19 Feb 1997 Version 0.65a
- fixed various typos in the user's guide
- cert_gen now returns a 0 exit code which fixes "make key" under Solaris
- fixed signal delivery under Linux 
- fixed "src ip = " and "dst ip=" parser bug

06 Feb 1997 Version 0.64a
- fixed a bug in skipcache.c which prevented the use of more than one
  IP source/destination address mapping
- minor cosmetic changes

29 Jan 1997 Version 0.63a
- reduced the stack usage of the kernel module (the Linux kernel stack is 
  only 4192 bytes), SMALL_KERNEL_STACK define in config.h
- updated the Linux kernel patches, fixed sf firewall support (please 
  unpatch your kernel using patch -R and then apply the new patches),
  "module versions" now supported
- fixed a bug in the daemon mode of skipd: the timeout signal handler
  would be deinstalled on fork()
- fixed a bug in the Linux implementation caused by missing
  queue initializations in lib/req.c and a bug in the Linux queue --
  this bug would prevent the GETKEY daemon requests and therefore disable
  all communications after three hours (as soon as the three initially 
  computed Kijn were invalid, normally three hours); the new Linux queue 
  implementation is more robust and can be initialized with a "MEMZERO", 
  similar to the other platforms and every queue is limited to 20 packets 
  to prevent a crash if the machine is flooded
- fixed a bug in the parser preventing specification of hexadecimal manual
  secrets
- added "src mkid = " and "dst mkid = " configuration key words ("AUTO"/
  "YES"/"NO") to allow manual configuration of whether the NSIDs/MKIDs should
  be included in a SKIP packet
- fixed a bug preventing two GETKEY requests for the same primary cache entry 
  (this bug would only surface if a primary cache entry lasted longer than
  at least two times the update period, normally two hours)
- added skip_attach and skip_detach for Linux; when loading the module, all
  interfaces except the loopback interface are automatically attached -
  which you can now change on the fly 
- the Linux module will not attach to interfaces with to small a MTU or
  non-IP interfaces
- made the Linux timers more robust
- fixed a bug in the Linux IOCTL interface preventing return of error
  messages (needed for skip_attach, skip_detach, skip_dump)
- massive rewrite of the Linux interface and interface_getbuf functions;
  removed some "optimizations" (re-use of existing packets); the current
  implementation is much more stable and neither tcpdump nor ping -f will
  crash it
- removed the IFF_SKIP device flag in the Linux code
- fixed a bug in skipcache.c, where the request for new deskip keys was
  broken and would always overflow the buffer, resulting in a solid crash a 
  few seconds later (this would happen after twice the update period, 
  normally two hours, only if the primary cache was not flushed in between)
- fixed skip_dump output
- minor cosmetic changes and fixes, major changes in INSTALL
- some more changes here and there ;-)

15 Jan 1997 Version 0.62a
- worked around a bug in the skip daemon which would drop the first few
  packets when communicating with hosts linked to NSIDs other than IPV4
- use BSD style reliable signals under Linux
- 'make install' under Linux
- starting skipd if another skipd is running is OK; the new skipd will 
  exit gracefully
- the daemon finally works as expected when receiving a SIGHUP and 
  re-reads its configuration file
- some minor changes

27 Dec 1996 Version 0.61a
- some minor cleanups

04 Dec 1996 Version 0.60a
- Linux support
- the features of the Linux interface are described in "FEATURES-LINUX"
  (most of these features are not available on the other platforms
  due to their implementation in the OS interface)
- merged patches of 0.51pa-unofficial plus some oversights (mostly changes to 
  the encryption  algorithm IDs and zeroing of some IP header fields during 
  AH calculation) -- should now conform to draft 07 
- added/reenabled encryption algorithms:
  - RC4-40 (to be able to talk to SUN export version...)
  - RC2-40 (similar reason)
  - RC2-128 (because it required just 10 additional lines of code)
  - SAFER SK-128 (because it is in the SUN reference implementation)
- changed the skipd.conf parser:
  - to accept IP addresses in Name Space 01, e.g.
    01-127.0.0.1, 01-127.0.0.1:
  - subtle change in the algorithm names (watch out for "-", e.g.
    "RC4-128" instead of "RC4 128"
  - renamed "Kp algorithm" to "Crypt algorithm"
  - you can no longer specify "NONE" for the "Kij algorithm"
- will not zero the IP_DF (don't fragment) and IP_CE (congestion)
  bits of the IP header (this might lead to problems on platforms
  without the ICMP hook, i.e. all but Linux)
- added forgotten conversions to host/network byte order, reordered
  all of them so that the constant value will be transformed, not
  the variable (i.e. the compiler can do it)
- the crypto routines are not reentrant (buummm) -- added a semaphore
  to do one encryption/decryption at a time
- since Kij and Kp (key and payload) encryption magic numbers are now
  the same, removed "silly mapping" functions
- rewrote the CDP responder/initiator to conform to the draft, fixed one
  more byte order bug so that outgoing NSID mapping works
- new cert_gen utility to create interoperable unsigned DH certs
- and another byte order bug in "lookuphosts"
- catch padding error in ESP
- true daemon mode for skipd (argument -d, disconnect from terminal
  and run in background)
- switched IDEA implementations; the new one interoperates with other
  SKIP implementations
- and more bug fixes

// Robert Muchsel <muchsel@acm.org>


CHANGES in previous official releases:

07 Jun 1996 Version 0.50pa
- added SUN's X.509 certificate library
- using Colin Plumb's MD5 instead of RSA Data Security's implementation
- added certificate generation script using the certificate server
  skip.incog.com provided by SUN
- some bug fixes

21 Dec 1995 Version 0.20pa
- complying to draft 05
- internal rewrite

11 Oct 1995 Version 0.14pa
- added NODE id (sending side)
- added SUNSCREEN flag (incomplete)
- changed padding strategy for compatibility reasons
- MI resets when Kp changes (for Streamciphers)
- switched to mutex in solaris version (Martin Patterson)
- a few bugfixes
- compatibility to SUN and ELVIS+ SKIP

