===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/72.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- www/72.html 2022/09/30 08:37:58 1.10
+++ www/72.html 2022/09/30 09:30:28 1.11
@@ -137,7 +137,41 @@
VMM/VMD improvements
- - ...
+
- Improved error handling and logging in vmd(8)
+
- Unify all internal structures and interfaces between vmd(8), vmctl(8) and vmm(4) to use bytes for
+ memeory and disk sizes.
+
- fix rebooting a received vm in vmd(8).
+
- Have vmd(8) provide
+ a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
+ it there.
+
- In vmd(8), fix off by
+ one in vm memory range check.
+
- In vmd(8), add
+ support for mmio assist. In vmm(4), send all port io
+ emulation to userland.
+
- Have vmd(8) compute
+ i8254 read-back command latch from singular timestamp.
+
- Improve the command line parsing in vmctl(8).
+
- Let vmm(4) allow
+ reading MSR_TSC on Intel hosts.
+
- In vmm(4), reference
+ count vm's and vcpu's.
+
- In vmm(4), zero
+ virtual addresses of vcpu state pages after freeing.
+
- Fix `vmctl send` on Intel hosts by load the vmcs before reading
+ vcpu registers in vmm(4).
+
- Fix `vmctl receive` on Intel hosts by adding an additional fault
+ type in vmm(4).
+
- Add additional dt(4)
+ tracepoints in various vmm(4) codepaths.
Various new userland features:
@@ -208,7 +242,87 @@
Routing daemons and other userland network improvements:
- - ...
+
- IPsec support was improved:
+
+
- In bgpd(8),
+
+ - Implement max-communities filter to limit the number of allowed
+ communities, ext-communities and large-communities.
+
- Fix insertion of additional non-transitive extended communities when
+ sending out prefixes.
+
- Relax IP address limitation by allowing prefixes in 240/4.
+
- Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
+ in UPDATE and OPEN Messages.
+
- Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
+
- Improve FIB code, handle IPv6 scoped addresses properly.
+
- Add bgplgd(8),
+ a fastcgi server providing a REST API of bgpctl.
+
- Bugfix: bgpd(8) could fail to invalidate nexthops and incorrectly
+ leave them in the FIB or Adj-RIB-Out.
+
- Speedup bgpctl
+
show rib 10/8 or-longer and show rib 10/8
+ or-shorter
+ - Switch various static hash tables to RB trees improving
+ performance on large systems
+
- Export per neighbor pending update and withdraw statistics
+
- Fix race between a neighbor session reset and its update message
+ backlog
+
- Improve handling of nexthop reachability state changes
+
+ - rpki-client(8) saw some changes:
+
+ - Do not apply timezone offsets when converting X509 times. X509
+ times are in UTC and comparing them to times in different timezones
+ would cause validity problems.
+
- Add support for an operator-configurable skiplist facility.
+ Operators can specify a list of FQDNs which should not be contacted
+ when synchronizing the local cache to the network.
+
- Emit a warning when a RRDP session serial number decreases.
+
- DER decoding functions were refactored to leverage ASN.1 templates.
+
- Add support to validate & inspect .sig files containing RPKI Signed
+ Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
+
- Print various statistics after the completion of the main process.
+
- Add support to decode & print TAL (RFC 8630) details in filemode (-f).
+
- Emit objects in Concatenated JSON format when filemode (-f) and the JSON
+ output flag (-j) are combined.
+
- Add suport for validating Autonomous System Provider Authorization
+ (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
+ Validated ASPA payloads are visible in JSON and filemode (-f) output.
+
- Set rsync connection I/O idle timeout to 15 seconds.
+
- Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS.
+
- Rpki-client now performs stricter EE certificate validation:
+
+ - Disallow AS Resources extensions in ROA EE certificates.
+
- Disallow Subject Information Access (SIA) extensions in RPKI
+ Signed Checklist (RSC) EE certs.
+
- Check the resources in ROAs and RSCs against EE certs.
+
+ - Improve readability and add various information being printed in
+ verbose mode.
+
- Extend filemode (-f) output and print X.509 certificates in PEM
+ format when increased verbosity (-vv) is specified.
+
- Shorten the RRDP I/O idle timeout.
+
- Introduce a deadline timer that aborts all repository synchronization
+ after seven eights of timeout (-s). With this rpki-client has improved
+ chances to complete and produce an output even when a CA is excessivly
+ slow.
+
- Abort a currently running RRDP request process when the per-repository
+ timeout is reached.
+
- Permit multiple AccessDescription entries in SIA X.509 extensions. While
+ fetching from secondary locations is not yet supported, rpki-client will
+ not treat occurence as a fatal error.
+
- Resolve a potential for a race condition in non-atomic RRDP deltas.
+
- Fix some memory leaks.
+
- Improve compliance with the HTTP protocol specification.
+
+
+ - In ospfd(8),
+ relax the limitations on what is an acceptable unicast IP. There are no
+ more experiments in IPv4 and so there is less reason for network
+ daemons to deny formerly experimental IP space. Multicast IPs
+ (224/4) and loopback (127/8) are stil disallowed.
+
tmux(1) improvements and bug fixes: