From b8cf0a282afc3cf092e92076f8f15c7a9ed35f55 Mon Sep 17 00:00:00 2001
From: purplerain <purplerain@secbsd.org>
Date: Fri, 5 Jul 2024 02:44:07 +0000
Subject: [PATCH] sync with OpenBSD -current

---
 etc/daily                           |   5 +-
 share/man/man8/daily.8              |   6 +-
 sys/dev/acpi/qcgpio.c               |  23 ++++-
 sys/dev/fdt/qcscm.c                 |   4 +-
 sys/dev/fdt/qcspmi.c                | 137 +++++++++++++++++++++-------
 sys/net/pf.c                        |  14 ++-
 sys/net/pf_norm.c                   |  17 +++-
 sys/netinet6/ip6_forward.c          |  11 ++-
 sys/netinet6/ip6_input.c            |  14 ++-
 sys/netinet6/ip6_mroute.c           |  20 ++--
 sys/netinet6/ip6_output.c           |  13 ++-
 sys/netinet6/ip6_var.h              |   5 +-
 sys/uvm/uvm_addr.c                  |  26 +-----
 sys/uvm/uvm_addr.h                  |   4 +-
 usr.bin/ssh/ssh_config.5            |   8 +-
 usr.bin/ssh/sshd_config.5           |   8 +-
 usr.sbin/radiusd/radiusd.conf.5     |  35 ++++---
 usr.sbin/radiusd/radiusd_bsdauth.8  |   8 +-
 usr.sbin/radiusd/radiusd_standard.8 |   6 +-
 19 files changed, 237 insertions(+), 127 deletions(-)

diff --git a/etc/daily b/etc/daily
index 5463c72fc..32a61146d 100644
--- a/etc/daily
+++ b/etc/daily
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: daily,v 1.99 2024/05/30 14:29:05 sthen Exp $
+#	$OpenBSD: daily,v 1.100 2024/07/04 05:06:58 bket Exp $
 #	From: @(#)daily	8.2 (Berkeley) 1/25/94
 #
 # For local additions, create the file /etc/daily.local.
@@ -136,9 +136,6 @@ done
 next_part "Services that should be running but aren't:"
 rcctl ls failed
 
-next_part "Services that are running but shouldn't:"
-rcctl ls rogue
-
 next_part "Filesystems which need to be dumped:"
 dump w | grep -vB1 ^Dump
 
diff --git a/share/man/man8/daily.8 b/share/man/man8/daily.8
index 20743edc7..22071017a 100644
--- a/share/man/man8/daily.8
+++ b/share/man/man8/daily.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: daily.8,v 1.30 2024/05/16 11:33:59 solene Exp $
+.\"	$OpenBSD: daily.8,v 1.31 2024/07/04 05:06:58 bket Exp $
 .\"
 .\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 16 2024 $
+.Dd $Mdocdate: July 4 2024 $
 .Dt DAILY 8
 .Os
 .Sh NAME
@@ -112,7 +112,7 @@ for the mount options, e.g.
 Checks daemon status.
 Lists any daemons which are enabled in
 .Xr rc.conf.local 8
-but which are not actually running (and vice versa).
+but which are not actually running.
 .It
 Reports on which file systems need to be dumped via
 .Xr dump 8 .
diff --git a/sys/dev/acpi/qcgpio.c b/sys/dev/acpi/qcgpio.c
index c1b0c3b48..c9ce00cd5 100644
--- a/sys/dev/acpi/qcgpio.c
+++ b/sys/dev/acpi/qcgpio.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: qcgpio.c,v 1.9 2023/04/11 04:45:11 mglocker Exp $	*/
+/*	$OpenBSD: qcgpio.c,v 1.10 2024/07/04 18:35:36 patrick Exp $	*/
 /*
  * Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
  *
@@ -93,11 +93,13 @@ struct cfdriver qcgpio_cd = {
 const char *qcgpio_hids[] = {
 	"QCOM060C",
 	"QCOM080D",
+	"QCOM0C0C",
 	NULL
 };
 
 int	qcgpio_sc7180_pin_map(int, bus_size_t *);
 int	qcgpio_sc8280xp_pin_map(int, bus_size_t *);
+int	qcgpio_x1e80100_pin_map(int, bus_size_t *);
 
 int	qcgpio_read_pin(void *, int);
 void	qcgpio_write_pin(void *, int, int);
@@ -142,6 +144,9 @@ qcgpio_acpi_attach(struct device *parent, struct device *self, void *aux)
 	} else if (strcmp(aaa->aaa_dev, "QCOM060C") == 0) {
 		sc->sc_npins = 228;
 		sc->sc_pin_map = qcgpio_sc8280xp_pin_map;
+	} else if (strcmp(aaa->aaa_dev, "QCOM0C0C") == 0) {
+		sc->sc_npins = 239;
+		sc->sc_pin_map = qcgpio_x1e80100_pin_map;
 	}
 	KASSERT(sc->sc_npins != 0);
 
@@ -223,6 +228,22 @@ qcgpio_sc8280xp_pin_map(int pin, bus_size_t *off)
 	}
 }
 
+int
+qcgpio_x1e80100_pin_map(int pin, bus_size_t *off)
+{
+	switch (pin) {
+	case 3:
+	case 51:
+		return pin;
+	case 0x180:
+		return 67;
+	case 0x3c0:
+		return 3;
+	default:
+		return -1;
+	}
+}
+
 int
 qcgpio_read_pin(void *cookie, int pin)
 {
diff --git a/sys/dev/fdt/qcscm.c b/sys/dev/fdt/qcscm.c
index 93ed4cd0d..50b9f9e0b 100644
--- a/sys/dev/fdt/qcscm.c
+++ b/sys/dev/fdt/qcscm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: qcscm.c,v 1.6 2024/06/23 22:04:53 patrick Exp $ */
+/* $OpenBSD: qcscm.c,v 1.7 2024/07/04 20:11:46 kettenis Exp $ */
 /*
  * Copyright (c) 2022 Patrick Wildt <patrick@blueri.se>
  *
@@ -744,8 +744,6 @@ qcscm_uefi_rtc_set(uint32_t off)
 		return 0;
 
 	rtcinfo[0] = off;
-	rtcinfo[1] = 0x10000;
-	rtcinfo[2] = 0;
 
 	if (qcscm_uefi_set_variable(sc, u"RTCInfo", sizeof(u"RTCInfo"),
 	    &qcscm_uefi_rtcinfo_guid, EFI_VARIABLE_NON_VOLATILE |
diff --git a/sys/dev/fdt/qcspmi.c b/sys/dev/fdt/qcspmi.c
index abf1c2395..5cc807f71 100644
--- a/sys/dev/fdt/qcspmi.c
+++ b/sys/dev/fdt/qcspmi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: qcspmi.c,v 1.4 2024/05/13 01:15:50 jsg Exp $	*/
+/*	$OpenBSD: qcspmi.c,v 1.5 2024/07/04 21:54:38 kettenis Exp $	*/
 /*
  * Copyright (c) 2022 Patrick Wildt <patrick@blueri.se>
  *
@@ -34,14 +34,16 @@
 #define  SPMI_VERSION_V2_MIN		0x20010000
 #define  SPMI_VERSION_V3_MIN		0x30000000
 #define  SPMI_VERSION_V5_MIN		0x50000000
-#define SPMI_ARB_APID_MAP(x)	(0x900 + (x) * 0x4)
+#define  SPMI_VERSION_V7_MIN		0x70000000
+#define SPMI_ARB_APID_MAP(sc, x)	((sc)->sc_arb_apid_map + (x) * 0x4)
 #define  SPMI_ARB_APID_MAP_PPID_MASK	0xfff
 #define  SPMI_ARB_APID_MAP_PPID_SHIFT	8
 #define  SPMI_ARB_APID_MAP_IRQ_OWNER	(1 << 14)
 
 /* Channel registers. */
-#define SPMI_CHAN_OFF(x)	(0x10000 * (x))
-#define SPMI_OBSV_OFF(x, y)	(0x10000 * (x) + 0x80 * (y))
+#define SPMI_CHAN_OFF(sc, x)	((sc)->sc_chan_stride * (x))
+#define SPMI_OBSV_OFF(sc, x, y)	\
+	((sc)->sc_obsv_ee_stride * (x) + (sc)->sc_obsv_apid_stride * (y))
 #define SPMI_COMMAND		0x00
 #define  SPMI_COMMAND_OP_EXT_WRITEL	(0 << 27)
 #define  SPMI_COMMAND_OP_EXT_READL	(1 << 27)
@@ -75,14 +77,15 @@
 #define SPMI_IRQ_CLEAR		0x108
 
 /* Intr registers */
-#define SPMI_OWNER_ACC_STATUS(x, y)	(0x10000 * (x) + 0x4 * (y))
+#define SPMI_OWNER_ACC_STATUS(sc, x, y)	\
+	((sc)->sc_chan_stride * (x) + 0x4 * (y))
 
 /* Config registers */
-#define SPMI_OWNERSHIP_TABLE(x)	(0x700 + (x) * 0x4)
+#define SPMI_OWNERSHIP_TABLE(sc, x)	((sc)->sc_ownership_table + (x) * 0x4)
 #define  SPMI_OWNERSHIP_TABLE_OWNER(x)	((x) & 0x7)
 
 /* Misc */
-#define SPMI_MAX_PERIPH		512
+#define SPMI_MAX_PERIPH		1024
 #define SPMI_MAX_PPID		4096
 #define SPMI_PPID_TO_APID_VALID	(1U << 15)
 #define SPMI_PPID_TO_APID_MASK	(0x7fff)
@@ -144,6 +147,12 @@ struct qcspmi_softc {
 
 	struct qcspmi_apid	sc_apid[SPMI_MAX_PERIPH];
 	uint16_t		sc_ppid_to_apid[SPMI_MAX_PPID];
+	uint16_t		sc_max_periph;
+	bus_size_t		sc_chan_stride;
+	bus_size_t		sc_obsv_ee_stride;
+	bus_size_t		sc_obsv_apid_stride;
+	bus_size_t		sc_arb_apid_map;
+	bus_size_t		sc_ownership_table;
 
 	struct spmi_controller	sc_tag;
 	struct interrupt_controller sc_ic;
@@ -180,7 +189,8 @@ qcspmi_match(struct device *parent, void *match, void *aux)
 {
 	struct fdt_attach_args *faa = aux;
 
