17 files changed, 167 insertions, 36 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile
index 519b113b0a2e..1d708cfda019 100644
--- a/share/man/man4/Makefile
+++ b/share/man/man4/Makefile
@@ -8,6 +8,9 @@ MANPACKAGE=	kernel
 # the doc repository); otherwise the automatically generated hardware
 # notes will not include your driver.
 
+# If you enable a driver for a different architecture, please remember
+# to update the arch specifier in the document title of the manual.
+
 MAN=	aac.4 \
 	aacraid.4 \
 	acpi.4 \
diff --git a/share/man/man4/dtrace_lockstat.4 b/share/man/man4/dtrace_lockstat.4
index e308ca6c22ce..448de91a375f 100644
--- a/share/man/man4/dtrace_lockstat.4
+++ b/share/man/man4/dtrace_lockstat.4
@@ -22,12 +22,12 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 20, 2019
+.Dd September 3, 2025
 .Dt DTRACE_LOCKSTAT 4
 .Os
 .Sh NAME
 .Nm dtrace_lockstat
-.Nd a DTrace provider for tracing CPU scheduling events
+.Nd a DTrace provider for tracing kernel locking events
 .Sh SYNOPSIS
 .Fn lockstat:::adaptive-acquire "struct mtx *"
 .Fn lockstat:::adaptive-release "struct mtx *"
diff --git a/share/man/man4/epair.4 b/share/man/man4/epair.4
index 342b15b5612a..b406c423361b 100644
--- a/share/man/man4/epair.4
+++ b/share/man/man4/epair.4
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 12, 2025
+.Dd September 4, 2025
 .Dt EPAIR 4
 .Os
 .Sh NAME
@@ -108,6 +108,29 @@ As with any other Ethernet interface,
 can have a
 .Xr vlan 4
 configured on top of it.
+.Pp
+The
+.Nm
+has RXCSUM and RXCSUM6 enabled because it may receive a packet where the
+checksum has already been validated by a physical interface.
+The
+.Nm
+supports TXCSUM and TXCSUM6 for TCP and UDP, but only by forwarding the order
+to compute the checksum.
+Thus, when using an
+.Nm
+interface, a TCP or UDP sender can offload checksum computation
+to a physical interface.
+Note that, in case the packet does not leave the host, the checksum is
+unnecessary and will be ignored if offloaded.
+Such packets contain an incorrect checksum, since it is not computed yet.
+TXCSUM and TXCSUM6 are synchronized between the
+.Nm
+interface pair (i.e., enabling/disabling the capability on one end
+enables/disables it on the other end).
+In case one end is in a bridge and the bridge disabled TXCSUM or TXCSUM6,
+this avoids a sender to send packets with checksum offloading into the
+bridge by using the other end.
 .Sh SEE ALSO
 .Xr ioctl 2 ,
 .Xr altq 4 ,
diff --git a/share/man/man4/gpio.4 b/share/man/man4/gpio.4
index 9a629ff402fd..b84bfb01de51 100644
--- a/share/man/man4/gpio.4
+++ b/share/man/man4/gpio.4
@@ -1,3 +1,6 @@
+.\"
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
 .\" Copyright (c) 2013, Sean Bruno <sbruno@freebsd.org>
 .\" All rights reserved.
 .\"
@@ -22,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd June 27, 2019
+.Dd August 28, 2025
 .Dt GPIO 4
 .Os
 .Sh NAME
@@ -33,7 +36,6 @@ To compile these devices into your kernel and use the device hints, place the
 following lines in your kernel configuration file:
 .Bd -ragged -offset indent
 .Cd "device gpio"
-.Cd "device gpioc"
 .Cd "device gpioiic"
 .Cd "device gpioled"
 .Ed
diff --git a/share/man/man4/gpioled.4 b/share/man/man4/gpioled.4
index 646e2ff2a8f0..45457d20d298 100644
--- a/share/man/man4/gpioled.4
+++ b/share/man/man4/gpioled.4
@@ -70,7 +70,20 @@ Which pin on the GPIO interface to map to this instance.
 Please note that this mask should only ever have one bit set
 (any other bits - i.e., pins - will be ignored).
 .It Va hint.gpioled.%d.invert
-If set to 1, the pin will be set to 0 to light the LED, and 1 to clear it.
+Use pin inversion. If set to 1, the pin will be set to 0 to light the LED, and 1
+to clear it.
+.It Va hint.gpioled.%d.invmode
+Whether or not to use hardware support when pin inversion is requested. Must be
+one of:
+.Bl -tag
+.It Va auto
+Use hardware pin inversion if available, else fallback to software pin
+inversion. This is the default.
+.It Va hw
+Use hardware pin inversion.
+.It Va sw
+Use software pin inversion.
+.El
 .It Va hint.gpioled.%d.state
 The initial state of the LED when the driver takes control over it.
 If set to 1 or 0, the LED will be on or off correspondingly.
diff --git a/share/man/man4/pci.4 b/share/man/man4/pci.4
index 91fbb557f644..b99747969035 100644
--- a/share/man/man4/pci.4
+++ b/share/man/man4/pci.4
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd April 2, 2025
+.Dd August 31, 2025
 .Dt PCI 4
 .Os
 .Sh NAME
@@ -235,6 +235,17 @@ revision ID.
 Driver name.
 .It pd_unit
 Driver unit number.
+.It pd_numa_domain
+Driver NUMA domain.
+.It pc_reported_len
+Length of the valid portion of the encompassing
+.Vt pci_conf
+structure.
+This should always be equivalent to the offset of the
+.Va pc_spare
+member.
+.It pc_spare
+Reserved for future use.
 .El
 .It offset
 The offset is passed in by the user to tell the kernel where it should
diff --git a/share/man/man4/random.4 b/share/man/man4/random.4
index 840bc0c3234b..04d46e4d32aa 100644
--- a/share/man/man4/random.4
+++ b/share/man/man4/random.4
@@ -21,7 +21,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd April 19, 2019
+.Dd August 28, 2025
 .Dt RANDOM 4
 .Os
 .Sh NAME
@@ -132,6 +132,17 @@ are listed in square brackets.
 See
 .Xr random_harvest 9
 for more on the harvesting of entropy.
+.Pp
+The
+.Va kern.random.nist_healthtest_enabled
+tunable can be used to enable the entropy source health tests outlined
+in section 4 of NIST Special Publication 800-90B.
+When enabled, all entropy sources will be subject to the repetition
+count and adaptive proportion tests described in that document.
+If one of the tests fails, the source will be disabled, i.e., all
+subsequent entropy samples from that source will be discarded.
+The implementation performs startup testing, during which entropy
+sources are discarded.
 .Sh FILES
 .Bl -tag -width ".Pa /dev/urandom"
 .It Pa /dev/random
diff --git a/share/man/man4/syncache.4 b/share/man/man4/syncache.4
index e92502fd15ff..f83e9b083e45 100644
--- a/share/man/man4/syncache.4
+++ b/share/man/man4/syncache.4
@@ -10,7 +10,7 @@
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
-.Dd April 12, 2021
+.Dd August 30, 2025
 .Dt SYNCACHE 4
 .Os
 .Sh NAME
@@ -39,6 +39,8 @@ MIBs for controlling TCP SYN caching
 .Nm sysctl Cm net.inet.tcp.syncache.count
 .It
 .Nm sysctl Cm net.inet.tcp.syncache.see_other
+.It
+.Nm sysctl Cm net.inet.tcp.syncache.rst_on_sock_fail
 .El
 .Sh DESCRIPTION
 The
@@ -107,6 +109,18 @@ and run only with
 set
 .Va net.inet.tcp.syncookies_only
 to 1.
+To use
+.Nm syncookies
+to handle bucket overflows in the
+.Nm syncache
+set
+.Va net.inet.tcp.syncookies
+to 1.
+The default value for
+.Va net.inet.tcp.syncookies_only
+is 0 and the default value for
+.Va net.inet.tcp.syncookies
+is 1.
 .Pp
 The
 .Nm
@@ -169,6 +183,9 @@ However, extra
 .Xr ucred 9
 referencing is required on every incoming SYN packet processed.
 The default is off.
+.It Va rst_on_sock_fail
+Send a TCP RST segment if the socket allocation fails.
+The default is on.
 .El
 .Pp
 Statistics on the performance of the
@@ -206,8 +223,16 @@ Entries dropped due to ICMP unreachable messages.
 Failures to allocate new
 .Nm
 entry.
+.It Li "cookies sent"
+SYN cookies sent in SYN ACK segments.
 .It Li "cookies received"
-Connections created from segment containing ACK.
+ACK segments with valid syncookies which resulted in TCP connection
+establishment.
+.It Li "spurious cookies rejected"
+Received ACKs, for which the syncache lookup failed and also no syncookie was
+recently sent.
+.It Li "failed cookies rejected"
+Received ACKs for which the syncookie validation failed.
 .El
 .Sh SEE ALSO
 .Xr netstat 1 ,
diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4
index fcfda42908d8..3c9f4ff83f3d 100644
--- a/share/man/man4/tcp.4
+++ b/share/man/man4/tcp.4
@@ -31,7 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd June 27, 2025
+.Dd September 5, 2025
 .Dt TCP 4
 .Os
 .Sh NAME
@@ -940,9 +940,6 @@ maximum segment size.
 This helps throughput in general, but
 particularly affects short transfers and high-bandwidth large
 propagation-delay connections.
-.It Va rfc6675_pipe
-Deprecated and superseded by
-.Va sack.revised
 .It Va sack.enable
 Enable support for RFC 2018, TCP Selective Acknowledgment option,
 which allows the receiver to inform the sender about all successfully
@@ -974,6 +971,11 @@ recovery, the trailing segment is immediately resent, rather than waiting
 for a Retransmission timeout.
 Finally, SACK loss recovery is also engaged, once two segments plus one byte are
 SACKed - even if no traditional duplicate ACKs were observed.
+.Va sack.revised
+is deprecated and will be removed in
+.Fx 16 .
+.Va sack.enable
+will always follow RFC6675.
 .It Va sendbuf_auto
 Enable automatic send buffer sizing.
 .It Va sendbuf_auto_lowat
diff --git a/share/man/man4/umb.4 b/share/man/man4/umb.4
index 311a50faf8e7..37c86b3074f5 100644
--- a/share/man/man4/umb.4
+++ b/share/man/man4/umb.4
@@ -17,14 +17,13 @@
 .\"
 .\" $NetBSD: umb.4,v 1.4 2019/08/30 09:22:17 wiz Exp $
 .\"
-.Dd August 4, 2025
+.Dd September 3, 2025
 .Dt UMB 4
 .Os
 .Sh NAME
 .Nm umb
 .Nd USB Mobile Broadband Interface Model (MBIM) cellular modem driver
 .Sh SYNOPSIS
-.Cd "device netmap"
 .Cd "device usb"
 .Cd "device umb"
 .Pp
diff --git a/share/man/man4/vtnet.4 b/share/man/man4/vtnet.4
index b6f10ddd87cb..1df79da5f42e 100644
--- a/share/man/man4/vtnet.4
+++ b/share/man/man4/vtnet.4
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 21, 2025
+.Dd September 8, 2025
 .Dt VTNET 4
 .Os
 .Sh NAME
@@ -127,7 +127,6 @@ This option applies to all interfaces.
 The default value is 0.
 .El
 .Sh TRANSMIT QUEUE STATISTICS
-.Bl -tag -width "xxxxxx"
 For each transmit queue of each interface the following read-only statistics
 are provided:
 .Bl -tag -width "xxxxxx"
@@ -154,7 +153,14 @@ The number of times the receive interrupt handler was rescheduled.
 .It Va dev.vtnet. Ns Ar X Ns Va .rxq Ns Ar Y Ns Va .host_lro
 The number of times TCP large receive offload was performed.
 .It Va dev.vtnet. Ns Ar X Ns Va .rxq Ns Ar Y Ns Va .csum_failed
-Currently not used.
+The number of times a packet with a request for receive or transmit checksum
+offloading was received and this request failed.
+The different reasons for the failure are counted by
+.Va dev.vtnet. Ns Ar X Ns Va .rx_csum_inaccessible_ipproto ,
+.Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ipproto ,
+.Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ethtype ,
+and
+.Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_offset .
 .It Va dev.vtnet. Ns Ar X Ns Va .rxq Ns Ar Y Ns Va .csum
 The number of times receive checksum offloading for UDP or TCP was performed.
 .It Va dev.vtnet. Ns Ar X Ns Va .rxq Ns Ar Y Ns Va .ierrors
@@ -214,18 +220,21 @@ over all receive queues of the interface.
 The sum of
 .Va dev.vtnet. Ns Ar X Ns Va .rxq Ns Ar Y Ns Va .csum_failed
 over all receive queues of the interface.
-.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_proto
-Currently unused.
+.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_inaccessible_ipproto
+The number of times a packet with a request for receive or transmit checksum
+offloading was received where the IP protocol was not accessible.
 .It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_offset
-Currently unused.
-.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ipproto
-Currently unused.
-.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ethtype
 The number of times fixing the checksum required by
 .Va hw.vtnet.fixup_needs_csum
 or
 .Va hw.vtnet. Ns Ar X Ns Va .fixup_needs_csum
-was attempted for a packet with an EtherType other than IPv4 or IPv6.
+was attempted for a packet where the csum is not located in the first mbuf.
+.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ipproto
+The number of times a packet with a request for receive or transmit checksum
+offloading was received where the IP protocol was neither TCP nor UDP.
+.It Va dev.vtnet. Ns Ar X Ns Va .rx_csum_bad_ethtype
+The number of times a packet with a request for receive or transmit checksum
+offloading was received where the EtherType was neither IPv4 nor IPv6.
 .It Va dev.vtnet. Ns Ar X Ns Va .rx_mergeable_failed
 The number of times receiving a mergable buffer failed.
 .It Va dev.vtnet. Ns Ar X Ns Va .rx_enq_replacement_failed
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index a9ae823257a4..bdd8a843d72a 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -2470,7 +2470,13 @@ NAT address and port.
 This feature implements "full-cone" NAT behavior.
 .El
 .Pp
-Additionally, the
+Additionally, options
+.Ar sticky-address
+and
+.Ar prefer-ipv6-nexthop
+can be specified to influence how IP addresses selected from pools.
+.Pp
+The
 .Ar sticky-address
 option can be specified to help ensure that multiple connections from the
 same source are mapped to the same redirection address.
@@ -2486,6 +2492,14 @@ beyond the lifetime of the states, increase the global options with
 See
 .Sx STATEFUL TRACKING OPTIONS
 for more ways to control the source tracking.
+.Pp
+The
+.Ar prefer-ipv6-nexthop
+option allows for IPv6 addresses to be used as the nexthop
+for IPv4 packets routed with the
+.Ar route-to
+rule option. If a table is used with IPv4 and IPv6 addresses, first the IPv6 addresses
+will be used in round-robin fashion, then IPv4 addresses.
 .Sh STATE MODULATION
 Much of the security derived from TCP is attributable to how well the
 initial sequence numbers (ISNs) are chosen.
@@ -3580,7 +3594,7 @@ limit-item     = ( "states" | "frags" | "src-nodes" ) number
 
 pooltype       = ( "bitmask" | "random" |
                  "source-hash" [ ( hex-key | string-key ) ] |
-                 "round-robin" ) [ sticky-address ]
+                 "round-robin" ) [ sticky-address | prefer-ipv6-nexthop ]
 
 subqueue       = string | "{" queue-list "}"
 queue-list     = string [ [ "," ] string ]
diff --git a/share/man/man7/arch.7 b/share/man/man7/arch.7
index fe4e8055a8b1..b29fedbfd4ec 100644
--- a/share/man/man7/arch.7
+++ b/share/man/man7/arch.7
@@ -163,7 +163,10 @@ will support execution of
 .Dv armv7
 binaries if the CPU implements
 .Dv AArch32
-execution state, however older arm binaries are not supported by
+execution state.
+Binaries targeting
+.Dv armv6
+and earlier are no longer supported by
 .Fx .
 .Pp
 On all supported architectures:
diff --git a/share/man/man7/ports.7 b/share/man/man7/ports.7
index b681a326f407..75070ce852fe 100644
--- a/share/man/man7/ports.7
+++ b/share/man/man7/ports.7
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 21, 2025
+.Dd September 10, 2025
 .Dt PORTS 7
 .Os
 .Sh NAME
@@ -683,7 +683,7 @@ WITH_DEBUG_PORTS=	mail/dovecot security/krb5
 .Pp
 It is also possible to use the debug variables on the command line:
 .Bd -literal -offset 2n
-.Li # Ic make -DWITH_DEBUG DEBUG_FLAGS="-g -O0" build
+.Li # Ic make WITH_DEBUG DEBUG_FLAGS="-g -O0" build
 .Ed
 .Pp
 See the
diff --git a/share/man/man8/nanobsd.8 b/share/man/man8/nanobsd.8
index 838f9ddc9afa..8a1f44af6900 100644
--- a/share/man/man8/nanobsd.8
+++ b/share/man/man8/nanobsd.8
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 14, 2025
+.Dd September 9, 2025
 .Dt NANOBSD 8
 .Os
 .Sh NAME
@@ -33,7 +33,7 @@
 .Nd create an embedded FreeBSD system image
 .Sh SYNOPSIS
 .Nm
-.Op Fl BbfhIiKknqvWwX
+.Op Fl BbfhIiKknpqvWwX
 .Op Fl c Ar config-file
 .Sh DESCRIPTION
 The
@@ -42,7 +42,7 @@ utility is a script which produces a minimal implementation of
 .Fx
 (called
 .Nm NanoBSD ) ,
-which typically fits on a small media such as a Compact Flash card,
+which typically fits on a small media such as an SD card,
 or other mass storage medium.
 It can be used to build specialized install images, designed for easy
 installation and maintenance.
@@ -77,6 +77,10 @@ This suppresses the normal cleanup work done before the
 .Cm buildworld
 stage and adds -DNO_CLEAN to the make command line
 used for each build stage (world and kernel).
+.It Fl r
+Don't prepare the image.
+Skip running of the customization and early customization scripts for
+incremental image refinement from world, kernel, or packages.
 .It Fl q
 Make output more quiet.
 .It Fl v
diff --git a/share/man/man9/VFS.9 b/share/man/man9/VFS.9
index a269d8d070cf..a1d0a19bec13 100644
--- a/share/man/man9/VFS.9
+++ b/share/man/man9/VFS.9
@@ -44,7 +44,6 @@ rather than implementing empty functions or casting to
 .Sh SEE ALSO
 .Xr VFS_CHECKEXP 9 ,
 .Xr VFS_FHTOVP 9 ,
-.Xr VFS_INIT 9 ,
 .Xr VFS_MOUNT 9 ,
 .Xr VFS_QUOTACTL 9 ,
 .Xr VFS_SET 9 ,
diff --git a/share/man/man9/g_geom.9 b/share/man/man9/g_geom.9
index 74c6979fceda..c5b0c0aded2d 100644
--- a/share/man/man9/g_geom.9
+++ b/share/man/man9/g_geom.9
@@ -27,12 +27,15 @@
 .Os
 .Sh NAME
 .Nm g_new_geomf ,
+.Nm g_new_geom ,
 .Nm g_destroy_geom
 .Nd "geom management"
 .Sh SYNOPSIS
 .In geom/geom.h
 .Ft "struct g_geom *"
 .Fn g_new_geomf "struct g_class *mp" "const char *fmt" ...
+.Ft "struct g_geom *"
+.Fn g_new_geom "struct g_class *mp" "const char *name"
 .Ft void
 .Fn g_destroy_geom "struct g_geom *gp"
 .Sh DESCRIPTION
@@ -58,6 +61,14 @@ The geom's name is created in a
 -like way from the rest of the arguments.
 .Pp
 The
+.Fn g_new_geom
+function is very similar to
+.Fn g_new_geomf
+except that it accepts a regular string instead of a
+.Xr printf 3 Ns
+-like format strng as the geom's name.
+.Pp
+The
 .Fn g_destroy_geom
 function destroys the given geom immediately and cancels all related pending
 events.
@@ -94,7 +105,9 @@ and
 .Va access
 for it.
 .Pp
-.Fn g_new_geomf :
+.Fn g_new_geomf
+and
+.Fn g_new_geom :
 .Bl -item -offset indent
 .It
 Class