SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openbgpd-8.5-lp156.1.1.x86_64.rpm :

* Sat Jun 29 2024 Martin Hauke - Update to version 8.5
* Fix Linux TCP MD5 autoconf detection and improve the code to work in all cases.
* Double peer description length to 64 characters.
* Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.
* Sessions over IPv6 link-local addresses are now always considered to be connected.
* Allow operators to enforce the presence of certain capabilities.
* Improve capability negotiation and remove \'announce capabilities\'. The \'announce capabilities [yes|no]\' neighbor config option needs to be removed from configuration files. Instead individual capabilities need to be disabled.
* Improve negotiation of the multi-protocol capability and the fallback to IPv4 only mode.
* Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).
* Increase RTR PDU limit to 48k and limit number of SPAS to 10\'000.
* Convert the remaining session engine parsers to the new ibuf API.
* Sat Mar 09 2024 Martin Hauke - Update to version 8.4
* Rewrite the internal message passing mechanism to use a new memory-safe API.
* Rewrite most protocol parsers to use the new memory-safe API. Convert the UPDATE parser, all of RTR, as well as both the MRT dump code in bgpd and the parser in bgpctl.
* Improve RTR logging, error handling and version negotiation.
* Switch to autoconf 2.71 to generate the supplied configure scripts.
* Sat Oct 14 2023 Alexander Naumov - Update to version 8.3:
* bgpd 8.1 and 8.2 could send a bad COMMUNITY attribute when non-transitive ext-communities are present. A workaround is to add a filter rule to clear non-transitive ext-communities: match to ebgp set ext-community delete ovs
* This fix is included in OpenBSD 7.4.
* Fix a possible fatal error in the RDE when \"announce add-path send all\" is used. The error is triggered by an ineligible path which is wrongly distributed.
* Fix selection of the local nexthop for the alternate address family. This is used by \'announce IPv6 unicast\' over an IPv4 session or vice-versa.- Fix RPM build warings.
* Thu Oct 12 2023 Alexander Naumov - Update to version 8.2
* Update ASPA support to follow draft-ietf-sidrops-aspa-verification-16 and draft-ietf-sidrops-aspa-profile-16 by making the ASPA lookup tables AFI-agnostic.
* Fix a fatal error in the Linux netlink parser which was triggered because of a mismatched netlink message size.
* Rework UPDATE message generation to use the new ibuf API instead of the hand-rolled solution before.
* Improve error message in bgpctl for features not supported by the portable version of OpenBGPD.
* Adjusted example GRACEFUL_SHUTDOWN filter rule in the example config to only match on ebgp sessions.
* Sun Aug 27 2023 Martin Hauke - Update to version 8.1
* Include OpenBSD 7.3 errata 002: Avoid fatal errors in bgpd(8) due to incorrect refcounting and mishandling of ASPA objects. Fix bgpctl(8) \'show rib in\' by renaming \'invalid\' into \'disqualified\'.
* Include OpenBSD 7.3 errata 006: Incorrect length handling of path attributes in bgpd(8) can lead to a session reset.
* Include OpenBSD 7.3 errata 009: When tracking nexthops over IPv6 multipath routes, or when receiving a NOTIFICATION while reaching an internal limit, bgpd(8) could crash. When checking the next hop for IPv6 multipath routes, or when receiving a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.
* Add configure options to adjust WWW_USER and wwwrunstatedir.
* Fix \'ext-community
*
*\' matching which also affects filters removing all ext-commuinites.
* Limit the socket buffer size to 64k for all sessions. Limiting the buffer size to a reasonable size ensures that not too many updates end up queued in the TCP stack.- Update to version 8.0
* Include OpenBSD 7.3 errata 001: A new ASPA object appeared in the RPKI ecosystem and exposed bugs in bgpd(8) and rpki-client(8).
* Introduce a semaphore to protect intermittent RTR session data from being published to the RDE.
* Add first version of flowspec support. Right now only announcement of flowspec rules is possible.
* Improve and extend the bgpctl parser to handle commands like `bgpctl show rib 192.0.2.0/24 detail`. Also add various flowspec specific commands.- Update to version 7.9
* Include OpenBSD 7.2 errata 023: Incorrect length checks allow an out-of-bounds read in bgpd(8).
* Sat Mar 18 2023 Martin Hauke - Update to version 7.8
* Improved performance by optimising the output filters.
* Add Autonomous System Provider Authorization (ASPA) validaton based on draft-ietf-sidrops-aspa-verification-12.