-	return OF_is_compatible(faa->fa_node, "qcom,spmi-pmic-arb");
+	return OF_is_compatible(faa->fa_node, "qcom,spmi-pmic-arb") ||
+	    OF_is_compatible(faa->fa_node, "qcom,x1e80100-spmi-pmic-arb");
 }
 
 void
@@ -190,15 +200,14 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 	struct qcspmi_softc *sc = (struct qcspmi_softc *)self;
 	struct qcspmi_apid *apid, *last_apid;
 	uint32_t val, ppid, irq_own;
-	struct spmi_attach_args sa;
-	char name[32];
-	uint32_t reg[2];
-	int i, j, node;
+	struct fdt_reg *spmi_reg;
+	int spmi_nreg;
+	int i, j, node, spmi;
 
 	sc->sc_node = faa->fa_node;
 	sc->sc_iot = faa->fa_iot;
 
-	for (i = 0; i < nitems(qcspmi_regs); i++) {
+	for (i = QCSPMI_REG_CORE; i < QCSPMI_REG_INTR; i++) {
 		j = OF_getindex(faa->fa_node, qcspmi_regs[i], "reg-names");
 		if (j < 0 || j >= faa->fa_nreg) {
 			printf(": no %s registers\n", qcspmi_regs[i]);
@@ -212,13 +221,69 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 		}
 	}
 
-	/* Support only version 5 for now */
+	spmi = OF_getnodebyname(faa->fa_node, "spmi");
+	if (spmi) {
+		/* Multiple busses; only support the first. */
+		uint32_t reg[8];
+
+		if (OF_getpropintarray(spmi, "reg", reg,
+		    sizeof(reg)) != sizeof(reg)) {
+			printf(": no spmi registers\n");
+			return;
+		}
+
+		spmi_reg = faa->fa_reg;
+		spmi_reg[0].addr = ((uint64_t)reg[0] << 32) | reg[1];
+		spmi_reg[0].size = ((uint64_t)reg[2] << 32) | reg[3];
+		spmi_reg[1].addr = ((uint64_t)reg[4] << 32) | reg[5];
+		spmi_reg[1].size = ((uint64_t)reg[6] << 32) | reg[7];
+		spmi_nreg = 2;
+	} else {
+		/* Single bus. */
+		spmi = faa->fa_node;
+		spmi_reg = faa->fa_reg;
+		spmi_nreg = faa->fa_nreg;
+	}
+
+	for (i = QCSPMI_REG_INTR; i < QCSPMI_REG_MAX; i++) {
+		j = OF_getindex(spmi, qcspmi_regs[i], "reg-names");
+		if (j < 0 || j >= spmi_nreg) {
+			printf(": no %s registers\n", qcspmi_regs[i]);
+			return;
+		}
+
+		if (bus_space_map(sc->sc_iot, spmi_reg[j].addr,
+		    spmi_reg[j].size, 0, &sc->sc_ioh[i])) {
+			printf(": can't map %s registers\n", qcspmi_regs[i]);
+			return;
+		}
+	}
+
+	/* Support only version 5 and 7 for now */
 	val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_VERSION);
 	if (val < SPMI_VERSION_V5_MIN) {
 		printf(": unsupported version 0x%08x\n", val);
 		return;
 	}
 
+	if (val < SPMI_VERSION_V7_MIN) {
+		sc->sc_max_periph = 512;
+		sc->sc_chan_stride = 0x10000;
+		sc->sc_obsv_ee_stride = 0x10000;
+		sc->sc_obsv_apid_stride = 0x00080;
+		sc->sc_arb_apid_map = 0x00900;
+		sc->sc_ownership_table = 0x00700;
+	} else {
+		sc->sc_max_periph = 1024;
+		sc->sc_chan_stride = 0x01000;
+		sc->sc_obsv_ee_stride = 0x08000;
+		sc->sc_obsv_apid_stride = 0x00020;
+		sc->sc_arb_apid_map = 0x02000;
+		sc->sc_ownership_table = 0x00000;
+	}
+
+	KASSERT(sc->sc_max_periph <= SPMI_MAX_PERIPH);
+
 	sc->sc_ee = OF_getpropint(sc->sc_node, "qcom,ee", 0);
 	if (sc->sc_ee > 5) {
 		printf(": unsupported EE\n");
@@ -227,7 +292,7 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 
 	TAILQ_INIT(&sc->sc_intrq);
 
-	sc->sc_ih = fdt_intr_establish(sc->sc_node, IPL_BIO, qcspmi_intr,
+	sc->sc_ih = fdt_intr_establish(spmi, IPL_BIO, qcspmi_intr,
 	    sc, sc->sc_dev.dv_xname);
 	if (sc->sc_ih == NULL) {
 		printf(": can't establish interrupt\n");
@@ -236,14 +301,14 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 
 	printf("\n");
 
-	for (i = 0; i < SPMI_MAX_PERIPH; i++) {
-		val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_ARB_APID_MAP(i));
+	for (i = 0; i < sc->sc_max_periph; i++) {
+		val = HREAD4(sc, QCSPMI_REG_CORE, SPMI_ARB_APID_MAP(sc, i));
 		if (!val)
 			continue;
 		ppid = (val >> SPMI_ARB_APID_MAP_PPID_SHIFT) &
 		    SPMI_ARB_APID_MAP_PPID_MASK;
 		irq_own = val & SPMI_ARB_APID_MAP_IRQ_OWNER;
-		val = HREAD4(sc, QCSPMI_REG_CNFG, SPMI_OWNERSHIP_TABLE(i));
+		val = HREAD4(sc, QCSPMI_REG_CNFG, SPMI_OWNERSHIP_TABLE(sc, i));
 		apid = &sc->sc_apid[i];
 		apid->write_ee = SPMI_OWNERSHIP_TABLE_OWNER(val);
 		apid->irq_ee = 0xff;
@@ -265,7 +330,7 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 	sc->sc_tag.sc_cmd_read = qcspmi_cmd_read;
 	sc->sc_tag.sc_cmd_write = qcspmi_cmd_write;
 
