version 1.10, 2022/09/30 08:37:58 |
version 1.11, 2022/09/30 09:30:28 |
|
|
|
|
<li>VMM/VMD improvements |
<li>VMM/VMD improvements |
<ul> |
<ul> |
<li>... |
<li>Improved error handling and logging in <a |
|
href="https://man.openbsd.org/vmd.8">vmd(8)</a> |
|
<li>Unify all internal structures and interfaces between <a |
|
href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a |
|
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a |
|
href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for |
|
memeory and disk sizes. |
|
<li>fix rebooting a received vm in <a |
|
href="https://man.openbsd.org/vmd.8">vmd(8)</a>. |
|
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide |
|
a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect |
|
it there. |
|
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by |
|
one in vm memory range check. |
|
<li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add |
|
support for mmio assist. In <a |
|
href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port io |
|
emulation to userland. |
|
<li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute |
|
i8254 read-back command latch from singular timestamp. |
|
<li>Improve the command line parsing in <a |
|
href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>. |
|
<li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow |
|
reading MSR_TSC on Intel hosts. |
|
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference |
|
count vm's and vcpu's. |
|
<li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero |
|
virtual addresses of vcpu state pages after freeing. |
|
<li>Fix `vmctl send` on Intel hosts by load the vmcs before reading |
|
vcpu registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>. |
|
<li>Fix `vmctl receive` on Intel hosts by adding an additional fault |
|
type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>. |
|
<li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a> |
|
tracepoints in various <a |
|
href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths. |
</ul> |
</ul> |
|
|
<li>Various new userland features: |
<li>Various new userland features: |
|
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
<li>... |
<li>IPsec support was improved: |
|
<ul> |
|
</ul> |
|
<li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>, |
|
<ul> |
|
<li>Implement max-communities filter to limit the number of allowed |
|
communities, ext-communities and large-communities. |
|
<li>Fix insertion of additional non-transitive extended communities when |
|
sending out prefixes. |
|
<li>Relax IP address limitation by allowing prefixes in 240/4. |
|
<li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles |
|
in UPDATE and OPEN Messages. |
|
<li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP. |
|
<li>Improve FIB code, handle IPv6 scoped addresses properly. |
|
<li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>, |
|
a fastcgi server providing a REST API of bgpctl. |
|
<li>Bugfix: bgpd(8) could fail to invalidate nexthops and incorrectly |
|
leave them in the FIB or Adj-RIB-Out. |
|
<li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a> |
|
<code>show rib 10/8 or-longer</code> and <code>show rib 10/8 |
|
or-shorter</code> |
|
<li>Switch various static hash tables to RB trees improving |
|
performance on large systems |
|
<li>Export per neighbor pending update and withdraw statistics |
|
<li>Fix race between a neighbor session reset and its update message |
|
backlog |
|
<li>Improve handling of nexthop reachability state changes |
|
</ul> |
|
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
|
<ul> |
|
<li>Do not apply timezone offsets when converting X509 times. X509 |
|
times are in UTC and comparing them to times in different timezones |
|
would cause validity problems. |
|
<li>Add support for an operator-configurable skiplist facility. |
|
Operators can specify a list of FQDNs which should not be contacted |
|
when synchronizing the local cache to the network. |
|
<li>Emit a warning when a RRDP session serial number decreases. |
|
<li>DER decoding functions were refactored to leverage ASN.1 templates. |
|
<li>Add support to validate & inspect .sig files containing RPKI Signed |
|
Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08) |
|
<li>Print various statistics after the completion of the main process. |
|
<li>Add support to decode & print TAL (RFC 8630) details in filemode (-f). |
|
<li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON |
|
output flag (-j) are combined. |
|
<li>Add suport for validating Autonomous System Provider Authorization |
|
(ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10. |
|
Validated ASPA payloads are visible in JSON and filemode (-f) output. |
|
<li>Set rsync connection I/O idle timeout to 15 seconds. |
|
<li>Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS. |
|
<li>Rpki-client now performs stricter EE certificate validation: |
|
<ul> |
|
<li>Disallow AS Resources extensions in ROA EE certificates. |
|
<li>Disallow Subject Information Access (SIA) extensions in RPKI |
|
Signed Checklist (RSC) EE certs. |
|
<li>Check the resources in ROAs and RSCs against EE certs. |
|
</ul> |
|
<li>Improve readability and add various information being printed in |
|
verbose mode. |
|
<li>Extend filemode (-f) output and print X.509 certificates in PEM |
|
format when increased verbosity (-vv) is specified. |
|
<li>Shorten the RRDP I/O idle timeout. |
|
<li>Introduce a deadline timer that aborts all repository synchronization |
|
after seven eights of timeout (-s). With this rpki-client has improved |
|
chances to complete and produce an output even when a CA is excessivly |
|
slow. |
|
<li>Abort a currently running RRDP request process when the per-repository |
|
timeout is reached. |
|
<li>Permit multiple AccessDescription entries in SIA X.509 extensions. While |
|
fetching from secondary locations is not yet supported, rpki-client will |
|
not treat occurence as a fatal error. |
|
<li>Resolve a potential for a race condition in non-atomic RRDP deltas. |
|
<li>Fix some memory leaks. |
|
<li>Improve compliance with the HTTP protocol specification. |
|
</ul> |
|
|
|
<li>In <a href="https://man.openbsd.org/rpki-client.8">ospfd(8)</a>, |
|
relax the limitations on what is an acceptable unicast IP. There are no |
|
more experiments in IPv4 and so there is less reason for network |
|
daemons to deny formerly experimental IP space. Multicast IPs |
|
(224/4) and loopback (127/8) are stil disallowed. |
|
|
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |
<li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: |