src/sys/netinet, branch main FreeBSD source tree carp: define CARP_AUTHLEN for carp_authlen field 2026-04-17T18:32:01+00:00 Christos Longros chris.longros@gmail.com 2026-04-17T18:32:01+00:00 d9e7dd4a19b81a78a801973f8f5231f46a6d20b8 Replace the bare 7 with a named constant. 
Replace the bare 7 with a named constant.
sctp(4): Fix a typo in a source code comment 2026-04-17T14:59:26+00:00 Gordon Bergling gbe@FreeBSD.org 2026-04-17T14:59:26+00:00 a154d72775cbf3f0679fb2f989b3d1a035ae41c9 - s/initited/initiated/ Obtained from: NetBSD MFC after: 3 days 
- s/initited/initiated/

Obtained from:	NetBSD
MFC after:	3 days
in_mcast: Avoid calling sysctl_wire_old_buffer() in an epoch section 2026-04-17T12:42:54+00:00 Mark Johnston markj@FreeBSD.org 2026-04-17T12:42:54+00:00 c1b514c88c76a4de906775d47b06388e62ab6845 Wiring a virtual address range may require the thread to sleep, and this is not permitted in an epoch section. MFC after: 1 week 
Wiring a virtual address range may require the thread to sleep, and this
is not permitted in an epoch section.

MFC after:	1 week
tcp: use RFC 6191 for connection recycling in TIME-WAIT 2026-04-17T07:11:41+00:00 Michael Tuexen tuexen@FreeBSD.org 2026-04-17T07:11:41+00:00 3a54aa3b0911bef15e014b8a8185e116efb0a918 Implement the criteria specified in RFC 6191 for recycling TCP connections in TIME-WAIT. Reviewed by: rscheff, Marius Halden Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56321 
Implement the criteria specified in RFC 6191 for recycling TCP
connections in TIME-WAIT.

Reviewed by:		rscheff, Marius Halden
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D56321
in_mcast: Fix a lock leak in inp_set_source_filters() 2026-04-16T20:27:45+00:00 Mark Johnston markj@FreeBSD.org 2026-04-16T19:57:57+00:00 bebc1a5b09e358b420077a1b5c0f85f8e7f0812f MFC after: 3 days Reported by: Claude Opus 4.6 
MFC after:	3 days
Reported by:	Claude Opus 4.6
nd6: Add support for route information (RFC 4191) 2026-04-16T18:57:07+00:00 Pouria Mousavizadeh Tehrani pouria@FreeBSD.org 2026-04-16T14:23:49+00:00 c8d25804f56ae7c35eaa492b6110807a2675d41a Implement RFC 4191 by handling received Router Adverisement (RA) packets with route information option. For default routes, use the route information's lifetime and preference to overwrite the RA's lifetime/preference. Also install and update more-specific route prefixes with the option's lifetime and expire them when their lifetime elapses. PR: 263982 Reviewed by: markj Tested by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Relnotes: yes Differential Revision: https://reviews.freebsd.org/D55449 
Implement RFC 4191 by handling received Router Adverisement (RA)
packets with route information option.
For default routes, use the route information's lifetime and
preference to overwrite the RA's lifetime/preference.
Also install and update more-specific route prefixes with the
option's lifetime and expire them when their lifetime elapses.

PR:		263982
Reviewed by:	markj
Tested by:	Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D55449
tcp lro: fix vnet handling 2026-04-15T20:31:48+00:00 Michael Tuexen tuexen@FreeBSD.org 2026-04-15T20:31:48+00:00 2d13620c6e1be7f8136095f648a6b824158d0941 Reported by: Shawn Webb Reviewed by: glebius, rrs Fixes: f707cc00ed12 ("lro: move pkt rejection checks to leafs to avoid queueing") Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D56420 
Reported by:		Shawn Webb
Reviewed by:		glebius, rrs
Fixes:			f707cc00ed12 ("lro: move pkt rejection checks to leafs to avoid queueing")
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D56420
ip_mroute: Fix a lock leak in X_ip_mforward() 2026-04-15T15:06:05+00:00 Mark Johnston markj@FreeBSD.org 2026-04-15T15:01:58+00:00 18b7115cba2f698909a4801dc2cc1b04b1f4f210 If a FIB does not have a router configured, X_ip_mforward() would leak a lock. Plug the leak. The IPv6 counterpart did not have such a check. It wouldn't send an upcall to a non-existent router anyway due to the router_ver check, but we should verify that a router is present anyway. Add regression test cases to exercise these code paths. Reported by: Claude Opus 4.6 Fixes: 0bb9c2b665d9 ("ip6_mroute: FIBify") Sponsored by: Klara, Inc. Sponsored by: Stormshield 
If a FIB does not have a router configured, X_ip_mforward() would leak a
lock.  Plug the leak.

The IPv6 counterpart did not have such a check.  It wouldn't send an
upcall to a non-existent router anyway due to the router_ver check, but
we should verify that a router is present anyway.

Add regression test cases to exercise these code paths.

Reported by:	Claude Opus 4.6
Fixes:		0bb9c2b665d9 ("ip6_mroute: FIBify")
Sponsored by:	Klara, Inc.
Sponsored by:	Stormshield
routing: Make ip[6]_tryforward() FIB-aware for local traffic 2026-04-14T22:11:18+00:00 Pouria Mousavizadeh Tehrani pouria@FreeBSD.org 2026-04-11T12:58:28+00:00 bf41d86df0d9dc4a1342c579f4e72db3c66b3443 `ip_tryforward()` and `ip6_tryforward()` checks whether the destination address is local or not without considering if it belongs to the current FIB. If the destination is local but not in our FIB, forward it instead of returning it to ip_input(). PR: 292319 Reviewed by: zlei MFC after: 1 week MFC to: stable/15 Differential Revision: https://reviews.freebsd.org/D56353 
`ip_tryforward()` and `ip6_tryforward()` checks whether the destination
address is local or not without considering if it belongs to the current FIB.
If the destination is local but not in our FIB, forward it instead
of returning it to ip_input().

PR:		292319
Reviewed by:	zlei
MFC after:	1 week
MFC to:		stable/15
Differential Revision: https://reviews.freebsd.org/D56353
lro: move pkt rejection checks to leafs to avoid queueing non-LRO'able pkts 2026-04-14T18:47:57+00:00 Andrew Gallatin gallatin@FreeBSD.org 2026-04-13T21:33:17+00:00 f707cc00ed124828e367b020d6b417842321f641 When lro mbuf queuing is enabled, we should not queue easily reject-able packets. Queuing them does a bit of extra work (sorting, timestamps) and can potentially delay urgent packets such as LACP PDUs. This change moves simple rejection tests from lro_rx_common() into lro_rx and (more importantly) into tcp_lro_queue_mbuf(). Note this change only moves the easy checks on forwarding and packet metadata, where the rejection criteria is already hot in cache. It does not move parsing and looking inside the packet to verify the ether protocol, ip protocol, etc. This could be done, but we risk essentially doubling the cache misses per-packet by doing so. Differential Revision: https://reviews.freebsd.org/D56337 Reviewed by: rrs, tuexen Sponsored by: Netflix 
When lro mbuf queuing is enabled, we should not queue easily
reject-able packets. Queuing them does a bit of extra work (sorting,
timestamps) and can potentially delay urgent packets such as LACP
PDUs. This change moves simple rejection tests from lro_rx_common()
into lro_rx and (more importantly) into tcp_lro_queue_mbuf().

Note this change only moves the easy checks on forwarding and packet
metadata, where the rejection criteria is already hot in cache. It
does not move parsing and looking inside the packet to verify the
ether protocol, ip protocol, etc. This could be done, but we risk
essentially doubling the cache misses per-packet by doing so.

Differential Revision: https://reviews.freebsd.org/D56337
Reviewed by: rrs, tuexen
Sponsored by: Netflix