Translated using Weblate (Italian)

Currently translated at 100.0% (187 of 187 strings)

Co-authored-by: Milo Casagrande <milo@milo.name>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/it/
Translation: systemd/master

man/systemd.netdev.xml

@@ -183,6 +183,8 @@
           <row><entry><varname>ifb</varname></entry>
           <entry> The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
 
+          <row><entry><varname>bareudp</varname></entry>
+          <entry> Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of an UDP tunnel.</entry></row>
         </tbody>
       </tgroup>
     </table>
@@ -819,6 +821,38 @@
           <para>Accepts the same key in [VXLAN] section.</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><varname>Independent=</varname></term>
+        <listitem>
+          <para>Takes a boolean. When true, the vxlan interface is created without underlying interfaces.
+          Defaults to <literal>false</literal>.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>[BareUDP] Section Options</title>
+
+    <para>The [BareUDP] section only applies for
+    netdevs of kind <literal>bareudp</literal>, and accepts the
+    following keys:</para>
+
+    <variablelist class='network-directives'>
+      <varlistentry>
+        <term><varname>DestinationPort=</varname></term>
+        <listitem>
+          <para>Specifies the destination UDP port (in range 1…65535). This is mandatory.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>EtherType=</varname></term>
+        <listitem>
+          <para>Specifies the L3 protocol. Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>mpls-uc</literal>
+          or <literal>mpls-mc</literal>. This is mandatory.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

po/it.po

@@ -3,21 +3,22 @@
 # Italian translation for systemd package
 # Traduzione in italiano per il pacchetto systemd
 # Daniele Medri <dmedri@gmail.com>, 2013-2020.
-#
+# Milo Casagrande <milo@milo.name>, 2020.
 msgid ""
 msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-08-19 18:02+0200\n"
-"PO-Revision-Date: 2020-02-27 17:22+0100\n"
-"Last-Translator: Daniele Medri <dmedri@gmail.com>\n"
-"Language-Team: Italian\n"
+"PO-Revision-Date: 2020-09-15 08:29+0000\n"
+"Last-Translator: Milo Casagrande <milo@milo.name>\n"
+"Language-Team: Italian <https://translate.fedoraproject.org/projects/systemd/"
+"master/it/>\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.2.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -27,7 +28,7 @@ msgstr "Invia la frase segreta (passphrase) al sistema"
 msgid ""
 "Authentication is required to send the entered passphrase back to the system."
 msgstr ""
-"Autenticazione richiesta per inviare la frase segreta (passphrase) al "
+"È richiesto autenticarsi per inviare la frase segreta (passphrase) al "
 "sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:33
@@ -37,7 +38,7 @@ msgstr "Gestisci i servizi o le altre unità di sistema"
 #: src/core/org.freedesktop.systemd1.policy.in:34
 msgid "Authentication is required to manage system services or other units."
 msgstr ""
-"Autenticazione richiesta per gestire i servizi o le altre unità di sistema."
+"È richiesto autenticarsi per gestire i servizi o le altre unità di sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:43
 msgid "Manage system service or unit files"
@@ -46,7 +47,7 @@ msgstr "Gestisci i file dei servizi o delle unità di sistema"
 #: src/core/org.freedesktop.systemd1.policy.in:44
 msgid "Authentication is required to manage system service or unit files."
 msgstr ""
-"Autenticazione richiesta per gestire i file dei servizi o delle unità di "
+"È richiesto autenticarsi per gestire i file dei servizi o delle unità di "
 "sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:54
@@ -59,7 +60,7 @@ msgid ""
 "Authentication is required to set or unset system and service manager "
 "environment variables."
 msgstr ""
-"Autenticazione richiesta per configurare le variabili d'ambiente per la "
+"È richiesto autenticarsi per configurare le variabili d'ambiente per la "
 "gestione dei servizi e del sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:64
@@ -68,27 +69,23 @@ msgstr "Ricarica lo stato di systemd"
 
 #: src/core/org.freedesktop.systemd1.policy.in:65
 msgid "Authentication is required to reload the systemd state."
-msgstr "Autenticazione richiesta per riavviare lo stato di sistemd."
+msgstr "È richiesto autenticarsi per riavviare lo stato di sistemd."
 
 #: src/home/org.freedesktop.home1.policy:13
 msgid "Create a home area"
 msgstr "Crea un'area home"
 
 #: src/home/org.freedesktop.home1.policy:14
-#, fuzzy
-#| msgid "Authentication is required to creat a user's home area."
 msgid "Authentication is required to create a user's home area."
-msgstr "Autenticazione richiesta per creare un'area home per l'utente."
+msgstr "È richiesto autenticarsi per creare l'area home di un utente."
 
 #: src/home/org.freedesktop.home1.policy:23
 msgid "Remove a home area"
 msgstr "Rimuovi un'area home"
 
 #: src/home/org.freedesktop.home1.policy:24
-#, fuzzy
-#| msgid "Authentication is required to remov a user's home area."
 msgid "Authentication is required to remove a user's home area."
-msgstr "Autenticazione richiesta per rimuovere un'area home per l'utente."
+msgstr "È richiesto autenticarsi per rimuovere l'area home di un utente."
 
 #: src/home/org.freedesktop.home1.policy:33
 msgid "Check credentials of a home area"
@@ -98,7 +95,7 @@ msgstr "Controlla credenziali di un'area home"
 msgid ""
 "Authentication is required to check credentials against a user's home area."
 msgstr ""
-"Autenticazione richiesta per controllare le credenziali di un'area home per "
+"È richiesto autenticarsi per controllare le credenziali di un'area home per "
 "l'utente."
 
 #: src/home/org.freedesktop.home1.policy:43
@@ -106,34 +103,27 @@ msgid "Update a home area"
 msgstr "Aggiorna un'area home"
 
 #: src/home/org.freedesktop.home1.policy:44
-#, fuzzy
-#| msgid "Authentication is required to updat a user's home area."
 msgid "Authentication is required to update a user's home area."
-msgstr "Autenticazione richiesta per aggiornare un'area home per l'utente."
+msgstr "È richiesto autenticarsi per aggiornare l'area home di un l'utente."
 
 #: src/home/org.freedesktop.home1.policy:53
 msgid "Resize a home area"
 msgstr "Ridimensiona un'area home"
 
 #: src/home/org.freedesktop.home1.policy:54
-#, fuzzy
-#| msgid "Authentication is required to resiz a user's home area."
 msgid "Authentication is required to resize a user's home area."
-msgstr "Autenticazione richiesta per ridimensionare l'area home dell'utente."
+msgstr "È richiesto autenticarsi per ridimensionare l'area home di un'utente."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Change password of a home area"
-msgstr "Cambia password di un'area home"
+msgstr "Modifica password di un'area home"
 
 #: src/home/org.freedesktop.home1.policy:64
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to chang the password of a user's home area."
 msgid ""
 "Authentication is required to change the password of a user's home area."
 msgstr ""
-"Autenticazione richiesta per cambiare le password per l'area home "
-"dell'utente."
+"È richiesto autenticarsi per modificare la password dell'area home di un "
+"utente."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
 msgid "Set hostname"
@@ -141,7 +131,7 @@ msgstr "Configura il nome host"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
 msgid "Authentication is required to set the local hostname."
-msgstr "Autenticazione richiesta per configurare il nome host locale."
+msgstr "È richiesto autenticarsi per configurare il nome host locale."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
 msgid "Set static hostname"
@@ -152,7 +142,7 @@ msgid ""
 "Authentication is required to set the statically configured local hostname, "
 "as well as the pretty hostname."
 msgstr ""
-"Autenticazione richiesta per configurare staticamente il nome host locale e "
+"È richiesto autenticarsi per configurare staticamente il nome host locale e "
 "il nome host descrittivo."
 
 #: src/hostname/org.freedesktop.hostname1.policy:41
@@ -162,7 +152,7 @@ msgstr "Configura le informazioni sulla macchina"
 #: src/hostname/org.freedesktop.hostname1.policy:42
 msgid "Authentication is required to set local machine information."
 msgstr ""
-"Autenticazione richiesta per configurare le informazioni sulla macchina "
+"È richiesto autenticarsi per configurare le informazioni sulla macchina "
 "locale."
 
 #: src/hostname/org.freedesktop.hostname1.policy:51
@@ -171,7 +161,7 @@ msgstr "Ottieni UUID del prodotto"
 
 #: src/hostname/org.freedesktop.hostname1.policy:52
 msgid "Authentication is required to get product UUID."
-msgstr "Autenticazione richiesta per ottenere UUID del prodotto."
+msgstr "È richiesto autenticarsi per ottenere lo UUID del prodotto."
 
 #: src/import/org.freedesktop.import1.policy:22
 msgid "Import a VM or container image"
@@ -179,7 +169,7 @@ msgstr "Importa un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:23
 msgid "Authentication is required to import a VM or container image"
-msgstr "Autenticazione richiesta per importare un'immagine VM o un container"
+msgstr "È richiesto autenticarsi per importare un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:32
 msgid "Export a VM or container image"
@@ -187,7 +177,7 @@ msgstr "Esporta un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:33
 msgid "Authentication is required to export a VM or container image"
-msgstr "Autenticazione richiesta per esportare un'immagine VM o un container"
+msgstr "È richiesto autenticarsi per esportare un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:42
 msgid "Download a VM or container image"
@@ -195,7 +185,7 @@ msgstr "Scarica un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:43
 msgid "Authentication is required to download a VM or container image"
-msgstr "Autenticazione richiesta per scaricare un'immagine VM o un container"
+msgstr "È richiesto autenticarsi per scaricare un'immagine VM o un container"
 
 #: src/locale/org.freedesktop.locale1.policy:22
 msgid "Set system locale"
@@ -204,7 +194,7 @@ msgstr "Configura le impostazioni regionali di sistema"
 #: src/locale/org.freedesktop.locale1.policy:23
 msgid "Authentication is required to set the system locale."
 msgstr ""
-"Autenticazione richiesta per configurare le impostazioni regionali di "
+"È richiesto autenticarsi per configurare le impostazioni regionali di "
 "sistema."
 
 #: src/locale/org.freedesktop.locale1.policy:33
@@ -213,7 +203,7 @@ msgstr "Configura la tastiera di sistema"
 
 #: src/locale/org.freedesktop.locale1.policy:34
 msgid "Authentication is required to set the system keyboard settings."
-msgstr "Autenticazione richiesta per configurare la tastiera di sistema."
+msgstr "È richiesto autenticarsi per configurare la tastiera di sistema."
 
 #: src/login/org.freedesktop.login1.policy:22
 msgid "Allow applications to inhibit system shutdown"
@@ -223,7 +213,7 @@ msgstr "Consenti alle applicazioni di inibire lo spegnimento del sistema"
 msgid ""
 "Authentication is required for an application to inhibit system shutdown."
 msgstr ""
-"Autenticazione richiesta per un'applicazione per inibire lo spegnimento del "
+"È richiesto autenticarsi per un'applicazione per inibire lo spegnimento del "
 "sistema."
 
 #: src/login/org.freedesktop.login1.policy:33
@@ -233,54 +223,55 @@ msgstr "Consenti alle applicazioni di ritardare lo spegnimento del sistema"
 #: src/login/org.freedesktop.login1.policy:34
 msgid "Authentication is required for an application to delay system shutdown."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per ritardare lo spegnimento del "
+"È richiesto autenticarsi ad un'applicazione per ritardare lo spegnimento del "
 "sistema."
 
 #: src/login/org.freedesktop.login1.policy:44
 msgid "Allow applications to inhibit system sleep"
-msgstr "Consenti alle applicazioni di inibire il sistema in pausa"
+msgstr "Consenti alle applicazioni di inibire la pausa del sistema"
 
 #: src/login/org.freedesktop.login1.policy:45
 msgid "Authentication is required for an application to inhibit system sleep."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per inibire il sistema in pausa."
+"È richiesto autenticarsi affinché un'applicazione possa inibire la pausa del "
+"sistema."
 
 #: src/login/org.freedesktop.login1.policy:55
 msgid "Allow applications to delay system sleep"
-msgstr "Consenti alle applicazioni di ritardare il sistema in pausa"
+msgstr "Consenti alle applicazioni di ritardare la pausa del sistema"
 
 #: src/login/org.freedesktop.login1.policy:56
 msgid "Authentication is required for an application to delay system sleep."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per ritardare il sistema in "
-"pausa."
+"È richiesto autenticarsi affinché un'applicazione possa ritardare la pausa "
+"del sistema."
 
 #: src/login/org.freedesktop.login1.policy:65
 msgid "Allow applications to inhibit automatic system suspend"
 msgstr ""
-"Consenti alle applicazioni di inibire la sospesione automatica del sistema"
+"Consenti alle applicazioni di inibire la sospensione automatica del sistema"
 
 #: src/login/org.freedesktop.login1.policy:66
 msgid ""
 "Authentication is required for an application to inhibit automatic system "
 "suspend."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per inibire la sospensione "
-"automatica del sistema."
+"È richiesto autenticarsi affinché un'applicazione possa inibire la "
+"sospensione automatica del sistema."
 
 #: src/login/org.freedesktop.login1.policy:75
 msgid "Allow applications to inhibit system handling of the power key"
 msgstr ""
-"Consenti alle applicazioni di inibire la gestione di sistema del "
-"tastoaccensione"
+"Consenti alle applicazioni di inibire la gestione di sistema del tasto "
+"accensione"
 
 #: src/login/org.freedesktop.login1.policy:76
 msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the power key."
 msgstr ""
-"Autenticazione richiesta per un'applicazione per inibire la gestione di "
-"sistema del tasto accensione."
+"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
+"di sistema del tasto accensione."
 
 #: src/login/org.freedesktop.login1.policy:86
 msgid "Allow applications to inhibit system handling of the suspend key"
@@ -293,8 +284,8 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the suspend key."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per inibire la gestione di "
-"sistema del tasto di sospensione."
+"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
+"di sistema del tasto di sospensione."
 
 #: src/login/org.freedesktop.login1.policy:97
 msgid "Allow applications to inhibit system handling of the hibernate key"
@@ -307,8 +298,8 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the hibernate key."
 msgstr ""
-"Autenticazione richiesta ad un'applicazione per inibire la gestione di "
-"sistema del tasto di ibernazione."
+"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
+"di sistema del tasto di ibernazione."
 
 #: src/login/org.freedesktop.login1.policy:107
 msgid "Allow applications to inhibit system handling of the lid switch"
@@ -321,7 +312,7 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the lid switch."
 msgstr ""
-"Autenticazione richiesta per consentire ad un'applicazione di inibire la "
+"È richiesto autenticarsi per consentire a un'applicazione di inibire la "
 "gestione di sistema alla apertura/chiusura del portatile."
 
 #: src/login/org.freedesktop.login1.policy:117
@@ -331,7 +322,7 @@ msgstr "Consenti agli utenti non connessi di eseguire programmi"
 #: src/login/org.freedesktop.login1.policy:118
 msgid "Explicit request is required to run programs as a non-logged-in user."
 msgstr ""
-"E' necessaria un'esplicita richiesta per eseguire programmi come utenti non "
+"È necessaria una richiesta esplicita per eseguire programmi come utenti non "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:127
@@ -341,7 +332,7 @@ msgstr "Consenti agli utenti non connessi di eseguire programmi"
 #: src/login/org.freedesktop.login1.policy:128
 msgid "Authentication is required to run programs as a non-logged-in user."
 msgstr ""
-"Autenticazione richiesta per consentire agli utenti non connessi di eseguire "
+"È richiesto autenticarsi per consentire agli utenti non connessi di eseguire "
 "programmi."
 
