www/72.html - diff

Return to 72.html CVS log

Up to [local] / www

Diff for /www/72.html between version 1.10 and 1.11

-version 1.10, 2022/09/30 08:37:58
+version 1.11, 2022/09/30 09:30:28
 Line 137
 Line 137
 Line 137
  <li>VMM/VMD improvements
    <ul>
-   <li>...
+   <li>Improved error handling and logging in <a
+         href="https://man.openbsd.org/vmd.8">vmd(8)</a>
+   <li>Unify all internal structures and interfaces between <a
+         href="https://man.openbsd.org/vmd.8">vmd(8)</a>, <a
+         href="https://man.openbsd.org/vmctl.8">vmctl(8)</a> and <a
+         href="https://man.openbsd.org/vmm.4">vmm(4)</a> to use bytes for
+         memeory and disk sizes.
+   <li>fix rebooting a received vm in <a
+         href="https://man.openbsd.org/vmd.8">vmd(8)</a>.
+   <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> provide
+         a copy of bios at 4g boundary, SeaBIOS and newer Linux kernels expect
+         it there.
+   <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, fix off by
+         one in vm memory range check.
+   <li>In <a href="https://man.openbsd.org/vmd.8">vmd(8)</a>, add
+         support for mmio assist. In <a
+         href="https://man.openbsd.org/vmm.4">vmm(4)</a>, send all port io
+         emulation to userland.
+   <li>Have <a href="https://man.openbsd.org/vmd.8">vmd(8)</a> compute
+         i8254 read-back command latch from singular timestamp.
+   <li>Improve the command line parsing in <a
+         href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>.
+   <li>Let <a href="https://man.openbsd.org/vmm.4">vmm(4)</a> allow
+         reading MSR_TSC on Intel hosts.
+   <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, reference
+         count vm's and vcpu's.
+   <li>In <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>, zero
+         virtual addresses of vcpu state pages after freeing.
+   <li>Fix `vmctl send` on Intel hosts by load the vmcs before reading
+         vcpu registers in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
+   <li>Fix `vmctl receive` on Intel hosts by adding an additional fault
+         type in <a href="https://man.openbsd.org/vmm.4">vmm(4)</a>.
+   <li>Add additional <a href="https://man.openbsd.org/dt.4">dt(4)</a>
+         tracepoints in various <a
+         href="https://man.openbsd.org/vmm.4">vmm(4)</a> codepaths.
    </ul>
  <li>Various new userland features:
-Line 208
+Line 242
 Line 208
 Line 242
  <li>Routing daemons and other userland network improvements:
    <ul>
-   <li>...
+   <li>IPsec support was improved:
+   <ul>
+   </ul>
+   <li>In <a href="https://man.openbsd.org/bgpd.conf.5">bgpd(8)</a>,
+   <ul>
+         <li>Implement max-communities filter to limit the number of allowed
+                 communities, ext-communities and large-communities.
+         <li>Fix insertion of additional non-transitive extended communities when
+                 sending out prefixes.
+         <li>Relax IP address limitation by allowing prefixes in 240/4.
+         <li>Implement RFC 9234 - Route Leak Prevention and Detection Using Roles
+                 in UPDATE and OPEN Messages.
+         <li>Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
+         <li>Improve FIB code, handle IPv6 scoped addresses properly.
+         <li>Add <a href="https://man.openbsd.org/bgplgd.8">bgplgd(8)</a>,
+                 a fastcgi server providing a REST API of bgpctl.
+         <li>Bugfix: bgpd(8) could fail to invalidate nexthops and incorrectly
+                 leave them in the FIB or Adj-RIB-Out.
+         <li>Speedup <a href="https://man.openbsd.org/bgpctl.8">bgpctl</a>
+                 <code>show rib 10/8 or-longer</code> and <code>show rib 10/8
+                 or-shorter</code>
+         <li>Switch various static hash tables to RB trees improving
+                 performance on large systems
+         <li>Export per neighbor pending update and withdraw statistics
+         <li>Fix race between a neighbor session reset and its update message
+                 backlog
+         <li>Improve handling of nexthop reachability state changes
+   </ul>
+   <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
+   <ul>
+         <li>Do not apply timezone offsets when converting X509 times.  X509
+                 times are in UTC and comparing them to times in different timezones
+                 would cause validity problems.
+         <li>Add support for an operator-configurable skiplist facility.
+                 Operators can specify a list of FQDNs which should not be contacted
+                 when synchronizing the local cache to the network.
+         <li>Emit a warning when a RRDP session serial number decreases.
+         <li>DER decoding functions were refactored to leverage ASN.1 templates.
+         <li>Add support to validate & inspect .sig files containing RPKI Signed
+                 Checklists in filemode (-f). (draft-ietf-sidrops-rpki-rsc-08)
+         <li>Print various statistics after the completion of the main process.
+         <li>Add support to decode & print TAL (RFC 8630) details in filemode (-f).
+         <li>Emit objects in Concatenated JSON format when filemode (-f) and the JSON
+                 output flag (-j) are combined.
+         <li>Add suport for validating Autonomous System Provider Authorization
+                 (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10.
+                 Validated ASPA payloads are visible in JSON and filemode (-f) output.
+         <li>Set rsync connection I/O idle timeout to 15 seconds.
+         <li>Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS.
+         <li>Rpki-client now performs stricter EE certificate validation:
+         <ul>
+                 <li>Disallow AS Resources extensions in ROA EE certificates.
+                 <li>Disallow Subject Information Access (SIA) extensions in RPKI
+                         Signed Checklist (RSC) EE certs.
+                 <li>Check the resources in ROAs and RSCs against EE certs.
+         </ul>
+         <li>Improve readability and add various information being printed in
+                 verbose mode.
+         <li>Extend filemode (-f) output and print X.509 certificates in PEM
+                 format when increased verbosity (-vv) is specified.
+         <li>Shorten the RRDP I/O idle timeout.
+         <li>Introduce a deadline timer that aborts all repository synchronization
+                 after seven eights of timeout (-s). With this rpki-client has improved
+                 chances to complete and produce an output even when a CA is excessivly
+                 slow.
+         <li>Abort a currently running RRDP request process when the per-repository
+                 timeout is reached.
+         <li>Permit multiple AccessDescription entries in SIA X.509 extensions. While
+                 fetching from secondary locations is not yet supported, rpki-client will
+                 not treat occurence as a fatal error.
+         <li>Resolve a potential for a race condition in non-atomic RRDP deltas.
+         <li>Fix some memory leaks.
+         <li>Improve compliance with the HTTP protocol specification.
+   </ul>
+   <li>In <a href="https://man.openbsd.org/rpki-client.8">ospfd(8)</a>,
+         relax the limitations on what is an acceptable unicast IP. There are no
+         more experiments in IPv4 and so there is less reason for network
+         daemons to deny formerly experimental IP space.  Multicast IPs
+         (224/4) and loopback (127/8) are stil disallowed.
    </ul>
  <li><a href="https://man.openbsd.org/tmux">tmux(1)</a> improvements and bug fixes: