John Baldwin [Wed, 13 Apr 2022 23:08:21 +0000 (16:08 -0700)]
sctp: #ifdef INET-only and INET6-only variables.
Duplicating the SCTP_PCB_FLAGS_BOUND_V6 check made the #ifdef's
simpler than applying #ifdef's directly to the original code. Modern
compilers should cache the result rather than testing the flag twice.
Ed Maste [Wed, 13 Apr 2022 20:00:56 +0000 (16:00 -0400)]
ssh: update to OpenSSH v8.9p1
Release notes are available at https://www.openssh.com/txt/release-8.9
Some highlights:
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
e1000: Try auto-negotiation for fixed 100 or 10 configuration
Currently if an e1000 interface is set to a fixed media configuration,
for gigabit, it will participate in auto-negotiation as required by
IEEE 802.3-2018 Clause 37. However, if set to fixed media configuration
for 100 or 10, it does NOT participate in auto-negotiation.
By my reading of Clauses 28 and 37, while auto-negotiation is optional
for 100 and 10, it is not prohibited and is, in fact, "highly
recommended".
This patch enables auto-negotiation for fixed 100 and 10 media
configuration, in a similar manner to that already performed for 1000.
I.e., the patch enables advertising of just the manually configured
settings with the goal of allowing the remote end to match the manually
configured settings if it has them available.
To be clear, this patch does NOT allow an em(4) interface that has been
manually configured with specific media settings to respond to
auto-negotiation by then configuring different parameters to those that
were manually configured. The intent of this patch is to fully comply
with the requirements of Clause 37, but for 100 and 10.
The need for this has arisen on an em(4) link where the other end is
under a different administrative control and is set to full
auto-negotiation. Due to the cable length GigE is not working well. It
is desired to set the em(4) end to "media 100baseTX mediatype
full-duplex" which does work when both ends are configured that way.
Currently, because em(4) does not participate in autoneg for this
setting, the remote defaults to half-duplex - i.e., there's a duplex
mismatch and things don't work. With this patch, em(4) would inform the
remote that it has only 100baseTX full, the remote would match that and
it will work.
Mark Johnston [Wed, 13 Apr 2022 14:47:08 +0000 (10:47 -0400)]
libsysdecode: Fix decoding of Capsicum rights
Capsicum rights are a bit tricky since some of them are subsets of
others, and one can have rights R1 and R2 such that R1 is a subset of
R2, but there is no collection of named rights whose union is R2. So,
they don't behave like most other flag sets. sysdecode_cap_rights(3)
does not handle this properly and so can emit misleading decodings.
Try to fix all of these problems:
- Include composite rights in the caprights table.
- Use a constructor to sort the caprights table such that "larger"
rights appear first and thus are matched first.
- Don't print rights that are a subset of rights already printed, so as
to minimize the length of the output.
- Print a trailing message if some of the specific rights are not
matched by the table.
PR: 263165
Reviewed by: pauamma_gundo.com (doc), jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34874
Rick Macklem [Wed, 13 Apr 2022 14:43:13 +0000 (07:43 -0700)]
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for nfscl_loadattrcache().
Future commits will do the same for other functions.
loader: userboot: provide a getsecs() implementation
We don't need it for userboot, but it avoids issues with BIND_NOW, so
just provide it. time(3) isn't defined but ends up being provided by
libc linked into the host process, which is generally fine.
Printing device followed by interface matches, e.g., edk2. Note that
this is only a fallback, many firmware implementations will provide the
protocol that we'll use to format device paths.
This device is present on the Allwinner D1-based SoCs. Without this
driver, the watchdog timeout will trigger a reset a few seconds after
control is given to the kernel.
Milan Obuch [Thu, 7 Apr 2022 13:04:18 +0000 (10:04 -0300)]
cgem: support SGMII PHY connection mode
As the PolarFire SoC needs SGMII to connect the PHY, check the
'phy-mode' property of device tree node for ethernet and act on it
appropriately.
Add the compatible strings for the PolarFire SoC device tree.
'microchip,mpfs-mss-gem" is not officially documented but has been
observed in the available firmware for this platform, so it is included
for now.
Milan Obuch [Thu, 7 Apr 2022 12:57:25 +0000 (09:57 -0300)]
cgem: rework hardware quirk detection
Rather than doing these checks based on the detected hardware variant, allow
quirks to be specified as a set of flags for each compatible string.
This simplifies adding support for new compatible hardware.
John Baldwin [Tue, 12 Apr 2022 21:58:59 +0000 (14:58 -0700)]
netgraph: Remove the rethook parameter from NG_NODE_FOREACH_HOOK.
This parameter was set to the hook that terminated the iteration
early. However, none of the remaining callers used this argument and
it was always set to an otherwise-unused variable.