 #: src/login/org.freedesktop.login1.policy:137
@@ -351,7 +342,7 @@ msgstr "Consenti di collegare dispositivi alle postazioni"
 #: src/login/org.freedesktop.login1.policy:138
 msgid "Authentication is required to attach a device to a seat."
 msgstr ""
-"Autenticazione richiesta per collegare un dispositivo ad una postazione."
+"È richiesto autenticarsi per collegare un dispositivo ad una postazione."
 
 #: src/login/org.freedesktop.login1.policy:148
 msgid "Flush device to seat attachments"
@@ -360,7 +351,7 @@ msgstr "Scollega i dispositivi dalla postazione"
 #: src/login/org.freedesktop.login1.policy:149
 msgid "Authentication is required to reset how devices are attached to seats."
 msgstr ""
-"Autenticazione richiesta per ripristinare come i dispositivi sono collegati "
+"È richiesto autenticarsi per ripristinare come i dispositivi sono collegati "
 "alle postazioni."
 
 #: src/login/org.freedesktop.login1.policy:158
@@ -369,7 +360,7 @@ msgstr "Spegni il sistema"
 
 #: src/login/org.freedesktop.login1.policy:159
 msgid "Authentication is required to power off the system."
-msgstr "Autenticazione richiesta per spegnere il sistema."
+msgstr "È richiesto autenticarsi per spegnere il sistema."
 
 #: src/login/org.freedesktop.login1.policy:169
 msgid "Power off the system while other users are logged in"
@@ -380,7 +371,7 @@ msgid ""
 "Authentication is required to power off the system while other users are "
 "logged in."
 msgstr ""
-"Autenticazione richiesta per spegnere il sistema mentre altri utenti sono "
+"È richiesto autenticarsi per spegnere il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:180
@@ -392,7 +383,7 @@ msgid ""
 "Authentication is required to power off the system while an application is "
 "inhibiting this."
 msgstr ""
-"Autenticazione richiesta per spegnere il sistema mentre un'applicazione "
+"È richiesto autenticarsi per spegnere il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:191
@@ -401,7 +392,7 @@ msgstr "Riavvia il sistema"
 
 #: src/login/org.freedesktop.login1.policy:192
 msgid "Authentication is required to reboot the system."
-msgstr "Autenticazione richiesta per riavviare il sistema."
+msgstr "È richiesto autenticarsi per riavviare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:202
 msgid "Reboot the system while other users are logged in"
@@ -412,7 +403,7 @@ msgid ""
 "Authentication is required to reboot the system while other users are logged "
 "in."
 msgstr ""
-"Autenticazione richiesta per riavviare il sistema mentre altri utenti sono "
+"È richiesto autenticarsi per riavviare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:213
@@ -424,7 +415,7 @@ msgid ""
 "Authentication is required to reboot the system while an application is "
 "inhibiting this."
 msgstr ""
-"Autenticazione richiesta per riavviare il sistema mentre un'applicazione "
+"È richiesto autenticarsi per riavviare il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:224
@@ -433,7 +424,7 @@ msgstr "Ferma il sistema"
 
 #: src/login/org.freedesktop.login1.policy:225
 msgid "Authentication is required to halt the system."
-msgstr "Autenticazione richiesta per fermare il sistema."
+msgstr "È richiesto autenticarsi per fermare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:235
 msgid "Halt the system while other users are logged in"
@@ -444,7 +435,7 @@ msgid ""
 "Authentication is required to halt the system while other users are logged "
 "in."
 msgstr ""
-"Autenticazione richiesta per fermare il sistema mentre altri utenti sono "
+"È richiesto autenticarsi per fermare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:246
@@ -456,7 +447,7 @@ msgid ""
 "Authentication is required to halt the system while an application is "
 "inhibiting this."
 msgstr ""
-"Autenticazione richiesta per ibernare il sistema mentre un'applicazione ne "
+"È richiesto autenticarsi per ibernare il sistema mentre un'applicazione ne "
 "inibisce l'azione."
 
 #: src/login/org.freedesktop.login1.policy:257
@@ -465,7 +456,7 @@ msgstr "Sospendi il sistema"
 
 #: src/login/org.freedesktop.login1.policy:258
 msgid "Authentication is required to suspend the system."
-msgstr "Autenticazione richiesta per sospendere il sistema."
+msgstr "È richiesto autenticarsi per sospendere il sistema."
 
 #: src/login/org.freedesktop.login1.policy:267
 msgid "Suspend the system while other users are logged in"
@@ -476,7 +467,7 @@ msgid ""
 "Authentication is required to suspend the system while other users are "
 "logged in."
 msgstr ""
-"Autenticazione richiesta per sospendere il sistema mentre altri utenti sono "
+"È richiesto autenticarsi per sospendere il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:278
@@ -488,7 +479,7 @@ msgid ""
 "Authentication is required to suspend the system while an application is "
 "inhibiting this."
 msgstr ""
-"Autenticazione richiesta per sospendere il sistema mentre un'applicazione "
+"È richiesto autenticarsi per sospendere il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:289
@@ -497,7 +488,7 @@ msgstr "Iberna il sistema"
 
 #: src/login/org.freedesktop.login1.policy:290
 msgid "Authentication is required to hibernate the system."
-msgstr "Autenticazione richiesta per ibernare il sistema."
+msgstr "È richiesto autenticarsi per ibernare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:299
 msgid "Hibernate the system while other users are logged in"
@@ -508,7 +499,7 @@ msgid ""
 "Authentication is required to hibernate the system while other users are "
 "logged in."
 msgstr ""
-"Autenticazione richiesta per ibernare il sistema mentre altri utenti sono "
+"È richiesto autenticarsi per ibernare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:310
@@ -520,7 +511,7 @@ msgid ""
 "Authentication is required to hibernate the system while an application is "
 "inhibiting this."
 msgstr ""
-"Autenticazione richiesta per ibernare il sistema mentre un'applicazione "
+"È richiesto autenticarsi per ibernare il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:321
@@ -530,7 +521,7 @@ msgstr "Gestione delle sessioni attive, utenti e postazioni"
 #: src/login/org.freedesktop.login1.policy:322
 msgid "Authentication is required to manage active sessions, users and seats."
 msgstr ""
-"Autenticazione richiesta per gestire le sessioni attive, gli utenti e le "
+"È richiesto autenticarsi per gestire le sessioni attive, gli utenti e le "
 "postazioni."
 
 #: src/login/org.freedesktop.login1.policy:331
@@ -539,7 +530,7 @@ msgstr "Blocca/sblocca sessioni attive"
 
 #: src/login/org.freedesktop.login1.policy:332
 msgid "Authentication is required to lock or unlock active sessions."
-msgstr "Autenticazione richiesta per bloccare o sbloccare le sessioni attive."
+msgstr "È richiesto autenticarsi per bloccare o sbloccare le sessioni attive."
 
 #: src/login/org.freedesktop.login1.policy:341
 msgid "Set the reboot \"reason\" in the kernel"
@@ -548,7 +539,7 @@ msgstr "Indica il \"motivo\" del riavvio nel kernel"
 #: src/login/org.freedesktop.login1.policy:342
 msgid "Authentication is required to set the reboot \"reason\" in the kernel."
 msgstr ""
-"Autenticazione richiesta per configurare il \"motivo\" del riavvio nel "
+"È richiesto autenticarsi per configurare il \"motivo\" del riavvio nel "
 "kernel."
 
 #: src/login/org.freedesktop.login1.policy:352
@@ -560,7 +551,7 @@ msgid ""
 "Authentication is required to indicate to the firmware to boot to setup "
 "interface."
 msgstr ""
-"Autenticazione richiesta per indicare al firmware l'avvio di un'interfaccia "
+"È richiesto autenticarsi per indicare al firmware l'avvio di un'interfaccia "
 "di configurazione."
 
 #: src/login/org.freedesktop.login1.policy:363
@@ -572,7 +563,7 @@ msgid ""
 "Authentication is required to indicate to the boot loader to boot to the "
 "boot loader menu."
 msgstr ""
-"Autenticazione richiesta per indicate al boot loader l'avvio di uno "
+"È richiesto autenticarsi per indicate al boot loader l'avvio di uno "
 "specifico menu."
 
 #: src/login/org.freedesktop.login1.policy:374
@@ -584,7 +575,7 @@ msgid ""
 "Authentication is required to indicate to the boot loader to boot into a "
 "specific boot loader entry."
 msgstr ""
-"Autenticazione richiesta per indicare al boot loader l'avvio di una "
+"È richiesto autenticarsi per indicare al boot loader l'avvio di una "
 "specifica voce in elenco."
 
 #: src/login/org.freedesktop.login1.policy:385
@@ -593,7 +584,7 @@ msgstr "Configura un messaggio per gli utenti"
 
 #: src/login/org.freedesktop.login1.policy:386
 msgid "Authentication is required to set a wall message"
-msgstr "Autenticazione richiesta per configurare un messaggio per gli utenti"
+msgstr "È richiesto autenticarsi per configurare un messaggio per gli utenti"
 
 #: src/login/org.freedesktop.login1.policy:395
 msgid "Change Session"
@@ -601,7 +592,7 @@ msgstr "Cambia sessione"
 
 #: src/login/org.freedesktop.login1.policy:396
 msgid "Authentication is required to change the virtual terminal."
-msgstr "Autenticazione richiesta per cambiare il terminale virtuale."
+msgstr "È richiesto autenticarsi per cambiare il terminale virtuale."
 
 #: src/machine/org.freedesktop.machine1.policy:22
 msgid "Log into a local container"
@@ -609,7 +600,7 @@ msgstr "Accedi ad un container locale"
 
 #: src/machine/org.freedesktop.machine1.policy:23
 msgid "Authentication is required to log into a local container."
-msgstr "Autenticazione richiesta per accedere ad un container locale."
+msgstr "È richiesto autenticarsi per accedere ad un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:32
 msgid "Log into the local host"
@@ -617,7 +608,7 @@ msgstr "Accedi in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:33
 msgid "Authentication is required to log into the local host."
-msgstr "Autenticazione richiesta per accedere ad un host locale."
+msgstr "È richiesto autenticarsi per accedere ad un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:42
 msgid "Acquire a shell in a local container"
@@ -625,7 +616,7 @@ msgstr "Apri una shell in un container locale"
 
 #: src/machine/org.freedesktop.machine1.policy:43
 msgid "Authentication is required to acquire a shell in a local container."
-msgstr "Autenticazione richiesta per aprire una shell in un container locale."
+msgstr "È richiesto autenticarsi per aprire una shell in un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:53
 msgid "Acquire a shell on the local host"
@@ -633,7 +624,7 @@ msgstr "Apri una shell in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:54
 msgid "Authentication is required to acquire a shell on the local host."
-msgstr "Autenticazione richiesta per aprire una shell in un host locale."
+msgstr "È richiesto autenticarsi per aprire una shell in un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:64
 msgid "Acquire a pseudo TTY in a local container"
@@ -643,7 +634,7 @@ msgstr "Apri un pseudo TTY in un container locale"
 msgid ""
 "Authentication is required to acquire a pseudo TTY in a local container."
 msgstr ""
-"Autenticazione richiesta per aprire un pseudo TTY in un container locale."
+"È richiesto autenticarsi per aprire un pseudo TTY in un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:74
 msgid "Acquire a pseudo TTY on the local host"
@@ -651,7 +642,7 @@ msgstr "Apri un pseudo TTY in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:75
 msgid "Authentication is required to acquire a pseudo TTY on the local host."
-msgstr "Autenticazione richiesta per aprire un pseudo TTY in un host locale."
+msgstr "È richiesto autenticarsi per aprire un pseudo TTY in un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:84
 msgid "Manage local virtual machines and containers"
@@ -661,7 +652,7 @@ msgstr "Gestisci le virtual machine e i container locali"
 msgid ""
 "Authentication is required to manage local virtual machines and containers."
 msgstr ""
-"Autenticazione richiesta per gestire le virtual machine e i container locali."
+"È richiesto autenticarsi per gestire le virtual machine e i container locali."
 
 #: src/machine/org.freedesktop.machine1.policy:95
 msgid "Manage local virtual machine and container images"
@@ -672,7 +663,7 @@ msgid ""
 "Authentication is required to manage local virtual machine and container "
 "images."
 msgstr ""
-"Autenticazione richiesta per gestire le immagini delle virtual machine e dei "
+"È richiesto autenticarsi per gestire le immagini delle virtual machine e dei "
 "container locali."
 
 #: src/network/org.freedesktop.network1.policy:22
@@ -681,7 +672,7 @@ msgstr "Configura server NTP"
 
 #: src/network/org.freedesktop.network1.policy:23
 msgid "Authentication is required to set NTP servers."
-msgstr "Autenticazione richiesta per configurare i server NTP."
+msgstr "È richiesto autenticarsi per configurare i server NTP."
 
 #: src/network/org.freedesktop.network1.policy:33
 #: src/resolve/org.freedesktop.resolve1.policy:44
@@ -691,7 +682,7 @@ msgstr "Configura i server DNS"
 #: src/network/org.freedesktop.network1.policy:34
 #: src/resolve/org.freedesktop.resolve1.policy:45
 msgid "Authentication is required to set DNS servers."
-msgstr "Autenticazione richiesta per configurare i server DNS."
+msgstr "È richiesto autenticarsi per configurare i server DNS."
 
 #: src/network/org.freedesktop.network1.policy:44
 #: src/resolve/org.freedesktop.resolve1.policy:55
@@ -701,7 +692,7 @@ msgstr "Configura domini"
 #: src/network/org.freedesktop.network1.policy:45
 #: src/resolve/org.freedesktop.resolve1.policy:56
 msgid "Authentication is required to set domains."
-msgstr "Autenticazione richiesta per configurare i domini."
+msgstr "È richiesto autenticarsi per configurare i domini."
 
 #: src/network/org.freedesktop.network1.policy:55
 #: src/resolve/org.freedesktop.resolve1.policy:66
@@ -712,7 +703,7 @@ msgstr "Configura la tabella di instradamento"
 #: src/resolve/org.freedesktop.resolve1.policy:67
 msgid "Authentication is required to set default route."
 msgstr ""
-"Autenticazione richiesta per configurare la tabella di instradamento "
+"È richiesto autenticarsi per configurare la tabella di instradamento "
 "predefinita."
 
 #: src/network/org.freedesktop.network1.policy:66
@@ -723,7 +714,7 @@ msgstr "Abilita/disabilita LLMNR"
 #: src/network/org.freedesktop.network1.policy:67
 #: src/resolve/org.freedesktop.resolve1.policy:78
 msgid "Authentication is required to enable or disable LLMNR."
-msgstr "Autenticazione richiesta per attivare/disattivare LLMNR."
+msgstr "È richiesto autenticarsi per attivare/disattivare LLMNR."
 
 #: src/network/org.freedesktop.network1.policy:77
 #: src/resolve/org.freedesktop.resolve1.policy:88
@@ -733,7 +724,7 @@ msgstr "Abilita/disabilita DNS multicast"
 #: src/network/org.freedesktop.network1.policy:78
 #: src/resolve/org.freedesktop.resolve1.policy:89
 msgid "Authentication is required to enable or disable multicast DNS."
-msgstr "Autenticazione richiesta per abilitare/disabilitare DNS multicast."
+msgstr "È richiesto autenticarsi per abilitare/disabilitare DNS multicast."
 
 #: src/network/org.freedesktop.network1.policy:88
 #: src/resolve/org.freedesktop.resolve1.policy:99
@@ -743,7 +734,7 @@ msgstr "Abilita/disabilita DNS su TLS"
 #: src/network/org.freedesktop.network1.policy:89
 #: src/resolve/org.freedesktop.resolve1.policy:100
 msgid "Authentication is required to enable or disable DNS over TLS."
-msgstr "Autenticazione richiesta per abilitare o disabilitare DNS su TLS."
+msgstr "È richiesto autenticarsi per abilitare o disabilitare DNS su TLS."
 
