svn commit: r217227 - in releng/8.2/release/doc: de_DE.ISO8859-1
en_US.ISO8859-1/relnotes fr_FR.ISO8859-1 ja_JP.eucJP
ru_RU.KOI8-R share/sgml zh_CN.GB2312
Hiroki Sato
hrs at FreeBSD.org
Mon Jan 10 18:02:48 UTC 2011
Author: hrs
Date: Mon Jan 10 18:02:47 2011
New Revision: 217227
URL: http://svn.freebsd.org/changeset/base/217227
Log:
- Bump version numbers for the upcoming release.
- Clean up old entries.
Approved by: re (implicit)
Deleted:
releng/8.2/release/doc/de_DE.ISO8859-1/
releng/8.2/release/doc/fr_FR.ISO8859-1/
releng/8.2/release/doc/ja_JP.eucJP/
releng/8.2/release/doc/ru_RU.KOI8-R/
releng/8.2/release/doc/zh_CN.GB2312/
Modified:
releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml
releng/8.2/release/doc/share/sgml/release.ent
Modified: releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml
==============================================================================
--- releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jan 10 17:45:09 2011 (r217226)
+++ releng/8.2/release/doc/en_US.ISO8859-1/relnotes/article.sgml Mon Jan 10 18:02:47 2011 (r217227)
@@ -15,7 +15,7 @@
<pubdate>$FreeBSD$</pubdate>
<copyright>
- <year>2010</year>
+ <year>2011</year>
<holder role="mailto:doc at FreeBSD.org">The &os; Documentation Project</holder>
</copyright>
@@ -132,64 +132,24 @@
<tbody>
<row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc"
- >SA-09:15.ssl</ulink></entry>
- <entry>3 Dec 2009</entry>
- <entry><para>SSL protocol flaw</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc"
- >SA-09:16.rtld</ulink></entry>
- <entry>3 Dec 2009</entry>
- <entry><para>Improper environment sanitization in &man.rtld.1;</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
- >SA-09:17.freebsd-update</ulink></entry>
- <entry>3 Dec 2009</entry>
- <entry><para>Inappropriate directory permissions in &man.freebsd-update.8;</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc"
- >SA-10:01.bind</ulink></entry>
- <entry>6 Jan 2010</entry>
- <entry><para>BIND &man.named.8; cache poisoning with DNSSEC validation</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc"
- >SA-10:02.ntpd</ulink></entry>
- <entry>6 Jan 2010</entry>
- <entry><para>ntpd mode 7 denial of service</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc"
- >SA-10:03.zfs</ulink></entry>
- <entry>6 Jan 2010</entry>
- <entry><para>ZFS ZIL playback with insecure permissions</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc"
- >SA-10:04.jail</ulink></entry>
- <entry>27 May 2010</entry>
- <entry><para>Insufficient environment sanitization in &man.jail.8;</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc"
- >SA-10:05.opie</ulink></entry>
- <entry>27 May 2010</entry>
- <entry><para>OPIE off-by-one stack overflow</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
- >SA-10:06.nfsclient</ulink></entry>
- <entry>27 May 2010</entry>
- <entry><para>Unvalidated input in nfsclient</para></entry>
- </row>
- <row>
- <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc"
- >SA-10:07.mbuf</ulink></entry>
- <entry>13 July 2010</entry>
- <entry><para>Lost mbuf flag resulting in data corruption</para></entry>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc"
+ >SA-10:08.bzip2</ulink></entry>
+ <entry>20 September 2010</entry>
+ <entry><para>Integer overflow in bzip2 decompression</para></entry>
+ </row>
+<!-- XXX: not for 8.2
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:09.pseudofs.asc"
+ >SA-10:09.pseudofs</ulink></entry>
+ <entry>10 October 2010</entry>
+ <entry><para>Spurious mutex unlock</para></entry>
+ </row>
+-->
+ <row>
+ <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-10:10.openssl.asc"
+ >SA-10:10.openssl</ulink></entry>
+ <entry>29 November 2010</entry>
+ <entry><para>OpenSSL multiple vulnerabilities</para></entry>
</row>
</tbody>
</tgroup>
@@ -199,1272 +159,68 @@
<sect2 id="kernel">
<title>Kernel Changes</title>
- <para>The &man.ddb.4; debugger has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>It now supports <command>show
- ifnets</command> and <command>show ifnet <replaceable>struct
- ifnet *</replaceable></command> commands to print a list of
- <quote>ifnet *</quote> of each virtual network stack and
- fields of specified <varname>fip</varname>,
- respectively.</para>
- </listitem>
-
- <listitem>
- <para>It now supports <command>show all
- lltables</command>, <command>show lltable
- <replaceable>struct lltable *</replaceable></command>, and
- <command>show llentry <replaceable>struct llentry
- *</replaceable></command> commands to print a list of
- <quote>lltable *</quote> of each virtual network stack,
- fields of specified structures respectively.</para>
- </listitem>
-
- <listitem>
- <para>The <command>show mount</command> command now prints
- active string mount options.</para>
- </listitem>
-
- <listitem>
- <para>It now supports <command>show
- vnetrcrs</command> command to dump the whole log of
- distinctive <varname>curvnet</varname> recursion
- events.</para>
- </listitem>
-
- <listitem>
- <para>It now supports <command>show
- vnet_sysinit</command> and <command>show
- vnet_unsysinit</command> commands to print
- ordered call lists.</para>
- </listitem>
- </itemizedlist>
-
- <para>A new kernel thread called <quote>deadlock
- resolver</quote> has been added. This can be used to detect
- possible deadlock by using information of thread state and
- heuristic analysis. This is not enabled by default. To
- enable this, an option <option>option DEADLKRES</option> in
- kernel configuration file and recompilation of the
- kernel.</para>
-
- <para>The default &man.devfs.5; rules now expose the upper 256
- of &man.pty.4; device nodes.</para>
-
- <para>Two commands to enable/disable read-ahead have been added
- to &man.fcntl.2; system call:</para>
-
- <itemizedlist>
- <listitem>
- <para><varname>F_READAHEAD</varname> specifies the amount
- for sequential access. The amount is specified in bytes and is
- rounded up to nearest block size.</para>
- </listitem>
-
- <listitem>
- <para><varname>F_RDAHEAD</varname> is a Darwin compatible
- version that use 128KB as the sequential access
- size.</para>
- </listitem>
- </itemizedlist>
-
- <para>Note that the read-ahead amount is also limited by
- sysctl variable <varname>vfs.read_max</varname>, which may
- need to be raised in order to better utilize this
- feature.</para>
-
- <para>The &man.lindev.4; driver has been added. This is for
- supporting various Linux-specific pseudo devices such as
- <filename>/dev/full</filename>. Note that this is not
- included in <filename>GENERIC</filename> kernel.</para>
-
- <para>A POSIX function pselect(3) has been reimplemented as a
- system call &man.pselect.2; to eliminate race
- condition.</para>
-
- <para>A kernel option <option>option
- INCLUDE_CONFIG_FILE</option> has been added to
- <filename>GENERIC</filename> kernel by default.</para>
-
- <para>A bug in the &man.sched.4bsd.4; scheduler that the
- timestamp for the sleeping operation is not cleaned up on the
- wakeup has been fixed.</para>
-
- <para>A race condition in the &man.sched.4bsd.4; scheduler has
- been fixed.</para>
-
- <para>A bug in the &man.sched.ule.4; scheduler which prevented
- process usage (<literal>%CPU</literal>) from working correctly
- has been fixed.</para>
-
- <para>New SDT (Statically Defined Tracing) probes such as ones
- for <literal>opencrypto</literal> and <literal>vnet</literal>
- have been added to &os; &man.dtrace.1; subsystem.</para>
-
- <para arch="powerpc">&os; now supports SMP in PowerPC G5
- systems. Note that SMP support on &os;/&arch.powerpc; is
- disabled by default in <filename>GENERIC</filename>
- kernel.</para>
-
- <para arch="sparc64">&os; now supports UltraSPARC IV, IV+, and
- SPARC64 V CPUs.</para>
-
- <para>The &man.syscons.4; driver has been improved. The history
- buffer can be fully saved/restored in the VESA mode switching
- via a loader tunable
- <varname>hint.sc.<replaceable>0</replaceable>.vesa_mode</varname>.</para>
-
- <para>A bug in the &man.tty.4; driver that
- <varname>TIOCSTI</varname> did not work has been fixed. This
- affects applications like &man.mail.1;.</para>
-
- <para arch="amd64,i386">An x86 real mode emulator based on
- OpenBSD's x86emu implementation has been added to improve real
- mode BIOS call support on both &arch.i386; and &arch.amd64;.
- The &man.atkbdc.4;, &man.dpms.4;, vesa(4), &man.vga.4; driver
- now use this emulator and work on the both platforms.</para>
-
- <para>The VIMAGE &man.jail.8; virtualization container can work
- with &man.sctp.4; now. Note that the VIMAGE is not enabled by
- default in <filename>GENERIC</filename> kernel.</para>
-
- <para>The VIMAGE &man.jail.8; now supports
- <varname>ip4.saddrsel</varname>,
- <varname>ip4.nosaddrsel</varname>,
- <varname>ip6.saddrsel</varname>, and
- <varname>ip6.nosaddrsel</varname> to control whether to use
- source address selection or the primary jail address for
- unbound outgoing connections. The default value is to use
- source address selection.</para>
+ <para></para>
<sect3 id="boot">
<title>Boot Loader Changes</title>
- <para arch="pc98">The <filename>boot2</filename> bootcode has
- been reimplemented based on the &arch.i386 counterpart. It
- now supports ELF binary, UFS2 file system, and larger number
- of slices.</para>
-
- <para arch="ia64">The EFI <filename>loader</filename> program
- now supports a command-line option <option>-dev
- <replaceable>currdev</replaceable></option> to specify the
- default value of <varname>currdev</varname>. This option
- can be set by the EFI boot manager.</para>
-
- <para arch="powerpc">The &man.loader.8; program now supports
- U-Boot storage.</para>
-
- <para arch="i386">The algorithm the &man.loader.8; uses has
- been improved to choose a memory range for its heap when
- using a range above 1MB. This fixes a symptom that the
- loader fails to load a kernel.</para>
-
- <para>A kernel environment variable
- <varname>vfs.root.mountfrom</varname> now supports
- multiple elements for root file system in a space-separated
- list. Each list element will be tried in order and the
- first available one will be mounted.</para>
-
- <para>The <filename>zfsloader</filename> has been added. This
- is a separate &man.zfs.8; enabled loader. Note that a ZFS
- bootcode (<filename>zfsboot</filename> or
- <filename>gptzfsboot</filename>) need to be installed
- to use this new loader.</para>
-
- <para>The <filename>zfsboot</filename> and
- <filename>gptzfsboot</filename> bootcode now fully support
- 64-bit LBAs for disk addresses. This allows booting from
- large volumes.</para>
+ <para></para>
</sect3>
<sect3 id="proc">
<title>Hardware Support</title>
- <para arch="powerpc">The <filename>adb</filename> driver now
- supports for interpreting taps on ADB touchpads as a button
- click.</para>
-
- <para>The amdsbwd(4) driver for AMD SB600/SB7xx watchdog
- timer has been added.</para>
-
- <para arch="powerpc">The <filename>apt</filename> driver for
- the Apple Touchpad present on MacBook has been added to
- <filename>GENERIC</filename> kernel.</para>
-
- <para arch="sparc64">The epic(4) driver for the front panel
- LEDs in Sun Fire V215/V245 has been added.</para>
-
- <para>A bug in the &man.ipmi.4; driver that caused incorrect
- watchdog timer setting has been fixed.</para>
-
- <para arch="sparc64">The &man.pci.4; driver now supports a
- JBus to PCIe bridge (called as <quote>Fire</quote>) found in
- the Sun Fire V215/V245 and Sun Ultra 25/45 machines.</para>
-
- <para arch="powerpc">The &man.smu.4; driver now provides
- thermal management and monitoring features. This allows fan
- control and thermal monitoring on SMU-based Apple G5
- machines, as well as an &man.led.4; interface to control the
- sleep LED.</para>
-
- <para>The &man.tnt4882.4; driver for IEEE-488 (GPIB) bus now
- supports National Instruments TNT5004 chip.</para>
-
- <para>The &man.uart.4; driver now supports NetMos NM9865
- family of Serial/Parallel ports.</para>
-
- <para>The &man.uep.4; driver for USB onscreen touch panel
- from eGalax has been added. This driver is supported by
- <filename>x11-drivers/xf86-input-egalax</filename>.</para>
-
- <para>A bug in the &man.uftdi.4; driver that can allow to send
- a zero length packet has been fixed.</para>
-
- <para>The &man.usb.4; subsystem now reports &man.devd.8;
- <literal>notify</literal> events with the device properties
- instead of <literal>attach</literal> events. The following is an
- example entry of &man.devd.conf.5; to match a &man.umass.4;
- device with a SCSI subclass and BBB protocol:</para>
-
- <programlisting>notify 100 {
- match "system" "USB";
- match "subsystem" "INTERFACE";
- match "type" "ATTACH";
- match "intclass" "0x08";
- match "intsubclass" "0x06";
- match "intprotocol" "0x50";
- action "/path/to/command -flag";
-};</programlisting>
+ <para></para>
<sect4 id="mm">
<title>Multimedia Support</title>
- <para>The &man.acpi.video.4; driver now supports LCD
- brightness control notify handler.</para>
-
- <para>The &man.acpi.sony.4; helper driver now supports
- default display brightness, wired LAN power, and bass
- gain.</para>
-
- <para>The &man.agp.4; driver has been improved. It includes
- a fix for aperture size calculation issue which prevents
- some graphics cards from working.</para>
-
- <para>The &man.snd.hda.4; driver now allows AD1981HD codecs
- to use playback mixer.</para>
-
- <para>The &man.snd.hda.4; driver now supports multichannel
- (4.0 and 7.1) playback support. The 5.1 mode support is
- disabled now due to unidentified synchronization problem.
