===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/53.html,v
retrieving revision 1.87
retrieving revision 1.88
diff -c -r1.87 -r1.88
*** www/53.html 2016/08/15 02:22:05 1.87
--- www/53.html 2017/06/26 17:18:57 1.88
***************
*** 58,134 ****
- Improved hardware support, including:
! - New driver oce(4) for Emulex OneConnect 10Gb Ethernet adapters.
!
- New driver rtsx(4) for the Realtek RTS5209 card reader.
!
- New driver mfii(4) for the LSI Logic MegaRAID SAS Fusion controllers.
!
- New driver smsc(4) for SMSC LAN95xx 10/100 USB Ethernet adapters.
!
- New drivers for Toradex OAK USB sensors: uoaklux(4) (illuminance), uoakrh(4) (temperature and relative humidity) and uoakv(4) (+/- 10V 8channel ADC).
!
- New drivers for virtio(4) devices: vio(4) (network), vioblk(4) (block devices, attaching as SCSI disks) and viomb(4) (memory ballooning).
!
- Support for Adaptec 39320LPE added to ahd(4).
!
- Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in bge(4).
!
- Intel X540-based 10Gb Ethernet devices supported in ix(4).
!
- Support for SFP+ hot-plug (82599) and various other improvements in ix(4).
!
- TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in vr(4).
!
- Baby jumbo frames supported in vr(4) and sis(4) useful for e.g. MPLS, vlan(4) tag stacking (QinQ) and RFC4638 pppoe(4).
!
- TCP RX Checksum offload in gem(4).
!
- Improvements for NICs using 82579/pch2 in em(4).
!
- Flow control is now supported on bnx(4) 5708S/5709S adapters, gem(4) and jme(4).
!
- Power-saving clients supported in hostap mode with acx(4) and athn(4).
!
- A cause of RT2661 ral(4) wedging in hostap mode was fixed.
!
- iwn(4) supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).
!
- Improvements to ahci(4).
- Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters.
!
- Elantech touchpads supported in pms(4) and synaptics(4).
!
- Support for "physical devices" on skinny mfi(4) controllers.
!
- VMware emulated SAS adapters supported by mpi(4).
- Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.
- Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors.
- amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100.
!
- ulpt(4) can now upload firmware to certain HP LaserJet printers.
- Added stat clock to Loongson machines, improving accuracy of CPU usage statistics.
- CPU throttling supported on Loongson 2F.
!
- Support for Apple UniNorth and U3 AGP added to agp(4).
- DRM support for macppc.
- Generic network stack improvements:
! - Restriction on writing to trunk(4) member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).
!
- UDP support added to sosplice(9) (zero-copy socket splicing).
!
- IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an ifconfig(8) flag).
!
- ifconfig(8) hwfeatures displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).
- Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes.
- Routing daemons and other userland network improvements:
! - OpenBSD now includes npppd(8), a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.
!
- New standalone tftp-proxy(8) to replace the old inetd(8)-based implementation.
!
- SNMPv3 supported in snmpd(8).
!
- bgpd(8) is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).
!
- bgpd(8) now handles client side of "graceful restart".
!
- bgpd(8) can now filter based on the NEXTHOP attribute.
!
- A stratum can now be assigned to hardware sensors in ntpd(8).
!
- authpf(8) now supports the use of per-group rules files.
!
- ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".
!
- ftp(1) client's mput command allows to upload a directory tree recursively using the -r switch.
!
- relayd(8) has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).
!
- The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).
!
- iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in draft-gont-opsec-vpn-leakages.
!
- dhclient(8) improvements:
- dhclient-script eliminated, all configuration is done with ioctl's and routing sockets.
- interface configuration is much faster.
!
- HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
- INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
!
- resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.
- interface hardware address changes are detected and cause dhclient to restart.
- dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
- '-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
--- 58,134 ----
- Improved hardware support, including:
! - New driver oce(4) for Emulex OneConnect 10Gb Ethernet adapters.
!
- New driver rtsx(4) for the Realtek RTS5209 card reader.
!
