version 1.90, 2023/10/15 11:13:48 |
version 1.91, 2023/10/15 11:40:11 |
|
|
of <a href="https://man.openbsd.org/pf.4">pf(4)</a> and with |
of <a href="https://man.openbsd.org/pf.4">pf(4)</a> and with |
parallelisation of the network stack in the future. |
parallelisation of the network stack in the future. |
The protocol remains compatible with the older version. |
The protocol remains compatible with the older version. |
<li>Removed kernel locks from the ARP input path. |
<li>Remove kernel locks from the ARP input path. |
<li>Pulled MP-safe arprequest() out of kernel lock. |
<li>Pull MP-safe arprequest() out of kernel lock. |
<li>Remove the kernel lock from IPv6 neighbor discovery. |
<li>Remove the kernel lock from IPv6 neighbor discovery. |
<li>Unlock more parts of <a |
<li>Unlock more parts of <a |
href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> and the <a |
href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> and the <a |
|
|
|
|
<li>Direct Rendering Manager and graphics drivers |
<li>Direct Rendering Manager and graphics drivers |
<ul> |
<ul> |
<li>Updated <a href="https://man.openbsd.org/drm.4">drm(4)</a> |
<li>Update <a href="https://man.openbsd.org/drm.4">drm(4)</a> |
to Linux 6.1.55 |
to Linux 6.1.55. |
<li>Don't change end marker in sg_set_page(). Caused bad memory accesses |
<li>Don't change end marker in sg_set_page(). Caused bad memory accesses |
when using page flipping on Alder Lake and Raptor Lake. |
when using page flipping on Alder Lake and Raptor Lake. |
</ul> |
</ul> |
|
|
work on a Banana Pi BPI-R2 Pro. |
work on a Banana Pi BPI-R2 Pro. |
<li>In <a href="https://man.openbsd.org/umcs.4">umcs(4)</a>, set |
<li>In <a href="https://man.openbsd.org/umcs.4">umcs(4)</a>, set |
parity bits correctly. |
parity bits correctly. |
<li>Enabled the caps lock LED on modern Apple laptop keyboards. |
<li>Enable the caps lock LED on modern Apple laptop keyboards. |
<li>Add support for Rockchip "cryptov2-rng" random number generator in |
<li>Add support for Rockchip "cryptov2-rng" random number generator in |
<a href="https://man.openbsd.org/rkrng.4">rkrng(4)</a>. |
<a href="https://man.openbsd.org/rkrng.4">rkrng(4)</a>. |
<li>Fixed cpuperf on the Apple M2 Pro/Max. |
<li>Fix cpuperf on the Apple M2 Pro/Max. |
<li>Add support for the PCIe controller found on Apple M2 Pro/Max SoCs. |
<li>Add support for the PCIe controller found on Apple M2 Pro/Max SoCs. |
<li>Add support for enabling both the USB2 and USB3 PHYs in |
<li>Add support for enabling both the USB2 and USB3 PHYs in |
<a href="https://man.openbsd.org/xhci.4">xhci(4)</a> with device tree. |
<a href="https://man.openbsd.org/xhci.4">xhci(4)</a> with device tree. |
|
|
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces. |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
wrap around after changing tcp_now() ticks to milliseconds. |
wrap around after changing tcp_now() ticks to milliseconds. |
<li>Added initial support for route-based ipsec vpns.<br> |
<li>Add initial support for route-based IPsec VPNs.<br> |
Rather than use ipsec flows (aka, entries in the ipsec security |
Rather than use IPsec flows (aka, entries in the IPsec security |
policy database) to decide which traffic should be encapsulated in |
policy database) to decide which traffic should be encapsulated in |
ipsec and sent to a peer, this changes security associations (SAs) |
IPsec and sent to a peer, this changes security associations (SAs) |
so they can also refer to a tunnel interface. When traffic is routed |
so they can also refer to a tunnel interface. When traffic is routed |
over that tunnel interface, an ipsec SA is looked up and used to |
over that tunnel interface, an IPsec SA is looked up and used to |
encapsulate traffic before being sent to the peer on the SA. When |
encapsulate traffic before being sent to the peer on the SA. When |
traffic is received from a peer using an interface SA, the specified |
traffic is received from a peer using an interface SA, the specified |
interface is looked up and the packet is handed to it so it looks |
interface is looked up and the packet is handed to it so it looks |
like packets come out of the tunnel. |
like packets come out of the tunnel. |
<li>Add <a href="https://man.openbsd.org/sec.4">sec(4)</a> to support |
<li>Add <a href="https://man.openbsd.org/sec.4">sec(4)</a> to support |
route based ipsec vpns. |
route based IPsec VPNs. |
<li>Introduce reference counting for TCP syn cache entries. |
<li>Introduce reference counting for TCP syn cache entries. |
<li>Have <a href="https://man.openbsd.org/wg.4">wg(4)</a> copy the |
<li>Have <a href="https://man.openbsd.org/wg.4">wg(4)</a> copy the |
priority from the inner packet to the outer encrypted packet, so that |
priority from the inner packet to the outer encrypted packet, so that |
|
|
<a href="https://man.openbsd.org/i2d_ECDSA_SIG.3" |
<a href="https://man.openbsd.org/i2d_ECDSA_SIG.3" |
>i2d_ECDSA_SIG(3)</a>. |
>i2d_ECDSA_SIG(3)</a>. |
<li>In <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>, |
<li>In <a href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a>, |
support route-based IPSec VPN negotiation with |
support route-based IPsec VPN negotiation with |
<a href="https://man.openbsd.org/sec.4">sec(4)</a>. |
<a href="https://man.openbsd.org/sec.4">sec(4)</a>. |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a>, |
support configuring interface SAs for route-based IPSec VPNs. |
support configuring interface SAs for route-based IPsec VPNs. |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> |
<li>In <a href="https://man.openbsd.org/isakmpd.8">isakmpd(8)</a> |
quick mode, do not crash with a <code>NULL</code> pointer |
quick mode, do not crash with a <code>NULL</code> pointer |
access when a group description is specified but it is invalid, |
access when a group description is specified but it is invalid, |
|
|
<li>Limit the socket buffer size to 64k for all sessions. |
<li>Limit the socket buffer size to 64k for all sessions. |
Limiting the buffer size to a reasonable size ensures that not |
Limiting the buffer size to a reasonable size ensures that not |
too many updates end up queued in the TCP stack. |
too many updates end up queued in the TCP stack. |
<li>Adjusted example <code>GRACEFUL_SHUTDOWN</code> filter rule in |
<li>Adjust example <code>GRACEFUL_SHUTDOWN</code> filter rule in |
the example config to only match on ebgp sessions. |
the example config to only match on ebgp sessions. |
</ul> |
</ul> |
|
|