 #: src/network/org.freedesktop.network1.policy:99
 #: src/resolve/org.freedesktop.resolve1.policy:110
@@ -753,7 +744,7 @@ msgstr "Abilita/disabilita DNSSEC"
 #: src/network/org.freedesktop.network1.policy:100
 #: src/resolve/org.freedesktop.resolve1.policy:111
 msgid "Authentication is required to enable or disable DNSSEC."
-msgstr "Autenticazione richiesta per abilitare o disabilitare DNSSEC."
+msgstr "È richiesto autenticarsi per abilitare o disabilitare DNSSEC."
 
 #: src/network/org.freedesktop.network1.policy:110
 #: src/resolve/org.freedesktop.resolve1.policy:121
@@ -763,8 +754,7 @@ msgstr "Configura DNSSEC Negative Trust Anchors"
 #: src/network/org.freedesktop.network1.policy:111
 #: src/resolve/org.freedesktop.resolve1.policy:122
 msgid "Authentication is required to set DNSSEC Negative Trust Anchors."
-msgstr ""
-"Autenticazione richiesta per configurare DNSSEC Negative Trust Anchors."
+msgstr "È richiesto autenticarsi per configurare DNSSEC Negative Trust Anchors."
 
 #: src/network/org.freedesktop.network1.policy:121
 msgid "Revert NTP settings"
@@ -772,7 +762,7 @@ msgstr "Ripristina configurazioni NTP"
 
 #: src/network/org.freedesktop.network1.policy:122
 msgid "Authentication is required to reset NTP settings."
-msgstr "Autenticazione richiesta per ripristinare le configurazioni NTP."
+msgstr "È richiesto autenticarsi per ripristinare le configurazioni NTP."
 
 #: src/network/org.freedesktop.network1.policy:132
 msgid "Revert DNS settings"
@@ -780,17 +770,15 @@ msgstr "Ripristina configurazioni DNS"
 
 #: src/network/org.freedesktop.network1.policy:133
 msgid "Authentication is required to reset DNS settings."
-msgstr "Autenticazione richiesta per ripristinare le configurazioni DNS."
+msgstr "È richiesto autenticarsi per ripristinare le configurazioni DNS."
 
 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr ""
+msgstr "Il server DHCP invia messaggi di rinnovo forzato"
 
 #: src/network/org.freedesktop.network1.policy:144
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "Autenticazione richiesta per configurare un messaggio per gli utenti"
+msgstr "È richiesto autenticarsi per inviare messaggi di rinnovo forzato."
 
 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
@@ -798,7 +786,7 @@ msgstr "Rinnova indirizzi dinamici"
 
 #: src/network/org.freedesktop.network1.policy:155
 msgid "Authentication is required to renew dynamic addresses."
-msgstr "Autenticazione richiesta per rinnovare gli indirizzi dinamici."
+msgstr "È richiesto autenticarsi per rinnovare gli indirizzi dinamici."
 
 #: src/network/org.freedesktop.network1.policy:165
 msgid "Reload network settings"
@@ -806,7 +794,7 @@ msgstr "Ricarica configurazioni di rete"
 
 #: src/network/org.freedesktop.network1.policy:166
 msgid "Authentication is required to reload network settings."
-msgstr "Autenticazione richiesta per ricaricare le configurazioni di rete."
+msgstr "È richiesto autenticarsi per ricaricare le configurazioni di rete."
 
 #: src/network/org.freedesktop.network1.policy:176
 msgid "Reconfigure network interface"
@@ -814,7 +802,7 @@ msgstr "Riconfigura interfaccia di rete"
 
 #: src/network/org.freedesktop.network1.policy:177
 msgid "Authentication is required to reconfigure network interface."
-msgstr "Autenticazione richiesta per riconfigurare l'interfaccia di rete."
+msgstr "È richiesto autenticarsi per riconfigurare l'interfaccia di rete."
 
 #: src/portable/org.freedesktop.portable1.policy:13
 msgid "Inspect a portable service image"
@@ -823,7 +811,7 @@ msgstr "Ispeziona un'immagine di servizio portabile"
 #: src/portable/org.freedesktop.portable1.policy:14
 msgid "Authentication is required to inspect a portable service image."
 msgstr ""
-"Autenticazione richiesta per ispezionare un'immagine di servizio portabile."
+"È richiesto autenticarsi per ispezionare un'immagine di servizio portabile."
 
 #: src/portable/org.freedesktop.portable1.policy:23
 msgid "Attach or detach a portable service image"
@@ -833,7 +821,7 @@ msgstr "Collega o meno un'immagine di servizio portabile"
 msgid ""
 "Authentication is required to attach or detach a portable service image."
 msgstr ""
-"Autenticazione richiesta per collegare o meno un'immagine di servizio "
+"È richiesto autenticarsi per collegare o meno un'immagine di servizio "
 "portabile."
 
 #: src/portable/org.freedesktop.portable1.policy:34
@@ -844,7 +832,7 @@ msgstr "Elimina o modifica un'immagine di servizio portabile"
 msgid ""
 "Authentication is required to delete or modify a portable service image."
 msgstr ""
-"Autenticazione richiesta per eliminare o modificare un'immagine di servizio "
+"È richiesto autenticarsi per eliminare o modificare un'immagine di servizio "
 "portabile."
 
 #: src/resolve/org.freedesktop.resolve1.policy:22
@@ -853,7 +841,7 @@ msgstr "Registra un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:23
 msgid "Authentication is required to register a DNS-SD service"
-msgstr "Autenticazione richiesta per registrare un servizio DNS-SD"
+msgstr "È richiesto autenticarsi per registrare un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:33
 msgid "Unregister a DNS-SD service"
@@ -862,7 +850,7 @@ msgstr "Annulla la registrazione di un servizio DNS-SD"
 #: src/resolve/org.freedesktop.resolve1.policy:34
 msgid "Authentication is required to unregister a DNS-SD service"
 msgstr ""
-"Autenticazione richiesta per annullare la registrazione di un servizio DNS-SD"
+"È richiesto autenticarsi per annullare la registrazione di un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
@@ -871,99 +859,95 @@ msgstr "Ripristina le configurazioni per la risoluzione dei nomi"
 #: src/resolve/org.freedesktop.resolve1.policy:133
 msgid "Authentication is required to reset name resolution settings."
 msgstr ""
-"Autenticazione richiesta per ripristinare le configurazioni per la "
+"È richiesto autenticarsi per ripristinare le configurazioni per la "
 "risoluzione dei nomi."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"
-msgstr "Configura l'orario di sistema"
+msgstr "Imposta l'orario di sistema"
 
 #: src/timedate/org.freedesktop.timedate1.policy:23
 msgid "Authentication is required to set the system time."
-msgstr "Autenticazione richiesta per configurare l'orario di sistema."
+msgstr "È richiesto autenticarsi per impostare l'orario di sistema."
 
 #: src/timedate/org.freedesktop.timedate1.policy:33
 msgid "Set system timezone"
-msgstr "Configura il fuso orario di sistema"
+msgstr "Imposta il fuso orario di sistema"
 
 #: src/timedate/org.freedesktop.timedate1.policy:34
 msgid "Authentication is required to set the system timezone."
-msgstr "Autenticazione richiesta per configurare il fuso orario di sistema."
+msgstr "È richiesto autenticarsi per impostare il fuso orario di sistema."
 
 #: src/timedate/org.freedesktop.timedate1.policy:43
 msgid "Set RTC to local timezone or UTC"
 msgstr ""
-"Configura l'orologio di sistema (RTC) al fuso orario locale o al tempo "
-"civile (UTC)"
+"Imposta l'orologio di sistema (RTC) al fuso orario locale o al tempo civile "
+"(UTC)"
 
 #: src/timedate/org.freedesktop.timedate1.policy:44
 msgid ""
 "Authentication is required to control whether the RTC stores the local or "
 "UTC time."
 msgstr ""
-"Autenticazione richiesta per verificare se l'orologio di sistema (RTC) è "
+"È richiesto autenticarsi per verificare se l'orologio di sistema (RTC) è "
 "configurato all'orario locale o al tempo civile (UTC)."
 
 #: src/timedate/org.freedesktop.timedate1.policy:53
 msgid "Turn network time synchronization on or off"
-msgstr "Abilita o meno la sincronizzazione dell'orario in rete"
+msgstr "Attiva/Disattiva la sincronizzazione dell'orario in rete"
 
 #: src/timedate/org.freedesktop.timedate1.policy:54
 msgid ""
 "Authentication is required to control whether network time synchronization "
 "shall be enabled."
 msgstr ""
-"Autenticazione richiesta per verificare se la sincronizzazione dell'orario "
+"È richiesto autenticarsi per verificare se la sincronizzazione dell'orario "
 "in rete deve essere attivata."
 
 #: src/core/dbus-unit.c:362
 msgid "Authentication is required to start '$(unit)'."
-msgstr "Autenticazione richiesta per avviare '$(unit)'."
+msgstr "È richiesto autenticarsi per avviare «${unit}»."
 
 #: src/core/dbus-unit.c:363
 msgid "Authentication is required to stop '$(unit)'."
-msgstr "Autenticazione richiesta per fermare '$(unit)'."
+msgstr "È richiesto autenticarsi per fermare «${unit}»."
 
 #: src/core/dbus-unit.c:364
 msgid "Authentication is required to reload '$(unit)'."
-msgstr "Autenticazione richiesta per ricaricare '$(unit)'."
+msgstr "È richiesto autenticarsi per ricaricare «${unit}»."
 
 #: src/core/dbus-unit.c:365 src/core/dbus-unit.c:366
 msgid "Authentication is required to restart '$(unit)'."
-msgstr "Autenticazione richiesta per riavviare '$(unit)'."
+msgstr "È richiesto autenticarsi per riavviare «${unit}»."
 
 #: src/core/dbus-unit.c:538
 msgid ""
 "Authentication is required to send a UNIX signal to the processes of "
 "'$(unit)'."
 msgstr ""
-"Autenticazione richiesta per inviare un segnale UNIX ai processi di "
-"'$(unit)'."
+"È richiesto autenticarsi per inviare un segnale UNIX ai processi di "
+"«${unit}»."
 
 #: src/core/dbus-unit.c:569
 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgstr ""
-"Autenticazione richiesta per riconfigurare lo stato \"fallito\" di '$(unit)'."
+"È richiesto autenticarsi per riconfigurare lo stato \"fallito\" di «${unit}»."
 
 #: src/core/dbus-unit.c:602
 msgid "Authentication is required to set properties on '$(unit)'."
-msgstr "Autenticazione richiesta per configurare le proprietà di '$(unit)'."
+msgstr "È richiesto autenticarsi per configurare le proprietà di «${unit}»."
 
 #: src/core/dbus-unit.c:711
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
 msgstr ""
-"Autenticazione richiesta per eliminare i file e le directory associate a "
-"'$(unit)'."
+"È richiesto autenticarsi per eliminare i file e le directory associate a "
+"«${unit}»."
 
 #: src/core/dbus-unit.c:760
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to send a UNIX signal to the processes of "
-#| "'$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
 msgstr ""
-"Autenticazione richiesta per inviare un segnale UNIX ai processi di "
-"'$(unit)'."
+"È richiesto autenticarsi per bloccare/sbloccare il processo dell'unità "
+"«$(unit)»."

po/ja.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-08-19 18:02+0200\n"
+"POT-Creation-Date: 2020-09-17 20:41+0900\n"
 "PO-Revision-Date: 2018-10-27 07:41+0900\n"
 "Last-Translator: Yu Watanabe <watanabe.yu+github@gmail.com>\n"
 "Language-Team: \n"
@@ -274,62 +274,72 @@ msgid ""
 msgstr "アプリケーションが液晶開閉による動作を阻害するには認証が必要です。"
 
 #: src/login/org.freedesktop.login1.policy:117
+msgid "Allow applications to inhibit system handling of the reboot key"
+msgstr "アプリケーションが再起動ボタンによる動作を阻害することを許可"
+
+#: src/login/org.freedesktop.login1.policy:118
+msgid ""
+"Authentication is required for an application to inhibit system handling of "
+"the reboot key."
+msgstr "アプリケーションが再起動ボタンによる動作を阻害するには認証が必要です。"
+
+#: src/login/org.freedesktop.login1.policy:128
 msgid "Allow non-logged-in user to run programs"
 msgstr "ログインしていないユーザがプログラムを実行することを許可"
 
-#: src/login/org.freedesktop.login1.policy:118
+#: src/login/org.freedesktop.login1.policy:129
 msgid "Explicit request is required to run programs as a non-logged-in user."
 msgstr ""
 "ログインしていないユーザがプログラムを実行するには明示的な要求が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:127
+#: src/login/org.freedesktop.login1.policy:138
 msgid "Allow non-logged-in users to run programs"
 msgstr "ログインしていないユーザがプログラムを実行することを許可"
 
-#: src/login/org.freedesktop.login1.policy:128
+#: src/login/org.freedesktop.login1.policy:139
 msgid "Authentication is required to run programs as a non-logged-in user."
 msgstr "ログインしていないユーザがプログラムを実行するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:137
+#: src/login/org.freedesktop.login1.policy:148
 msgid "Allow attaching devices to seats"
 msgstr "シートにデバイスを接続することを許可"
 
-#: src/login/org.freedesktop.login1.policy:138
+#: src/login/org.freedesktop.login1.policy:149
 msgid "Authentication is required to attach a device to a seat."
 msgstr "シートにデバイスを接続するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:148
+#: src/login/org.freedesktop.login1.policy:159
 msgid "Flush device to seat attachments"
 msgstr "デバイスのシートへの接続のリセット"
 
-#: src/login/org.freedesktop.login1.policy:149
+#: src/login/org.freedesktop.login1.policy:160
 msgid "Authentication is required to reset how devices are attached to seats."
 msgstr "デバイスのシートへの接続をリセットするには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:158
+#: src/login/org.freedesktop.login1.policy:169
 msgid "Power off the system"
 msgstr "システムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:159
+#: src/login/org.freedesktop.login1.policy:170
 msgid "Authentication is required to power off the system."
 msgstr "システムの電源を切るには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:169
+#: src/login/org.freedesktop.login1.policy:180
 msgid "Power off the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:170
+#: src/login/org.freedesktop.login1.policy:181
 msgid ""
 "Authentication is required to power off the system while other users are "
 "logged in."
 msgstr ""
 "他のユーザがログインしている状態でシステムの電源を切るには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:180
+#: src/login/org.freedesktop.login1.policy:191
 msgid "Power off the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:181
+#: src/login/org.freedesktop.login1.policy:192
 msgid ""
 "Authentication is required to power off the system while an application is "
 "inhibiting this."
@@ -337,30 +347,30 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムの電源を切るには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:191
+#: src/login/org.freedesktop.login1.policy:202
 msgid "Reboot the system"
 msgstr "システムの再起動"
 
-#: src/login/org.freedesktop.login1.policy:192
+#: src/login/org.freedesktop.login1.policy:203
 msgid "Authentication is required to reboot the system."
 msgstr "システムの再起動には認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:202
+#: src/login/org.freedesktop.login1.policy:213
 msgid "Reboot the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムを再起動する"
 
-#: src/login/org.freedesktop.login1.policy:203
+#: src/login/org.freedesktop.login1.policy:214
 msgid ""
 "Authentication is required to reboot the system while other users are logged "
 "in."
 msgstr ""
 "他のユーザがログインしている状態でシステムを再起動するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:213
+#: src/login/org.freedesktop.login1.policy:224
 msgid "Reboot the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムを再起動する"
 
