BSDSec

OpenBGPD 8.5 released

26 June, 2024 by claudio@openbsd.org | openbsd

We have released OpenBGPD 8.5, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Include OpenBSD 7.5 errata 004:
      Repair a withdraw desyncronization problem in bgpd(8).
      Affected are OpenBGPD 8.2, 8.3 and 8.4.

    * Fix Linux TCP MD5 autoconf detection and improve the code to work
      in all cases.

    * Double peer description length to 64 characters.

    * Improve handling of bgpd AFI IPv4 sessions over IPv6 only links.

    * Sessions over IPv6 link-local addresses are now always considered
      to be connected.

    * Allow operators to enforce the presence of certain capabilities.

    * Improve capability negotiation and remove 'announce capabilities'.
      The 'announce capabilities [yes|no]' neighbor config option needs to be
      removed from configuration files. Instead individual capabilities
      need to be disabled.

    * Improve negotiation of the multi-protocol capability and the fallback
      to IPv4 only mode.

    * Mark RTR and IPv6 BGP packets with DSCP CS6 (network control).

    * Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.

    * Convert the remaining session engine parsers to the new ibuf API.

    * Various changes to autoconf and portable headers for NetBSD support.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.