Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 The FreeBSD Documentation Project
$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/article.sgml,v
1.999 2007/02/22 05:31:39 delphij Exp $
FreeBSD is a registered trademark of the FreeBSD Foundation.
IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc in the United States and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
The release notes for FreeBSD 7.0-CURRENT contain a summary of the changes made to the FreeBSD base system on the 7-CURRENT development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.
This document contains the release notes for FreeBSD 7.0-CURRENT. It describes recently added, changed, or deleted features of FreeBSD. It also provides some notes on upgrading from previous versions of FreeBSD.
The snapshot distribution to which these release notes apply represents the latest point along the 7-CURRENT development branch since 7-CURRENT was created. Information regarding pre-built, binary snapshot distributions along this branch can be found at http://www.FreeBSD.org/snapshots/.
All users are encouraged to consult the release errata before installing FreeBSD. The errata document is updated with “late-breaking” information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for FreeBSD 7.0-CURRENT can be found on the FreeBSD Web site.
This section describes the most user-visible new or changed features in FreeBSD since 6.0-RELEASE. In general, changes described here are unique to the 7-CURRENT branch unless specifically marked as [MERGED] features.
Typical release note items document recent security advisories issued after 6.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to FreeBSD between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements.
A temporary file vulnerability in texindex(1), which could allow a local attacker to overwrite files in the context of a user running the texindex(1) utility, has been fixed. For more details see security advisory FreeBSD-SA-06:01.texindex. [MERGED]
A temporary file vulnerability in the ee(1) text editor, which could allow a local attacker to overwrite files in the context of a user running ee(1), has been fixed. For more details see security advisory FreeBSD-SA-06:02.ee. [MERGED]
Several vulnerabilities in the cpio(1) utility have been corrected. For more details see security advisory FreeBSD-SA-06:03.cpio. [MERGED]
An error in ipfw(4) IP fragment handling, which could cause a crash, has been fixed. For more details see security advisory FreeBSD-SA-06:04.ipfw. [MERGED]
A potential buffer overflow in the IEEE 802.11 scanning code has been corrected. For more details see security advisory FreeBSD-SA-06:05.80211. [MERGED]
Two instances in which portions of kernel memory could be disclosed to users have been fixed. For more details see security advisory FreeBSD-SA-06:06.kmem. [MERGED]
A logic bug in the IP fragment handling in pf(4), which could cause a crash under certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:07.pf. [MERGED]
A logic bug in the NFS server code, which could cause a crash when the server received a message with a zero-length payload, has been fixed. For more details see security advisory FreeBSD-SA-06:10.nfs. [MERGED]
A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks, has been fixed. For more details see security advisory FreeBSD-SA-06:11.ipsec. [MERGED]
A logic bug that could cause opiepasswd(1) to allow an unprivileged user to configure OPIE authentication for the root user under certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:12.opie. [MERGED]
An asynchronous signal handling vulnerability in sendmail(8), which could allow a remote attacker to execute arbitrary code with the privileges of the user running sendmail, typically root, has been fixed. For more details see security advisory FreeBSD-SA-06:13.sendmail. [MERGED]
[amd64, i386] An information disclosure issue found in the FreeBSD kernel running on 7th- and 8th-generation AMD processors has been fixed. For more details see security advisory FreeBSD-SA-06:14.fpu. [MERGED]
A bug in ypserv(8), which effectively disabled the /var/yp/securenets access control mechanism, has been corrected. More details are available in security advisory FreeBSD-SA-06:15.ypserv. [MERGED]
A bug in the smbfs file system, which could allow an attacker to escape out of chroot(2) environments on an smbfs mounted filesystem, has been fixed. For more details, see security advisory FreeBSD-SA-06:16.smbfs. [MERGED]
A potential denial of service problem in sendmail(8) caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message, has been fixed. For more details, see security advisory FreeBSD-SA-06:17.sendmail. [MERGED]
A potential buffer overflow condition in sppp(4) has been corrected. For more details, see security advisory FreeBSD-SA-06:18.ppp. [MERGED]
An OpenSSL bug related to validation of PKCS#1 v1.5 signatures has been fixed. For more details, see security advisory FreeBSD-SA-06:19.openssl. [MERGED]
A potential denial of service attack against named(8) has been fixed. For more details, see security advisory FreeBSD-SA-06:20.bind. [MERGED]
Several programming errors have been fixed in gzip(1). They could have the effect of causing a crash or an infinite loop when decompressing files. More information can be found in security advisory FreeBSD-SA-06:21.gzip. [MERGED]
Several vulnerabilities have been fixed in OpenSSH. More details can be found in security advisory FreeBSD-SA-06:22.openssh. [MERGED]
Multiple errors in the OpenSSL crypto(3) library have been fixed. Potential effects are varied, and are documented in more detail in security advisory FreeBSD-SA-06:23.openssl. [MERGED]
A bug that could permit corrupt archives to cause an infinite loop in libarchive(3) and tar(1) has been fixed. More details are available in FreeBSD-SA-06:24.libarchive. [MERGED]
A bug that could allow users in the operator group to read parts of kernel memory has been corrected. For more details, consult security advisory FreeBSD-SA-06:25.kmem. [MERGED]
A bug in the jail startup script that could permit privilege escalation via a symlink attack has been fixed. More information is available in FreeBSD-SA-07:01.jail. [MERGED]
Two remote denials of service in BIND (one involving DNSSEC and one involving recursive DNS queries) have been fixed. For more information, see security advisory FreeBSD-SA-07:02.bind. [MERGED]
acpi(4) now has basic support for the HPET time counter.
The
acpi_ibm(4)
driver now supports setting the fan control mode to manual or automatic, and adjusting
the fan speed if the fan control mode is manual. To enable manual control of the fan
speed, the sysctl variable dev.acpi_ibm.0.fan needs to be set to zero (manual). This
should only be used with extreme precaution, as disabling automatic fan control might
overheat the hardware and lead to permanent damage.
The apm(4) suspend/resume support has been improved.
Security event auditing is now supported in the FreeBSD kernel, and is enabled by the AUDIT kernel configuration option. More information can be found in the audit(4) manual page.
The options COMPAT_43 kernel configuration option has been deemed unnecessary and has been removed from GENERIC and related kernel configurations. This change may result in a small performance increase for some workloads.
The ddb(4) debugger now provides the show lock command. If the argument has a valid lock class, this displays various information about the lock and calls a new function pointer in lock_class (lc_ddb_show) to dump class-specific information about the lock as well (such as the owner of a mutex or xlock'ed sx lock). [MERGED]
The ddb(4) debugger now provides the show sleepq command. This takes a wait channel as an argument and looks for a sleep queue associated with that wait channel.
DEFAULTS kernel configuration files for each platform have been added. These files contain directives that are implicitly included in all kernel configurations, and generally include basic, mandatory functionality for each platform. [MERGED]
A bug in file descriptor handling such that a simple close(0); dup(fd) sequence does not return descriptor 0 in some cases, has been fixed.
The firmware(9) subsystem has been added. This subsystem provides a mechanism to load binary data into the kernel via a specially crafted module. [MERGED]
The
gdb(1) remote
debugging interface now supports copying console messages to a remote debugger instance.
To enable this, set debug.gdbcons="1" in loader.conf, enter boot -d; gdb; step from
the loader prompt, then attach
gdb(1) from a
remote machine. The sysctl variable debug.gdbcons can be
used to turn on/off this functionality.
hwpmc(4) and pmcstat(8) now support profiling of dynamically loaded kernel modules and shared objects loaded with dlopen(3). pmcstat(8) can now log over a network socket to a remote host.
Support for Kernel Scheduled Entities (KSE) is now a kernel option (previously it was a mandatory feature in the kernel). It is enabled in the GENERIC kernel (thus there is no change in functionality) for all platforms except sun4v.
The random(4) entropy device driver is now MPSAFE. [MERGED]
FreeBSD now supports concurrent read(2)/ readv(2) access to a file.
The experimental CORE process scheduler has been added, enabled with the options SCHED_CORE kernel configuration option. It is forked from the sched_ule(4) scheduler, but with a different algorithm for detecting an interactive process. More information can be found in the sched_core(4) manual page.
The SIGCHLD signal queuing has been added. For each child
process whose status has been changed, a SIGCHLD instance is
queued. If the signal is still pending, and the process changed status several times, the
signal information is updated to reflect the latest process status. There is a loader
tunable kern.sigqueue.queue_sigchild which can control the
behavior, setting it to zero disables the SIGCHLD queuing
feature.
[amd64, i386] Instead of including all of physical memory in a kernel crash dump, the
kernel now defaults to dumping only pages that are actively mapped into kernel virtual
memory. A new debug.minidump sysctl variable can be used to
turn off this behavior when set to zero. [MERGED]
A new sysctl variable kern.malloc_stats has been added.
This allows exporting of kernel malloc statistics via a binary structure stream.
A new sysctl variable kern.forcesigexit has been added.
This forces a process to sigexit if a trap signal is being held by the current thread or
ignored by the current process. It is enabled by default.
The pcvt(4) driver, an alternative to syscons(4), has been removed, as it had fallen out of sync with the rest of the kernel.
RedZone, a buffer corruption protection for the kernel malloc(9) facility has been implemented. This detects both buffer underflows and overflows at runtime on free(9) and realloc(9), and prints backtraces from where memory was allocated and from where it was freed. For more details, see the redzone(9) manual page.
A new sysctl variable security.mac.biba.interfaces_equal
which makes all network interfaces be created with the label biba/equal(equal-equal), has been added. This is useful where
programs such as
dhclient(8) and
ppp(8). which
initialize network interfaces do not have any labeling support. This variable is set as
0 (disabled) by default. [MERGED]
A new sysctl variable vm.zone_stats has been added. This
allows to export
uma(9) allocator
statistics via a binary structure stream.
The sysctl variable hw.pci.do_powerstate has been changed
from a boolean to a range. 0 means no power management, 1 means conservative power management which any device class that
has caused problems is added to the watch list, 2 means
aggressive power management where any device class that is not fundamental to the system
is added to the list, and 3 means power them all down
unconditionally. The default is 1.
[ia64] The GENERIC kernel now enables SMP support by default.
Sample kernel configuration files src/sys/arch/conf/MAC for the Mandatory Access Control framework have been added.
POSIX_TIMERS support has been updated to 200112L.
An experimental support for POSIX message queue has been implemented.
FreeBSD now runs on the Xbox, whose architecture is nearly identical to the i386. For details of the latest development, see http://www.FreeBSD.org/platforms/xbox.html. [MERGED]
A new option -S, which allows setting the boot2 serial console speed in the /boot.config file or on the boot:
prompt line, has been added.
[amd64, i386] A new loader tunable comconsole_speed to
change the serial console speed has been added. If the previous stage boot loader
requested a serial console, then the default speed is determined from the current serial
port speed. Otherwise it is set to 9600 or the value of the BOOT_COMCONSOLE_SPEED kernel option. [MERGED]
[pc98] A bootable CDROM loader has been implemented for the pc98 platform. [MERGED]
[i386] A bug in the i386 boot loader, which could cause filesystem corruption if a nextboot.conf file was used and landed after cylinder 1023, has been fixed. [MERGED]
The amdsmb(4) driver has been added. It provides support for the AMD-8111 SMBus 2.0 controller. [MERGED]
The cardbus(4), pccard(4), pccbb(4), and ex(4) drivers are now buildable as kernel modules.
An acpi_dock(4) driver has been added to provide support for controlling laptop docking station functions via ACPI.
The acpi_thermal(4) driver now supports passive cooling. [MERGED]
The acpi_thermal(4) driver now supports overriding the _PSV, _HOT, and _CRT temperature values.
Support for the alpha architecture has been removed. Alpha support will remain on the RELENG_5 and RELENG_6 codelines.
The cardbus(4) driver now supports /dev/cardbus%d.cis.
[i386, pc98] The ce(4) driver, which supports Cronyx Tau-PCI/32 adapters, has been added. [MERGED]
The est cpufreq(4) driver now supports frequency control for the VIA C7-M family of processors.
Support for the PadLock Security Co-processor in VIA C3, Eden, and C7 processors has been added to the crypto(9) subsystem. More information can be found in the padlock(4) manual page. [MERGED]
A bug which prevented the ichsmb(4) kernel module from unloading has been fixed.