- Devices which supports the 7.1 mode can handle the 5.1
- operation via software upmix done by &man.sound.4;. Note
- that stereo stream is no longer duplicated to all
- ports.</para>
+ <para></para>
</sect4>
<sect4 id="net-if">
<title>Network Interface Support</title>
- <para>The &man.ath.4; driver now supports Atheros
- AR9285-based devices.</para>
-
- <para>A bug in the &man.ath.4; driver which causes a problem
- of AR5416-based chipsets including AR9285 has been fixed.</para>
-
- <para>The &man.bge.4; driver now supports BCM5761, BCM5784, and
- BCM57780-based devices.</para>
-
- <para>The &man.bge.4; driver now supports TSO (TCP
- Segmentation Offloading) on BCM5755 or newer
- controllers.</para>
-
- <para>A long-standing bug in the &man.bge.4; driver which
- was related to ASF heartbeat sending has been
- fixed.</para>
-
- <para>A long-standing stability issue of the &man.bce.4; and
- &man.bge.4; driver due to a hardware bug in its DMA
- handling when the system has more than 4GB memory has been
- fixed. This applies to BCM5714, BCM5715, and BCM5708
- controllers.</para>
-
- <para>A bug in the &man.bge.4; driver that incorrectly
- enabled TSO on BCM5754/BCM5754M controllers has been
- fixed.</para>
-
- <para>A bug in the &man.if.bridge.4; driver has been fixed.
- The MTU was set based on the firstly-added member even if
- the addition failed.</para>
-
- <para>The &man.if.bridge.4; driver now supports
- <varname>SIOCSIFMTU</varname> ioctl. For example,
- <command>ifconfig bridge0 mtu 1280</command> can change
- the MTU of <literal>bridge0</literal> to
- <literal>1280</literal>. Changing the MTU is allowed only
- when all members have the same MTU value.</para>
-
- <para>The &man.bwn.4; driver for Broadcom BCM43xx chipsets
- has been added.</para>
-
- <para>The &man.cxgb.4; driver has been updated to T3
- firmware 7.8.0.</para>
-
- <para>The &man.cxgb.4; driver now supports hardware
- filtering based on inspection of L2/L3/L4 headers.
- Filtering based on source IP address, destination IP
- address, source port number, destination port number,
- 802.1q VLAN frame tag, UDP, TCP, and MAC address is
- possible. The configuration can be done by the
- cxgbtool(8) utility. Note that cxgbtool(8) is in
- <filename>src/usr.sbin/cxgbtool</filename> but not
- compiled by default.</para>
-
- <para>The &man.em.4; driver has been updated to version
- 7.0.5.</para>
-
- <para>The et(4) driver now supports MSI and Tx checksum
- offloading of IPv4, TCP, and UDP.</para>
-
- <para>The &man.fxp.4; driver now exports the hardware MAC
- statistics via sysctl variables.</para>
-
- <para>The &man.igb.4; driver has been updated to version
- 1.9.5.</para>
-
- <para>The &man.iwn.4; driver has been updated. This
- includes various improvements and bugfixes regarding RF
- switch, bgscan support, suspend/resume support, locking
- issue, and more. The line <literal>device iwnfw</literal>
- in the kernel configuration file will include all firmware
- images.</para>
-
- <para>The &man.ixgbe.4; driver has been updated to version
- 2.2.0.</para>
-
- <para>The &man.msk.4; driver has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>It now supports Marvell Yukon 88E8042, 88E8057,
- 88E8059 (Yukon Optima) devices and DGE-560SX (Yukon
- XL).</para>
- </listitem>
-
- <listitem>
- <para>A rudimentary interrupt moderation with
- programmable countdown timer register has been
- implemented. The default parameter of the holdoff
- time is 100us and this can be changed via sysctl
- variable
- <varname>dev.mskc.<replaceable>0</replaceable>.int_holdoff</varname>.
- Note that the interrupt moderation is shared resource
- on a dual-port controllers and it is impossible to use
- separate interrupt moderation values for each
- port.</para>
- </listitem>
-
- <listitem>
- <para>A stability issue has been fixed. A heavy RX
- traffic while rebooting is in progress could prevent
- the system from working.</para>
- </itemizedlist>
-
- <para>The &man.mxge.4; driver has been updated to firmware
- version 1.4.50 from Myricom.</para>
-
- <para>The &man.re.4; driver no longer performs an
- unnecessary interface up/down during getting IP address
- via DHCP.</para>
-
- <para>The &man.re.4; driver now uses <literal>2048</literal>
- as PCIe Maximum Read Request Size. This improves bulk
- transfer performance.</para>
-
- <para>The &man.run.4; driver for Ralink
- RT2700U/RT2800U/RT3000U USB 802.11agn devices has been
- added.</para>
-
- <para>The sge(4) driver for Silicon Integrated Systems
- SiS190/191 Fast/Gigabit Ethernet has been added. This
- supports TSO and TSO over VLAN.</para>
-
- <para>The &man.ste.4; driver has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>The DMA handling has been improved.</para>
- </listitem>
-
- <listitem>
- <para>Wake-On-LAN is now supported.</para>
- </listitem>
-
- <listitem>
- <para>Unnecessary reinitialization of the
- interfaces has been eliminated.</para>
- </listitem>
-
- <listitem>
- <para>RX interrupt moderation with single shot timer has
- been implemented. The default parameter of the
- moderation time is 150us and this can be changed via
- sysctl variable
- <varname>dev.ste.<replaceable>0</replaceable>.int_rx_mod</varname>.
