co.jp
    netinet              tcp_usrreq.c 
    netinet6             tcp6_usrreq.c udp6_usrreq.c 

  MAPPED ADDR support phase 3.
  Now mapped addr is available for tcp.

1998-06-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/rtadvd/config.c (getconfig): Modified to use protocol
	default values for unspecified parameters.
	Now users may omit almost all parameters in rtadvd.conf if
	they want to use protocol defaults. Users are also able to
	specify more than 2 prefixes on an interface.

	* src/rtadvd/if.c: Added to include source link layer address
	option in RAs.

1998-06-12  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/getaddrinfo.c, getnameinfo.c:
	  fix getaddrinfo() and getnameinfo() to use offsetof() to determine
	  offset of address in struct sockaddr_in{,6}.
	  (offsetof(struct sockaddr_in6, sin6_addr) has been changed
	  from 8 to 16).

Wed Jun 10 19:43:03 JST 1998  itojun@iijlab.net
	* kit/src: To share kit/src among FreeBSD/BSDI/NetBSD kit, some changes
	  are added.  All source code under kit/src must be portable across
	  these three platforms.
	  Submitted by: hiroshi ura

1998-06-10  Atsushi Onoe <onoe@sm.sony.co.jp>
	* include/netdb.h: include <sys/types.h> to define size_t
	  for struct addrinfo.

1998-06-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6.c (in6_addmulti): added the 3rd argument to return
	more specific errors to caller.
	* in6.c (in6_addmulti): 
	(in6_control): 
	* in6_ifattach.c (in6_ifattach): 
	* ip6_output.c (ip6_setmoptions): 
	Reflected above change and used the error number if possible.
	
1998-06-09  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* esp_input.c (esp6_input): 
	* ah_input.c (ah6_input): 
	Set next header field of the previous header of ESP or AH
	using ip6_get_prevhdr().
	
	* icmp6.c (icmp6_error): modified to send ICMP error for packets
	including unknown header. Older versions discarded them, but
	spec required to return error for such packets.
	
	* raw_ip6.c (rip6_input): called icmp6_error with
	ICMP6_PARAMPROB_NEXTHEADER when there is no listening socket for
	the incoming packet.
	
	* frag6.c (frag6_input): replaced a block to store new next
	header value with calling ip6_get_prevhdr.
	
	* ip6_input.c (ip6_get_prevhdr): was newly defined. The function
	is not so efficent so it will be not used when we provide a
	better way.

Tue Jun  9 21:32:47 JST 1998  itojun@itojun.org
	* sys/netinet6/ipsec.c: fixed a critical bug when compiling kernel
	  with IPSEC option.  No data was coming to IPv6 sockets.
	  Suggested by: Atsushi Onoe <onoe@sm.sony.co.jp>

1998-06-09  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/route6d: ignore interfaces not marked IFF_UP at
	  initialization, to avoid failure in IPV6_ADD_MEMBERSHIP.

Tue Jun  9 13:43:33 JST 1998  itojun
	* kit/ports/v6tun: a handy tool for establishing IPv6 tunnel over
	  IPv4 dialup/ssh session.

Mon Jun  8 05:48:54 JST 1998  itojun@itojun.org
	* ipsec: ESP payload authentication algorithm is now switchable
	  via PF-KEY v2. (more checks need to be done)
	* ipsec: Changed SPI handling method in kernel ipsec module.  
	  SPI is now always kept in scalar variables in network byteorder.
	  This is to support new netkey module.

Sun Jun  7 JST 1998  itojun@itojun.org
	* sys/crypto: Fixed SHA-1 checksum length
	  (wrong: 16bytes  correct: 20bytes)
	  Pointed out by: Francis Dupont

Sun Jun  7 14:17:52 JST 1998  itojun@itojun.org
	* Incorporate REVISED FreeBSD TTCP security hole fix (FreeBSD security
	  advisory 98:03).
	  Pointed out by: kenji rikitake

Sun Jun  7 JST 1998  sakane@kame.net
	* ipsec code is now start working, but may need some more time to
	  stabilize.

Sat Jun  6 JST 1998  itojun@itojun.org
	* kit/ports/mrt: Multi-threaded Routing Toolkit from Merit.
	* sys/i386/isa/if_ed.c:  location to call in6_ifattach() is fixed.
	  Submitted by: Kouki Higuchi <luke@fct.kgc.co.jp>
	* sys: ipsecstat is now visible via sysctl MIB.
	* kit/usr.bin/netstat: show ipsec statistics on netstat -s.

Sat Jun  6 JST 1998  sakane@kame.net
	* sys: pfkey v2 and SPD is merged into.
	  NOTE: This breaks IPsec code, for the moment.
	  Also, some of userland tools (for example kit/src/pluto) cannot
	  be compiled.
	* kit/src/setkey: revamp for pfkey v2.
	  NOTE: this is not compatible with past version.

Fri Jun  5 JST 1998  itojun@itojun.org
	* kit/ports/zebra: update to use zebra-980604.
	* kit/ports/socks64: modified socks5 from Fujitsu Laboratories Ltd.
	  (not compile-able at this moment, since socks64 patch is yet to be
	  released)

Thu Jun  4 JST 1998  itojun@itojun.org
	* kit/src/libinet6: getaddrinfo() and getnameinfo() are cleaned up.