[amd64, i386] Dual-core processors (such as the Intel Core Duo) now have both cores available for use by default in SMP-enabled kernels. [MERGED]
[amd64, i386] ipmi(4), an OpenIPMI compatible driver, has been added. OpenIPMI (Intelligent Platform Management Interface) is an open standard designed to enable remote monitoring and control of server, networking and telecommunication platforms. [MERGED]
The kbdmux(4) driver has been integrated into syscons(4) and the kbd device driver. By default syscons(4) will look for the kbdmux(4) keyboard first, and then, if not found, look for any keyboard. Switching to kbdmux(4) can be done at boot time by loading the kbdmux kernel module via loader(8), or at runtime via kldload(8) and releasing the active keyboard. [MERGED]
[amd64, i386] The kbdmux(4) driver is now included in the GENERIC kernel by default. Also, the “Boot FreeBSD with USB keyboard” menu item in the boot loader menu has been removed since this fixes USB keyboard probing problems. [MERGED]
The nfsmb(4) driver, which supports the NVIDIA nForce 2/3/4 SMBus 2.0 controller, has been added. [MERGED]
[ia64] The loader tunable debug.mpsafevfs is set to 1 by default.
The sab(4) driver has been removed (it has been superceded by the scc(4) driver).
The scc(4) driver has been added. This provides generic support for serial communications controllers and delegates the control over each channel and mode to a subordinate driver such as uart(4).
[amd64] The smbios(4) driver support for amd64 has been added.
[sun4v] FreeBSD now has preliminary support for the Sun Microsystems UltraSPARC-T1 architecture. FreeBSD/sun4v has been demonstrated to run on the Sun Fire T1000 and Sun Fire T2000 servers. More information can be found on the sun4v Project page.
The tnt4882(4) driver, which supports the National Instruments PCI-GPIB card, has been added.
[amd64, i386, ia64, sparc64] The uart(4) driver has been included in the GENERIC kernel by default. When both sio(4) and uart(4) can handle a given serial port, sio(4) will claim it.
The uart(4) driver now supports LOM (Lights Out Management) and RSC (Remote System Control) devices as consoles.
[i386] A new loader tunable hw.apic.enable_extint has
been added. This tunable can be used to disable masking of the ExtINT pin on the first
I/O APIC. At least one chipset for the Intel Pentium III seems to need this, even though
all of the pins in the 8259As are masked. The default is still to mask the ExtINT
pin.
[i386] Support has been improved for so-called “legacy-free” hardware, in particular, i386 systems without AT-style keyboard controllers such as the Macbook Pro. [MERGED]
The agp(4) driver now supports ATI AGP chipsets. [MERGED]
The new midi(4) driver which is based on NetBSD's one has been added. This supports snd_cmi(4) and snd_emu10k1(4) drivers.
The sound(4) driver now supports wider range sampling rate, multiple precisions choice, and 24/32 bit PCM format conversion. [MERGED]
The snd_als4000(4) driver is now MPSAFE. [MERGED]
The snd_atiixp(4) driver has been added. This supports ATI IXP 200/300/400 series audio controllers. [MERGED]
The snd_atiixp(4) driver now supports suspend and resume features.
The snd_cmi(4) driver is now MPSAFE.
The snd_emu10kx(4) driver has been added. It supports Creative SoundBlaster Live! and Audigy series sound cards with optional pseudo-multichannel playback.
The snd_envy24(4) driver has been added to support the Envy24 series of audio chips.
The snd_es137x(4) driver is now MPSAFE. [MERGED]
The snd_ich(4) driver is now MPSAFE. [MERGED]
The snd_solo(4) driver is now MPSAFE. [MERGED]
The snd_via8233(4) driver is now MPSAFE. [MERGED]
The snd_via82c686(4) driver is now MPSAFE. [MERGED]
[amd64] The speaker(4) driver now supports FreeBSD/amd64. [MERGED]
The uaudio(4) driver now supports 24/32 bit audio formats and conversion.
The ath(4) driver has been updated to HAL version 0.9.17.2. [MERGED]
[amd64, i386, pc98, sparc64] The ath(4), ath_hal(4), and ath_rate_sample drivers have been included in the GENERIC kernel by default. [MERGED]
[amd64, i386] The bce(4) driver, which supports Broadcom NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet controllers, has been added. For more details, see bce(4). [MERGED]
A bug which prevents the bfe(4) driver from working on a system with over 1GB RAM has been fixed. [MERGED]
The bge(4) driver's Jumbo frame support is now MPSAFE.
The bge(4) driver now supports big-endian architectures such as sparc64.
The bge(4) driver now supports polling(4) mode. [MERGED]
The cm(4) driver is now MPSAFE.
The dc(4) driver is now MPSAFE. [MERGED]
The de(4) driver has been converted to the bus_dma(9) API and is now MPSAFE.
The ed(4) driver is now MPSAFE.
The el(4) driver has been removed due to lack of use.
The em(4) driver now supports big-endian architectures such as sparc64. [MERGED]
The em(4) driver has been updated to version 6.2.9 from Intel. Among other changes, it now supports 80003, 82571, 82571EB and 82572 based adapters, as well as onboard-NICs on ICH8-based motherboards. [MERGED]
The em(4) driver now includes initial support for suspend and resume features.
The performance of the em(4) driver has been improved by using a fast interrupt handler and taskqueue instead of ithread handler. This change can be disabled by defining NO_EM_FASTINTR kernel option for debugging purpose.
The iwi(4) driver now supports big-endian architectures such as sparc64.
A number of improvements and bugfixes have been made to the functionality of the iwi(4) driver. This driver now requires the firmware image in the net/iwi-firmware-kmod port/package; prior versions of this driver used the net/iwi-firmware port/package. [MERGED]
The le(4) driver, which supports AMD Am7900 LANCE and Am79C9xx PCnet NICs, has been added. While the lnc(4) driver also supports these NICs, this driver has several advantages over it such as MPSAFE, ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI variants. This driver is based on NetBSD's implementation. [MERGED]
The lge(4) driver is now MPSAFE. [MERGED]
The lnc(4) driver has been removed. The le(4) and pcn(4) drivers support all devices that were supported by lnc(4).
The msk(4) driver has been added. It supports network interfaces using the Marvell/SysKonnect Yukon II Gigabit Ethernet controller.
The my(4) driver is now MPSAFE. [MERGED]
The my(4) driver now supports altq(4). [MERGED]
[amd64, i386] The mxge(4) driver, which supports Myricom Myri10GE 10 Gigabit Ethernet adapters, has been added. For more details, see mxge(4).
The nfe(4) driver, an open-source driver for nForce Ethernet devices, has been added, originally from OpenBSD.
The nve(4) driver has been updated to version 1.0-0310 (23-Nov-2005). It also now has altq(4) support. [MERGED]
The pcn(4) driver is now MPSAFE. [MERGED]
The re(4) driver now supports the D-Link DGE-528(T) Gigabit Ethernet card.
The sf(4) driver is now MPSAFE. [MERGED]
The sk(4) driver is now MPSAFE. [MERGED]
The ste(4) driver is now MPSAFE. [MERGED]
The stge(4) driver has been added. It supports the Sundance/Tamarack TC9021 Gigabit Ethernet controller and was ported from NetBSD. [MERGED]
The ti(4) driver now supports big-endian architectures such as sparc64.
The ufoma(4) driver for FOMA (third generation mobile phone system by NTT DoCoMo, Inc. in Japan) has been added. This should support other third generation mobile phones since the driver is based on USB Implementation Guideline from MCPC (Mobile Computing Promotion Consortium) in Japan.
The vgapci(4) driver has been added. This is a stub device driver for VGA PCI devices and serves as a bus so that other drivers such as drm(4), acpi_video(4), and agp(4) can attach to it thus allowing multiple drivers for the same device.
The wi(4) driver is now buildable as a kernel module.
[amd64, i386, pc98] The wlan_wep(4), wlan_ccmp(4), and wlan_tkip(4) drivers have been included in the GENERIC kernel by default.
The network interface groups feature has been imported from OpenBSD. This feature allows an administrator to, for example, apply firewall rules to an entire group of interfaces. More information can be found in ifconfig(8).
The
arp(4)
retransmission algorithm has been rewritten so that ARP requests are retransmitted
without suppression, while there is demand for such ARP entry. Due to this change, a
sysctl variable net.link.ether.inet.host_down_time has been
removed. [MERGED]
The
arp(4) protocol
now supports a sysctl variable net.link.ether.inet.log_arp_permanent_modify to suppress logging
of attempts to modify permanent ARP entries. [MERGED]
[amd64, i386, pc98] An experimental BPF Just-In-Time compiler has been implemented for
both
bpf(4) and
ng_bpf(4). To
enable this, the options BPF_JITTER kernel option is needed. The
net.bpf_jitter.enable can be used to disable this
feature.
Multiple copies of a packet received via different bpf(4) listeners now all have identical timestamps. [MERGED]
The bridge(4) driver has been removed from the tree. Its functionality has been completely replaced by if_bridge(4).
The enc(4) IPsec filtering pseudo-device has been added. It allows firewall packages using the pfil(9) framework to examine (and filter) IPsec traffic before outbound encryption and after inbound decryption. [MERGED]
The gre(4) driver, which is for GRE encapsulation found in RFC 1701 and RFC 1702, now supports IPv6 over GRE.
The if_bridge(4) driver now supports creating SPAN ports, which transmit a copy of every frame received by the bridge. This feature can be enabled by using ifconfig(8). [MERGED]
The if_bridge(4) driver now supports RFC 3378 EtherIP. This change makes it possible to add gif(4) interfaces to bridges, which will then send and receive IP protocol 97 packets. Packets are Ethernet frames with an EtherIP header prepended. [MERGED]
The if_bridge(4) driver now supports RSTP, the Rapid Spanning Tree Protocol (802.1w).
A hard-coded limit on the number of IPv4 multicast group memberships (formerly 20) has been removed.
The path MTU discovery for multicast packets in the FreeBSD IPv6 stack has been
disabled by default. Path MTU notification from a large number of multicast routers can
be a kind of distributed Denial-of-Service attack to a router. This feature can be
re-enabled by using a new sysctl variable net.inet6.ip6.mcast_pmtu. [MERGED]
IPv6 link-local addresses are now enabled only if ipv6_enable is set in
rc.conf(5).
[MERGED]
The ipfw(4) IP packet filter now supports IPv6. [MERGED]
The ipfw(4) firewall system now supports a tablearg feature, which allows values obtained from a table lookup to be used as part of a rule. [MERGED] This feature can be used to optimize some rulesets or to implement policy-based routing inside a firewall. For example, the following rules will throw different packets to different pipes:
pipe 1000 config bw 1000Kbyte/s pipe 4000 config bw 4000Kbyte/s table 1 add x.x.x.x 1000 table 1 add x.x.x.y 4000 pipe tablearg ip from table(1) to any
The ipfw(4) packet filter now supports tag and untag rule keywords. When a packet matches a rule with the tag keyword, the numeric tag for the given number in the range from 0 to 65535 will be attached to the packet. The tag acts as an internal marker (it is not sent out over the wire) that can be used to identify these packets later on, for example, by using tagged rule option. For more details, see ipfw(8). [MERGED]
The IPFIREWALL_FORWARD_EXTENDED kernel option has been removed. This option was used to permit ipfw(4) to redirect packets with local destinations. This behavior is now always enabled when the IPFIREWALL_FORWARD kernel option is enabled. [MERGED]
The ip6fw(8) packet filter has been removed. Since ipfw(4) has gained IPv6 support, it should be used instead. Please note that some rules might need to be adjusted.
The natm(4), Native Mode ATM protocol layer is now MPSAFE.
The ng_ether(4) Netgraph node no longer overwrites the MAC address of outgoing frames by default. [MERGED]
The ng_iface(4) Netgraph node now supports altq(4). [MERGED]
The ng_tag(4) Netgraph node has been added to support the manipulation of mbuf tags attached to data in the kernel. [MERGED]
A bug has been fixed in which NFS over TCP would not reconnect when the server sent a FIN. This problem had occurred with Solaris NFS servers. [MERGED]
The default retransmit timer for NFS over TCP is now 60 seconds. This change prevents
the unnecessary retransmission of non-idempotent NFS requests. The nfs_access_cache variable in
rc.conf(5) has
also been changed to 60.
