Subject: KAME IPv6/IPsec kit for NetBSD
To: None <>
From: Jun-ichiro itojun Itoh <>
List: netbsd-announce
Date: 12/04/1998 12:37:00
	(sorry if you've read this on

	Hello, this is Jun-ichiro Itoh of KAME project.
	We've released our IPv6/IPsec kit for NetBSD 1.3.2, FreeBSD
	2.2.7 and BSDI BSD/OS 3.1.

	This is our release called "STABLE".  STABLE is bi-monthly
	"documented" release.  We also have weekly SNAP release and
	cvsup access as well.

	Here some URLs to visit:

	If you got any questions please contact (implementers)
	or (users mailing list).  Thanks!
jun-ichiro itoh

--- supported items, excerpt from

* IPv6: working fine for more than two year
* IPsec: transport mode ready, tunnel mode ready only for IPv4
* IKE: home-brew IKE daemon "racoon" being developed
* ATM leased line: ready for IPv4/IPv6
* IPv4-IPv6 TCP relay for border routers: ready
* ALTQ: merged and ready (for KAME/FreeBSD)
* mobile host support in NDP: ready and working
* laptop: PAO/wildboar ready 
	wildboar is BSDI pccard support code, it is also from 
	WIDE project (
* SuMiRe IPv4 NAT implementation: ready
* more to come

Userland and others:

* SMTP over IPv6: ready and working well
* POP over IPv6: ready
* ftp over IPv6: ready and working well
* tftp over IPv6: ready and working well
* Userland PPP (FreeBSD): ready and working well, with multiprotocol support
* apache6: ready, works as proxy too (both 1.2.x and 1.3.x)
* v4/v6 nameserver: ready and ongoing,
	as "newbie" project (
	and bind8 patch
* v4/v6 resolver: ready
* v4/v6 dhcp: planned
* Practical v6 net:
	* multihoming: ready and working
	* autoconfig: working well for long time
	* filter6: ready
	* NAT6: we are trying to avoid this
* mozilla6: ready and testing
* routing daemons: following are ready
	* route6d: simple and easy ripng daemon
	* hroute6d: highly configurable ripng daemon
	* bgpd: highly configurable bgp/ripng daemon
	* mrt: Multi-threaded routing toolkit from merit
	* Zebra routing protocol server
	* merit gated
* what others?
	* X11 over IPv6: ready but not tested
	* IPv6-ready boot floppy for installation over v6 net:
		now testing for FreeBSD
	* NFS6: planned
	* perl5: ready, with some embedded functions and fixes
	* snmp MIB for IPv6: ready, with small set of MIBs

--- changes from 19980930 RELEASE kit to 19981130 RELEASE kit

- Introduced loop prevention mechanism for gif input and output. 


- Implemented kernel level multicast forwarding with PIM.
- Introduced loop prevention mechanism for gif input and output. 
- Implemented kernel level prefix renumbering mechanism and its API for
  the "rrenumd" daemon and the "prefix" command.
- Gif tunnel IPv6 support as outer encapsulation. (was not possible)
- Gif tunnel extension for multiple destination.
  (contributed by
- Neighbor discovery code was stabilized.
- ICMPv6 redirect is now working properly.

<<IPv6 API>>


- IPv4 IPsec (both transport and tunnel) was stabilized very much.
- IPsec tunnel now handles path MTU and TCP MSS properly.
- IPv4 options are now properly handled by IPsec code.
- Most of the ESP/AH algorithms is now confirmed to be interoperable with
  other implementations.
- The "racoon" IKE daemon was updated for better interoperability.
- Statistics is now properly gathered.


- Implemented "pim6dd", a daemon of PIMv2 dense mode for IPv6, to support 
  IPv6 multicast routing.
- IPv6 hostname with AAAA record, or numarical IPv6 address escaped by [  ],
  is supported as proxy server specification for mozilla.
- Implemented the "prefix" command for prefix assignment and renumbering 
  inside a node.
- Implemented the "rrenumd" daemon for sending router renumbering messages.
- Enhanced the "rtadvd" daemon for receiving router renumbering messages 
  and renumbering pre-assigned prefixes.
- Resolver was updated to keep binary compatibility with existing
  implementations.  Namely, struct _res is now kept unchanged from original
  bind distribution.
- EPSV/EPRT support for FAITH TCP translator.
- "tcpdump" is now able to chase IPv6 header chain and to analyze IPsec
  related packets.
- IPv6-ready logwtmp() and skeyaccess() is now supplied (FreeBSD only).


- Copyright notice was changed.  We are now using 3-clause BSD copyright.
- New ports: "apache13", "gated" ("apache" is renamed to "apache12")
- "lynx" security hole fix included into the IPv6-ready ports directory.
  (this is a problem with the original "lynx", not the IPv6 patch)
- KAME on NetBSD-pmax is now confirmed to work.