Thu Jun  4 00:27:42 JST 1998  itojun@itojun.org
	* Endian-ness of outbound (kernel->userland) sin6_ifindex has fixed.
	  We temporarily use host endian as draft is yet to be released.

1998/06/03 23:57:26 JST shin@nd.net.fujitsu.co.jp
    kern                 uipc_socket.c
    netinet              udp_usrreq.c
    netinet6             udp6_usrreq.c in6.h in6.c in6_proto.c
                         ip6_var.h

  Mapped addr support phase2. Now UDP is aple to use mapped addr
  by doing below.
    sysctl -w net.inet6.ip6.mapped_addr=1

Wed Jun  3 01:44:50 JST 1998  itojun@itojun.org
	* sys/i386/isa/if_zp.c: multicast support added.  it is essential
	  for using IPv6 on zp interface.

1998/06/02 00:20:29 JST	 shin@nd.net.fujitsu.co.jp
    netinet6             udp6_usrreq.c

  PRU_DISCONNECT was denied when in6p_faddr is not UNSPEC addr.
  Fixed it to be denied when in6p_faddr is UNSPEC addr.
  Also, changed the macro to BSD API conformed one.

1998/06/01 14:05:16 JST   shin@nd.net.fujitsu.co.jp
    src/faith            faith.c

  Changed the option argument spec of faith command.

1998/06/01 12:49:31 JST   shin@nd.net.fujitsu.co.jp
    src/libinet6         getaddrinfo.c

  Changed the way of specifing faith prefix for getaddrinfo().
  Now it is specified in environmental variable GAI.

<199805>
Sat May 30 10:42:32 JST 1998  itojun@itojun.org
	* kit/ports/ssh: ssh port updated to use ssh 1.2.23, and IPv6 patchkit
	  supplied by KIKUCHI Takahiro <kick@rcac.tdi.co.jp>  (Thanks!).
	  sshd and ssh are now totally AF independent, and listens both v4 and
	  v6 sockets!

1998/05/29 21:16:00 JST   shin@nd.net.fujitsu.co.jp
    i386/conf            GENERIC.v6 PAO.v6.diff

  Added compile option to switch mapped addr usage.

1998/05/29 21:09:10 JST    shin@nd.net.fujitsu.co.jp
    kern                 uipc_socket.c

  Step1 for mapped addr support.(actual support is not yet)
  Added so_pcb2 to struct socket, and let inet6 domain use it.
  Other domains(inet, unix, etc) continue to use so_pcb.

1998/05/29 14:06:46 JST   shin@nd.net.fujitsu.co.jp
    netinet6             in6.h in6_proto.c

  Addition of a sysctl for switching mapped addr support. (actual mapped
  addr support in kernel is not yet)
  Also changed some part of sysctl definition in in6.h, for IPSEC defined
  sysctls and MAPPED_ADDR_ENABLED defined sysctls could easily coexist.

1998/05/28 22:30:33 JST  shin@nd.net.fujitsu.co.jp
    ports/mozilla/patches patch-bg

  Patch for af switching hack's bug fix and the other.(from sugyou)
  Now mozilla can access v4 and v6 pages concurrently.
  Ftp access is also available.

1998/05/28 19:52:51 JST  shin@nd.net.fujitsu.co.jp
    libexec/ftpd         ftpd.c

  Fixed ftpd's ftp data connection from 21 to 20.

Thu May 28 20:11:08 JST 1998  itojun@itojun.org
	* sin6_ifindex support for (most of) connectionless inbound sockets
	  and raw ip6 outbound packets.
	  kit/src/ping6 now uses sin6_ifindex to control outgoing interface,
	  as a trial case.

May 27-28, 1998  itojun@itojun.org
	* cast128 bugfixes.
	  By Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>.

May 27-28, 1998  itojun@itojun.org
	* getaddrinfo() fix for PF_UNSPEC case.  Return IPv4/IPv6 anyaddr
	  (0.0.0.0 or ::) or localaddr (127.0.0.1 or ::1) in AI_PASSVE cases.
	  Suggested by KIKUCHI Takahiro <kick@rcac.tdi.co.jp>.

Tue May 26 18:41:38 JST 1998  itojun@itojun.org
	enable sockaddr_in6 new members: sin6_scope_id and sin6_ifindex.
	NOTE!!!  please make sure make sure that all userland code, libraries
	and port binaries are based on new definition.
	You may want to perform the following before making userland code,
	to make it sure:
	% rm /usr/local/v6/lib/*
	% find kit -name '*.o' -print | perl -nle unlink
	% find kit -name '*.a' -print | perl -nle unlink
				 
Tue May 26 04:05:02 JST 1998  itojun@itojun.org
	* preparation for sockaddr_in6 change.
	  kernel: bzero() for sockaddr_in6 are clarified.
	  userland: updated getaddrinfo() and getnameinfo() to make them
	  independent of the definition of sockaddr_in6.
	* IPV6_CHECKSUM setsockopt (advanced api)
	* inet6_rthdr_foobaa(): routing header manipulation functions
	  (advanced api)

Mon May 25 01:15:50 JST 1998  itojun@itojun.org
	* RC5 cbc mode added. (thanks goes to tomomi suzuki@ryukoku-u)

1998/05/22 16:06:51 JST shin@nd.net.fujitsu.co.jp
	ports/mozilla
	now mozilla can only access IPv6 www home pages.

