Merge abb8c95a31 into 6320946411

import-generator: open up NotifyAccess for varlinkctl
So that it can report errors through VARLINKERROR=.
2024-06-29 06:34:30 +00:00 · 2024-06-26 15:19:24 +10:00 · 2024-06-25 23:00:26 +02:00 · 2024-06-25 18:31:59 +02:00 · 2024-06-25 18:30:41 +02:00 · 2024-06-25 14:44:21 +02:00
542 changed files with 9137 additions and 4380 deletions
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@ -92,7 +92,7 @@ jobs:

    steps:
    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
-    - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf
+    - uses: systemd/mkosi@6972f9efba5c8472d990be3783b7e7dbf76e109e

    # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
    # immediately, we remove the files in the background. However, we first move them to a different location
@ -117,6 +117,8 @@ jobs:

    - name: Configure
      run: |
+        # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved
+        sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build
        tee mkosi.local.conf <<EOF
        [Distribution]
        Distribution=${{ matrix.distro }}
--- a/2
+++ b/2
@ -228,7 +228,7 @@ CHANGES WITH 256:
          additional per-user service managers, whose users are transient and
          are only defined as long as the service manager is running. (This is
          implemented via DynamicUser=1), allowing a user manager to be used to
-          manager a group of processes without needing to create an actual user
+          manage a group of processes without needing to create an actual user
          account. These service managers run with home directories of
          /var/lib/capsules/<capsule-name> and can contain regular services and
          other units. A capsule is started via a simple "systemctl start
--- a/61
+++ b/61
@ -130,9 +130,35 @@ Deprecations and removals:

 Features:

-* consider reworking json_build() to imply a top-level JSON_BUILD_OBJECT(),
-  since that's what we want in 99% of cases. Then provide json_build_any() or
-  so that can build other variant types top-level too.
+* add feature to xopenat() that implements O_REGULAR in userspace: i.e. let's
+  open the inode via O_PATH first, then validate its type, and then convert to
+  proper fd via fd_reopen()
+
+* rough proposed implementation design for remote attestation infra: add a tool
+  that generates a quote of local PCRs and NvPCRs, along with synchronous log
+  snapshot. use "audit session" logic for that, so that we get read-outs and
+  signature in one step. Then turn this into a JSON object. Use the "TCG TSS 2.0
+  JSON Data Types and Policy Language" format to encode the signature. And CEL
+  for the measurement log.
+
+* creds: add a new cred format that reused the JSON structures we use in the
+  LUKS header, so that we get the various newer policies for free.
+
+* drop PCR 7 from default PCR mask in credentials and LUKS2 enrollments
+
+* systemd-analyze: port "pcrs" verb to talk directly to TPM device, instead of
+  using sysfs interface (well, or maybe not, as that would require privileges?)
+
+* pcrextend/tpm2-util: add a concept of "rotation" to event log. i.e. allow
+  trailing parts of the logs if time or disk space limit is hit. Protect the
+  boot-time measurements however (i.e. up to some point where things are
+  settled), since we need those for pcrlock measurements and similar. When
+  deleting entries for rotation, place an event that declares how many items
+  have been dropped, and what the hash before and after that.
+
+* measure information about all DDIs as we activate them to an NvPCR. We
+  probably should measure the dm-verity root hash from the kernel side, but
+  DDI meta info from userspace.

 * rework tpm2_parse_pcr_argument_to_mask() to refuse literal hash value
  specifications. They are currently parsed but ignored. We should refuse them
@ -216,22 +242,14 @@ Features:
  assert_ret(). Only export the stuff we are sure about, and keep some symbols
  internally where things are not clear whether we want other projects to use.

-* machined: allow running in a per-user instance too, to allow unpriv
-  systemd-nspawn and systemd-vmspawn do something useful. (Alternatively: open
-  up system machined to unpriv client's registering their machines, and enforce
-  they come with some prefix or suffix that clarifies they are the
-  user's. i.e. when a user registers a machine it must be called
-  foobar.<username> or so.).
-
 * importd/…: define per-user dirs for container/VM images too.

 * add a new specifier to unit files that figures out the DDI the unit file is
  from, tracing through overlayfs, DM, loopback block device.

 * importd/importctl
-  - import generator
  - port tar handling to libarchive
-  - add varlink interface
+  - complete varlink interface
  - download images into .v/ dirs

 * in os-release define a field that can be initialized at build time from
@ -250,8 +268,6 @@ Features:
  pidfd, so that we can reasonably robustly do this. Would only cover the
  execution environment like namespaces, but not the privilege settings.

-* varlink: extend varlink IDL macros to include documentation strings
-
 * Introduce a CGroupRef structure, inspired by PidRef. Should contain cgroup
  path, cgroup id, and cgroup fd. Use it to continuously pin all v2 cgroups via
  a cgroup_ref field in the CGroupRuntime structure. Eventually switch things
@ -290,22 +306,13 @@ Features:
  to read them from. This way the data doesn't remain in the SMBIOS blob during
  runtime, but only in the credentials fs.

-* machined: make machine registration available via varlink to simplify
-  nspawn/vmspawn, and to have an extensible way to register VM/machine metadata
-
-* ssh-proxy: add support for "ssh machine/foobar" to automatically connect to
-  machined registered machine "foobar". Requires updating machined to track CID
-  and unix-export dir of containers.
+* machined: optionally track nspawn unix-export/ runtime for each machined, and
+  then update systemd-ssh-proxy so that it can connect to that.

 * add a new ExecStart= flag that inserts the configured user's shell as first
  word in the command line. (maybe use character '.'). Usecase: tool such as
  run0 can use that to spawn the target user's default shell.

-* varlink: figure out how to do docs for our varlink interfaces. Idea: install
-  interface files augmented with docs in /usr/share/ somewhere. And have
-  functionality in varlinkctl to merge interface info extracted from binaries
-  with interface info on disk. And store the doc strings only in the latter.
-
 * introduce mntid_t, and make it 64bit, as apparently the kernel switched to
  64bit mount ids

@ -459,10 +466,6 @@ Features:
  - kernel-install
  - systemd-mount (with PK so that desktop environments could use it to mount disks)

-* in the service manager, pick up ERRNO= + BUSERROR= + VARLINKERROR= error
-  identifiers, and store them along with the exit status of a server and report
-  via "systemctl status".
-
 * enumerate virtiofs devices during boot-up in a generator, and synthesize
  mounts for rootfs, /usr/, /home/, /srv/ and some others from it, depending on
  the "tag". (waits for: https://gitlab.com/virtio-fs/virtiofsd/-/issues/128)
--- a/catalog/systemd.catalog.in
+++ b/catalog/systemd.catalog.in
@ -119,6 +119,16 @@ Documentation: sd-login(3)

 A seat @SEAT_ID@ has been removed and is no longer available.

+-- b2bcbaf5edf948e093ce50bbea0e81ec
+Subject: The Secure Attention Key (SAK) was pressed on @SEAT_ID@
+Defined-By: systemd
+Support: %SUPPORT_URL%
+Documentation: man:systemd-logind.service(8)
+
+The Secure Attention Key (SAK), Ctrl+Alt+Shift+Esc, was pressed on @SEAT_ID@.
+
+Pressing the SAK indicates an explicit request by the user for the system to display a secure login dialog or greeter.
+
 -- c7a787079b354eaaa9e77b371893cd27
 Subject: Time change
 Defined-By: systemd
@ -704,15 +714,6 @@ Support: %SUPPORT_URL%
 For the first time during the current boot an NTP synchronization has been
 acquired and the local system clock adjustment has been initiated.

-- 7db73c8af0d94eeb822ae04323fe6ab6
-Subject: Initial clock bump
-Defined-By: systemd
-Support: %SUPPORT_URL%
-
-The system clock has been advanced based on a timestamp file on disk, in order
-to ensure it remains roughly monotonic – even across reboots – if an RTC is not
-available or is unreliable.
-
 -- 3f7d5ef3e54f4302b4f0b143bb270cab
 Subject: TPM PCR Extended
 Defined-By: systemd
@ -787,7 +788,7 @@ Defined-By: systemd
 Support: %SUPPORT_URL%
 Documentation: man:systemd-tpm2-setup.service(8)

-An authorization failure occured while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
+An authorization failure occurred while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
 Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of
 the TPM.

--- a/catalog/systemd.pl.catalog.in
+++ b/catalog/systemd.pl.catalog.in
@ -723,16 +723,6 @@ Support: %SUPPORT_URL%
 Po raz pierwszy podczas obecnego uruchomienia uzyskano synchronizację NTP
 i zainicjowano regulację lokalnego zegara systemowego.

-- 7db73c8af0d94eeb822ae04323fe6ab6
-Subject: Początkowe przestawienie zegara
-Defined-By: systemd
-Support: %SUPPORT_URL%
-
-Przestawiono zegar systemowy na podstawie pliku ze znacznikiem czasu na dysku
-w celu zapewnienia, że nadal jest w przybliżeniu monotoniczny — nawet między
-ponownymi uruchomieniami — jeśli zegar czasu rzeczywistego jest niedostępny
-lub zawodny.
-
 -- 3f7d5ef3e54f4302b4f0b143bb270cab
 Subject: Rozszerzono PCR układu TPM
 Defined-By: systemd
--- a/hwdb.d/60-evdev.hwdb
+++ b/hwdb.d/60-evdev.hwdb
@ -76,6 +76,11 @@ evdev:input:b0003v08CAp0020*
 EVDEV_ABS_00=::20
 EVDEV_ABS_01=::20

+# AIPTEK Media Tablet Ultimate (detected as Waltop International Corp. Batteryless Tablet)
+evdev:input:b0003v172Fp0503*
+ EVDEV_ABS_00=::160
+ EVDEV_ABS_01=::160
+
 #########################################
 # Apple
 #########################################
--- a/hwdb.d/60-input-id.hwdb
+++ b/hwdb.d/60-input-id.hwdb
@ -59,6 +59,10 @@ id-input:modalias:input:b0003v28bdp0078*
 id-input:modalias:input:b0003v04B3p301Ee0100-e0,1,2,4*
 ID_INPUT_POINTINGSTICK=1

+# Logitech G915 TKL Keyboard (Bluetooth)
+id-input:modalias:input:b0005v046DpB35Fe0022*
+ ID_INPUT_MOUSE=0
+
 # Logitech Ultrathin Touch Mouse
 id-input:modalias:input:b0005v046DpB00De0700*
 ID_INPUT_MOUSE=1
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -290,10 +290,22 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:100003:dmi:*:svnASUSTeKCOMPUTERINC
 # All four of these buttons generate a multi-scancode sequence
 # consisting of Left_Meta, Right_Ctrl and another scancode.
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAYANEO:pnKUN:pvr*
- KEYBOARD_KEY_18=f13                              # LC (next to the left shoulder button)
- KEYBOARD_KEY_20=f14                              # RC (next to the right shoulder button)
- KEYBOARD_KEY_30=f15                              # Start (upper-right corner of screen)
- KEYBOARD_KEY_28=f16                              # Ayaneo (lower-right corner of screen)
+ KEYBOARD_KEY_18=f15                              # LC (next to the left shoulder button)
+ KEYBOARD_KEY_20=f16                              # RC (next to the right shoulder button)
+ KEYBOARD_KEY_28=f17                              # Ayaneo (lower-right corner of screen)
+ KEYBOARD_KEY_30=f18                              # Touchpad Mode (top-right corner of screen)
+
+# Most AYANEO devices expose an AT Translated Set 2 Keyboard
+# for either three or four additional buttons not available
+# on the Xbox360 controller. These buttons all generate a
+# multi-scancode sequence. The specific preceding codes
+# depend on the model, but the final scancode is always the
+# same.
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYANEO:*
+ KEYBOARD_KEY_66=f15                            # LC (All models)
+ KEYBOARD_KEY_67=f16                            # RC (All models)
+ KEYBOARD_KEY_68=f17                            # Ayaneo (All models)
+ KEYBOARD_KEY_69=f18                            # Touchpad Mode (Kun only)

 ###########################################################
 # BenQ
@ -1645,6 +1657,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnOQO*Inc.*:pnOQO*Model*2*:*
 KEYBOARD_KEY_f2=volumedown
 KEYBOARD_KEY_f3=volumeup

+###########################################################
+# OrangePi
+###########################################################
+
+# NEO
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnOrangePi:pnNEO-01:*
+ KEYBOARD_KEY_66=f15                                    # Gamepad (front, bottom right)
+ KEYBOARD_KEY_67=f16                                    # Home (front, bottom left)
+
 ###########################################################
 # Ortek
 ###########################################################
@ -1732,6 +1753,15 @@ evdev:input:b0003v047FpC006*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svn*:pn*:pvr*:rvnQuanta:rn30B7:rvr65.2B:*
 KEYBOARD_KEY_88=media                                  # "quick play

+###########################################################
+# Redmi
+###########################################################
+
+# RedmiBook Pro 15 2022
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnTIMI:pnRedmiBookPro152022:pvr*
+ KEYBOARD_KEY_9c=enter                                  # KP_enter in the main area is wrong
+ KEYBOARD_KEY_dd=rightctrl                              # Right Ctrl is preferrable over Menu
+
 ###########################################################
 # Samsung
 ###########################################################
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
@ -385,6 +385,15 @@
        <xi:include href="version-info.xml" xpointer="v220"/></listitem>
      </varlistentry>

+      <varlistentry>
+        <term><option>--random-seed=yes|no</option></term>
+        <listitem><para>By default the <command>install</command> command initializes a random seed file in
+        the ESP. When creating an image it may be desirable to disable that in order to avoid having the
+        same seed in all instances.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><option>--graceful</option></term>
        <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@ -215,8 +215,11 @@
        from the key file. See
        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        for possible values and the default value of this option. This
-        option is ignored in plain encryption mode, as the key file
-        size is then given by the key size.</para>
+        option is ignored in plain encryption mode, where the key file
+        size is determined by the key size. It is also ignored when
+        the key file is used as a salt file for a FIDO2 token, as the
+        salt size in that case is defined by the FIDO2 specification
+        to be exactly 32 bytes.</para>

        <xi:include href="version-info.xml" xpointer="v188"/></listitem>
      </varlistentry>
@ -724,8 +727,7 @@
        (configured in the line's third column) to operate. If not configured and the volume is of type
        LUKS2, the CID and the key are read from LUKS2 JSON token metadata instead. Use
        <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-        as simple tool for enrolling FIDO2 security tokens, compatible with this automatic mode, which is
-        only available for LUKS2 volumes.</para>
+        as simple tool for enrolling FIDO2 security tokens for LUKS2 volumes.</para>

        <para>Use <command>systemd-cryptenroll --fido2-device=list</command> to list all suitable FIDO2
        security tokens currently plugged in, along with their device nodes.</para>
--- a/man/kernel-install.xml
+++ b/man/kernel-install.xml
@ -18,7 +18,7 @@

  <refnamediv>
    <refname>kernel-install</refname>
-    <refpurpose>Add and remove kernel and initrd images to and from /boot</refpurpose>
+    <refpurpose>Add and remove kernel and initrd images to and from the boot partition</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
@ -64,9 +64,9 @@
      <citerefentry><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry> for an
      explanation.</para>
    </footnote>
-    to and from the boot loader partition, referred to as <varname>$BOOT</varname> here. It will usually be
-    one of <filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see
-    below.</para>
+    to and from the boot partition, referred to as <varname>$BOOT</varname> here. It will usually be one of
+    <filename>/boot/</filename>, <filename>/efi/</filename>, or <filename>/boot/efi/</filename>, see below.
+    </para>

    <para><command>kernel-install</command> will run the executable files ("plugins") located in the
    directory <filename>/usr/lib/kernel/install.d/</filename> and the local administration directory
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@ -224,13 +224,14 @@
        <term><varname>HandleLidSwitch=</varname></term>
        <term><varname>HandleLidSwitchExternalPower=</varname></term>
        <term><varname>HandleLidSwitchDocked=</varname></term>
+        <term><varname>HandleSecureAttentionKey=</varname></term>

        <listitem><para>Controls how logind shall handle the system power, reboot and sleep keys and the lid
        switch to trigger actions such as system power-off, reboot or suspend. Can be one of
        <literal>ignore</literal>, <literal>poweroff</literal>, <literal>reboot</literal>, <literal>halt</literal>,
        <literal>kexec</literal>, <literal>suspend</literal>, <literal>hibernate</literal>, <literal>hybrid-sleep</literal>,
        <literal>suspend-then-hibernate</literal>, <literal>sleep</literal>, <literal>lock</literal>, and
-        <literal>factory-reset</literal>.  If <literal>ignore</literal>, <command>systemd-logind</command>
+        <literal>factory-reset</literal>, <literal>secure-attention-key</literal>.  If <literal>ignore</literal>, <command>systemd-logind</command>
        will never handle these keys. If <literal>lock</literal>, all running sessions will be screen-locked;
        otherwise, the specified action will be taken in the respective event. Only input devices with the
        <literal>power-switch</literal> udev tag will be watched for key/lid switch
@ -251,7 +252,8 @@
        system is inserted in a docking station, or if more than one display is connected, the action
        specified by <varname>HandleLidSwitchDocked=</varname> occurs; if the system is on external power the
        action (if any) specified by <varname>HandleLidSwitchExternalPower=</varname> occurs; otherwise the
-        <varname>HandleLidSwitch=</varname> action occurs.</para>
+        <varname>HandleLidSwitch=</varname> action occurs.
+        <varname>HandleSecureAttentionKey=</varname> defaults to <literal>secure-attention-key</literal></para>

        <para>A different application may disable logind's handling of system power and
        sleep keys and the lid switch by taking a low-level inhibitor lock
@ -262,7 +264,7 @@
        to take over suspend and hibernation handling, and to use their own configuration
        mechanisms. If a low-level inhibitor lock is taken, logind will not take any
        action when that key or switch is triggered and the <varname>Handle*=</varname>
-        settings are irrelevant.</para>
+        settings are irrelevant, except for <varname>HandleSecureAttentionKey=</varname>, which is always handled since its addition in v257.</para>

        <xi:include href="version-info.xml" xpointer="v184"/></listitem>
      </varlistentry>
@ -393,6 +395,20 @@

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><varname>DesignatedMaintenanceTime=</varname></term>
+
+        <listitem>
+          <para>
+            Specifies a default calendar event for scheduled shutdowns. So when using e.g. the command
+            <command>shutdown -r</command> to reboot the system without specifying a timeout, logind would
+            use the configured calendar event instead. For details about the syntax of calendar events, see
+            <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+          </para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

--- a/man/machine-id.xml
+++ b/man/machine-id.xml
@ -124,7 +124,7 @@
    are as follows:</para>

    <orderedlist>
-      <listitem><para>The kernel command argument <varname>systemd.condition-first-boot=</varname> may be
+      <listitem><para>The kernel command argument <varname>systemd.condition_first_boot=</varname> may be
      used to override the autodetection logic, see
      <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
      </para></listitem>
--- a/man/org.freedesktop.login1.xml
+++ b/man/org.freedesktop.login1.xml
@ -113,7 +113,7 @@ node /org/freedesktop/login1 {
      LockSessions();
      UnlockSessions();
      KillSession(in  s session_id,
-                  in  s who,
+                  in  s whom,
                  in  i signal_number);
      KillUser(in  u uid,
               in  i signal_number);
@ -169,6 +169,8 @@ node /org/freedesktop/login1 {
      SetWallMessage(in  s wall_message,
                     in  b enable);
    signals:
+      SecureAttentionKey(s seat_id,
+                         o object_path);
      SessionNew(s session_id,
                 o object_path);
      SessionRemoved(s session_id,
@ -244,6 +246,8 @@ node /org/freedesktop/login1 {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s HandleLidSwitchDocked = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s HandleSecureAttentionKey = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly t HoldoffTimeoutUSec = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s IdleAction = '...';
@ -253,9 +257,10 @@ node /org/freedesktop/login1 {
      readonly b PreparingForShutdown = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b PreparingForSleep = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (st) ScheduledShutdown = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
+      readonly s DesignatedMaintenanceTime = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b Docked = ...;
      readonly b LidClosed = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@ -295,6 +300,10 @@ node /org/freedesktop/login1 {

    <!--property HandleHibernateKeyLongPress is not documented!-->

+    <!--property HandleSecureAttentionKey is not documented!-->
+
+    <!--property DesignatedMaintenanceTime is not documented!-->
+
    <!--property StopIdleSessionUSec is not documented!-->

    <!--Autogenerated cross-references for systemd.directives, do not edit-->
@ -427,6 +436,8 @@ node /org/freedesktop/login1 {

    <variablelist class="dbus-method" generated="True" extra-ref="SetWallMessage()"/>

+    <variablelist class="dbus-signal" generated="True" extra-ref="SecureAttentionKey()"/>
+
    <variablelist class="dbus-signal" generated="True" extra-ref="SessionNew()"/>

    <variablelist class="dbus-signal" generated="True" extra-ref="SessionRemoved()"/>
@ -505,6 +516,8 @@ node /org/freedesktop/login1 {

    <variablelist class="dbus-property" generated="True" extra-ref="HandleLidSwitchDocked"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="HandleSecureAttentionKey"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="HoldoffTimeoutUSec"/>

    <variablelist class="dbus-property" generated="True" extra-ref="IdleAction"/>
@ -517,6 +530,8 @@ node /org/freedesktop/login1 {

    <variablelist class="dbus-property" generated="True" extra-ref="ScheduledShutdown"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="DesignatedMaintenanceTime"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="Docked"/>

    <variablelist class="dbus-property" generated="True" extra-ref="LidClosed"/>
@ -688,7 +703,10 @@ node /org/freedesktop/login1 {
      <literal>challenge</literal> is returned, the operation is available but only after authorization.</para>

      <para><function>ScheduleShutdown()</function> schedules a shutdown operation <varname>type</varname> at
-      time <varname>usec</varname> in microseconds since the UNIX epoch. <varname>type</varname> can be one
+      time <varname>usec</varname> in microseconds since the UNIX epoch. Alternatively, if
+      <varname>usec</varname> <literal>UINT64_MAX</literal> and a maintenance window is
+      configured, <filename>systemd-logind</filename> will use the next time of the maintenance window
+      instead. <varname>type</varname> can be one
      of <literal>poweroff</literal>, <literal>dry-poweroff</literal>, <literal>reboot</literal>,
      <literal>dry-reboot</literal>, <literal>halt</literal>, and <literal>dry-halt</literal>. (The
      <literal>dry-</literal> variants do not actually execute the shutdown action.)
@ -725,6 +743,10 @@ node /org/freedesktop/login1 {
      <para>Whenever the inhibition state or idle hint changes, <function>PropertyChanged</function>
      signals are sent out to which clients can subscribe.</para>

