===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- www/74.html 2023/10/14 16:02:49 1.66
+++ www/74.html 2023/10/14 17:21:15 1.67
@@ -604,10 +604,6 @@
Changes in the network stack:
- - In pf(4),
- when redirecting locally generated IP packets to
- userland with divert-packet rules, the packets may have no checksum
- due to hardware offloading. Calculate the checksum in that case.
- Sync the use of
getuptime(9)
in the Neighbour Discovery (ND) code with ARP.
@@ -625,9 +621,6 @@
neighbor advertisement, as described in RFC9131, to the all-routers
multicast address so all routers on the same link will learn the path
back to the address.
-
- In pf(4),
- relax the implementation of the "pass all" rule so all
- forms of neighbor advertisements are allowed in either direction.
- Inbound portion of RFC9131. Routers can create new neighbor cache entries
when receiving a valid Neighbor Advertisement.
- Implement RFC9131 and create new neighbor cache entries
@@ -638,22 +631,37 @@
software, but pass it down to the interface layer. Add sysctl(8) net.inet.tcp.tso.
- Do not calculate IP, TCP, UDP checksums on loopback
(lo(4)) interfaces.
-
- Fix a bug in pf(4)
- where
nat-to
clould fail to insert a state
- due to conflict on chosen source port number.
- Implement TCP send offloading, for now in software only. This is
meant as a fallback if network hardware does not support TSO.
- Use TSO (TCP Segmentation Offload) and LRO (Large Receive Offload) on
the loopback interface to transfer TCP faster,
- Fix path MTU discovery for TCP LRO/TSO when forwarding.
when
tcplro
is activated on lo(4).
- - Close all pf(4) transactions before opening a new one when
- retrieving the ruleset. Fixes leaking transactions which can be
- problematic when processes run a long time. Introduce a new ioctl
- DIOCXEND in pf(4) so applications such as snmpd(8) and systat(1) can
- safely retrieve rules.
-
- Close all pf(4)
- transactions before opening a new one when
+
- Speed up the
+ ioctl(2) request
+ DIOCGETRULE
+ such that pfctl(8)
+ can retrieve all pf(4)
+ rules from the kernel in linear rather than in quadratic time.
+ To protect the kernel from memory exhaustion,
+ userland processes now have to release tickets obtained with
+ DIOCGETRULES
+ by issuing the new
+ ioctl(2) request
+ DIOCXEND.
+ In particular, snmpd(8)
+ and systat(1)
+ now do that.
+
- In pf(4),
+ relax the implementation of the
pass all
rule so all
+ forms of neighbor advertisements are allowed in either direction.
+ - In pf(4),
+ when redirecting locally generated IP packets to userland with
+
divert-packet
rules, the packets may have no checksum
+ due to hardware offloading. Calculate the checksum in that case.
+ - Fix a bug in pf(4)
+ where
nat-to
could fail to insert a state
+ due to conflict on chosen source port number.
- Convert the tcp_now() time counter to 64 bits to avoid 32 bits
wrap around after changing tcp_now() ticks to milliseconds.
@@ -828,9 +836,6 @@
rad(8), update the default
timers for prefix preferred and valid lifetimes to use the values from
RFC 9096.
-
- In pfctl(8),
- speed up how pf(4)
- rules are retrieved from the kernel.
- In slaacd(8),
remove artificial limit of 2 hours on a PIO lifetime.
- Make ypldap(8)