* Introduce avs (ASPA validation state) filter and bgpctl filter argument.
* Add ASPA support for the RTR protocol based on draft-ietf-sidrops-8210bis-10.
* Improve open policy (RFC 9234) support and enable the capability automatically if a role is specified for the peer.
* Introduce a per neighbor \'role\' configuration option to specify the session role used by ASPA verification and the open policy capability. The \'announce policy\' statement was simplified at the same time.
* Improve startup behaviour by introducing a small delay before opening the connection to a new peer.
* Support for aspa-set table config which can be provided by rpki-client.
* Make it possible to filter the RIB by invalid and leaked prefixes in bgpctl and bgplgd.
* Add OpenMetrics output to bgpctl for various BGP statistics and add /metrics endpoint to bgplgd.
* Fri Oct 07 2022 Martin Hauke - Update to version 7.7
* Adjust pathid_assign() to be much faster for the common case.
* Improve performance for generating updates for sessions using add-path send all.
* Implement proper routing table sync in the kroute-linux.c code.
* Enable linux netlink integration by default.
* Add a --disable-fib-support config option to disable FIB sync
* Fri Sep 16 2022 Martin Hauke - Update to version 7.6
* Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate nexthops and incorrectly leave them in the FIB or Adj-RIB-Out.
* Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter.
* Switch various static hash tables to RB trees improving performance on large systems.
* Export per neighbor pending update and withdraw statistics.
* Fix race between a neighbor session reset and its update message backlog.
* Improve handling of nexthop reachability state changes.
* Further improve portability of the FIB handling code.- Update to version 7.5
* Implement RFC 9234 - Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages.
* Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
* Include bgplgd(8) - a fastcgi server providing a REST API of bgpctl Built by default but can be excluded with - -disable-bgplgd.
* Disable Linux FIB support by default, add an --enable-netlink configure option to enable it for testing and development.
* Improve bgpd FIB code, make it more portable and properly handle IPv6 scoped addresses.
* Wed Jun 15 2022 Martin Hauke - Update to version 7.4
* Implement max-communities filter to limit the number of allowed communities, ext-communities and large-communities.
* Fix TCP-MD5 support on Linux systems. The TCP-MD5 keys were not correctly loaded on the listening sockets, which allowed unprotected connections in.
* Fix insertion of additional non-transitive extended communities when sending out prefixes.
* Relax IP address limitation by allowing prefixes in 240/4.
* Thu Apr 21 2022 Martin Hauke - Update to version 7.3
* Macro expansion in the config file is improved. It is now possible to expand \'set large-community $myAS:$location:$transit\'.
* Add initial FIB support for Linux. Routes can be added and removed. Nexthop tracking and dynamic interface detection are not yet implemented.
* Major refactoring in the RIB codebase to add multipath support in an upcoming release.- Update to version 7.2
* Support for RFC 9072 - Extended Optional Parameters Lenght for BGP OPEN Message.
* Support for RFC 8050 - MRT Format with BGP Additional Path Extensions.
* Implement receive side of RFC 7911 - Advertisement of Multiple Paths in BGP. OpenBGPD is currently not able to send multiple paths out.
* Improve checks of VRPs loaded via RTR or from the roa-set table
* Allow to optionally specify an expiry time for roa-set entries to mitigate BGP route decision making based on outdated RPKI data. OpenBGPD\'s companion rpki-client(8) produces roa-sets with the new \'expires\' property.
* Sat Jun 26 2021 Martin Hauke - Update to version 7.1
* During bgpd(8) config reloads prefixes of the wrong address family could leak to peers resulting in session resets.
* Support for RFC 7313 - Enhanced Route Refresh Disabled by default, to enable use \'announce enhanced refresh yes\'.
* Improve output of Adj-RIB-Out by updating nexthop and ASPATH before adding the prefix to the RIB. This improves `bgpctl show rib out` output.
* Add command line option to show the version
* Sun Jun 06 2021 Martin Hauke - Update to version 7.0
* Stop processing queued UPDATES when the max-prefix limit was reached.
* Improve negotiation for route refresh, graceful restart and multi-protocol capabilities
* Correctly track \'rde evaluate all\' and \'export\' settings during reload.
* Properly withdraw prefixes when \'rde evaluate all\' is used.
* Fix MRT handling on initial startup for message dump types.
* Fix and use non-blocking connect for RTR sessions.
* Fully implement RFC 6286 by checking for BGP ID collisions.