-#: src/login/org.freedesktop.login1.policy:214
+#: src/login/org.freedesktop.login1.policy:225
 msgid ""
 "Authentication is required to reboot the system while an application is "
 "inhibiting this."
@@ -368,54 +378,49 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムを再起動するには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:224
+#: src/login/org.freedesktop.login1.policy:235
 msgid "Halt the system"
 msgstr "システムの停止"
 
-#: src/login/org.freedesktop.login1.policy:225
+#: src/login/org.freedesktop.login1.policy:236
 msgid "Authentication is required to halt the system."
 msgstr "システムを停止するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:235
+#: src/login/org.freedesktop.login1.policy:246
 msgid "Halt the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムを停止する"
 
-#: src/login/org.freedesktop.login1.policy:236
+#: src/login/org.freedesktop.login1.policy:247
 msgid ""
 "Authentication is required to halt the system while other users are logged "
 "in."
 msgstr ""
 "他のユーザがログインしている状態でシステムを停止するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:246
+#: src/login/org.freedesktop.login1.policy:257
 msgid "Halt the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムを停止する"
 
-#: src/login/org.freedesktop.login1.policy:247
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to hibernate the system while an application "
-#| "is inhibiting this."
+#: src/login/org.freedesktop.login1.policy:258
 msgid ""
 "Authentication is required to halt the system while an application is "
 "inhibiting this."
 msgstr ""
-"アプリケーションが使用されている状態でシステムをハイバネートするには認証が必"
-"要です。"
+"アプリケーションが使用されている状態でシステムを停止するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:257
+#: src/login/org.freedesktop.login1.policy:268
 msgid "Suspend the system"
 msgstr "システムのサスペンド"
 
-#: src/login/org.freedesktop.login1.policy:258
+#: src/login/org.freedesktop.login1.policy:269
 msgid "Authentication is required to suspend the system."
 msgstr "システムのサスペンドには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:267
+#: src/login/org.freedesktop.login1.policy:278
 msgid "Suspend the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムをサスペンドする"
 
-#: src/login/org.freedesktop.login1.policy:268
+#: src/login/org.freedesktop.login1.policy:279
 msgid ""
 "Authentication is required to suspend the system while other users are "
 "logged in."
@@ -423,11 +428,11 @@ msgstr ""
 "他のユーザがログインしている状態でシステムをサスペンドするには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:278
+#: src/login/org.freedesktop.login1.policy:289
 msgid "Suspend the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムをサスペンドする"
 
-#: src/login/org.freedesktop.login1.policy:279
+#: src/login/org.freedesktop.login1.policy:290
 msgid ""
 "Authentication is required to suspend the system while an application is "
 "inhibiting this."
@@ -435,19 +440,19 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムをサスペンドするには認証が必要"
 "です。"
 
-#: src/login/org.freedesktop.login1.policy:289
+#: src/login/org.freedesktop.login1.policy:300
 msgid "Hibernate the system"
 msgstr "システムのハイバネート"
 
-#: src/login/org.freedesktop.login1.policy:290
+#: src/login/org.freedesktop.login1.policy:301
 msgid "Authentication is required to hibernate the system."
 msgstr "システムのハイバネートには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:299
+#: src/login/org.freedesktop.login1.policy:310
 msgid "Hibernate the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムをハイバネートする"
 
-#: src/login/org.freedesktop.login1.policy:300
+#: src/login/org.freedesktop.login1.policy:311
 msgid ""
 "Authentication is required to hibernate the system while other users are "
 "logged in."
@@ -455,11 +460,11 @@ msgstr ""
 "他のユーザがログインしている状態でシステムをハイバネートするには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:310
+#: src/login/org.freedesktop.login1.policy:321
 msgid "Hibernate the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムをハイバネートする"
 
-#: src/login/org.freedesktop.login1.policy:311
+#: src/login/org.freedesktop.login1.policy:322
 msgid ""
 "Authentication is required to hibernate the system while an application is "
 "inhibiting this."
@@ -467,36 +472,36 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムをハイバネートするには認証が必"
 "要です。"
 
-#: src/login/org.freedesktop.login1.policy:321
+#: src/login/org.freedesktop.login1.policy:332
 msgid "Manage active sessions, users and seats"
 msgstr "アクティブなセッションやユーザ，シートの管理"
 
-#: src/login/org.freedesktop.login1.policy:322
+#: src/login/org.freedesktop.login1.policy:333
 msgid "Authentication is required to manage active sessions, users and seats."
 msgstr "アクティブなセッションやユーザ，シートを管理するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:331
+#: src/login/org.freedesktop.login1.policy:342
 msgid "Lock or unlock active sessions"
 msgstr "アクティブなセッションのロックもしくはアンロック"
 
-#: src/login/org.freedesktop.login1.policy:332
+#: src/login/org.freedesktop.login1.policy:343
 msgid "Authentication is required to lock or unlock active sessions."
 msgstr ""
 "アクティブなセッションをロックもしくはアンロックするには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:341
+#: src/login/org.freedesktop.login1.policy:352
 msgid "Set the reboot \"reason\" in the kernel"
 msgstr "再起動の理由を設定する"
 
-#: src/login/org.freedesktop.login1.policy:342
+#: src/login/org.freedesktop.login1.policy:353
 msgid "Authentication is required to set the reboot \"reason\" in the kernel."
 msgstr "再起動の理由を設定するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:352
+#: src/login/org.freedesktop.login1.policy:363
 msgid "Indicate to the firmware to boot to setup interface"
 msgstr "ファームウェアに「インターフェースの設定を起動」を表示させる"
 
-#: src/login/org.freedesktop.login1.policy:353
+#: src/login/org.freedesktop.login1.policy:364
 msgid ""
 "Authentication is required to indicate to the firmware to boot to setup "
 "interface."
@@ -504,11 +509,11 @@ msgstr ""
 "ファームウェアに「インターフェースの設定を起動」を表示させるには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:363
+#: src/login/org.freedesktop.login1.policy:374
 msgid "Indicate to the boot loader to boot to the boot loader menu"
 msgstr "ブートローダにブートローダメニューを起動するための項目を表示させる。"
 
-#: src/login/org.freedesktop.login1.policy:364
+#: src/login/org.freedesktop.login1.policy:375
 msgid ""
 "Authentication is required to indicate to the boot loader to boot to the "
 "boot loader menu."
@@ -516,29 +521,29 @@ msgstr ""
 "ブートローダにブートローダメニューを起動するための項目を表示させるには認証が"
 "必要です。"
 
-#: src/login/org.freedesktop.login1.policy:374
+#: src/login/org.freedesktop.login1.policy:385
 msgid "Indicate to the boot loader to boot a specific entry"
 msgstr "ブートローダに特定の項目を表示させる"
 
-#: src/login/org.freedesktop.login1.policy:375
+#: src/login/org.freedesktop.login1.policy:386
 msgid ""
 "Authentication is required to indicate to the boot loader to boot into a "
 "specific boot loader entry."
 msgstr "ブートローダに特定の項目を表示させるには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:385
+#: src/login/org.freedesktop.login1.policy:396
 msgid "Set a wall message"
 msgstr "全ユーザへのメッセージの設定"
 
-#: src/login/org.freedesktop.login1.policy:386
+#: src/login/org.freedesktop.login1.policy:397
 msgid "Authentication is required to set a wall message"
 msgstr "全ユーザへのメッセージを設定するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:395
+#: src/login/org.freedesktop.login1.policy:406
 msgid "Change Session"
 msgstr "セッションの変更"
 
-#: src/login/org.freedesktop.login1.policy:396
+#: src/login/org.freedesktop.login1.policy:407
 msgid "Authentication is required to change the virtual terminal."
 msgstr "仮想ターミナルを変更するには認証が必要です。"
 
@@ -716,13 +721,11 @@ msgstr "DNSの設定を破棄するには認証が必要です。"
 
 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr ""
+msgstr "DHCPサーバが強制的にIPアドレスを更新する"
 
 #: src/network/org.freedesktop.network1.policy:144
-#, fuzzy
-#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "全ユーザへのメッセージを設定するには認証が必要です。"
+msgstr "DHCPサーバが強制的なIPアドレス更新を行うには認証が必要です。"
 
 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
@@ -836,55 +839,44 @@ msgid ""
 "shall be enabled."
 msgstr "ネットワーク経由の時刻同期を有効もしくは無効にするには認証が必要です。"
 
-#: src/core/dbus-unit.c:362
+#: src/core/dbus-unit.c:359
 msgid "Authentication is required to start '$(unit)'."
 msgstr "'$(unit)'を開始するには認証が必要です。"
 
-#: src/core/dbus-unit.c:363
+#: src/core/dbus-unit.c:360
 msgid "Authentication is required to stop '$(unit)'."
 msgstr "'$(unit)'を停止するには認証が必要です。"
 
-#: src/core/dbus-unit.c:364
+#: src/core/dbus-unit.c:361
 msgid "Authentication is required to reload '$(unit)'."
 msgstr "'$(unit)'を再読込するには認証が必要です。"
 
-#: src/core/dbus-unit.c:365 src/core/dbus-unit.c:366
+#: src/core/dbus-unit.c:362 src/core/dbus-unit.c:363
 msgid "Authentication is required to restart '$(unit)'."
 msgstr "'$(unit)'を再起動するには認証が必要です。"
 
-#: src/core/dbus-unit.c:538
+#: src/core/dbus-unit.c:535
 msgid ""
 "Authentication is required to send a UNIX signal to the processes of "
 "'$(unit)'."
 msgstr "'$(unit)'のプロセスにUNIXシグナルを送るには認証が必要です。"
 
-#: src/core/dbus-unit.c:569
+#: src/core/dbus-unit.c:566
 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgstr "'$(unit)'の「失敗」状態をリセットするには認証が必要です。"
 
-#: src/core/dbus-unit.c:602
+#: src/core/dbus-unit.c:599
 msgid "Authentication is required to set properties on '$(unit)'."
 msgstr "'$(unit)'のプロパティを設定するには認証が必要です。"
 
-#: src/core/dbus-unit.c:711
+#: src/core/dbus-unit.c:708
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
 msgstr ""
 "'$(unit)'に関連付けられたファイルやディレクトリの削除には認証が必要です。"
 
-#: src/core/dbus-unit.c:760
-#, fuzzy
-#| msgid ""
-#| "Authentication is required to send a UNIX signal to the processes of "
-#| "'$(unit)'."
+#: src/core/dbus-unit.c:757
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
-msgstr "'$(unit)'のプロセスにUNIXシグナルを送るには認証が必要です。"
-
-#~ msgid ""
-#~ "Authentication is required to halt the system while an application asked "
-#~ "to inhibit it."
-#~ msgstr ""
-#~ "アプリケーションが使用されている状態でシステムを停止するには認証が必要で"
-#~ "す。"
+msgstr "'$(unit)'のプロセスを凍結もしくは凍結解除するには認証が必要です。"

src/basic/linux/btrfs.h

@@ -36,17 +36,22 @@ struct btrfs_ioctl_vol_args {
 #define BTRFS_DEVICE_PATH_NAME_MAX	1024
 #define BTRFS_SUBVOL_NAME_MAX 		4039
 
+#ifndef __KERNEL__
+/* Deprecated since 5.7 */
 # define BTRFS_SUBVOL_CREATE_ASYNC	(1ULL << 0)
+#endif
 #define BTRFS_SUBVOL_RDONLY		(1ULL << 1)
 #define BTRFS_SUBVOL_QGROUP_INHERIT	(1ULL << 2)
 
 #define BTRFS_DEVICE_SPEC_BY_ID		(1ULL << 3)
 
+#define BTRFS_SUBVOL_SPEC_BY_ID	(1ULL << 4)
+
 #define BTRFS_VOL_ARG_V2_FLAGS_SUPPORTED		\
-			(BTRFS_SUBVOL_CREATE_ASYNC |	\
-			BTRFS_SUBVOL_RDONLY |		\
+			(BTRFS_SUBVOL_RDONLY |		\
 			BTRFS_SUBVOL_QGROUP_INHERIT |	\
-			BTRFS_DEVICE_SPEC_BY_ID)
+			BTRFS_DEVICE_SPEC_BY_ID |	\
+			BTRFS_SUBVOL_SPEC_BY_ID)
 
 #define BTRFS_FSID_SIZE 16
 #define BTRFS_UUID_SIZE 16
@@ -97,16 +102,29 @@ struct btrfs_ioctl_qgroup_limit_args {
 };
 
 /*
- * flags for subvolumes
+ * Arguments for specification of subvolumes or devices, supporting by-name or
+ * by-id and flags
  *
- * Used by:
- * struct btrfs_ioctl_vol_args_v2.flags
+ * The set of supported flags depends on the ioctl
  *
  * BTRFS_SUBVOL_RDONLY is also provided/consumed by the following ioctls:
  * - BTRFS_IOC_SUBVOL_GETFLAGS
  * - BTRFS_IOC_SUBVOL_SETFLAGS
  */
 
+/* Supported flags for BTRFS_IOC_RM_DEV_V2 */
+#define BTRFS_DEVICE_REMOVE_ARGS_MASK					\
+	(BTRFS_DEVICE_SPEC_BY_ID)
+
+/* Supported flags for BTRFS_IOC_SNAP_CREATE_V2 and BTRFS_IOC_SUBVOL_CREATE_V2 */
+#define BTRFS_SUBVOL_CREATE_ARGS_MASK					\
+	 (BTRFS_SUBVOL_RDONLY |						\
+	 BTRFS_SUBVOL_QGROUP_INHERIT)
+
+/* Supported flags for BTRFS_IOC_SNAP_DESTROY_V2 */
+#define BTRFS_SUBVOL_DELETE_ARGS_MASK					\
+	(BTRFS_SUBVOL_SPEC_BY_ID)
+
 struct btrfs_ioctl_vol_args_v2 {
 	__s64 fd;
 	__u64 transid;
@@ -121,6 +139,7 @@ struct btrfs_ioctl_vol_args_v2 {
 	union {
 		char name[BTRFS_SUBVOL_NAME_MAX + 1];
 		__u64 devid;
+		__u64 subvolid;
 	};
 };
 
@@ -224,6 +243,18 @@ struct btrfs_ioctl_dev_info_args {
 	__u8 path[BTRFS_DEVICE_PATH_NAME_MAX];	/* out */
 };
 
+/*
+ * Retrieve information about the filesystem
+ */
+
+/* Request information about checksum type and size */
+#define BTRFS_FS_INFO_FLAG_CSUM_INFO			(1 << 0)
+
+/* Request information about filesystem generation */
+#define BTRFS_FS_INFO_FLAG_GENERATION			(1 << 1)
+/* Request information about filesystem metadata UUID */
+#define BTRFS_FS_INFO_FLAG_METADATA_UUID		(1 << 2)
+
 struct btrfs_ioctl_fs_info_args {
 	__u64 max_id;				/* out */
 	__u64 num_devices;			/* out */
@@ -231,8 +262,13 @@ struct btrfs_ioctl_fs_info_args {
 	__u32 nodesize;				/* out */
 	__u32 sectorsize;			/* out */
 	__u32 clone_alignment;			/* out */
-	__u32 reserved32;
-	__u64 reserved[122];			/* pad to 1k */
+	/* See BTRFS_FS_INFO_FLAG_* */
+	__u16 csum_type;			/* out */
+	__u16 csum_size;			/* out */
+	__u64 flags;				/* in/out */
+	__u64 generation;			/* out */
+	__u8 metadata_uuid[BTRFS_FSID_SIZE];	/* out */
+	__u8 reserved[944];			/* pad to 1k */
 };
 
 /*
@@ -949,5 +985,7 @@ enum btrfs_err_code {
 				struct btrfs_ioctl_get_subvol_rootref_args)
 #define BTRFS_IOC_INO_LOOKUP_USER _IOWR(BTRFS_IOCTL_MAGIC, 62, \
 				struct btrfs_ioctl_ino_lookup_user_args)
+#define BTRFS_IOC_SNAP_DESTROY_V2 _IOW(BTRFS_IOCTL_MAGIC, 63, \
+				struct btrfs_ioctl_vol_args_v2)
 
 #endif /* _UAPI_LINUX_BTRFS_H */

src/basic/linux/btrfs_tree.h

@@ -519,15 +519,6 @@ struct btrfs_extent_inline_ref {
 	__le64 offset;
 } __attribute__ ((__packed__));
 
-/* old style backrefs item */
-struct btrfs_extent_ref_v0 {
-	__le64 root;
-	__le64 generation;
-	__le64 objectid;
-	__le32 count;
-} __attribute__ ((__packed__));
-
-
 /* dev extents record free space on individual devices.  The owner
  * field points back to the chunk allocation mapping tree that allocated
  * the extent.  The chunk tree uuid field is a way to double check the owner
@@ -922,9 +913,9 @@ struct btrfs_free_space_info {
 #define BTRFS_FREE_SPACE_USING_BITMAPS (1ULL << 0)
 
 #define BTRFS_QGROUP_LEVEL_SHIFT		48
-static inline __u64 btrfs_qgroup_level(__u64 qgroupid)
+static inline __u16 btrfs_qgroup_level(__u64 qgroupid)
 {
-	return qgroupid >> BTRFS_QGROUP_LEVEL_SHIFT;
+	return (__u16)(qgroupid >> BTRFS_QGROUP_LEVEL_SHIFT);
 }
 
 /*

src/basic/linux/if.h

@@ -177,6 +177,7 @@ enum {
 enum {
 	IF_LINK_MODE_DEFAULT,
 	IF_LINK_MODE_DORMANT,	/* limit upward transition to dormant */
+	IF_LINK_MODE_TESTING,	/* limit upward transition to testing */
 };
 
 /*

src/basic/linux/if_bridge.h

@@ -120,6 +120,7 @@ enum {
 	IFLA_BRIDGE_MODE,
 	IFLA_BRIDGE_VLAN_INFO,
 	IFLA_BRIDGE_VLAN_TUNNEL_INFO,
+	IFLA_BRIDGE_MRP,
 	__IFLA_BRIDGE_MAX,
 };
 #define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
@@ -157,6 +158,176 @@ struct bridge_vlan_xstats {
 	__u32 pad2;
 };
 
+enum {
+	IFLA_BRIDGE_MRP_UNSPEC,
+	IFLA_BRIDGE_MRP_INSTANCE,
+	IFLA_BRIDGE_MRP_PORT_STATE,
+	IFLA_BRIDGE_MRP_PORT_ROLE,
+	IFLA_BRIDGE_MRP_RING_STATE,
+	IFLA_BRIDGE_MRP_RING_ROLE,
+	IFLA_BRIDGE_MRP_START_TEST,
+	IFLA_BRIDGE_MRP_INFO,
+	IFLA_BRIDGE_MRP_IN_ROLE,
+	IFLA_BRIDGE_MRP_IN_STATE,
+	IFLA_BRIDGE_MRP_START_IN_TEST,
+	__IFLA_BRIDGE_MRP_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_MAX (__IFLA_BRIDGE_MRP_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_INSTANCE_UNSPEC,
+	IFLA_BRIDGE_MRP_INSTANCE_RING_ID,
+	IFLA_BRIDGE_MRP_INSTANCE_P_IFINDEX,
+	IFLA_BRIDGE_MRP_INSTANCE_S_IFINDEX,
+	IFLA_BRIDGE_MRP_INSTANCE_PRIO,
+	__IFLA_BRIDGE_MRP_INSTANCE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_INSTANCE_MAX (__IFLA_BRIDGE_MRP_INSTANCE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_PORT_STATE_UNSPEC,
+	IFLA_BRIDGE_MRP_PORT_STATE_STATE,
+	__IFLA_BRIDGE_MRP_PORT_STATE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_PORT_STATE_MAX (__IFLA_BRIDGE_MRP_PORT_STATE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_PORT_ROLE_UNSPEC,
+	IFLA_BRIDGE_MRP_PORT_ROLE_ROLE,
+	__IFLA_BRIDGE_MRP_PORT_ROLE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_PORT_ROLE_MAX (__IFLA_BRIDGE_MRP_PORT_ROLE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_RING_STATE_UNSPEC,
+	IFLA_BRIDGE_MRP_RING_STATE_RING_ID,
+	IFLA_BRIDGE_MRP_RING_STATE_STATE,
+	__IFLA_BRIDGE_MRP_RING_STATE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_RING_STATE_MAX (__IFLA_BRIDGE_MRP_RING_STATE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_RING_ROLE_UNSPEC,
+	IFLA_BRIDGE_MRP_RING_ROLE_RING_ID,
+	IFLA_BRIDGE_MRP_RING_ROLE_ROLE,
+	__IFLA_BRIDGE_MRP_RING_ROLE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_RING_ROLE_MAX (__IFLA_BRIDGE_MRP_RING_ROLE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_START_TEST_UNSPEC,
+	IFLA_BRIDGE_MRP_START_TEST_RING_ID,
+	IFLA_BRIDGE_MRP_START_TEST_INTERVAL,
+	IFLA_BRIDGE_MRP_START_TEST_MAX_MISS,
+	IFLA_BRIDGE_MRP_START_TEST_PERIOD,
+	IFLA_BRIDGE_MRP_START_TEST_MONITOR,
+	__IFLA_BRIDGE_MRP_START_TEST_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_START_TEST_MAX (__IFLA_BRIDGE_MRP_START_TEST_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_INFO_UNSPEC,
+	IFLA_BRIDGE_MRP_INFO_RING_ID,
+	IFLA_BRIDGE_MRP_INFO_P_IFINDEX,
+	IFLA_BRIDGE_MRP_INFO_S_IFINDEX,
+	IFLA_BRIDGE_MRP_INFO_PRIO,
+	IFLA_BRIDGE_MRP_INFO_RING_STATE,
+	IFLA_BRIDGE_MRP_INFO_RING_ROLE,
+	IFLA_BRIDGE_MRP_INFO_TEST_INTERVAL,
+	IFLA_BRIDGE_MRP_INFO_TEST_MAX_MISS,
+	IFLA_BRIDGE_MRP_INFO_TEST_MONITOR,
+	IFLA_BRIDGE_MRP_INFO_I_IFINDEX,
+	IFLA_BRIDGE_MRP_INFO_IN_STATE,
+	IFLA_BRIDGE_MRP_INFO_IN_ROLE,
+	IFLA_BRIDGE_MRP_INFO_IN_TEST_INTERVAL,
+	IFLA_BRIDGE_MRP_INFO_IN_TEST_MAX_MISS,
+	__IFLA_BRIDGE_MRP_INFO_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_INFO_MAX (__IFLA_BRIDGE_MRP_INFO_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_IN_STATE_UNSPEC,
+	IFLA_BRIDGE_MRP_IN_STATE_IN_ID,
+	IFLA_BRIDGE_MRP_IN_STATE_STATE,
+	__IFLA_BRIDGE_MRP_IN_STATE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_IN_STATE_MAX (__IFLA_BRIDGE_MRP_IN_STATE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_IN_ROLE_UNSPEC,
+	IFLA_BRIDGE_MRP_IN_ROLE_RING_ID,
+	IFLA_BRIDGE_MRP_IN_ROLE_IN_ID,
+	IFLA_BRIDGE_MRP_IN_ROLE_ROLE,
+	IFLA_BRIDGE_MRP_IN_ROLE_I_IFINDEX,
+	__IFLA_BRIDGE_MRP_IN_ROLE_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_IN_ROLE_MAX (__IFLA_BRIDGE_MRP_IN_ROLE_MAX - 1)
+
+enum {
+	IFLA_BRIDGE_MRP_START_IN_TEST_UNSPEC,
+	IFLA_BRIDGE_MRP_START_IN_TEST_IN_ID,
+	IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL,
+	IFLA_BRIDGE_MRP_START_IN_TEST_MAX_MISS,
+	IFLA_BRIDGE_MRP_START_IN_TEST_PERIOD,
+	__IFLA_BRIDGE_MRP_START_IN_TEST_MAX,
+};
+
+#define IFLA_BRIDGE_MRP_START_IN_TEST_MAX (__IFLA_BRIDGE_MRP_START_IN_TEST_MAX - 1)
+
+struct br_mrp_instance {
+	__u32 ring_id;
+	__u32 p_ifindex;
+	__u32 s_ifindex;
+	__u16 prio;
+};
+
+struct br_mrp_ring_state {
+	__u32 ring_id;
+	__u32 ring_state;
+};
+
+struct br_mrp_ring_role {
+	__u32 ring_id;
+	__u32 ring_role;
+};
+
+struct br_mrp_start_test {
+	__u32 ring_id;
+	__u32 interval;
+	__u32 max_miss;
+	__u32 period;
+	__u32 monitor;
+};
+
+struct br_mrp_in_state {
+	__u32 in_state;
+	__u16 in_id;
+};
+
+struct br_mrp_in_role {
+	__u32 ring_id;
+	__u32 in_role;
+	__u32 i_ifindex;
+	__u16 in_id;
+};
+
+struct br_mrp_start_in_test {
+	__u32 interval;
+	__u32 max_miss;
+	__u32 period;
+	__u16 in_id;
+};
+
 struct bridge_stp_xstats {
 	__u64 transition_blk;
 	__u64 transition_fwd;
@@ -174,6 +345,16 @@ struct br_vlan_msg {
 	__u32 ifindex;
 };
 
+enum {
+	BRIDGE_VLANDB_DUMP_UNSPEC,
+	BRIDGE_VLANDB_DUMP_FLAGS,
+	__BRIDGE_VLANDB_DUMP_MAX,
+};
+#define BRIDGE_VLANDB_DUMP_MAX (__BRIDGE_VLANDB_DUMP_MAX - 1)
+
+/* flags used in BRIDGE_VLANDB_DUMP_FLAGS attribute to affect dumps */
+#define BRIDGE_VLANDB_DUMPF_STATS	(1 << 0) /* Include stats in the dump */
+
 /* Bridge vlan RTM attributes
  * [BRIDGE_VLANDB_ENTRY] = {
  *     [BRIDGE_VLANDB_ENTRY_INFO]
@@ -192,10 +373,46 @@ enum {
 	BRIDGE_VLANDB_ENTRY_INFO,
 	BRIDGE_VLANDB_ENTRY_RANGE,
 	BRIDGE_VLANDB_ENTRY_STATE,
+	BRIDGE_VLANDB_ENTRY_TUNNEL_INFO,
+	BRIDGE_VLANDB_ENTRY_STATS,
 	__BRIDGE_VLANDB_ENTRY_MAX,
 };
 #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1)
 
+/* [BRIDGE_VLANDB_ENTRY] = {
+ *     [BRIDGE_VLANDB_ENTRY_TUNNEL_INFO] = {
+ *         [BRIDGE_VLANDB_TINFO_ID]
+ *         ...
+ *     }
+ * }
+ */
+enum {
+	BRIDGE_VLANDB_TINFO_UNSPEC,
+	BRIDGE_VLANDB_TINFO_ID,
+	BRIDGE_VLANDB_TINFO_CMD,
+	__BRIDGE_VLANDB_TINFO_MAX,
+};
+#define BRIDGE_VLANDB_TINFO_MAX (__BRIDGE_VLANDB_TINFO_MAX - 1)
+
+/* [BRIDGE_VLANDB_ENTRY] = {
+ *     [BRIDGE_VLANDB_ENTRY_STATS] = {
+ *         [BRIDGE_VLANDB_STATS_RX_BYTES]
+ *         ...
+ *     }
+ *     ...
+ * }
+ */
+enum {
+	BRIDGE_VLANDB_STATS_UNSPEC,
+	BRIDGE_VLANDB_STATS_RX_BYTES,
+	BRIDGE_VLANDB_STATS_RX_PACKETS,
+	BRIDGE_VLANDB_STATS_TX_BYTES,
+	BRIDGE_VLANDB_STATS_TX_PACKETS,
+	BRIDGE_VLANDB_STATS_PAD,
+	__BRIDGE_VLANDB_STATS_MAX,
+};
+#define BRIDGE_VLANDB_STATS_MAX (__BRIDGE_VLANDB_STATS_MAX - 1)
+
 /* Bridge multicast database attributes
  * [MDBA_MDB] = {
  *     [MDBA_MDB_ENTRY] = {

src/basic/linux/if_ether.h

@@ -92,6 +92,7 @@
 #define ETH_P_PREAUTH	0x88C7		/* 802.11 Preauthentication */
 #define ETH_P_TIPC	0x88CA		/* TIPC 			*/
 #define ETH_P_LLDP	0x88CC		/* Link Layer Discovery Protocol */
+#define ETH_P_MRP	0x88E3		/* Media Redundancy Protocol	*/
 #define ETH_P_MACSEC	0x88E5		/* 802.1ae MACsec */
 #define ETH_P_8021AH	0x88E7          /* 802.1ah Backbone Service Tag */
 #define ETH_P_MVRP	0x88F5          /* 802.1Q MVRP                  */

src/basic/linux/if_link.h

@@ -170,12 +170,22 @@ enum {
 	IFLA_PROP_LIST,
 	IFLA_ALT_IFNAME, /* Alternative ifname */
 	IFLA_PERM_ADDRESS,
+	IFLA_PROTO_DOWN_REASON,
 	__IFLA_MAX
 };
 
 
 #define IFLA_MAX (__IFLA_MAX - 1)
 
+enum {
+	IFLA_PROTO_DOWN_REASON_UNSPEC,
+	IFLA_PROTO_DOWN_REASON_MASK,	/* u32, mask for reason bits */
+	IFLA_PROTO_DOWN_REASON_VALUE,   /* u32, reason bit value */
+
+	__IFLA_PROTO_DOWN_REASON_CNT,
+	IFLA_PROTO_DOWN_REASON_MAX = __IFLA_PROTO_DOWN_REASON_CNT - 1
+};
+
 /* backwards compatibility for userspace */
 #ifndef __KERNEL__
 #define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
@@ -343,6 +353,8 @@ enum {
 	IFLA_BRPORT_NEIGH_SUPPRESS,
 	IFLA_BRPORT_ISOLATED,
 	IFLA_BRPORT_BACKUP_PORT,
+	IFLA_BRPORT_MRP_RING_OPEN,
+	IFLA_BRPORT_MRP_IN_OPEN,
 	__IFLA_BRPORT_MAX
 };
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
@@ -463,6 +475,7 @@ enum {
 	IFLA_MACSEC_REPLAY_PROTECT,
 	IFLA_MACSEC_VALIDATION,
 	IFLA_MACSEC_PAD,
+	IFLA_MACSEC_OFFLOAD,
 	__IFLA_MACSEC_MAX,
 };
 
@@ -489,6 +502,7 @@ enum macsec_validation_type {
 enum macsec_offload {
 	MACSEC_OFFLOAD_OFF = 0,
 	MACSEC_OFFLOAD_PHY = 1,
+	MACSEC_OFFLOAD_MAC = 2,
 	__MACSEC_OFFLOAD_END,
 	MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
 };
@@ -590,6 +604,18 @@ enum ifla_geneve_df {
 	GENEVE_DF_MAX = __GENEVE_DF_END - 1,
 };
 
+/* Bareudp section  */
+enum {
+	IFLA_BAREUDP_UNSPEC,
+	IFLA_BAREUDP_PORT,
+	IFLA_BAREUDP_ETHERTYPE,
+	IFLA_BAREUDP_SRCPORT_MIN,
+	IFLA_BAREUDP_MULTIPROTO_MODE,
+	__IFLA_BAREUDP_MAX
+};
+
+#define IFLA_BAREUDP_MAX (__IFLA_BAREUDP_MAX - 1)
+
 /* PPP section */
 enum {
 	IFLA_PPP_UNSPEC,
@@ -891,7 +917,14 @@ enum {
 #define IFLA_IPOIB_MAX (__IFLA_IPOIB_MAX - 1)
 
