===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/61.html,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- www/61.html 2017/03/07 10:44:50 1.17
+++ www/61.html 2017/03/07 14:13:44 1.18
@@ -93,6 +93,57 @@
switchd(8) and
switchctl(8)
programs.
+
route(8)
+ and netstat -r display all routing flags correctly and they
+ are completely documented in the
+ netstat(1)
+ man page.
+ When sending TCP streams they are locally stored in large
+ mbuf clusters to improve memory management.
+ The maximum TCP send and receive buffer size has been
+ increased from 256MB to 2GB.
+ Note that this results in a different
+ pf(4)
+ OS fingerprint for OpenBSD.
+ The default limit for mbuf clusters has been increased.
+ You can check the values with
+ netstat(1)
+ -m and adjust them with
+ sysctl(8)
+ kern.maxclusters.
+ Make the TCP_NOPUSH flag work for
+ listen(2)
+ sockets.
+ It is inherited by the socket returned from
+ accept(2).
+ A lot of code has been removed or simplified to make the
+ transition to multi-processor easier.
+ Redesign the interrupt and multi-processor locks in the
+ network stack.
+ When passing packets from the network stack to the
+ interface layer, make sure that they have no pointers to
+ pf(4)
+ which could result in a memory free operation at the wrong
+ protection level.
+ Fix checksum calculation in
+ pf(4)
+ af-to ICMP packet conversions.
+ Simplify af-to processing in and fix path MTU discovery in
+ some corner cases.
+ Improve IPv6 fragment processing.
+ Drop empty atomic fragments early.
+ Be more paranoid when IPv6 hop-by-hop headers appear after
+ fragment headers.
+ Follow RFC 5722 "Handling of Overlapping IPv6 Fragments"
+ more strictly in
+ pf(4).
+ RFC 8021 "IPv6 Atomic Fragments Considered Harmful" deprecates
+ generating atomic fragments, so do not send them anymore.
+ Depending on the addresses,
+ ipsecctl(8)
+ may automatically group SA bundles together.
+ To make clear what is going on, the kernel provides this
+ information and ipsecctl -s sa prints IPsec SA bundles.
...
@@ -133,6 +184,14 @@
from 2GB to 1TB on mips64.
route6d(8) now
runs with fewer privileges.
+ For incoming TLS connections
+ syslogd(8)
+ can validate client certificates with a given CA file.
+ The priviledged parent process of
+ syslogd(8)
+ calls
+ exec(2)
+ to reshuffle its random memory layout.
...
@@ -158,6 +217,29 @@
flags has been added to the
resolver(3)
implementation.
+
syslogd(8)
+ limits the socket buffer for TCP an TLS connections to 64K
+ to avoid wasting kernel memory.
+ syslogd(8)
+ supports the option -Z to print the timestamp in RFC 5424
+ ISO format.
+ This logs everything in UTC including the year, timezone
+ and fractions of seconds.
+ The default is still RFC 3164 BSD syslog time format.
+ The
+ syslogd(8)
+ options -a, -T, and -U can be given more than once to specify
+ multiple input sources.
+ Improve the
+ syslogd(8)
+ output and diagnostics in case the klog buffer
+ overflows.
+ Make SIGHUP handling in
+ syslogd(8)
+ more reliable.
+ An NMI sends the amd64 kernel into
+ ddb(4)
+ more reliably.
...