New and notable in the latest snapshot:

Fixed potential memory leak in pfkey_msg_build() use.

Fixed klips aliased physical I/F bug.

Fixed NULL stats access bug if device could not be determined.  This
was responsible for hanging the machine if a packet came in on a
previously downed interface.

A bunch of fixes from DHR to fix bugs in hurriedly checked in code in
the 1.2 release.

New and notable in 1.2:

The patcher has been improved to handle the case where a patch has gone
away (give it no key+patchfile arguments) and the old version must be
undone.  A number of the kernel patches have, in fact, gone away; for
example, all device, proc_fs and protocol registrations are now done
dynamically even for static-linked configurations.

A %defaultroute feature has been added for automatic configuration in the
simplest case (IPSEC on only one interface, the one the default route
points to); it can supply both the interfaces parameter and the address
and nexthop of one host.

The sample ipsec.conf has been simplified to exploit %defaultroute, and
has generally been cleaned up.

User-kernel communication is being converted to use PFKEY2 (RFC 2367),
although not quite everything has yet been taken care of.  The old
netlink-based code still works, for now.  There are new facilities in the
library for doing PFKEY2 communication.  All of this should produce no
user-visible changes except in log messages (which have changed a lot).
NB, Peter Onion helped out greatly in this.

Experimental facilities for RSA digital-signature authentication have been
added to Pluto and ipsec_auto, and there is an rsasigkey utility for key
generation.  This stuff is not yet well shaken down, or well documented. 

There is a new configuration parameter, spi, for ipsec_manual, simplifying
SPI assignment for FreeS/WAN-to-FreeS/WAN cases.  Standard manual-setup
keys are supplied in the sample ipsec.conf to aid testing.

The kernel now builds its own copy of the internal library, avoiding some
perennial problems with compile-option mismatches etc.  (Marc Boucher did
a lot of this.)

The KLIPS code now gets symlinked into the kernel tree file by file,
instead of with one symlink to the directory.  This has pros and cons,
but in particular it does work much better with the standard Makefiles,
and various little things have been done for better kernel integration.

The ipsec command now supplies PATH and IPSECDIR to commands under it, and
IPSECDIR is filled in at build time rather than being hardwired; also, it
can be different from where things are being installed. 

Various undocumented aspects of the /proc output have changed; be warned.
Of note are rather more per-SA statistics.

KLIPS now has IPSEC SA expiry based on reaching hard limits of
allocations, bytes, addtime, usetime, and replay counter rolling. 

A double locking bug which hit 2.0.36 (but not 2.0.38) has been fixed.

As usual, there are assorted small bug fixes and improvements to docs
and messages.



New and notable in 1.1:

It now runs on the 2.2.xx kernels (we strongly recommend 2.2.12, not
earlier ones, for non-FreeS/WAN reasons), although there may still be
some bugs in transport mode.  Preliminary 2.3.xx support is in too.

Automatic rekeying has been heavily revised to fix some subtle bugs
(notably the "shoelacing" problem), and to vary its timing (see the new
"rekeyfuzz" parameter in ipsec.conf) so that sites with many connections
don't try to rekey all of them simultaneously. 

The bugs which made our interim Road Warrior support not work have been
(we hope) fully fixed.

type=tunnel and keyexchange=ike are now defaults in the ipsec.conf file,
cutting down the bulk of a simple connection entry.  Also, an empty value
for a parameter is now exactly equivalent to the default value (whereas
previously the meaning of this was parameter-specific and ill-defined).

The documentation now includes a permuted index.

Pluto has been fixed to use the correct length for DH values, which does
create a problem:  about one time in 256, it won't interoperate properly
with older Plutos (because the older ones got this wrong when the DH value
had a leading zero byte).  As a transition measure, there is a kludge in
place which *should* cause Pluto to retry immediately in that case;
cautious people who don't have to deal with old Plutos might want to
switch that off (look for the DODGE_DH_MISSING_ZERO_BUG macro in the
Pluto Makefile).

