[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ANNOUNCE] New NRL IPsec Software Release
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: [ANNOUNCE] New NRL IPsec Software Release
- From: Thorsten Lockert <tholo_(_at_)_SigmaSoft_(_dot_)_COM>
- Date: Fri, 2 Aug 1996 12:42:24 -0700 (PDT)
>From: Ran Atkinson <rja_(_at_)_inet_(_dot_)_org>
>Subject: [ANNOUNCE] New NRL IPsec Software Release
>Date: 2 Aug 1996 04:52:24 GMT
>Organization: The Internet
>Summary: July 1996 NRL software release available soon.
>Keywords: NRL, IPsec, PF_KEY, IPv6, security, encryption
>Xref: news.sigmasoft.com comp.security.unix:6233 comp.security.misc:6190
The July 1996 NRL IPv6+IPsec Software Release for BSD is available now or very
soon from the following URLs. Older NRL releases also remain available at
most of these sites so be careful which version you are downloading:
The NRL software provides the following features:
IP Security (IPsec) for IPv4 per the IETF standards
IP Security (IPsec) for IPv6 per the IETF standards
PF_KEY key management API and the related Key Engine
The NRL software will drop in painlessly to the following OSs:
4.4 BSD encumbered
Other OSs using 4.4-Lite BSD networking code should be able to incorporate
this NRL software without much difficulty. The software is freely
distributable for any purpose provided NRL is given due credit (see
the LICENSE in the distribution for details) as per usual BSD-style
The NRL software has been tested on the following hardware and is
believed to work on all hardware supported by the above OSs:
Sun 4c SPARCstations
Intel i486 PCs
Intel i586/Pentium PCs
For key management with the NRL software, one can use the freely distributable
ISAKMP+Oakley key management daemon for PF_KEY that has been developed by
cisco Systems. This key management software is available from the MIT and
cisco web sites listed above. With PF_KEY, one can also write one's own
key management daemon if one wishes to.
An abriged version of the NRL README file follows.
NRL IPv6/IPsec Software Distribution
Alpha Release 3 Release Notes July, 1996
The NRL IPv6/IPsec Software Distribution is a reference implementation
of IPv6 and IP Security for the 4.4BSD-Lite networking software. It is freely
distributable (subject to U.S. export controls) and usable for commercial and
non-commercial purposes as long as the NRL and UC Berkeley license terms are
We have tested this software on SPARC systems using the UC Berkeley
4.4 BSD UNIX operating system with 4.4-Lite updates. We have also tested this
software on x86 systems running NetBSD 1.2, SPARC systems running NetBSD 1.2,
and x86 systems using BSDI 2.1. We believe that our code should be easily
portable to reasonable 4.4BSD derived systems (BSDI, NetBSD, OpenBSD, and
Lites). We believe that it would be difficult, though not impossible, to port
our code to other systems.
This implementation includes kernel networking software, a small
IPv6 support library, and several applications (e.g. telnet, telnetd, ping,
tftp, tftpd, socktest, netstat, ifconfig, ping, route, tcpdump) modified to
support IPv6/IPsec. This implementation also includes the NRL Key Engine
(aka PF_KEY) and applications to interface with it. There are manual pages
for the modified and new software, but they might not yet be as detailed as
one might like.
This "alpha-quality" release of the IPv6 software is intended to be
used by kernel hackers and implementers who want to get early access and
experience with IPv6 and IPsec. Use at your own risk. It is complete enough to
use for experimenting but it is not entirely complete. In some areas this is
because the IPv6 specifications are not yet stable.
Alpha 3 (July, 1996)
* Bug fixes
* Lots of code cleanups. The code now compiles with almost
* Sysctl adjustment of debugging verbosity levels. Look for
new variables named debug.inet6 and debug.key.
* The 4.4BSD-Lite2 changes to the netinet code.
* Eric Young's DES code has been replaced with Phil Karn's
DES code. Phil's code is better and his licensing terms are
* HMAC-MD5, SHA, and HMAC-SHA AH transforms contributed by
Larry Bassham and NIST.
* key(8) now uses hexadecimal SPIs instead of decimal. N.B.
* The latest versions of tcpdump and telnet.
* A port to NetBSD 1.2.
* A port to BSDI 2.1.
* A Linux port of the Key Engine and key(8) to Linux 2.0.
* Minor mods to keep the code in sync with the current specs.
Alpha 2 (January, 1996)
* Bug fixes
* Better multihomed support
* Improvements to IPsec, and a step toward separating the IPsec/v6
dependency in this implementation.
* Forwarding engine, and a crude router advertisement program.
* Router advertisement handling.
* Better route handlers, including default routes, network routes, and
cloning for easy Path MTU discovery.
* Path MTU discovery.
* Stateless address configuration, though with permanent lifetimes.
* Up-to-date neighbor discovery.
* Multicast option support (though no ICMP/IGMP messages yet)
Alpha 1 (September, 1995)
* Initial release