+      <para>The <function>SecureAttentionKey()</function> signal is sent when the user presses Ctrl+Alt+Shift+Esc to
+      request the login manager to display the greeter, for instance in the case of a deadlocked compositor.
+      </para>
+
      <para>The <function>SessionNew()</function>, <function>SessionRemoved()</function>,
      <function>UserNew()</function>, <function>UserRemoved()</function>, <function>SeatNew()</function>, and
      <function>SeatRemoved()</function> signals are sent each time a session is created or removed, a user
@ -1140,7 +1162,7 @@ node /org/freedesktop/login1/session/1 {
      Unlock();
      SetIdleHint(in  b idle);
      SetLockedHint(in  b locked);
-      Kill(in  s who,
+      Kill(in  s whom,
           in  i signal_number);
      TakeControl(in  b force);
      ReleaseControl();
@ -1579,8 +1601,11 @@ node /org/freedesktop/login1/session/1 {
      <function>CreateSessionWithPIDFD()</function> were added in version 255.</para>
      <para><function>Sleep()</function>,
      <function>CanSleep()</function>,
-      <varname>SleepOperation</varname>, and
+      <varname>SleepOperation</varname>,
+      <varname>DesignatedMaintenanceTime</varname>, and
      <function>ListSessionsEx()</function> were added in version 256.</para>
+      <para><varname>HandleSecureAttentionKey</varname>, and
+      <function>SecureAttentionKey()</function> were added in version 257.</para>
    </refsect2>
    <refsect2>
      <title>Session Objects</title>
--- a/man/org.freedesktop.machine1.xml
+++ b/man/org.freedesktop.machine1.xml
@ -465,7 +465,7 @@ node /org/freedesktop/machine1/machine/rawhide {
  interface org.freedesktop.machine1.Machine {
    methods:
      Terminate();
-      Kill(in  s who,
+      Kill(in  s whom,
           in  i signal);
      GetAddresses(out a(iay) addresses);
      GetSSHInfo(out s ssh_address,
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@ -2745,6 +2745,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      readonly s FileDescriptorStorePreserve = '...';
      readonly s StatusText = '...';
      readonly i StatusErrno = ...;
+      readonly s StatusBusError = '...';
+      readonly s StatusVarlinkError = '...';
      readonly s Result = '...';
      readonly s ReloadResult = '...';
      readonly s CleanResult = '...';
@ -3205,6 +3207,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateTmp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s PrivateTmpEx = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateDevices = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b ProtectClock = ...;
@ -3404,8 +3408,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <!--property FileDescriptorStorePreserve is not documented!-->

-    <!--property StatusErrno is not documented!-->
-
    <!--property ReloadResult is not documented!-->

    <!--property CleanResult is not documented!-->
@ -3816,6 +3818,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <!--property PrivateTmp is not documented!-->

+    <!--property PrivateTmpEx is not documented!-->
+
    <!--property PrivateDevices is not documented!-->

    <!--property ProtectClock is not documented!-->
@ -4026,6 +4030,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <variablelist class="dbus-property" generated="True" extra-ref="StatusErrno"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="StatusBusError"/>
+
+    <variablelist class="dbus-property" generated="True" extra-ref="StatusVarlinkError"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="Result"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ReloadResult"/>
@ -4500,6 +4508,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {

    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmpEx"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
@ -4732,11 +4742,11 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
      process is currently running while the latter possible contains information collected from the last run
      even if the process is no longer around.</para>

-      <para><varname>StatusText</varname> contains the status text passed to the service manager via a call
-      to
-      <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-      This may be used by services to inform the service manager about its internal state with a nice
-      explanatory string.</para>
+      <para><varname>StatusText</varname>, <varname>StatusErrno</varname>, <varname>StatusBusError</varname>,
+      and <varname>StatusVarlinkError</varname> contain the status text, the error number,
+      and the D-Bus/Varlink error name passed to the service manager via
+      <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      respectively. They may be used by services to inform the service manager about its internal state.</para>

      <para><varname>Result</varname> encodes the execution result of the last run of the service. It is
      useful to determine the reason a service failed if it is in the <literal>failed</literal> state (see
@ -5322,6 +5332,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateTmp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s PrivateTmpEx = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateDevices = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b ProtectClock = ...;
@ -5945,6 +5957,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <!--property PrivateTmp is not documented!-->

+    <!--property PrivateTmpEx is not documented!-->
+
    <!--property PrivateDevices is not documented!-->

    <!--property ProtectClock is not documented!-->
@ -6609,6 +6623,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {

    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmpEx"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
@ -7295,6 +7311,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateTmp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s PrivateTmpEx = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateDevices = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b ProtectClock = ...;
@ -7844,6 +7862,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <!--property PrivateTmp is not documented!-->

+    <!--property PrivateTmpEx is not documented!-->
+
    <!--property PrivateDevices is not documented!-->

    <!--property ProtectClock is not documented!-->
@ -8420,6 +8440,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {

    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmpEx"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
@ -9229,6 +9251,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateTmp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly s PrivateTmpEx = '...';
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b PrivateDevices = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly b ProtectClock = ...;
@ -9764,6 +9788,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <!--property PrivateTmp is not documented!-->

+    <!--property PrivateTmpEx is not documented!-->
+
    <!--property PrivateDevices is not documented!-->

    <!--property ProtectClock is not documented!-->
@ -10326,6 +10352,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {

    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmp"/>

+    <variablelist class="dbus-property" generated="True" extra-ref="PrivateTmpEx"/>
+
    <variablelist class="dbus-property" generated="True" extra-ref="PrivateDevices"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ProtectClock"/>
@ -12015,7 +12043,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <function>DumpUnitFileDescriptorStore()</function> were added in version 254.</para>
      <para><function>StartAuxiliaryScope()</function>,
      <varname>ShutdownStartTimestamp</varname>,
-      <varname>ShutdownStartTimestampMonotonic</varname> and
+      <varname>ShutdownStartTimestampMonotonic</varname>, and
      <varname>SoftRebootsCount</varname> were added in version 256.</para>
    </refsect2>
    <refsect2>
@ -12070,6 +12098,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <varname>MemoryZSwapWriteback</varname>,
      <varname>ExecMainHandoffTimestampMonotonic</varname>, and
      <varname>ExecMainHandoffTimestamp</varname> were added in version 256.</para>
+      <para><varname>StatusBusError</varname>,
+      <varname>StatusVarlinkError</varname>, and
+      <varname>PrivateTmpEx</varname> were added in version 257.</para>
    </refsect2>
    <refsect2>
      <title>Socket Unit Objects</title>
@ -12106,6 +12137,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <varname>EffectiveTasksMax</varname>,
      <varname>MemoryZSwapWriteback</varname>, and
      <varname>PassFileDescriptorsToExec</varname> were added in version 256.</para>
+      <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
    </refsect2>
    <refsect2>
      <title>Mount Unit Objects</title>
@ -12139,6 +12171,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <varname>EffectiveMemoryMax</varname>,
      <varname>EffectiveTasksMax</varname>, and
      <varname>MemoryZSwapWriteback</varname> were added in version 256.</para>
+      <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
    </refsect2>
    <refsect2>
      <title>Swap Unit Objects</title>
@ -12172,6 +12205,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
      <varname>EffectiveMemoryMax</varname>,
      <varname>EffectiveTasksMax</varname>, and
      <varname>MemoryZSwapWriteback</varname> were added in version 256.</para>
+      <para><varname>PrivateTmpEx</varname> was added in version 257.</para>
    </refsect2>
    <refsect2>
      <title>Slice Unit Objects</title>
--- a/man/repart.d.xml
+++ b/man/repart.d.xml
@ -362,12 +362,14 @@
      <varlistentry>
        <term><varname>CopyBlocks=</varname></term>

-        <listitem><para>Takes a path to a regular file, block device node or directory, or the special value
-        <literal>auto</literal>. If specified and the partition is newly created, the data from the specified
-        path is written to the newly created partition, on the block level. If a directory is specified, the
-        backing block device of the file system the directory is on is determined, and the data read directly
-        from that. This option is useful to efficiently replicate existing file systems onto new partitions
-        on the block level — for example to build a simple OS installer or an OS image builder.</para>
+        <listitem><para>Takes a path to a regular file, block device node, char device node or directory, or
+        the special value <literal>auto</literal>. If specified and the partition is newly created, the data
+        from the specified path is written to the newly created partition, on the block level. If a directory
+        is specified, the backing block device of the file system the directory is on is determined, and the
+        data read directly from that. This option is useful to efficiently replicate existing file systems
+        onto new partitions on the block level — for example to build a simple OS installer or an OS image
+        builder. Specify <filename>/dev/urandom</filename> as value to initialize a partition with random
+        data.</para>

        <para>If the special value <literal>auto</literal> is specified, the source to copy from is
        automatically picked up from the running system (or the image specified with
--- a/man/rules/meson.build
+++ b/man/rules/meson.build
@ -953,6 +953,7 @@ manpages = [
 ['systemd-hostnamed.service', '8', ['systemd-hostnamed'], 'ENABLE_HOSTNAMED'],
 ['systemd-hwdb', '8', [], 'ENABLE_HWDB'],
 ['systemd-id128', '1', [], ''],
+ ['systemd-import-generator', '8', [], ''],
 ['systemd-importd.service', '8', ['systemd-importd'], 'ENABLE_IMPORTD'],
 ['systemd-inhibit', '1', [], ''],
 ['systemd-initctl.service',
--- a/man/sd_notify.xml
+++ b/man/sd_notify.xml
@ -258,12 +258,20 @@
        <term>BUSERROR=…</term>

        <listitem><para>If a service fails, the D-Bus error-style error code. Example:
-        <literal>BUSERROR=org.freedesktop.DBus.Error.TimedOut</literal>. Note that this assignment is
-        currently not used by <command>systemd</command>.</para>
+        <literal>BUSERROR=org.freedesktop.DBus.Error.TimedOut</literal>.</para>

        <xi:include href="version-info.xml" xpointer="v233"/></listitem>
      </varlistentry>

+      <varlistentry>
+        <term>VARLINKERROR=…</term>
+
+        <listitem><para>If a service fails, the Varlink error-style error code. Example:
+        <literal>VARLINKERROR=org.varlink.service.InvalidParameter</literal>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>EXIT_STATUS=…</term>

--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@ -2862,7 +2862,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
          which should adhere to the syntax documented in <citerefentry
          project='man-pages'><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
          section "PARSING TIMESTAMPS". Specially, if <literal>show</literal> is given, the currently scheduled
-          action will be shown, which can be canceled by passing an empty string or <literal>cancel</literal>.</para>
+          action will be shown, which can be canceled by passing an empty string or <literal>cancel</literal>.
+          <literal>auto</literal> will schedule the action according to maintenance window or one minute in
+          the future.</para>

          <xi:include href="version-info.xml" xpointer="v254"/>
        </listitem>
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@ -310,7 +310,9 @@
        <filename>/dev/hidraw1</filename>). Alternatively the special value <literal>auto</literal> may be
        specified, in order to automatically determine the device node of a currently plugged in security
        token (of which there must be exactly one). This automatic discovery is unsupported if
-        <option>--fido2-device=</option> option is also specified.</para>
+        <option>--fido2-device=</option> option is also specified. Note that currently FIDO2 devices
+        enrolled without an accompanying LUKS2 token (i.e. <option>--fido2-parameters-in-header=no</option>)
+        cannot be used for unlocking.</para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>
@ -401,6 +403,30 @@
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>

+      <varlistentry>
+        <term><option>--fido2-salt-file=<replaceable>PATH</replaceable></option></term>
+
+        <listitem><para>When enrolling a FIDO2 security token, specifies the path to a file or an
+        <constant>AF_UNIX</constant> socket from which we should read the salt value to be used in the
+        HMAC operation performed by the FIDO2 security token. If this option is not specified, the salt
+        will be randomly generated.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--fido2-parameters-in-header=<replaceable>BOOL</replaceable></option></term>
+
+        <listitem><para>When enrolling a FIDO2 security token, controls whether to store FIDO2
+        parameters in a token in the LUKS2 superblock. Defaults to <literal>yes</literal>.
+        If set to <literal>no</literal>, the <option>fido2-cid=</option> option has to be specified manually
+        in the respective <filename>/etc/crypttab</filename> line along with a key file. See
+        <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        for details.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><option>--fido2-with-client-pin=<replaceable>BOOL</replaceable></option></term>

--- a/man/systemd-import-generator.xml
+++ b/man/systemd-import-generator.xml
@ -0,0 +1,194 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY % entities SYSTEM "custom-entities.ent" >
+%entities;
+]>
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+<refentry id="systemd-import-generator"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>systemd-import-generator</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-import-generator</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-import-generator</refname>
+    <refpurpose>Generator for automatically downloading disk images at boot</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>/usr/lib/systemd/system-generators/systemd-import-generator</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><command>systemd-import-generator</command> may be used to automatically download disk images
+    (tarballs or DDIs) via
+    <citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    at boot, based on parameters on the kernel command line or via system credentials. This is useful for
+    automatically deploying an
+    <citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>/
+    <citerefentry><refentrytitle>systemd-vmspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> or
+    <citerefentry><refentrytitle>systemd-portabled.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    image at boot. This provides functionality equivalent to
+    <citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
+    accessible via the kernel command line and system credentials.</para>
+
+    <para><filename>systemd-import-generator</filename> implements
+    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Kernel Command Line</title>
+
+    <para><filename>systemd-import-generator</filename> understands the following
+    <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    parameters:</para>
+
+    <variablelist class='kernel-commandline-options'>
+      <varlistentry>
+        <term><varname>systemd.pull=</varname></term>
+
+        <listitem><para>This option takes a colon separate triplet of option string, local target image name
+        and remote URL. The local target image name can be specified as an empty string, in which case the
+        name is derived from the specified remote URL. The remote URL must using the
+        <literal>http://</literal>, <literal>https://</literal>, <literal>file://</literal> schemes. The
+        option string itself is a comma separated list of options:</para>
+
+        <variablelist>
+          <varlistentry>
+            <term>rw</term>
+            <term>ro</term>
+
+            <listitem><para>Controls whether to mark the local image as read-only. If not
+            specified read-only defaults to off.</para>
+
+            <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>verify=</term>
+
+            <listitem><para>Controls whether to cryptographically validate the download before installing it
+            in place. Takes one of <literal>no</literal>, <literal>checksum</literal> or
+            <literal>signature</literal> (the latter being the default if not specified). For details see the
+            <option>--verify=</option> of
+            <citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></para>
+
+            <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>sysext</term>
+            <term>confext</term>
+            <term>machine</term>
+            <term>portable</term>
+
+            <listitem><para>Controls the image class to download, and thus ultimately the target directory
+            for the image, depending on this choice the target directory
+            <filename>/var/lib/extensions/</filename>, <filename>/var/lib/confexts/</filename>,
+            <filename>/var/lib/machines/</filename> or <filename>/var/lib/portables/</filename> is
+            selected.</para>
+
+            <para>Specification of exactly one of these options is mandatory.</para>
+
+            <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>tar</term>
+            <term>raw</term>
+
+            <listitem><para>Controls the type of resource to download, i.e. a (possibly compressed) tarball
+            that needs to be unpacked into a file system tree, or (possibly compressed) raw disk image (DDI).</para>
+
+            <para>Specification of exactly one of these options is mandatory.</para>
+
+            <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+          </varlistentry>
+        </variablelist>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>systemd.pull.success_action=</varname></term>
+        <term><varname>systemd.pull.failure_action=</varname></term>
+
+        <listitem><para>Controls whether to execute an action such as reboot, power-off and similar after
+        completing the download successfully, or unsuccessfully. See
+        <varname>SuccessAction=</varname>/<varname>FailureAction=</varname> on
+        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+        details about the available actions. If not specified no action is taken, and the system will
+        continue to boot normally.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>Credentials</title>
+
+    <para><command>systemd-import-generator</command> supports the system credentials logic. The following
+    credentials are used when passed in:</para>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>import.pull</varname></term>
+
+        <listitem><para>This credential should be a text file, with each line referencing one download
+        operation. Each line should follow the same format as the value of the
+        <varname>systemd.pull=</varname> kernel command line option described above.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+
+    <example>
+      <title>Download Configuration Extension</title>
+
+      <programlisting>systemd.pull=raw,confext::https://example.com/myconfext.raw.gz</programlisting>
+
+      <para>With a kernel command line option like the above a configuration extension DDI is downloaded
+      automatically at boot from the specified URL, validated cryptographically, uncompressed and installed.</para>
+    </example>
+
+    <example>
+      <title>Download System Extension (Without Validation)</title>
+
+      <programlisting>systemd.pull=tar,sysext,verify=no::https://example.com/mysysext.tar.gz</programlisting>
+
+      <para>With a kernel command line option like the above a system extension tarball is downloaded
+      automatically at boot from the specified URL, uncompressed and installed – without any cryptographic
+      validation. This is useful for development purposes in virtual machines and containers. Warning: do not
+      deploy a system with validation disabled like this!</para>
+    </example>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para><simplelist type="inline">
+      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>systemd.system-credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+    </simplelist></para>
+  </refsect1>
+</refentry>
--- a/man/systemd-timesyncd.service.xml
+++ b/man/systemd-timesyncd.service.xml
@ -66,6 +66,16 @@
    to achieve that, which will delay start of units that are ordered after
    <filename>time-sync.target</filename> until synchronization to an accurate reference clock is
    reached.</para>
+
+    <para><filename>systemd</filename> and <filename>systemd-timesyncd</filename> advance the system clock to
+    the "epoch" (the lowest date above which the system clock time is assumed to be set correctly). See
+    "System clock epoch" section in
+    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details.
+    <filename>systemd</filename> will set the clock when initializing, but
+    <filename>/var/lib/systemd/timesync/clock</filename> might not yet be available at that point.
+    <filename>systemd-timesyncd</filename> will advance the clock when it is started and notices that the
+    system clock is before the modification time of <filename>/var/lib/systemd/timesync/clock</filename>.
+    </para>
  </refsect1>

  <refsect1>
@ -78,36 +88,24 @@
        <listitem>
          <para>The modification time ("mtime") of this file is updated on each successful NTP
          synchronization or after each <varname>SaveIntervalSec=</varname> time interval, as specified in
-          <citerefentry><refentrytitle>timesyncd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+          <citerefentry><refentrytitle>timesyncd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+          </para>

-          <para>When initializing, the local clock is advanced to the modification time of this file (if the
-          file timestamp is in the past this adjustment is not made). If the file does not exist yet, the
-          clock is instead advanced to the modification time of <filename>/usr/lib/clock-epoch</filename> –
-          if it exists – or to a time derived from the source tree at build time. This mechanism is used to
-          ensure that the system clock remains somewhat reasonably initialized and roughly monotonic across
-          reboots, in case no battery-buffered local RTC is available.</para>
+          <para>If present, the modification time of this file is used for the epoch by
+          <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
+          <filename>systemd-timesyncd.service</filename>.</para>

          <xi:include href="version-info.xml" xpointer="v219"/>
        </listitem>
      </varlistentry>

-      <varlistentry>
-        <term><filename>/usr/lib/clock-epoch</filename></term>
-
-        <listitem><para>The modification time ("mtime") of this file is used for advancing the system clock
-        in case <filename>/var/lib/systemd/timesync/clock</filename> does not exist yet, see
-        above.</para>
-
-        <xi:include href="version-info.xml" xpointer="v254"/></listitem>
-      </varlistentry>
-
      <varlistentry>
        <term><filename>/run/systemd/timesync/synchronized</filename></term>

        <listitem>
-          <para>A file that is touched on each successful synchronization, to assist
-          <filename>systemd-time-wait-sync</filename> and other applications to detecting synchronization
-          with accurate reference clocks.</para>
+          <para>A file that is touched on each successful synchronization to assist
+          <filename>systemd-time-wait-sync</filename> and other applications in detecting synchronization to
+          an accurate reference clock.</para>

          <xi:include href="version-info.xml" xpointer="v239"/>
        </listitem>
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@ -55,9 +55,11 @@
  <refsect1>
    <title>Description</title>

-    <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
-    and directories, using the configuration file format and location specified in
-    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
+    <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up files and directories, using
+    the configuration file format and location specified in
+    <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    Historically, it was designed to manage volatile and temporary files, as the name suggests, but it provides
+    generic file management functionality and can be used to manage any kind of files. It must
    be invoked with one or more commands <option>--create</option>, <option>--remove</option>, and
    <option>--clean</option>, to select the respective subset of operations.</para>

@ -149,15 +151,33 @@

      <varlistentry>
        <term><option>--purge</option></term>
-        <listitem><para>If this option is passed, all files and directories created by a
-        <filename>tmpfiles.d/</filename> entry will be deleted.</para>
+
+        <listitem><para>If this option is passed, all files and directories marked for
+        <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
+        line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
+        marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
+        <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
+        <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
+        <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
+        <filename>tmpfiles.d/</filename> file (or <filename>-</filename> for standard input) must be
+        specified on the command line or the invocation will be refused, for safety reasons (as otherwise
+        much of the installed system files might be removed).</para>
+
+        <para>The primary usecase for this option is to automatically remove files and directories that
+        originally have been created on behalf of an installed package at package removal time.</para>
+
+        <para>It is recommended to first run this command in combination with <option>--dry-run</option>
+        (see below) to verify which files and directories will be deleted.</para>
+
+        <para><emphasis>Warning!</emphasis> This is usually not the command you want! In most cases
+        <option>--remove</option> is what you are looking for.</para>

        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--user</option></term>
-        <listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d</filename>
+        <listitem><para>Execute "user" configuration, i.e. <filename>tmpfiles.d/</filename>
        files in user configuration directories.</para>

        <xi:include href="version-info.xml" xpointer="v236"/></listitem>
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@ -671,12 +671,13 @@
        part of a unit for which dynamic users/groups are enabled do not leave files or directories owned by
        these users/groups around, as a different unit might get the same UID/GID assigned later on, and thus
        gain access to these files or directories. If <varname>DynamicUser=</varname> is enabled,
-        <varname>RemoveIPC=</varname> and <varname>PrivateTmp=</varname> are implied (and cannot be turned
-        off). This ensures that the lifetime of IPC objects and temporary files created by the executed
-        processes is bound to the runtime of the service, and hence the lifetime of the dynamic
-        user/group. Since <filename>/tmp/</filename> and <filename>/var/tmp/</filename> are usually the only
-        world-writable directories on a system this ensures that a unit making use of dynamic user/group
-        allocation cannot leave files around after unit termination. Furthermore
+        <varname>RemoveIPC=</varname> is implied (and cannot be turned off). This ensures that the lifetime
+        of IPC objects and temporary files created by the executed processes is bound to the runtime of the
+        service, and hence the lifetime of the dynamic user/group. Since <filename>/tmp/</filename> and
+        <filename>/var/tmp/</filename> are usually the only world-writable directories on a system, unless
+        <varname>PrivateTmp=</varname> is manually set to <literal>true</literal>, <literal>disconnected</literal>
+        would be implied. This ensures that a unit making use of dynamic user/group allocation cannot
+        leave files around after unit termination. Furthermore
        <varname>NoNewPrivileges=</varname> and <varname>RestrictSUIDSGID=</varname> are implicitly enabled
        (and cannot be disabled), to ensure that processes invoked cannot take benefit or create SUID/SGID
        files or directories. Moreover <varname>ProtectSystem=strict</varname> and
@ -1747,20 +1748,27 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
      <varlistentry>
        <term><varname>PrivateTmp=</varname></term>

-        <listitem><para>Takes a boolean argument. If true, sets up a new file system namespace for the
-        executed processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename>
-        directories inside it that are not shared by processes outside of the namespace. This is useful to
-        secure access to temporary files of the process, but makes sharing between processes via
-        <filename>/tmp/</filename> or <filename>/var/tmp/</filename> impossible. If true, all temporary files
-        created by a service in these directories will be removed after the service is stopped. Defaults to
-        false. It is possible to run two or more units within the same private <filename>/tmp/</filename> and
-        <filename>/var/tmp/</filename> namespace by using the <varname>JoinsNamespaceOf=</varname> directive,
-        see <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-        for details. This setting is implied if <varname>DynamicUser=</varname> is set. For this setting, the
-        same restrictions regarding mount propagation and privileges apply as for
-        <varname>ReadOnlyPaths=</varname> and related calls, see above. Enabling this setting has the side
-        effect of adding <varname>Requires=</varname> and <varname>After=</varname> dependencies on all mount
-        units necessary to access <filename>/tmp/</filename> and <filename>/var/tmp/</filename>. Moreover an
+        <listitem><para>Takes a boolean argument, or <literal>disconnected</literal>. If enabled, a new
+        file system namespace will be set up for the executed processes, and <filename>/tmp/</filename>
+        and <filename>/var/tmp/</filename> directories inside it are not shared with processes outside of
+        the namespace, plus all temporary files created by a service in these directories will be removed after
+        the service is stopped. If <literal>true</literal>, the backing storage of the private temporary directories
+        will remain on the host's <filename>/tmp/</filename> and <filename>/var/tmp/</filename> directories.
+        If <literal>disconnected</literal>, the directories will be backed by a completely new tmpfs instance,
+        meaning that the storage is fully disconnected from the host namespace. Defaults to false.</para>
+
+        <para>This setting is useful to secure access to temporary files of the process, but makes sharing
+        between processes via <filename>/tmp/</filename> or <filename>/var/tmp/</filename> impossible.
+        If not set to <literal>disconnected</literal>, it is possible to run two or more units within
+        the same private <filename>/tmp/</filename> and <filename>/var/tmp/</filename> namespace by using
+        the <varname>JoinsNamespaceOf=</varname> directive, see
+        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        for details. This setting is implied if <varname>DynamicUser=</varname> is set. For this setting,
+        the same restrictions regarding mount propagation and privileges apply as for
+        <varname>ReadOnlyPaths=</varname> and related calls, see above. If set to <literal>true</literal>
+        (as opposed to <literal>disconnected</literal>), this has the side effect of adding
+        <varname>Requires=</varname> and <varname>After=</varname> dependencies on all mount units necessary
+        to access <filename>/tmp/</filename> and <filename>/var/tmp/</filename> on the host. Moreover an
        implicitly <varname>After=</varname> ordering on
        <citerefentry><refentrytitle>systemd-tmpfiles-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        is added.</para>
@ -2021,8 +2029,9 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
        <filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>,
        <filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>,
        <filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will
-        be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at
-        boot-time, for example with the
+        be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be
+        inaccessible to all processes of the unit.
+        Usually, tunable kernel variables should be initialized only at boot-time, for example with the
        <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few
        services need to write to these at runtime; it is hence recommended to turn this on for most services. For this
        setting the same restrictions regarding mount propagation and privileges apply as for
--- a/man/systemd.journal-fields.xml
+++ b/man/systemd.journal-fields.xml
@ -273,10 +273,19 @@
      <varlistentry>
        <term><varname>_SOURCE_REALTIME_TIMESTAMP=</varname></term>
        <listitem>
-          <para>The earliest trusted timestamp of the message, if any
-          is known that is different from the reception time of the
-          journal. This is the time in microseconds since the epoch
-          UTC, formatted as a decimal string.</para>
+          <para>The earliest trusted timestamp of the message, if any is known that is different from
+          the reception time of the journal. The timestamp is in the <constant>CLOCK_REALTIME</constant>
+          clock in microseconds, formatted as decimal strings.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>_SOURCE_BOOTTIME_TIMESTAMP=</varname></term>
+        <listitem>
+          <para>The earliest trusted timestamp of the message in <constant>CLOCK_BOOTTIME</constant> clock.
+          For details, refer to <varname>_SOURCE_REALTIME_TIMESTAMP=</varname>.</para>
+
+          <xi:include href="version-info.xml" xpointer="v257"/>
        </listitem>
      </varlistentry>

--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@ -415,6 +415,16 @@
          <xi:include href="version-info.xml" xpointer="v256"/>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><varname>import.pull</varname></term>
+        <listitem>
+          <para>Specified disk images (tarballs and DDIs) to automatically download and install at boot. For details see
+          <citerefentry><refentrytitle>systemd-import-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+          <xi:include href="version-info.xml" xpointer="v257"/>
+        </listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

--- a/man/systemd.xml
+++ b/man/systemd.xml
@ -62,10 +62,32 @@
    <filename>user.conf.d</filename> directories. See
    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for more information.</para>
+
+    <para><command>systemd</command> contains native implementations of various tasks that need to be
+    executed as part of the boot process. For example, it sets the hostname or configures the loopback
+    network device. It also sets up and mounts various API file systems, such as <filename>/sys/</filename>,
+    <filename>/proc/</filename>, and <filename>/dev/</filename>.</para>
+
+    <para><command>systemd</command> will also reset the system clock during early boot if it appears to be
+    set incorrectly. See "System clock epoch" section below.</para>
+
+    <para>Note that some but not all interfaces provided by systemd are covered by the
+    <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
+
+    <para>The D-Bus API of <command>systemd</command> is described in
+    <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    and
+    <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    </para>
+
+    <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
+    url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
+    <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
+    specifications, respectively.</para>
  </refsect1>

  <refsect1>
-    <title>Concepts</title>
+    <title>Units</title>

    <para>systemd provides a dependency system between various
    entities called "units" of 11 different types. Units encapsulate
@ -261,34 +283,10 @@
    example, start jobs for any of those inactive units getting queued as
    well.</para>

-    <para>systemd contains native implementations of various tasks
-    that need to be executed as part of the boot process. For example,
-    it sets the hostname or configures the loopback network device. It
-    also sets up and mounts various API file systems, such as
-    <filename>/sys/</filename> or <filename>/proc/</filename>.</para>
-
-    <para>For more information about the concepts and
-    ideas behind systemd, please refer to the
-    <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
-
-    <para>Note that some but not all interfaces provided by systemd are covered by the
-    <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
-
    <para>Units may be generated dynamically at boot and system
    manager reload time, for example based on other configuration
    files or parameters passed on the kernel command line. For details, see
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
-
-    <para>The D-Bus API of <command>systemd</command> is described in
-    <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-    and
-    <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-    </para>
-
-    <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
-    url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
-    <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
-    specifications, respectively.</para>
  </refsect1>

  <refsect1>
@ -1487,7 +1485,26 @@
  </refsect1>

  <refsect1>
-    <title>Sockets and FIFOs</title>
+    <title>System clock epoch</title>
+
+    <para>When <command>systemd</command> is started or restarted, it may set the system clock to the
+    "epoch". This mechanism is used to ensure that the system clock remains somewhat reasonably initialized
+    and roughly monotonic across reboots, in case no battery-backed local RTC is available or it does not
+    work correctly.</para>
+
+    <para>The epoch is the lowest date above which the system clock time is assumed to be set correctly. When
+    initializing, the local clock is <emphasis>advanced</emphasis> to the epoch if it was set to a lower
+    value. As a special case, if the local clock is sufficiently far in the future (by default 15 years, but
+    this can be configured at build time), the hardware clock is assumed to be broken, and the system clock
+    is <emphasis>rewound</emphasis> to the epoch.</para>
+
+    <para>The epoch is set to the highest of: the build time of <filename>systemd</filename>, the
+    modification time ("mtime") of <filename>/usr/lib/clock-epoch</filename>, and the modification time of
+    <filename>/var/lib/systemd/timesync/clock</filename>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Files</title>

    <variablelist>
      <varlistentry>
@ -1521,6 +1538,26 @@
        named pipe in the file system. This interface is obsolete and
        should not be used in new applications.</para></listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><filename>/usr/lib/clock-epoch</filename></term>
+
+        <listitem><para>The modification time ("mtime") of this file is used for the time epoch, see previous
+        section.</para>
+
+        <xi:include href="version-info.xml" xpointer="v247"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><filename>/var/lib/systemd/timesync/clock</filename></term>
+
+        <listitem><para>The modification time ("mtime") of this file is updated by
+        <citerefentry><refentrytitle>systemd-timesyncd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+        If present, the modification time of file is used for the epoch, see previous section.
+        </para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

@ -1558,6 +1595,10 @@
      <member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
    </simplelist></para>
+
+    <para>For more information about the concepts and
+    ideas behind systemd, please refer to the
+    <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
  </refsect1>

 </refentry>
--- a/man/varlinkctl.xml
+++ b/man/varlinkctl.xml
@ -250,6 +250,20 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><option>--graceful=</option></term>
+
+        <listitem>
+          <para>Takes a qualified Varlink error name (i.e. an interface name, suffixed by an error name,
+          separated by a dot; e.g. <literal>org.varlink.service.InvalidParameter</literal>). Ensures that if
+          a method call fails with the specified error this will be treated as success, i.e. will cause the
+          <command>varlinkctl</command> invocation to exit with a zero exit status. This option may be used more
+          than once in order to treat multiple different errors as successes.</para>
+
+          <xi:include href="version-info.xml" xpointer="v257"/>
+        </listitem>
+      </varlistentry>
+
      <xi:include href="standard-options.xml" xpointer="no-pager" />
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
--- a/meson.build
+++ b/meson.build
@ -723,7 +723,7 @@ gperf = find_program('gperf')

 gperf_test_format = '''
 #include <string.h>
-const char * in_word_set(const char *, @0@);
+const char* in_word_set(const char *, @0@);
@1@
 '''
 gperf_snippet = run_command(sh, '-c', 'echo foo,bar | "$1" -L ANSI-C', '_', gperf,
@ -1740,6 +1740,7 @@ if conf.get('BPF_FRAMEWORK') == 1
                '-ffile-prefix-map=',
                '-fdebug-prefix-map=',
                '-fmacro-prefix-map=',
+                '--sysroot=',
        ]

        foreach opt : c_args
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
@ -9,7 +9,7 @@ Environment=
        GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
        GIT_SUBDIR=debian
        GIT_BRANCH=debian/master
-        GIT_COMMIT=596a70511736d78c1d8a5a27dca3989806cfa733
+        GIT_COMMIT=3b4368d4b881122e39e1d236ba339dd3a6e306c4

 VolatilePackages=
        libnss-myhostname
@ -20,14 +20,14 @@ VolatilePackages=
        libsystemd-dev
        libudev-dev
        systemd
-        systemd-boot
-        systemd-boot-efi
        systemd-container
        systemd-coredump
+        systemd-cryptsetup
        systemd-dev
        systemd-homed
        systemd-journal-remote
        systemd-oomd
+        systemd-repart
        systemd-resolved
        systemd-sysv
        systemd-tests
@ -74,7 +74,6 @@ Packages=
        python3-pexpect
        python3-psutil
        quota
-        sbsigntool
        softhsm2
        squashfs-tools
        stress
@ -90,4 +89,6 @@ InitrdPackages=

 InitrdVolatilePackages=
        systemd
+        systemd-cryptsetup
+        systemd-repart
        udev
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf
@ -16,10 +16,12 @@ VolatilePackages=
        systemd-boot-dbgsym
        systemd-container-dbgsym
        systemd-coredump-dbgsym
+        systemd-cryptsetup-dbgsym
        systemd-dbgsym
        systemd-homed-dbgsym
        systemd-journal-remote-dbgsym
        systemd-oomd-dbgsym
+        systemd-repart-dbgsym
        systemd-resolved-dbgsym
        systemd-tests-dbgsym
        systemd-timesyncd-dbgsym
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# sbsigntool exists only on UEFI architectures
+
+[Match]
+Architecture=|x86
+Architecture=|x86-64
+Architecture=|arm
+Architecture=|arm64
+Architecture=|riscv32
+Architecture=|riscv64
+
+[Content]
+Packages=
+        sbsigntool
+        systemd-boot
+        systemd-boot-efi
--- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf
@ -7,7 +7,7 @@ Distribution=fedora
 Environment=
        GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
        GIT_BRANCH=rawhide
-        GIT_COMMIT=1f94b56cee818068f57debfd78f035edd29f0e61
+        GIT_COMMIT=8153d9b0f978d633c8422011d4c547ae1f0e51a4

 Packages=
        btrfs-progs
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
@ -3,9 +3,6 @@
 [Match]
 Distribution=ubuntu

-[Distribution]
-PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
-
 [Content]
 Packages=
        linux-image-generic
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The ports Ubuntu archive is for non i386/amd64 repositories
+
+[Match]
+Architecture=!x86-64
+Architecture=!x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The main Ubuntu archive is only for i386/amd64 repositories
+
+[Match]
+Architecture=|x86-64
+Architecture=|x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+Types: deb
+URIs: http://ports.ubuntu.com
+Suites: noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
--- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
+++ b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
@ -0,0 +1,4 @@
+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
+# for integration tests
+kernel.apparmor_restrict_unprivileged_unconfined = 0
+kernel.apparmor_restrict_unprivileged_userns = 0
--- a/shell-completion/bash/bootctl
+++ b/shell-completion/bash/bootctl
@ -33,7 +33,7 @@ _bootctl() {
    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
    local -A OPTS=(
        [STANDALONE]='-h --help -p --print-esp-path -x --print-boot-path --version --no-variables --no-pager --graceful --dry-run'
-        [ARG]='--esp-path --boot-path --make-machine-id-directory --root --image --install-source'
+        [ARG]='--esp-path --boot-path --make-machine-id-directory --root --image --install-source --random-seed'
    )

    if __contains_word "$prev" ${OPTS[ARG]}; then
@ -56,6 +56,9 @@ _bootctl() {
            --install-source)
                comps="image host auto"
                ;;
+            --random-seed)
+                comps="yes no"
+                ;;
        esac
        COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
        return 0
--- a/shell-completion/bash/systemd-cryptenroll
+++ b/shell-completion/bash/systemd-cryptenroll
@ -57,6 +57,8 @@ _systemd_cryptenroll() {
               --pkcs11-token-uri
               --fido2-credential-algorithm
               --fido2-device
+               --fido2-salt-file
+               --fido2-parameters-in-header
               --fido2-with-client-pin
               --fido2-with-user-presence
               --fido2-with-user-verification
@ -76,7 +78,7 @@ _systemd_cryptenroll() {

    if __contains_word "$prev" ${OPTS[ARG]}; then
        case $prev in
-            --unlock-key-file|--tpm2-device-key|--tpm2-public-key|--tpm2-signature|--tpm2-pcrlock)
+            --unlock-key-file|--fido2-salt-file|--tpm2-device-key|--tpm2-public-key|--tpm2-signature|--tpm2-pcrlock)
                comps=$(compgen -A file -- "$cur")
                compopt -o filenames
                ;;
@ -95,7 +97,7 @@ _systemd_cryptenroll() {
            --fido2-device)
                comps="auto list $(__get_fido2_devices)"
                ;;
-            --fido2-with-client-pin|--fido2-with-user-presence|--fido2-with-user-verification|--tpm2-with-pin)
+            --fido2-parameters-in-header|--fido2-with-client-pin|--fido2-with-user-presence|--fido2-with-user-verification|--tpm2-with-pin)
                comps='yes no'
                ;;
            --tpm2-device)
--- a/shell-completion/zsh/_bootctl
+++ b/shell-completion/zsh/_bootctl
@ -83,4 +83,5 @@ _arguments \
    '--root=[Operate under the specified directory]:PATH' \
    '--image=[Operate on the specified image]:PATH' \
    '--install-source[Where to pick files when using --root=/--image=]:options:(image host auto)' \
+    '--random-seed[Whether to create random-seed file during install]:options:(yes no)' \
    '*::bootctl command:_bootctl_commands'
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@ -1244,8 +1244,8 @@ static const struct security_assessor security_assessor_table[] = {
        {
                .id = "CapabilityBoundingSet=~CAP_BPF",
                .json_field = "CapabilityBoundingSet_CAP_BPF",
-                .description_good = "Service may load BPF programs",
-                .description_bad = "Service may not load BPF programs",
+                .description_good = "Service may not load BPF programs",
+                .description_bad = "Service may load BPF programs",
                .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
                .weight = 25,
                .range = 1,
--- a/src/basic/af-list.c
+++ b/src/basic/af-list.c
@ -12,7 +12,7 @@ static const struct af_name* lookup_af(register const char *str, register GPERF_
 #include "af-from-name.h"
 #include "af-to-name.h"

-const char *af_to_name(int id) {
+const char* af_to_name(int id) {

        if (id <= 0)
                return NULL;
@ -39,7 +39,7 @@ int af_max(void) {
        return ELEMENTSOF(af_names);
 }

-const char *af_to_ipv4_ipv6(int id) {
+const char* af_to_ipv4_ipv6(int id) {
        /* Pretty often we want to map the address family to the typically used protocol name for IPv4 +
         * IPv6. Let's add special helpers for that. */
        return id == AF_INET ? "ipv4" :
--- a/src/basic/af-list.h
+++ b/src/basic/af-list.h
@ -5,7 +5,7 @@

 #include "string-util.h"

-const char *af_to_name(int id);
+const char* af_to_name(int id);
 int af_from_name(const char *name);

 static inline const char* af_to_name_short(int id) {
--- a/src/basic/architecture.h
+++ b/src/basic/architecture.h
@ -242,5 +242,5 @@ Architecture uname_architecture(void);
 #  error "Please register your architecture here!"
 #endif

-const char *architecture_to_string(Architecture a) _const_;
+const char* architecture_to_string(Architecture a) _const_;
 Architecture architecture_from_string(const char *s) _pure_;
--- a/src/basic/arphrd-util.h
+++ b/src/basic/arphrd-util.h
@ -4,7 +4,7 @@
 #include <inttypes.h>
 #include <stddef.h>

-const char *arphrd_to_name(int id);
+const char* arphrd_to_name(int id);
 int arphrd_from_name(const char *name);

 size_t arphrd_to_hw_addr_len(uint16_t arphrd);
--- a/src/basic/bus-label.c
+++ b/src/basic/bus-label.c
@ -7,7 +7,7 @@
 #include "hexdecoct.h"
 #include "macro.h"

-char *bus_label_escape(const char *s) {
+char* bus_label_escape(const char *s) {
        char *r, *t;
        const char *f;

@ -42,7 +42,7 @@ char *bus_label_escape(const char *s) {
        return r;
 }

-char *bus_label_unescape_n(const char *f, size_t l) {
+char* bus_label_unescape_n(const char *f, size_t l) {
        char *r, *t;
        size_t i;

--- a/src/basic/bus-label.h
+++ b/src/basic/bus-label.h
@ -6,9 +6,9 @@

 #include "string-util.h"

-char *bus_label_escape(const char *s);
-char *bus_label_unescape_n(const char *f, size_t l);
+char* bus_label_escape(const char *s);
+char* bus_label_unescape_n(const char *f, size_t l);

-static inline char *bus_label_unescape(const char *f) {
+static inline char* bus_label_unescape(const char *f) {
        return bus_label_unescape_n(f, strlen_ptr(f));
 }
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@ -18,7 +18,7 @@ static const struct capability_name* lookup_capability(register const char *str,
 #include "cap-from-name.h"
 #include "cap-to-name.h"

-const char *capability_to_name(int id) {
+const char* capability_to_name(int id) {
        if (id < 0)
                return NULL;
        if (id >= capability_list_length())
@ -27,7 +27,7 @@ const char *capability_to_name(int id) {
        return capability_names[id];
 }

-const char *capability_to_string(int id, char buf[static CAPABILITY_TO_STRING_MAX]) {
+const char* capability_to_string(int id, char buf[static CAPABILITY_TO_STRING_MAX]) {
        const char *p;

        if (id < 0)
--- a/src/basic/cap-list.h
+++ b/src/basic/cap-list.h
@ -8,8 +8,8 @@
 * "0x", two bytes for the hex value, and one trailing NUL byte. */
 #define CAPABILITY_TO_STRING_MAX (2 + 2 + 1)

-const char *capability_to_name(int id);
-const char *capability_to_string(int id, char buf[static CAPABILITY_TO_STRING_MAX]);
+const char* capability_to_name(int id);
+const char* capability_to_string(int id, char buf[static CAPABILITY_TO_STRING_MAX]);
 #define CAPABILITY_TO_STRING(id) capability_to_string(id, (char[CAPABILITY_TO_STRING_MAX]) {})

 int capability_from_name(const char *name);
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -1691,7 +1691,7 @@ int cg_escape(const char *p, char **ret) {
        return 0;
 }

-char *cg_unescape(const char *p) {
+char* cg_unescape(const char *p) {
        assert(p);

        /* The return value of this function (unlike cg_escape())
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@ -298,7 +298,7 @@ int cg_path_decode_unit(const char *cgroup, char **ret_unit);

 bool cg_needs_escape(const char *p);
 int cg_escape(const char *p, char **ret);
-char *cg_unescape(const char *p) _pure_;
+char* cg_unescape(const char *p) _pure_;

 bool cg_controller_is_valid(const char *p);

--- a/src/basic/compress.c
+++ b/src/basic/compress.c
@ -31,20 +31,20 @@
 #if HAVE_LZ4
 static void *lz4_dl = NULL;

-static DLSYM_FUNCTION(LZ4F_compressBegin);
-static DLSYM_FUNCTION(LZ4F_compressBound);
-static DLSYM_FUNCTION(LZ4F_compressEnd);
-static DLSYM_FUNCTION(LZ4F_compressUpdate);
-static DLSYM_FUNCTION(LZ4F_createCompressionContext);
-static DLSYM_FUNCTION(LZ4F_createDecompressionContext);
-static DLSYM_FUNCTION(LZ4F_decompress);
-static DLSYM_FUNCTION(LZ4F_freeCompressionContext);
-static DLSYM_FUNCTION(LZ4F_freeDecompressionContext);
-static DLSYM_FUNCTION(LZ4F_isError);
-DLSYM_FUNCTION(LZ4_compress_default);
-DLSYM_FUNCTION(LZ4_decompress_safe);
-DLSYM_FUNCTION(LZ4_decompress_safe_partial);
-DLSYM_FUNCTION(LZ4_versionNumber);
+static DLSYM_PROTOTYPE(LZ4F_compressBegin) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_compressBound) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_compressEnd) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_compressUpdate) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_createCompressionContext) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_createDecompressionContext) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_decompress) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_freeCompressionContext) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_freeDecompressionContext) = NULL;
+static DLSYM_PROTOTYPE(LZ4F_isError) = NULL;
+DLSYM_PROTOTYPE(LZ4_compress_default) = NULL;
+DLSYM_PROTOTYPE(LZ4_decompress_safe) = NULL;
+DLSYM_PROTOTYPE(LZ4_decompress_safe_partial) = NULL;
+DLSYM_PROTOTYPE(LZ4_versionNumber) = NULL;

