| version 1.920, 2004/04/19 01:35:22 |
version 1.921, 2004/04/26 17:33:31 |
|
|
| |
|
| <p> |
<p> |
| <h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
<h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p> |
| The following list sums up (almost) all the changes made up to April 16. |
The following list sums up (almost) all the changes made up to April 25. |
| <p> |
<p> |
| |
|
| <ul> |
<ul> |
| <!-- pf.c Sat Apr 17 00:13:36 UTC 2004 --> |
<!-- ^ 20040426 --> |
| |
<li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isprint&sektion=3">isprint(3)</a> doesn't consider all whitespace printable, also use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isspace&sektion=3">isspace(3)</a> for the binary file test in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=less&sektion=1">less(1)</a>. |
| |
<li>Fix float -> quad conversion in libc. |
| |
<li>Prettier outpub from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl&sektion=8">bgpctl(8)</a>. |
| |
<li>Permit multiple default routes. |
| |
<li>A few more unionfs fixes. |
| |
<li>Respect access rights on a union filesystem (PR#745). |
| |
<li>Add a few pieces missed in the merge of OpenSSL 0.9.7d. |
| |
<li>Add input queue congestion flag support to a few interfaces that can't use the new IF_INPUT_ENQUEUE macro. |
| |
<li>Prevent an endless loop in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> with 'route-to lo0' rules (PR#3736). |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8">authpf(8)</a> run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> to change the rulebase instead of sucking in code from pfctl and doing it itself. |
| |
<li>Set MINCLSIZE back to its smaller pre-KAME IPv6 value, so now clusters will be used more often. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a>, purge only a specific expired state instead of doing an expensive purge all expired states while running at a high <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spl&sektion=9">spl(9)</a>. |
| |
<li>Make sure the local address and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a> neighbor address are of the same address family. |
| |
<li>Use '|' instead of ':' as the field separator for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> database keys, in preparation for future IPv6 support. |
| |
<li>Fix a potential null dereference in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> application utility code. |
| |
<!-- sbreserve() sb_mbmax --> |
| |
<li>Give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=routed&sektion=8">routed(8)</a> a local copy of the radix tree code, so it doesn't get (re)broken by net/radix.c changes. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a> S/MIME work again. |
| |
<li>Add 'neighbor cloning' to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>, allowing a configuration to be specified for a network/prefixlength pair as well as the peer IP address. The configuration is cloned for each new peer in the given address range. |
| |
<!-- TCPCTL_DROP XXX --> |
| |
<li>Some string cleaning in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4">ddb(4)</a>. |
| |
<li>Fix a missing return statement in in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>'s control connection error path. |
| |
<li>Add multipath support to the radix tree, allowing multiple routes to a single destination (though it won't actually get you anywhere just yet). From KAME. |
| |
<li>Send <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4">pfsync(4)</a> packets for IPv6 protocols other than TCP, UDP and ICMP. |
| |
<li>Sync kernel radix tree code with 4.4BSD-Lite2 via NetBSD. |
| |
<li>Don't add a PF_GENERATED tag to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> synproxy generated packets for the second handshake, so they can match rules (and create state) on another interface. |
| |
<!-- ^ 20040425 --> |
| |
<li>Add a 'probability' modifier for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> rules, setting the likelihood with which a rule will trigger. |
| |
<li>Greatly simplify <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=inetd&sektion=8">inetd(8)</a>'s hostname/address lookup code. |
| |
<li>Since OpenBSD has <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openpty&sektion=3">openpty(3)</a>, we may as well have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnetd&sektion=8">telnetd(8)</a> use it. |
| |
<li>Initial support for IPv6 transport in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8">bgpd(8)</a>. |
| |
<li>Add <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> config files to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=changelist&sektion=5">changelist(5)</a> and /etc/mtree/special. |
| |
<li>Some additional TCP option length paranoia in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>'s normaliser. |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=netstat&sektion=1">netstat(1)</a> display the new tcps.rcvacktooold statistic counter. |
| |
<li>Sync <tree.h> with Niels Provos' version to get rid of a compiler warning for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=RB_NEXT&sektion=3">RB_NEXT(3)</a>. |
| |
<!-- ^ 20040424 --> |
| |
<li>Port the gcc2 bounds checking support to gcc3, enabled with -Wbounded (see <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&sektion=1">gcc-local(1)</a>). |
| |
<li>Add some CMSG_ macros to get proper alignment in portalfs. From NetBSD. |
| |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a>, make sure the KEY_LENGTH attribute is present when checking AES proposals as this is required when acting as responder to SafeNet peers. |
| |
<li>Silence <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=3">getopt(3)</a> errors in the privileged <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&sektion=8">tcpdump(8)</a> process. |
| |
<li>Don't display rubbish on the first output line from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vmstat&sektion=8">vmstat(8)</a>, wait for the stats to stabilise. |
| |
<!-- ^ 20040423 --> |
| |
<li>Fix the calculation of a raw IPv6 UDP packet's checksum. |
| |