 
-/* HSR section */
+/* HSR/PRP section, both uses same interface */
+
+/* Different redundancy protocols for hsr device */
+enum {
+	HSR_PROTOCOL_HSR,
+	HSR_PROTOCOL_PRP,
+	HSR_PROTOCOL_MAX,
+};
 
 enum {
 	IFLA_HSR_UNSPEC,
@@ -901,6 +934,9 @@ enum {
 	IFLA_HSR_SUPERVISION_ADDR,	/* Supervision frame multicast addr */
 	IFLA_HSR_SEQ_NR,
 	IFLA_HSR_VERSION,		/* HSR version */
+	IFLA_HSR_PROTOCOL,		/* Indicate different protocol than
+					 * HSR. For example PRP.
+					 */
 	__IFLA_HSR_MAX,
 };
 
@@ -960,11 +996,12 @@ enum {
 #define XDP_FLAGS_SKB_MODE		(1U << 1)
 #define XDP_FLAGS_DRV_MODE		(1U << 2)
 #define XDP_FLAGS_HW_MODE		(1U << 3)
+#define XDP_FLAGS_REPLACE		(1U << 4)
 #define XDP_FLAGS_MODES			(XDP_FLAGS_SKB_MODE | \
 					 XDP_FLAGS_DRV_MODE | \
 					 XDP_FLAGS_HW_MODE)
 #define XDP_FLAGS_MASK			(XDP_FLAGS_UPDATE_IF_NOEXIST | \
-					 XDP_FLAGS_MODES)
+					 XDP_FLAGS_MODES | XDP_FLAGS_REPLACE)
 
 /* These are stored into IFLA_XDP_ATTACHED on dump. */
 enum {
@@ -984,6 +1021,7 @@ enum {
 	IFLA_XDP_DRV_PROG_ID,
 	IFLA_XDP_SKB_PROG_ID,
 	IFLA_XDP_HW_PROG_ID,
+	IFLA_XDP_EXPECTED_FD,
 	__IFLA_XDP_MAX,
 };
 

src/basic/linux/if_macsec.h

@@ -22,9 +22,11 @@
 
 #define MACSEC_KEYID_LEN 16
 
-/* cipher IDs as per IEEE802.1AEbn-2011 */
+/* cipher IDs as per IEEE802.1AE-2018 (Table 14-1) */
 #define MACSEC_CIPHER_ID_GCM_AES_128 0x0080C20001000001ULL
 #define MACSEC_CIPHER_ID_GCM_AES_256 0x0080C20001000002ULL
+#define MACSEC_CIPHER_ID_GCM_AES_XPN_128 0x0080C20001000003ULL
+#define MACSEC_CIPHER_ID_GCM_AES_XPN_256 0x0080C20001000004ULL
 
 /* deprecated cipher ID for GCM-AES-128 */
 #define MACSEC_DEFAULT_CIPHER_ID     0x0080020001000001ULL
@@ -88,11 +90,13 @@ enum macsec_sa_attrs {
 	MACSEC_SA_ATTR_UNSPEC,
 	MACSEC_SA_ATTR_AN,     /* config/dump, u8 0..3 */
 	MACSEC_SA_ATTR_ACTIVE, /* config/dump, u8 0..1 */
-	MACSEC_SA_ATTR_PN,     /* config/dump, u32 */
+	MACSEC_SA_ATTR_PN,     /* config/dump, u32/u64 (u64 if XPN) */
 	MACSEC_SA_ATTR_KEY,    /* config, data */
 	MACSEC_SA_ATTR_KEYID,  /* config/dump, 128-bit */
 	MACSEC_SA_ATTR_STATS,  /* dump, nested, macsec_sa_stats_attr */
 	MACSEC_SA_ATTR_PAD,
+	MACSEC_SA_ATTR_SSCI,   /* config/dump, u32 - XPN only */
+	MACSEC_SA_ATTR_SALT,   /* config, 96-bit - XPN only */
 	__MACSEC_SA_ATTR_END,
 	NUM_MACSEC_SA_ATTR = __MACSEC_SA_ATTR_END,
 	MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1,

src/basic/linux/in.h

@@ -74,6 +74,8 @@ enum {
 #define IPPROTO_UDPLITE		IPPROTO_UDPLITE
   IPPROTO_MPLS = 137,		/* MPLS in IP (RFC 4023)		*/
 #define IPPROTO_MPLS		IPPROTO_MPLS
+  IPPROTO_ETHERNET = 143,	/* Ethernet-within-IPv6 Encapsulation	*/
+#define IPPROTO_ETHERNET	IPPROTO_ETHERNET
   IPPROTO_RAW = 255,		/* Raw IP packets			*/
 #define IPPROTO_RAW		IPPROTO_RAW
   IPPROTO_MPTCP = 262,		/* Multipath TCP connection		*/
@@ -121,6 +123,7 @@ struct in_addr {
 #define IP_CHECKSUM	23
 #define IP_BIND_ADDRESS_NO_PORT	24
 #define IP_RECVFRAGSIZE	25
+#define IP_RECVERR_RFC4884	26
 
 /* IP_MTU_DISCOVER values */
 #define IP_PMTUDISC_DONT		0	/* Never send DF frames */
@@ -132,7 +135,7 @@ struct in_addr {
  * this socket to prevent accepting spoofed ones.
  */
 #define IP_PMTUDISC_INTERFACE		4
-/* weaker version of IP_PMTUDISC_INTERFACE, which allos packets to get
+/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
  * fragmented if they exeed the interface mtu
  */
 #define IP_PMTUDISC_OMIT		5

src/basic/linux/in6.h

@@ -179,6 +179,7 @@ struct in6_flowlabel_req {
 #define IPV6_LEAVE_ANYCAST	28
 #define IPV6_MULTICAST_ALL	29
 #define IPV6_ROUTER_ALERT_ISOLATE	30
+#define IPV6_RECVERR_RFC4884	31
 
 /* IPV6_MTU_DISCOVER values */
 #define IPV6_PMTUDISC_DONT		0

src/basic/linux/netlink.h

@@ -249,4 +249,107 @@ struct nla_bitfield32 {
 	__u32 selector;
 };
 
+/*
+ * policy descriptions - it's specific to each family how this is used
+ * Normally, it should be retrieved via a dump inside another attribute
+ * specifying where it applies.
+ */
+
+/**
+ * enum netlink_attribute_type - type of an attribute
+ * @NL_ATTR_TYPE_INVALID: unused
+ * @NL_ATTR_TYPE_FLAG: flag attribute (present/not present)
+ * @NL_ATTR_TYPE_U8: 8-bit unsigned attribute
+ * @NL_ATTR_TYPE_U16: 16-bit unsigned attribute
+ * @NL_ATTR_TYPE_U32: 32-bit unsigned attribute
+ * @NL_ATTR_TYPE_U64: 64-bit unsigned attribute
+ * @NL_ATTR_TYPE_S8: 8-bit signed attribute
+ * @NL_ATTR_TYPE_S16: 16-bit signed attribute
+ * @NL_ATTR_TYPE_S32: 32-bit signed attribute
+ * @NL_ATTR_TYPE_S64: 64-bit signed attribute
+ * @NL_ATTR_TYPE_BINARY: binary data, min/max length may be specified
+ * @NL_ATTR_TYPE_STRING: string, min/max length may be specified
+ * @NL_ATTR_TYPE_NUL_STRING: NUL-terminated string,
+ *	min/max length may be specified
+ * @NL_ATTR_TYPE_NESTED: nested, i.e. the content of this attribute
+ *	consists of sub-attributes. The nested policy and maxtype
+ *	inside may be specified.
+ * @NL_ATTR_TYPE_NESTED_ARRAY: nested array, i.e. the content of this
+ *	attribute contains sub-attributes whose type is irrelevant
+ *	(just used to separate the array entries) and each such array
+ *	entry has attributes again, the policy for those inner ones
+ *	and the corresponding maxtype may be specified.
+ * @NL_ATTR_TYPE_BITFIELD32: &struct nla_bitfield32 attribute
+ */
+enum netlink_attribute_type {
+	NL_ATTR_TYPE_INVALID,
+
+	NL_ATTR_TYPE_FLAG,
+
+	NL_ATTR_TYPE_U8,
+	NL_ATTR_TYPE_U16,
+	NL_ATTR_TYPE_U32,
+	NL_ATTR_TYPE_U64,
+
+	NL_ATTR_TYPE_S8,
+	NL_ATTR_TYPE_S16,
+	NL_ATTR_TYPE_S32,
+	NL_ATTR_TYPE_S64,
+
+	NL_ATTR_TYPE_BINARY,
+	NL_ATTR_TYPE_STRING,
+	NL_ATTR_TYPE_NUL_STRING,
+
+	NL_ATTR_TYPE_NESTED,
+	NL_ATTR_TYPE_NESTED_ARRAY,
+
+	NL_ATTR_TYPE_BITFIELD32,
+};
+
+/**
+ * enum netlink_policy_type_attr - policy type attributes
+ * @NL_POLICY_TYPE_ATTR_UNSPEC: unused
+ * @NL_POLICY_TYPE_ATTR_TYPE: type of the attribute,
+ *	&enum netlink_attribute_type (U32)
+ * @NL_POLICY_TYPE_ATTR_MIN_VALUE_S: minimum value for signed
+ *	integers (S64)
+ * @NL_POLICY_TYPE_ATTR_MAX_VALUE_S: maximum value for signed
+ *	integers (S64)
+ * @NL_POLICY_TYPE_ATTR_MIN_VALUE_U: minimum value for unsigned
+ *	integers (U64)
+ * @NL_POLICY_TYPE_ATTR_MAX_VALUE_U: maximum value for unsigned
+ *	integers (U64)
+ * @NL_POLICY_TYPE_ATTR_MIN_LENGTH: minimum length for binary
+ *	attributes, no minimum if not given (U32)
+ * @NL_POLICY_TYPE_ATTR_MAX_LENGTH: maximum length for binary
+ *	attributes, no maximum if not given (U32)
+ * @NL_POLICY_TYPE_ATTR_POLICY_IDX: sub policy for nested and
+ *	nested array types (U32)
+ * @NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE: maximum sub policy
+ *	attribute for nested and nested array types, this can
+ *	in theory be < the size of the policy pointed to by
+ *	the index, if limited inside the nesting (U32)
+ * @NL_POLICY_TYPE_ATTR_BITFIELD32_MASK: valid mask for the
+ *	bitfield32 type (U32)
+ * @NL_POLICY_TYPE_ATTR_PAD: pad attribute for 64-bit alignment
+ */
+enum netlink_policy_type_attr {
+	NL_POLICY_TYPE_ATTR_UNSPEC,
+	NL_POLICY_TYPE_ATTR_TYPE,
+	NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
+	NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
+	NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
+	NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
+	NL_POLICY_TYPE_ATTR_MIN_LENGTH,
+	NL_POLICY_TYPE_ATTR_MAX_LENGTH,
+	NL_POLICY_TYPE_ATTR_POLICY_IDX,
+	NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
+	NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
+	NL_POLICY_TYPE_ATTR_PAD,
+
+	/* keep last */
+	__NL_POLICY_TYPE_ATTR_MAX,
+	NL_POLICY_TYPE_ATTR_MAX = __NL_POLICY_TYPE_ATTR_MAX - 1
+};
+
 #endif /* _UAPI__LINUX_NETLINK_H */

src/basic/linux/nexthop.h

@@ -49,6 +49,9 @@ enum {
 	NHA_GROUPS,	/* flag; only return nexthop groups in dump */
 	NHA_MASTER,	/* u32;  only return nexthops with given master dev */
 
+	NHA_FDB,	/* flag; nexthop belongs to a bridge fdb */
+	/* if NHA_FDB is added, OIF, BLACKHOLE, ENCAP cannot be set */
+
 	__NHA_MAX,
 };
 

src/basic/linux/pkt_sched.h

@@ -256,6 +256,9 @@ enum {
 	TCA_RED_PARMS,
 	TCA_RED_STAB,
 	TCA_RED_MAX_P,
+	TCA_RED_FLAGS,		/* bitfield32 */
+	TCA_RED_EARLY_DROP_BLOCK, /* u32 */
+	TCA_RED_MARK_BLOCK,	/* u32 */
 	__TCA_RED_MAX,
 };
 
@@ -268,12 +271,28 @@ struct tc_red_qopt {
 	unsigned char   Wlog;		/* log(W)		*/
 	unsigned char   Plog;		/* log(P_max/(qth_max-qth_min))	*/
 	unsigned char   Scell_log;	/* cell size for idle damping */
+
+	/* This field can be used for flags that a RED-like qdisc has
+	 * historically supported. E.g. when configuring RED, it can be used for
+	 * ECN, HARDDROP and ADAPTATIVE. For SFQ it can be used for ECN,
+	 * HARDDROP. Etc. Because this field has not been validated, and is
+	 * copied back on dump, any bits besides those to which a given qdisc
+	 * has assigned a historical meaning need to be considered for free use
+	 * by userspace tools.
+	 *
+	 * Any further flags need to be passed differently, e.g. through an
+	 * attribute (such as TCA_RED_FLAGS above). Such attribute should allow
+	 * passing both recent and historic flags in one value.
+	 */
 	unsigned char	flags;
 #define TC_RED_ECN		1
 #define TC_RED_HARDDROP		2
 #define TC_RED_ADAPTATIVE	4
+#define TC_RED_NODROP		8
 };
 
+#define TC_RED_HISTORIC_FLAGS (TC_RED_ECN | TC_RED_HARDDROP | TC_RED_ADAPTATIVE)
+
 struct tc_red_xstats {
 	__u32           early;          /* Early drops */
 	__u32           pdrop;          /* Drops due to queue limits */
@@ -894,6 +913,12 @@ enum {
 
 	TCA_FQ_CE_THRESHOLD,	/* DCTCP-like CE-marking threshold */
 
+	TCA_FQ_TIMER_SLACK,	/* timer slack */
+
+	TCA_FQ_HORIZON,		/* time horizon in us */
+
+	TCA_FQ_HORIZON_DROP,	/* drop packets beyond horizon, or cap their EDT */
+
 	__TCA_FQ_MAX
 };
 
@@ -913,6 +938,8 @@ struct tc_fq_qd_stats {
 	__u32	throttled_flows;
 	__u32	unthrottle_latency_ns;
 	__u64	ce_mark;		/* packets above ce_threshold */
+	__u64	horizon_drops;
+	__u64	horizon_caps;
 };
 
 /* Heavy-Hitter Filter */
@@ -1197,8 +1224,8 @@ enum {
  *       [TCA_TAPRIO_ATTR_SCHED_ENTRY_INTERVAL]
  */
 
-#define TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST	BIT(0)
-#define TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD	BIT(1)
+#define TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST	_BITUL(0)
+#define TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD	_BITUL(1)
 
 enum {
 	TCA_TAPRIO_ATTR_UNSPEC,

src/basic/linux/rtnetlink.h

@@ -281,6 +281,7 @@ enum {
 #define RTPROT_NTK		15	/* Netsukuku */
 #define RTPROT_DHCP		16	/* DHCP client */
 #define RTPROT_MROUTED		17	/* Multicast daemon */
+#define RTPROT_KEEPALIVED	18	/* Keepalived daemon */
 #define RTPROT_BABEL		42	/* Babel daemon */
 #define RTPROT_BGP		186	/* BGP Routes */
 #define RTPROT_ISIS		187	/* ISIS Routes */
@@ -609,11 +610,17 @@ enum {
 	TCA_HW_OFFLOAD,
 	TCA_INGRESS_BLOCK,
 	TCA_EGRESS_BLOCK,
+	TCA_DUMP_FLAGS,
 	__TCA_MAX
 };
 
