Unlock the KERN_MAXCLUSTERS case of kern_sysctl().
The `nmbclust' and `mbuf_mem_limit' modified by KERN_MAXCLUSTERS case
belong to the non intersecting paths. The only `nmbclust' user is the
DIOCSETLIMIT case of pfioctl(), which only checks is against passed
fragments reference count sets the hard limit on corresponding pf(4)
pool. Meanwhile the kern_sysctl() does the `nmbclust' update, the
`nmbclust' based `mbuf_mem_limit' calculation and mbuf(9) and mbuf(9)
clusters pools wakeup. So only update path of kern_sysctl() should be
serialized.
ok bluhm
Fix an obvious documentation bug introduced by Marshall Kirk McKusick in SCCS
commit 6.4 on August 16, 1989, commit message "update for vnode interface".
Among larger changes, he renamed function arguments:
name -> dir and special -> fspec
but forgot the mount(2) [ENOTDIR] case.
A decade later, in rev. 1.16 on July 5, 1999, aaron@ also forgot to include
the two misnamed arguments in his .Ar -> .Fa markup modernization, possibly
because he did not find them due to the wrong names.
Make struct entity passing more strict by checking the type.
For repositories only pass the fields we care. The path attribute
is optional since that is the temporary file path which is not used
in -n mode.
For all other object types pass everything as before but now some
fileds become non-optional.
OK tb@ job@
when refusing a certificate for user authentication, log enough
information to identify the certificate in addition to the
reason why it was being denied. Makes debugging certificate
authz problems a bit easier.
ok dlg@
Fix the misleading description of the deprecated .OP macro.
The following made me aware of the problem:
groff commit f6d1f960 Aug 2, 2025 gbranden@
groff_man*(7): Update `OP` macro description.
Speed up bn_{mod,sqr}_mul_words() for specific inputs.
Use bn_{mul,sqr}_comba{4,6,8}() and bn_montgomery_reduce_words() for
specific input sizes. This is significantly faster than using
bn_montgomery_multiply_words().
ok tb@
tweak previous:
* add the missing ".Ft void" to rw_init_flags_trace()
* use .Fo when the .Fn macro line becomes longer than 80 bytes
* use .Xr for dt(4)
Three content improvements:
* Mention what the general purpose of the "dns" block is.
* Mention that "dns" requires "search" or "nameserver".
* Mention that at least one "interface" is required.
And one markup improvement:
Mark up the options of "dns", "nat64 prefix", and "prefix"
with .Cm rather than with .Ic because they modify the behaviour
of the parent block rather than being stand-alone commands.
Based on information and in part on wordings provided by florian@;
OK florian@.
Document dt(4) tracing initializers for refcnt and rwlock.
Struct refcnt and rwlock can take trace index to create static
probes for btrace. Document rw_init_flags_trace(9) and use parameter
names consistently.
SolftLRO: reduces max packet size by max_linkhdr as tcp_output()
This avoids DMA errors while interacting with ixl(4) and oversized
packets.
ok stsp, bluhm
virtio_pci: Don't try msix interrupts if not supported
Make sure we only try to establish msix interrupts if they are
supported. Otherwise we get 'pci_intr_map_msix failed' error messages
for devices with no virtqueues, like vmmci(4)
"looks ok to me" dv@
Use the operating system default DSCP marking for non-interactive traffic
It seems the CS1 traffic class mark is considered ambiguous and therefore
somewhat unhelpful (see RFC 8622 for more considerations). But, the new
'LE' scavenger class (also proposed in RFC 8622) offers high probability
of excessive delays & high packet loss, which would be inappropriate
for use with, for example, X11 forwardings. In fact, it is not known to
SSH what's appropriate because SSH is not aware of the content of what
passing through session forwardings. Therefore, no marking is appropriate.
Non-interactive traffic simply is best effort.
OK djm@ deraadt@
a bunch of the protocol extensions we support now have RFCs and I-Ds
that are more complete and detailed than what we have in the
PROTOCOL.* files. Refer to these when possible instead of documenting
them here.
Revert the deprecation of the .HP macro.
Eric S. Raymond deprecated it in groff in 2007 (commit 26e827e3),
and i followed in mandoc(1) in 2018 (rev. 1.53). The current
groff maintainer, G. Branden Robinson, just reverted the
deprecation in groff commit 0789e6bd (Aug 2, 2025) because he
considers the deprecation premature and poorly motivated.
Continue following groff because i do not feel strongly either way:
the .HP macro is neither particularly useful nor particularly
harmful, and while our manual page mentioned the deprecation,
mandoc(1) never issued a warning when manual pages used it anyway.
Even the remark about HTML output no longer applies to mandoc(1),
which uses <p class="Pp HP"> in the generated HTML code and has
a .HP class selector in mandoc.css with the margin-left: and
text-indent: properties, which does result in hanging indentation.
Some improvements related to compatibility, in particular:
* Mention that roff(7) documents are text files.
* Like in other roff(7) implementations, 'u' is now device dependent.
* Make the remarks regarding adjustment and indentation more precise.
* Reference the GNU Troff Manual below SEE ALSO.
Convert nd6_timer_next from int to time_t.
Coverity found that global variable nd6_timer_next stores time_t
value and compares it with this type.
CID 1526447
Pass down existing ifp pointer to nd6_free() and rtrequest_delete().
Coverity complained about useless ifp NULL pointer check in
rtrequest_delete() and a later unconditional dereference. For every
caller except nd6_free() it was clear that ifp was a valid interface.
Pass down ifp to nd6_free() instead of calling if_get(). Then it
is obvious that ifp is not NULL and can be used in all callees.
CID 1648414
input and OK mvs@
Tweak previous:
For pipe2(2), put back the words "of both new file descriptors",
and move the word "respectively" to the end of the sentence
to reduce the number of commas and make the sentence read better.
OK guenther@
