| version 1.66, 2023/10/14 16:02:49 |
version 1.67, 2023/10/14 17:21:15 |
|
|
| |
|
| <li>Changes in the network stack: |
<li>Changes in the network stack: |
| <ul> |
<ul> |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
|
| when redirecting locally generated IP packets to |
|
| userland with divert-packet rules, the packets may have no checksum |
|
| due to hardware offloading. Calculate the checksum in that case. |
|
| <li>Sync the use of |
<li>Sync the use of |
| <a href="https://man.openbsd.org/getuptime.9">getuptime(9)</a> |
<a href="https://man.openbsd.org/getuptime.9">getuptime(9)</a> |
| in the Neighbour Discovery (ND) code with ARP. |
in the Neighbour Discovery (ND) code with ARP. |
|
|
| neighbor advertisement, as described in RFC9131, to the all-routers |
neighbor advertisement, as described in RFC9131, to the all-routers |
| multicast address so all routers on the same link will learn the path |
multicast address so all routers on the same link will learn the path |
| back to the address. |
back to the address. |
| <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
|
| relax the implementation of the "pass all" rule so all |
|
| forms of neighbor advertisements are allowed in either direction. |
|
| <li>Inbound portion of RFC9131. Routers can create new neighbor cache entries |
<li>Inbound portion of RFC9131. Routers can create new neighbor cache entries |
| when receiving a valid Neighbor Advertisement. |
when receiving a valid Neighbor Advertisement. |
| <li>Implement RFC9131 and create new neighbor cache entries |
<li>Implement RFC9131 and create new neighbor cache entries |
|
|
| software, but pass it down to the interface layer. Add sysctl(8) net.inet.tcp.tso. |
software, but pass it down to the interface layer. Add sysctl(8) net.inet.tcp.tso. |
| <li>Do not calculate IP, TCP, UDP checksums on loopback |
<li>Do not calculate IP, TCP, UDP checksums on loopback |
| (<a href="https://man.openbsd.org/lo.4">lo(4)</a>) interfaces. |
(<a href="https://man.openbsd.org/lo.4">lo(4)</a>) interfaces. |
| <li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
|
| where <code>nat-to</code> clould fail to insert a state |
|
| due to conflict on chosen source port number. |
|
| <li>Implement TCP send offloading, for now in software only. This is |
<li>Implement TCP send offloading, for now in software only. This is |
| meant as a fallback if network hardware does not support TSO. |
meant as a fallback if network hardware does not support TSO. |
| <li>Use TSO (TCP Segmentation Offload) and LRO (Large Receive Offload) on |
<li>Use TSO (TCP Segmentation Offload) and LRO (Large Receive Offload) on |
| the loopback interface to transfer TCP faster, |
the loopback interface to transfer TCP faster, |
| <li>Fix path MTU discovery for TCP LRO/TSO when forwarding. |
<li>Fix path MTU discovery for TCP LRO/TSO when forwarding. |
| when <code>tcplro</code> is activated on lo(4). |
when <code>tcplro</code> is activated on lo(4). |
| <li>Close all pf(4) transactions before opening a new one when |
<li>Speed up the |
| retrieving the ruleset. Fixes leaking transactions which can be |
<a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
| problematic when processes run a long time. Introduce a new ioctl |
<a href="https://man.openbsd.org/pf.4#DIOCGETRULE">DIOCGETRULE</a> |
| DIOCXEND in pf(4) so applications such as snmpd(8) and systat(1) can |
such that <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a> |
| safely retrieve rules. |
can retrieve all <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
| <li>Close all <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
rules from the kernel in linear rather than in quadratic time. |
| transactions before opening a new one when |
To protect the kernel from memory exhaustion, |
| |
userland processes now have to release tickets obtained with |
| |
<a href="https://man.openbsd.org/pf.4#DIOCGETRULES">DIOCGETRULES</a> |
| |
by issuing the new |
| |
<a href="https://man.openbsd.org/ioctl.2">ioctl(2)</a> request |
| |
<a href="https://man.openbsd.org/pf.4#DIOCXEND">DIOCXEND</a>. |
| |
In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a> |
| |
and <a href="https://man.openbsd.org/systat.1">systat(1)</a> |
| |
now do that. |
| |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
| |
relax the implementation of the <code>pass all</code> rule so all |
| |
forms of neighbor advertisements are allowed in either direction. |
| |
<li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>, |
| |
when redirecting locally generated IP packets to userland with |
| |
<code>divert-packet</code> rules, the packets may have no checksum |
| |
due to hardware offloading. Calculate the checksum in that case. |
| |
<li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
| |
where <code>nat-to</code> could fail to insert a state |
| |
due to conflict on chosen source port number. |
| <li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
<li>Convert the tcp_now() time counter to 64 bits to avoid 32 bits |
| wrap around after changing tcp_now() ticks to milliseconds. |
wrap around after changing tcp_now() ticks to milliseconds. |
| |
|
|
|
| <a href="https://man.openbsd.org/rad.8">rad(8)</a>, update the default |
<a href="https://man.openbsd.org/rad.8">rad(8)</a>, update the default |
| timers for prefix preferred and valid lifetimes to use the values from |
timers for prefix preferred and valid lifetimes to use the values from |
| RFC 9096. |
RFC 9096. |
| <li>In <a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>, |
|
| speed up how <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
|
| rules are retrieved from the kernel. |
|
| <li>In <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, |
<li>In <a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>, |
| remove artificial limit of 2 hours on a PIO lifetime. |
remove artificial limit of 2 hours on a PIO lifetime. |
| <li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a> |
<li>Make <a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www