 #define TCA_MAX (__TCA_MAX - 1)
 
+#define TCA_DUMP_FLAGS_TERSE (1 << 0) /* Means that in dump user gets only basic
+				       * data necessary to identify the objects
+				       * (handle, cookie, etc.) and stats.
+				       */
+
 #define TCA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcmsg))))
 #define TCA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcmsg))
 
@@ -771,6 +778,7 @@ enum {
 #define RTEXT_FILTER_BRVLAN	(1 << 1)
 #define RTEXT_FILTER_BRVLAN_COMPRESSED	(1 << 2)
 #define	RTEXT_FILTER_SKIP_STATS	(1 << 3)
+#define RTEXT_FILTER_MRP	(1 << 4)
 
 /* End of information exported to user level */
 

src/basic/linux/update.sh

@@ -3,11 +3,7 @@
 set -eu
 
 for i in *.h */*.h; do
-    if [[ $i == 'wireguard.h' ]]; then
-        curl https://raw.githubusercontent.com/WireGuard/WireGuard/master/src/uapi/$i -o $i
-    else
     curl https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/$i -o $i
-    fi
 
     sed -i -e 's/__user //g' -e '/^#include <linux\/compiler.h>/ d' $i
 done

src/core/namespace.c

@@ -942,32 +942,51 @@ static int mount_images(const MountEntry *m) {
         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
         _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
         _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
-        _cleanup_free_ void *root_hash_decoded = NULL;
-        _cleanup_free_ char *verity_data = NULL, *hash_sig = NULL;
-        DissectImageFlags dissect_image_flags = m->read_only ? DISSECT_IMAGE_READ_ONLY : 0;
-        size_t root_hash_size = 0;
+        _cleanup_(verity_settings_done) VeritySettings verity = {};
+        DissectImageFlags dissect_image_flags;
         int r;
 
-        r = verity_metadata_load(mount_entry_source(m), NULL, &root_hash_decoded, &root_hash_size, &verity_data, &hash_sig);
+        assert(m);
+
+        r = verity_settings_load(&verity, mount_entry_source(m), NULL, NULL);
         if (r < 0)
                 return log_debug_errno(r, "Failed to load root hash: %m");
-        dissect_image_flags |= verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
 
-        r = loop_device_make_by_path(mount_entry_source(m),
+        dissect_image_flags =
+                (m->read_only ? DISSECT_IMAGE_READ_ONLY : 0) |
+                (verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0);
+
+        r = loop_device_make_by_path(
+                        mount_entry_source(m),
                         m->read_only ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
-                                     verity_data ? 0 : LO_FLAGS_PARTSCAN,
+                        verity.data_path ? 0 : LO_FLAGS_PARTSCAN,
                         &loop_device);
         if (r < 0)
                 return log_debug_errno(r, "Failed to create loop device for image: %m");
 
-        r = dissect_image(loop_device->fd, root_hash_decoded, root_hash_size, verity_data, m->image_options, dissect_image_flags, &dissected_image);
+        r = dissect_image(
+                        loop_device->fd,
+                        &verity,
+                        m->image_options,
+                        dissect_image_flags,
+                        &dissected_image);
         /* No partition table? Might be a single-filesystem image, try again */
-        if (!verity_data && r < 0 && r == -ENOPKG)
-                 r = dissect_image(loop_device->fd, root_hash_decoded, root_hash_size, verity_data, m->image_options, dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE, &dissected_image);
+        if (!verity.data_path && r == -ENOPKG)
+                 r = dissect_image(
+                                 loop_device->fd,
+                                 &verity,
+                                 m->image_options,
+                                 dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE,
+                                 &dissected_image);
         if (r < 0)
                 return log_debug_errno(r, "Failed to dissect image: %m");
 
-        r = dissected_image_decrypt(dissected_image, NULL, root_hash_decoded, root_hash_size, verity_data, hash_sig, NULL, 0, dissect_image_flags, &decrypted_image);
+        r = dissected_image_decrypt(
+                        dissected_image,
+                        NULL,
+                        &verity,
+                        dissect_image_flags,
+                        &decrypted_image);
         if (r < 0)
                 return log_debug_errno(r, "Failed to decrypt dissected image: %m");
 
@@ -1374,6 +1393,60 @@ static bool home_read_only(
         return false;
 }
 
+static int verity_settings_prepare(
+                VeritySettings *verity,
+                const char *root_image,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *root_hash_path,
+                const void *root_hash_sig,
+                size_t root_hash_sig_size,
+                const char *root_hash_sig_path,
+                const char *verity_data_path) {
+
+        int r;
+
+        assert(verity);
+
+        if (root_hash) {
+                void *d;
+
+                d = memdup(root_hash, root_hash_size);
+                if (!d)
+                        return -ENOMEM;
+
+                free_and_replace(verity->root_hash, d);
+                verity->root_hash_size = root_hash_size;
+        }
+
+        if (root_hash_sig) {
+                void *d;
+
+                d = memdup(root_hash_sig, root_hash_sig_size);
+                if (!d)
+                        return -ENOMEM;
+
+                free_and_replace(verity->root_hash_sig, d);
+                verity->root_hash_sig_size = root_hash_sig_size;
+        }
+
+        if (verity_data_path) {
+                r = free_and_strdup(&verity->data_path, verity_data_path);
+                if (r < 0)
+                        return r;
+        }
+
+        r = verity_settings_load(
+                        verity,
+                        root_image,
+                        root_hash_path,
+                        root_hash_sig_path);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to load root hash: %m");
+
+        return 0;
+}
+
 int setup_namespace(
                 const char* root_directory,
                 const char* root_image,
@@ -1400,20 +1473,19 @@ int setup_namespace(
                 const void *root_hash_sig,
                 size_t root_hash_sig_size,
                 const char *root_hash_sig_path,
-                const char *root_verity,
+                const char *verity_data_path,
                 DissectImageFlags dissect_image_flags,
                 char **error_path) {
 
         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
         _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
         _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
-        _cleanup_free_ void *root_hash_decoded = NULL;
-        _cleanup_free_ char *verity_data = NULL, *hash_sig_path = NULL;
+        _cleanup_(verity_settings_done) VeritySettings verity = {};
         MountEntry *m = NULL, *mounts = NULL;
-        size_t n_mounts;
         bool require_prefix = false;
         const char *root;
-        int r = 0;
+        size_t n_mounts;
+        int r;
 
         assert(ns_info);
 
@@ -1432,41 +1504,38 @@ int setup_namespace(
                     strv_isempty(read_write_paths))
                         dissect_image_flags |= DISSECT_IMAGE_READ_ONLY;
 
-                r = loop_device_make_by_path(root_image,
+                r = verity_settings_prepare(
+                                &verity,
+                                root_image,
+                                root_hash, root_hash_size, root_hash_path,
+                                root_hash_sig, root_hash_sig_size, root_hash_sig_path,
+                                verity_data_path);
+                if (r < 0)
+                        return r;
+
+                SET_FLAG(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE, verity.data_path);
+
+                r = loop_device_make_by_path(
+                                root_image,
                                 FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
-                                             LO_FLAGS_PARTSCAN,
+                                FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
                                 &loop_device);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to create loop device for root image: %m");
 
-                r = verity_metadata_load(root_image,
-                                         root_hash_path,
-                                         root_hash ? NULL : &root_hash_decoded,
-                                         root_hash ? NULL : &root_hash_size,
-                                         root_verity ? NULL : &verity_data,
-                                         root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path);
-                if (r < 0)
-                        return log_debug_errno(r, "Failed to load root hash: %m");
-                dissect_image_flags |= root_verity || verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
-
-                r = dissect_image(loop_device->fd,
-                                  root_hash ?: root_hash_decoded,
-                                  root_hash_size,
-                                  root_verity ?: verity_data,
+                r = dissect_image(
+                                loop_device->fd,
+                                &verity,
                                 root_image_options,
                                 dissect_image_flags,
                                 &dissected_image);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to dissect image: %m");
 
-                r = dissected_image_decrypt(dissected_image,
+                r = dissected_image_decrypt(
+                                dissected_image,
                                 NULL,
-                                            root_hash ?: root_hash_decoded,
-                                            root_hash_size,
-                                            root_verity ?: verity_data,
-                                            root_hash_sig_path ?: hash_sig_path,
-                                            root_hash_sig,
-                                            root_hash_sig_size,
+                                &verity,
                                 dissect_image_flags,
                                 &decrypted_image);
                 if (r < 0)

src/dissect/dissect.c

@@ -11,6 +11,7 @@
 #include "copy.h"
 #include "dissect-image.h"
 #include "fd-util.h"
+#include "fileio.h"
 #include "format-table.h"
 #include "format-util.h"
 #include "fs-util.h"
@@ -43,19 +44,11 @@ static const char *arg_path = NULL;
 static const char *arg_source = NULL;
 static const char *arg_target = NULL;
 static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK;
-static void *arg_root_hash = NULL;
-static char *arg_verity_data = NULL;
-static size_t arg_root_hash_size = 0;
-static char *arg_root_hash_sig_path = NULL;
-static void *arg_root_hash_sig = NULL;
-static size_t arg_root_hash_sig_size = 0;
+static VeritySettings arg_verity_settings = {};
 static bool arg_json = false;
 static JsonFormatFlags arg_json_format_flags = 0;
 
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done);
 
 static int help(void) {
         _cleanup_free_ char *link = NULL;
@@ -105,10 +98,10 @@ static int parse_argv(int argc, char *argv[]) {
         enum {
                 ARG_VERSION = 0x100,
                 ARG_DISCARD,
-                ARG_ROOT_HASH,
                 ARG_FSCK,
-                ARG_VERITY_DATA,
+                ARG_ROOT_HASH,
                 ARG_ROOT_HASH_SIG,
+                ARG_VERITY_DATA,
                 ARG_MKDIR,
                 ARG_JSON,
         };
@@ -119,10 +112,10 @@ static int parse_argv(int argc, char *argv[]) {
                 { "mount",         no_argument,       NULL, 'm'               },
                 { "read-only",     no_argument,       NULL, 'r'               },
                 { "discard",       required_argument, NULL, ARG_DISCARD       },
-                { "root-hash",     required_argument, NULL, ARG_ROOT_HASH     },
                 { "fsck",          required_argument, NULL, ARG_FSCK          },
-                { "verity-data",   required_argument, NULL, ARG_VERITY_DATA   },
+                { "root-hash",     required_argument, NULL, ARG_ROOT_HASH     },
                 { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
+                { "verity-data",   required_argument, NULL, ARG_VERITY_DATA   },
                 { "mkdir",         no_argument,       NULL, ARG_MKDIR         },
                 { "copy-from",     no_argument,       NULL, 'x'               },
                 { "copy-to",       no_argument,       NULL, 'a'               },
@@ -199,55 +192,47 @@ static int parse_argv(int argc, char *argv[]) {
                 }
 
                 case ARG_ROOT_HASH: {
-                        void *p;
+                        _cleanup_free_ void *p = NULL;
                         size_t l;
 
                         r = unhexmem(optarg, strlen(optarg), &p, &l);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
-                        if (l < sizeof(sd_id128_t)) {
-                                log_error("Root hash must be at least 128bit long: %s", optarg);
-                                free(p);
-                                return -EINVAL;
+                        if (l < sizeof(sd_id128_t))
+                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                                       "Root hash must be at least 128bit long: %s", optarg);
+
+                        free_and_replace(arg_verity_settings.root_hash, p);
+                        arg_verity_settings.root_hash_size = l;
+                        break;
                 }
 
-                        free(arg_root_hash);
-                        arg_root_hash = p;
-                        arg_root_hash_size = l;
+                case ARG_ROOT_HASH_SIG: {
+                        char *value;
+                        size_t l;
+                        void *p;
+
+                        if ((value = startswith(optarg, "base64:"))) {
+                                r = unbase64mem(value, strlen(value), &p, &l);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
+                        } else {
+                                r = read_full_file(optarg, (char**) &p, &l);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to read root hash signature file '%s': %m", optarg);
+                        }
+
+                        free_and_replace(arg_verity_settings.root_hash_sig, p);
+                        arg_verity_settings.root_hash_sig_size = l;
                         break;
                 }
 
                 case ARG_VERITY_DATA:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
+                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_settings.data_path);
                         if (r < 0)
                                 return r;
                         break;
 
-                case ARG_ROOT_HASH_SIG: {
-                        char *value;
-
-                        if ((value = startswith(optarg, "base64:"))) {
-                                void *p;
-                                size_t l;
-
-                                r = unbase64mem(value, strlen(value), &p, &l);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
-
-                                free_and_replace(arg_root_hash_sig, p);
-                                arg_root_hash_sig_size = l;
-                                arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
-                        } else {
-                                r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
-                                if (r < 0)
-                                        return r;
-                                arg_root_hash_sig = mfree(arg_root_hash_sig);
-                                arg_root_hash_sig_size = 0;
-                        }
-
-                        break;
-                }
-
                 case ARG_FSCK:
                         r = parse_boolean(optarg);
                         if (r < 0)
@@ -483,7 +468,7 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
                 if (r < 0)
                         return table_log_add_error(r);
 
-                if (arg_verity_data)
+                if (arg_verity_settings.data_path)
                         r = table_add_cell(t, NULL, TABLE_STRING, "external");
                 else if (dissected_image_can_do_verity(m, i))
                         r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_has_verity(m, i)));
@@ -539,9 +524,7 @@ static int action_mount(DissectedImage *m, LoopDevice *d) {
 
         r = dissected_image_decrypt_interactively(
                         m, NULL,
-                        arg_root_hash, arg_root_hash_size,
-                        arg_verity_data,
-                        arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
+                        &arg_verity_settings,
                         arg_flags,
                         &di);
         if (r < 0)
@@ -573,9 +556,7 @@ static int action_copy(DissectedImage *m, LoopDevice *d) {
 
         r = dissected_image_decrypt_interactively(
                         m, NULL,
-                        arg_root_hash, arg_root_hash_size,
-                        arg_verity_data,
-                        arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
+                        &arg_verity_settings,
                         arg_flags,
                         &di);
         if (r < 0)
@@ -739,34 +720,30 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = verity_metadata_load(
-                        arg_image, NULL,
-                        arg_root_hash ? NULL : &arg_root_hash,
-                        &arg_root_hash_size,
-                        arg_verity_data ? NULL : &arg_verity_data,
-                        arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
+        r = verity_settings_load(
+                        &arg_verity_settings,
+                        arg_image, NULL, NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image);
 
-        r = loop_device_make_by_path(
-                        arg_image,
-                        (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR,
-                        arg_verity_data ? 0 : LO_FLAGS_PARTSCAN,
-                        &d);
-        if (r < 0)
-                return log_error_errno(r, "Failed to set up loopback device: %m");
-
-        if (arg_verity_data)
+        if (arg_verity_settings.data_path)
                 arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system,
                                                                 * hence if there's external Verity data
                                                                 * available we turn off partition table
                                                                 * support */
+
+        r = loop_device_make_by_path(
+                        arg_image,
+                        FLAGS_SET(arg_flags, DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR,
+                        FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
+                        &d);
+        if (r < 0)
+                return log_error_errno(r, "Failed to set up loopback device: %m");
+
         r = dissect_image_and_warn(
                         d->fd,
                         arg_image,
-                        arg_root_hash,
-                        arg_root_hash_size,
-                        arg_verity_data,
+                        &arg_verity_settings,
                         NULL,
                         arg_flags,
                         &m);

src/gpt-auto-generator/gpt-auto-generator.c

@@ -665,7 +665,7 @@ static int enumerate_partitions(dev_t devnum) {
         if (r <= 0)
                 return r;
 
