A packet with a FIN flag needs to act as a barrier in tcp_flush_queue.
Once a FIN packet is received all following data should simply be
discarded. tcp_input handels this FIN but for that tcp_reass() needs
to properly return TH_FIN when a FIN is processed in tcp_flush_queue.
This reassembly was not quite correct. Unexpected data directly following
the FIN packet was also reassembled and the FIN was actually lost.
The failure to return TH_FIN caused the regression in the previous fix.
tcp_input() passes some FIN packets through reassembly even though they
are in sequence and the queue is empty.
tcp_flush_queue() needs to treat packets with TH_FIN set as a barrier
and stop reassembly after processing this last packet. This ensures that
tcp_reass() returns TH_FIN to tcp_input which then changes the state of
the session. It also ensures that only data up to the FIN packet are
passed to userland.
Reported by Xint Code
OK sashan@
Fix PREF64 option corruption if DNSSL is also set
On octeon (but not amd64) setting both a NAT64 prefix and a search domain
causes the former ICMPv6 option to be corrupted due to how it is added last
in the Router Advertisement packet, following too much zero padding.
Bytes after the DNSSL option are zeroed up the next 8-byte boundary to
align options inside the packet.
Instead of checking alignment of the pointer address somewhere inside the
packet buffer that lives on the stack, which is thus architecture specific,
use their offset, i.e. see how many bytes were already written, in order to
zero-fill what is left between last search domain and next 8-byte boundary.
This makes RAs byte-identical between octeon and amd64 and prevents rad(8)
from sending the kind of invalid packets that clients like slaacd(8) and
gelatod(8) (from ports) need 029_v6daemons for.
OK florian
Fix handing of multi-line blacklist error strings in spamd.conf
When appending the blacklist error string, spamd splits the message
on a newline and continues the message on a new line. There was
a bug where the current pointer was incremented too far, which
resulted in the message being truncated at the newline instead
of continued.
For very long blacklist messages (around 8K) in spamd.conf, this
could result in heap corruption. However, this is very unlikely
in practice.
OK jsg@
Reported by and fix from Dhiraj Mishra
newer gcc is so smart to point out that settime_deadline may be used
uninitialized. of course it is wrong. sprinkle a "= 0" to shut it up.
pointed out by bcook, discussed with, gcc confronted by and ok claudio bcook
newer gcc thinks it's smart (do they call it AI yet?) and points out
peercount may be used unitialized. of course it is utterly wrong.
move peercount = 0 initialization 2 lines up to shut gcc up
pointed out by bcook, dicussed with, gcc-checked by and ok bcook claudio
in control_check(), rename struct sockaddr_un sun to sa - for consistency
with control_init() just underneath, and because "sun" causes problems for
portable on solaris
pretty much from bcook's portable repo, but another name, ok bcook
Enable nwid scanning by doing two things:
1. Disable the 802.11d scanning command for now, since it causes a firmware
error for which we currently have no solution. This isn't a critical
feature, and we can progress without it until we find a solution.
2. Send the HTT software ring setup messages for the receive rings, otherwise
the firmware never initializes its RXDMA pipeline, and delivers no frames
to the host. For that we did port over the
ath12k_dp_rxdma_ring_sel_config_wcn7850() and ath12k_dp_rx_htt_setup()
functions from the linux driver.
Tested and ok kettenis@, kirill@
PFI_FLAG_SKIP may be lost when interface disappears and then reappears
if 'set skip on ...' in pf.conf(5) refers to interface (or interface group)
which is yet to be created in system, then all is good.
However if the interface (or interface group) exists in system at the time
when pf.conf(5) is being loaded to pf(4) the effect of skip flag might get
lost. The scenario for tap0 interface goes as follows:
tap0 (and tap interface) exist in system and is known to pf(4), meaning
'pfctl -sI' reports tap0 and tap.
pf.conf with 'set skip on tap' is loaded. The pf(4) sets the flag on
`kif` instance without obtaining a reference to keep it in table
until skip flag (PFI_FLAG_SKIP) is reset.
tap0 interface is removed from system (ifconfig tap0 destroy),
the tap0 is removed from system and also corresponding kif instance
is removed from pf(4). kif is forgotten together with flag settings. If tap0
[13 lines not shown]
Remove the bootcmd hint for now
On this jupiter box, U-Boot's bootcmd can't be interrupted on the serial
console by pressing any key, Ctrl+C or ESC, even though the official
docs say it should be possible by pressing any key.
sigh
Add post-install hints for boards without distro_bootcmd (like BPi F3/Jupiter)
The default bootcmd is useless on these boards, so suggest some simple
default boot command.
sys/octeon: preserve bootloader console baud
The SRX300 console runs at 9600 baud under U-Boot; OpenBSD forced 115200
during console handoff, which garbled output immediately after early
memory setup and made a live kernel look dead.
Here, I read the programmed UART divisor instead and derive comconsrate
from it, so the kernel preserves the bootloader console configuration.
OK: visa@
sys/octeon: accept linux,phandle for IRQs
SRX300 firmware DT describes the CIU root and several CIB interrupt
controllers with linux,phandle, but omits phandle.
octeon_intr_register() consumed only the latter; the controllers
therefore never entered the interrupt controller registry, and every
later interrupt-parent lookup for CIB, AHCI, and xHCI failed.
Thus, dev/ofw/fdt lookup code already treats phandle and linux,phandle
as equivalent; so the Octeon interrupt layer should do the same when
registering interrupt controllers.
OK: kettenis@, visa@
drm/i915/psr: Do not use pipe_src as borders for SU area
From Jouni Hogander
de9aa7e89b98157d2650f25691e40711b8404151 in linux-6.18.y/6.18.23
75519f5df2a9b23f7bf305e12dc9a6e3e65c24b7 in mainline linux
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
From Sebastian Brzezinka
2af8b200cae3fdd0e917ecc2753b28bb40c876c1 in linux-6.18.y/6.18.23
4c71fd099513bfa8acab529b626e1f0097b76061 in mainline linux
