Return to 61.html CVS log | Up to [local] / www |
version 1.17, 2017/03/07 10:44:50 | version 1.18, 2017/03/07 14:13:44 | ||
---|---|---|---|
|
|
||
<a href="http://man.openbsd.org/switchd.8">switchd(8)</a> and | <a href="http://man.openbsd.org/switchd.8">switchd(8)</a> and | ||
<a href="http://man.openbsd.org/switchctl.8">switchctl(8)</a> | <a href="http://man.openbsd.org/switchctl.8">switchctl(8)</a> | ||
programs. | programs. | ||
<li><a href="http://man.openbsd.org/route.8">route(8)</a> | |||
and netstat -r display all routing flags correctly and they | |||
are completely documented in the | |||
<a href="http://man.openbsd.org/netstat.1">netstat(1)</a> | |||
man page. | |||
<li>When sending TCP streams they are locally stored in large | |||
mbuf clusters to improve memory management. | |||
The maximum TCP send and receive buffer size has been | |||
increased from 256MB to 2GB. | |||
Note that this results in a different | |||
<a href="http://man.openbsd.org/pf.4">pf(4)</a> | |||
OS fingerprint for OpenBSD. | |||
The default limit for mbuf clusters has been increased. | |||
You can check the values with | |||
<a href="http://man.openbsd.org/netstat.1">netstat(1)</a> | |||
-m and adjust them with | |||
<a href="http://man.openbsd.org/sysctl.8">sysctl(8)</a> | |||
kern.maxclusters. | |||
<li>Make the TCP_NOPUSH flag work for | |||
<a href="http://man.openbsd.org/listen.2">listen(2)</a> | |||
sockets. | |||
It is inherited by the socket returned from | |||
<a href="http://man.openbsd.org/accept.2">accept(2)</a>. | |||
<li>A lot of code has been removed or simplified to make the | |||
transition to multi-processor easier. | |||
Redesign the interrupt and multi-processor locks in the | |||
network stack. | |||
<li>When passing packets from the network stack to the | |||
interface layer, make sure that they have no pointers to | |||
<a href="http://man.openbsd.org/pf.4">pf(4)</a> | |||
which could result in a memory free operation at the wrong | |||
protection level. | |||
<li>Fix checksum calculation in | |||
<a href="http://man.openbsd.org/pf.4">pf(4)</a> | |||
af-to ICMP packet conversions. | |||
Simplify af-to processing in and fix path MTU discovery in | |||
some corner cases. | |||
<li>Improve IPv6 fragment processing. | |||
Drop empty atomic fragments early. | |||
Be more paranoid when IPv6 hop-by-hop headers appear after | |||
fragment headers. | |||
Follow RFC 5722 "Handling of Overlapping IPv6 Fragments" | |||
more strictly in | |||
<a href="http://man.openbsd.org/pf.4">pf(4)</a>. | |||
RFC 8021 "IPv6 Atomic Fragments Considered Harmful" deprecates | |||
generating atomic fragments, so do not send them anymore. | |||
<li>Depending on the addresses, | |||
<a href="http://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> | |||
may automatically group SA bundles together. | |||
To make clear what is going on, the kernel provides this | |||
information and ipsecctl -s sa prints IPsec SA bundles. | |||
<li>... | <li>... | ||
</ul> | </ul> | ||
<p> | <p> | ||
|
|
||
from 2GB to 1TB on mips64. | from 2GB to 1TB on mips64. | ||
<li><a href="http://man.openbsd.org/route6d.8">route6d(8)</a> now | <li><a href="http://man.openbsd.org/route6d.8">route6d(8)</a> now | ||
runs with fewer privileges. | runs with fewer privileges. | ||
<li>For incoming TLS connections | |||
<a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
can validate client certificates with a given CA file. | |||
<li>The priviledged parent process of | |||
<a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
calls | |||
<a href="http://man.openbsd.org/execve.2">exec(2)</a> | |||
to reshuffle its random memory layout. | |||
<li>... | <li>... | ||
</ul> | </ul> | ||
<p> | <p> | ||
|
|
||
flags has been added to the | flags has been added to the | ||
<a href="http://man.openbsd.org/resolver.3">resolver(3)</a> | <a href="http://man.openbsd.org/resolver.3">resolver(3)</a> | ||
implementation. | implementation. | ||
<li><a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
limits the socket buffer for TCP an TLS connections to 64K | |||
to avoid wasting kernel memory. | |||
<li><a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
supports the option -Z to print the timestamp in RFC 5424 | |||
ISO format. | |||
This logs everything in UTC including the year, timezone | |||
and fractions of seconds. | |||
The default is still RFC 3164 BSD syslog time format. | |||
<li>The | |||
<a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
options -a, -T, and -U can be given more than once to specify | |||
multiple input sources. | |||
<li>Improve the | |||
<a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
output and diagnostics in case the klog buffer | |||
overflows. | |||
<li>Make SIGHUP handling in | |||
<a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a> | |||
more reliable. | |||
<li>An NMI sends the amd64 kernel into | |||
<a href="http://man.openbsd.org/ddb.4">ddb(4)</a> | |||
more reliably. | |||
<li>... | <li>... | ||
</ul> | </ul> | ||
<p> | <p> |