- Setting it 0 effectively disables the RX interrupt
- moderation feature.</para>
- </listitem>
- </itemizedlist>
-
- <para>The tsec(4) driver now supports &man.altq.4;.</para>
-
- <para>The &man.u3g.4; driver has been improved and now works
- with ZTE MF636, Option Gi0322, Globetrotter GE40x, and
- Novatel MC950D.</para>
-
- <para>The &man.uhso.4; driver for Option HSDPA USB devices
- has been added. A new &man.uhsoctl.1; userland utility
- can be used to initiate and close the WAN
- connection.</para>
-
- <para>The &man.vge.4; driver has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>The DMA handling has been improved.</para>
- </listitem>
-
- <listitem>
- <para>Wake-On-LAN is now supported.</para>
- </listitem>
-
- <listitem>
- <para>Unnecessary reinitialization of the
- interfaces has been eliminated.</para>
- </listitem>
-
- <listitem>
- <para>Hardware MAC statistics are now supported via sysctl variables
- <varname>dev.vge.<replaceable>0</replaceable>.stats</varname>.</para>
- </listitem>
-
- <listitem>
- <para>Interrupt moderation with single shot timer and
- scheme supported by VT61xx controllers have been
- implemented. The default parameters are tuned to
- generate interrupt less than 8k per second, and these
- parameters can be changed via sysctl variables
- <varname>dev.vge.<replaceable>0</replaceable>.int_holdoff</varname>,
- <varname>dev.vge.<replaceable>0</replaceable>.rx_coal_pkt</varname>,
- and
- <varname>dev.vge.<replaceable>0</replaceable>.tx_coal_pkt</varname>.
- Note that an up/down cycle is needed to make a
- parameter change take effect.</para>
- </listitem>
- </itemizedlist>
-
- <para>The &man.urtw.4; driver has been improved and now
- supports RTL8187B-based devices.</para>
-
- <para>The &os; Xen netfront driver has been improved in
- stability and performance.</para>
+ <para></para>
</sect4>
</sect3>
<sect3 id="net-proto">
<title>Network Protocols</title>
- <para>&os; flowtable now supports IPv6. This is for per-CPU
- caching flows as a means of accelerating L3 and L2 lookups
- as well as providing stateful load balancing when ECMP
- (Equal-Cost Multi-Path routing) is enabled by <option>option
- RADIX_MPATH</option>.</para>
-
- <para>A new capability flag <literal>LINKSTATE</literal> has
- been added to <varname>struct
- ifnet.if_capabilities</varname>. This indicates if the
- interface can check the link state or not. The
- &man.ifconfig.8; utility now shows this flag if
- supported.</para>
-
- <para>A new event handler <varname>iflladdr_event</varname>
- has been added. This signals that the L2 address on an
- interface has changed, and lets stacked interfaces such as
- &man.vlan.4; detect that their lower interface has changed
- and adjust things in order to keep working. This fixes an
- issue of &man.lagg.4; and &man.vlan.4; configuration.</para>
-
- <para>IPcomp (IP Payload Compression Protocol defined in RFC
- 2393) protocol is now enabled by default. Note that this
- requires <option>option IPSEC</option> in the kernel
- configuration file and <filename>GENERIC</filename> kernel
- does not include it. This functionality can be disabled by
- using a sysctl variable
- <varname>net.inet.ipcomp.ipcomp_enable</varname>.</para>
-
- <para>The &man.ipfw.4; subsystem including &man.dummynet.4;
- has been updated to <quote>ipfw3</quote> and various bugs
- have been fixed:</para>
-
- <itemizedlist>
- <listitem>
- <para>The major enhancement is a completely restructured
- version of &man.dummynet.4;, with support for different
- packet scheduling algorithms (loadable at runtime),
- faster queue/pipe lookup, and a much cleaner internal
- architecture and kernel/userland ABI which simplifies
- future extensions.</para>
- </listitem>
-
- <listitem>
- <para>All of O(N) sequences in the firewall rule
- evaluation removed from the kernel critical sections.