The kernel-patch applier has been changed so that if the patch seems to
have been applied already but there is no record of that, it assumes that
everything is okay.  THIS MEANS IT WILL NOT TRY TO BACK OUT AN OBSOLETE
PATCH FROM A PRE-1.00 RELEASE.  Anyone upgrading from a pre-1.00 release
to this release will have to start with a virgin kernel.  (The reason for
this change is that some of our kernel fixes are now showing up in the
official Linux kernel releases.)  Also, patch-applier output is now
saved in out.kpatch for later inspection, and a failed patch results in
the target file being restored to its original state (with the evidence
saved in foo.c.mangled).

The ipsec[0123] device is configured down if the attached physical device
disappears.  This is useful to prevent laptops from crashing when a PCMCIA
card is removed.

KLIPS now does data-structure locking to prevent some race conditions.

The kernel "make oldconfig" is now supported, via "make oldgo".

Variable length PPP headers are now supported (Thanks MB).

Some attempts have been made to smarten up the logic which tries to figure
out where boot scripts go.  It's still not perfect.

"ipsec look" now sorts each section of its output, and generally has had
some small format changes to make it more helpful.

ipsec --version reports the version of FreeS/WAN (even if KLIPS etc. is
not running at the moment).

There is now a default mechanism in ipsec.conf, so it's possible to set
defaults which apply for the rest of the file, to simplify repetitive
connection descriptions.  (Look for %default in the manpage.)

The machinery which reads ipsec.conf now detects unknown parameter names
and considers them an error.  (Names beginning with x- or X- are exempt,
they are permanently reserved for user customization.)

A bug in script handling of virtual interfaces (for IP aliasing) has been
fixed. 

The manual pages are now installed more intelligently, under all the
appropriate names rather than just some.

Several scripts which depend on the output of ifconfig now set environment
variables to try to ensure that the output is in English even if the user
is set up for another language.

We've begun using an ip_address type internally, to hide the details of
addresses with an eye on long-term IPv6 compatibility.

There is now a dumpdir parameter in ipsec.conf, to specify where Pluto
core dumps should occur if they are allowed at all (of relevance to
advanced developers only). 

Pluto's innards have generally been revised and cleaned up.

Devices ipsec2 and ipsec3 have been added, to increase the number of
interfaces which can have IPSEC on them.

/proc/net/ipsec_klipsdebug has been added to provide feedback about the
current KLIPS_DEBUG settings.  It is read-only.

There is much new code in the innards for PF_KEY2 support, although it
is not active by default yet, because it is still highly experimental.

As usual, there are assorted small bug fixes and improvements to docs
and messages.



New and notable in 1.00:

INSTALL procedures have changed, to require less typing by having the
Makefile do most of the dirty work.  The old procedures are still
available; see doc/impl.notes if required.  More attention is paid to the
fact that many people do not use the kernel "make install" to install
their kernels... although there are limits to how much help we can offer,
considering the complexity of the problem.  doc/kernel.notes offers some
observations on our experiences.

The default permissions on ipsec.conf are now rw-r--r--, not rw-------.

Command syntax for manual and auto has changed; for example, to bring an
auto connection up, say "ipsec auto --up name", not "ipsec auto name up".
The old syntax is still accepted, temporarily, but will draw warning
messages.

Communication to Pluto (auto+whack) now uses Unix-domain sockets, so that
permissions can be used to control access.

Configuration parameters for automatically-keyed connections have changed,
with the "encrypt" parameter gone and "auth" replacing "authenticate"
(with different values). 

A new config-file parameter, "also", permits putting a connection
description together piece by piece (with some pieces possibly in other
files, for greater security).

A new config-file parameter, "auto", cooperates with a new "%search" value
for the plutoload and plutostart setup parameters to allow connections to
be loaded and started automatically at IPSEC startup time, without having
to list all the names in plutoload or plutostart.

A new connection type, "passthrough", supports having some types of traffic
bypass IPSEC processing altogether.  (Manual "keying" only.)

Auto's --replace operation now also does --rereadsecrets.

The kernel patches are now applied by a more sophisticated script, which
in particular can undo old patches when the patches change (and can tell
when this has happened).  The downside is that everybody gets to install
from virgin kernel sources *once*, because the patcher can't undo patches
made by previous versions (they didn't leave enough information around).