-	sc->sc_ic.ic_node = faa->fa_node;
+	sc->sc_ic.ic_node = spmi;
 	sc->sc_ic.ic_cookie = sc;
 	sc->sc_ic.ic_establish = qcspmi_intr_establish;
 	sc->sc_ic.ic_disestablish = qcspmi_intr_disestablish;
@@ -274,7 +339,11 @@ qcspmi_attach(struct device *parent, struct device *self, void *aux)
 	sc->sc_ic.ic_barrier = qcspmi_intr_barrier;
 	fdt_intr_register(&sc->sc_ic);
 
-	for (node = OF_child(faa->fa_node); node; node = OF_peer(node)) {
+	for (node = OF_child(spmi); node; node = OF_peer(node)) {
+		struct spmi_attach_args sa;
+		uint32_t reg[2];
+		char name[32];
+
 		if (OF_getpropintarray(node, "reg", reg,
 		    sizeof(reg)) != sizeof(reg))
 			continue;
@@ -330,13 +399,13 @@ qcspmi_cmd_read(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr,
 	apid = sc->sc_ppid_to_apid[ppid] & SPMI_PPID_TO_APID_MASK;
 
 	HWRITE4(sc, QCSPMI_REG_OBSRVR,
-	    SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_COMMAND,
+	    SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_COMMAND,
 	    SPMI_COMMAND_OP_EXT_READL | SPMI_COMMAND_ADDR(addr) |
 	    SPMI_COMMAND_LEN(bc));
 
 	for (i = 1000; i > 0; i--) {
 		reg = HREAD4(sc, QCSPMI_REG_OBSRVR,
-		    SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_STATUS);
+		    SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_STATUS);
 		if (reg & SPMI_STATUS_DONE)
 			break;
 	}
@@ -350,14 +419,14 @@ qcspmi_cmd_read(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr,
 
 	if (len > 0) {
 		reg = HREAD4(sc, QCSPMI_REG_OBSRVR,
-		    SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_RDATA0);
+		    SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_RDATA0);
 		memcpy(cbuf, &reg, MIN(len, 4));
 		cbuf += MIN(len, 4);
 		len -= MIN(len, 4);
 	}
 	if (len > 0) {
 		reg = HREAD4(sc, QCSPMI_REG_OBSRVR,
-		    SPMI_OBSV_OFF(sc->sc_ee, apid) + SPMI_RDATA1);
+		    SPMI_OBSV_OFF(sc, sc->sc_ee, apid) + SPMI_RDATA1);
 		memcpy(cbuf, &reg, MIN(len, 4));
 		cbuf += MIN(len, 4);
 		len -= MIN(len, 4);
@@ -394,25 +463,25 @@ qcspmi_cmd_write(void *cookie, uint8_t sid, uint8_t cmd, uint16_t addr,
 
 	if (len > 0) {
 		memcpy(&reg, cbuf, MIN(len, 4));
-		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) +
+		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) +
 		    SPMI_WDATA0, reg);
 		cbuf += MIN(len, 4);
 		len -= MIN(len, 4);
 	}
 	if (len > 0) {
 		memcpy(&reg, cbuf, MIN(len, 4));
-		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) +
+		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) +
 		    SPMI_WDATA1, reg);
 		cbuf += MIN(len, 4);
 		len -= MIN(len, 4);
 	}
 
-	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) + SPMI_COMMAND,
+	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) + SPMI_COMMAND,
 	    SPMI_COMMAND_OP_EXT_WRITEL | SPMI_COMMAND_ADDR(addr) |
 	    SPMI_COMMAND_LEN(bc));
 
 	for (i = 1000; i > 0; i--) {
-		reg = HREAD4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(apid) +
+		reg = HREAD4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, apid) +
 		    SPMI_STATUS);
 		if (reg & SPMI_STATUS_DONE)
 			break;
@@ -492,7 +561,7 @@ qcspmi_intr_establish(void *cookie, int *cells, int ipl,
 	if (error)
 		printf("%s: cannot write irq setting\n", sc->sc_dev.dv_xname);
 
-	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) +
+	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) +
 	    SPMI_IRQ_CLEAR, (1U << ih->ih_pin));
 	qcspmi_intr_enable(ih);
 
@@ -522,7 +591,7 @@ qcspmi_intr_enable(void *cookie)
 	uint8_t reg[2];
 	int error;
 
-	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) +
+	HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) +
 	    SPMI_ACC_ENABLE, SPMI_ACC_ENABLE_BIT);
 
 	error = spmi_cmd_read(&sc->sc_tag, ih->ih_sid, SPMI_CMD_EXT_READL,
@@ -576,22 +645,22 @@ qcspmi_intr(void *arg)
 
 	TAILQ_FOREACH(ih, &sc->sc_intrq, ih_q) {
 		status = HREAD4(sc, QCSPMI_REG_INTR,
-		    SPMI_OWNER_ACC_STATUS(sc->sc_ee, ih->ih_apid / 32));
+		    SPMI_OWNER_ACC_STATUS(sc, sc->sc_ee, ih->ih_apid / 32));
 		if (!(status & (1U << (ih->ih_apid % 32))))
 			continue;
 		status = HREAD4(sc, QCSPMI_REG_CHNLS,
-		    SPMI_CHAN_OFF(ih->ih_apid) + SPMI_ACC_ENABLE);
+		    SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_ACC_ENABLE);
 		if (!(status & SPMI_ACC_ENABLE_BIT))
 			continue;
 		status = HREAD4(sc, QCSPMI_REG_CHNLS,
-		    SPMI_CHAN_OFF(ih->ih_apid) + SPMI_IRQ_STATUS);
+		    SPMI_CHAN_OFF(sc, ih->ih_apid) + SPMI_IRQ_STATUS);
 		if (!(status & (1U << ih->ih_pin)))
 			continue;
 
 		ih->ih_func(ih->ih_arg);
 		handled = 1;
 
-		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(ih->ih_apid) +
+		HWRITE4(sc, QCSPMI_REG_CHNLS, SPMI_CHAN_OFF(sc, ih->ih_apid) +
 		    SPMI_IRQ_CLEAR, (1U << ih->ih_pin));
 		reg = 1U << ih->ih_pin;
 		error = spmi_cmd_write(&sc->sc_tag, ih->ih_sid,
diff --git a/sys/net/pf.c b/sys/net/pf.c
index b967b11aa..f22c31900 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1200 2024/07/02 18:33:47 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.1201 2024/07/04 12:50:08 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -7986,14 +7986,20 @@ done:
 			break;
 		case AF_INET6:
 			if (pd.dir == PF_IN) {
-				int flags;
+				int flags = IPV6_REDIRECT;
 
-				if (ip6_forwarding == 0) {
+				switch (ip6_forwarding) {
+				case 2:
+					SET(flags, IPV6_FORWARDING_IPSEC);
+					/* FALLTHROUGH */
+				case 1:
+					SET(flags, IPV6_FORWARDING);
+					break;
+				default:
 					ip6stat_inc(ip6s_cantforward);
 					action = PF_DROP;
 					goto out;
 				}
-				flags = IPV6_FORWARDING | IPV6_REDIRECT;
 				ip6_forward(pd.m, NULL, flags);
 			} else
 				ip6_output(pd.m, NULL, NULL, 0, NULL, NULL);
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 8799b845e..4178fe785 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.231 2024/06/20 19:25:42 bluhm Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.232 2024/07/04 12:50:08 bluhm Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1011,7 +1011,20 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst,
 	while ((m = ml_dequeue(&ml)) != NULL) {
 		m->m_pkthdr.pf.flags |= PF_TAG_REFRAGMENTED;
 		if (ifp == NULL) {
-			ip6_forward(m, NULL, IPV6_FORWARDING);
+			int flags = 0;
+
+			switch (ip6_forwarding) {
+			case 2:
+				SET(flags, IPV6_FORWARDING_IPSEC);
+				/* FALLTHROUGH */
+			case 1:
+				SET(flags, IPV6_FORWARDING);
+				break;
+			default:
+				ip6stat_inc(ip6s_cantforward);
+				return (PF_DROP);
+			}
+			ip6_forward(m, NULL, flags);
 		} else if ((u_long)m->m_pkthdr.len <= ifp->if_mtu) {
 			ifp->if_output(ifp, m, sin6tosa(dst), rt);
 		} else {
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index 9daf51f92..c706c32c5 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_forward.c,v 1.119 2024/06/20 19:25:42 bluhm Exp $	*/
+/*	$OpenBSD: ip6_forward.c,v 1.120 2024/07/04 12:50:08 bluhm Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $	*/
 
 /*
@@ -315,6 +315,15 @@ reroute:
 	}
 #endif
 
+#ifdef IPSEC
+	if (ISSET(flags, IPV6_FORWARDING) &&
+	    ISSET(flags, IPV6_FORWARDING_IPSEC) &&
+	    !ISSET(m->m_pkthdr.ph_tagsset, PACKET_TAG_IPSEC_IN_DONE)) {
+		error = EHOSTUNREACH;
+		goto senderr;
+	}
+#endif
+
 	error = if_output_tso(ifp, &m, dst, rt, ifp->if_mtu);
 	if (error)
 		ip6stat_inc(ip6s_cantforward);
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index de9468ecc..6952cf632 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_input.c,v 1.263 2024/06/20 19:25:42 bluhm Exp $	*/
+/*	$OpenBSD: ip6_input.c,v 1.264 2024/07/04 12:50:08 bluhm Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -416,8 +416,14 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 		SET(flags, IPV6_REDIRECT);
 #endif
 
-	if (ip6_forwarding != 0)
+	switch (ip6_forwarding) {
+	case 2:
+		SET(flags, IPV6_FORWARDING_IPSEC);
+		/* FALLTHROUGH */
+	case 1:
 		SET(flags, IPV6_FORWARDING);
+		break;
+	}
 