- The worst case is now O(log N).</para>
- </listitem>
-
- <listitem>
- <para>It now supports <literal>ipfw0</literal> pseudo
- interface for logging similar to &man.pflog.4;. A sysctl
- <varname>net.inet.ip.fw.verbose=0</varname> enables logging
- to <literal>ipfw0</literal>, and
- <varname>net.inet.ip.fw.verbose=1</varname> sends logging to
- &man.syslog.3; as before.</para>
- </listitem>
-
- <listitem>
- <para>The <literal>me</literal> keyword in the &man.ipfw.4;
- rule now matches any IPv6 addresses configured on an
- interface as well as IPv4 ones.</para>
- </listitem>
-
- <listitem>
- <para>A bug that <command>keep-alive</command> rule did
- not work for IPv6 packets has been fixed.</para>
- </listitem>
-
- <listitem>
- <para>The <literal>lookup</literal> match option has been added.</para>
-
- <programlisting>lookup {dst-ip|src-ip|dst-port|src-port|uid|jail} <replaceable>N</replaceable></programlisting>
-
- <para>This searches the specified field in table
- <replaceable>N</replaceable> and sets
- <literal>tablearg</literal> accordingly. With
- <literal>dst-ip</literal> or <literal>src-ip</literal>
- the option replicates two existing options. When used
- with other arguments, the option can be useful to
- quickly dispatch traffic based on other fields.</para>
- </listitem>
-
- <listitem>
- <para>A bug in the &man.sysctl.8; variable
- <varname>ip.fw.one_pass</varname> handling has been
- fixed. A packet which comes from a pipe without being
- delayed incorrectly ignored this variable.</para>
- </listitem>
- </itemizedlist>
-
- <para>A memory alignment issue in the &man.ng.ksocket.4; and
- &man.ng.ppp.4;, Netgraph node drivers have been fixed. This
- fixes kernel panics due to the misalignment.</para>
-
- <para>The &man.ng.bridge.4; and &man.ng.hub.4; Netgraph node
- drivers now supports a flag <literal>persistent</literal>.
- It disables automatic node shutdown when the last hook gets
- disconnected. The new control messages
- <literal>NGM_BRIDGE_SET_PERSISTENT</literal> and
- <literal>NGM_HUB_SET_PERSISTENT</literal> have been added
- for the flag.</para>
-
- <para>The &man.pf.4; subsystem now supports
- <literal>sloppy</literal> keyword to enable a TCP state
- machine for tracking TCP connections with no sequence number
- check. This feature is in the latest version of
- <application>pf</application>.</para>
-
- <para>The &man.pfil.9; framework for packet filtering in &os;
- kernel now supports separate packet filtering instances like
- &man.ipfw.4; for each VIMAGE jail.</para>
-
- <para>A bug that proxy ARP entries cannot be added over
- point-to-point link types has been fixed.</para>
-
- <para>The &man.tap.4; pseudo interface now reports the link
- state properly by updating <varname>if_link_state</varname>
- variable in the kernel.</para>
-
- <para>The &man.vlan.4; pseudo interface has been added to
- <filename>GENERIC</filename> kernel.</para>
-
- <para>The &man.vlan.4; pseudo interface now supports TSO (TCP
- Segmentation Offloading). The capability flag is named as
- <varname>IFCAP_VLAN_HWTSO</varname> and it is separated from
- <varname>IFCAP_VLAN_HWTAGGING</varname>. The &man.age.4;,
- &man.alc.4;, &man.ale.4;, &man.bce.4;, &man.bge.4;,
- &man.cxgb.4;, &man.jme.4;, &man.re.4;, and &man.mxge.4;
- driver support this feature.</para>
-
- <para>The &man.vlan.4; pseudo interface for IEEE 802.1Q VLAN
- now ignore renaming of the parent's interface name. The
- configured VLAN interfaces continue to work with the new
- name while previously the configurations were removed as the
- renaming happens.</para>
+ <para></para>
</sect3>
<sect3 id="disks">
<title>Disks and Storage</title>
- <para>The &man.ada.4; driver now supports
- <varname>BIO_DELETE</varname>. For SSDs this uses
- <literal>TRIM</literal> feature of <literal>DATA SET
- MANAGEMENT</literal> command, as defined by ACS-2
- specification working draft. For Compact Flash use
- <literal>CFA ERASE</literal> command, same as &man.ad.4;
- does. This change realizes restoring write speed of SSDs
- which supports <literal>TRIM</literal> command by doing
- <command>newfs -E
- <replaceable>/dev/ada1</replaceable></command>, for
- example.</para>
-
- <para>The &man.ahci.4; driver now supports SATA part of
- Marvell 88SE912x controllers.</para>
-
- <para>The &man.ahci.4; driver now supports FIS-based (Frame
- Information Structure) switching of port multiplier on
- supported controllers.</para>
-
- <para>The &man.ahd.4; driver now supports three separated
- error counters for correctable, uncorrectable, and fatal, in
- &man.sysctl.8; MIB.</para>
-
- <para>A new kernel option <option>option ATA_CAM</option> has
- been added. This turns &man.ata.4; controller drivers into
- &man.cam.4; interface modules. When enabled, this option
- deprecates all &man.ata.4; peripheral drivers and interfaces
- such as <filename>ad</filename> and
- <filename>acd</filename>, and allows &man.cam.4; drivers
- <filename>ada</filename>, and <filename>cd</filename> and
- interfaces to be natively used instead. Note that this is
- not enabled by default in the <filename>GENERIC</filename>
- kernel.</para>
-
- <para>A bug in the &man.ata.4; driver which can lead to
- interrupt storms and command timeouts has been fixed.</para>
-
- <para>USB mass storage device support in the &man.ata.4;
- driver has been removed. Note that this was not used in
- <filename>GENERIC</filename> kernel and the &man.umass.4;
- driver supports such devices for a long time.</para>
-
- <para>&os; &man.cam.3; SCSI framework has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>SATA and PATA support has been improved and it now
- recognizes more detail device capabilities. For example,
- the &man.ahci.4; and &man.siis.4; driver now reports maximum
- tag number to the framework to optimize the NCQ
- handling.</para>
- </listitem>
-
- <listitem>
- <para>A loader tunable
- <varname>kern.cam.boot_delay</varname> has been added.