<li>For <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>'s ping probes, just use the pid for the ICMP id like <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ping&sektion=8">ping(8)</a> does, instead of some architecture-dependent wierdness. |
| |
<!-- ^ 20040422 --> |
| |
<li>Merge in new Omron LUNA port (luna88k), based on OpenBSD/mvme88k, NetBSD/luna68k and CMU Mach. |
| |
<li>As with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a>, set a write filter and lock the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> descriptor before privilege drop in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>. |
| |
<!-- ^ 20040421 --> |
| |
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pw_copy&sektion=3">pw_copy(3)</a> to take the old entry as an additional parameter, allowing both a change of username and a check that the file hasn't changed since it was last read (fixes PR#3698). Adapted from FreeBSD. |
| |
<li>Set a write filter and lock <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a>'s <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bpf&sektion=4">bpf(4)</a> file descriptor before dropping privileges. |
| |
<li>Drop the port-changing options in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a> too, always use standard ports. |
| |
<li>New TCP stat counter tcps.rcvacktooold, counts the number of times we drop very old ACK packets when the sequence number isn't exactly right. |
| |
<li>Set the km_page allocator's low watermark to a value that allows the system to boot. |
| |
<li>Switch the build over to the new, improved <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcrelay&sektion=8">dhcrelay(8)</a>. |
| |
<li>Remove the -p (listen port) option of new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>. |
| |
<!-- ^ 20040420 --> |
| |
<li>Bump the default kern.maxclusters to a value high enough to deter all but the most determined tweakers. |
| |
<li>Remove the GATEWAY <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a> option now that both IP forwarding and mbuf cluster allocation are configurable using <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>. |
| |
<li>Introduce a new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a> kern.maxclusters controlling (oddly enough) the maximum number of mbuf clusters. This deprecates the much-abused NMBCLUSTERS <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=config&sektion=8">config(8)</a> option. |
| |
<li>Use the km_page allocator as the backend for the mbuf and mbuf cluster pools. |
| |
<li>New km_page <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pool&sektion=9">pool(9)</a> allocator running in an interrupt-safe kernel thread (kmthread). |
| |
<li>Resource starvation checks for sockets: |
| |
<ul> |
| |
<li>Check the level of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> cluster utilisation when doing an accepting a listen socket, and fail if usage is greater than 95% of the hard limit. |
| |
<li>New API sbcheckreserve() returns ENOBUFS if more than 50% of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mbuf&sektion=9">mbuf(9)</a> clusters are in use |
| |
<li>Use sbcheckreserve() when accepting a connection, and on <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setsockopt&sektion=2">setsockopt(2)</a> for SO_SNDBUF and SND_RCVBUF, and allocate minimal buffers in in low-memory situations. |
| |
</ul> |
| |
<li>Stop propolice tripping an assert in gcc3. |
| |
<li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&sektion=8">spamd(8)</a> display an error if it can't open the /var/db/spamd database for writing, and return a proper error code. |
| |
<li>Cure the angst in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=user&sektion=8">user(8)</a> caused by the non-existence of the /nonexistent directory. |
| |
<li>Correct new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>'s handling of very long lease times (PR#2888). |
| |
<li>Fix a propolice bug in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&sektion=1">gcc(1)</a> and unbreak MySQL (mysql bug id 1442). |
| |
<!-- ^ 20040419 --> |
| |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> perform strict permission checks on ~/.ssh/config files and abort unless they're correct. |
| |
<li>If kernel <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec&sektion=4">ipsec(4)</a> and/or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a> processing is disabled by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=3">sysctl(3)</a>, pass any packets through as raw IP to give userland a chance to handle them. |
| |
<li>Sync the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=em&sektion=4">em(4)</a> driver with FreeBSD. |
| |
<li>Tidy up <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=usb&sektion=4">usb(4)</a> kernel configs in line with recent i386 changes. |
| |
<li>Restore <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&sektion=4">siop(4)</a>'s ability to detect SCSI options after the recent probe changes. |
| |
<li>Since <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> can now be invoked legitimately without an interface, don't abort when the user doesn't give any options. |
| |
<!-- ^ 20040418 --> |
| |
<li>New _tftpd user and group. |
| |
<li>Make sure <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=m_pullup2&sektion=9">m_pullup2(9)</a> copies the M_CLUSTER flag when it creates a new mbuf (PR#3740). |
| <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests. |
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a> block unconditionally when the input queue congestion flag is set, instead of doing CPU-intensive rule tests. |
| <li>If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation. |
<li>If an interface input queue becomes full, set a new congestion flag in the queue structure. Since a full queue usually indicates processing overload, this flag can be used to allow other subsystems to cooperate in easing the situation. |
| <!-- ^ 20040417 --> |
<!-- ^ 20040417 --> |
![[BACK]](/icons/back.gif){kind=icon}
Return to plus.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www