sync code with last fixes and improvements from OpenBSD

sys/net/bfd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bfd.c,v 1.78 2021/09/14 09:15:55 mvs Exp $	*/
+/*	$OpenBSD: bfd.c,v 1.79 2023/07/12 16:10:45 mvs Exp $	*/
 
 /*
  * Copyright (c) 2016-2018 Peter Hessler <phessler@openbsd.org>
@@ -436,7 +436,6 @@ bfd_listener(struct bfd_config *bfd, unsigned int port)
 	struct socket		*so;
 	struct mbuf		*m = NULL, *mopt = NULL;
 	int			*ip, error;
-	int			 s;
 
 	/* sa_family and sa_len must be equal */
 	if (src->sa_family != dst->sa_family || src->sa_len != dst->sa_len)
@@ -453,9 +452,9 @@ bfd_listener(struct bfd_config *bfd, unsigned int port)
 	mopt->m_len = sizeof(int);
 	ip = mtod(mopt, int *);
 	*ip = MAXTTL;
-	s = solock(so);
+	solock(so);
 	error = sosetopt(so, IPPROTO_IP, IP_MINTTL, mopt);
-	sounlock(so, s);
+	sounlock(so);
 	m_freem(mopt);
 	if (error) {
 		printf("%s: sosetopt error %d\n",
@@ -480,9 +479,9 @@ bfd_listener(struct bfd_config *bfd, unsigned int port)
 		break;
 	}
 
-	s = solock(so);
+	solock(so);
 	error = sobind(so, m, p);
-	sounlock(so, s);
+	sounlock(so);
 	if (error) {
 		printf("%s: sobind error %d\n",
 		    __func__, error);
@@ -518,7 +517,6 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 	struct sockaddr_in6	*sin6;
 	struct sockaddr_in	*sin;
 	int		 error, *ip;
-	int		 s;
 
 	/* sa_family and sa_len must be equal */
 	if (src->sa_family != dst->sa_family || src->sa_len != dst->sa_len)
@@ -533,9 +531,9 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 	mopt->m_len = sizeof(int);
 	ip = mtod(mopt, int *);
 	*ip = IP_PORTRANGE_HIGH;
-	s = solock(so);
+	solock(so);
 	error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt);
-	sounlock(so, s);
+	sounlock(so);
 	m_freem(mopt);
 	if (error) {
 		printf("%s: sosetopt error %d\n",
@@ -547,9 +545,9 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 	mopt->m_len = sizeof(int);
 	ip = mtod(mopt, int *);
 	*ip = MAXTTL;
-	s = solock(so);
+	solock(so);
 	error = sosetopt(so, IPPROTO_IP, IP_TTL, mopt);
-	sounlock(so, s);
+	sounlock(so);
 	m_freem(mopt);
 	if (error) {
 		printf("%s: sosetopt error %d\n",
@@ -561,9 +559,9 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 	mopt->m_len = sizeof(int);
 	ip = mtod(mopt, int *);
 	*ip = IPTOS_PREC_INTERNETCONTROL;
-	s = solock(so);
+	solock(so);
 	error = sosetopt(so, IPPROTO_IP, IP_TOS, mopt);
-	sounlock(so, s);
+	sounlock(so);
 	m_freem(mopt);
 	if (error) {
 		printf("%s: sosetopt error %d\n",
@@ -588,9 +586,9 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 		break;
 	}
 
-	s = solock(so);
+	solock(so);
 	error = sobind(so, m, p);
-	sounlock(so, s);
+	sounlock(so);
 	if (error) {
 		printf("%s: sobind error %d\n",
 		    __func__, error);
@@ -611,9 +609,9 @@ bfd_sender(struct bfd_config *bfd, unsigned int port)
 		break;
 	}
 
-	s = solock(so);
+	solock(so);
 	error = soconnect(so, m);
-	sounlock(so, s);
+	sounlock(so);
 	if (error && error != ECONNREFUSED) {
 		printf("%s: soconnect error %d\n",
 		    __func__, error);

sys/net/if_gif.c

@@ -798,7 +798,7 @@ gif_input(struct gif_tunnel *key, struct mbuf **mp, int *offp, int proto,
 		m->m_flags &= ~M_TUNNEL;
 		return (-1);
 	}
-	
+
 	key->t_rtableid = m->m_pkthdr.ph_rtableid;
 
 	sc = gif_find(key);
@@ -864,7 +864,7 @@ gif_input(struct gif_tunnel *key, struct mbuf **mp, int *offp, int proto,
 
 		shim = *mtod(m, uint32_t *) & MPLS_EXP_MASK;
 		itos = (ntohl(shim) >> MPLS_EXP_OFFSET) << 5;
-	
+
 		m->m_pkthdr.ph_family = AF_MPLS;
 		break;
 	}

sys/net/if_loop.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_loop.c,v 1.95 2023/07/02 19:59:15 bluhm Exp $	*/
+/*	$OpenBSD: if_loop.c,v 1.96 2023/07/18 16:01:20 bluhm Exp $	*/
 /*	$NetBSD: if_loop.c,v 1.15 1996/05/07 02:40:33 thorpej Exp $	*/
 
 /*
@@ -172,11 +172,11 @@ loop_clone_create(struct if_clone *ifc, int unit)
 	ifp->if_softc = NULL;
 	ifp->if_mtu = LOMTU;
 	ifp->if_flags = IFF_LOOPBACK | IFF_MULTICAST;
-	ifp->if_xflags = IFXF_CLONED;
+	ifp->if_xflags = IFXF_CLONED | IFXF_LRO;
 	ifp->if_capabilities = IFCAP_CSUM_IPv4 |
 	    IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 |
 	    IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 |
-	    IFCAP_LRO;
+	    IFCAP_LRO | IFCAP_TSOv4 | IFCAP_TSOv6;
 	ifp->if_rtrequest = lortrequest;
 	ifp->if_ioctl = loioctl;
 	ifp->if_input = loinput;

sys/net/if_pfsync.c

@@ -1265,7 +1265,7 @@ struct pfsync_q {
 static struct pfsync_slice *
 pfsync_slice_enter(struct pfsync_softc *sc, const struct pf_state *st)
 {
-	unsigned int idx = st->key[0]->hash % nitems(sc->sc_slices); 
+	unsigned int idx = st->key[0]->hash % nitems(sc->sc_slices);
 	struct pfsync_slice *s = &sc->sc_slices[idx];
 
 	if (!mtx_enter_try(&s->s_mtx)) {

sys/net/if_pfsync.h

@@ -188,7 +188,7 @@ struct pfsync_del_c {
 	u_int32_t			creatorid;
 } __packed;
 
-/* 
+/*
  * INS_F, DEL_F
  */
 

sys/net/if_pppx.c

@@ -617,7 +617,7 @@ pppx_if_find(struct pppx_dev *pxd, int session_id, int protocol)
 
 	if ((pxi = pppx_if_find_locked(pxd, session_id, protocol)))
 		refcnt_take(&pxi->pxi_refcnt);
-	
+
 	return pxi;
 }
 

sys/net/if_trunk.c

@@ -760,14 +760,14 @@ trunk_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 				break;
 			case TRUNK_OPT_LACP_SYS_PRIO:
 				if (tro->to_lacpopts.lacp_prio == 0) {
-					error = EINVAL;	
+					error = EINVAL;
 					break;
 				}
 				lsc->lsc_sys_prio = tro->to_lacpopts.lacp_prio;
 				break;
 			case TRUNK_OPT_LACP_PORT_PRIO:
 				if (tro->to_lacpopts.lacp_portprio == 0) {
-					error = EINVAL;	
+					error = EINVAL;
 					break;
 				}
 				lsc->lsc_port_prio =
@@ -776,7 +776,7 @@ trunk_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 			case TRUNK_OPT_LACP_IFQ_PRIO:
 				if (tro->to_lacpopts.lacp_ifqprio >
 				    IFQ_MAXPRIO) {
-					error = EINVAL;	
+					error = EINVAL;
 					break;
 				}
 				lsc->lsc_ifq_prio =

sys/net/if_wg.c

@@ -1577,7 +1577,7 @@ wg_decap(struct wg_softc *sc, struct mbuf *m)
 	peer = t->t_peer;
 
 	/*
-	 * Likewise to wg_encap, we pass a buf and buf length to 
+	 * Likewise to wg_encap, we pass a buf and buf length to
 	 * noise_remote_decrypt. Again, possible to teach it about mbufs
 	 * but need to get over the p_decap_queue situation first. However,
 	 * we do not need to allocate a new mbuf as the decrypted packet is

sys/net/ifq.c

@@ -824,7 +824,7 @@ ifiq_process(void *arg)
 }
 
 int
-net_ifiq_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, 
+net_ifiq_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
     void *newp, size_t newlen)
 {
 	int error = EOPNOTSUPP;

sys/net/pf.c

@@ -1596,11 +1596,11 @@ pf_purge_states_tick(void *null)
 		timeout_add_sec(&pf_purge_states_to, 1);
 		return;
 	}
- 
+
 	/*
 	 * process a fraction of the state table every second
 	 */
- 
+
 	if (interval > 1)
 		limit /= interval;
 
@@ -1653,12 +1653,12 @@ pf_purge(void *null)
 	pf_purge_expired_src_nodes();
 
 	PF_UNLOCK();
- 
+
 	/*
 	 * Fragments don't require PF_LOCK(), they use their own lock.
 	 */
 	pf_purge_expired_fragments();
- 
+
 	/* interpret the interval as idle time between runs */
 	timeout_add_sec(&pf_purge_to, interval);
 }

sys/net/pf_if.c

@@ -411,7 +411,7 @@ void
 pfi_group_addmember(const char *group)
 {
 	PF_LOCK();
-	pfi_group_change(group);	
+	pfi_group_change(group);
 	pfi_xcommit();
 	PF_UNLOCK();
 }

sys/net/pf_ioctl.c

@@ -1947,7 +1947,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		break;
 	}
 
-	case DIOCGETSTATES: 
+	case DIOCGETSTATES:
 		error = pf_states_get((struct pfioc_states *)addr);
 		break;
 

sys/net/pf_lb.c

@@ -564,7 +564,7 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
 					break;
 				pf_addr_inc(&rpool->counter, af);
 			} while (1);
- 
+
 			weight = rpool->weight;
 		}
 

sys/net/pf_syncookies.c

@@ -43,7 +43,7 @@
  * We leave synflood mode when the number of half-open states - including
  * in-flight syncookies - drops far enough again
  */
- 
+
 /*
  * syncookie enabled Initial Sequence Number:
  *  24 bit MAC
@@ -284,7 +284,7 @@ pf_syncookie_newkey(void)
  * [An Analysis of TCP Maximum Segment Sizes, S. Alcock and R. Nelson, 2011]
  *   .2%  .3%   5%    7%    7%    20%   15%   45%
  */
-static int pf_syncookie_msstab[] = 
+static int pf_syncookie_msstab[] =
     { 216, 536, 1200, 1360, 1400, 1440, 1452, 1460 };
 
 /*

sys/net/pfkeyv2.c

@@ -367,7 +367,7 @@ pfkeyv2_send(struct socket *so, struct mbuf *m, struct mbuf *nam,
 		error = EOPNOTSUPP;
 		goto out;
 	}
-	
+
 	if (nam) {
 		error = EISCONN;
 		goto out;

sys/net/pfvar_priv.h

@@ -153,7 +153,7 @@ extern struct pf_state_tree_id tree_id;
  * - pfsync bulk send operations
  * - bulk state fetches via the DIOCGETSTATES ioctl
  * - bulk state clearing via the DIOCCLRSTATES ioctl
- * 
+ *
  * states are inserted into the global pf_state_list once it has also
  * been successfully added to the various trees that make up the state
  * table. states are only removed from the pf_state_list by the garbage
@@ -212,7 +212,7 @@ extern struct pf_state_tree_id tree_id;
  *	rw_exit_read(&pf_state_list.pfs_rwl);
  *
  * removing an item from the list:
- * 
+ *
  *	// wait for iterators (readers) to get out
  *	rw_enter_write(&pf_state_list.pfs_rwl);
  *

sys/net/pipex.c

@@ -941,7 +941,7 @@ again:
 #if NBPFILTER > 0
 	    {
 		struct ifnet *ifp;
-		
+
 		if ((ifp = if_get(session->ifindex)) != NULL) {
 			if (ifp->if_bpf && ifp->if_type == IFT_PPP)
 				bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_IN);
@@ -1585,7 +1585,7 @@ pipex_pptp_input(struct mbuf *m0, struct pipex_session *session)
 	 * deep within if the packet will be consumed. In the error
 	 * path lock will be held all the time. So increment `rcv_gap'
 	 * here, and on the error path back it out, no atomicity will
-	 * be lost in all cases. 
+	 * be lost in all cases.
 	 */
 	if (!rewind)
 		session->proto.pptp.rcv_gap += nseq;
@@ -2068,7 +2068,7 @@ pipex_l2tp_input(struct mbuf *m0, int off0, struct pipex_session *session,
 	 * deep within if the packet will be consumed. In the error
 	 * path lock will be held all the time. So increment `nr_gap'
 	 * here, and on the error path back it out, no atomicity will
-	 * be lost in all cases. 
+	 * be lost in all cases.
 	 */
 	if (!rewind)
 		session->proto.l2tp.nr_gap += nseq;
@@ -2520,7 +2520,7 @@ pipex_mppe_input(struct mbuf *m0, struct pipex_session *session)
 
 			/* Send CCP ResetReq */
 			PIPEX_DBG((session, LOG_DEBUG, "CCP SendResetReq"));
-		
+
 			mtx_enter(&session->pxs_mtx);
 			ccp_id = session->ccp_id;
 			session->ccp_id++;

sys/net/pipex_local.h

@@ -205,7 +205,7 @@ struct pipex_session {
 	int ccp_id;				/* [s] CCP packet id */
 	struct pipex_mppe
 	    mppe_recv,				/* MPPE context for incoming */
-	    mppe_send;				/* MPPE context for outgoing */ 
+	    mppe_send;				/* MPPE context for outgoing */
 #endif /*PIPEXMPPE */
 
 	struct cpumem	*stat_counters;