Wed May 20 16:12:13 JST 1998  itojun@itojun.org
	* kit/src/*: Makefile cleanups.

1998-05-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* ipv6_icmp.c (icmp6_rip6_input): 
	* raw_ip6.c (rip6_input):
	Maked sure to 0-clear the pointer opts after each iteration
	of for loop. Older kernel causes kernel crash when more than 1
	raw IP6 sockets exist and optional information is expected
	on each socket.

Tue May 19 22:23:03 JST 1998  itojun@itojun.org
	* "options DES" is obsoleted.  You just need to say "options IPSEC".

Tue May 19 17:33:00 1998  sumikawa@ebina.hitachi.co.jp
	* kit/hroute6d: changed name from route6d to avoid duplication.	

1998-05-19  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* src/v6test/v6test.c (main):
	Added -f option to specify the path of configuration file.
	Document file was also modified.
	
shin        1998/05/18 21:21:32 JST
	src/route6d          route6d.c
	* Added ageout of each entry to ripalarm(), which is called every
	  SUPPLY_INTERVAL6 interval
	* Added one condition to the check if a route is loopback route or
	  not

Sun May 17 12:08:54 JST 1998  itojun@itojun.org
	* sys/netinet6/nd6.c: implemented NDP upper-layer reachability hint.

Fri May 15 12:06:03 JST 1998  itojun@itojun.org
	* TTCP security hole fix merged in.
	* ATM related fix.  Now we can configure kernel with ATM support.
	  (could experienced person try this?)
	* kit/ports/mozilla: inet6-capable mozilla.  You'll need Motif
	  as well as some CPU power for compilation.  (some more work
	  needs to be done)

Fri May 14 1998  itojun@itojun.org
	* some cleanups on NDP (neighbor discovery protocol).

Wed May 13 18:22:09 JST 1998  itojun@itojun.org
	* kit/ports/popper: inet6-capable qpopper.  Use with inet6d.
	* kit/ports/fetchmail: inet6-capable fetchmail.

shin        1998/05/13 17:55:59 JST
  kit/usr.sbin/ppp
	modifications to use SOCKS5.

shin        1998/05/13 16:02:21 JST
  kit/src/faithd
        Changed to refer sysctl configured value for FAITH prefix.

Tue May 12 12:38:21 JST 1998  itojun@itojun.org
	* kit/ports/newbie: updated to 0.21p3.
	* kit/ports/XFree86: imported a easy-installation for IPv6-ready
	  XFree86 (IPv6 patch by inria forks)
	* sys/netinet6/icmp6.c: fixed false badcode counter increments.

1998-05-12  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	Imported toshiba-origin bgpd, which supports RIPng and
	BGP4+. Thanks to Toru Kon'no <toru@isl.rdc.toshiba.co.jp>

Mon May 11 01:59:54 JST 1998  itojun@itojun.org
	* kit/src/tcpdump: imported LBL's tcpdump for more portability.
	  kit/usr.sbin/tcpdump (FreeBSD origin) was removed.
	* kit/src/libpcap: imported LBL's tcpdump for more portability.
	  kit/src/libpcap6{,.src} (FreeBSD origin) was removed.

Sat May  9 00:30:34 JST 1998  itojun@itojun.org
	* kit/src/hroute6d: hitachi-origin route6d, with route filtering/
	  aggregation functionalities. (quickhack-ed version imported)

Fri May  8 14:37:00 JST 1998  itojun@itojun.org
	* sys/netinet6: sanity checks for ifindex (passed via msghdr) added.

Wed May  6 18:43:36 JST 1998  itojun@itojun.org
	* kit/ports/newbie added.  This is an IPv6-aware nameserver/resolver.

Wed May  6 15:43:22 JST 1998  itojun@itojun.org
	* Makefile fixes so that "kit" can be made without modifying
	  /usr/src/sys.

shin        1998/05/05 01:49:58 JST
  kit/src/faith
	Added command for setting FAITH prefix value.

shin        1998/05/04 20:20:13 JST
  sys/netinet6/in6.h in6_proto.c ip6_input.c ip6_var.h
	Enabled FAITH prefix value change from sysctl().

itojun	5/5
	snapshot name changed from "hydrangea" to "kame"

1998-05-01  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/usr.bin/rsh/rsh.c
	Search "rlogin" from $PATH to use IPv6 capable rlogin command.

1998-05-01  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/src/libinet6/rcmd.c
	Call freeaddrinfo() in rcmd() to fix memory leak.
	Try ai_next even if ECONNREFUSED case, not to wait 31 seconds
	when only rshd4 is available on the remote host.