- New driver mfii(4) for the LSI Logic MegaRAID SAS Fusion controllers.
!
- New driver smsc(4) for SMSC LAN95xx 10/100 USB Ethernet adapters.
!
- New drivers for Toradex OAK USB sensors: uoaklux(4) (illuminance), uoakrh(4) (temperature and relative humidity) and uoakv(4) (+/- 10V 8channel ADC).
!
- New drivers for virtio(4) devices: vio(4) (network), vioblk(4) (block devices, attaching as SCSI disks) and viomb(4) (memory ballooning).
!
- Support for Adaptec 39320LPE added to ahd(4).
!
- Broadcom 5718/5719/5720 Gigabit Ethernet devices supported in bge(4).
!
- Intel X540-based 10Gb Ethernet devices supported in ix(4).
!
- Support for SFP+ hot-plug (82599) and various other improvements in ix(4).
!
- TX interrupt mitigation, hardware VLAN tagging and checksum offload reduce CPU use in vr(4).
!
- Baby jumbo frames supported in vr(4) and sis(4) useful for e.g. MPLS, vlan(4) tag stacking (QinQ) and RFC4638 pppoe(4).
!
- TCP RX Checksum offload in gem(4).
!
- Improvements for NICs using 82579/pch2 in em(4).
!
- Flow control is now supported on bnx(4) 5708S/5709S adapters, gem(4) and jme(4).
!
- Power-saving clients supported in hostap mode with acx(4) and athn(4).
!
- A cause of RT2661 ral(4) wedging in hostap mode was fixed.
!
- iwn(4) supports additional devices (Centrino Advanced-N 6235 and initial support for Centrino Wireless-N 1030).
!
- Improvements to ahci(4).
- Support for the fixed-function performance counter on newer x86 chips with constant time stamp counters.
!
- Elantech touchpads supported in pms(4) and synaptics(4).
!
- Support for "physical devices" on skinny mfi(4) controllers.
!
- VMware emulated SAS adapters supported by mpi(4).
- Support for Intel's Supervisor Mode Execution Protection (SMEP) and Supervisor Mode Access Prevention (SMAP) features on i386 and amd64.
- Support for the RDRAND instruction to read the hardware random number generator on recent Intel processors.
- amd64 PCI memory extent changed to cover the whole 64-bit memory space; fixes erroneous extent allocation panic on IBM x3100.
!
- ulpt(4) can now upload firmware to certain HP LaserJet printers.
- Added stat clock to Loongson machines, improving accuracy of CPU usage statistics.
- CPU throttling supported on Loongson 2F.
!
- Support for Apple UniNorth and U3 AGP added to agp(4).
- DRM support for macppc.
- Generic network stack improvements:
! - Restriction on writing to trunk(4) member interfaces relaxed; BPF can now write to interfaces directly (useful for LLDP).
!
- UDP support added to sosplice(9) (zero-copy socket splicing).
!
- IPv6 autoconfprivacy is enabled by default (can be disabled per-interface with an ifconfig(8) flag).
!
- ifconfig(8) hwfeatures displays the maximum MTU supported by the driver (indicating support for jumbo/baby-jumbo frames).
- Vastly improved IPsec v3 compatibility, including support for Extended Sequence Numbers in the AES-NI driver for AES-GCM and other modes.
- Routing daemons and other userland network improvements:
! - OpenBSD now includes npppd(8), a server-side daemon for L2TP, L2TP/IPsec, PPTP and PPPoE.
!
- New standalone tftp-proxy(8) to replace the old inetd(8)-based implementation.
!
- SNMPv3 supported in snmpd(8).
!
- bgpd(8) is more tolerant of unknown capabilities when bringing up a session (logs a warning rather than fails).
!
- bgpd(8) now handles client side of "graceful restart".
!
- bgpd(8) can now filter based on the NEXTHOP attribute.
!
- A stratum can now be assigned to hardware sensors in ntpd(8).
!
- authpf(8) now supports the use of per-group rules files.
!