Many of the more obscure examples formerly found in ipsec.conf are now
in doc/examples instead.

PMTU and fragmentation issues have been cleaned up w.r.t. RFCs.  The
kernel configuration includes a switch to shut off ICMP PMTUD messages if
hosts get confused by receiving ICMP PMTUD messages *and* ACKs.

Several of the configuration parameters for automatically-keyed connections
have changed name; notably, "lifetime" is now "keylife", and "rekeystart"
is now "rekeymargin".

Wildcard file includes are supported within ipsec.conf and ipsec.secrets.
The ipsec.conf processing has been cleaned up, made fussier about errors,
and centralized for easy changes. 

ipsec_barf output is more complete.

The censoring of keys and shared secrets in barf output is smarter:  now
it prints checksums instead of just deleting the sensitive information, so
there is some hope of being able to tell whether (for example) two keys
are identical. 

The "ipsec" wrapper command is no longer willing to run commands from
anywhere except its own directory.

The rekeytries parameter has become keyingtries, and applies to initial
setup as well as rekeying.  (Whack and ipsec_auto return after the first
try, but tries continue if keyingtries>1.)  A value of 0 means "a really
big number".

Pluto now respects the policy options of a connection (e.g., "--pfs")
even if the other end is initiating the connection.

Various rough edges in Pluto associated with disagreements between the two
ends have been cleared up.

Error messages and logging have generally been improved, and there have
been the usual assorted bug fixes.

Installation now uses "install" instead of "cp".

New in 0.92:

The biggest change is that the configuration/control files are completely
different.  /etc/sysconfig/ipsec, /etc/ipsec-manual, and /etc/ipsec-auto
have merged to become /etc/ipsec.conf, there is now a unified connection-
description format within it that either manual or auto can use, and
various other touchups have been done. 

/etc/isakmp-secrets also has changed format, and is now /etc/ipsec.secrets.
It implements the same "include" mechanism as the configuration file, and
the new format permits easier sharing of identical files between machines.

ipsec_manual's {left|right}masquerade parameters have been renamed to
{left|right}firewall, and ipsec_auto understands them too.

There are several new configuration parameters, including provisions for
asynchronous connection negotiation (in which Pluto starts negotiation
of all desired connections simultaneously, and IPSEC startup does not
wait for it to finish).

Pluto's innards have been reorganized; interoperability is much improved.
Also, Pluto now supports multiple interfaces.

The documentation has been massively improved, although there is still
much to be done.

The DES library has (finally) been updated to the latest.  The speed
improvement on x86 CPUs is especially large.

Support for single-DES (as opposed to 3DES) has been largely discontinued.
(The timing of this was a management decision which not all members of the
technical team agree with.)

KLIPS now sends all packets with different inner and outer destinations
directly to the attached physical device, rather than back through
ip_forward, preventing the "route stealing" problem (in which a route
being set up to a subnet could clobber the route to its gateway, causing
total packet loss).  The downside of this is that it is now important to
get the {left|right}nexthop parameters in the configuration file *right*.

ipsec_auto now supports transport mode.

Fragment handling has been shaken up and improved, generally for the
better, but the new stuff has not been tested well yet.

IPIP tunnels are now processed internally, not requiring the IPIP module
to be loaded or configured.

We now decrement TTL in outgoing packet and set TTL on new IPIP_TUNNEL to
default value, not from existing packet TTL value.  That is, a tunnel
looks like one hop, as it should. 

The SA ID %passthrough now signifies a magic SA which means that packets
should be passed through untouched.  (There is no ipsec_manual/auto
support for this yet.)

The '--said' command-line parameter is now accepted by the 'spi' and 'eroute'
commands to enable cut-and-paste of /proc/net/ipsec_* and debug output.

Initialization vectors (IVs) are now generated in the kernel; user-level
support for specifying particular IV values has been discontinued.

KLIPS has changed from transform switching to algorithm switching to
reduce redundancy (and accomodate PFKEYv2 switchover).  A major code
cleanup has also been done, reducing both source and binary size by 40%.