<199804>
1998-04-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* frag6.c (frag6_input): 
	Changed the way of deletion of the fragment header after
	reassembling; use ovbcopy instead of copying each 4 byte
	in a while loop.

shin        1998/04/27 11:39:32 JST
  kit/src/resolv/res_init.c
    Bug fix.
    Bus error happens at res_init()
    when nameserver directive is at the end of the resolv.conf file
    without "\n" terminated.

1998-04-20  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* dest6.c (dest6_input): Fixed a bug of returned value; from 0 to
	the next header identifier.
	
1998-04-17  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6_cksum.c (in6_cksum):
	Changed the definition of the pseudo header union not to include
	IP6 source and destination addresses.
	Changed the way to calculate the sum of IP6 pseudo header
	not to copy IP6 source and destination addresses to a separate
	buffer.

1998-04-10  Atsushi Onoe <onoe@sm.sony.co.jp>
	* kit/usr.bin/telnet/commands.c
	As original telnet, try the next available address
	if connect() fails.

Thu Apr  2 23:08:07 JST 1998   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  sys/netinet6/in6.c

  Added solicited node multicast address deletion at if addr deletion time.
  And modified comment.

1998-04-02  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* src/v6test/getconfig.c (make_frghdr): Changed not to use HTONS for
	IP6F_MORE_FRAG, since byte order consideration for the flag
	is now in its definition.

	* src/v6test/ext.conf:
	Added a hop by hop option.
	Changed the configuration for too big fragment offset test case2;
	use the correct IPv6 payload length value.

	* frag6.c (frag6_input): Specification conformance.
	- Changed the check when searching a reassemble queue for an
	incoming fragment; don't take into account the next header field
	of the fragment header. It was necessary for IPv4 fragments, but
	is not required for IPv6 fragments any more.
	- Changed to use unfragmentable part length and the next header
	value of the fragment header in the 1st(offsset = 0) fragment.
	The 1st fragment is not necessarily the '1st-reached' fragment.
	- Added a check if the reassembled packet would not exceed 65535
	bytes.
	--> Now Hydrangea passes sumikawa & jinmei's devilish tests
	    about fragment headers:-)
	
	* icmp6.c (icmp6_error): Removed the receiving interface index
	from the errornous packet if it had link-local scope source or
	destination.

	* icmp6.h (ICMP6_TIME_EXCEED_REASSEMBLY, ICMP6_TIME_EXCEED_TRANSIT):
	The latest advanced API conformance; EXCEEDED->EXCEED.

	* src/ping6/ping6.c (pr_icmph): 
	* src/traceroute6/traceroute6.c (packet_ok): 
	* usr.bin/tcpdump/tcpdump/print-icmp6.c (icmp6_print): 
	* src/icmp6dump/icmp6dump.c (dump): 
	* icmp6.c (icmp6_input):
	* ip6_forward.c (ip6_forward):
	Reflected the above changes.
	
	* frag6.c (frag6_freef): Added a bunch of code to return ICMP error for
	the 1st fragment.

	* ip6_var.h: added ip6q_unfrglen member to ip6q{}.

Thu Apr  2 17:34:50 JST 1998   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  sys/net/if_tun.c

  Removed SIOCSIFPHYADDR (which I added before) from tunifioctl because
  it turned out not to be necessary for tun interface.

1998-04-01  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* ip6_var.h: ip6q_nxtp member was escaped by 'notyet.' The
	location of the member caused segmentation faults.

	* ip6_input.c (ip6_input): put 'return' outside of the while loop
	at the end of the function. It was a very careless mistake, sorry.

Wed Apr  1 02:53:52 JST 1998 itojun
	- ESP 3DES support merged in. (thanks goes to tomomi suzuki@ryukoku-u)

<199803>

1998/03/31 20:24:37 JST   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  usr.sbin             Makefile Makefile.inc

  Added ppp to SUBDIR.
  Moved 'NOMAN= yes' from kit/Makefile.inc to portmap/Makefile.

1998/03/31 20:22:50 JST   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  usr.sbin/portmap     Makefile

  Moved 'NOMAN= yes' from ../Makefile.inc to ./Makefile.

1998/03/31 20:17:23 JST   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>p
  usr.sbin/ppp

  Several bug fixes, improvements and small changes.
  -Re added 'set ifaddrinet6' command, because it is useful
   when assigning p2p style addr with dest addr on ppp links.
  -Added `set v6prefix` command to define default IPv6 prefix.
  -Added address macros MYV6PREFIX and HISV6PREFIX. This needs
   prefix value defined by `set v6prefix`.
  -Enabled deletion of addrs assigned by ppp at link down time.
  -Added japanese man.

1998/03/31 11:31:42 JST   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  netinet6/in6.c

  When an IPv6 addr is removed, also remove the ownaddr loopback rtentry
  if it exists. (an addtion to the change of 1998/03/31 00:38:33)
  
1998/03/31 00:38:33 JST   Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
  netinet6/in6.c nd6.c nd6.h nd6_rtr.c 

  P2p interface support extension. (Because, hydrangea requires rtentry
  for ownaddr to be set to loopback.)
  -added nd6_p2p_rtrequest.(set ownaddr rtentry to loopback)
  -added a function which set ownaddr rtentry to loopback, in the case
   nd6_p2p_rtrequest doesn't work.
  