 	/*
 	 * Without embedded scope ID we cannot find link-local
@@ -491,7 +497,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 			 * must be discarded, else it may be accepted below.
 			 */
 			KERNEL_LOCK();
-			error = ip6_mforward(ip6, ifp, m);
+			error = ip6_mforward(ip6, ifp, m, flags);
 			KERNEL_UNLOCK();
 			if (error) {
 				ip6stat_inc(ip6s_cantforward);
@@ -1442,7 +1448,7 @@ const struct sysctl_bounded_args ipv6ctl_vars[] = {
 #ifdef MROUTING
 	{ IPV6CTL_MRTPROTO, &ip6_mrtproto, SYSCTL_INT_READONLY },
 #endif
-	{ IPV6CTL_FORWARDING, &ip6_forwarding, 0, 1 },
+	{ IPV6CTL_FORWARDING, &ip6_forwarding, 0, 2 },
 	{ IPV6CTL_SENDREDIRECTS, &ip6_sendredirects, 0, 1 },
 	{ IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 },
 	{ IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 },
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
index f2ab244ff..34bcb28ce 100644
--- a/sys/netinet6/ip6_mroute.c
+++ b/sys/netinet6/ip6_mroute.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_mroute.c,v 1.142 2024/06/07 08:37:59 jsg Exp $	*/
+/*	$OpenBSD: ip6_mroute.c,v 1.143 2024/07/04 12:50:08 bluhm Exp $	*/
 /*	$NetBSD: ip6_mroute.c,v 1.59 2003/12/10 09:28:38 itojun Exp $	*/
 /*	$KAME: ip6_mroute.c,v 1.45 2001/03/25 08:38:51 itojun Exp $	*/
 
@@ -122,8 +122,8 @@ int mcast6_debug = 1;
 	do { } while (0)
 #endif
 
-int ip6_mdq(struct mbuf *, struct ifnet *, struct rtentry *);
-void phyint_send6(struct ifnet *, struct ip6_hdr *, struct mbuf *);
+int ip6_mdq(struct mbuf *, struct ifnet *, struct rtentry *, int);
+void phyint_send6(struct ifnet *, struct ip6_hdr *, struct mbuf *, int);
 
 /*
  * Globals.  All but ip6_mrouter, ip6_mrtproto and mrt6stat could be static,
@@ -853,7 +853,7 @@ socket6_send(struct socket *so, struct mbuf *mm, struct sockaddr_in6 *src)
  * discard it.
  */
 int
-ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
+ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m, int flags)
 {
 	struct rtentry *rt;
 	struct mif6 *mifp;
@@ -902,7 +902,7 @@ ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
 
 	/* Entry exists, so forward if necessary */
 	if (rt) {
-		return (ip6_mdq(m, ifp, rt));
+		return (ip6_mdq(m, ifp, rt, flags));
 	} else {
 		/*
 		 * If we don't have a route for packet's origin,
@@ -997,7 +997,7 @@ mf6c_expire_route(struct rtentry *rt, u_int rtableid)
  * Packet forwarding routine once entry in the cache is made
  */
 int
-ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt)
+ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int flags)
 {
 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 	struct mif6 *m6, *mifp = (struct mif6 *)ifp->if_mcast6;
@@ -1085,7 +1085,7 @@ ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt)
 		m6->m6_pkt_out++;
 		m6->m6_bytes_out += plen;
 
-		phyint_send6(ifn, ip6, m);
+		phyint_send6(ifn, ip6, m, flags);
 		if_put(ifn);
 	} while ((rt = rtable_iterate(rt)) != NULL);
 
@@ -1093,7 +1093,7 @@ ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt)
 }
 
 void
-phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m)
+phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m, int flags)
 {
 	struct mbuf *mb_copy;
 	struct sockaddr_in6 *dst6, sin6;
@@ -1126,8 +1126,8 @@ phyint_send6(struct ifnet *ifp, struct ip6_hdr *ip6, struct mbuf *m)
 		/* XXX: ip6_output will override ip6->ip6_hlim */
 		im6o.im6o_hlim = ip6->ip6_hlim;
 		im6o.im6o_loop = 1;
-		error = ip6_output(mb_copy, NULL, NULL, IPV6_FORWARDING, &im6o,
-		    NULL);
+		error = ip6_output(mb_copy, NULL, NULL, flags | IPV6_FORWARDING,
+		    &im6o, NULL);
 		return;
 	}
 
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index c65bfd0b9..c5c82e5fe 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_output.c,v 1.291 2024/04/17 20:48:51 bluhm Exp $	*/
+/*	$OpenBSD: ip6_output.c,v 1.292 2024/07/04 12:50:08 bluhm Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -533,7 +533,7 @@ reroute:
 			 */
 			if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain] &&
 			    (flags & IPV6_FORWARDING) == 0) {
-				if (ip6_mforward(ip6, ifp, m) != 0) {
+				if (ip6_mforward(ip6, ifp, m, flags) != 0) {
 					m_freem(m);
 					goto done;
 				}
@@ -644,6 +644,15 @@ reroute:
 	}
 #endif
 
+#ifdef IPSEC
+	if (ISSET(flags, IPV6_FORWARDING) &&
+	    ISSET(flags, IPV6_FORWARDING_IPSEC) &&
+	    !ISSET(m->m_pkthdr.ph_tagsset, PACKET_TAG_IPSEC_IN_DONE)) {
+		error = EHOSTUNREACH;
+		goto bad;
+	}
+#endif
+
 	/*
 	 * If the packet is not going on the wire it can be destined
 	 * to any local address.  In this case do not clear its scopes
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 47fca707d..bbe59c744 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_var.h,v 1.118 2024/06/20 19:25:42 bluhm Exp $	*/
+/*	$OpenBSD: ip6_var.h,v 1.119 2024/07/04 12:50:08 bluhm Exp $	*/
 /*	$KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $	*/
 
