OpenBSD 4.7 released

OpenBSD 4.7 is here. To get the files for this release either order a CDROM or check out one of the FTP page for a list of mirrors.

OpenBGPD, OpenOSPFD and other routing daemon improvements:

  • Update capability code in bgpd(8) to follow RFC 5492.
  • BGP MPLS VPN (RFC 4364) support added to the bgpd RIB.
  • In bgpd(8), implement the RFC4486 BGP Cease Notification Message subcodes.
  • It is now possible to enable/disable specific BGP capabilities.
  • Update bgpctl(8) irrfilter to support IPv6 and 4-byte AS numbers.
  • Minimal router-dead-time of 1 second and sub-second hello intervals added to ospfd(8). Additionally it is now possible to specify sub-second SPF timers for faster route fail-over.
  • ospf6d(8) is now installed by default. The RIB can be synced with the kernel routing table now. Support for AS-ext LSA has been added. This is still work-in-progress but testing is highly appreciated.
  • ldpd — the MPLS label distribution protocol daemon — is now installed by default. A custom kernel with option MPLS is needed to use it.

Generic network stack improvements:

  • brconfig is now integrated into ifconfig(8)
  • Added vether(4), a virtual Ethernet device.
  • Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs.
  • In dhcpd(8), echo back the Relay Agent Information option if present, and add support for the ipsec-tunnel hardware type.
  • Make dhcrelay(8) pick up the routing domain from the specified interface and use that rdomain for relaying the packets to the server.
  • Added support in dhcrelay(8) for RFC3046 “DHCP-over-ipsec”.
  • Make the tcpdump(8) BGP OPEN capability parser RFC 5492 compliant.
  • Added an exec command to route(8) to run a process and its children in a specified routing domain.
  • ifconfig(8) now deals with more than 64 alias addresses.
  • Various fixes to mbuf defragmenting and mbuf chain copying improve reliability.

Install/Upgrade process changes:

  • Take more care to ensure all filesystems are umount’ed when restarting an install or upgrade.
  • If no possible root disk is found, keep checking until one appears.
  • The default ftp directory for -stable is now the release directory instead of the snapshot directory.
  • Selection of TZ during installs is no longer confused by trailing slashes.
  • If /etc/X11 is found during upgrades, add the X sets to the list of default sets to install.