There have been many minor improvements, cleanups, and bug fixes.

New in 0.91:

Various new items of documentation, most notably doc/vpn.how, an intro to
setting up virtual private networks with FreeS/WAN.  Plus assorted updates
and improvements to old docs too.

Most of the contents of the ietf-drafts directory have been superseded by
RFCs 2401-2412 and 2451.

All the manual pages now are installed under names beginning with ipsec_,
to avoid name clashes.  Caution:  there is nothing that automatically
*removes* the older versions, if you've installed an earlier release.

The configuration file (/etc/sysconfig/ipsec) has been extensively
reworked, repeatedly.  The latest version supports multiple interfaces and
does not need to know addresses etc. 

There is an "ipsec manual" command for taking manually-keyed connections
up and down, with a corresponding control file containing some examples
(which are realistic enough to use as the basis for real ones).  There is
a corresponding "ipsec auto" command for Pluto-run connections.

The boot-time startup/shutdown script is now accessible as "ipsec setup",
and includes a "restart" facility.  It now allows for the possibility that
Klips may be a module, and clears out eroutes and spis at startup and
shutdown.  Setup errors and messages go to syslog as well as stderr. 
There are provisions for boot-time setup of multiple connections, both
manually and automatically keyed. 

There is now an optional facility for having the boot-time startup script
enable IP forwarding *after* basic IPSEC setup is done, to avoid timing
windows in which cleartext packets might leak out.

Rationalised all the klips kernel file headers.  They are much shorter
now and won't conflict under RH5.2.

"make insert" now sets up various IPSEC-related issues in the kernel
configuration right, so the sysadmin shouldn't need to make many changes
by hand. 

Discard packets for which there is no eroute if outbound on ipsec0.

Added temporary udp/500 IPSEC bypass for IKE daemons, so that they can
continue to talk "in clear" even when all other traffic gets encrypted. 

/proc/net/ipsec_* formats have been cleaned up for easy parsing by scripts.

There is a new concise format for identifying SAs, e.g. "ah0x507@1.2.3.4",
and many things now use it (and the utility functions that convert it to
and from internal forms).  Klips now has separate SPI number spaces for
AH, ESP, and tunneling internally.

The default of no replay checking can be overridden in manually-keyed ESP
xforms. 

Pluto has been substantially reworked internally, has an internal database
of potential connections (against which incoming requests are checked),
and does timed rekeying.  Whack talks to Pluto with TCP rather than UDP,
which permits Pluto to actually provide feedback on how things are going
(although the details of the feedback still need work).

Standardise on '-96' notation for AH transforms and '-128' notation for
ESP transforms in the 'spi' command.  The old notation without any
authenticator bit length still works and still refers to the '-96'
transform for AH transforms and '-128' transform for ESP transforms.

The output of "ipsec barf" has been reordered to put the more interesting
items first.  "ipsec look" has been added as a terse way to look at the
most important things.

New command, "ipsec ranbits", for generating good random bits for keys and
such.  (/dev/random does the work, but this provides a convenient scripting
interface to it.)  The sample isakmp-secrets and ipsec-manual files are now
built using this, so they no longer contain keys that everyone will know.

There is a new character (0t) key format, for weird people who like to
write keys as one ASCII character per byte.

Pluto now does PFS (Perfect Forward Secrecy), based on code contributed by
Kai Martius. 

Various output formats have been cleaned up and improved, and assorted
minor and major bugs fixed.




New in 0.90:

klips/doc/modes.html documents the setup of various possible types of
connection in a half-readable form.

Everything now runs under Red Hat 5.1 and the 2.0.35 kernel.

There is now an rc.d startup/shutdown script for Klips and Pluto, set
up during a normal installation, driven by a configuration file located
in /etc/sysconfig/ipsec.

There is a manual page for Pluto (and whack).

Pluto is now smart enough to tear down what it sets up.