  Enabled the place where ln->ln_state is set to ND6_LLINFO_REACHABLE
  when rt->rt_expire == 0, in nd6_rtrequest.
  This seems to be necessary for setting permanent ndp entry.	

1998-03-28  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* route6.c (ip6_rthdr0): Conformance with new spec drafts; remove check
	if ip6r0_len <= 46.

	* icmp6.c (icmp6_input): when delivering ICMPv6 error to upper
	layers, take into account of intermediate extension headers.
	XXX: To accomplish this, the prototype of ctlinput functions is
	modified. It's inconsistent with the prototype of generic ctlinput
	functions.

	* udp6_usrreq.c (udp6_ctlinput):
	if there are extension headers between ip6 header and udp header,
	skip them.

	* tcp6_subr.c (tcp6_ctlinput): 
	if there are extension headers between ip6 header and tcp header,
	skip them.

	* nd6_nbr.c (nd6_ns_input): if the target address is an anycast,
	clear override flag when calling nd6_na_output().
	(nd6_na_output): remove a line where override flag is
	automatically set. The flag is now set in nd6_ns_input if necessary.

	* tcp6_input.c (tcp6_input): if the packet is anycasted, drop it.
	(syn_cache_add6): if the packet is anycasted, it's not cached.

	* icmp6.c (icmp6_reflect): 
	add check if the destination of the original packet is an anycast
	when choosing the source of the reflected packet.

	* in6.c (in6_ifawithscope): add check if each address is an
	anycast. If so, it's not selected.

	* ip6_input.c (ip6_input): set M_ANYCAST6 flag to the mbuf header
	when receiving packets with anycast destinations.
	
	* nd6.c (nd6_rtrequest): for loopbacked packets, set rt_ifa to
	the in6_ifaddr which has the same address of the destination.
	This hack is for receiving anycast addresses.

	* sbin/ifconfig/ifconfig.c
	support 'anycast' parameter.
	You can configure anycast address by ifconfig with this parameter.
	e.g. ifconfig ep0 3ffe:: alias anycast
	Update of the kernel is also required.

	* mbuf.h (M_ANYCAST6): added the flag to set to incoming anycasted
	packets.

1998-03-27  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>
	* in6_var.h:
	anycast support:
	add ifra_flags member to in6_aliasreq{}.
	add ia6_flags member to in6_ifaddr{}.
	define IN6_IFF_ANYCAST flag.

	* in6.c (in6_control): 
	in SIOCAIFADDR_IN6 case, set ia6_flags from in6_aliasreq.

	* in6_proto.c: add sysctl interface for ip6_hdrnestlimit.

	* usr.bin/netstat/inet6.c (ip6_stats): 
	print # of dropped packets due to too many extension headers.

	* ip6_input.c (ip6_input): 
	introduce 'ip6_hdrnestlimit', which controls the upper limit of
	number of extension headers. default value is set in in6_proto.c.

	* in6_pcb.c (in6_pcbnotify):
	change type of the 4th argument from in6_addr to 'in6_addr *',
	which is more efficient.
	* tcp6_subr.c (tcp6_ctlinput): 
	* udp6_usrreq.c (udp6_ctlinput):
	reflect the above change when calling in6_pcbnotify().

	* icmp6.c (icmp6_error): remove garbage.

Thu Mar 26 13:51:48 1998  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* icmp6.c (icmp6_error):
	improve the algorithm to check if the original packet is an ICMP6
	error or not; do IP6_EXTHDR_CHECK for each intermediate extension header,
	so the check will be rarely failed.

Thu Mar 26 13:47:36 1998  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* ip6_input.c (ip6_input):
	change algorithm of processing IPv6 header and Hop-by-Hop header.
	1st check if the packet is destined to ourself, then process
	hop-by-hop options header(if any). So if we are not a router
	and the packet are not destined to ourself, HBH headers aren't processed.

Thu Mar 26 16:40:05 JST 1998  itojun
* bugfix to route6d: multicast address overwritten by mistake

Wed Mar 25 1998  itojun
* kernel/ip6_output.c: multicast group management ADVAPI fix
  (forgot to embed ifindex into the multicast address)
  now rtadvd should work correctly

Tue Mar 24 00:16:06 JST 1998 shin <shin@nd.net.fujitsu.co.jp>
* usr.sbin/ppp: several bug fix, man page add, and a little
  enhancement(save interface id to file).

Mon Mar 23 11:10:14 JST 1998
* ports/apache: famous http server, with a patch for inet/inet6 capability.

Sun Mar 22 10:42:49 JST 1998
* cast128 support (from suzuki@ryukoku-u)
* ah bug fix (new-ah/old-ah header size)

Sun Mar 22 09:14:08 1998  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* ip6_input.c (ip6_input): 
	use upper layer protocol identifier for faith check instead of
	the next header value of IP6 header.
	
