In a post to tech@, Martin Pieuchot (mpi@) has requested testing of a diff (against -current) to enable running the upper part of the fault handler in parallel :

Hello,

Diff below enables running the fault handler in parallel.  Please test
an report back, with dmesg, if this increases or decreases the perfs of
your usual setup.

Thanks for the help,
Martin

LibreSSL version 4.1.0 has been released.

This is the version found in (the recently released) OpenBSD 7.7

The release notes read,

We have released LibreSSL 4.1.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 4.1.x branch, also available with OpenBSD 7.7

It includes the following changes from LibreSSL 4.0.0:

    * Portable changes
      - Added initial experimental support for loongarch64.
      - Fixed compilation for mips32 and reenable CI.
      - Fixed CMake builds on FreeBSD.
      - Fixed the --prefix option for cmake --install.
      - Fixed tests for MinGW due to missing sh(1).

Klemens Nanni (kn@) committed a change removing misleading messages on package update:

CVSROOT:	/cvs
Module name:	src
Changes by:	kn@cvs.openbsd.org	2025/04/28 12:56:25

Modified files:
	usr.sbin/pkg_add/OpenBSD: Delete.pm 

Log message:
Stop advising to remove files on update

The following only make sense on for pkg_delete(1), yet pkg_add(1) prints
them as well, which is confusing at best and trips up way too many people:
"You should also run ..." (often "rm -rf /something/important*")
"You should also remove ..."

No longer print those when -u is used.
There may be some commands

"i like it" ian kirill
OK phessler kmos

Quieter and more accurate updates - what's not to like?

As we saw recently in the Graphed and measured: running TCP input in parallel story, Alexander Bluhm (bluhm@) has been working on parallel TCP input, finally making tcp_input() MP-safe. This work has now been committed,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Alexander Bluhm <bluhm () openbsd ! org>
Date:       2025-04-26 13:58:08
CVSROOT:	/cvs
Module name:	src
Changes by:	bluhm@cvs.openbsd.org	2025/04/26 07:58:08

Modified files:
	sys/netinet    : in_proto.c 
	sys/netinet6   : in6_proto.c 

Log message:
Run TCP input in parallel on multiple CPUs.

The OpenBSD project has announced OpenBSD 7.7, its 58^th release.

The new release contains a number of significant improvements, including but certainly not limited to:

• Multiple SMP improvements have been made. TCP output and TCP timers now run in parallel. Only TCP input still uses exclusive netlock.
• drm(4) has been updated to to Linux 6.12.21
• Performance policy specification is now more flexible. [See earlier report]
• sysctl(8) now supports an input file. [See earlier report]
• Improvements to network hardware support include new drivers ice(4) for Intel E810 Ethernet devices, and ixv(4) for virtual functions of Intel 82598EB, 82559, and X540.
• By default, sysupgrade(8) now upgrades to the next release. [See earlier report]
• fw_update(8) now supports arbitrary dmesg files. [See earlier report]
• Support for FRAME sockets was added. [See earlier report]
• ifconfig scan can now detect/display WPA3 access points.
• (Limited) EFI boot manager support has been added to installboot(8).
• unwind(8) now supports wildcards in block list. [See earlier report]
• rpki-client(8) now has a stricter aging policy for Trust Anchor certificates. [See earlier report]
• LibreSSL 4.1.0 [See earlier report for version 4.0.0]
• OpenSSH 10.0 [See earlier reports on sshd(8) splitting, and on release]

See the full changelog for more details of the changes made over this latest six month development cycle.

The Installation Guide details how to get the system up and running with a fresh install, while those who already run earlier releases should follow the Upgrade Guide, in most cases using sysupgrade(8).

Readers are encouraged to celebrate the new release by donating to the project to support further development of our favourite OS!

