SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openbgpd-8.5-1.9.x86_64.rpm :

* Sat Jun 29 2024 Martin Hauke - Update to version 8.5
* Fix Linux TCP MD5 autoconf detection and improve the code to work in all cases.
* Double peer description length to 64 characters.
* Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.
* Sessions over IPv6 link-local addresses are now always considered to be connected.
* Allow operators to enforce the presence of certain capabilities.
* Improve capability negotiation and remove \'announce capabilities\'. The \'announce capabilities [yes|no]\' neighbor config option needs to be removed from configuration files. Instead individual capabilities need to be disabled.
* Improve negotiation of the multi-protocol capability and the fallback to IPv4 only mode.
* Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).
* Increase RTR PDU limit to 48k and limit number of SPAS to 10\'000.
* Convert the remaining session engine parsers to the new ibuf API.
* Sat Mar 09 2024 Martin Hauke - Update to version 8.4
* Rewrite the internal message passing mechanism to use a new memory-safe API.
* Rewrite most protocol parsers to use the new memory-safe API. Convert the UPDATE parser, all of RTR, as well as both the MRT dump code in bgpd and the parser in bgpctl.
* Improve RTR logging, error handling and version negotiation.
* Switch to autoconf 2.71 to generate the supplied configure scripts.
* Sat Oct 14 2023 Alexander Naumov - Update to version 8.3:
* bgpd 8.1 and 8.2 could send a bad COMMUNITY attribute when non-transitive ext-communities are present. A workaround is to add a filter rule to clear non-transitive ext-communities: match to ebgp set ext-community delete ovs
* This fix is included in OpenBSD 7.4.
* Fix a possible fatal error in the RDE when \"announce add-path send all\" is used. The error is triggered by an ineligible path which is wrongly distributed.
* Fix selection of the local nexthop for the alternate address family. This is used by \'announce IPv6 unicast\' over an IPv4 session or vice-versa.- Fix RPM build warings.
* Thu Oct 12 2023 Alexander Naumov - Update to version 8.2
* Update ASPA support to follow draft-ietf-sidrops-aspa-verification-16 and draft-ietf-sidrops-aspa-profile-16 by making the ASPA lookup tables AFI-agnostic.
* Fix a fatal error in the Linux netlink parser which was triggered because of a mismatched netlink message size.
* Rework UPDATE message generation to use the new ibuf API instead of the hand-rolled solution before.
* Improve error message in bgpctl for features not supported by the portable version of OpenBGPD.
* Adjusted example GRACEFUL_SHUTDOWN filter rule in the example config to only match on ebgp sessions.
* Sun Aug 27 2023 Martin Hauke - Update to version 8.1
* Include OpenBSD 7.3 errata 002: Avoid fatal errors in bgpd(8) due to incorrect refcounting and mishandling of ASPA objects. Fix bgpctl(8) \'show rib in\' by renaming \'invalid\' into \'disqualified\'.
* Include OpenBSD 7.3 errata 006: Incorrect length handling of path attributes in bgpd(8) can lead to a session reset.
* Include OpenBSD 7.3 errata 009: When tracking nexthops over IPv6 multipath routes, or when receiving a NOTIFICATION while reaching an internal limit, bgpd(8) could crash. When checking the next hop for IPv6 multipath routes, or when receiving a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.
* Add configure options to adjust WWW_USER and wwwrunstatedir.
* Fix \'ext-community
*
*\' matching which also affects filters removing all ext-commuinites.
* Limit the socket buffer size to 64k for all sessions. Limiting the buffer size to a reasonable size ensures that not too many updates end up queued in the TCP stack.- Update to version 8.0
* Include OpenBSD 7.3 errata 001: A new ASPA object appeared in the RPKI ecosystem and exposed bugs in bgpd(8) and rpki-client(8).
* Introduce a semaphore to protect intermittent RTR session data from being published to the RDE.
* Add first version of flowspec support. Right now only announcement of flowspec rules is possible.
* Improve and extend the bgpctl parser to handle commands like `bgpctl show rib 192.0.2.0/24 detail`. Also add various flowspec specific commands.- Update to version 7.9
* Include OpenBSD 7.2 errata 023: Incorrect length checks allow an out-of-bounds read in bgpd(8).
* Sat Mar 18 2023 Martin Hauke - Update to version 7.8
* Improved performance by optimising the output filters.
* Add Autonomous System Provider Authorization (ASPA) validaton based on draft-ietf-sidrops-aspa-verification-12.
* Introduce avs (ASPA validation state) filter and bgpctl filter argument.
* Add ASPA support for the RTR protocol based on draft-ietf-sidrops-8210bis-10.
* Improve open policy (RFC 9234) support and enable the capability automatically if a role is specified for the peer.
* Introduce a per neighbor \'role\' configuration option to specify the session role used by ASPA verification and the open policy capability. The \'announce policy\' statement was simplified at the same time.
* Improve startup behaviour by introducing a small delay before opening the connection to a new peer.
* Support for aspa-set table config which can be provided by rpki-client.
* Make it possible to filter the RIB by invalid and leaked prefixes in bgpctl and bgplgd.
* Add OpenMetrics output to bgpctl for various BGP statistics and add /metrics endpoint to bgplgd.