The following xforms have been added and interop tested against OpenBSD
with the exception of the NULL xforms:
ESP_DES
ESP_3DES
ESP_DES_SHA1_96
ESP_3DES_SHA1_96
ESP_NULL_MD5_96
ESP_NULL_SHA1_96

All keys and IV's to the spi command must be in hexadecimal with a '0x'
prefix or in base64 with a '0s' prefix.  SPI's to the spi, spigrp and eroute
commands are hexadecimal (preferred) if preceded by '0x' or decimal if
preceded by a digit in the range 1-9.  Beware of leading '0's being
interpreted as octal.

A --clear option has been added to the eroute and spi commands to clear
the entire eroute and SA tables respectively and to the tncfg command
to clear all virtual I/Fs.

The eroute, tncfg, klipsdebug and spi commands have been converted to long
option names.  All command line parameters have been converted from
positional to long option args.  All script calls to these utils will
have to be updated.  The usage text and manpages have been updated
accordingly.

The spi and spigrp commands now accept name lookups for hosts.

The eroute command now condenses the src, srcmask and dst, dstmask arguments in 
a 'add' or 'del' call with a delimiting '/'.  It will now accept symbolic
names for hosts, nets or masks and will accept the mask as a number of 
significant bits.  Any scripts that call eroute will need to be changed.

All the klips utils now have --version and --help directives.

Klips utils cleaned up to check more thoroughly about improper arguments
and report more specific error information.  Kernel error codes made more
specific to help in debugging and identifying automatically, bad
command syntax.

Cleaned up some useless references to unused resources that prevent
compilation under RH 5.x.

Packets with more than one IPSEC wrapper will only be counted once in the
stats, before they were counted as many times as there were wrappers.  The
skb's pointer to dev is now set to the corresponding ipsecx I/F.

Make clean now does something useful in the klips/net/ipsec directory.
Dependancies have also been added to force recompile of the klips kernel
objects when the kernel config changes.

Klips is now statically linkable.  The config procedure has been changed
to allow options to a 'y' answer for CONFIG_IPSEC.  There are now more patches
to the kernel and several have changed.  It is advisable to repatch a
fresh kernel or back out the previous patches made for an earlier version
of klips.  Don't forget to remove any references to 'insmod ipsec' or
'modprobe ipsec' in any automatic or manual scripts if you use static
linking.  Depending on the size of your existing kernel, you may have to
use 'make bzImage' and install this kernel manually.

The INSTALL instructions now specify static linking, for simplicity.

The Klips sources are no longer copied into the kernel, hurrah.  Some
reshuffling of directories has made it possible to use a symlink.

Most of the utilities now go in /usr/local/lib/ipsec, with the "ipsec"
wrapper command used to access them.

Added a warning on module load if IPIP protocol is not available to
decode tunnel mode packets.  Additionally, kernel message advising of
receipt of IPIP packets if the protocol is not loaded has been added.

New in 0.85:

There is now a general-utilities directory, notably including a new
command ("barf") that dumps a bunch of debugging info on stdout.

INSTALL, and the top-level Makefile, have been simplified to do all
the user-level code in one fell swoop ("make" and "make install").
Provisions are also in for putting the user-level programs off in
their own directory and using the "ipsec" prefix command to invoke
them, but this has not been activated yet.

The manual keying utils' manpages are now installed in the default
location (/usr/local/man/man8) when the utils are installed.

'spi' utils now complains unless the exact key and iv sizes are supplied.

RX packets received and bogus are both now reported.  Note that packets
will be reported as many times as there are esp or ah headers per packet.
This will be fixed with the 2.1.x series kernel work.

Added check for self-describing padding.  It only reports possible bad
packets.  It does not discard them.  Reporting can be shut off with
debug options.

Experimental/Obsolete transforms are obvious in the kernel config and
can be disabled.

/proc/net/ipsec_version has been added which prints out the freeswan
version as well as the cvs id of each transform.

/proc/net/ipsec_spinew has been added which gives a fresh spi each time
it is read.  It increments by two each time due to proc subsystem
operation.  This counter will eventually roll over, so this needs to
be kept in mind for the long term (ie. todo: garbage collection, etc.).

