DragonFlyBSD/src f3b7d8esbin/ifconfig ifconfig.c, sys/net if.c if.h

kernel - Fix another netinet6 panic, change how ipv6 proxying works

ipv6 isn't naturally proxying subnets on other interface (not responding
to neighbor solicitations) when forwarding is turned on.

However, there are numerous other issues involved here so for now I
am pushing a hack so at least we are backwards-compatible.

* Add a new interface flag, IFF_ANNOUNCE, named "proxy" in ifconfig.
  Add "proxy" and "-proxy" options to ifconfig.

* Most non-localhost interfaces will set this bit by default.  The bit
  can be turned off in ifconfig using -proxy when configuring the interface.

* Adjust nd6_nbr.c (neighbor solicitation code) to respond to
  solicitations if (A) the route has RTF_ANNOUNCE set, or (B)
  the interface the route is associated with (note: its parent bridge
  if the interface is on a bridge) has the IFF_ANNOUNCE bit set.


    [10 lines not shown]
DeltaFile
+26-1sys/netinet6/nd6_nbr.c
+11-3sys/netinet6/nd6.c
+8-0sys/net/if.c
+4-1sbin/ifconfig/ifconfig.c
+1-0sys/net/if.h
+50-55 files

DragonFlyBSD/src 0c9d239sys/net rtsock.c

rtsock: Apply flags on RTM_CHANGE
DeltaFile
+6-0sys/net/rtsock.c
+6-01 files

DragonFlyBSD/src 44ceb74sys/net/ip6fw ip6_fw.h, sys/netinet6 ip6_forward.c ip6_input.c

kernel - Fix ip6_forward_rt global and related panic

* Make ip6_forward_rt per-cpu, which should fix a route caching panic
  that can occur sometimes due to code assuming single-threaded
  operation.
DeltaFile
+4-1sys/netinet6/ip6_forward.c
+3-0sys/net/ip6fw/ip6_fw.h
+0-2sys/netinet6/ip6_input.c
+7-33 files

DragonFlyBSD/src 9408681sys/dev/misc/evdev evdev_utils.c

evdev: Translate KEY_102ND in evdev_scancode2key()

This is the extra key on AT 102/105-keys keyboards, located just on the
right of the Left Shift key.  For instance on a French layout, this key
is used to type '<' and '>'.

This fixes an issue where the key fires no evdev event and thus remains
inactive in an evdev/libinput-enabled X.Org server.  The issue only
occurred on an AT keyboard; the same key on a USB keyboard worked fine.

Reported-by: daftaupe
Tested-by: daftaupe, Kentish
Obtained-from: FreeBSD (https://reviews.freebsd.org/D12883)
DeltaFile
+1-1sys/dev/misc/evdev/evdev_utils.c
+1-11 files

DragonFlyBSD/src 0a0089bnrelease Makefile

nrelease: Check GITREV and just fail if empty

The GITREV variable is determined by the tools/gitrev.sh script, which
might fail if the current user has insufficient permission to access the
source directory.  That would cause the `uname` to output something
strange that could confuse people.  So I think it's better to just fail
the build and require a fix to the build environment.

Reported-by: JustinS
DeltaFile
+3-0nrelease/Makefile
+3-01 files

DragonFlyBSD/src b6d0d5bnrelease Makefile

nrelease: Check GITREV and just fail if empty

The GITREV variable is determined by the tools/gitrev.sh script, which
might fail if the current user has insufficient permission to access the
source directory.  That would cause the `uname` to output something
strange that could confuse people.  So I think it's better to just fail
the build and require a fix to the build environment.

Reported-by: JustinS
DeltaFile
+3-0nrelease/Makefile
+3-01 files

DragonFlyBSD/src 7aa0101nrelease Makefile

nrelease: Fix build due to 'pkg autoremove' removing itself

Since 2025Q1, if the 'ports-mgmt/pkg' package is installed as a
dependency of another package, it will be marked as 'automatic'
and will be removed by a later 'pkg autoremove', which would cause
the nrelease build to fail.  Therefore, explicitly install it to
fix the issue.

Reported-by: tuxillo
Discussed-with: bapt
DeltaFile
+8-1nrelease/Makefile
+8-11 files

DragonFlyBSD/src 72f7420nrelease Makefile

nrelease: Clean up a bit the 'clean' target

The '.didbootstrap' mark file was a legacy of the removed pkgsrc
bootstrap procedure.
DeltaFile
+5-3nrelease/Makefile
+5-31 files

DragonFlyBSD/src 72437cenrelease Makefile

nrelease: Let vnconfig(8) auto determine/create the vn device
DeltaFile
+2-6nrelease/Makefile
+2-61 files

DragonFlyBSD/src f312aeanrelease Makefile

nrelease: Unconfigure vn(4) and clean up after creating efiboot.img
DeltaFile
+3-4nrelease/Makefile
+3-41 files

DragonFlyBSD/src 7898763nrelease Makefile

nrelease: Allow /etc/ssl/cert.pem be missing

The 'pkg-bootstrap' target in '/usr/Makefile' has been updated to work
without '/etc/ssl/cert.pem', so ignore copy failure of this file.
DeltaFile
+1-1nrelease/Makefile
+1-11 files

DragonFlyBSD/src 745cd27nrelease Makefile

nrelease: Improve 'etc.hdd' creation to eliminate inconsistency

Previously, the 'etc.hdd' was created during the 'buildiso' target and
then updated in the 'pkgs' target.  However, in the 'pkgs' target, only
the password files (i.e., master.passwd, passwd, group) were copied but
the password DBs (i.e., pwd.db, spwd.db) were not rebuild.  This caused
an inconsistency in 'etc.hdd'.  When a user tried manual installation
and forgot to run 'pwd_mkdb', the installed system would fail to add new
users and generate errors like:

> pw: user 'myuser' disappeared during update.
> adduser: ERROR: There was an error adding user (myuser).

This commit improves the creation of 'etc.hdd'.  Reorder the 'customiso'
target *after* the 'pkgs' target, so we can simply copy the 'etc' to
'etc.hdd' and be done, without any further changes, and the resulting
password files and DBs are in consistency.  In addition, this avoids
adding the 'installer' user to the 'etc.hdd' and so we get a cleaner
system by default.

    [3 lines not shown]
DeltaFile
+10-13nrelease/Makefile
+10-131 files

DragonFlyBSD/src c7a098csbin/hammer2 hammer2_subs.h, usr.sbin/makefs/hammer2 hammer2_compat.h hammer2.h

usr.sbin/makefs/hammer2: Non functional cleanup
DeltaFile
+2-2usr.sbin/makefs/hammer2/hammer2_compat.h
+1-1usr.sbin/makefs/hammer2/hammer2.h
+0-1sbin/hammer2/hammer2_subs.h
+3-43 files

DragonFlyBSD/src 55066b1usr.sbin/makefs/hammer2 hammer2_chain.c hammer2_strategy.c

usr.sbin/makefs: Sync with sys/vfs/hammer2

Sync with following sys/vfs/hammer2 commits.

$ git log --pretty="%h %s" b4ddbe789819885eb6f829ae1760b9844c29eb07.. -- sys/vfs/hammer2/
b2cc6686e1 sys/vfs/hammer2: Zero clear z_stream
3bfb85bd96 sys/vfs/hammer2: Mark hammer2_base_find's key_end argument as unused
dff4f0d54e sys/vfs/hammer2: Fix potential NULL dereference
641f0e615d sys/vfs/hammer2: Remove duplicate [vf]chain.bref.mirror_tid initialization
9443de1e69 sys/vfs/hammer2: Remove obsolete comments for unused/reserved ondisk fields
2c8c691b4a sys/vfs/hammer2: Change hammer2_inode_meta::target_type to unused84
DeltaFile
+1-4usr.sbin/makefs/hammer2/hammer2_chain.c
+2-0usr.sbin/makefs/hammer2/hammer2_strategy.c
+0-2usr.sbin/makefs/hammer2/hammer2_vfsops.c
+3-63 files

DragonFlyBSD/src b2cc668sys/vfs/hammer2 hammer2_strategy.c

sys/vfs/hammer2: Zero clear z_stream

Zero clear z_stream local variables as seen in other subsystems
that use zlib. sys/vfs/hammer2/zlib doesn't seem to differ either.

Having non-zero garbage in unused pointer members causes panic in
deflateEnd() / inflateEnd(). These functions actually panic in
FreeBSD when set to zlib or makefs'd with zlib.
DeltaFile
+2-0sys/vfs/hammer2/hammer2_strategy.c
+2-01 files

DragonFlyBSD/src ede102clib/libtcplay crypto-api.c Makefile, sbin/tcplay Makefile

tcplay/libtcplay - Reenable use of cryptoapi

Successfully tested with the following ciphers / chained cipher
combinations (created using Veracrypt on Windows):

* AES-256-XTS
* SERPENT-256-XTS
* TWOFISH-256-XTS
* TWOFISH-256-XTS,AES-256-XTS
* SERPENT-256-XTS,TWOFISH-256-XTS,AES-256-XTS

Also tested with cryptdisks(8), which uses libtcplay.
DeltaFile
+31-32lib/libtcplay/crypto-api.c
+14-1sbin/tcplay/Makefile
+1-4lib/libtcplay/Makefile
+46-373 files

DragonFlyBSD/src cd1d5ccsbin/tcplay main.c tcplay.8

tcplay - add --batch-mode or -q option

This allows automated testing to be truely automated.

Use the same option naming as in cryptsetup(8).
DeltaFile
+7-1sbin/tcplay/main.c
+2-0sbin/tcplay/tcplay.8
+9-12 files

DragonFlyBSD/src e62981ctest/crypto/cryptoapi cryptoapi_test.c crypto-dev.c

cryptoapi - Add test case

Test that cryptoapi and cryptodev have the same outcome
for encryption and decryption.
DeltaFile
+211-0test/crypto/cryptoapi/cryptoapi_test.c
+122-0test/crypto/cryptoapi/crypto-dev.c
+109-0test/crypto/cryptoapi/crypto-api.c
+25-0test/crypto/cryptoapi/Makefile
+467-04 files

DragonFlyBSD/src 748f2c9sys/dev/disk/dm/crypt_ng dm_target_crypt.c

dm_target_crypt_ng - adapt to recent crytpoapi changes
DeltaFile
+24-27sys/dev/disk/dm/crypt_ng/dm_target_crypt.c
+24-271 files

DragonFlyBSD/src df22c5bsys/crypto/cryptoapi cryptoapi.c cryptoapi.h

cryptoapi - constify IV and pass-in IV length as well

* This only affects XTS mode as CBC never mutated the IV.

* Never pass-in data of unknown length.

* In case of XTS, add a tweak to the contex, similar to what
  FreeBSD does.

* Get rid of crypto_cipher_iv union type. simplify.

* Also ensure that, in case we pass in a "too short" IV,
  we never read beyond the end of the passed-in IV. Zero-pad
  it in that case.
DeltaFile
+106-72sys/crypto/cryptoapi/cryptoapi.c
+5-17sys/crypto/cryptoapi/cryptoapi.h
+111-892 files

DragonFlyBSD/src b2063f7sys/crypto/cryptoapi cryptoapi.c cryptoapi.h

cryptoapi - simplify session handling

* Make cryptoapi_cipher_session an opaque type.

* Rename cryptoapi_cipher_initsession() to
  cryptoapi_cipher_newsession() and return a pointer to the allocated
  session, or NULL in case kmalloc() fails.

* Allocate enough memory in order to have space for the cipher context
  plus padding for proper alignment.

* No longer return an error from cryptoapi_cipher_freesession().
  Silently do the job.
DeltaFile
+61-65sys/crypto/cryptoapi/cryptoapi.c
+13-12sys/crypto/cryptoapi/cryptoapi.h
+74-772 files

DragonFlyBSD/src d111901sbin/hammer2 cmd_volume.c

sbin/hammer2/cmd_volume.c: Print \0 terminated PFS name

Max strlen allowed is HAMMER2_INODE_MAXNAME (not HAMMER2_INODE_MAXNAME-1).
DeltaFile
+3-1sbin/hammer2/cmd_volume.c
+3-11 files

DragonFlyBSD/src e09f632sys/net/wg if_wg.c

wg: Improve wg_peer_create() to propagate errors

Add the 'int *errp' parameter to wg_peer_create() to propagate the error
from noise_remote_enable() to wg_ioctl_set().

Originally, wg_ioctl_set() returned ENOMEM if wg_peer_create() failed,
but it should actually be ENOSPC because it could only fail because of
noise_remote_enable() that only returns ENOSPC.

See also: https://reviews.freebsd.org/D49796
DeltaFile
+5-6sys/net/wg/if_wg.c
+5-61 files

DragonFlyBSD/src 5a33629usr.bin/timeout timeout.c

timeout(1): Add verbose log to kill_self() and tweak another one
DeltaFile
+2-1usr.bin/timeout/timeout.c
+2-11 files

DragonFlyBSD/src d832c5cusr.bin/timeout timeout.c

timeout(1): Catch SIGVTALRM and SIGPROF

I missed these two signals in commit
13eb7f38ede3f73ecb16d7f0fe4a9d3679e860c5.
DeltaFile
+2-0usr.bin/timeout/timeout.c
+2-01 files

DragonFlyBSD/src 70e52f5usr.bin/timeout/tests timeout_test.sh

timeout(1): Sync test cases from FreeBSD (although unused)

Obtained-from: FreeBSD
DeltaFile
+7-7usr.bin/timeout/tests/timeout_test.sh
+7-71 files

DragonFlyBSD/src 888d7beusr.bin/timeout timeout.1

timeout.1: Fix the SPDX license identifier

There is no FreeBSD version of the 2-Clause BSD License.

Obtained-from: FreeBSD
DeltaFile
+1-1usr.bin/timeout/timeout.1
+1-11 files

DragonFlyBSD/src 656cd62lib/libtcplay Makefile

libtcplay - reenable the cryptodev code for now

The new cryptoapi code needs more thorough testing!

I've run into some issues detecting AES-256-XTS tcplay devices. While I
have working code now that detects AES-256-XTS devices, I do not fully
understand the exact reason - compiler optimizations?
DeltaFile
+5-1lib/libtcplay/Makefile
+5-11 files

DragonFlyBSD/src f6db75clib/libtcplay Makefile

libtcplay: Include rijndael-alg-fst.c to fix the static library

The static library (libtcplay.a) is used by sbin/cryptdisks, which is
built as a static binary.  The missing source of 'rijndael-alg-fst.c' caused
sbin/cryptdisks to fail the linking with the following error:

    /usr/obj/srv/jenkins/workspace/DragonFlyBSD/ctools_x86_64_x86_64/usr/libexec/binutils234/elf/ld.bfd: /usr/obj/srv/jenkins/workspace/DragonFlyBSD/world_x86_64/usr/lib/libtcplay.a(rijndael-api.o): in function `rijndael_set_key':
    rijndael-api.c:(.text+0x12): undefined reference to `rijndaelKeySetupEnc'
    /usr/obj/srv/jenkins/workspace/DragonFlyBSD/ctools_x86_64_x86_64/usr/libexec/binutils234/elf/ld.bfd: rijndael-api.c:(.text+0x27): undefined reference to `rijndaelKeySetupDec'
    /usr/obj/srv/jenkins/workspace/DragonFlyBSD/ctools_x86_64_x86_64/usr/libexec/binutils234/elf/ld.bfd: /usr/obj/srv/jenkins/workspace/DragonFlyBSD/world_x86_64/usr/lib/libtcplay.a(rijndael-api.o): in function `rijndael_decrypt':
    rijndael-api.c:(.text+0x48): undefined reference to `rijndaelDecrypt'
    /usr/obj/srv/jenkins/workspace/DragonFlyBSD/ctools_x86_64_x86_64/usr/libexec/binutils234/elf/ld.bfd: /usr/obj/srv/jenkins/workspace/DragonFlyBSD/world_x86_64/usr/lib/libtcplay.a(rijndael-api.o): in function `rijndael_encrypt':
    rijndael-api.c:(.text+0x66): undefined reference to `rijndaelEncrypt'
    collect2: error: ld returned 1 exit status

Add 'rijndael-alg-fst.c' to SRCS to fix it.  Actually, this source is
also listed in sys/crypto/Makefile for rijndael.
DeltaFile
+1-1lib/libtcplay/Makefile
+1-11 files

DragonFlyBSD/src 60d6469lib/libtcplay Makefile

libtcplay: Fix building within buildworld
DeltaFile
+8-5lib/libtcplay/Makefile
+8-51 files