Kernel Changes

  • Fixed SKB memory leaks.

  • Made SKB memory optimizations.

  • Added patches for newer ixgbe and e1000e drivers.

  • Added the ENA driver.

  • Packet-per-Second (pps) optimization when GRO is disabled.

  • Modified the kernel configuration file for performance issues.

  • Added support for zeco (zero-copy) packets for Check Point USFW (Firewall in usermode).

  • Enabled clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. in Bridge modeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. to work in the High Availability mode.

  • Fixed a vulnerability in SCTP protocol (CVE).

  • Fixed kernel vulnerabilities in the TCP SACK PANIC (CVE).

  • Changed the kernel image size.

  • Added support for Docker.

  • Removed the open-coded 'skb_cow_head()' function.

  • Reduced the noise in the 'skb_warn_bad_offload()' function based on the upstream kernel.

  • Added the Bypass driver for Bypass card support.

  • Applied errata for the ixgbe driver.

  • Added support to new line of Check Point appliances.

  • Moved the errata 'TSC_DEADLINE' information from console to dmesg.

  • Modified the 'set_irq_affinty()' function in the i40e driver for better support of Check Point Multi-Queue.

  • Removed the KABYLAKE CPU warning (because it is supported).

  • Changed the accounting CONFIG_IRQ_TIME_ACCOUNTING.

  • Disabled a complication of the floppy disk driver.

  • Upgraded the i40e driver to v2.10.19.82.

  • Made a DDP modification for i40e dirver.

  • Fixed kernel vulnerabilities (CVE) in the 'usb_sg_cancel()' function.

  • Fixed a bug in the i40e driver for RSS and ring size based on the latest driver code.