There is now an organized internal mechanism for providing release version 
numbers to Klips and Pluto, so they can display them.  (Note, this is done
by symlinks made by the top-level Makefile at compile time.)

i/r specifier in 'spi' util has been removed.  It was obsolete.  Automated
commands that use spi will need to be updated.

The encr. and auth. keys have been split in the spi utility.

Version information added to all xform attach routines and klips utils.

Module releases all structures allocated at init to prevent memory
leaks from multiple insmod/rmmod operations.

All the /proc/net/ipsec_* pseudo-files now have no limit of output
data.  Previously, *very bad* things happenned if you had more than 3k
text output from ipsec_eroute and ipsec_spi.

All the /proc/net/ipsec_* interfaces have a banner to announce what it is
and blank lines to make it easier to read.

The names of the proc files have been changed to be consistent with the
rest of the files in the directory, in particular, note the change from
'-' to '_': /proc/net/ipsec-* have become /proc/net/ipsec_*.

/proc/net/ipsec_spi lists what algorithm is in use and does NOT list keys.

/proc/net/ipsec_spigrp lists all existing groups of spi's set by spigrp.

/proc/net/ipsec_tncfg lists all existing virtual IPSEC to physical network
connections.

Further debug output modifications so that klips will be much quieter
with debugging off.

Finer control of kernel debug messages from user space with subsystem
switches in klipsdebug.

All keys are zeroed after use in the manual keying utilities and in klips.

All kernel messages referring to IP's are in decimal dotted quad notation
now (they were in hex, or even in network order hex before).

Spigrp with one parameter set will ungroup an existing SA chain.

Deleting one SA will also remove all the rest in the chain.

New in 0.8:

The Klips (nee "IPSEC") and Pluto distributions have been integrated for
the first time, and some duplications cleared out.  We're also now including
the GMP library which Pluto needs.

Both Klips and Pluto have finally been updated to support separate ESP
encryption and authentication keys.  The Pluto code for this hasn't been 
tested extensively yet.

Klips is now capable of operation with devices other than Ethernet
interfaces.

Internal cleanup of Pluto is underway.  This release of Pluto supports
and uses more than one Transformation Payload within the Phase 1 SA
Payload.  One result of this is that it will not interoperate with
older versions of Pluto.

Work is underway on compatibility with later versions of Linux.

Klips's virtual ipsec devices can now be detached from the physical
device, and eroutes and sa's can now be deleted, so the last two commands
have been changed to "eroute" and "spi" from "addrt" and "setsa"
respectively.  "addrt" and "setsa" are obsolete.  Tunnel mode inside
transport mode now works with no delay (How useful this is, is debatable). 
Transmit statistics now work. 

The klips transforms: AH-HMAC-MD5-96, AH-HMAC-SHA1-96, ESP-3DES-MD5-96 and
ESP-DES-HMAC-MD5-96 have been updated from the old specs (RFC192[5-9])
to the new proposed draft standards (as of March 1998).

A second ipsec device has been hard-wired into the kernel module for use
with a second interface.  This is temporary and will change when the
kernel routing is overhauled and updated to 2.1.xx series kernels.

Kernel instrumentation was corrected, extended and added.

/proc/net/ipsec-route (originally /proc/net/ipsec-rt) is now 
/proc/net/ipsec-eroute for consistency with the command name.

A user-space utility has been added (klipsdebug) to dynamically change
klips debug output switches.  This change has removed all but one
config debug comile switch (ie. rerun kernel make {menu,x,}config).

ipsec_md5 and ipsec_sha1 files no longer have nested header files so
they can be used by userspace utilities.

tncfg no longer dumps core when invoked for usage message.

Manpages have been added for the (5) userspace klips utilities.

The klips README has been split and overhauled.

Added a tunnel mode and transport mode example based on current setup.

Added a patch for the Linux netlink code to clean up after a badly behaved
module (not likely to be significant in normal use, but having to reboot
after each test during debugging is impossibly painful).

Added a patch for the Linux kernel config utility help menus to explain
what the IPSEC option is, where to find the standards and where to find
the latest development.

RCSID $Id: CHANGES,v 1.99 1999/12/29 21:18:38 rgb Exp $
