1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
## 8.8 - 2025-02-06
* Improve default multiproto capability announcement selection.
The default MP capability is only set if no other capability is
configured on the neighbor.
* The `reject as-set` configuration option now defaults to yes.
Route announcements with AS_SET segments in the AS_PATH Attribute
will be rejected. See draft-ietf-idr-deprecate-as-set-confed-set
for more information.
* The RFC 8654 Extended Message configuration changed from
"announce extended (yes|no|enforce)" to
"announce extended message (yes|no|enforce)"
* RFC 8950 - Extended nexthop encoding support in the RIB.
* Preliminary support for EVPN in the RIB.
* When "transparent-as yes" is set, well-known BGP communities are
passed on according to RFC 7947. This means that IX Route Servers
transparently pass through NO_EXPORT, NO_ADVERTISE, etc.
* Fix an error introduced in the previous release that prevented
sessions from staying down.
* Fix add-path send support using best, ecmp, or as-wide-best mode
which was not working correctly in the previous release.
* Fix FIB handling on FreeBSD when an interface is destroyed.
* Make the example bgpd.conf work out of the box with 4byte ASN.
## 8.7 - 2024-12-16
* Cache the Adj-RIB-Out for sessions that have not been down for
more than 1h. This significantly improves synchronisation time
of peers that flap.
* Implement RFC 8538: Notification Message Support for
BGP Graceful Restart.
* Add support for RFC 8654, extended messages.
* In bgplgd add additional endpoints to query the Adj-RIB-In and
Adj-RIB-Out.
* Bump internal message size limit to 128k and handle up to 10 000
ASPA SPAS entries as suggested in draft-ietf-sidrops-aspa-profile.
* Various improvements to the ibuf API including a new reader API
which is used to make all message parsing in bgpd memory safe.
* Added support for IPsec and TCP MD5 to RTR sessions.
## 8.6 - 2024-09-19
* Filtered prefixes are now included in the Local-RIB if the config
option 'rde rib Loc-RIB include filtered' is set.
* Add 'bgpctl show rib filtered' to show filtered prefixes.
* Add 'min-version' RTR config option and default to RTR version 1.
Set min-version to 2 to enable draft-ietf-sidrops-8210bis-14 and
ASPA support or better define the ASPA table in the config.
* Adjust RTR ASPA pdu parser to follow draft-ietf-sidrops-8210bis-14
* Check the max_prefix and max_out_prefix limits on config reload.
* Fix race condition between TCP-MD5 key removal and session closure
to ensure all messages are sent with the proper TCP-MD5 signature.
* Fix 'nexthop qualify via bgp' by re-evaluating the nexthops when
a BGP route is added to the FIB.
* Handle the CLUSTER_LIST attribute according to RFC7606.
* Fix some undefined or non-portable behaviour when handling
NULL / 0-sized objects.
## 8.5 - 2024-06-26
* Include OpenBSD 7.5 errata 004:
Repair a withdraw desyncronization problem in bgpd(8).
Affected are OpenBGPD 8.2, 8.3 and 8.4.
* Fix Linux TCP MD5 autoconf detection and improve the code to work
in all cases.
* Double peer description length to 64 characters.
* Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.
* Sessions over IPv6 link-local addresses are now always considered
to be connected.
* Allow operators to enforce the presence of certain capabilities.
* Improve capability negotiation and remove 'announce capabilities'.
The 'announce capabilities [yes|no]' neighbor config option needs to be
removed from configuration files. Instead individual capabilities
need to be disabled.
* Improve negotiation of the multi-protocol capability and the fallback
to IPv4 only mode.
* Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).
* Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.
* Convert the remaining session engine parsers to the new ibuf API.
* Various changes to autoconf and portable headers for NetBSD support.
## 8.4 - 2024-03-07
* Rewrite the internal message passing mechanism to use a new
memory-safe API.
* Rewrite most protocol parsers to use the new memory-safe API.
Convert the UPDATE parser, all of RTR, as well as both the MRT
dump code in bgpd and the parser in bgpctl.
* Improve RTR logging, error handling and version negotiation.
* Switch to autoconf 2.71 to generate the supplied configure scripts.
## 8.3 - 2023-10-13
* bgpd 8.1 and 8.2 could send a bad COMMUNITY attribute when
non-transitive ext-communities are present. A workaround is to
add a filter rule to clear non-transitive ext-communities:
match to ebgp set ext-community delete ovs *
This fix is included in OpenBSD 7.4.
* Fix a possible fatal error in the RDE when "announce add-path send all"
is used. The error is triggered by an ineligible path which is wrongly
distributed.
* Fix selection of the local nexthop for the alternate address family.
This is used by 'announce IPv6 unicast' over an IPv4 session or
vice-versa.
## 8.2 - 2023-10-02
* Update ASPA support to follow draft-ietf-sidrops-aspa-verification-16
and draft-ietf-sidrops-aspa-profile-16 by making the ASPA lookup
tables AFI-agnostic.
* Fix a fatal error in the Linux netlink parser which was triggered
because of a mismatched netlink message size.
* Rework UPDATE message generation to use the new ibuf API instead
of the hand-rolled solution before.
* Improve error message in bgpctl for features not supported by the
portable version of OpenBGPD.
* Adjusted example GRACEFUL_SHUTDOWN filter rule in the example config
to only match on ebgp sessions.
## 8.1 - 2023-07-12
* Include OpenBSD 7.3 errata 002:
Avoid fatal errors in bgpd(8) due to incorrect refcounting and
mishandling of ASPA objects. Fix bgpctl(8) 'show rib in' by renaming
'invalid' into 'disqualified'.
* Include OpenBSD 7.3 errata 006:
Incorrect length handling of path attributes in bgpd(8) can lead to a
session reset.
* Include OpenBSD 7.3 errata 009:
When tracking nexthops over IPv6 multipath routes, or when receiving
a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.
When checking the next hop for IPv6 multipath routes, or when receiving
a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.
* Add configure options to adjust WWW_USER and wwwrunstatedir.
* Fix 'ext-community * *' matching which also affects filters removing
all ext-commuinites.
* Limit the socket buffer size to 64k for all sessions.
Limiting the buffer size to a reasonable size ensures that not too many
updates end up queued in the TCP stack.
## 8.0 - 2023-05-04
* Include OpenBSD 7.3 errata 001 (link: https://www.openbsd.org/errata73.html#p001_bgpd):
A new ASPA object appeared in the RPKI ecosystem and exposed bugs in
bgpd(8) and rpki-client(8).
* Introduce a semaphore to protect intermittent RTR session data
from being published to the RDE.
* Add first version of flowspec support. Right now only announcement
of flowspec rules is possible.
* Improve and extend the bgpctl parser to handle commands like
`bgpctl show rib 192.0.2.0/24 detail`. Also add various flowspec
specific commands.
## This document contains the changelogs as posted in each release announcement on the OpenBSD mailing list.
|