* Fri Oct 07 2022 Martin Hauke - Update to version 7.7
* Adjust pathid_assign() to be much faster for the common case.
* Improve performance for generating updates for sessions using add-path send all.
* Implement proper routing table sync in the kroute-linux.c code.
* Enable linux netlink integration by default.
* Add a --disable-fib-support config option to disable FIB sync
* Fri Sep 16 2022 Martin Hauke - Update to version 7.6
* Include OpenBSD 7.1 errata 008: bgpd(8) could fail to invalidate nexthops and incorrectly leave them in the FIB or Adj-RIB-Out.
* Speedup bgpctl show rib 10/8 or-longer and show rib 10/8 or-shorter.
* Switch various static hash tables to RB trees improving performance on large systems.
* Export per neighbor pending update and withdraw statistics.
* Fix race between a neighbor session reset and its update message backlog.
* Improve handling of nexthop reachability state changes.
* Further improve portability of the FIB handling code.- Update to version 7.5
* Implement RFC 9234 - Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages.
* Full support for RFC 7911 - Advertisement of Multiple Paths in BGP.
* Include bgplgd(8) - a fastcgi server providing a REST API of bgpctl Built by default but can be excluded with - -disable-bgplgd.
* Disable Linux FIB support by default, add an --enable-netlink configure option to enable it for testing and development.
* Improve bgpd FIB code, make it more portable and properly handle IPv6 scoped addresses.
* Wed Jun 15 2022 Martin Hauke - Update to version 7.4
* Implement max-communities filter to limit the number of allowed communities, ext-communities and large-communities.
* Fix TCP-MD5 support on Linux systems. The TCP-MD5 keys were not correctly loaded on the listening sockets, which allowed unprotected connections in.
* Fix insertion of additional non-transitive extended communities when sending out prefixes.
* Relax IP address limitation by allowing prefixes in 240/4.
* Thu Apr 21 2022 Martin Hauke - Update to version 7.3
* Macro expansion in the config file is improved. It is now possible to expand \'set large-community $myAS:$location:$transit\'.
* Add initial FIB support for Linux. Routes can be added and removed. Nexthop tracking and dynamic interface detection are not yet implemented.
* Major refactoring in the RIB codebase to add multipath support in an upcoming release.- Update to version 7.2
* Support for RFC 9072 - Extended Optional Parameters Lenght for BGP OPEN Message.
* Support for RFC 8050 - MRT Format with BGP Additional Path Extensions.
* Implement receive side of RFC 7911 - Advertisement of Multiple Paths in BGP. OpenBGPD is currently not able to send multiple paths out.
* Improve checks of VRPs loaded via RTR or from the roa-set table
* Allow to optionally specify an expiry time for roa-set entries to mitigate BGP route decision making based on outdated RPKI data. OpenBGPD\'s companion rpki-client(8) produces roa-sets with the new \'expires\' property.
* Sat Jun 26 2021 Martin Hauke - Update to version 7.1
* During bgpd(8) config reloads prefixes of the wrong address family could leak to peers resulting in session resets.
* Support for RFC 7313 - Enhanced Route Refresh Disabled by default, to enable use \'announce enhanced refresh yes\'.
* Improve output of Adj-RIB-Out by updating nexthop and ASPATH before adding the prefix to the RIB. This improves `bgpctl show rib out` output.
* Add command line option to show the version
* Sun Jun 06 2021 Martin Hauke - Update to version 7.0
* Stop processing queued UPDATES when the max-prefix limit was reached.
* Improve negotiation for route refresh, graceful restart and multi-protocol capabilities
* Correctly track \'rde evaluate all\' and \'export\' settings during reload.
* Properly withdraw prefixes when \'rde evaluate all\' is used.
* Fix MRT handling on initial startup for message dump types.
* Fix and use non-blocking connect for RTR sessions.
* Fully implement RFC 6286 by checking for BGP ID collisions.
* Adjust the 4-byte AS number handling to RFC 6793 by changing error behaviour from prefix witdraw to attribute discard.
* In bgpctl print out both the sent \"Neighbor capabilities\" and the \"Negotiated capabilities\" for a session.
* Print timestamps both as a formatted and a pure time in seconds filed in various JSON objects.
* Sun May 02 2021 Martin Hauke - Update to version 6.9p0
* Introduced bgpd(8) \'rde evaluate all\' to reduce path hiding in IXP route-server environments.
* Added RTR support to OpenBGPD.
* Added bgpctl(8) \"show rtr\" to display basic information about RTR sessions.
* Added bgpctl(8) \"show sets\" to display information about the roa-set, as-sets and prefix-sets loaded into bgpd(8).
* Properly implemented \"rde med compare strict\" in bgpd(8) and ensured that the order of prefixes is always correct.
* Introduced the bgpd.conf(5) per neighbor and global config option \"reject as-set yes/no\" to allow rejection of received UPDATES with AS_SET segments. These rejected prefixes can be viewed with `bgpctl show rib in error`.
* No longer allow configuration of the same neighbor multiple times.
* Introduced a send hold timer in bgpd(8) to detect stalls on the sending side of a TCP connection, acting as a last resort to detect faulty peers.
  
ICM