Fri Mar 20 08:13:49 1998  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* usr.bin/tcpdump/tcpdump/print-icmp6.c (icmp6_print): 
	  ICMPv6 error parameters are 'ntohl'ed. 
	
Fri Mar 20 08:13:49 1998  JINMEI, Tatuya  <jinmei@isl.rdc.toshiba.co.jp>

	* usr.bin/tcpdump/tcpdump/print-icmp6.c (icmp6_print): 
	  ICMPv6 error parameters are 'ntohl'ed. 

* sys: Bunch of advanced-api modifications

Mon Mar 09 22:56:02 JST
* sys/net/if_tun: IPv6 support

Thu Mar 05 16:20:31 JST 1998 shin <shin@nd.net.fujitsu.co.jp>
* usr.sbin/ppp: IPv6 support

<199802>

* sys: discovery-v2 code is now default, "options INET6_NDV2" is not needed
  any more.

<19980101-19980111>

* Happy new year!

* src/rtadvd: bug fix, was generated garbled packet
	(enbug'ed by advanced-api-04 related changes)
* sbin/{route,ifconfig}: bug fix
	was not able to handle explicit prefixlen less than 64
* usr.bin/netstat: -s fixed
* now we are able to grab media addr for adaptec 5940 ATM card.
* ip6 linklocal address assignment improved.
	- p2p/tunnel interfaces now borrow interface id from 1st ethernet card
* use of int{8,16,32}m_t are gone

<19971228-19971231>

* sbin/ifconfig: prefixlen is 64 by default
* minimum mtu is now 1280 (was 576)
* ip6 header priority -> class fix
* faithtelnetd/faithtelnet improvements

<19971221-19971227>

* advanced-api-04: specifying hoplimit by sendmsg(), for outgoing packet
* advanced-api-04: receiving dst addr/ifindex/hoplimit by recvmsg(),
	for incoming packet
* src/rtadvd: tiny bug fix.

<19971116-19971122>

* blowfish-cbc support
* temporary sr0 (riscom) driver fix (thanks kick&fujisaki), need more
  investigation
* gif rcvif fix (thanks kick)
* hangup on two or more RA fixed (thanks demizu)
* draft-ietf-ipngwg-icmp-namelookups-01.txt support.
  uses type=138 for FQDN query, type=139 for FQDN reply.
* nd6/routing table bug fix, in treatment of iface with multiple
  IPv6 addresses.
* advanced-api-04: icmp6 filter

<19971109-19971115>

* src/setkey: conform to draft-ietf-ipsec-auth-hmac-{md5-,sha1}96-01.txt

<19971102-19971108>

* netnatm fixes (include AF_* into ap0 bpf) by demizu
* riscom (if_sr) fix (incomplete)
* AH *-sha1 fix
* base version is now FreeBSD 2.2.5-RELEASE.  2.2.2-RELEASE tree is
  no longer maintained, basically.

<19971027-19971101>

* rename the name of some binary. (rshd -> rsh6d, rsh -> rsh6)
* sendmail6 port update.
* advanced-api-04: IN6_IS_ADDR_SAME -> IN6_ARE_ADDR_EQUAL
* advanced-api-04: icmp6 type/code/struct
* "goto ours" using routing table, not the loop
* GIFng
* backout daisy code from netinet6, now it looks like standard BSD code
* atm support updates (you must recompile apconfig)

<19971020-19971026>

* sbin/route now makes prefixlen=64 by default, for ip6 routes.
* ipv6 sppp (cisco hdlc) support.  tnx goes to fujisaki@ntt.
* route6d patch (aggregate+filter) by kick@wide.ad.jp.
* kernel patch for 2.2.5-RELEASE added.

<19971012-19971019>

* icmp6 redirect (status: send ok, receive not stable)
* route6d improvements from kato-san
* make synchronization with bsdi version easier
* bsdi version releases (kernel only)

<19971010-19971011>

* less warnings on compilation - thanks demizu-san
* ssh6 port directory
* bind8 port directory
* discovery-v2-00 conformance (status: so-so, use "options INET6_NDV2")

<19971009>

* NA reception handling fix (to conform to discovery-06 draft)
* icmp6 echoreply fix (source address has been invalid)
* unnumbered point-to-point fix

<19970918-19971005>

* merged in ATM card support.
* addition: rsh6 and rshd6
* addition: ports/sendmail6
* portmap fix by ho-san
* document fix by ho-san
* "ping6 -w" fix.
* "netinet6 -in" fix.
* addition: etc/rc.net6
* addition: usr.sbin/portmap (with INET6 fix)
* document: list unsupported interfaces, comment them out in GENERIC.v6
* addition: src/v6test
* ah6/esp6 fixes
* nd6 lladdr fix (be generic, don't use fixed MAC address size)
* massive improvement in tcpdump
* route6d version up
* "ep" driver is officially supported.

<19970918>

* Ad hoc hack to resolve NDP timer problems.
* A patch for route6d.c.
	Atsushi Onoe <onoe@sm.sony.co.jp>
* Goto ours if ifp->if_flags & IFF_POINTOPOINT for linklocal.
* More IPsec.
	itojun@itojun.org
* ATM patch for commands and kernel.
	Katushi Kobayashi <ikob@peer.cc.uec.ac.jp>
* getaddrinfo patch for ping6.
	itojun@itojun.org

<19970719>

* ndp -c bug fix.
* ATM merge.
	Katushi Kobayashi <ikob@peer.cc.uec.ac.jp>
* Eliminated IP_TOP from telnetd.
* in6_pcbnotify hack.

<19970717>

* 'Who Are You' support.
* ping6 hack.
* Heuristic to prevent reverse lookup for get{addr,name}info().
* while(1) in icmp6.c was removed.
	itojun@itojun.org
* m_pullup() buges were fixed.
	itojun@itojun.org
* ICMPv6 echo/reply hack.
* The 'crypto' directory was created.
* A bug of extension header analysis was fixed.
* IPsec commands were merged.
	itojun@itojun.org

<19970711>

* IPsec on Hydrangea/FreeBSD was merged.
* New telnet/telnetd.
* A bug of imcp_error loop was fixed. 

<19970709>

* New getaddrinfo/getnameinfo.
* ip6_hdrlen hack.
	itojun@itojun.org
* rtadvd error check.
* See if prefixlen of RA is 64.
* if_mz support
	itojun@itojun.org
* Type fix in comments.
	ip6_mreq -> ipv6_mreq
* ifconfig patch
	NAKAMURA Motonori <motonori@econ.kyoto-u.ac.jp>
* FreeBSD patch for route6d.
	itojun@itojun.org

<19970624>

* Ad-hoc solution of AF_INET6 for ftp6 and ftp6d.
* Can make without INET6.
* IPv4 support for ifmcstat.
* if_exp MC bug ad-hoc fix.
* UGH! ether_ip6multicast_{min,max} were crazy... fixed.
* nd6_nbr.c and nd6_rtr.c were also changed.
* in6_ifattach.c was changed to support aggregatable address.
* in6_maxmtu was fixed to skip lo0.
* route6d hack.
	Atsushi Onoe <onoe@sm.sony.co.jp>

<19970508>

* include "gif.h" in ip_input.c.
* Many bug fixes for BSD/OS 3.0 indicated by "before_kazu".
* socket(PF_ROUTE) bug fix for route6d.
* Well-tested on june.

<19970409>

* A bug fix of ifconfig. A strange address never displays for gif
 link-local.
* gifconfig is now based on BSD/OS 3.0's ifconfig.
* libinet6 was re-written.

<19970408>

* Support for 'de' and 'ef'.

<19970407>

* Numerous bug fixes for tcpdump which muneti-s enbugs many things, sigh.
* netstat '%uq' bug fix.
* ND6 parameters are now configurable by sysctl.

<19970406>

* Upgrad to BSD/OS 3.0.
* Path MTU Discovery.

<19970310>

* Toobig handle code. But we should consider it after BSD/OS 3.0.
* MD5 include files.
* IPV6_IF_MULTICAST bug fixes. 
* in6_contorol bug fix.

<19970227>

* md5.{c,h} uses u_int{n}_t.
* Now is able to configure without INET6.
* NGIF > 0 for ip{,6}_input.c
* ntohl() for too big messages in tcpdump.

<19970225>

* ICMPV6 macros conform the adv API.
* Some logging codes are added.
* ip6_mreq{} -> ipv6_mreq{} to conform the adv API.
* traceroute6 bug fix.
* route6d's buf is extended.

<19970219>

* IP/IP6 never use m_pullup when ressembling. IP6 reassembly comes back.
* icmpdump -> icmp6dump.
* ip6_frag_input() -> frag6_input().
* Commands use netinet/ip6.h instead netinet6/ip6.h.

<19970216>

* TCP based on sys210 patched 027 is now available!
* "ne" makes one internal mbuf or one or more external mbuf.
* telnet ::1 bug fix.
* UDP length bug fix.
* gethostbyname2 is deleted from commands.

<19970214>

* M_LOOP is defined.
* IP6_EXTHDR_CHECK is defined!!!!!
* nd6_rtr.c is now independent on Ethernet.
* tcpdump displays fragments.
* nd6_{ns, na, rtr}_input while loop bug fix.
* This version doesn't support TCP/IP6 nor "ne". 

<19970213>

* group management bug fixes in in6_control() and in6_{add,del}multi().
* struct ip6_mreq now takes if_index.
* ip6_output handles im6r_ifindex.
* ifinit() makes ifindex2ifnet[].
* Mbuf statics in ip6_input().
* This version doesn't support TCP/IP6.

<19970212>

* s/ndp6/nd6/g, s/NDP6/ND6/g
* nd6_{ns,na}_{input,output} is now independent on Ethernet.
* nd6.c is also independent on Ethernet.
* in6_control() brush up.
* ifmcstat displays all groups for each interface.
* This version doesn't support TCP/IP6.