* Adjust the 4-byte AS number handling to RFC 6793 by changing error behaviour from prefix witdraw to attribute discard.
* In bgpctl print out both the sent \"Neighbor capabilities\" and the \"Negotiated capabilities\" for a session.
* Print timestamps both as a formatted and a pure time in seconds filed in various JSON objects.
* Sun May 02 2021 Martin Hauke - Update to version 6.9p0
* Introduced bgpd(8) \'rde evaluate all\' to reduce path hiding in IXP route-server environments.
* Added RTR support to OpenBGPD.
* Added bgpctl(8) \"show rtr\" to display basic information about RTR sessions.
* Added bgpctl(8) \"show sets\" to display information about the roa-set, as-sets and prefix-sets loaded into bgpd(8).
* Properly implemented \"rde med compare strict\" in bgpd(8) and ensured that the order of prefixes is always correct.
* Introduced the bgpd.conf(5) per neighbor and global config option \"reject as-set yes/no\" to allow rejection of received UPDATES with AS_SET segments. These rejected prefixes can be viewed with `bgpctl show rib in error`.
* No longer allow configuration of the same neighbor multiple times.
* Introduced a send hold timer in bgpd(8) to detect stalls on the sending side of a TCP connection, acting as a last resort to detect faulty peers.
* Fri Nov 06 2020 Martin Hauke - Update to version 6.8p1
* Include OpenBSD 6.8 errata 001: + In bgpd, the roa-set parser could leak memory.
* Sat Oct 24 2020 Martin Hauke - Update to version 6.8p0
* In bgpctl(8), the \"reload\" command now takes a \'reason\' argument to use as Administrative Shutdown Communication to its neighbors.
* Added bgpctl(8) support for VPNv6 in the family option of the \"show rib\" command.
* Added bgpctl(8) support for JSON formatted output in various \"show\" commands.- Update to version 6.7p0
* Add initial support for JSON output in bgpctl(8).
* Allow setting both IPv4 and IPv6 local-addresses at the same time in bgpd.conf group blocks. Introduced \'no local-address\' to reset a previously set local address.
* Properly aggregate duplicate bgpd(8) roa table prefix/source-as combinations into a single entry with the longest maxlen length
* Implemented bgpd.conf(5) max-prefix NUM out to limit the number of announced prefixes, avoiding leaks of full tables to upstreams and peers.
* Extended bgpctl(8) \'show neighbor\' to include the received and set prefix count, as well as the max-prefix out limit if set.
* Improved reporting of notifications to include the suberror cause.
* Also report the last received error cause in bgpctl(8) show neighbor output.
* Fix softreconfig out handling to also work for neighbors using \'export default-route\'.
* Mark stale prefixes in the Adj-RIB-Out so that graceful reload operates properly.
* Made it possible to build OpenBGPD-portable with bison. There is no longer the need to use byacc on Linux distributions.
* Support for --runstatedir to specify the location of the bgpctl.sock.
* Cleaned up configure script for better protability.- Add -fcommon to
*FLAGS to workaround gcc10 compilation issues
* Wed Jun 03 2020 Martin Hauke - Add \"-fcommon\" to $optflags to workaround linking errors when compiling with gcc10 https://github.com/openbgpd-portable/openbgpd-portable/issues/8
* Wed May 13 2020 Martin Hauke - Update to version 6.6p0
* Changed the Adj-RIB-Out to a per-peer set of RB trees, improving speed.
* Rewrote community matching and handling code and improved performance for setups using many communities.
* Ensure that \'network 192.0.2.0/24\' has precedence over the same network announced dynamically via for example \'network inet static\'.
* Made speed improvements when configuring many peers.
* Implemented bgpctl(8) \'show mrt neighbors\', to print the neighbor table of MRT TABLE_DUMP_V2 dumps.
* Added TCP MD5SIG support for Linux systems and moved bgpd pfkey socket to the parent process. The refreshing of the keys for MD5 and IPSEC is done whenever the session state changes to IDLE or ACTIVE, which should behave better when reloading configs with auth changes.
* Fixed reloading of network statements that have no fixed prefix specification.
* Extended the maximum size of the bgpd(8) shutdown communication message to 255 bytes.
* Fixed reload behaviour of announced networks in the portable version.
* Include OpenBSD 6.6 errata 003: bgpd(8) can crash on nexthop changes or during startup in certain configurations.- Set more more secure default permissions for bgpd.conf
* Fri May 03 2019 Martin Hauke - Initial package, version 6.5p0
  
ICM