The default minimum number of nfsiod kernel threads (
sysctl(8)
variable vfs.nfs.iodmin) has been changed from 4 to 0.
The sysctl variables net.inet.ip.portrange.reservedhigh
and net.inet.ip.portrange.reservedlow can be used with IPv6
now. [MERGED]
A new sysctl variable net.inet.icmp.reply_from_interface
has been added. This allows the
icmp(4) reply to
non-local packets to be generated with the IP address the packet came through in. This is
useful for routers to show in
traceroute(8)
the actual path a packet has taken instead of the possibly different return path.
A new sysctl variable net.inet.icmp.quotelen has been
added. This allows to change length of the quotation of the original packet in an ICMP
reply. The minimum of 8 bytes is internally enforced. The maximum quotation is the
remaining space in the reply mbuf. This option is added in response to the issues raised
in I-D draft-gont-icmp-payload-00.txt.
The icmp(4) now always quotes the entire TCP header when responding and allocate an mbuf cluster if needed. This change fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt.
A new socket option IP_MINTTL has been added. This may be used to set the minimum acceptable TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped. This works on already connected/connecting and listening sockets for RAW, UDP, and TCP. This option is only really useful when set to 255, preventing packets from outside the directly connected networks reaching local listeners on sockets. Also, this option allows userland implementation of “The Generalized TTL Security Mechanism (GTSM)” found in RFC 3682.
The kernel ppp(4) driver now supports IPv6.
Stealth forwarding now supports IPv6 as well as IPv4. This behavior can be controlled
by using a new sysctl variable net.inet6.ip6.stealth.
Support has been added for the Stream Control Transmission Protocol (SCTP). SCTP implements a reliable, message-oriented transport protocol, and is defined in RFC 3268. It is enabled in FreeBSD with the SCTP kernel option.
The IPV6_V6ONLY socket option now works for UDP.
The TCP bandwidth-delay product limiting feature has been disabled when the RTT is
below a certain threshold. This optimization does not make sense on a LAN, as it has
trouble figuring out the maximal bandwidth due to the coarse tick granularity. A new
sysctl variable net.inet.tcp.inflight.rttthresh specifies
the threshold in milliseconds below which this feature will disengage. It defaults to
10ms. [MERGED]
The FreeBSD network stack now has support for TCP Segmentation Offload (TSO). TSO reduces the overhead of sending bulk TCP data by allowing a network interface to convert a large data transfer into multiple TCP segments to be sent on the network. This functionality can be enabled or disabled on a per-interface basis with the tso and -tso flags to ifconfig(8). Network interfaces and drivers supporting TSO currently include em(4) and mxge(4).
FreeBSD now supports auto-sizing of TCP socket buffers. This allows the socket buffer
sizes to adapt dynamically to network conditions, rather than being set statically. The
behavior of this feature can be controlled using the net.inet.tcp.sendbuf_* and net.inet.tcp.recvbuf_* sysctl variables.
Support for kqueue(2) operations has been added to the tun(4) driver. [MERGED]
The aac(4) driver now supports the Adaptec 2610SA SATA-RAID controller in some Hewlett-Packard machines.
The performance of the
amr(4) driver
has been improved; it also now supports full 64-bit DMA. While this feature is enabled by
default, this can be forced off by setting the hw.amr.force_sg32 loader tunable for debugging purpose.
[MERGED]
The amr(4) driver now supports the ioctl(2) requests necessary for the Linux LSI MegaRaid tools in FreeBSD's Linux emulation environment. [MERGED]
The arcmsr(4) driver has been updated to version 1.20.00.13. [MERGED]
The ata(4) driver now supports a workaround for some controllers whose DMA does not work properly in 48bit mode. For affected controllers, PIO mode will be used for access to areas beyond 137GB. [MERGED]
The ata(4) driver now supports the ITE IT8211F IDE controller, and the Promise PDC40718 and PDC40719 chip found in Promise Fasttrak TX4300. [MERGED]
The ata(4) driver now supports DMA for kernel crash dumps, as well as crash dumping to an ataraid(4) device. [MERGED]
The ata(4) driver now supports USB mass storage class devices. To enable it, a line device atausb in the kernel configuration file or loading the atausb kernel module is needed. Note that this functionality cannot coexist with the umass(4) driver. [MERGED]
The ataraid(4) driver now supports JMicron ATA RAID metadata. [MERGED]
The GEOM_LABEL class now supports Ext2FS, NTFS, and ReiserFS. [MERGED]
The GEOM_MIRROR class now supports kernel crash dumps to the GEOM providers. [MERGED]
The GEOM_MIRROR and GEOM_RAID3
classes now support sysctl variables kern.geom.mirror.disconnect_on_failure and kern.geom.graid3.disconnect_on_failure to control whether failed
components will be disconnected or not. The default value is 1
to preserve the current behavior, and if it is set to 0 such
components are not disconnected and the kernel will try to still use them (only the first
error will be logged). This is helpful for the case of multiple broken components (in
different places), so actually all data is available. The broken components will be
visible in gmirror list or graid3 list
output with flag BROKEN. [MERGED]
The GEOM_MIRROR and GEOM_RAID3
classes now use parallel I/O requests for synchronization to improve the performance. New
sysctl variables kern.geom.mirror.sync_requests and kern.geom.raid3.sync_requests define how many parallel I/O
requests should be used. Also, the sysctl variables kern.geom.mirror.reqs_per_sync, kern.geom.mirror.syncs_per_sec, kern.geom.raid3.reqs_per_sync, and kern.geom.raid3.syncs_per_sec are deprecated and have been
removed. [MERGED]
A new GEOM class GEOM_ZERO has been added. It creates a very
huge provider (41PB) /dev/gzero and is mainly useful for
performance testing. On BIO_READ request it zero-fills bio_data and on BIO_WRITE it does
nothing. [MERGED]
The GEOM class kernel module g_md.ko has been renamed to geom_md.ko for consistency.
[amd64, i386] The hptmv(4) driver has been updated and now supports amd64 as well as PAE.
The mfi(4) driver, which supports the LSI MegaRAID SAS controller family, has been added. [MERGED]
The mpt(4) driver has been updated to support various new features such as RAID volume and RAID member state/settings reporting, periodic volume re-synchronization status reporting, and sysctl variables for volume re-synchronization rate, volume member write cache status, and volume transaction queue depth.
The mpt(4) driver now supports SAS HBA (partially), 64-bit PCI, and large data transfer.
The twa(4) driver has been updated to the 9.3.0.1 release on the 3ware Web site. [MERGED]
A new GEOM-based disk encryption facility, GEOM_ELI, has been added. It uses the crypto(9) framework for hardware acceleration and supports different cryptographic algorithms. See geli(8) for more information. [MERGED]
The geli(8) disk encryption system now supports loading keyfiles before the root file system is mounted. [MERGED] For example, the following entries can be used in /boot/loader.conf to enable it:
geli_da0_keyfile0_load="YES" geli_da0_keyfile0_type="da0:geli_keyfile0" geli_da0_keyfile0_name="/boot/keys/da0.key0" geli_da0_keyfile1_load="YES" geli_da0_keyfile1_type="da0:geli_keyfile1" geli_da0_keyfile1_name="/boot/keys/da0.key1" geli_da0_keyfile2_load="YES" geli_da0_keyfile2_type="da0:geli_keyfile2" geli_da0_keyfile2_name="/boot/keys/da0.key2" geli_da1s3a_keyfile0_load="YES" geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
geli(8) is now
able to perform data integrity verification (data authentication) of encrypted data
stored on disk. Note that the encryption algorithm is now specified to the
geli(8) control
program using the -e option; the -a option is now used to specify the authentication algorithm.
[MERGED]
The umass(4) driver now supports PLAY_MSF, PLAY_TRACK, PLAY_TRACK_REL, PAUSE, PLAY_12 commands so that the cdcontrol(1) utility can handle a USB CD drive.
[amd64, i386, pc98] The linsysfs(5) pseudo-filesystem driver has been added. It provides a subset of the Linux sys filesystem, and is required for the correct operation of some Linux binaries (such as the LSI MegaRAID SAS utility). [MERGED]
A part of the FreeBSD NFS subsystem (the interface with the protocol stack and callouts, the NFS client side) is now MPSAFE.
Initial (read-only) support for SGI's XFS filesystem has been added.
Padding of ai_addrlen in struct
addrinfo has been removed, which was originally for the ABI compatibility. For
example, this change breaks the ABI compatibility of the
getaddrinfo(3)
function on 64-bit architectures, including FreeBSD/amd64, FreeBSD/ia64, and
FreeBSD/sparc64.
The asf(8) utility has been revised and extended. Now it can operate via several interfaces including kvm(3), which supports not only live systems, but also kernel crash dumps. [MERGED]
The
arp(8) utility
now allows the -i option together with the -d and -a options to allow all entries
for a given interface to be removed.
The OpenBSM userland tools, including audit(8), auditd(8), auditreduce(1), and praudit(1), have been added. [MERGED]
The bsdiff(1) and bspatch(1) utilities have been added. These are tools for constructing and applying binary patches. [MERGED]
The bsnmpd(1) utility now supports the Host Resources MIB described in RFC 2790. [MERGED]
cached(8) has been added. It is a daemon that caches the results of nsswitch lookups (such as those to the password, group, and services databases) for improved performance.
The
cmp(1) utility
now supports an -h flag to compare the symbolic link itself
rather than the file that the link points to. [MERGED]
The config(8) utility now supports the nocpu directive, which cancels the effect of a previous cpu directive. [MERGED]
The config(8) utility now reads DEFAULTS kernel configuration file if it exists in the current directory before the specified configuration file. [MERGED]
The cp(1) utility now
supports a -l option, which causes it to create hardlinks to
the source files instead of copying them. [MERGED]
The csh(1) utility now supports NLS catalogs. Note that this requires installing the shells/tcsh_nls port. [MERGED]
The csup(1) utility has been imported. This is an implementation of a CVSup-compatible client written in the C language. Note that it currently supports checkout mode only. [MERGED]
The dhclient(8) program now sends the host's name in DHCP requests if it is not specified in the configuration file. [MERGED]
The
devd(8) utility
now supports a -f option to specify a configuration file.
[MERGED]
The du(1) program now
supports a -n flag, which causes it to ignore files and
directories with the nodump flag set. [MERGED]
The fsdb(8) utility now supports changing the birth time of files on UFS2 file systems using the new btime command. [MERGED]
The fsdb(8) program now supports a findblk command, which finds the inode(s) owning a specific disk block. [MERGED]
The
find(1) program
now supports -Btime and other related primaries, which can be
used to create expressions based on a file's creation time. [MERGED]
A bug in the
find(1) program
which prevents numeric arguments for -user and -group from working as expected has been fixed.
The freebsd-update(8) utility, a tool for managing binary updates to the FreeBSD base system, has been added. [MERGED]
The
ftpd(8) utility
now creates a PID file /var/run/ftpd.pid even when no -p option is specified. [MERGED]
The
gbde(8) utility
now supports -k and -K options to
specify a key file in addition to a passphrase.
The
getfacl(1)
utility now supports a -q flag to suppress the per-file
header comment listing the file name, owner, and group. [MERGED]
The getent(1) utility has been imported from NetBSD. It retrieves and displays information from an administrative database (such as hosts) using the lookup order specified in nsswitch.conf(5). [MERGED]
The gpt(8) utility now supports setting GPT partition labels.
The gvinum(8) utility now supports commands to rename objects and to move a subdisk from one drive to another. [MERGED]
The gvinum(8) utility now supports the resetconfig sub-command.
An implementation of Generic Security Service API (GSS-API) version 2 and its C binding described in RFC2743 and RFC2744 has been added. This is a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation, and the Kerberos 5 GSS mechanism has been rewritten as a plugin library for the new implementation.
The hccontrol(8) utility now supports HCI node autodetection.
The id(1) utility now prints the effective user ID after the group ID.
The id(1) utility now
supports a -A flag to print process audit properties,
including the audit user id. [MERGED]
The
ifconfig(8)
utility now supports a -k flag to allow printing potentially
sensitive keying material to standard output. This sensitive information will not be
printed by default.
The
ifconfig(8)
utility now supports a -tunnel parameter, which is just an
alias for deletetunnel, yet is more convenient and easier to
type.
The -vlandev parameter to
ifconfig(8) no
longer requires a network interface as its argument. The argument still is supported for
backward compatibility, but is now deprecated and its use is discouraged.
The
iostat(8)
utility now supports a -x flag (inspired by Solaris) to print
extended disk statistics. If the new -z flag is also
specified, no output is made for disks with no activity. [MERGED]
The ipfwpcap(8) utility has been added; it captures packets on a divert(4) socket and writes them as pcap(3) (also known as tcpdump(1)) format data to a file or pipe.
The
jail(8) utility
supports a -J jid_file
option to write out a JidFile, similar to a PidFile, containing the jailid, path,
hostname, IP and the command used to start the jail. [MERGED]
The
jail(8) program
now supports a -s option to specify a jail's securelevel.
[MERGED]
The
jexec(8) utility
now supports -u and -U flags to
specify username credentials under which a command should be executed. [MERGED]
The
kdump(1) program
now supports a -H flag, which causes kdump to print an
additional field holding the threadid. [MERGED]
The
kdump(1) program
now supports a -s flag to suppress the display of I/O data.
[MERGED]
The kdump(1) program now supports printing flags in a system call argument by using symbol names.
The
kenv(1) utility
now supports a -q flag to suppress warnings.
kgdb(1) now
supports a -w option to open kmem-based targets in read-write
mode. This allows one to use kgdb on /dev/mem and be able to
patch memory on a live system.
The libarchive(3) library now supports POSIX.1e-style Extended Attributes.
The libc library now includes initial implementation of symbol maps and symbol version definitions.
The libedit library has been updated from the NetBSD source tree as of August 2005.
The libm library now includes initial implementation of symbol maps and symbol version definitions.
The libmemstat(3) library has been added. This is for use by debugging and monitoring applications in tracking kernel memory statistics. It provides an abstracted interface to uma(9) and malloc(9) statistics, wrapped around the binary stream sysctl variables for the allocators. [MERGED]
The ln(1) utility now
supports an -F flag, which deletes existing empty directories
when creating symbolic links. [MERGED]
The
locate(1)
utility now supports a -0 flag to make this utility
interoperable with
xargs(1)'s -0 flag. [MERGED]
The
logger(1)
utility now supports a -P, which specifies the port to which
syslog messages should be sent. [MERGED]
The ls(1) utility now
supports an -I flag to disable the automatic -A flag for the superuser. [MERGED]
The ls(1) utility now
supports an -U flag to use the file creation time for
sorting. [MERGED]
A new malloc(3) implementation has been introduced. This implementation, sometimes referred to as “jemalloc”, was designed to improve the performance of multi-threaded programs, particularly on SMP systems, while preserving the performance of single-threaded programs. Due to the use of different algorithms and data structures, jemalloc may expose some previously-unknown bugs in userland code, although most of the FreeBSD base system and common ports have been tested and/or fixed.
The mdconfig(8) utility now supports producing device listings formatted as XML. Currently, the list and query sub-commands support this feature.
The
mdconfig(8)
utility's -u option now supports specifying multiple devices
separated by comma character.
The
mdmfs(8) utility
now supports a -P flag to allow skipping the
newfs(8) process
when using a vnode-backed disk.
The
mdmfs(8) utility
now supports a -E flag to allow to specify location of the
mdconfig(8)
utility instead of using the default one (/sbin/mdconfig).
A new function memmem(3) has been implemented in libc. This is the binary equivalent to strstr(3) and found in glibc.
The
mergemaster(8)
utility now supports an -A option to explicitly specify an
architecture to pass through to the underlying makefiles. [MERGED]
The mount(8) nodev option has been removed.
The mount(8) utility now supports mqueuefs(5).
A bug which prevents the mount(8) utility from converting a read-only mount to read-write via mount -u -o rw, has been fixed.
The
mount(8) utility
now supports a late keyword in
fstab(5), along
with a corresponding -l command-line option to specify that
these “late” file systems should be mounted. [MERGED]
The
moused(8) daemon
now supports an -H flag to enable horizontal virtual
scrolling similar to the -V flag for vertical virtual
scrolling. [MERGED]
The mrouted(8) multicast routing daemon has been removed from the FreeBSD base system. It implements the DVMRP multicast routing protocol, which has largely been replaced by PIM in many multicast installations. The related map-mbone(8) and mrinfo(8) utilities have also been removed. These programs are now available in the FreeBSD Ports Collection as net/mrouted.
The
netstat(1)
utility now supports an -h flag for interface stats mode,
which prints all interface statistics in human readable form. [MERGED]
The netstat(1) utility now supports printing ipsec(4) protocol statistics if the kernel was compiled with FAST_IPSEC rather than the KAME IPSEC stack. Note that the output of netstat -s -p ipsec differs depending on which stack is compiled into the kernel since they each keep different statistics. [MERGED]
The /etc/nsswitch.conf file is now installed statically instead of being generated on every reboot.
The periodic(8) daily script now supports display of the status of gmirror(8), graid3(8), gstripe(8), and gconcat(8) devices. Note that these are disabled by default. [MERGED]
A new function, pidfile(3), which provides reliable pidfiles handling, has been implemented in libutil. [MERGED]
The ping(8) utility now supports a “sweeping ping” in which icmp(4) payload of packets being sent is increased with given step. This is useful for testing problematic channels, MTU issues or traffic policing functions in networks. [MERGED]
The
ping(8) command
now supports a -W option to specify the maximum time to wait
for an echo reply. [MERGED]
The
pkill(1) utility
now supports a -F option which allows to restrict matches to
a process whose PID is stored in the pidfile file. When another new option -L is also specified, the pidfile file must be locked with the
flock(2) syscall
or created with
pidfile(3).
The
pkill(1) utility
now supports a -I flag which works like -i of rm(1). When this flag
is specified,
pkill(1) will
ask for confirmation before sending a signal to each matching process.
The pkill(1) utility (also known as pgrep(1)) has been moved from /usr/bin to /bin so that it can be used by startup scripts. Symbolic links from its former location have been created for backward compatibility. [MERGED]
The
powerd(8)
program now supports a -P option, which specifies a pidfile
to use.
An extensible implementation of
printf(3),
compatible with GLIBC, has been added to libc. It is only used
if the environment variable USE_XPRINTF is defined, one of
the extension functions is called, or the global variable __use_xprintf is set to a value greater than 0. Five extensions are currently supported: %H (hex dump), %T (time_t and time-related structures), %M
(errno message), %Q (double-quoted, escaped string), %V (
strvis(3)-format
string), [MERGED]
The DNS resolver library in FreeBSD's libc has been updated to that from BIND 9.3.3. [MERGED]
The
rfcomm_sppd(1)
program now supports service names in addition to -c option
with channel number. The supported names are: DUN (Dial-Up Networking), FAX (Fax), LAN
(LAN Access Using PPP), and SP (Serial Port). [MERGED]
The rpcgen(1) utility now generates headers and stub files that can be used with ANSI C compilers by default.
The
rtld(1) runtime
linker now supports ELF symbol versioning using GNU semantics. This implementation aims
to be compatible with symbol versioning support as implemented by GNU libc and documented
in http://people.redhat.com/~drepper/symbol-versioning and LSB 3.0. Also,
dlvsym() function has been added to allow lookups for a
specific version of a given symbol.
A bug in the sed(1) utility which can cause incorrect calculation of pattern space length in some cases has been fixed.
The sh(1) utility now supports a times built-in command. [MERGED]
The snapinfo(8) utility, which shows snapshot locations on UFS filesystems, has been added. [MERGED]
The
sockstat(1)
utility, which shows connected and listening network sockets, now supports a new -P command-line option, which can be used to filter displayed
sockets by protocol name (as listed in
protocols(5)).
The strtonum(3) library function has been implemented based on OpenBSD's implementation. This is an improved version of strtoll(3). [MERGED]
The
sysctl(8)
utility now supports a -q flag to suppress a limited set of
warnings and errors.
The
tail(1) utility
now supports a -q flag to suppress header lines when multiple
files are specified. [MERGED]
The version of tcpslice in the FreeBSD base system has been removed due to obsolescence. A more up-to-date version can be found in the Ports Collection as net/tcpslice.
The time(1) utility now prints the time that a given command has been running if sent a SIGINFO signal.
The
traceroute(8)
program now supports a -D flag, which causes it to display
the differences between the sent and received packets. [MERGED]
The
traceroute(8)
utility now supports a -e option, which sets a fixed
destination port for probe packets. This can be useful for tracing behind
packet-filtering firewalls. [MERGED]
traceroute(8) now decodes the complete set of ICMP unreachable messages in its output. [MERGED]
The
truss(1) utility
now supports an -s flag for the same functionality as the
strace utility (devel/strace).
[powerpc] The truss(1) utility now supports FreeBSD/powerpc.
The usbd(8) utility has been removed. The devd(8) utility and its configuration file now support functionality which is equivalent to it.
The
xargs(1) utility
now supports a -r flag which makes the command execution when
the standard input does not contain any non-whitespace-characters. [MERGED]
The shared library version number of all libraries has been updated due to some possible ABI changes. The libraries include: snmp_*, libdialog, libg2c, libobjc, libreadline, libregex, libstdc++, libkrb5, libalias, libarchive, libbegemot, libbluetooth, libbsnmp, libbz2, libc_r, libcrypt, libdevstat, libedit, libexpat, libfetch, libftpio, libgpib, libipsec, libkiconv, libmagic, libmp, libncp, libncurses, libnetgraph, libngatm, libopie, libpam, libpthread, libradius, libsdp, libsmb, libtacplus, libthr, libthread_db, libugidfw, libusbhid, libutil, libvgl, libwrap, libypclnt, libm, libcrypto, libssh, and libssl.
The wcsdup() function has been implemented. This
function is popular in Microsoft and GNU systems.
The compiler toolchain is now capable of generating executables for systems using the ARM processor. [MERGED]
The auditd script for OpenBSM auditd(8) has been added. [MERGED]
The bluetooth script has been added. This script will be called from devd(8) in response to device attachment/detachment events and to stop/start particular device without unplugging it by hand. The configuration parameters are in /etc/defaults/bluetooth.device.conf, and can be overridden by using /etc/bluetooth/$device.conf (where $device is ubt0, btcc0, and so on.) For more details, see bluetooth.conf(5). [MERGED]
The ftpd script for stand-alone ftpd(8) has been added.
The gbde_swap script has been removed in favor a new encswap script which also supports geli(8) for swap encryption.
The geli and geli2 scripts has been added for geli(8) device configuration on boot.
The ike script for IPsec IKE daemon has been removed because no such daemon is included in the base system.
The hcsecd and sdpd scripts have been added for hcsecd(8) and sdpd(8) daemons. These daemons can run even if no Bluetooth devices are attached to the system, but both daemons depend on Bluetooth socket layer and thus disabled by default. Bluetooth sockets layer must be either loaded as a module or compiled into kernel before the daemons can run. [MERGED]
The hostapd script for hostapd(8) has been added. [MERGED]
The mdconfig script to handle vnode backed md(4) devices has
been added. This is a replacement of the ramdisk script, and
all of variables in ramdisk_* have been changed to mdconfig_*. Also, two new
rc.conf(5)
variables mdconfig_*_files and mdconfig_*_cmd have been added. For example:
mdconfig_md0="-t malloc -s 10m" mdconfig_md1="-t vnode -f /var/foo.img"
The netif script now supports ipv4_addrs_ifn variables,
which add one or more IPv4 address from a ranged list in CIDR notation. [MERGED] For
example:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
The rcconf.sh script in /etc/rc.d
has been removed and a variable early_late_divider, which
designates the script to separate the early and late stages of the boot process, has been
added.
The rc.initdiskless script now uses tar(1) instead of pax(1) because pax(1) needs a writable temporary directory that may not be available when this script runs.
The pccard script has been removed since OLDCARD is deprecated.
The ppp-user script has been renamed to ppp. [MERGED]
The