- This controls the delay time before &man.cam.3; probes
- the attached devices.</para>
- </listitem>
-
- <listitem>
- <para>SCSI error recovery for devices on buses without
- automatic sense reporting has been improved. Typical
- devices are on ATAPI and USB. For example, this allows
- &man.cam.3; to wait, while CD drive loads disk, instead
- of immediately return error status.</para>
- </listitem>
-
- <listitem>
- <para>The &man.cam.4; ATA transport layer now supports
- Power-Up In Stand-by (PUIS). The PUIS is a configuration of
- SATA or PATA drives to prevent them from automatic spin-up
- when power is applied. A typical application is staggered
- spin-up.</para>
- </listitem>
-
- <listitem>
- <para>The &man.cam.4; ATA transport layer now supports
- negotiating and enabling additional SATA features such as
- device initiated power management, Automatic Partial to
- Slumber mode transition, and DMA auto-activation.</para>
- </listitem>
- </itemizedlist>
-
- <para>A livelock issue of the &man.ciss.4; driver under a high
- load has been fixed.</para>
-
- <para>A bug in the &man.fdc.4; driver which prevents the
- kernel module from unloading has been fixed.</para>
-
- <para>The &man.glabel.8; now supports the following sysctl
- variables for each label type to enable the labeling itself:</para>
-
- <programlisting>kern.geom.label.ext2fs.enable
-kern.geom.label.iso9660.enable
-kern.geom.label.msdosfs.enable
-kern.geom.label.ntfs.enable
-kern.geom.label.reiserfs.enable
-kern.geom.label.ufs.enable
-kern.geom.label.ufsid.enable
-kern.geom.label.gptid.enable
-kern.geom.label.gpt.enable</programlisting>
-
- <para>Note that all of them are also loader tunables. They
- are enabled (set as <literal>1</literal>) by default.</para>
-
- <para>&man.geom.8; providers including complex ones such as
- &man.gconcat.8;, &man.gmirror.8;, &man.graid3.8,
- &man.gstripe.8;, and some hardware RAID device drivers like
- &man.twa.4; now inform its optimal access block size to the
- upper layer.</para>
-
- <para>The &man.gmirror.8; utility now supports
- <command>configure <option>-p</option>
- <replaceable>priority</replaceable></command> command to
- change the providers priority.</para>
-
- <para>The balancing mode algorithm <literal>load</literal>
- used in the &man.gmirror.8; utility has been changed and it
- is now the default one instead of
- <literal>split</literal>:</para>
-
- <itemizedlist>
- <listitem>
- <para>Instead of measuring last request execution time for
- each drive and choosing one with smallest time, use
- averaged number of requests, running on each drive. This
- information is more accurate and timely. It allows to
- distribute load between drives in more even and
- predictable way.</para>
- </listitem>
-
- <listitem>
- <para>For each drive track offset of the last submitted
- request. If new request offset matches previous one or
- close for some drive, prefer that drive. It allows to
- significantly speedup simultaneous sequential reads.</para>
- </listitem>
- </itemizedlist>
-
- <para>The &man.gmultipath.8; utility now supports
- <command>destroy</command>, <command>rotate</command>,
- <command>getactive</command> commands.</para>
-
- <para>A bug in the &man.graid3.8; which causes a panic when a
- large request arrives has been fixed. This happens when
- <varname>MAXPHYS</varname> is set as larger than 128k.</para>
-
- <para>The default block size of &man.gstripe.8; has been
- increased from 4k to 64k.</para>
-
- <para>The <literal>GEOM_SCHED</literal> module has been added.