 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(LZ4F_compressionContext_t, sym_LZ4F_freeCompressionContext, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(LZ4F_decompressionContext_t, sym_LZ4F_freeDecompressionContext, NULL);
@ -53,22 +53,22 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(LZ4F_decompressionContext_t, sym_LZ4F_freeDecom
 #if HAVE_ZSTD
 static void *zstd_dl = NULL;

-static DLSYM_FUNCTION(ZSTD_CCtx_setParameter);
-static DLSYM_FUNCTION(ZSTD_compress);
-static DLSYM_FUNCTION(ZSTD_compressStream2);
-static DLSYM_FUNCTION(ZSTD_createCCtx);
-static DLSYM_FUNCTION(ZSTD_createDCtx);
-static DLSYM_FUNCTION(ZSTD_CStreamInSize);
-static DLSYM_FUNCTION(ZSTD_CStreamOutSize);
-static DLSYM_FUNCTION(ZSTD_decompressStream);
-static DLSYM_FUNCTION(ZSTD_DStreamInSize);
-static DLSYM_FUNCTION(ZSTD_DStreamOutSize);
-static DLSYM_FUNCTION(ZSTD_freeCCtx);
-static DLSYM_FUNCTION(ZSTD_freeDCtx);
-static DLSYM_FUNCTION(ZSTD_getErrorCode);
-static DLSYM_FUNCTION(ZSTD_getErrorName);
-static DLSYM_FUNCTION(ZSTD_getFrameContentSize);
-static DLSYM_FUNCTION(ZSTD_isError);
+static DLSYM_PROTOTYPE(ZSTD_CCtx_setParameter) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_compress) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_compressStream2) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_createCCtx) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_createDCtx) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_CStreamInSize) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_CStreamOutSize) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_decompressStream) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_DStreamInSize) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_DStreamOutSize) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_freeCCtx) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_freeDCtx) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_getErrorCode) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_getErrorName) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_getFrameContentSize) = NULL;
+static DLSYM_PROTOTYPE(ZSTD_isError) = NULL;

 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ZSTD_CCtx*, sym_ZSTD_freeCCtx, NULL);
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ZSTD_DCtx*, sym_ZSTD_freeDCtx, NULL);
@ -88,11 +88,11 @@ static int zstd_ret_to_errno(size_t ret) {
 #if HAVE_XZ
 static void *lzma_dl = NULL;

-static DLSYM_FUNCTION(lzma_code);
-static DLSYM_FUNCTION(lzma_easy_encoder);
-static DLSYM_FUNCTION(lzma_end);
-static DLSYM_FUNCTION(lzma_stream_buffer_encode);
-static DLSYM_FUNCTION(lzma_stream_decoder);
+static DLSYM_PROTOTYPE(lzma_code) = NULL;
+static DLSYM_PROTOTYPE(lzma_easy_encoder) = NULL;
+static DLSYM_PROTOTYPE(lzma_end) = NULL;
+static DLSYM_PROTOTYPE(lzma_stream_buffer_encode) = NULL;
+static DLSYM_PROTOTYPE(lzma_stream_decoder) = NULL;

 /* We can't just do _cleanup_(sym_lzma_end) because a compiler bug makes
 * this fail with:
--- a/src/basic/compress.h
+++ b/src/basic/compress.h
@ -71,10 +71,10 @@ int decompress_stream_lz4(int fdf, int fdt, uint64_t max_size);
 int decompress_stream_zstd(int fdf, int fdt, uint64_t max_size);

 #if HAVE_LZ4
-DLSYM_PROTOTYPE(LZ4_compress_default);
-DLSYM_PROTOTYPE(LZ4_decompress_safe);
-DLSYM_PROTOTYPE(LZ4_decompress_safe_partial);
-DLSYM_PROTOTYPE(LZ4_versionNumber);
+extern DLSYM_PROTOTYPE(LZ4_compress_default);
+extern DLSYM_PROTOTYPE(LZ4_decompress_safe);
+extern DLSYM_PROTOTYPE(LZ4_decompress_safe_partial);
+extern DLSYM_PROTOTYPE(LZ4_versionNumber);

 int dlopen_lz4(void);
 #endif
--- a/src/basic/confidential-virt.h
+++ b/src/basic/confidential-virt.h
@ -21,5 +21,5 @@ typedef enum ConfidentialVirtualization {

 ConfidentialVirtualization detect_confidential_virtualization(void);

-const char *confidential_virtualization_to_string(ConfidentialVirtualization v) _const_;
+const char* confidential_virtualization_to_string(ConfidentialVirtualization v) _const_;
 ConfidentialVirtualization confidential_virtualization_from_string(const char *s) _pure_;
--- a/src/basic/dlfcn-util.h
+++ b/src/basic/dlfcn-util.h
@ -25,10 +25,8 @@ int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_l
 #define dlopen_many_sym_or_warn(dlp, filename, log_level, ...) \
        dlopen_many_sym_or_warn_sentinel(dlp, filename, log_level, __VA_ARGS__, NULL)

-#define DLSYM_PROTOTYPE(symbol)                 \
-        extern typeof(symbol)* sym_##symbol
-#define DLSYM_FUNCTION(symbol)                  \
-        typeof(symbol)* sym_##symbol = NULL
+#define DLSYM_PROTOTYPE(symbol)                \
+        typeof(symbol)* sym_##symbol

 /* Macro useful for putting together variable/symbol name pairs when calling dlsym_many_or_warn(). Assumes
 * that each library symbol to resolve will be placed in a variable with the "sym_" prefix, i.e. a symbol
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@ -552,7 +552,7 @@ char* strv_env_get_n(char * const *l, const char *name, size_t k, ReplaceEnvFlag
        return NULL;
 }

-char *strv_env_pairs_get(char **l, const char *name) {
+char* strv_env_pairs_get(char **l, const char *name) {
        char *result = NULL;

        assert(name);
@ -941,11 +941,11 @@ int replace_env_argv(
        }

        if (ret_unset_variables) {
-                strv_uniq(strv_sort(unset_variables));
+                strv_sort_uniq(unset_variables);
                *ret_unset_variables = TAKE_PTR(unset_variables);
        }
        if (ret_bad_variables) {
-                strv_uniq(strv_sort(bad_variables));
+                strv_sort_uniq(bad_variables);
                *ret_bad_variables = TAKE_PTR(bad_variables);
        }

--- a/src/basic/env-util.h
+++ b/src/basic/env-util.h
@ -59,7 +59,7 @@ static inline char* strv_env_get(char * const *x, const char *n) {
        return strv_env_get_n(x, n, SIZE_MAX, 0);
 }

-char *strv_env_pairs_get(char **l, const char *name) _pure_;
+char* strv_env_pairs_get(char **l, const char *name) _pure_;

 int getenv_bool(const char *p);
 int secure_getenv_bool(const char *p);
--- a/src/basic/errno-list.c
+++ b/src/basic/errno-list.c
@ -12,7 +12,7 @@ static const struct errno_name* lookup_errno(register const char *str,
 #include "errno-from-name.h"
 #include "errno-to-name.h"

-const char *errno_to_name(int id) {
+const char* errno_to_name(int id) {

        if (id < 0)
                id = -id;
--- a/src/basic/errno-list.h
+++ b/src/basic/errno-list.h
@ -8,7 +8,7 @@
 */
 #define ERRNO_MAX 4095

-const char *errno_to_name(int id);
+const char* errno_to_name(int id);
 int errno_from_name(const char *name);
 static inline bool errno_is_valid(int n) {
        return n > 0 && n <= ERRNO_MAX;
--- a/src/basic/ether-addr-util.c
+++ b/src/basic/ether-addr-util.c
@ -11,7 +11,7 @@
 #include "macro.h"
 #include "string-util.h"

-char *hw_addr_to_string_full(
+char* hw_addr_to_string_full(
                const struct hw_addr_data *addr,
                HardwareAddressToStringFlags flags,
                char buffer[static HW_ADDR_TO_STRING_MAX]) {
--- a/src/basic/ether-addr-util.h
+++ b/src/basic/ether-addr-util.h
@ -36,11 +36,11 @@ typedef enum HardwareAddressToStringFlags {
 } HardwareAddressToStringFlags;

 #define HW_ADDR_TO_STRING_MAX (3*HW_ADDR_MAX_SIZE)
-char *hw_addr_to_string_full(
+char* hw_addr_to_string_full(
                const struct hw_addr_data *addr,
                HardwareAddressToStringFlags flags,
                char buffer[static HW_ADDR_TO_STRING_MAX]);
-static inline char *hw_addr_to_string(const struct hw_addr_data *addr, char buffer[static HW_ADDR_TO_STRING_MAX]) {
+static inline char* hw_addr_to_string(const struct hw_addr_data *addr, char buffer[static HW_ADDR_TO_STRING_MAX]) {
        return hw_addr_to_string_full(addr, 0, buffer);
 }

--- a/src/basic/fd-util.c
+++ b/src/basic/fd-util.c
@ -1091,7 +1091,7 @@ int fds_are_same_mount(int fd1, int fd2) {
        return statx_mount_same(&st1.nsx, &st2.nsx);
 }

-const char *accmode_to_string(int flags) {
+const char* accmode_to_string(int flags) {
        switch (flags & O_ACCMODE) {
        case O_RDONLY:
                return "ro";
@ -1104,7 +1104,7 @@ const char *accmode_to_string(int flags) {
        }
 }

-char *format_proc_pid_fd_path(char buf[static PROC_PID_FD_PATH_MAX], pid_t pid, int fd) {
+char* format_proc_pid_fd_path(char buf[static PROC_PID_FD_PATH_MAX], pid_t pid, int fd) {
        assert(buf);
        assert(fd >= 0);
        assert(pid >= 0);
--- a/src/basic/fd-util.h
+++ b/src/basic/fd-util.h
@ -141,7 +141,7 @@ int fds_are_same_mount(int fd1, int fd2);
 #define PROC_FD_PATH_MAX \
        (STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int))

-static inline char *format_proc_fd_path(char buf[static PROC_FD_PATH_MAX], int fd) {
+static inline char* format_proc_fd_path(char buf[static PROC_FD_PATH_MAX], int fd) {
        assert(buf);
        assert(fd >= 0);
        assert_se(snprintf_ok(buf, PROC_FD_PATH_MAX, "/proc/self/fd/%i", fd));
@ -155,7 +155,7 @@ static inline char *format_proc_fd_path(char buf[static PROC_FD_PATH_MAX], int f
 #define PROC_PID_FD_PATH_MAX \
        (STRLEN("/proc//fd/") + DECIMAL_STR_MAX(pid_t) + DECIMAL_STR_MAX(int))

-char *format_proc_pid_fd_path(char buf[static PROC_PID_FD_PATH_MAX], pid_t pid, int fd);
+char* format_proc_pid_fd_path(char buf[static PROC_PID_FD_PATH_MAX], pid_t pid, int fd);

 /* Kinda the same as FORMAT_PROC_FD_PATH(), but goes by PID rather than "self" symlink */
 #define FORMAT_PROC_PID_FD_PATH(pid, fd)                                \
@ -163,7 +163,7 @@ char *format_proc_pid_fd_path(char buf[static PROC_PID_FD_PATH_MAX], pid_t pid,

 int proc_fd_enoent_errno(void);

-const char *accmode_to_string(int flags);
+const char* accmode_to_string(int flags);

 /* Like ASSERT_PTR, but for fds */
 #define ASSERT_FD(fd)                           \
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@ -355,6 +355,22 @@ int write_string_filef(
        return write_string_file(fn, p, flags);
 }

+int write_base64_file_at(
+                int dir_fd,
+                const char *fn,
+                const struct iovec *data,
+                WriteStringFileFlags flags) {
+
+        _cleanup_free_ char *encoded = NULL;
+        ssize_t n;
+
+        n = base64mem_full(data ? data->iov_base : NULL, data ? data->iov_len : 0, 79, &encoded);
+        if (n < 0)
+                return n;
+
+        return write_string_file_at(dir_fd, fn, encoded, flags);
+}
+
 int read_one_line_file_at(int dir_fd, const char *filename, char **ret) {
        _cleanup_fclose_ FILE *f = NULL;
        int r;
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@ -66,6 +66,8 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin
        return write_string_file_ts(fn, line, flags, NULL);
 }

+int write_base64_file_at(int dir_fd, const char *fn, const struct iovec *data, WriteStringFileFlags flags);
+
 int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4);

 int read_one_line_file_at(int dir_fd, const char *filename, char **ret);
--- a/src/basic/filesystems.c
+++ b/src/basic/filesystems.c
@ -3,7 +3,7 @@
 #include "filesystems-gperf.h"
 #include "stat-util.h"

-const char *fs_type_to_string(statfs_f_type_t magic) {
+const char* fs_type_to_string(statfs_f_type_t magic) {

        switch (magic) {
 #include "filesystem-switch-case.h"
--- a/src/basic/filesystems.h
+++ b/src/basic/filesystems.h
@ -34,7 +34,7 @@ extern const FilesystemSet filesystem_sets[];

 const FilesystemSet *filesystem_set_find(const char *name);

-const char *fs_type_to_string(statfs_f_type_t magic);
+const char* fs_type_to_string(statfs_f_type_t magic);
 int fs_type_from_string(const char *name, const statfs_f_type_t **ret);
 bool fs_in_group(const struct statfs *s, enum FilesystemGroups fs_group);

--- a/src/basic/format-util.c
+++ b/src/basic/format-util.c
@ -37,7 +37,7 @@ int format_ifname_full_alloc(int ifindex, FormatIfnameFlag flag, char **ret) {
        return strdup_to(ret, buf);
 }

-char *format_bytes_full(char *buf, size_t l, uint64_t t, FormatBytesFlag flag) {
+char* format_bytes_full(char *buf, size_t l, uint64_t t, FormatBytesFlag flag) {
        typedef struct {
                const char *suffix;
                uint64_t factor;
--- a/src/basic/format-util.h
+++ b/src/basic/format-util.h
@ -81,7 +81,7 @@ static inline int format_ifname_alloc(int ifindex, char **ret) {
        return format_ifname_full_alloc(ifindex, 0, ret);
 }

-static inline char *_format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
+static inline char* _format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
        (void) format_ifname_full(ifindex, flag, buf);
        return buf;
 }
@ -97,10 +97,10 @@ typedef enum {

 #define FORMAT_BYTES_MAX 16U

-char *format_bytes_full(char *buf, size_t l, uint64_t t, FormatBytesFlag flag) _warn_unused_result_;
+char* format_bytes_full(char *buf, size_t l, uint64_t t, FormatBytesFlag flag) _warn_unused_result_;

 _warn_unused_result_
-static inline char *format_bytes(char *buf, size_t l, uint64_t t) {
+static inline char* format_bytes(char *buf, size_t l, uint64_t t) {
        return format_bytes_full(buf, l, t, FORMAT_BYTES_USE_IEC | FORMAT_BYTES_BELOW_POINT | FORMAT_BYTES_TRAILING_B);
 }

--- a/src/basic/fs-util.h
+++ b/src/basic/fs-util.h
@ -137,6 +137,9 @@ int open_mkdir_at_full(int dirfd, const char *path, int flags, XOpenFlags xopen_
 static inline int open_mkdir_at(int dirfd, const char *path, int flags, mode_t mode) {
        return open_mkdir_at_full(dirfd, path, flags, 0, mode);
 }
+static inline int open_mkdir(const char *path, int flags, mode_t mode) {
+        return open_mkdir_at_full(AT_FDCWD, path, flags, 0, mode);
+}

 int openat_report_new(int dirfd, const char *pathname, int flags, mode_t mode, bool *ret_newly_created);

--- a/src/basic/gcrypt-util.c
+++ b/src/basic/gcrypt-util.c
@ -7,38 +7,38 @@

 static void *gcrypt_dl = NULL;

-static DLSYM_FUNCTION(gcry_control);
-static DLSYM_FUNCTION(gcry_check_version);
-DLSYM_FUNCTION(gcry_md_close);
-DLSYM_FUNCTION(gcry_md_copy);
-DLSYM_FUNCTION(gcry_md_ctl);
-DLSYM_FUNCTION(gcry_md_get_algo_dlen);
-DLSYM_FUNCTION(gcry_md_open);
-DLSYM_FUNCTION(gcry_md_read);
-DLSYM_FUNCTION(gcry_md_reset);
-DLSYM_FUNCTION(gcry_md_setkey);
-DLSYM_FUNCTION(gcry_md_write);
-DLSYM_FUNCTION(gcry_mpi_add);
-DLSYM_FUNCTION(gcry_mpi_add_ui);
-DLSYM_FUNCTION(gcry_mpi_cmp);
-DLSYM_FUNCTION(gcry_mpi_cmp_ui);
-DLSYM_FUNCTION(gcry_mpi_get_nbits);
-DLSYM_FUNCTION(gcry_mpi_invm);
-DLSYM_FUNCTION(gcry_mpi_mod);
-DLSYM_FUNCTION(gcry_mpi_mul);
-DLSYM_FUNCTION(gcry_mpi_mulm);
-DLSYM_FUNCTION(gcry_mpi_new);
-DLSYM_FUNCTION(gcry_mpi_powm);
-DLSYM_FUNCTION(gcry_mpi_print);
-DLSYM_FUNCTION(gcry_mpi_release);
-DLSYM_FUNCTION(gcry_mpi_scan);
-DLSYM_FUNCTION(gcry_mpi_set_ui);
-DLSYM_FUNCTION(gcry_mpi_sub);
-DLSYM_FUNCTION(gcry_mpi_subm);
-DLSYM_FUNCTION(gcry_mpi_sub_ui);
-DLSYM_FUNCTION(gcry_prime_check);
-DLSYM_FUNCTION(gcry_randomize);
-DLSYM_FUNCTION(gcry_strerror);
+static DLSYM_PROTOTYPE(gcry_control) = NULL;
+static DLSYM_PROTOTYPE(gcry_check_version) = NULL;
+DLSYM_PROTOTYPE(gcry_md_close) = NULL;
+DLSYM_PROTOTYPE(gcry_md_copy) = NULL;
+DLSYM_PROTOTYPE(gcry_md_ctl) = NULL;
+DLSYM_PROTOTYPE(gcry_md_get_algo_dlen) = NULL;
+DLSYM_PROTOTYPE(gcry_md_open) = NULL;
+DLSYM_PROTOTYPE(gcry_md_read) = NULL;
+DLSYM_PROTOTYPE(gcry_md_reset) = NULL;
+DLSYM_PROTOTYPE(gcry_md_setkey) = NULL;
+DLSYM_PROTOTYPE(gcry_md_write) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_add) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_add_ui) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_cmp) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_cmp_ui) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_get_nbits) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_invm) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_mod) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_mul) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_mulm) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_new) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_powm) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_print) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_release) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_scan) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_set_ui) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_sub) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_subm) = NULL;
+DLSYM_PROTOTYPE(gcry_mpi_sub_ui) = NULL;
+DLSYM_PROTOTYPE(gcry_prime_check) = NULL;
+DLSYM_PROTOTYPE(gcry_randomize) = NULL;
+DLSYM_PROTOTYPE(gcry_strerror) = NULL;

 static int dlopen_gcrypt(void) {
        ELF_NOTE_DLOPEN("gcrypt",
--- a/src/basic/gcrypt-util.h
+++ b/src/basic/gcrypt-util.h
@ -12,36 +12,36 @@
 #include "dlfcn-util.h"
 #include "macro.h"

-DLSYM_PROTOTYPE(gcry_md_close);
-DLSYM_PROTOTYPE(gcry_md_copy);
-DLSYM_PROTOTYPE(gcry_md_ctl);
-DLSYM_PROTOTYPE(gcry_md_get_algo_dlen);
-DLSYM_PROTOTYPE(gcry_md_open);
-DLSYM_PROTOTYPE(gcry_md_read);
-DLSYM_PROTOTYPE(gcry_md_reset);
-DLSYM_PROTOTYPE(gcry_md_setkey);
-DLSYM_PROTOTYPE(gcry_md_write);
-DLSYM_PROTOTYPE(gcry_mpi_add);
-DLSYM_PROTOTYPE(gcry_mpi_add_ui);
-DLSYM_PROTOTYPE(gcry_mpi_cmp);
-DLSYM_PROTOTYPE(gcry_mpi_cmp_ui);
-DLSYM_PROTOTYPE(gcry_mpi_get_nbits);
-DLSYM_PROTOTYPE(gcry_mpi_invm);
-DLSYM_PROTOTYPE(gcry_mpi_mod);
-DLSYM_PROTOTYPE(gcry_mpi_mul);
-DLSYM_PROTOTYPE(gcry_mpi_mulm);
-DLSYM_PROTOTYPE(gcry_mpi_new);
-DLSYM_PROTOTYPE(gcry_mpi_powm);
-DLSYM_PROTOTYPE(gcry_mpi_print);
-DLSYM_PROTOTYPE(gcry_mpi_release);
-DLSYM_PROTOTYPE(gcry_mpi_scan);
-DLSYM_PROTOTYPE(gcry_mpi_set_ui);
-DLSYM_PROTOTYPE(gcry_mpi_sub);
-DLSYM_PROTOTYPE(gcry_mpi_subm);
-DLSYM_PROTOTYPE(gcry_mpi_sub_ui);
-DLSYM_PROTOTYPE(gcry_prime_check);
-DLSYM_PROTOTYPE(gcry_randomize);
-DLSYM_PROTOTYPE(gcry_strerror);
+extern DLSYM_PROTOTYPE(gcry_md_close);
+extern DLSYM_PROTOTYPE(gcry_md_copy);
+extern DLSYM_PROTOTYPE(gcry_md_ctl);
+extern DLSYM_PROTOTYPE(gcry_md_get_algo_dlen);
+extern DLSYM_PROTOTYPE(gcry_md_open);
+extern DLSYM_PROTOTYPE(gcry_md_read);
+extern DLSYM_PROTOTYPE(gcry_md_reset);
+extern DLSYM_PROTOTYPE(gcry_md_setkey);
+extern DLSYM_PROTOTYPE(gcry_md_write);
+extern DLSYM_PROTOTYPE(gcry_mpi_add);
+extern DLSYM_PROTOTYPE(gcry_mpi_add_ui);
+extern DLSYM_PROTOTYPE(gcry_mpi_cmp);
+extern DLSYM_PROTOTYPE(gcry_mpi_cmp_ui);
+extern DLSYM_PROTOTYPE(gcry_mpi_get_nbits);
+extern DLSYM_PROTOTYPE(gcry_mpi_invm);
+extern DLSYM_PROTOTYPE(gcry_mpi_mod);
+extern DLSYM_PROTOTYPE(gcry_mpi_mul);
+extern DLSYM_PROTOTYPE(gcry_mpi_mulm);
+extern DLSYM_PROTOTYPE(gcry_mpi_new);
+extern DLSYM_PROTOTYPE(gcry_mpi_powm);
+extern DLSYM_PROTOTYPE(gcry_mpi_print);
+extern DLSYM_PROTOTYPE(gcry_mpi_release);
+extern DLSYM_PROTOTYPE(gcry_mpi_scan);
+extern DLSYM_PROTOTYPE(gcry_mpi_set_ui);
+extern DLSYM_PROTOTYPE(gcry_mpi_sub);
+extern DLSYM_PROTOTYPE(gcry_mpi_subm);
+extern DLSYM_PROTOTYPE(gcry_mpi_sub_ui);
+extern DLSYM_PROTOTYPE(gcry_prime_check);
+extern DLSYM_PROTOTYPE(gcry_randomize);
+extern DLSYM_PROTOTYPE(gcry_strerror);

 int initialize_libgcrypt(bool secmem);

--- a/src/basic/glyph-util.c
+++ b/src/basic/glyph-util.c
@ -23,7 +23,7 @@ bool emoji_enabled(void) {
        return cached_emoji_enabled;
 }

-const char *special_glyph_full(SpecialGlyph code, bool force_utf) {
+const char* special_glyph_full(SpecialGlyph code, bool force_utf) {

        /* A list of a number of interesting unicode glyphs we can use to decorate our output. It's probably wise to be
         * conservative here, and primarily stick to the glyphs defined in the eurlatgr font, so that display still
--- a/src/basic/glyph-util.h
+++ b/src/basic/glyph-util.h
@ -61,16 +61,16 @@ typedef enum SpecialGlyph {

 bool emoji_enabled(void);

-const char *special_glyph_full(SpecialGlyph code, bool force_utf) _const_;
+const char* special_glyph_full(SpecialGlyph code, bool force_utf) _const_;

-static inline const char *special_glyph(SpecialGlyph code) {
+static inline const char* special_glyph(SpecialGlyph code) {
        return special_glyph_full(code, false);
 }

-static inline const char *special_glyph_check_mark(bool b) {
+static inline const char* special_glyph_check_mark(bool b) {
        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : special_glyph(SPECIAL_GLYPH_CROSS_MARK);
 }

-static inline const char *special_glyph_check_mark_space(bool b) {
+static inline const char* special_glyph_check_mark_space(bool b) {
        return b ? special_glyph(SPECIAL_GLYPH_CHECK_MARK) : " ";
 }
--- a/src/basic/hexdecoct.c
+++ b/src/basic/hexdecoct.c
@ -55,7 +55,7 @@ int unhexchar(char c) {
        return -EINVAL;
 }

-char *hexmem(const void *p, size_t l) {
+char* hexmem(const void *p, size_t l) {
        const uint8_t *x;
        char *r, *z;

@ -188,7 +188,7 @@ int unbase32hexchar(char c) {
        return -EINVAL;
 }

-char *base32hexmem(const void *p, size_t l, bool padding) {
+char* base32hexmem(const void *p, size_t l, bool padding) {
        char *r, *z;
        const uint8_t *x;
        size_t len;
--- a/src/basic/hexdecoct.h
+++ b/src/basic/hexdecoct.h
@ -17,7 +17,7 @@ int undecchar(char c) _const_;
 char hexchar(int x) _const_;
 int unhexchar(char c) _const_;

-char *hexmem(const void *p, size_t l);
+char* hexmem(const void *p, size_t l);
 int unhexmem_full(const char *p, size_t l, bool secure, void **ret_data, size_t *ret_size);
 static inline int unhexmem(const char *p, void **ret_data, size_t *ret_size) {
        return unhexmem_full(p, SIZE_MAX, false, ret_data, ret_size);
@ -30,7 +30,7 @@ char base64char(int x) _const_;
 char urlsafe_base64char(int x) _const_;
 int unbase64char(char c) _const_;

-char *base32hexmem(const void *p, size_t l, bool padding);
+char* base32hexmem(const void *p, size_t l, bool padding);
 int unbase32hexmem(const char *p, size_t l, bool padding, void **mem, size_t *len);

 ssize_t base64mem_full(const void *p, size_t l, size_t line_break, char **ret);
--- a/src/basic/linux/README
+++ b/src/basic/linux/README
@ -1,8 +1,6 @@
-The files in this directory are copied from current kernel master
-(b06ed1e7a2fa9b636f368a9e97c3c8877623f8b2) or WireGuard master
-(8416093498ac2c754536dad4757c5d86c9ba8809), and the following
-modifications are applied:
- btrfs.h: drop '__user' attributes
- if.h: drop '#include <linux/compiler.h>' and '__user' attributes
- stddef.h: drop '#include <linux/compiler_types.h>'
- guard linux/fs.h include to avoid conflict with glibc 2.36
+The headers in this directory are from kernel v6.10-rc1 (1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0),
+and the following modifications are applied:
+- auto_dev-ioctl.h: set AUTOFS_DEV_IOCTL_VERSION_MINOR to 0
+- btrfs.h: guard linux/fs.h include to avoid conflict with glibc 2.36
+- dm-ioctl.h: set DM_VERSION_MINOR to 27
+- ethtool.h: add casts in ethtool_cmd_speed()
--- a/src/shared/linux/auto_dev-ioctl.h
+++ b/src/shared/linux/auto_dev-ioctl.h
@ -157,10 +157,6 @@ enum {
 	AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD,
 };

-#ifndef AUTOFS_IOCTL
-#define AUTOFS_IOCTL 0x93
-#endif
-
 #define AUTOFS_DEV_IOCTL_VERSION \
 	_IOWR(AUTOFS_IOCTL, \
 	      AUTOFS_DEV_IOCTL_VERSION_CMD, struct autofs_dev_ioctl)
--- a/src/basic/linux/auto_fs.h
+++ b/src/basic/linux/auto_fs.h
@ -0,0 +1,229 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Copyright 1997 Transmeta Corporation - All Rights Reserved
+ * Copyright 1999-2000 Jeremy Fitzhardinge <jeremy@goop.org>
+ * Copyright 2005-2006,2013,2017-2018 Ian Kent <raven@themaw.net>
+ *
+ * This file is part of the Linux kernel and is made available under
+ * the terms of the GNU General Public License, version 2, or at your
+ * option, any later version, incorporated herein by reference.
+ *
+ * ----------------------------------------------------------------------- */
+
+#ifndef _LINUX_AUTO_FS_H
+#define _LINUX_AUTO_FS_H
+
+#include <linux/types.h>
+#include <linux/limits.h>
+#include <sys/ioctl.h>
+
+#define AUTOFS_PROTO_VERSION		5
+#define AUTOFS_MIN_PROTO_VERSION	3
+#define AUTOFS_MAX_PROTO_VERSION	5
+
+#define AUTOFS_PROTO_SUBVERSION		5
+
+/*
+ * The wait_queue_token (autofs_wqt_t) is part of a structure which is passed
+ * back to the kernel via ioctl from userspace. On architectures where 32- and
+ * 64-bit userspace binaries can be executed it's important that the size of
+ * autofs_wqt_t stays constant between 32- and 64-bit Linux kernels so that we
+ * do not break the binary ABI interface by changing the structure size.
+ */
+#if defined(__ia64__) || defined(__alpha__) /* pure 64bit architectures */
+typedef unsigned long autofs_wqt_t;
+#else
+typedef unsigned int autofs_wqt_t;
+#endif
+
+/* Packet types */
+#define autofs_ptype_missing	0	/* Missing entry (mount request) */
+#define autofs_ptype_expire	1	/* Expire entry (umount request) */
+
+struct autofs_packet_hdr {
+	int proto_version;		/* Protocol version */
+	int type;			/* Type of packet */
+};
+
+struct autofs_packet_missing {
+	struct autofs_packet_hdr hdr;
+	autofs_wqt_t wait_queue_token;
+	int len;
+	char name[NAME_MAX+1];
+};	
+
+/* v3 expire (via ioctl) */
+struct autofs_packet_expire {
+	struct autofs_packet_hdr hdr;
+	int len;
+	char name[NAME_MAX+1];
+};
+
+#define AUTOFS_IOCTL 0x93
+
+enum {
+	AUTOFS_IOC_READY_CMD = 0x60,
+	AUTOFS_IOC_FAIL_CMD,
+	AUTOFS_IOC_CATATONIC_CMD,
+	AUTOFS_IOC_PROTOVER_CMD,
+	AUTOFS_IOC_SETTIMEOUT_CMD,
+	AUTOFS_IOC_EXPIRE_CMD,
+};
+
+#define AUTOFS_IOC_READY        _IO(AUTOFS_IOCTL, AUTOFS_IOC_READY_CMD)
+#define AUTOFS_IOC_FAIL         _IO(AUTOFS_IOCTL, AUTOFS_IOC_FAIL_CMD)
+#define AUTOFS_IOC_CATATONIC    _IO(AUTOFS_IOCTL, AUTOFS_IOC_CATATONIC_CMD)
+#define AUTOFS_IOC_PROTOVER     _IOR(AUTOFS_IOCTL, \
+				     AUTOFS_IOC_PROTOVER_CMD, int)
+#define AUTOFS_IOC_SETTIMEOUT32 _IOWR(AUTOFS_IOCTL, \
+				      AUTOFS_IOC_SETTIMEOUT_CMD, \
+				      compat_ulong_t)
+#define AUTOFS_IOC_SETTIMEOUT   _IOWR(AUTOFS_IOCTL, \
+				      AUTOFS_IOC_SETTIMEOUT_CMD, \
+				      unsigned long)
+#define AUTOFS_IOC_EXPIRE       _IOR(AUTOFS_IOCTL, \
+				     AUTOFS_IOC_EXPIRE_CMD, \
+				     struct autofs_packet_expire)
+
+/* autofs version 4 and later definitions */
+
+/* Mask for expire behaviour */
+#define AUTOFS_EXP_NORMAL		0x00
+#define AUTOFS_EXP_IMMEDIATE		0x01
+#define AUTOFS_EXP_LEAVES		0x02
+#define AUTOFS_EXP_FORCED		0x04
+
+#define AUTOFS_TYPE_ANY			0U
+#define AUTOFS_TYPE_INDIRECT		1U
+#define AUTOFS_TYPE_DIRECT		2U
+#define AUTOFS_TYPE_OFFSET		4U
+
+static __inline__ void set_autofs_type_indirect(unsigned int *type)
+{
+	*type = AUTOFS_TYPE_INDIRECT;
+}
+
+static __inline__ unsigned int autofs_type_indirect(unsigned int type)
+{
+	return (type == AUTOFS_TYPE_INDIRECT);
+}
+
+static __inline__ void set_autofs_type_direct(unsigned int *type)
+{
+	*type = AUTOFS_TYPE_DIRECT;
+}
+
+static __inline__ unsigned int autofs_type_direct(unsigned int type)
+{
+	return (type == AUTOFS_TYPE_DIRECT);
+}
+
+static __inline__ void set_autofs_type_offset(unsigned int *type)
+{
+	*type = AUTOFS_TYPE_OFFSET;
+}
+
+static __inline__ unsigned int autofs_type_offset(unsigned int type)
+{
+	return (type == AUTOFS_TYPE_OFFSET);
+}
+
+static __inline__ unsigned int autofs_type_trigger(unsigned int type)
+{
+	return (type == AUTOFS_TYPE_DIRECT || type == AUTOFS_TYPE_OFFSET);
+}
+
+/*
+ * This isn't really a type as we use it to say "no type set" to
+ * indicate we want to search for "any" mount in the
+ * autofs_dev_ioctl_ismountpoint() device ioctl function.
+ */
+static __inline__ void set_autofs_type_any(unsigned int *type)
+{
+	*type = AUTOFS_TYPE_ANY;
+}
+
+static __inline__ unsigned int autofs_type_any(unsigned int type)
+{
+	return (type == AUTOFS_TYPE_ANY);
+}
+
+/* Daemon notification packet types */
+enum autofs_notify {
+	NFY_NONE,
+	NFY_MOUNT,
+	NFY_EXPIRE
+};
+
+/* Kernel protocol version 4 packet types */
+
+/* Expire entry (umount request) */
+#define autofs_ptype_expire_multi	2
+
+/* Kernel protocol version 5 packet types */
+
+/* Indirect mount missing and expire requests. */
+#define autofs_ptype_missing_indirect	3
+#define autofs_ptype_expire_indirect	4
+
+/* Direct mount missing and expire requests */
+#define autofs_ptype_missing_direct	5
+#define autofs_ptype_expire_direct	6
+
+/* v4 multi expire (via pipe) */
+struct autofs_packet_expire_multi {
+	struct autofs_packet_hdr hdr;
+	autofs_wqt_t wait_queue_token;
+	int len;
+	char name[NAME_MAX+1];
+};
+
+union autofs_packet_union {
+	struct autofs_packet_hdr hdr;
+	struct autofs_packet_missing missing;
+	struct autofs_packet_expire expire;
+	struct autofs_packet_expire_multi expire_multi;
+};
+
+/* autofs v5 common packet struct */
+struct autofs_v5_packet {
+	struct autofs_packet_hdr hdr;
+	autofs_wqt_t wait_queue_token;
+	__u32 dev;
+	__u64 ino;
+	__u32 uid;
+	__u32 gid;
+	__u32 pid;
+	__u32 tgid;
+	__u32 len;
+	char name[NAME_MAX+1];
+};
+
+typedef struct autofs_v5_packet autofs_packet_missing_indirect_t;
+typedef struct autofs_v5_packet autofs_packet_expire_indirect_t;
+typedef struct autofs_v5_packet autofs_packet_missing_direct_t;
+typedef struct autofs_v5_packet autofs_packet_expire_direct_t;
+
+union autofs_v5_packet_union {
+	struct autofs_packet_hdr hdr;
+	struct autofs_v5_packet v5_packet;
+	autofs_packet_missing_indirect_t missing_indirect;
+	autofs_packet_expire_indirect_t expire_indirect;
+	autofs_packet_missing_direct_t missing_direct;
+	autofs_packet_expire_direct_t expire_direct;
+};
+
+enum {
+	AUTOFS_IOC_EXPIRE_MULTI_CMD = 0x66, /* AUTOFS_IOC_EXPIRE_CMD + 1 */
+	AUTOFS_IOC_PROTOSUBVER_CMD,
+	AUTOFS_IOC_ASKUMOUNT_CMD = 0x70, /* AUTOFS_DEV_IOCTL_VERSION_CMD - 1 */
+};
+
+#define AUTOFS_IOC_EXPIRE_MULTI		_IOW(AUTOFS_IOCTL, \
+					     AUTOFS_IOC_EXPIRE_MULTI_CMD, int)
+#define AUTOFS_IOC_PROTOSUBVER		_IOR(AUTOFS_IOCTL, \
+					     AUTOFS_IOC_PROTOSUBVER_CMD, int)
+#define AUTOFS_IOC_ASKUMOUNT		_IOR(AUTOFS_IOCTL, \
+					     AUTOFS_IOC_ASKUMOUNT_CMD, int)
+
+#endif /* _LINUX_AUTO_FS_H */
--- a/src/basic/linux/batman_adv.h
+++ b/src/basic/linux/batman_adv.h
@ -4,8 +4,8 @@
 * Matthias Schiffer
 */

-#ifndef _UAPI_LINUX_BATMAN_ADV_H_
-#define _UAPI_LINUX_BATMAN_ADV_H_
+#ifndef _LINUX_BATMAN_ADV_H_
+#define _LINUX_BATMAN_ADV_H_

 #define BATADV_NL_NAME "batadv"

@ -701,4 +701,4 @@ enum batadv_ifla_attrs {

 #define IFLA_BATADV_MAX (__IFLA_BATADV_MAX - 1)

-#endif /* _UAPI_LINUX_BATMAN_ADV_H_ */
+#endif /* _LINUX_BATMAN_ADV_H_ */
--- a/src/shared/linux/bpf.h
+++ b/src/shared/linux/bpf.h
@ -19,6 +19,7 @@

 /* ld/ldx fields */
 #define BPF_DW		0x18	/* double word (64-bit) */
+#define BPF_MEMSX	0x80	/* load with sign extension */
 #define BPF_ATOMIC	0xc0	/* atomic memory ops - op type in immediate */
 #define BPF_XADD	0xc0	/* exclusive add - legacy name */

@ -41,6 +42,7 @@
 #define BPF_JSGE	0x70	/* SGE is signed '>=', GE in x86 */
 #define BPF_JSLT	0xc0	/* SLT is signed, '<' */
 #define BPF_JSLE	0xd0	/* SLE is signed, '<=' */
+#define BPF_JCOND	0xe0	/* conditional pseudo jumps: may_goto, goto_or_nop */
 #define BPF_CALL	0x80	/* function call */
 #define BPF_EXIT	0x90	/* function return */

@ -49,6 +51,10 @@
 #define BPF_XCHG	(0xe0 | BPF_FETCH)	/* atomic exchange */
 #define BPF_CMPXCHG	(0xf0 | BPF_FETCH)	/* atomic compare-and-write */

+enum bpf_cond_pseudo_jmp {
+	BPF_MAY_GOTO = 0,
+};
+
 /* Register numbers */
 enum {
 	BPF_REG_0 = 0,
@ -76,12 +82,29 @@ struct bpf_insn {
 	__s32	imm;		/* signed immediate constant */
 };

-/* Key of an a BPF_MAP_TYPE_LPM_TRIE entry */
+/* Deprecated: use struct bpf_lpm_trie_key_u8 (when the "data" member is needed for
+ * byte access) or struct bpf_lpm_trie_key_hdr (when using an alternative type for
+ * the trailing flexible array member) instead.
+ */
 struct bpf_lpm_trie_key {
 	__u32	prefixlen;	/* up to 32 for AF_INET, 128 for AF_INET6 */
 	__u8	data[0];	/* Arbitrary size */
 };

+/* Header for bpf_lpm_trie_key structs */
+struct bpf_lpm_trie_key_hdr {
+	__u32	prefixlen;
+};
+
+/* Key of an a BPF_MAP_TYPE_LPM_TRIE entry, with trailing byte array. */
+struct bpf_lpm_trie_key_u8 {
+	union {
+		struct bpf_lpm_trie_key_hdr	hdr;
+		__u32				prefixlen;
+	};
+	__u8	data[];		/* Arbitrary size */
+};
+
 struct bpf_cgroup_storage_key {
 	__u64	cgroup_inode_id;	/* cgroup inode id */
 	__u32	attach_type;		/* program attach type (enum bpf_attach_type) */
@ -616,7 +639,11 @@ union bpf_iter_link_info {
 *		to NULL to begin the batched operation. After each subsequent
 *		**BPF_MAP_LOOKUP_BATCH**, the caller should pass the resultant
 *		*out_batch* as the *in_batch* for the next operation to
- *		continue iteration from the current point.
+ *		continue iteration from the current point. Both *in_batch* and
+ *		*out_batch* must point to memory large enough to hold a key,
+ *		except for maps of type **BPF_MAP_TYPE_{HASH, PERCPU_HASH,
+ *		LRU_HASH, LRU_PERCPU_HASH}**, for which batch parameters
+ *		must be at least 4 bytes wide regardless of key size.
 *
 *		The *keys* and *values* are output parameters which must point
 *		to memory large enough to hold *count* items based on the key
@ -846,6 +873,36 @@ union bpf_iter_link_info {
 *		Returns zero on success. On error, -1 is returned and *errno*
 *		is set appropriately.
 *
+ * BPF_TOKEN_CREATE
+ *	Description
+ *		Create BPF token with embedded information about what
+ *		BPF-related functionality it allows:
+ *		- a set of allowed bpf() syscall commands;
+ *		- a set of allowed BPF map types to be created with
+ *		BPF_MAP_CREATE command, if BPF_MAP_CREATE itself is allowed;
+ *		- a set of allowed BPF program types and BPF program attach
+ *		types to be loaded with BPF_PROG_LOAD command, if
+ *		BPF_PROG_LOAD itself is allowed.
+ *
+ *		BPF token is created (derived) from an instance of BPF FS,
+ *		assuming it has necessary delegation mount options specified.
+ *		This BPF token can be passed as an extra parameter to various
+ *		bpf() syscall commands to grant BPF subsystem functionality to
+ *		unprivileged processes.
+ *
+ *		When created, BPF token is "associated" with the owning
+ *		user namespace of BPF FS instance (super block) that it was
+ *		derived from, and subsequent BPF operations performed with
+ *		BPF token would be performing capabilities checks (i.e.,
+ *		CAP_BPF, CAP_PERFMON, CAP_NET_ADMIN, CAP_SYS_ADMIN) within
+ *		that user namespace. Without BPF token, such capabilities
+ *		have to be granted in init user namespace, making bpf()
+ *		syscall incompatible with user namespace, for the most part.
+ *
+ *	Return
+ *		A new file descriptor (a nonnegative integer), or -1 if an
+ *		error occurred (in which case, *errno* is set appropriately).
+ *
 * NOTES
 *	eBPF objects (maps and programs) can be shared between processes.
 *
@ -900,6 +957,8 @@ enum bpf_cmd {
 	BPF_ITER_CREATE,
 	BPF_LINK_DETACH,
 	BPF_PROG_BIND_MAP,
+	BPF_TOKEN_CREATE,
+	__MAX_BPF_CMD,
 };

 enum bpf_map_type {
@ -931,7 +990,14 @@ enum bpf_map_type {
 	 */
 	BPF_MAP_TYPE_CGROUP_STORAGE = BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED,
 	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
-	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE_DEPRECATED,
+	/* BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE is available to bpf programs
+	 * attaching to a cgroup. The new mechanism (BPF_MAP_TYPE_CGRP_STORAGE +
+	 * local percpu kptr) supports all BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE
+	 * functionality and more. So mark * BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE
+	 * deprecated.
+	 */
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE_DEPRECATED,
 	BPF_MAP_TYPE_QUEUE,
 	BPF_MAP_TYPE_STACK,
 	BPF_MAP_TYPE_SK_STORAGE,
@ -943,6 +1009,8 @@ enum bpf_map_type {
 	BPF_MAP_TYPE_BLOOM_FILTER,
 	BPF_MAP_TYPE_USER_RINGBUF,
 	BPF_MAP_TYPE_CGRP_STORAGE,
+	BPF_MAP_TYPE_ARENA,
+	__MAX_BPF_MAP_TYPE
 };

 /* Note that tracing related programs such as
@ -986,6 +1054,8 @@ enum bpf_prog_type {
 	BPF_PROG_TYPE_LSM,
 	BPF_PROG_TYPE_SK_LOOKUP,
 	BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */
+	BPF_PROG_TYPE_NETFILTER,
+	__MAX_BPF_PROG_TYPE
 };

 enum bpf_attach_type {
@ -1033,6 +1103,19 @@ enum bpf_attach_type {
 	BPF_PERF_EVENT,
 	BPF_TRACE_KPROBE_MULTI,
 	BPF_LSM_CGROUP,
+	BPF_STRUCT_OPS,
+	BPF_NETFILTER,
+	BPF_TCX_INGRESS,
+	BPF_TCX_EGRESS,
+	BPF_TRACE_UPROBE_MULTI,
+	BPF_CGROUP_UNIX_CONNECT,
+	BPF_CGROUP_UNIX_SENDMSG,
+	BPF_CGROUP_UNIX_RECVMSG,
+	BPF_CGROUP_UNIX_GETPEERNAME,
+	BPF_CGROUP_UNIX_GETSOCKNAME,
+	BPF_NETKIT_PRIMARY,
+	BPF_NETKIT_PEER,
+	BPF_TRACE_KPROBE_SESSION,
 	__MAX_BPF_ATTACH_TYPE
 };

@ -1049,8 +1132,24 @@ enum bpf_link_type {
 	BPF_LINK_TYPE_PERF_EVENT = 7,
 	BPF_LINK_TYPE_KPROBE_MULTI = 8,
 	BPF_LINK_TYPE_STRUCT_OPS = 9,
+	BPF_LINK_TYPE_NETFILTER = 10,
+	BPF_LINK_TYPE_TCX = 11,
+	BPF_LINK_TYPE_UPROBE_MULTI = 12,
+	BPF_LINK_TYPE_NETKIT = 13,
+	BPF_LINK_TYPE_SOCKMAP = 14,
+	__MAX_BPF_LINK_TYPE,
+};

-	MAX_BPF_LINK_TYPE,
+#define MAX_BPF_LINK_TYPE __MAX_BPF_LINK_TYPE
+
+enum bpf_perf_event_type {
+	BPF_PERF_EVENT_UNSPEC = 0,
+	BPF_PERF_EVENT_UPROBE = 1,
+	BPF_PERF_EVENT_URETPROBE = 2,
+	BPF_PERF_EVENT_KPROBE = 3,
+	BPF_PERF_EVENT_KRETPROBE = 4,
+	BPF_PERF_EVENT_TRACEPOINT = 5,
+	BPF_PERF_EVENT_EVENT = 6,
 };

 /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
@ -1099,7 +1198,12 @@ enum bpf_link_type {
 */
 #define BPF_F_ALLOW_OVERRIDE	(1U << 0)
 #define BPF_F_ALLOW_MULTI	(1U << 1)
+/* Generic attachment flags. */
 #define BPF_F_REPLACE		(1U << 2)
+#define BPF_F_BEFORE		(1U << 3)
+#define BPF_F_AFTER		(1U << 4)
+#define BPF_F_ID		(1U << 5)
+#define BPF_F_LINK		BPF_F_LINK /* 1 << 13 */

 /* If BPF_F_STRICT_ALIGNMENT is used in BPF_PROG_LOAD command, the
 * verifier will perform strict alignment checking as if the kernel
@ -1108,7 +1212,7 @@ enum bpf_link_type {
 */
 #define BPF_F_STRICT_ALIGNMENT	(1U << 0)

-/* If BPF_F_ANY_ALIGNMENT is used in BPF_PROF_LOAD command, the
+/* If BPF_F_ANY_ALIGNMENT is used in BPF_PROG_LOAD command, the
 * verifier will allow any alignment whatsoever.  On platforms
 * with strict alignment requirements for loads ands stores (such
 * as sparc and mips) the verifier validates that all loads and
@ -1156,10 +1260,32 @@ enum bpf_link_type {
 */
 #define BPF_F_XDP_HAS_FRAGS	(1U << 5)

+/* If BPF_F_XDP_DEV_BOUND_ONLY is used in BPF_PROG_LOAD command, the loaded
+ * program becomes device-bound but can access XDP metadata.
+ */
+#define BPF_F_XDP_DEV_BOUND_ONLY	(1U << 6)
+
+/* The verifier internal test flag. Behavior is undefined */
+#define BPF_F_TEST_REG_INVARIANTS	(1U << 7)
+
 /* link_create.kprobe_multi.flags used in LINK_CREATE command for
 * BPF_TRACE_KPROBE_MULTI attach type to create return probe.
 */
-#define BPF_F_KPROBE_MULTI_RETURN	(1U << 0)
+enum {
+	BPF_F_KPROBE_MULTI_RETURN = (1U << 0)
+};
+
+/* link_create.uprobe_multi.flags used in LINK_CREATE command for
+ * BPF_TRACE_UPROBE_MULTI attach type to create return probe.
+ */
+enum {
+	BPF_F_UPROBE_MULTI_RETURN = (1U << 0)
+};
+
+/* link_create.netfilter.flags used in LINK_CREATE command for
+ * BPF_PROG_TYPE_NETFILTER to enable IP packet defragmentation.
+ */
+#define BPF_F_NETFILTER_IP_DEFRAG (1U << 0)

 /* When BPF ldimm64's insn[0].src_reg != 0 then this can have
 * the following extensions:
@ -1215,6 +1341,10 @@ enum bpf_link_type {
 */
 #define BPF_PSEUDO_KFUNC_CALL	2

+enum bpf_addr_space_cast {
+	BPF_ADDR_SPACE_CAST = 1,
+};
+
 /* flags for BPF_MAP_UPDATE_ELEM command */
 enum {
 	BPF_ANY		= 0, /* create new element or update existing */
@ -1261,6 +1391,24 @@ enum {

 /* Create a map that is suitable to be an inner map with dynamic max entries */
 	BPF_F_INNER_MAP		= (1U << 12),
+
+/* Create a map that will be registered/unregesitered by the backed bpf_link */
+	BPF_F_LINK		= (1U << 13),
+
+/* Get path from provided FD in BPF_OBJ_PIN/BPF_OBJ_GET commands */
+	BPF_F_PATH_FD		= (1U << 14),
+
+/* Flag for value_type_btf_obj_fd, the fd is available */
+	BPF_F_VTYPE_BTF_OBJ_FD	= (1U << 15),
+
+/* BPF token FD is passed in a corresponding command's token_fd field */
+	BPF_F_TOKEN_FD          = (1U << 16),
+
+/* When user space page faults in bpf_arena send SIGSEGV instead of inserting new page */
+	BPF_F_SEGV_ON_FAULT	= (1U << 17),
+
+/* Do not translate kernel bpf_arena pointers to user pointers */
+	BPF_F_NO_USER_CONV	= (1U << 18),
 };

 /* Flags for BPF_PROG_QUERY. */
@ -1332,8 +1480,20 @@ union bpf_attr {
 		 * BPF_MAP_TYPE_BLOOM_FILTER - the lowest 4 bits indicate the
 		 * number of hash functions (if 0, the bloom filter will default
 		 * to using 5 hash functions).
+		 *
+		 * BPF_MAP_TYPE_ARENA - contains the address where user space
+		 * is going to mmap() the arena. It has to be page aligned.
 		 */
 		__u64	map_extra;
+
+		__s32   value_type_btf_obj_fd;	/* fd pointing to a BTF
+						 * type data for
+						 * btf_vmlinux_value_type_id.
+						 */
+		/* BPF token FD to use with BPF_MAP_CREATE operation.
+		 * If provided, map_flags should have BPF_F_TOKEN_FD flag set.
+		 */
+		__s32	map_token_fd;
 	};

 	struct { /* anonymous struct used by BPF_MAP_*_ELEM commands */
@ -1398,23 +1558,44 @@ union bpf_attr {
 		__aligned_u64	fd_array;	/* array of FDs */
 		__aligned_u64	core_relos;
 		__u32		core_relo_rec_size; /* sizeof(struct bpf_core_relo) */
+		/* output: actual total log contents size (including termintaing zero).
+		 * It could be both larger than original log_size (if log was
+		 * truncated), or smaller (if log buffer wasn't filled completely).
+		 */
+		__u32		log_true_size;
+		/* BPF token FD to use with BPF_PROG_LOAD operation.
+		 * If provided, prog_flags should have BPF_F_TOKEN_FD flag set.
+		 */
+		__s32		prog_token_fd;
 	};

 	struct { /* anonymous struct used by BPF_OBJ_* commands */
 		__aligned_u64	pathname;
 		__u32		bpf_fd;
 		__u32		file_flags;
+		/* Same as dirfd in openat() syscall; see openat(2)
+		 * manpage for details of path FD and pathname semantics;
+		 * path_fd should accompanied by BPF_F_PATH_FD flag set in
+		 * file_flags field, otherwise it should be set to zero;
+		 * if BPF_F_PATH_FD flag is not set, AT_FDCWD is assumed.
+		 */
+		__s32		path_fd;
 	};

 	struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */
-		__u32		target_fd;	/* container object to attach to */
-		__u32		attach_bpf_fd;	/* eBPF program to attach */
+		union {
+			__u32	target_fd;	/* target object to attach to or ... */
+			__u32	target_ifindex;	/* target ifindex */
+		};
+		__u32		attach_bpf_fd;
 		__u32		attach_type;
 		__u32		attach_flags;
-		__u32		replace_bpf_fd;	/* previously attached eBPF
-						 * program to replace if
-						 * BPF_F_REPLACE is used
-						 */
+		__u32		replace_bpf_fd;
+		union {
+			__u32	relative_fd;
+			__u32	relative_id;
+		};
+		__u64		expected_revision;
 	};

 	struct { /* anonymous struct used by BPF_PROG_TEST_RUN command */
@ -1460,21 +1641,33 @@ union bpf_attr {
 	} info;

 	struct { /* anonymous struct used by BPF_PROG_QUERY command */
-		__u32		target_fd;	/* container object to query */
+		union {
+			__u32	target_fd;	/* target object to query or ... */
+			__u32	target_ifindex;	/* target ifindex */
+		};
 		__u32		attach_type;
 		__u32		query_flags;
 		__u32		attach_flags;
 		__aligned_u64	prog_ids;
-		__u32		prog_cnt;
+		union {
+			__u32	prog_cnt;
+			__u32	count;
+		};
+		__u32		:32;
 		/* output: per-program attach_flags.
 		 * not allowed to be set during effective query.
 		 */
 		__aligned_u64	prog_attach_flags;
+		__aligned_u64	link_ids;
+		__aligned_u64	link_attach_flags;
+		__u64		revision;
 	} query;

 	struct { /* anonymous struct used by BPF_RAW_TRACEPOINT_OPEN command */
-		__u64 name;
-		__u32 prog_fd;
+		__u64		name;
+		__u32		prog_fd;
+		__u32		:32;
+		__aligned_u64	cookie;
 	} raw_tracepoint;

 	struct { /* anonymous struct for BPF_BTF_LOAD */
@ -1483,6 +1676,16 @@ union bpf_attr {
 		__u32		btf_size;
 		__u32		btf_log_size;
 		__u32		btf_log_level;
+		/* output: actual total log contents size (including termintaing zero).
+		 * It could be both larger than original log_size (if log was
+		 * truncated), or smaller (if log buffer wasn't filled completely).
+		 */
+		__u32		btf_log_true_size;
+		__u32		btf_flags;
+		/* BPF token FD to use with BPF_BTF_LOAD operation.
+		 * If provided, btf_flags should have BPF_F_TOKEN_FD flag set.
+		 */
+		__s32		btf_token_fd;
 	};

 	struct {
@ -1502,15 +1705,18 @@ union bpf_attr {
 	} task_fd_query;

 	struct { /* struct used by BPF_LINK_CREATE command */
-		__u32		prog_fd;	/* eBPF program to attach */
 		union {
-			__u32		target_fd;	/* object to attach to */
-			__u32		target_ifindex; /* target ifindex */
+			__u32		prog_fd;	/* eBPF program to attach */
+			__u32		map_fd;		/* struct_ops to attach */
+		};
+		union {
+			__u32	target_fd;	/* target object to attach to or ... */
+			__u32	target_ifindex; /* target ifindex */
 		};
 		__u32		attach_type;	/* attach type */
 		__u32		flags;		/* extra flags */
 		union {
-			__u32		target_btf_id;	/* btf_id of target to attach to */
+			__u32	target_btf_id;	/* btf_id of target to attach to */
 			struct {
 				__aligned_u64	iter_info;	/* extra bpf_iter_link_info */
 				__u32		iter_info_len;	/* iter_info length */
@ -1538,17 +1744,57 @@ union bpf_attr {
 				 */
 				__u64		cookie;
 			} tracing;
+			struct {
+				__u32		pf;
+				__u32		hooknum;
+				__s32		priority;
+				__u32		flags;
+			} netfilter;
+			struct {
+				union {
+					__u32	relative_fd;
+					__u32	relative_id;
+				};
+				__u64		expected_revision;
+			} tcx;
+			struct {
+				__aligned_u64	path;
+				__aligned_u64	offsets;
+				__aligned_u64	ref_ctr_offsets;
+				__aligned_u64	cookies;
+				__u32		cnt;
+				__u32		flags;
+				__u32		pid;
+			} uprobe_multi;
+			struct {
+				union {
+					__u32	relative_fd;
+					__u32	relative_id;
+				};
+				__u64		expected_revision;
+			} netkit;
 		};
 	} link_create;

 	struct { /* struct used by BPF_LINK_UPDATE command */
 		__u32		link_fd;	/* link fd */
-		/* new program fd to update link with */
-		__u32		new_prog_fd;
+		union {
+			/* new program fd to update link with */
+			__u32		new_prog_fd;
+			/* new struct_ops map fd to update link with */
+			__u32           new_map_fd;
+		};
 		__u32		flags;		/* extra flags */
-		/* expected link's program fd; is specified only if
-		 * BPF_F_REPLACE flag is set in flags */
-		__u32		old_prog_fd;
+		union {
+			/* expected link's program fd; is specified only if
+			 * BPF_F_REPLACE flag is set in flags.
+			 */
+			__u32		old_prog_fd;
+			/* expected link's map fd; is specified only
+			 * if BPF_F_REPLACE flag is set.
+			 */
+			__u32           old_map_fd;
+		};
 	} link_update;

 	struct {
@ -1570,6 +1816,11 @@ union bpf_attr {
 		__u32		flags;		/* extra flags */
 	} prog_bind_map;

+	struct { /* struct used by BPF_TOKEN_CREATE command */
+		__u32		flags;
+		__u32		bpffs_fd;
+	} token_create;
+
 } __attribute__((aligned(8)));

 /* The description below is an attempt at providing documentation to eBPF
@ -1642,17 +1893,17 @@ union bpf_attr {
 * 	Description
 * 		This helper is a "printk()-like" facility for debugging. It
 * 		prints a message defined by format *fmt* (of size *fmt_size*)
- * 		to file *\/sys/kernel/debug/tracing/trace* from DebugFS, if
+ * 		to file *\/sys/kernel/tracing/trace* from TraceFS, if
 * 		available. It can take up to three additional **u64**
 * 		arguments (as an eBPF helpers, the total number of arguments is
 * 		limited to five).
 *
 * 		Each time the helper is called, it appends a line to the trace.
- * 		Lines are discarded while *\/sys/kernel/debug/tracing/trace* is
- * 		open, use *\/sys/kernel/debug/tracing/trace_pipe* to avoid this.
+ * 		Lines are discarded while *\/sys/kernel/tracing/trace* is
+ * 		open, use *\/sys/kernel/tracing/trace_pipe* to avoid this.
 * 		The format of the trace is customizable, and the exact output
 * 		one will get depends on the options set in
- * 		*\/sys/kernel/debug/tracing/trace_options* (see also the
+ * 		*\/sys/kernel/tracing/trace_options* (see also the
 * 		*README* file under the same directory). However, it usually
 * 		defaults to something like:
 *
@ -1845,7 +2096,9 @@ union bpf_attr {
 * 		performed again, if the helper is used in combination with
 * 		direct packet access.
 * 	Return
- * 		0 on success, or a negative error in case of failure.
+ * 		0 on success, or a negative error in case of failure. Positive
+ * 		error indicates a potential drop or congestion in the target
+ * 		device. The particular positive error codes are not defined.
 *
 * u64 bpf_get_current_pid_tgid(void)
 * 	Description
@ -2001,6 +2254,9 @@ union bpf_attr {
 * 			sending the packet. This flag was added for GRE
 * 			encapsulation, but might be used with other protocols
 * 			as well in the future.
+ * 		**BPF_F_NO_TUNNEL_KEY**
+ * 			Add a flag to tunnel metadata indicating that no tunnel
+ * 			key should be set in the resulting tunnel header.
 *
 * 		Here is a typical usage on the transmit path:
 *
@ -2575,8 +2831,8 @@ union bpf_attr {
 * 		*bpf_socket* should be one of the following:
 *
 * 		* **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**.
- * 		* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**
- * 		  and **BPF_CGROUP_INET6_CONNECT**.
+ *		* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**,
+ *		  **BPF_CGROUP_INET6_CONNECT** and **BPF_CGROUP_UNIX_CONNECT**.
 *
 * 		This helper actually implements a subset of **setsockopt()**.
 * 		It supports the following *level*\ s:
@ -2644,6 +2900,11 @@ union bpf_attr {
 *		  Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
 *		  L2 type as Ethernet.
 *
+ *		* **BPF_F_ADJ_ROOM_DECAP_L3_IPV4**,
+ *		  **BPF_F_ADJ_ROOM_DECAP_L3_IPV6**:
+ *		  Indicate the new IP header version after decapsulating the outer
+ *		  IP header. Used when the inner and outer IP versions are different.
+ *
 * 		A call to this helper is susceptible to change the underlying
 * 		packet buffer. Therefore, at load time, all checks on pointers
 * 		previously done by the verifier are invalidated and must be
@ -2788,7 +3049,7 @@ union bpf_attr {
 *
 * long bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, u32 buf_size)
 * 	Description
- * 		For en eBPF program attached to a perf event, retrieve the
+ * 		For an eBPF program attached to a perf event, retrieve the
 * 		value of the event counter associated to *ctx* and store it in
 * 		the structure pointed by *buf* and of size *buf_size*. Enabled
 * 		and running times are also stored in the structure (see
@ -2809,8 +3070,8 @@ union bpf_attr {
 * 		*bpf_socket* should be one of the following:
 *
 * 		* **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**.
- * 		* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**
- * 		  and **BPF_CGROUP_INET6_CONNECT**.
+ *		* **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**,
+ *		  **BPF_CGROUP_INET6_CONNECT** and **BPF_CGROUP_UNIX_CONNECT**.
 *
 * 		This helper actually implements a subset of **getsockopt()**.
 * 		It supports the same set of *optname*\ s that is supported by
@ -3118,9 +3379,27 @@ union bpf_attr {
 *		**BPF_FIB_LOOKUP_DIRECT**
 *			Do a direct table lookup vs full lookup using FIB
 *			rules.
+ *		**BPF_FIB_LOOKUP_TBID**
+ *			Used with BPF_FIB_LOOKUP_DIRECT.
+ *			Use the routing table ID present in *params*->tbid
+ *			for the fib lookup.
 *		**BPF_FIB_LOOKUP_OUTPUT**
 *			Perform lookup from an egress perspective (default is
 *			ingress).
+ *		**BPF_FIB_LOOKUP_SKIP_NEIGH**
+ *			Skip the neighbour table lookup. *params*->dmac
+ *			and *params*->smac will not be set as output. A common
+ *			use case is to call **bpf_redirect_neigh**\ () after
+ *			doing **bpf_fib_lookup**\ ().
+ *		**BPF_FIB_LOOKUP_SRC**
+ *			Derive and set source IP addr in *params*->ipv{4,6}_src
+ *			for the nexthop. If the src addr cannot be derived,
+ *			**BPF_FIB_LKUP_RET_NO_SRC_ADDR** is returned. In this
+ *			case, *params*->dmac and *params*->smac are not set either.
+ *		**BPF_FIB_LOOKUP_MARK**
+ *			Use the mark present in *params*->mark for the fib lookup.
+ *			This option should not be used with BPF_FIB_LOOKUP_DIRECT,
+ *			as it only has meaning for full lookups.
 *
 *		*ctx* is either **struct xdp_md** for XDP programs or
 *		**struct sk_buff** tc cls_act programs.
@ -3972,7 +4251,7 @@ union bpf_attr {
 *
 * u64 bpf_jiffies64(void)
 *	Description
- *		Obtain the 64-bit jiffies
+ *		Obtain the 64bit jiffies
 *	Return
 *		The 64 bit jiffies
 *
@ -4090,9 +4369,6 @@ union bpf_attr {
 *		**-EOPNOTSUPP** if the operation is not supported, for example
 *		a call from outside of TC ingress.
 *
- *		**-ESOCKTNOSUPPORT** if the socket type is not supported
- *		(reuseport).
- *
 * long bpf_sk_assign(struct bpf_sk_lookup *ctx, struct bpf_sock *sk, u64 flags)
 *	Description
 *		Helper is overloaded depending on BPF program type. This
@ -4357,6 +4633,8 @@ union bpf_attr {
 * long bpf_get_task_stack(struct task_struct *task, void *buf, u32 size, u64 flags)
 *	Description
 *		Return a user or a kernel stack in bpf program provided buffer.
+ *		Note: the user stack will only be populated if the *task* is
+ *		the current task; all other tasks will return -EOPNOTSUPP.
 *		To achieve this, the helper needs *task*, which is a valid
 *		pointer to **struct task_struct**. To store the stacktrace, the
 *		bpf program provides *buf* with a nonnegative *size*.
@ -4368,6 +4646,7 @@ union bpf_attr {
 *
 *		**BPF_F_USER_STACK**
 *			Collect a user space stack instead of a kernel stack.
+ *			The *task* must be the current task.
 *		**BPF_F_USER_BUILD_ID**
 *			Collect buildid+offset instead of ips for user stack,
 *			only valid if **BPF_F_USER_STACK** is also specified.
@ -4671,9 +4950,9 @@ union bpf_attr {
 * 		going through the CPU's backlog queue.
 *
 * 		The *flags* argument is reserved and must be 0. The helper is
- * 		currently only supported for tc BPF program types at the ingress
- * 		hook and for veth device types. The peer device must reside in a
- * 		different network namespace.
+ * 		currently only supported for tc BPF program types at the
+ * 		ingress hook and for veth and netkit target device types. The
+ * 		peer device must reside in a different network namespace.
 * 	Return
 * 		The helper returns **TC_ACT_REDIRECT** on success or
 * 		**TC_ACT_SHOT** on error.
@ -4749,7 +5028,7 @@ union bpf_attr {
 *		bytes will be copied to *dst*
 *	Return
 *		The **hash_algo** is returned on success,
- *		**-EOPNOTSUP** if IMA is disabled or **-EINVAL** if
+ *		**-EOPNOTSUPP** if IMA is disabled or **-EINVAL** if
 *		invalid arguments are passed.
 *
 * struct socket *bpf_sock_from_file(struct file *file)
@ -4951,6 +5230,14 @@ union bpf_attr {
 *		different maps if key/value layout matches across maps.
 *		Every bpf_timer_set_callback() can have different callback_fn.
 *
+ *		*flags* can be one of:
+ *
+ *		**BPF_F_TIMER_ABS**
+ *			Start the timer in absolute expire value instead of the
+ *			default relative one.
+ *		**BPF_F_TIMER_CPU_PIN**
+ *			Timer will be pinned to the CPU of the caller.
+ *
 *	Return
 *		0 on success.
 *		**-EINVAL** if *timer* was not initialized with bpf_timer_init() earlier
@ -4969,9 +5256,14 @@ union bpf_attr {
 * u64 bpf_get_func_ip(void *ctx)
 * 	Description
 * 		Get address of the traced function (for tracing and kprobe programs).
+ *
+ * 		When called for kprobe program attached as uprobe it returns
+ * 		probe address for both entry and return uprobe.
+ *
 * 	Return
- * 		Address of the traced function.
+ * 		Address of the traced function for kprobe.
 * 		0 for kprobes placed within the function (not at the entry).
+ * 		Address of the probe for uprobe and return uprobe.
 *
 * u64 bpf_get_attach_cookie(void *ctx)
 * 	Description
@ -5222,7 +5514,7 @@ union bpf_attr {
 *		bytes will be copied to *dst*
 *	Return
 *		The **hash_algo** is returned on success,
- *		**-EOPNOTSUP** if the hash calculation failed or **-EINVAL** if
+ *		**-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
 *		invalid arguments are passed.
 *
 * void *bpf_kptr_xchg(void *map_value, void *ptr)
@ -5307,11 +5599,22 @@ union bpf_attr {
 *	Description
 *		Write *len* bytes from *src* into *dst*, starting from *offset*
 *		into *dst*.
- *		*flags* is currently unused.
+ *
+ *		*flags* must be 0 except for skb-type dynptrs.
+ *
+ *		For skb-type dynptrs:
+ *		    *  All data slices of the dynptr are automatically
+ *		       invalidated after **bpf_dynptr_write**\ (). This is
+ *		       because writing may pull the skb and change the
+ *		       underlying packet buffer.
+ *
+ *		    *  For *flags*, please see the flags accepted by
+ *		       **bpf_skb_store_bytes**\ ().
 *	Return
 *		0 on success, -E2BIG if *offset* + *len* exceeds the length
 *		of *dst*'s data, -EINVAL if *dst* is an invalid dynptr or if *dst*
- *		is a read-only dynptr or if *flags* is not 0.
+ *		is a read-only dynptr or if *flags* is not correct. For skb-type dynptrs,
+ *		other errors correspond to errors returned by **bpf_skb_store_bytes**\ ().
 *
 * void *bpf_dynptr_data(const struct bpf_dynptr *ptr, u32 offset, u32 len)
 *	Description
@ -5319,6 +5622,9 @@ union bpf_attr {
 *
 *		*len* must be a statically known value. The returned data slice
 *		is invalidated whenever the dynptr is invalidated.
+ *
+ *		skb and xdp type dynptrs may not use bpf_dynptr_data. They should
+ *		instead use bpf_dynptr_slice and bpf_dynptr_slice_rdwr.
 *	Return
 *		Pointer to the underlying dynptr data, NULL if the dynptr is
 *		read-only, if the dynptr is invalid, or if the offset and length
@ -5764,6 +6070,7 @@ enum {
 	BPF_F_ZERO_CSUM_TX		= (1ULL << 1),
 	BPF_F_DONT_FRAGMENT		= (1ULL << 2),
 	BPF_F_SEQ_NUMBER		= (1ULL << 3),
+	BPF_F_NO_TUNNEL_KEY		= (1ULL << 4),
 };

 /* BPF_FUNC_skb_get_tunnel_key flags. */
@ -5803,6 +6110,8 @@ enum {
 	BPF_F_ADJ_ROOM_ENCAP_L4_UDP	= (1ULL << 4),
 	BPF_F_ADJ_ROOM_NO_CSUM_RESET	= (1ULL << 5),
 	BPF_F_ADJ_ROOM_ENCAP_L2_ETH	= (1ULL << 6),
+	BPF_F_ADJ_ROOM_DECAP_L3_IPV4	= (1ULL << 7),
+	BPF_F_ADJ_ROOM_DECAP_L3_IPV6	= (1ULL << 8),
 };

 enum {
@ -6095,6 +6404,19 @@ struct bpf_sock_tuple {
 	};
 };

+/* (Simplified) user return codes for tcx prog type.
+ * A valid tcx program must return one of these defined values. All other
+ * return codes are reserved for future use. Must remain compatible with
+ * their TC_ACT_* counter-parts. For compatibility in behavior, unknown
+ * return codes are mapped to TCX_NEXT.
+ */
+enum tcx_action_base {
+	TCX_NEXT	= -1,
+	TCX_PASS	= 0,
+	TCX_DROP	= 2,
+	TCX_REDIRECT	= 7,
+};
+
 struct bpf_xdp_sock {
 	__u32 queue_id;
 };
@ -6276,7 +6598,7 @@ struct bpf_map_info {
 	__u32 btf_id;
 	__u32 btf_key_type_id;
 	__u32 btf_value_type_id;
-	__u32 :32;	/* alignment pad */
+	__u32 btf_vmlinux_id;
 	__u64 map_extra;
 } __attribute__((aligned(8)));

@ -6338,6 +6660,76 @@ struct bpf_link_info {
 		struct {
 			__u32 ifindex;
 		} xdp;
+		struct {
+			__u32 map_id;
+		} struct_ops;
+		struct {
+			__u32 pf;
+			__u32 hooknum;
+			__s32 priority;
+			__u32 flags;
+		} netfilter;
+		struct {
+			__aligned_u64 addrs;
+			__u32 count; /* in/out: kprobe_multi function count */
+			__u32 flags;
+			__u64 missed;
+			__aligned_u64 cookies;
+		} kprobe_multi;
+		struct {
+			__aligned_u64 path;
+			__aligned_u64 offsets;
+			__aligned_u64 ref_ctr_offsets;
+			__aligned_u64 cookies;
+			__u32 path_size; /* in/out: real path size on success, including zero byte */
+			__u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
+			__u32 flags;
+			__u32 pid;
+		} uprobe_multi;
+		struct {
+			__u32 type; /* enum bpf_perf_event_type */
+			__u32 :32;
+			union {
+				struct {
+					__aligned_u64 file_name; /* in/out */
+					__u32 name_len;
+					__u32 offset; /* offset from file_name */
+					__u64 cookie;
+				} uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
+				struct {
+					__aligned_u64 func_name; /* in/out */
+					__u32 name_len;
+					__u32 offset; /* offset from func_name */
+					__u64 addr;
+					__u64 missed;
+					__u64 cookie;
+				} kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
+				struct {
+					__aligned_u64 tp_name;   /* in/out */
+					__u32 name_len;
+					__u32 :32;
+					__u64 cookie;
+				} tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
+				struct {
+					__u64 config;
+					__u32 type;
+					__u32 :32;
+					__u64 cookie;
+				} event; /* BPF_PERF_EVENT_EVENT */
+			};
+		} perf_event;
+		struct {
+			__u32 ifindex;
+			__u32 attach_type;
+		} tcx;
+		struct {
+			__u32 ifindex;
+			__u32 attach_type;
+		} netkit;
+		struct {
+			__u32 map_id;
+			__u32 attach_type;
+		} sockmap;
 	};
 } __attribute__((aligned(8)));

@ -6556,6 +6948,8 @@ enum {
 					 * socket transition to LISTEN state.
 					 */
 	BPF_SOCK_OPS_RTT_CB,		/* Called on every RTT.
+					 * Arg1: measured RTT input (mrtt)
+					 * Arg2: updated srtt
 					 */
 	BPF_SOCK_OPS_PARSE_HDR_OPT_CB,	/* Parse the header option.
 					 * It will be called to handle
@ -6634,6 +7028,7 @@ enum {
 	BPF_TCP_LISTEN,
 	BPF_TCP_CLOSING,	/* Now a valid state */
 	BPF_TCP_NEW_SYN_RECV,
+	BPF_TCP_BOUND_INACTIVE,

 	BPF_TCP_MAX_STATES	/* Leave at the end! */
 };
@ -6734,6 +7129,10 @@ struct bpf_raw_tracepoint_args {
 enum {
 	BPF_FIB_LOOKUP_DIRECT  = (1U << 0),
 	BPF_FIB_LOOKUP_OUTPUT  = (1U << 1),
+	BPF_FIB_LOOKUP_SKIP_NEIGH = (1U << 2),
+	BPF_FIB_LOOKUP_TBID    = (1U << 3),
+	BPF_FIB_LOOKUP_SRC     = (1U << 4),
+	BPF_FIB_LOOKUP_MARK    = (1U << 5),
 };

 enum {
@ -6746,6 +7145,7 @@ enum {
 	BPF_FIB_LKUP_RET_UNSUPP_LWT,   /* fwd requires encapsulation */
 	BPF_FIB_LKUP_RET_NO_NEIGH,     /* no neighbor entry for nh */
 	BPF_FIB_LKUP_RET_FRAG_NEEDED,  /* fragmentation required to fwd */
+	BPF_FIB_LKUP_RET_NO_SRC_ADDR,  /* failed to derive IP src addr */
 };

 struct bpf_fib_lookup {
@ -6765,7 +7165,7 @@ struct bpf_fib_lookup {

 		/* output: MTU value */
 		__u16	mtu_result;
-	};
+	} __attribute__((packed, aligned(2)));
 	/* input: L3 device index for lookup
 	 * output: device index from FIB lookup
 	 */
@ -6780,6 +7180,9 @@ struct bpf_fib_lookup {
 		__u32	rt_metric;
 	};

+	/* input: source address to consider for lookup
+	 * output: source address result from lookup
+	 */
 	union {
 		__be32		ipv4_src;
 		__u32		ipv6_src[4];  /* in6_addr; network order */
@ -6794,11 +7197,32 @@ struct bpf_fib_lookup {
 		__u32		ipv6_dst[4];  /* in6_addr; network order */
 	};

-	/* output */
-	__be16	h_vlan_proto;
-	__be16	h_vlan_TCI;
-	__u8	smac[6];     /* ETH_ALEN */
-	__u8	dmac[6];     /* ETH_ALEN */
+	union {
+		struct {
+			/* output */
+			__be16	h_vlan_proto;
+			__be16	h_vlan_TCI;
+		};
+		/* input: when accompanied with the
+		 * 'BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_TBID` flags, a
+		 * specific routing table to use for the fib lookup.
+		 */
+		__u32	tbid;
+	};
+
+	union {
+		/* input */
+		struct {
+			__u32	mark;   /* policy routing */
+			/* 2 4-byte holes for input */
+		};
+
+		/* output: source and dest mac */
+		struct {
+			__u8	smac[6];	/* ETH_ALEN */
+			__u8	dmac[6];	/* ETH_ALEN */
+		};
+	};
 };

 struct bpf_redir_neigh {
@ -6882,25 +7306,37 @@ struct bpf_spin_lock {
 };

 struct bpf_timer {
-	__u64 :64;
-	__u64 :64;
+	__u64 __opaque[2];
+} __attribute__((aligned(8)));
+
+struct bpf_wq {
+	__u64 __opaque[2];
 } __attribute__((aligned(8)));

 struct bpf_dynptr {
-	__u64 :64;
-	__u64 :64;
+	__u64 __opaque[2];
 } __attribute__((aligned(8)));

 struct bpf_list_head {
-	__u64 :64;
-	__u64 :64;
+	__u64 __opaque[2];
 } __attribute__((aligned(8)));

 struct bpf_list_node {
-	__u64 :64;
-	__u64 :64;
+	__u64 __opaque[3];
 } __attribute__((aligned(8)));

+struct bpf_rb_root {
+	__u64 __opaque[2];
+} __attribute__((aligned(8)));
+
+struct bpf_rb_node {
+	__u64 __opaque[4];
+} __attribute__((aligned(8)));
+
+struct bpf_refcount {
+	__u32 __opaque[1];
+} __attribute__((aligned(4)));
+
 struct bpf_sysctl {
 	__u32	write;		/* Sysctl is being read (= 0) or written (= 1).
 				 * Allows 1,2,4-byte read, but no write.
@ -7050,4 +7486,23 @@ struct bpf_core_relo {
 	enum bpf_core_relo_kind kind;
 };

+/*
+ * Flags to control bpf_timer_start() behaviour.
+ *     - BPF_F_TIMER_ABS: Timeout passed is absolute time, by default it is
+ *       relative to current time.
+ *     - BPF_F_TIMER_CPU_PIN: Timer will be pinned to the CPU of the caller.
+ */
+enum {
+	BPF_F_TIMER_ABS = (1ULL << 0),
+	BPF_F_TIMER_CPU_PIN = (1ULL << 1),
+};
+
+/* BPF numbers iterator state */
+struct bpf_iter_num {
+	/* opaque iterator state; having __u64 here allows to preserve correct
+	 * alignment requirements in vmlinux.h, generated from BTF
+	 */
+	__u64 __opaque[1];
+} __attribute__((aligned(8)));
+
 #endif /* __LINUX_BPF_H__ */
--- a/src/shared/linux/bpf_common.h
+++ b/src/shared/linux/bpf_common.h
--- a/src/shared/linux/bpf_insn.h
+++ b/src/shared/linux/bpf_insn.h
@ -210,14 +210,6 @@ struct bpf_insn;
 		.off   = OFF,					\
 		.imm   = IMM })

-#define BPF_JMP_A(OFF)						\
-	((struct bpf_insn) {					\
-		.code  = BPF_JMP | BPF_JA,			\
-		.dst_reg = 0,					\
-		.src_reg = 0,					\
-		.off   = OFF,					\
-		.imm   = 0 })
-
 /* Raw code statement block */

 #define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM)			\
--- a/src/basic/linux/btrfs.h
+++ b/src/basic/linux/btrfs.h
@ -17,8 +17,8 @@
 * Boston, MA 021110-1307, USA.
 */

-#ifndef _UAPI_LINUX_BTRFS_H
-#define _UAPI_LINUX_BTRFS_H
+#ifndef _LINUX_BTRFS_H
+#define _LINUX_BTRFS_H

 #ifdef __cplusplus
 extern "C" {
@ -44,10 +44,8 @@ struct btrfs_ioctl_vol_args {
 #define BTRFS_DEVICE_PATH_NAME_MAX	1024
 #define BTRFS_SUBVOL_NAME_MAX 		4039

-#ifndef __KERNEL__
 /* Deprecated since 5.7 */
 # define BTRFS_SUBVOL_CREATE_ASYNC	(1ULL << 0)
-#endif
 #define BTRFS_SUBVOL_RDONLY		(1ULL << 1)
 #define BTRFS_SUBVOL_QGROUP_INHERIT	(1ULL << 2)

@ -1188,4 +1186,4 @@ enum btrfs_err_code {
 }
 #endif

-#endif /* _UAPI_LINUX_BTRFS_H */
+#endif /* _LINUX_BTRFS_H */
--- a/src/basic/linux/btrfs_tree.h
+++ b/src/basic/linux/btrfs_tree.h
@ -4,11 +4,7 @@

 #include <linux/btrfs.h>
 #include <linux/types.h>
-#ifdef __KERNEL__
-#include <linux/stddef.h>
-#else
 #include <stddef.h>
-#endif

 /* ASCII for _BHRfS_M, no terminating nul */
 #define BTRFS_MAGIC 0x4D5F53665248425FULL
@ -220,18 +216,18 @@
 #define BTRFS_METADATA_ITEM_KEY	169

 /*
- * Special inline ref key which stores the id of the subvolume which originally
+ * Special __inline__ ref key which stores the id of the subvolume which originally
 * created the extent. This subvolume owns the extent permanently from the
 * perspective of simple quotas. Needed to know which subvolume to free quota
 * usage from when the extent is deleted.
 *
- * Stored as an inline ref rather to avoid wasting space on a separate item on
- * top of the existing extent item. However, unlike the other inline refs,
+ * Stored as an __inline__ ref rather to avoid wasting space on a separate item on
+ * top of the existing extent item. However, unlike the other __inline__ refs,
 * there is one one owner ref per extent rather than one per extent.
 *
- * Because of this, it goes at the front of the list of inline refs, and thus
- * must have a lower type value than any other inline ref type (to satisfy the
- * disk format rule that inline refs have non-decreasing type).
+ * Because of this, it goes at the front of the list of __inline__ refs, and thus
+ * must have a lower type value than any other __inline__ ref type (to satisfy the
+ * disk format rule that __inline__ refs have non-decreasing type).
 */
 #define BTRFS_EXTENT_OWNER_REF_KEY	172

@ -404,7 +400,7 @@ enum btrfs_csum_type {
 /* Directory contains encrypted data */
 #define BTRFS_FT_ENCRYPTED	0x80

-static inline __u8 btrfs_dir_flags_to_ftype(__u8 flags)
+static __inline__ __u8 btrfs_dir_flags_to_ftype(__u8 flags)
 {
 	return flags & ~BTRFS_FT_ENCRYPTED;
 }
@ -970,7 +966,7 @@ struct btrfs_root_item {
 * Btrfs root item used to be smaller than current size.  The old format ends
 * at where member generation_v2 is.
 */
-static inline __u32 btrfs_legacy_root_item_size(void)
+static __inline__ __u32 btrfs_legacy_root_item_size(void)
 {
 	return offsetof(struct btrfs_root_item, generation_v2);
 }
@ -1094,14 +1090,14 @@ struct btrfs_file_extent_item {
 	__u8 encryption;
 	__le16 other_encoding; /* spare for later use */

-	/* are we inline data or a real extent? */
+	/* are we __inline__ data or a real extent? */
 	__u8 type;

 	/*
 	 * disk space consumed by the extent, checksum blocks are included
 	 * in these numbers
 	 *
-	 * At this offset in the structure, the inline extent data start.
+	 * At this offset in the structure, the __inline__ extent data start.
 	 */
 	__le64 disk_bytenr;
 	__le64 disk_num_bytes;
@ -1205,14 +1201,14 @@ struct btrfs_dev_replace_item {
 #define BTRFS_EXTENDED_PROFILE_MASK	(BTRFS_BLOCK_GROUP_PROFILE_MASK | \
 					 BTRFS_AVAIL_ALLOC_BIT_SINGLE)

-static inline __u64 chunk_to_extended(__u64 flags)
+static __inline__ __u64 chunk_to_extended(__u64 flags)
 {
 	if ((flags & BTRFS_BLOCK_GROUP_PROFILE_MASK) == 0)
 		flags |= BTRFS_AVAIL_ALLOC_BIT_SINGLE;

 	return flags;
 }
-static inline __u64 extended_to_chunk(__u64 flags)
+static __inline__ __u64 extended_to_chunk(__u64 flags)
 {
 	return flags & ~BTRFS_AVAIL_ALLOC_BIT_SINGLE;
 }
@ -1231,7 +1227,7 @@ struct btrfs_free_space_info {
 #define BTRFS_FREE_SPACE_USING_BITMAPS (1ULL << 0)

 #define BTRFS_QGROUP_LEVEL_SHIFT		48
-static inline __u16 btrfs_qgroup_level(__u64 qgroupid)
+static __inline__ __u16 btrfs_qgroup_level(__u64 qgroupid)
 {
 	return (__u16)(qgroupid >> BTRFS_QGROUP_LEVEL_SHIFT);
 }
--- a/src/basic/linux/can/netlink.h
+++ b/src/basic/linux/can/netlink.h
@ -16,8 +16,8 @@
 * GNU General Public License for more details.
 */

-#ifndef _UAPI_CAN_NETLINK_H
-#define _UAPI_CAN_NETLINK_H
+#ifndef _CAN_NETLINK_H
+#define _CAN_NETLINK_H

 #include <linux/types.h>

--- a/src/basic/linux/can/vxcan.h
+++ b/src/basic/linux/can/vxcan.h
@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
-#ifndef _UAPI_CAN_VXCAN_H
-#define _UAPI_CAN_VXCAN_H
+#ifndef _CAN_VXCAN_H
+#define _CAN_VXCAN_H

 enum {
 	VXCAN_INFO_UNSPEC,
--- a/src/basic/linux/cfm_bridge.h
+++ b/src/basic/linux/cfm_bridge.h
@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */

-#ifndef _UAPI_LINUX_CFM_BRIDGE_H_
-#define _UAPI_LINUX_CFM_BRIDGE_H_
+#ifndef _LINUX_CFM_BRIDGE_H_
+#define _LINUX_CFM_BRIDGE_H_

 #include <linux/types.h>
 #include <linux/if_ether.h>
--- a/src/basic/linux/const.h
+++ b/src/basic/linux/const.h
@ -0,0 +1,36 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* const.h: Macros for dealing with constants.  */
+
+#ifndef _LINUX_CONST_H
+#define _LINUX_CONST_H
+
+/* Some constant macros are used in both assembler and
+ * C code.  Therefore we cannot annotate them always with
+ * 'UL' and other type specifiers unilaterally.  We
+ * use the following macros to deal with this.
+ *
+ * Similarly, _AT() will cast an expression with a type in C, but
+ * leave it unchanged in asm.
+ */
+
+#ifdef __ASSEMBLY__
+#define _AC(X,Y)	X
+#define _AT(T,X)	X
+#else
+#define __AC(X,Y)	(X##Y)
+#define _AC(X,Y)	__AC(X,Y)
+#define _AT(T,X)	((T)(X))
+#endif
+
+#define _UL(x)		(_AC(x, UL))
+#define _ULL(x)		(_AC(x, ULL))
+
+#define _BITUL(x)	(_UL(1) << (x))
+#define _BITULL(x)	(_ULL(1) << (x))
+
+#define __ALIGN_KERNEL(x, a)		__ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
+#define __ALIGN_KERNEL_MASK(x, mask)	(((x) + (mask)) & ~(mask))
+
+#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
+
+#endif /* _LINUX_CONST_H */
--- a/src/shared/linux/dm-ioctl.h
+++ b/src/shared/linux/dm-ioctl.h
@ -288,7 +288,7 @@ enum {
 #define DM_VERSION_MAJOR	4
 #define DM_VERSION_MINOR	27
 #define DM_VERSION_PATCHLEVEL	0
-#define DM_VERSION_EXTRA	"-ioctl (2022-02-22)"
+#define DM_VERSION_EXTRA	"-ioctl (2023-03-01)"

 /* Status bits */
 #define DM_READONLY_FLAG	(1 << 0) /* In/Out */
--- a/src/shared/linux/ethtool.h
+++ b/src/shared/linux/ethtool.h
@ -20,10 +20,6 @@

 #include <limits.h> /* for INT_MAX */

-#ifndef __KERNEL_DIV_ROUND_UP
-#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
-#endif
-
 /* All structures exposed to userland should be defined such that they
 * have the same layout for 32-bit and 64-bit userland.
 */
@ -713,6 +709,24 @@ enum ethtool_stringset {
 	ETH_SS_COUNT
 };

+/**
+ * enum ethtool_mac_stats_src - source of ethtool MAC statistics
+ * @ETHTOOL_MAC_STATS_SRC_AGGREGATE:
+ *	if device supports a MAC merge layer, this retrieves the aggregate
+ *	statistics of the eMAC and pMAC. Otherwise, it retrieves just the
+ *	statistics of the single (express) MAC.
+ * @ETHTOOL_MAC_STATS_SRC_EMAC:
+ *	if device supports a MM layer, this retrieves the eMAC statistics.
+ *	Otherwise, it retrieves the statistics of the single (express) MAC.
+ * @ETHTOOL_MAC_STATS_SRC_PMAC:
+ *	if device supports a MM layer, this retrieves the pMAC statistics.
+ */
+enum ethtool_mac_stats_src {
+	ETHTOOL_MAC_STATS_SRC_AGGREGATE,
+	ETHTOOL_MAC_STATS_SRC_EMAC,
+	ETHTOOL_MAC_STATS_SRC_PMAC,
+};
+
 /**
 * enum ethtool_module_power_mode_policy - plug-in module power mode policy
 * @ETHTOOL_MODULE_POWER_MODE_POLICY_HIGH: Module is always in high power mode.
@ -736,6 +750,61 @@ enum ethtool_module_power_mode {
 	ETHTOOL_MODULE_POWER_MODE_HIGH,
 };

+/**
+ * enum ethtool_pse_types - Types of PSE controller.
+ * @ETHTOOL_PSE_UNKNOWN: Type of PSE controller is unknown
+ * @ETHTOOL_PSE_PODL: PSE controller which support PoDL
+ * @ETHTOOL_PSE_C33: PSE controller which support Clause 33 (PoE)
+ */
+enum ethtool_pse_types {
+	ETHTOOL_PSE_UNKNOWN =	1 << 0,
+	ETHTOOL_PSE_PODL =	1 << 1,
+	ETHTOOL_PSE_C33 =	1 << 2,
+};
+
+/**
+ * enum ethtool_c33_pse_admin_state - operational state of the PoDL PSE
+ *	functions. IEEE 802.3-2022 30.9.1.1.2 aPSEAdminState
+ * @ETHTOOL_C33_PSE_ADMIN_STATE_UNKNOWN: state of PSE functions is unknown
+ * @ETHTOOL_C33_PSE_ADMIN_STATE_DISABLED: PSE functions are disabled
+ * @ETHTOOL_C33_PSE_ADMIN_STATE_ENABLED: PSE functions are enabled
+ */
+enum ethtool_c33_pse_admin_state {
+	ETHTOOL_C33_PSE_ADMIN_STATE_UNKNOWN = 1,
+	ETHTOOL_C33_PSE_ADMIN_STATE_DISABLED,
+	ETHTOOL_C33_PSE_ADMIN_STATE_ENABLED,
+};
+
+/**
+ * enum ethtool_c33_pse_pw_d_status - power detection status of the PSE.
+ *	IEEE 802.3-2022 30.9.1.1.3 aPoDLPSEPowerDetectionStatus:
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_UNKNOWN: PSE status is unknown
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_DISABLED: The enumeration "disabled"
+ *	indicates that the PSE State diagram is in the state DISABLED.
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_SEARCHING: The enumeration "searching"
+ *	indicates the PSE State diagram is in a state other than those
+ *	listed.
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_DELIVERING: The enumeration
+ *	"deliveringPower" indicates that the PSE State diagram is in the
+ *	state POWER_ON.
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_TEST: The enumeration "test" indicates that
+ *	the PSE State diagram is in the state TEST_MODE.
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_FAULT: The enumeration "fault" indicates that
+ *	the PSE State diagram is in the state TEST_ERROR.
+ * @ETHTOOL_C33_PSE_PW_D_STATUS_OTHERFAULT: The enumeration "otherFault"
+ *	indicates that the PSE State diagram is in the state IDLE due to
+ *	the variable error_condition = true.
+ */
+enum ethtool_c33_pse_pw_d_status {
+	ETHTOOL_C33_PSE_PW_D_STATUS_UNKNOWN = 1,
+	ETHTOOL_C33_PSE_PW_D_STATUS_DISABLED,
+	ETHTOOL_C33_PSE_PW_D_STATUS_SEARCHING,
+	ETHTOOL_C33_PSE_PW_D_STATUS_DELIVERING,
+	ETHTOOL_C33_PSE_PW_D_STATUS_TEST,
+	ETHTOOL_C33_PSE_PW_D_STATUS_FAULT,
+	ETHTOOL_C33_PSE_PW_D_STATUS_OTHERFAULT,
+};
+
 /**
 * enum ethtool_podl_pse_admin_state - operational state of the PoDL PSE
 *	functions. IEEE 802.3-2018 30.15.1.1.2 aPoDLPSEAdminState
@ -781,6 +850,31 @@ enum ethtool_podl_pse_pw_d_status {
 	ETHTOOL_PODL_PSE_PW_D_STATUS_ERROR,
 };

+/**
+ * enum ethtool_mm_verify_status - status of MAC Merge Verify function
+ * @ETHTOOL_MM_VERIFY_STATUS_UNKNOWN:
+ *	verification status is unknown
+ * @ETHTOOL_MM_VERIFY_STATUS_INITIAL:
+ *	the 802.3 Verify State diagram is in the state INIT_VERIFICATION
+ * @ETHTOOL_MM_VERIFY_STATUS_VERIFYING:
+ *	the Verify State diagram is in the state VERIFICATION_IDLE,
+ *	SEND_VERIFY or WAIT_FOR_RESPONSE
+ * @ETHTOOL_MM_VERIFY_STATUS_SUCCEEDED:
+ *	indicates that the Verify State diagram is in the state VERIFIED
+ * @ETHTOOL_MM_VERIFY_STATUS_FAILED:
+ *	the Verify State diagram is in the state VERIFY_FAIL
+ * @ETHTOOL_MM_VERIFY_STATUS_DISABLED:
+ *	verification of preemption operation is disabled
+ */
+enum ethtool_mm_verify_status {
+	ETHTOOL_MM_VERIFY_STATUS_UNKNOWN,
+	ETHTOOL_MM_VERIFY_STATUS_INITIAL,
+	ETHTOOL_MM_VERIFY_STATUS_VERIFYING,
+	ETHTOOL_MM_VERIFY_STATUS_SUCCEEDED,
+	ETHTOOL_MM_VERIFY_STATUS_FAILED,
+	ETHTOOL_MM_VERIFY_STATUS_DISABLED,
+};
+
 /**
 * struct ethtool_gstrings - string set for data tagging
 * @cmd: Command number = %ETHTOOL_GSTRINGS
@ -1093,7 +1187,7 @@ struct ethtool_rx_flow_spec {
 /* How rings are laid out when accessing virtual functions or
 * offloaded queues is device specific. To allow users to do flow
 * steering and specify these queues the ring cookie is partitioned
- * into a 32-bit queue index with an 8 bit virtual function id.
+ * into a 32bit queue index with an 8 bit virtual function id.
 * This also leaves the 3bytes for further specifiers. It is possible
 * future devices may support more than 256 virtual functions if
 * devices start supporting PCIe w/ARI. However at the moment I
@ -1185,7 +1279,7 @@ struct ethtool_rxnfc {
 		__u32			rule_cnt;
 		__u32			rss_context;
 	};
-	__u32				rule_locs[0];
+	__u32				rule_locs[];
 };


@ -1225,6 +1319,8 @@ struct ethtool_rxfh_indir {
 *	hardware hash key.
 * @hfunc: Defines the current RSS hash function used by HW (or to be set to).
 *	Valid values are one of the %ETH_RSS_HASH_*.
+ * @input_xfrm: Defines how the input data is transformed. Valid values are one
+ *	of %RXH_XFRM_*.
 * @rsvd8: Reserved for future use; see the note on reserved space.
 * @rsvd32: Reserved for future use; see the note on reserved space.
 * @rss_config: RX ring/queue index for each hash value i.e., indirection table
@ -1244,7 +1340,8 @@ struct ethtool_rxfh {
 	__u32   indir_size;
 	__u32   key_size;
 	__u8	hfunc;
-	__u8	rsvd8[3];
+	__u8	input_xfrm;
+	__u8	rsvd8[2];
 	__u32	rsvd32;
 	__u32   rss_config[];
 };
@ -1743,6 +1840,9 @@ enum ethtool_link_mode_bit_indices {
 	ETHTOOL_LINK_MODE_800000baseDR8_2_Full_BIT	 = 96,
 	ETHTOOL_LINK_MODE_800000baseSR8_Full_BIT	 = 97,
 	ETHTOOL_LINK_MODE_800000baseVR8_Full_BIT	 = 98,
+	ETHTOOL_LINK_MODE_10baseT1S_Full_BIT		 = 99,
+	ETHTOOL_LINK_MODE_10baseT1S_Half_BIT		 = 100,
+	ETHTOOL_LINK_MODE_10baseT1S_P2MP_Half_BIT	 = 101,

 	/* must be last entry */
 	__ETHTOOL_LINK_MODE_MASK_NBITS
@ -1948,6 +2048,15 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex)

 #define WOL_MODE_COUNT		8

+/* RSS hash function data
+ * XOR the corresponding source and destination fields of each specified
+ * protocol. Both copies of the XOR'ed fields are fed into the RSS and RXHASH
+ * calculation. Note that this XORing reduces the input set entropy and could
+ * be exploited to reduce the RSS queue spread.
+ */
+#define	RXH_XFRM_SYM_XOR	(1 << 0)
+#define	RXH_XFRM_NO_CHANGE	0xff
+
 /* L2-L4 network traffic flow types */
 #define	TCP_V4_FLOW	0x01	/* hash or spec (tcp_ip4_spec) */
 #define	UDP_V4_FLOW	0x02	/* hash or spec (udp_ip4_spec) */
@ -1967,6 +2076,53 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex)
 #define	IPV4_FLOW	0x10	/* hash only */
 #define	IPV6_FLOW	0x11	/* hash only */
 #define	ETHER_FLOW	0x12	/* spec only (ether_spec) */
+
+/* Used for GTP-U IPv4 and IPv6.
+ * The format of GTP packets only includes
+ * elements such as TEID and GTP version.
+ * It is primarily intended for data communication of the UE.
+ */
+#define GTPU_V4_FLOW 0x13	/* hash only */
+#define GTPU_V6_FLOW 0x14	/* hash only */
+
+/* Use for GTP-C IPv4 and v6.
+ * The format of these GTP packets does not include TEID.
+ * Primarily expected to be used for communication
+ * to create sessions for UE data communication,
+ * commonly referred to as CSR (Create Session Request).
+ */
+#define GTPC_V4_FLOW 0x15	/* hash only */
+#define GTPC_V6_FLOW 0x16	/* hash only */
+
+/* Use for GTP-C IPv4 and v6.
+ * Unlike GTPC_V4_FLOW, the format of these GTP packets includes TEID.
+ * After session creation, it becomes this packet.
+ * This is mainly used for requests to realize UE handover.
+ */
+#define GTPC_TEID_V4_FLOW 0x17	/* hash only */
+#define GTPC_TEID_V6_FLOW 0x18	/* hash only */
+
+/* Use for GTP-U and extended headers for the PSC (PDU Session Container).
+ * The format of these GTP packets includes TEID and QFI.
+ * In 5G communication using UPF (User Plane Function),
+ * data communication with this extended header is performed.
+ */
+#define GTPU_EH_V4_FLOW 0x19	/* hash only */
+#define GTPU_EH_V6_FLOW 0x1a	/* hash only */
+
+/* Use for GTP-U IPv4 and v6 PSC (PDU Session Container) extended headers.
+ * This differs from GTPU_EH_V(4|6)_FLOW in that it is distinguished by
+ * UL/DL included in the PSC.
+ * There are differences in the data included based on Downlink/Uplink,
+ * and can be used to distinguish packets.
+ * The functions described so far are useful when you want to
+ * handle communication from the mobile network in UPF, PGW, etc.
+ */
+#define GTPU_UL_V4_FLOW 0x1b	/* hash only */
+#define GTPU_UL_V6_FLOW 0x1c	/* hash only */
+#define GTPU_DL_V4_FLOW 0x1d	/* hash only */
+#define GTPU_DL_V6_FLOW 0x1e	/* hash only */
+
 /* Flag to enable additional fields in struct ethtool_rx_flow_spec */
 #define	FLOW_EXT	0x80000000
 #define	FLOW_MAC_EXT	0x40000000
@ -1981,6 +2137,7 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex)
 #define	RXH_IP_DST	(1 << 5)
 #define	RXH_L4_B_0_1	(1 << 6) /* src port in case of TCP/UDP/SCTP */
 #define	RXH_L4_B_2_3	(1 << 7) /* dst port in case of TCP/UDP/SCTP */
+#define	RXH_GTP_TEID	(1 << 8) /* teid in case of GTP */
 #define	RXH_DISCARD	(1 << 31)

 #define	RX_CLS_FLOW_DISC	0xffffffffffffffffULL
@ -2084,18 +2241,6 @@ enum ethtool_reset_flags {
 *	refused. For drivers: ignore this field (use kernel's
 *	__ETHTOOL_LINK_MODE_MASK_NBITS instead), any change to it will
 *	be overwritten by kernel.
- * @supported: Bitmap with each bit meaning given by
- *	%ethtool_link_mode_bit_indices for the link modes, physical
- *	connectors and other link features for which the interface
- *	supports autonegotiation or auto-detection.  Read-only.
- * @advertising: Bitmap with each bit meaning given by
- *	%ethtool_link_mode_bit_indices for the link modes, physical
- *	connectors and other link features that are advertised through
- *	autonegotiation or enabled for auto-detection.
- * @lp_advertising: Bitmap with each bit meaning given by
- *	%ethtool_link_mode_bit_indices for the link modes, and other
- *	link features that the link partner advertised through
- *	autonegotiation; 0 if unknown or not applicable.  Read-only.
 * @transceiver: Used to distinguish different possible PHY types,
 *	reported consistently by PHYLIB.  Read-only.
 * @master_slave_cfg: Master/slave port mode.
@ -2137,6 +2282,21 @@ enum ethtool_reset_flags {
 * %set_link_ksettings() should validate all fields other than @cmd
 * and @link_mode_masks_nwords that are not described as read-only or
 * deprecated, and must ignore all fields described as read-only.
+ *
+ * @link_mode_masks is divided into three bitfields, each of length
+ * @link_mode_masks_nwords:
+ * - supported: Bitmap with each bit meaning given by
+ *	%ethtool_link_mode_bit_indices for the link modes, physical
+ *	connectors and other link features for which the interface
+ *	supports autonegotiation or auto-detection.  Read-only.
+ * - advertising: Bitmap with each bit meaning given by
+ *	%ethtool_link_mode_bit_indices for the link modes, physical
+ *	connectors and other link features that are advertised through
+ *	autonegotiation or enabled for auto-detection.
+ * - lp_advertising: Bitmap with each bit meaning given by
+ *	%ethtool_link_mode_bit_indices for the link modes, and other
+ *	link features that the link partner advertised through
+ *	autonegotiation; 0 if unknown or not applicable.  Read-only.
 */
 struct ethtool_link_settings {
 	__u32	cmd;
--- a/src/basic/linux/fou.h
+++ b/src/basic/linux/fou.h
@ -3,8 +3,8 @@
 /*	Documentation/netlink/specs/fou.yaml */
 /* YNL-GEN uapi header */

-#ifndef _UAPI_LINUX_FOU_H
-#define _UAPI_LINUX_FOU_H
+#ifndef _LINUX_FOU_H
+#define _LINUX_FOU_H

 #define FOU_GENL_NAME		"fou"
 #define FOU_GENL_VERSION	1
@ -43,4 +43,4 @@ enum {
 };
 #define FOU_CMD_MAX (__FOU_CMD_MAX - 1)

-#endif /* _UAPI_LINUX_FOU_H */
+#endif /* _LINUX_FOU_H */
--- a/src/basic/linux/genetlink.h
+++ b/src/basic/linux/genetlink.h
@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
-#ifndef _UAPI__LINUX_GENERIC_NETLINK_H
-#define _UAPI__LINUX_GENERIC_NETLINK_H
+#ifndef __LINUX_GENERIC_NETLINK_H
+#define __LINUX_GENERIC_NETLINK_H

 #include <linux/types.h>
 #include <linux/netlink.h>
@ -100,4 +100,4 @@ enum {

 #define CTRL_ATTR_POLICY_MAX (__CTRL_ATTR_POLICY_DUMP_MAX - 1)

-#endif /* _UAPI__LINUX_GENERIC_NETLINK_H */
+#endif /* __LINUX_GENERIC_NETLINK_H */
--- a/src/basic/linux/if.h
+++ b/src/basic/linux/if.h
@ -23,10 +23,9 @@
 #include <linux/libc-compat.h>          /* for compatibility with glibc */
 #include <linux/types.h>		/* for "__kernel_caddr_t" et al	*/
 #include <linux/socket.h>		/* for "struct sockaddr" et al	*/
+		/* for "__user" et al           */

-#ifndef __KERNEL__
 #include <sys/socket.h>			/* for struct sockaddr.		*/
-#endif

 #if __UAPI_DEF_IF_IFNAMSIZ
 #define	IFNAMSIZ	16
@ -50,7 +49,7 @@
 * are annotated below, note that only a few flags can be toggled and some
 * other flags are always preserved from the original net_device flags
 * even if you try to set them via sysfs. Flags which are always preserved
- * are kept under the flag grouping @IFF_VOLATILE. Flags which are volatile
+ * are kept under the flag grouping @IFF_VOLATILE. Flags which are __volatile__
 * are annotated below as such.
 *
 * You should have a pretty good reason to be extending these flags.
@ -82,26 +81,26 @@ enum net_device_flags {
 /* for compatibility with glibc net/if.h */
 #if __UAPI_DEF_IF_NET_DEVICE_FLAGS
 	IFF_UP				= 1<<0,  /* sysfs */
-	IFF_BROADCAST			= 1<<1,  /* volatile */
+	IFF_BROADCAST			= 1<<1,  /* __volatile__ */
 	IFF_DEBUG			= 1<<2,  /* sysfs */
-	IFF_LOOPBACK			= 1<<3,  /* volatile */
-	IFF_POINTOPOINT			= 1<<4,  /* volatile */
+	IFF_LOOPBACK			= 1<<3,  /* __volatile__ */
+	IFF_POINTOPOINT			= 1<<4,  /* __volatile__ */
 	IFF_NOTRAILERS			= 1<<5,  /* sysfs */
-	IFF_RUNNING			= 1<<6,  /* volatile */
+	IFF_RUNNING			= 1<<6,  /* __volatile__ */
 	IFF_NOARP			= 1<<7,  /* sysfs */
 	IFF_PROMISC			= 1<<8,  /* sysfs */
 	IFF_ALLMULTI			= 1<<9,  /* sysfs */
-	IFF_MASTER			= 1<<10, /* volatile */
-	IFF_SLAVE			= 1<<11, /* volatile */
+	IFF_MASTER			= 1<<10, /* __volatile__ */
+	IFF_SLAVE			= 1<<11, /* __volatile__ */
 	IFF_MULTICAST			= 1<<12, /* sysfs */
 	IFF_PORTSEL			= 1<<13, /* sysfs */
 	IFF_AUTOMEDIA			= 1<<14, /* sysfs */
 	IFF_DYNAMIC			= 1<<15, /* sysfs */
 #endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
 #if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
-	IFF_LOWER_UP			= 1<<16, /* volatile */
-	IFF_DORMANT			= 1<<17, /* volatile */
-	IFF_ECHO			= 1<<18, /* volatile */
+	IFF_LOWER_UP			= 1<<16, /* __volatile__ */
+	IFF_DORMANT			= 1<<17, /* __volatile__ */
+	IFF_ECHO			= 1<<18, /* __volatile__ */
 #endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
 };
 #endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */
--- a/src/basic/linux/if_addr.h
+++ b/src/basic/linux/if_addr.h
@ -65,10 +65,8 @@ struct ifa_cacheinfo {
 };

 /* backwards compatibility for userspace */
-#ifndef __KERNEL__
 #define IFA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
 #define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
-#endif

 /* ifa_proto */
 #define IFAPROT_UNSPEC		0
--- a/src/basic/linux/if_bridge.h
+++ b/src/basic/linux/if_bridge.h
@ -11,8 +11,8 @@
 *	2 of the License, or (at your option) any later version.
 */

-#ifndef _UAPI_LINUX_IF_BRIDGE_H
-#define _UAPI_LINUX_IF_BRIDGE_H
+#ifndef _LINUX_IF_BRIDGE_H
+#define _LINUX_IF_BRIDGE_H

 #include <linux/types.h>
 #include <linux/if_ether.h>
@ -855,4 +855,4 @@ enum {
 	__BRIDGE_QUERIER_MAX
 };
 #define BRIDGE_QUERIER_MAX (__BRIDGE_QUERIER_MAX - 1)
-#endif /* _UAPI_LINUX_IF_BRIDGE_H */
+#endif /* _LINUX_IF_BRIDGE_H */
--- a/src/basic/linux/if_ether.h
+++ b/src/basic/linux/if_ether.h
@ -19,8 +19,8 @@
 *		2 of the License, or (at your option) any later version.
 */

-#ifndef _UAPI_LINUX_IF_ETHER_H
-#define _UAPI_LINUX_IF_ETHER_H
+#ifndef _LINUX_IF_ETHER_H
+#define _LINUX_IF_ETHER_H

 #include <linux/types.h>

@ -178,4 +178,4 @@ struct ethhdr {
 #endif


-#endif /* _UAPI_LINUX_IF_ETHER_H */
+#endif /* _LINUX_IF_ETHER_H */
--- a/src/basic/linux/if_link.h
+++ b/src/basic/linux/if_link.h
@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
-#ifndef _UAPI_LINUX_IF_LINK_H
-#define _UAPI_LINUX_IF_LINK_H
+#ifndef _LINUX_IF_LINK_H
+#define _LINUX_IF_LINK_H

 #include <linux/types.h>
 #include <linux/netlink.h>
@ -393,10 +393,8 @@ enum {
 };

 /* backwards compatibility for userspace */
-#ifndef __KERNEL__
 #define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
 #define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
-#endif

 enum {
 	IFLA_INET_UNSPEC,
@ -1466,6 +1464,8 @@ enum {
 	IFLA_GTP_ROLE,
 	IFLA_GTP_CREATE_SOCKETS,
 	IFLA_GTP_RESTART_COUNT,
+	IFLA_GTP_LOCAL,
+	IFLA_GTP_LOCAL6,
 	__IFLA_GTP_MAX,
 };
 #define IFLA_GTP_MAX (__IFLA_GTP_MAX - 1)
@ -1771,6 +1771,7 @@ enum {
 	IFLA_HSR_PROTOCOL,		/* Indicate different protocol than
 					 * HSR. For example PRP.
 					 */
+	IFLA_HSR_INTERLINK,		/* HSR interlink network device */
 	__IFLA_HSR_MAX,
 };

@ -1956,4 +1957,4 @@ enum {

 #define IFLA_DSA_MAX	(__IFLA_DSA_MAX - 1)

-#endif /* _UAPI_LINUX_IF_LINK_H */
+#endif /* _LINUX_IF_LINK_H */
--- a/Show More
+++ b/Show More