 /*
@@ -270,6 +270,7 @@ ip6stat_add(enum ip6stat_counters c, uint64_t v)
 #define IPV6_FORWARDING		0x02	/* most of IPv6 header exists */
 #define IPV6_MINMTU		0x04	/* use minimum MTU (IPV6_USE_MIN_MTU) */
 #define IPV6_REDIRECT		0x08	/* redirected by pf */
+#define IPV6_FORWARDING_IPSEC	0x10	/* only packets processed by IPsec */
 
 extern int ip6_mtudisc_timeout;		/* mtu discovery */
 extern struct rttimer_queue icmp6_mtudisc_timeout_q;
@@ -316,7 +317,7 @@ int	ip6_unknown_opt(struct mbuf **, u_int8_t *, int);
 int	ip6_get_prevhdr(struct mbuf *, int);
 int	ip6_nexthdr(struct mbuf *, int, int, int *);
 int	ip6_lasthdr(struct mbuf *, int, int, int *);
-int	ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *);
+int	ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *, int);
 int	ip6_process_hopopts(struct mbuf **, u_int8_t *, int, u_int32_t *,
 	     u_int32_t *);
 void	ip6_savecontrol(struct inpcb *, struct mbuf *, struct mbuf **);
diff --git a/sys/uvm/uvm_addr.c b/sys/uvm/uvm_addr.c
index 904218034..d022bdf3a 100644
--- a/sys/uvm/uvm_addr.c
+++ b/sys/uvm/uvm_addr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvm_addr.c,v 1.35 2024/06/07 06:04:43 jsg Exp $	*/
+/*	$OpenBSD: uvm_addr.c,v 1.36 2024/07/04 04:52:10 jsg Exp $	*/
 
 /*
  * Copyright (c) 2011 Ariane van der Steldt <ariane@stack.nl>
@@ -290,30 +290,6 @@ uvm_addr_destroy(struct uvm_addr_state *uaddr)
 		(*uaddr->uaddr_functions->uaddr_destroy)(uaddr);
 }
 
-/*
- * Move address forward to satisfy align, offset.
- */
-vaddr_t
-uvm_addr_align(vaddr_t addr, vaddr_t align, vaddr_t offset)
-{
-	vaddr_t result = (addr & ~(align - 1)) + offset;
-	if (result < addr)
-		result += align;
-	return result;
-}
-
-/*
- * Move address backwards to satisfy align, offset.
- */
-vaddr_t
-uvm_addr_align_back(vaddr_t addr, vaddr_t align, vaddr_t offset)
-{
-	vaddr_t result = (addr & ~(align - 1)) + offset;
-	if (result > addr)
-		result -= align;
-	return result;
-}
-
 /*
  * Directional first fit.
  *
diff --git a/sys/uvm/uvm_addr.h b/sys/uvm/uvm_addr.h
index f16126da8..987fcbad9 100644
--- a/sys/uvm/uvm_addr.h
+++ b/sys/uvm/uvm_addr.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvm_addr.h,v 1.7 2017/01/17 17:19:21 stefan Exp $	*/
+/*	$OpenBSD: uvm_addr.h,v 1.8 2024/07/04 04:52:10 jsg Exp $	*/
 
 /*
  * Copyright (c) 2011 Ariane van der Steldt <ariane@stack.nl>
@@ -75,8 +75,6 @@ struct uvm_addr_functions {
 