Our favorite operating system may be on the verge of having a LLDP (Link Layer Discovery Protocol) daemon added to the base system. David Gwynne (dlg@) is circulating a patch on tech@ that introduces the daemon,

List:       openbsd-tech
Subject:    LLDP daemon and display tool
From:       David Gwynne <david () gwynne ! id ! au>
Date:       2025-04-24 3:49:53

this adds a small daemon and command line tool for receiving and
displaying LLDP messages from neighbors connected to Ethernet
interfaces.

the daemon is called olldpd(8) to avoid colliding with the existing
lldpd from ports. the command line tool is lldp(8).

it uses the AF_FRAME sockets that were recently added rather than BPF.
this means it retains fewer privileges while it's running because it
doesn't have to open and configure BPF devices when new interfaces
appear in the system. avoiding BPF means it has basically 0 impact on
the kernel packet path because AF_FRAME is handled as a last resort for
packets rather than up front for every packet on an interface.

In a recent post to tech@, David Gwynne (dlg@) introduced a new daemon to log packets from BPF.

The message reads

List:       openbsd-tech
Subject:    bpflogd(8): capture packets via BPF to log files
From:       David Gwynne <david () gwynne ! id ! au>
Date:       2025-04-24 5:44:53

this is basically pflogd(8), but different.

the reason it exists is because i needed to continously log some packets
from span ports coming from multiple switches to try and help debug a
network issue that only seems to occur every couple of months. pflogd
provides that for a single pflog interface, but i needed it on multiple
ethernet interfaces.

Version 0.111 of Game of Trees has been released (and the port updated, with additional useful information in the commit message):

• introduce gotsysd: configure gotd servers by committing to gotsys.git repo
• make gotd run 'gotsys check' on gotsys.conf commits before accepting them
• make gotd run 'gotsys apply' when the gotsys.git repo receives changes
• add a missing malloc failure check to gotd's repo_write process
• make got clone/fetch work against Git servers which do not speak English
• stop processing more messages upon error in gotd repo_write process
• close file descriptors passed to gotd_imsg_compose_event() on failure
• potential fix for use-after-free in lib/repository.c's match_packed_object()
• make gotd return an informative error when the connection limit is exceeded
• in gotctl info, display the time when a client connection was created
• add reload support to gotd, triggered via 'gotctl reload', not via SIGHUP!
• test S_ISREG in parse_ref_file() explicitly rather than via getline(3)
• release ref-file lock when fstat fails in parse_ref_file()
• do not treat unhandled signals as a fatal error in gotwebd
• fix an edge case of tog spinning when 'B' is pressed in log view
• stop using got_repo_map_path() in gotwebd to fix spurious realpath(3) errors
• avoid creation of pack_fds array when not needed, saving file descriptors
• gotwebd now runs as the _gotwebd user by default, rather than "www"
• gotwebd can now serve repositories outside the /var/www chroot directory
• the gotwebd.conf repos_path directive is no longer relative to the chroot
• get rid of the gotwebd-specific libexec helpers in /var/www/bin/gotwebd
• improve gotwebd behaviour when sending data to already disconnected clients
• plug some memory leaks in got-send-pack and got-fetch-pack
• fix got-fetch-http performance when server sends chunked HTTP responses

Over on tech@, Alexander Bluhm (bluhm@) is airing a patch to improve parallel TCP input, and is looking for testers:

List:       openbsd-tech
Subject:    running TCP input in parallel
From:       Alexander Bluhm <bluhm () openbsd ! org>
Date:       2025-04-17 16:53:19

Hi,

To run tcp_input() in parallel efficently, we have to lock the
socket in a smart way.  I have measured multiple variants.

http://bluhm.genua.de/perform/results/2025-04-16T09:33:58Z/perform.html

The relevant TCP graph is here.

http://bluhm.genua.de/perform/results/2025-04-16T09:33:58Z/gnuplot/tcp.html
http://bluhm.genua.de/perform/results/2025-04-16T09:33:58Z/gnuplot/tcp6.html

First column (left) is no locking at all, just exclusive net lock.