| version 1.104, 2023/10/15 15:32:37 |
version 1.105, 2023/10/15 15:49:48 |
|
|
| In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
| and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
| now do that. |
now do that. |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>Relax the implementation of the <code>pass all</code> rule so all |
| relax the implementation of the <code>pass all</code> rule so all |
|
| forms of neighbor advertisements are allowed in either direction. |
forms of neighbor advertisements are allowed in either direction. |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
<li>When redirecting locally generated IP packets to userland with |
| when redirecting locally generated IP packets to userland with |
<a href="https://man.openbsd.org/pf.conf.5#divert-packet" |
| <code>divert-packet</code> rules, the packets may have no checksum |
>divert-packet</a> rules, the packets may have no checksum |
| due to hardware offloading. Calculate the checksum in that case. |
due to hardware offloading. Calculate the checksum in that case. |
| <li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
<li>Fix a bug where |
| where <code>nat-to</code> could fail to insert a state |
<a href="https://man.openbsd.org/pf.conf.5#nat-to">nat-to</a> |
| |
could fail to insert a state |
| due to conflict on chosen source port number. |
due to conflict on chosen source port number. |
| <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> ignored 'keep |
<li>No longer ignore <code>keep state</code> and <code>nat-to</code> |
| state' and 'nat-to' actions for unsolicited icmp error responses. With |
actions for unsolicited ICMP error responses. |
| OpenBSD 7.4, the rule matching logic is tightened so icmp error |
Tighten the rule matching logic so ICMP error responses |
| responses no longer match 'keep state' rule. In typical scenarios icmp |
no longer match <code>keep state</code> rule. |
| errors (if solicited) should match existing state. The change is |
In typical scenarios, ICMP errors (if solicited) should match |
| going to bite firewalls which deal with asymmetric routes. In those |
existing state. The change is going to bite firewalls which deal |
| cases the 'keep state' action should be relaxed to sloppy or new 'no |
with asymmetric routes. In those cases the <code>keep state</code> |
| state' rule to explicitly match icmp errors should be added. |
action should be relaxed to sloppy or new <code>no state</code> |
| |
rule to explicitly match ICMP errors should be added. |
| </ul> |
</ul> |
| <li>Do not calculate IP, TCP, and UDP checksums on |
<li>Do not calculate IP, TCP, and UDP checksums on |
| <a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www