 void			 uvm_addr_init(void);
 void			 uvm_addr_destroy(struct uvm_addr_state *);
-vaddr_t			 uvm_addr_align(vaddr_t, vaddr_t, vaddr_t);
-vaddr_t			 uvm_addr_align_back(vaddr_t, vaddr_t, vaddr_t);
 int			 uvm_addr_linsearch(struct vm_map *,
 			    struct uvm_addr_state *, struct vm_map_entry **,
 			    vaddr_t *addr_out, vaddr_t, vsize_t,
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 129ed951b..10ce6ea31 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $
-.Dd $Mdocdate: June 17 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.397 2024/07/04 22:53:59 djm Exp $
+.Dd $Mdocdate: July 4 2024 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1383,8 +1383,8 @@ DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of verbose output.
 .It Cm LogVerbose
 Specify one or more overrides to LogLevel.
-An override consists of a pattern lists that matches the source file, function
-and line number to force detailed logging for.
+An override consists of one or more pattern lists that matches the
+source file, function and line number to force detailed logging for.
 For example, an override pattern of:
 .Bd -literal -offset indent
 kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index ef31e91b3..b76386513 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.365 2024/06/24 06:59:39 jmc Exp $
-.Dd $Mdocdate: June 24 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.366 2024/07/04 22:53:59 djm Exp $
+.Dd $Mdocdate: July 4 2024 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1134,8 +1134,8 @@ Logging with a DEBUG level violates the privacy of users and is not recommended.
 .It Cm LogVerbose
 Specify one or more overrides to
 .Cm LogLevel .
-An override consists of a pattern lists that matches the source file, function
-and line number to force detailed logging for.
+An override consists of one or more pattern lists that matches the
+source file, function and line number to force detailed logging for.
 For example, an override pattern of:
 .Bd -literal -offset indent
 kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
diff --git a/usr.sbin/radiusd/radiusd.conf.5 b/usr.sbin/radiusd/radiusd.conf.5
index d4270a97a..1e0f0e7ef 100644
--- a/usr.sbin/radiusd/radiusd.conf.5
+++ b/usr.sbin/radiusd/radiusd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusd.conf.5,v 1.24 2024/07/03 06:09:13 yasuoka Exp $
+.\"	$OpenBSD: radiusd.conf.5,v 1.27 2024/07/04 13:14:26 sobrado Exp $
 .\"
 .\" Copyright (c) 2014 Esdenera Networks GmbH
 .\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc.
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 3 2024 $
+.Dd $Mdocdate: July 4 2024 $
 .Dt RADIUSD.CONF 5
 .Os
 .Sh NAME
@@ -35,7 +35,7 @@ Keywords may be specified multiple times within the configuration file.
 The configuration options are as follows:
 .Bl -tag -width Ds
 .It Xo
-.Ic listen on Ar address Oo Ic accounting Oc Ic port Ar port
+.Ic listen on Ar address Oo Ic accounting Oc Oo Ic port Ar port Oc
 .Xc
 Specify an
 .Ar address
@@ -113,8 +113,12 @@ and
 .Ar value
 must be quoted to be distinguished from the reserved word if needed.
 .El
-.It Ic authenticate Ar username-pattern ... Ic by Ar auth Oo Ic decorated-by \
-Ar deco ...  Oc
+.It Xo
+.Ic authenticate
+.Ar username-pattern ...
+.Ic by Ar auth
+.Op Ic decorate-by Ar deco ...
+.Xc
 Specify an authentication configuration for the users specified by
 .Ar username-pattern .
 The users matched by the pattern are authenticated by the module
@@ -133,8 +137,13 @@ matches an authenticating user is used.
 Optionally decoration modules can be specified by
 .Ar deco .
 The specified modules decorate the RADIUS messages in the configured order.
-.It Ic account Oo Ic quick Oc Ar username-pattern ... Ic to Ar module \
-Oo Ic decoratd by Ar deco ... Oc
+.It Xo
+.Ic account
+.Op Ic quick
+.Ar username-pattern ...
+.Ic to Ar module
+.Op Ic decorate-by Ar deco ...
+.Xc
 Specify an accounting configuration for the users specified by
 .Ar username-pattern .
 The accounting messages for the users matched by the pattern are handled
@@ -144,13 +153,11 @@ Use shell globbing rules for the patterns;
 multiple patterns can be determined by separating them with space characters.
 When multiple
 .Ic account
-lines are selected,
-all account settings whose
-.Ar username-pattern
-matches an accounting users are used.
-until the user matches the setting with the
-.Ar quick
-option.
+configurations are specified,
+all matches are used;
+if the user matches a pattern with the
+.Ic quick
+option, then processing stops after that configuration.
 .Pp
 Optionally decoration modules can be specified by
 .Ar deco .
diff --git a/usr.sbin/radiusd/radiusd_bsdauth.8 b/usr.sbin/radiusd/radiusd_bsdauth.8
index 219eee0ea..3c37a7030 100644
--- a/usr.sbin/radiusd/radiusd_bsdauth.8
+++ b/usr.sbin/radiusd/radiusd_bsdauth.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusd_bsdauth.8,v 1.1 2024/07/02 00:00:12 yasuoka Exp $
+.\"	$OpenBSD: radiusd_bsdauth.8,v 1.2 2024/07/04 05:25:14 jmc Exp $
 .\"
 .\" Copyright (c) 2014 Esdenera Networks GmbH
 .\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc.
@@ -17,7 +17,7 @@
 .\"
 .\" The following requests are required for all man pages.
 .\"
-.Dd $Mdocdate: July 2 2024 $
+.Dd $Mdocdate: July 4 2024 $
 .Dt RADIUSD_BSDAUTH 8
 .Os
 .Sh NAME
@@ -52,8 +52,8 @@ module executable.
 .El
 .Sh SEE ALSO
 .Xr authenticate 3 ,
-.Xr radiusd 8 ,
-.Xr radiusd.conf 5
+.Xr radiusd.conf 5 ,
+.Xr radiusd 8
 .Sh HISTORY
 The
 .Nm
diff --git a/usr.sbin/radiusd/radiusd_standard.8 b/usr.sbin/radiusd/radiusd_standard.8
index d434c7c22..85f440ad5 100644
--- a/usr.sbin/radiusd/radiusd_standard.8
+++ b/usr.sbin/radiusd/radiusd_standard.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusd_standard.8,v 1.2 2024/07/02 00:33:51 yasuoka Exp $
+.\"	$OpenBSD: radiusd_standard.8,v 1.3 2024/07/04 05:27:20 jmc Exp $
 .\"
 .\" Copyright (c) 2014 Esdenera Networks GmbH
 .\" Copyright (c) 2014, 2024 Internet Initiative Japan Inc.
@@ -17,7 +17,7 @@
 .\"
 .\" The following requests are required for all man pages.
 .\"
-.Dd $Mdocdate: July 2 2024 $
+.Dd $Mdocdate: July 4 2024 $
 .Dt RADIUSD_STANDARD 8
 .Os
 .Sh NAME
@@ -41,7 +41,7 @@ The
 .Nm
 module supports the following configuration key and value:
 .Pp
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Ic strip-atmark-realm Ar true | false
 Remove the realm part which starts with @
 .Pq atmark