===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/72.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -c -r1.10 -r1.11
*** www/72.html 2022/09/30 08:37:58 1.10
--- www/72.html 2022/09/30 09:30:28 1.11
***************
*** 137,143 ****
VMM/VMD improvements
Various new userland features:
--- 137,177 ----
VMM/VMD improvements
! - Improved error handling and logging in vmd(8)
!
- Unify all internal structures and interfaces between vmd(8), vmctl(8) and vmm(4) to use bytes for
! memeory and disk sizes.
!
- fix rebooting a received vm in vmd(8).
!
- Have vmd(8) provide
! a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
! it there.
!
- In vmd(8), fix off by
! one in vm memory range check.
!
- In vmd(8), add
! support for mmio assist. In vmm(4), send all port io
! emulation to userland.
!
- Have vmd(8) compute
! i8254 read-back command latch from singular timestamp.
!
- Improve the command line parsing in vmctl(8).
!
- Let vmm(4) allow
! reading MSR_TSC on Intel hosts.
!
- In vmm(4), reference
! count vm's and vcpu's.
!
- In vmm(4), zero
! virtual addresses of vcpu state pages after freeing.
!
- Fix `vmctl send` on Intel hosts by load the vmcs before reading
! vcpu registers in vmm(4).
!
- Fix `vmctl receive` on Intel hosts by adding an additional fault
! type in vmm(4).
!
- Add additional dt(4)
! tracepoints in various vmm(4) codepaths.
Various new userland features:
***************
*** 208,214 ****
Routing daemons and other userland network improvements:
tmux(1) improvements and bug fixes:
--- 242,328 ----
Routing daemons and other userland network improvements:
! - IPsec support was improved:
!
!
- In bgpd(8),
!
! - Implement max-communities filter to limit the number of allowed
! communities, ext-communities and large-communities.
!
- Fix insertion of additional non-transitive extended communities when
! sending out prefixes.
!
- Relax IP address limitation by allowing prefixes in 240/4.
!
- Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
! in UPDATE and OPEN Messages.
!
- Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
!
- Improve FIB code, handle IPv6 scoped addresses properly.
!
- Add bgplgd(8),
! a fastcgi server providing a REST API of bgpctl.
!
- Bugfix: bgpd(8) could fail to invalidate nexthops and incorrectly
! leave them in the FIB or Adj-RIB-Out.
!
- Speedup bgpctl
!
show rib 10/8 or-longer and show rib 10/8
! or-shorter
! - Switch various static hash tables to RB trees improving
! performance on large systems
!
- Export per neighbor pending update and withdraw statistics
!
- Fix race between a neighbor session reset and its update message
! backlog
!
- Improve handling of nexthop reachability state changes
!
! - rpki-client(8) saw some changes:
!
! - Do not apply timezone offsets when converting X509 times. X509
! times are in UTC and comparing them to times in different timezones
! would cause validity problems.
!
- Add support for an operator-configurable skiplist facility.
! Operators can specify a list of FQDNs which should not be contacted
! when synchronizing the local cache to the network.
!
- Emit a warning when a RRDP session serial number decreases.
!
- DER decoding functions were refactored to leverage ASN.1 templates.
!
- Add support to validate & inspect .sig files containing RPKI Signed
! Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
!
- Print various statistics after the completion of the main process.
!
- Add support to decode & print TAL (RFC 8630) details in filemode (-f).
!
- Emit objects in Concatenated JSON format when filemode (-f) and the JSON
! output flag (-j) are combined.
!
- Add suport for validating Autonomous System Provider Authorization
! (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
! Validated ASPA payloads are visible in JSON and filemode (-f) output.
!
- Set rsync connection I/O idle timeout to 15 seconds.
!
- Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS.
!
- Rpki-client now performs stricter EE certificate validation:
!
! - Disallow AS Resources extensions in ROA EE certificates.
!
- Disallow Subject Information Access (SIA) extensions in RPKI
! Signed Checklist (RSC) EE certs.
!
- Check the resources in ROAs and RSCs against EE certs.
!
! - Improve readability and add various information being printed in
! verbose mode.
!
- Extend filemode (-f) output and print X.509 certificates in PEM
! format when increased verbosity (-vv) is specified.
!
- Shorten the RRDP I/O idle timeout.
!
- Introduce a deadline timer that aborts all repository synchronization
! after seven eights of timeout (-s). With this rpki-client has improved
! chances to complete and produce an output even when a CA is excessivly
! slow.
!
- Abort a currently running RRDP request process when the per-repository
! timeout is reached.
!
- Permit multiple AccessDescription entries in SIA X.509 extensions. While
! fetching from secondary locations is not yet supported, rpki-client will
! not treat occurence as a fatal error.
!
- Resolve a potential for a race condition in non-atomic RRDP deltas.
!
- Fix some memory leaks.
!
- Improve compliance with the HTTP protocol specification.
!
!
! - In ospfd(8),
! relax the limitations on what is an acceptable unicast IP. There are no
! more experiments in IPv4 and so there is less reason for network
! daemons to deny formerly experimental IP space. Multicast IPs
! (224/4) and loopback (127/8) are stil disallowed.
!
tmux(1) improvements and bug fixes: