erspan(4), the ERSPAN collection driver created by David Gwynne (dlg@) [and about which we recently reported] has been committed to the tree:

CVSROOT:	/cvs
Module name:	src
Changes by:	dlg@cvs.openbsd.org	2025/05/13 19:54:12

Modified files:
	sys/net        : if_gre.c 

Log message:
add support for the ERSPAN Type II protocol

ERSPAN is a specific GRE 0 protocol id with GRE sequence numbers
enabled, with it's own shim header, and then an Ethernet payload.

Version 0.112 of Game of Trees has been released (and the port updated):

• remove /tmp/got-importmsg temp files when import commit message is left empty
• rely on secondary _gotwebd groups if repos_path is not owned by _gotwebd group
• fix unrelated errors being reported if a histedit operation is aborted
• implement support for protected references in gotsys.conf and gotsysd
• plug memory leaks in some libexec helpers and in the gitconfig parser
• stop needlessly opening the repository whenever a work tree is opened

Omar Polo (op@) has announced the release of version 7.7.0p0 of OpenSMTPD:

[…]
Changes in this release:
========================

 - mail.lmtp: Correctly propagate LMTP permanent failures to smtpd.
 - Fixed connect filter request documentation in smtpd-filters.7.
 - Updated to new imsg APIs.
[…]

See the full release announcement for all the details.

Our favorite operating system is in the process of aquiring Encapsulated Remote Switch Port Analyzer (ERSPAN) support, in the form of a new virtual network interface, dubbed erspan(4).

An early version of the code, but possibly close to being ready for further development in-tree was presented by David Gwynne (dlg@) in a message to tech@:

List:       openbsd-tech
Subject:    erspan(4): ERSPAN Type II collection
From:       David Gwynne <david () gwynne ! id ! au>
Date:       2025-05-12 1:27:59

we were exploring how to better let us see what's happening on access
networks or specific ports on a switch at work. our switches are
pretty much all cisco, which has ERSPAN.

ERSPAN in it's various forms ships Ethernet packets over GRE for
collection and analysis on another system. There's 3 types of ERSPAN
encapsulation, but Type II seems broadly implemented.

Over on tech@, Ted Unangst (tedu@) is airing a patch to introduce better support ACPI WMI, looking for tests and comments:

List:       openbsd-tech
Subject:    acpi wmi asus driver
From:       "Ted Unangst" <tedu () tedunangst ! com>
Date:       2025-05-11 1:57:07

My newish ASUS laptop needs WMI to handle hotkeys like backlight toggle.

More importantly, for me, it's needed to handle the Fn-F hotkey to switch
fan/performance profiles. The system is far more pleasant to use in whisper
mode. I also notice a substantial improvement in battery life, without much
performance difference. It affects the power limits, but more long term I
think.

Alexander Bluhm (bluhm@) has committed changes which eliminate contention by caching the socket lock in TCP input:

CVSROOT:	/cvs
Module name:	src
Changes by:	bluhm@cvs.openbsd.org	2025/05/07 08:10:19

Modified files:
	sys/net        : if.c if_var.h 
	sys/netinet    : tcp_input.c tcp_var.h 

Log message:
Cache socket lock during TCP input.

Parallel TCP input is running for a few days now and looks quite
stable.  Final step is to implement caching of the socket lock.
Without large receive offloading (LRO) in the driver layer, it is
very likely that consecutive TCP segments are in the input queue.
This leads to contention of the socket lock between TCP input and
socket receive syscall from userland.

Following its recent introduction on tech@ [See earlier article], David Gwynne (dlg@) has committed bpflogd(8) to the tree:

CVSROOT:	/cvs
Module name:	src
Changes by:	dlg@cvs.openbsd.org	2025/05/06 19:41:59

Added files:
	usr.sbin/bpflogd: Makefile bpflogd.8 bpflogd.c log.c log.h 

Log message:
bpflogd(8): capture packets from BPF and write them to a log file

this is like pflogd(8), but different. the main differences are:

Following its recent introduction on tech@ [See earlier article], David Gwynne (dlg@) has committed lldpd(8) to the tree:

CVSROOT:	/cvs
Module name:	src
Changes by:	dlg@cvs.openbsd.org	2025/05/02 00:12:53

Added files:
	usr.sbin/lldpd : Makefile lldpctl.h lldpd.8 lldpd.c log.c log.h 
	                 pdu.c pdu.h 

Log message:
lldpd(8): a daemon that acts as an LLDP agent on Ethernet interfaces.

lldpd uses the recently added AF_FRAME Ethernet sockets to listen
for LLDP packets on all Ethernet interfaces in the system, and
stores them so a lldp(8) client connecting to the control socket
can fetch and display the packets.

Damien Miller (djm@) has completed the planned [See previous articles] removal of DSA signature support from OpenSSH:

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2025/05/05 23:40:56

Modified files:
	usr.bin/ssh    : sshkey.h sshkey.c sshd.c sshd-session.c 
	                 sshd-auth.c sshconnect.c ssh_config ssh.c 
	                 ssh-keysign.c ssh-keyscan.c ssh-keygen.c 
	                 ssh-add.c readconf.c pathnames.h hostfile.c 
	                 dns.c authfile.c authfd.c PROTOCOL 
Removed files:
	usr.bin/ssh    : ssh-dss.c 

Log message:
finally remove DSA signature support from OpenSSH.

feedback/ok tb@, ok deraadt@

The editors would like to encourage our readers to arrange a proper wake for this one.
Please keep going until we can be quadruply sure it's all gone.