- This supports scheduling disk I/O requests in a device
- independent manner. A supported algorithm is an
- anticipatory scheduler <literal>gsched_rr</literal> which
- gives very nice performance improvements in presence of
- competing random access patterns. See also &man.gsched.8;
- manual page for more details.</para>
-
- <para>The HAST (Highly Available STorage) framework has been
- added:</para>
-
- <itemizedlist>
- <listitem>
- <para>This is a framework to allow transparently storing
- data on two physically separated machines connected over
- the TCP/IP network. HAST works in Primary-Secondary
- (Master-Backup, Master-Slave) configuration, which means
- that only one of the cluster nodes can be active at any
- given time. Only Primary node is able to handle I/O
- requests to HAST-managed devices. Currently HAST is
- limited to two cluster nodes in total.</para>
- </listitem>
-
- <listitem>
- <para>This operates on block level; it provides disk-like
- devices in <filename>/dev/hast/</filename> directory for
- use by file systems and/or applications. Working on
- block level makes it transparent for file systems and
- applications. There in no difference between using
- HAST-provided device and raw disk, partition, etc. All
- of them are just regular &man.geom.8; providers in
- &os;.</para>
- </listitem>
-
- <listitem>
- <para>The userland part consists of &man.hastd.8;,
- &man.hastctl.8;, and &man.hast.conf.5;. More details
- can be found at <ulink
- url="http://wiki.FreeBSD.org/HAST"></ulink>.</para>
- </listitem>
- </itemizedlist>
-
- <para>The &man.isp.4; driver has been improved in
- stability.</para>
-
- <para>The &man.mvs.4; CAM ATA driver for Marvell
- 88SX50XX/88SX60XX/88SX70XX/SoC SATA controllers has been
- added. This driver supports same hardware as the
- &man.ata.4; driver does, but provides many additional
- features, such as NCQ and PMP.</para>
-
- <para>The &man.siis.4; driver now enables MSI by default on
- SiI3124-based devices. This can be disabled by using a
- <varname>hint.siis.<replaceable>0</replaceable>.msi</varname>
- loader tunable.</para>
-
- <para>The Max Read Request Size in the &man.siis.4; driver for
- PCIe chips has been increased from 512 to 1024 bytes for
- better performance.</para>
-
- <para>The &man.twa.4; driver has been updated to the latest
- version from LSI.</para>
+ <para></para>
</sect3>
<sect3 id="fs">
<title>File Systems</title>
- <para>The &man.msdosfs.5; subsystem is now MP-safe and a race
- condition when a force unmount happens has been
- fixed.</para>
-
- <para>&os; NFS subsystem now supports a timeout for the
- negative name cache entries in the client. This avoids a
- bogus negative name cache entry from persisting forever when
- another client creates an entry with the same name within
- the same NFS server time of day clock tick. The mount
- option <option>negnametimeo</option> can be used to override
- the default timeout interval (60 seconds) on a
- per-mount-point basis. a Setting
- <option>negnametimeo</option> to <literal>0</literal>
- disables negative name caching for the mount point.</para>
-
- <para>A race condition in &os; NFS subsystem that occurs when
- &man.nfsiod.8; threads are being created has been fixed.
- This also fixes an interoperability issue found in
- combination of a &os; NFS client and a Linux NFS
- server.</para>
-
- <para>The inode number handling in &man.ffs.7; file system is
- now unsigned. Previously some large inode numbers can be
- treated as negative, and this issue shows up at file systems
- with the size of more than 16Tb in 16k block case. The
- &man.newfs.8; utility never create a file system with more
- than 2^32 inodes by cutting back on the number of inodes per
- cylinder group if necessary to stay under the limit.</para>
-
- <para>The UFS file system (&man.ffs.7;) now supports NFSv4
- ACL.</para>
-
- <para>&os; &man.VFS.9; subsystem now supports a new sysctl
- variable <varname>vfs.vlru_allow_cache_src</varname>. This
- allow <filename>vnlru</filename> kernel thread to reclaim
- of the directory vnodes that are source of the namecache
- records. This is not enabled by default because for
- typical workload it would make namecache unusable, but
- large nested directory tree easily puts any process that
- accesses file system into one second wait for
- <filename>vnlru</filename> kernel thread.</para>
-
- <para>The ZFS file system has been improved:</para>
-
- <itemizedlist>
- <listitem>
- <para>It now supports NFSv4 ACL.</para>
- </listitem>
-
- <listitem>
- <para>The L2ARC code has been improved in stability and
- performance.</para>
- </listitem>
-
- <listitem>
- <para>The zpool version has been updated to
- version 14. It is now possible to use zpools created on
- OpenSolaris 2009.06.</para>
- </listitem>
-
- <listitem>
- <para>A sysctl variable
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list