Date: Fri, 6 Jun 2025 11:17:17 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 311ad5bc811d - main - UPDATING: document recent pf changes Message-ID: <202506061117.556BHHJP083811@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=311ad5bc811d0d14da772cbb1333970266194ec7 commit 311ad5bc811d0d14da772cbb1333970266194ec7 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-05-28 08:46:26 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-06-06 11:16:01 +0000 UPDATING: document recent pf changes Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D50664 --- UPDATING | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/UPDATING b/UPDATING index bee8b348f113..b12d31f4bec9 100644 --- a/UPDATING +++ b/UPDATING @@ -31,6 +31,16 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW: LinuxKPI dma-mapping.h were pulled into the tree from drm-kmod. Bump _FreeBSD_version to 1500045 to be able to detect this change. +20250527: + pf changed extension header handling. It now treats AH headers on IPv4 just + like AH headers on IPv6 and skips over them, allowing filtering on the inner + protocol. + +20250527: + pf now blocks IPv6 packets with a hop-by-hop or destination options header by + default. Such packets can be passed by adding "allow-opts" to the rule. IPv6 + options are now handled just like their IPv4 counterparts. + 20250527: The CAM target layer userland, i.e. ctld(8), ctladm(8) and ctlstat(8), has moved to the new FreeBSD-ctl package. If you use pkgbase and you
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506061117.556BHHJP083811>