- ftp(1) client now supports basic HTTP authentication as per RFC 2617 and 3986 like "ftp http[s]://user:pass@host/file".
!
- ftp(1) client's mput command allows to upload a directory tree recursively using the -r switch.
!
- relayd(8) has various improvements including additional scheduling algorithms (least-states, for redirections, and random/source-hash, for relays).
!
- The iked(8) IKEv2 daemon supports NAT-T. (The isakmpd daemon for IKEv1 has supported this for a long time).
!
- iked(8) blocks IPv6 traffic unless there are v6 VPN flows; this is to prevent leakages as described in draft-gont-opsec-vpn-leakages.
!
- dhclient(8) improvements:
- dhclient-script eliminated, all configuration is done with ioctl's and routing sockets.
- interface configuration is much faster.
!
- HUP signals cause dhclient to restart; making it re-read the dhclient.conf(5) and resolv.conf.tail(5) files, and obtain a new lease.
- INIT, USR1, USR2 signals cause dhclient to exit after attempting to remove routes and addresses it configured.
!
- resolv.conf(5) is written only when the in-use default route was inserted by dhclient. Possible changes to the default route are detected and cause dhclient to write out resolv.conf when appropriate.
- interface hardware address changes are detected and cause dhclient to restart.
- dhclient.conf directive 'ignore' and command line option '-i' added, allowing the suppression of specific options offered by server.
- '-L' command line option added, allowing the creation of a complete record of the most recent offer and what we modified it to when binding the lease.
***************
*** 148,164 ****
- premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
- permanent ARP cache entries are no longer deleted during binding.
- allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.
!
- dhcpd(8) and dhclient recognize the same list of dhcp options.
!
- hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
!
- hand-rolled date string construction replaced with strftime(3) invocations.
!
- hand-rolled '%m' option replaced with strerror(3) invocations.
- many other internal code improvements.
!
- pf(4) improvements:
! - The divert(4)
socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction.
- Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP.
- PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters.
--- 148,164 ----
- premature and repeated DISCOVER and/or REQUEST messages at startup are avoided.
- permanent ARP cache entries are no longer deleted during binding.
- allow empty lists of option names for 'ignore', 'request', and 'require' dhclient.conf directives, so lists can be reset in interface declarations.
!
- dhcpd(8) and dhclient recognize the same list of dhcp options.
!
- hand-rolled IMSG implementation replaced with imsg_init(3) and related functions..
!
- hand-rolled date string construction replaced with strftime(3) invocations.
!
- hand-rolled '%m' option replaced with strerror(3) invocations.
- many other internal code improvements.
!
- pf(4) improvements:
! - The divert(4)
socket now supports the new IP_DIVERTFL socket option to control whether both inbound and outbound packets are diverted (the default) or only packets travelling in one direction.
- Sloppy state tracking (a special mode occasionally needed with asymmetric routing) now works correctly with ICMP.
- PF now restricts the fragment limit to protect against a misconfiguration running the kernel out of mbuf clusters.
***************
*** 170,183 ****
- New features:
- code is now considered stable and suitable for use in production.
!
- smtpctl(8) trace supports runtime tracing of various components, including imsg exchanges, incoming and outgoing sessions, aliases expansion and much more.
!
- smtpctl(8) monitor can now be used to monitor in real-time an instance of smtpd(8).
!
- smtpctl(8) show queue now supports an "online" mode where the scheduler is queried instead of the disk-based queue to provide more accurate information.
- virtual domain support has been reworked to simplify and bring support for new features like global catch-alls and shared user mappings.
- new table API replaces the map API: better handling of transient errors, improved performances and a much better interface.
- the transfer process may now select the source IP address to use as well as the HELO hostname to advertise from a table.
- each listener may advertise a different banner hostname.
!
- an alternate user database may be provided instead of relying on getpwnam(3).
- users may now be authenticated using credentials from a table.
- incoming sessions can be tagged, allowing for rules to only match envelopes that have been reinjected in the daemon after being passed to a proxy tool.
- intermediate bounces are now sent at configurable rates.
--- 170,183 ----
- New features: