vio: Add more feature bit definitions
Add all non-legacy feature bit definitions from virtio 1.3 and the
definitions from 1.4 that are not >= bit 64. Remove VIRTIO_NET_F_GSO
which never worked and has been removed in virtio 1.x. Also add config
register definitions, fix a comment.
vio: Improve feature negotiation for LRO/TSO
OpenBSD requires that LRO can be switched on and off for things like
bridged vlan(4), vxlan(4), bpe(4). We currently only support switching
LRO on/off if the VIRTIO_NET_F_CTRL_GUEST_OFFLOADS feature was
negotiated. But this means if the hypervisor only offers
VIRTIO_NET_F_GUEST_TSO4/6 but not VIRTIO_NET_F_CTRL_GUEST_OFFLOADS,
things will break. In this case we must redo feature negotation without
the GUEST_TSO4/6 features.
Also, if the hypervisor offers GUEST_TSO4/6 but not the
VIRTIO_NET_F_MRG_RXBUF feature, we currently put rx buffers with a
single 4k mbuf into the rx queue while the standard says we SHOULD
insert buffers of at least 65562 bytes. Apple Virtualization refuses to
work with this configuration. As 65562 is larger than MAXMCLBYTES, we
would need to rework how we allocate our rx buffers to make this work.
For now, we would to like to simply disable GUEST_TSO4/6 if MRG_RXBUF is
missing. Unfortunately, Apple Virtualization still refuses to work
unless HOST_TSO4/6 is also disabled. Therefore, we disable all TSO if
[5 lines not shown]
rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
this is errata/7.7/018_rpki.patch.sig
rpki-client: check purpose for .cer files in Manifests
Only intermediate CAs and BGPsec certificates are allowed in a Manifest
fileList. Check this is the case, otherwise stop processing the cert.
Missing check reported by Xie Yifan
ok claudio job
rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
this is errata/7.8/012_rpki.patch.sig
replace do-test targets of some go modules to use TEST_TARGET variable
- devel/gopls
- security/gosec
- sysutils/fzf
ok Laurent Cheylus (MAINTAINER) tb@
viogpu_wsmmap() returns a kva but instead should return a physical
address via bus_dmamem_mmap(9). Without this, QEMU would only show a
black screen when starting X11. On the Apple Hypervisor, the kernel
would panic.
Also add calls to bus_dmamap_sync(9) before transferring the framebuffer
to host memory. It was working for me without this, but this ensures
that the host running on another CPU will see updates to the
framebuffer.
Thanks to kettenis@ for reviewing and providing feedback.
ok sf@