<19970211>

* in6_cksum()'s carry bit bug fix.
* s/v6/6/g, s/v4/4/g, s/ndp6/nd6/g.
* Create ip6_{frag, route, dest}.c and {ah,esp}.c.
* ip6_input() checks out multicast before global unicast.
* Delete many unnecessary functions and variables.
* Names of Daisy macros have been changed.
* Delete ip6snoproto from rip6_input.
* Add ip6nhhist and ip6notmember.
* Decide that ip6_input() and ip6_route_input() call ip6_forward.
* Decide that ip6_input() handles HBH.
* This version doesn't support TCP/IP6.

<19970210>

* in6_ifaddr now contains global addresses only.
* ipv6_input() checks IF's link-local first then global.
* if_ether6.c -> ndp6{,_nbr,_rtr}.c.
* This version doesn't support TCP/IP6.

<19970208>

* Caught up to the basic API 07.
* in6_cksum() calculates a pseudo header.
* ICMP/UDP/TCP depends on in6_cksum() to prepare a pseudo header.
* Now modification to packets such as ntohs() never be permitted.
* Call icmp{,6}_paramerror if Daisy_ERROR is returned.
* This version doesn't support TCP/IPv6.

<19970201>

* route6d can now aggregate routes. 
	e.g. -A 5f09:c400::/32,gif2,gif3,gif4,gif6
* m_copym() in icmpv6_error() bug fix.
* icmpv6_{error,reflect} were re-written to be elegant and stable.
* ipv6_forward() now directly calls if_output().
* netstat -nr now displays routing tables with IPv6 oriented format.
* netstat -s -p icmp6 now displays {in,out}hist.
* tcpdump can tap an IF even if it doesn't have any IPv4 addresses.
* Defined GATEWAY6, deleted IGNORERA.
* ipv6_ignorera -> ipv6_accept_rtadv. ipv6_faithon -> ipv6_keepfaith.

<19970129>

* RIPng ready.
* RADISH bug fixes.
* ICMP refines.
* Command bug fixes.

<19970125>
* sysctl stuff
* FAITH (Fairewall Aided Internet Translator for Hydrangea)
* ndp6_rs_ouput() was deleted from each PCMCIA driver. This function
goes to missd(Miss Daemon).
* Many bug fixes.

<19970124>

* Macro names and variable names conform the API drafts.
* RADISH bug fixes. Now RTM_DELETE surely back to routing socket.

<19970107> WIDE internal release

* Automatic link-local address to p2p link using MD5.
* RADISH porting.
* netstat, route, and ndp is now completed.
* ifname functions.
* Several bug fixes including UDP6, gif multicast, etc.

<19961225> WIDE internal release

* Source selection.
	Best address out of the same scope.
* Interface selection.
	Interface ID encoding to link-local addresses.
* Flagments and reassemble. 
* TCP fatal bug fix.
* GIF bug fixes.
* Automatic link-local address setup.
* RA handling(default route and prefix).
* Strict pakect filtering in ipv6_{input, forwarding, output}.
* API catch up (no more HDRINCL).
	ping6, traceroute6, rtsol.

<19960908> WIDE internal release

* Copyright notices are brushed up.
* ICMPv6 netunreach bug fix. This makes Hydrangea much more stable.
	Yusaku Hasegawa <yusaku-h@is.aist-nara.ac.jp>
* udp6_usrreq.c logical case fix
	Akira Kato <kato@nezu.wide.ad.jp>
* A tiny patch for -i option of netstat6
	Jun-ichiro Itoh <itojun@cardamom.csl.sony.co.jp>
* if_dummy.c
	Akira Kato <kato@nezu.wide.ad.jp>
* in6_localaddr was deleted
	Atsushi Onoe <onoe@sm.sony.co.jp>
* gifconfig now requires root privilege.
	Kazu Yamamoto
* At booting, a message like 
	rtinit: wrong ifa (f0810900) was (f0810c00)
was printed. This was fixed.

The causes of this bug were the followings:
	(1) ifa_ifwithaddr compares <key> and <broadaddr>.
	(2) Since IPv6 doesn't have broadcast address, 
	   ifa_broadcast is filled with zero.
	(3) bcmp() returns *0* when comparing length is zero.
	(4) Thus, ifa_ifwithaddr always returns not the appropriate
	   in6_ifaddr but the first in6_ifaddr.

There are two solutions here:
	(a) Bury ifa_broadcast with link-local all node multicast address.
	(b) Avoid comparing <key> and <broadaddr> when length is zero in
           ifa_ifwithaddr.
Currently we went to the way of (b).

	Kazu Yamamoto

<19960816> WIDE internal release

* af2pf and daisy_insw are now used in only IPv4 and IPv6 semantics.
	Kazu Yamamoto
* A password typo fix. Sorry.
	Kazu Yamamoto
* A typo fix in net/ppp_ipv6cp.c to prevent warnings.
	Kazu Yamamoto
* netstat patch for UDP6 statics.
	Akira Kato <kato@nezu.wide.ad.jp>
* TCP checksum patch.
	Atsushi Onoe <onoe@sm.sony.co.jp>
	Jun-ichiro Itoh <itojun@csl.sony.co.jp>
* IPv6 multicast support patch for if_gif.c.
	Akira Kato <kato@nezu.wide.ad.jp>

<19960814> WIDE internal release

* Initial release to WIDE project.