-        r = dissect_image(fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m);
+        r = dissect_image(fd, NULL, NULL, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m);
         if (r == -ENOPKG) {
                 log_debug_errno(r, "No suitable partition table found, ignoring.");
                 return 0;

src/libsystemd/sd-netlink/netlink-types.c

@@ -351,6 +351,12 @@ static const NLType rtnl_link_info_data_xfrm_types[] = {
         [IFLA_XFRM_IF_ID]        = { .type = NETLINK_TYPE_U32 }
 };
 
+static const NLType rtnl_link_info_data_bareudp_types[] = {
+        [IFLA_BAREUDP_PORT]            = { .type = NETLINK_TYPE_U16 },
+        [IFLA_BAREUDP_ETHERTYPE]       = { .type = NETLINK_TYPE_U16 },
+        [IFLA_BAREUDP_SRCPORT_MIN]     = { .type = NETLINK_TYPE_U16 },
+        [IFLA_BAREUDP_MULTIPROTO_MODE] = { .type = NETLINK_TYPE_FLAG },
+};
 /* these strings must match the .kind entries in the kernel */
 static const char* const nl_union_link_info_data_table[] = {
         [NL_UNION_LINK_INFO_DATA_BOND] = "bond",
@@ -384,6 +390,7 @@ static const char* const nl_union_link_info_data_table[] = {
         [NL_UNION_LINK_INFO_DATA_NLMON] = "nlmon",
         [NL_UNION_LINK_INFO_DATA_XFRM] = "xfrm",
         [NL_UNION_LINK_INFO_DATA_IFB] = "ifb",
+        [NL_UNION_LINK_INFO_DATA_BAREUDP] = "bareudp",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(nl_union_link_info_data, NLUnionLinkInfoData);
@@ -439,6 +446,8 @@ static const NLTypeSystem rtnl_link_info_data_type_systems[] = {
                                                        .types = rtnl_link_info_data_macsec_types },
         [NL_UNION_LINK_INFO_DATA_XFRM] =             { .count = ELEMENTSOF(rtnl_link_info_data_xfrm_types),
                                                        .types = rtnl_link_info_data_xfrm_types },
+        [NL_UNION_LINK_INFO_DATA_BAREUDP] =          { .count = ELEMENTSOF(rtnl_link_info_data_bareudp_types),
+                                                       .types = rtnl_link_info_data_bareudp_types },
 };
 
 static const NLTypeSystemUnion rtnl_link_info_data_type_system_union = {

src/libsystemd/sd-netlink/netlink-types.h

@@ -88,6 +88,7 @@ typedef enum NLUnionLinkInfoData {
         NL_UNION_LINK_INFO_DATA_NLMON,
         NL_UNION_LINK_INFO_DATA_XFRM,
         NL_UNION_LINK_INFO_DATA_IFB,
+        NL_UNION_LINK_INFO_DATA_BAREUDP,
         _NL_UNION_LINK_INFO_DATA_MAX,
         _NL_UNION_LINK_INFO_DATA_INVALID = -1
 } NLUnionLinkInfoData;

src/network/meson.build

@@ -1,6 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
 sources = files('''
+        netdev/bareudp.c
+        netdev/bareudp.h
         netdev/bond.c
         netdev/bond.h
         netdev/bridge.c

src/network/netdev/bareudp.c

@@ -0,0 +1,138 @@
+/* SPDX-License-Identifier: LGPL-2.1+
+ * Copyright © 2020 VMware, Inc. */
+
+#include "bareudp.h"
+#include "netlink-util.h"
+#include "networkd-manager.h"
+#include "string-table.h"
+
+static const char* const bare_udp_protocol_table[_BARE_UDP_PROTOCOL_MAX] = {
+        [BARE_UDP_PROTOCOL_IPV4]    = "ipv4",
+        [BARE_UDP_PROTOCOL_IPV6]    = "ipv6",
+        [BARE_UDP_PROTOCOL_MPLS_UC] = "mpls-uc",
+        [BARE_UDP_PROTOCOL_MPLS_MC] = "mpls-mc",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(bare_udp_protocol, BareUDPProtocol);
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bare_udp_iftype, bare_udp_protocol, BareUDPProtocol,
+                         "Failed to parse EtherType=");
+
+/* callback for bareudp netdev's created without a backing Link */
+static int bare_udp_netdev_create_handler(sd_netlink *rtnl, sd_netlink_message *m, NetDev *netdev) {
+        int r;
+
+        assert(netdev);
+        assert(netdev->state != _NETDEV_STATE_INVALID);
+
+        r = sd_netlink_message_get_errno(m);
+        if (r == -EEXIST)
+                log_netdev_info(netdev, "BareUDP netdev exists, using existing without changing its parameters.");
+        else if (r < 0) {
+                log_netdev_warning_errno(netdev, r, "BareUDP netdev could not be created: %m");
+                netdev_drop(netdev);
+
+                return 1;
+        }
+
+        log_netdev_debug(netdev, "BareUDP created.");
+
+        return 1;
+}
+
+static int netdev_bare_udp_create(NetDev *netdev) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        BareUDP *u;
+        int r;
+
+        assert(netdev);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not allocate RTM_NEWLINK message: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, netdev->ifname);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IFNAME, attribute: %m");
+
+        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
+
+        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, netdev_kind_to_string(netdev->kind));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+
+        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_ETHERTYPE, htobe16(u->iftype));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_ETHERTYPE attribute: %m");
+
+        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_PORT, htobe16(u->dest_port));
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_PORT attribute: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
+
+        r = sd_netlink_message_close_container(m);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
+
+        r = netlink_call_async(netdev->manager->rtnl, NULL, m, bare_udp_netdev_create_handler,
+                               netdev_destroy_callback, netdev);
+        if (r < 0)
+                return log_netdev_error_errno(netdev, r, "Could not send rtnetlink message: %m");
+
+        netdev_ref(netdev);
+        netdev->state = NETDEV_STATE_CREATING;
+
+        log_netdev_debug(netdev, "Creating");
+
+        return r;
+}
+
+static int netdev_bare_udp_verify(NetDev *netdev, const char *filename) {
+        BareUDP *u;
+
+        assert(netdev);
+        assert(filename);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        if (u->dest_port == 0)
+                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+                                                "%s: BareUDP DesinationPort= is not set. Ignoring.", filename);
+
+        if (u->iftype == _BARE_UDP_PROTOCOL_INVALID)
+                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+                                                "%s: BareUDP EtherType= is not set. Ignoring.", filename);
+
+        return 0;
+}
+
+static void bare_udp_init(NetDev *netdev) {
+        BareUDP *u;
+
+        assert(netdev);
+
+        u = BAREUDP(netdev);
+
+        assert(u);
+
+        u->iftype = _BARE_UDP_PROTOCOL_INVALID;
+}
+
+const NetDevVTable bare_udp_vtable = {
+        .object_size = sizeof(BareUDP),
+        .sections = NETDEV_COMMON_SECTIONS "BareUDP\0",
+        .init = bare_udp_init,
+        .config_verify = netdev_bare_udp_verify,
+        .create = netdev_bare_udp_create,
+        .create_type = NETDEV_CREATE_INDEPENDENT,
+};

src/network/netdev/bareudp.h

@@ -0,0 +1,34 @@
+/* SPDX-License-Identifier: LGPL-2.1+
+ * Copyright © 2020 VMware, Inc. */
+#pragma once
+
+typedef struct BareUDP BareUDP;
+
+#include <linux/if_ether.h>
+
+#include "conf-parser.h"
+#include "netdev.h"
+
+typedef enum BareUDPProtocol {
+        BARE_UDP_PROTOCOL_IPV4    = ETH_P_IP,
+        BARE_UDP_PROTOCOL_IPV6    = ETH_P_IPV6,
+        BARE_UDP_PROTOCOL_MPLS_UC = ETH_P_MPLS_UC,
+        BARE_UDP_PROTOCOL_MPLS_MC = ETH_P_MPLS_MC,
+        _BARE_UDP_PROTOCOL_MAX,
+        _BARE_UDP_PROTOCOL_INVALID = -1
+} BareUDPProtocol;
+
+struct BareUDP {
+        NetDev meta;
+
+        BareUDPProtocol iftype;
+        uint16_t dest_port;
+};
+
+DEFINE_NETDEV_CAST(BAREUDP, BareUDP);
+extern const NetDevVTable bare_udp_vtable;
+
+const char *bare_udp_protocol_to_string(BareUDPProtocol d) _const_;
+BareUDPProtocol bare_udp_protocol_from_string(const char *d) _pure_;
+
+CONFIG_PARSER_PROTOTYPE(config_parse_bare_udp_iftype);

src/network/netdev/netdev-gperf.gperf

@@ -3,6 +3,7 @@
 _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #endif
 #include <stddef.h>
+#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-parser.h"
@@ -134,6 +135,7 @@ VXLAN.PortRange,                          config_parse_port_range,
 VXLAN.DestinationPort,                    config_parse_ip_port,                      0,                             offsetof(VxLan, dest_port)
 VXLAN.FlowLabel,                          config_parse_flow_label,                   0,                             0
 VXLAN.IPDoNotFragment,                    config_parse_df,                           0,                             offsetof(VxLan, df)
+VXLAN.Independent,                        config_parse_bool,                         0,                             offsetof(VxLan, independent)
 GENEVE.Id,                                config_parse_geneve_vni,                   0,                             offsetof(Geneve, id)
 GENEVE.Remote,                            config_parse_geneve_address,               0,                             offsetof(Geneve, remote)
 GENEVE.TOS,                               config_parse_uint8,                        0,                             offsetof(Geneve, tos)
@@ -213,6 +215,8 @@ Bridge.STP,                               config_parse_tristate,
 Bridge.MulticastIGMPVersion,              config_parse_uint8,                        0,                             offsetof(Bridge, igmp_version)
 VRF.TableId,                              config_parse_uint32,                       0,                             offsetof(Vrf, table) /* deprecated */
 VRF.Table,                                config_parse_uint32,                       0,                             offsetof(Vrf, table)
+BareUDP.DestinationPort,                  config_parse_ip_port,                      0,                             offsetof(BareUDP, dest_port)
+BareUDP.EtherType,                        config_parse_bare_udp_iftype,              0,                             offsetof(BareUDP, iftype)
 WireGuard.FirewallMark,                   config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark)
 WireGuard.FwMark,                         config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark) /* deprecated */
 WireGuard.ListenPort,                     config_parse_wireguard_listen_port,        0,                             offsetof(Wireguard, port)

src/network/netdev/netdev.c

@@ -5,6 +5,7 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
+#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-files.h"
@@ -77,9 +78,11 @@ const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_NLMON] = &nlmon_vtable,
         [NETDEV_KIND_XFRM] = &xfrm_vtable,
         [NETDEV_KIND_IFB] = &ifb_vtable,
+        [NETDEV_KIND_BAREUDP] = &bare_udp_vtable,
 };
 
 static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
+        [NETDEV_KIND_BAREUDP] = "bareudp",
         [NETDEV_KIND_BRIDGE] = "bridge",
         [NETDEV_KIND_BOND] = "bond",
         [NETDEV_KIND_VLAN] = "vlan",
@@ -823,6 +826,9 @@ int netdev_load_one(Manager *manager, const char *filename) {
         case NETDEV_KIND_XFRM:
                 independent = XFRM(netdev)->independent;
                 break;
+        case NETDEV_KIND_VXLAN:
+                independent = VXLAN(netdev)->independent;
+                break;
         default:
                 break;
         }

src/network/netdev/netdev.h

@@ -11,6 +11,7 @@
 #define NETDEV_COMMON_SECTIONS "Match\0NetDev\0"
 /* This is the list of known sections. We need to ignore them in the initial parsing phase. */
 #define NETDEV_OTHER_SECTIONS                     \
+        "-BareUDP\0"                              \
         "-Bond\0"                                 \
         "-Bridge\0"                               \
         "-FooOverUDP\0"                           \
@@ -81,6 +82,7 @@ typedef enum NetDevKind {
         NETDEV_KIND_NLMON,
         NETDEV_KIND_XFRM,
         NETDEV_KIND_IFB,
+        NETDEV_KIND_BAREUDP,
         _NETDEV_KIND_MAX,
         _NETDEV_KIND_TUNNEL, /* Used by config_parse_stacked_netdev() */
         _NETDEV_KIND_INVALID = -1

src/network/netdev/vxlan.c

@@ -25,7 +25,6 @@ static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netli
         int r;
 
         assert(netdev);
-        assert(link);
         assert(m);
 
         v = VXLAN(netdev);
@@ -63,7 +62,7 @@ static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netli
                         return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LOCAL attribute: %m");
         }
 
-        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link->ifindex);
+        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link ? link->ifindex : 0);
         if (r < 0)
                 return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LINK attribute: %m");
 

src/network/netdev/vxlan.h

@@ -56,6 +56,7 @@ struct VxLan {
         bool group_policy;
         bool generic_protocol_extension;
         bool inherit;
+        bool independent;
 
         struct ifla_vxlan_port_range port_range;
 };

src/network/networkd-link.c

@@ -146,7 +146,7 @@ bool link_ipv4ll_enabled(Link *link, AddressFamily mask) {
 
         if (STRPTR_IN_SET(link->kind,
                           "vrf", "wireguard", "ipip", "gre", "ip6gre","ip6tnl", "sit", "vti",
-                          "vti6", "nlmon", "xfrm"))
+                          "vti6", "nlmon", "xfrm", "bareudp"))
                 return false;
 
         /* L3 or L3S mode do not support ARP. */

src/nspawn/nspawn.c

@@ -199,12 +199,7 @@ static bool arg_notify_ready = false;
 static bool arg_use_cgns = true;
 static unsigned long arg_clone_ns_flags = CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS;
 static MountSettingsMask arg_mount_settings = MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_TMPFS_TMP;
-static void *arg_root_hash = NULL;
-static char *arg_verity_data = NULL;
-static char *arg_root_hash_sig_path = NULL;
-static void *arg_root_hash_sig = NULL;
-static size_t arg_root_hash_sig_size = 0;
-static size_t arg_root_hash_size = 0;
+static VeritySettings arg_verity_settings = {};
 static char **arg_syscall_allow_list = NULL;
 static char **arg_syscall_deny_list = NULL;
 #if HAVE_SECCOMP
@@ -248,10 +243,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_oci_bundle, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_property, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_property_message, sd_bus_message_unrefp);
 STATIC_DESTRUCTOR_REGISTER(arg_parameters, strv_freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done);
 STATIC_DESTRUCTOR_REGISTER(arg_syscall_allow_list, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_syscall_deny_list, strv_freep);
 #if HAVE_SECCOMP
@@ -672,6 +664,8 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_PRIVATE_USERS_CHOWN,
                 ARG_NOTIFY_READY,
                 ARG_ROOT_HASH,
+                ARG_ROOT_HASH_SIG,
+                ARG_VERITY_DATA,
                 ARG_SYSTEM_CALL_FILTER,
                 ARG_RLIMIT,
                 ARG_HOSTNAME,
@@ -684,8 +678,6 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_PIPE,
                 ARG_OCI_BUNDLE,
                 ARG_NO_PAGER,
-                ARG_VERITY_DATA,
-                ARG_ROOT_HASH_SIG,
                 ARG_SET_CREDENTIAL,
                 ARG_LOAD_CREDENTIAL,
         };
@@ -743,6 +735,8 @@ static int parse_argv(int argc, char *argv[]) {
                 { "pivot-root",             required_argument, NULL, ARG_PIVOT_ROOT             },
                 { "notify-ready",           required_argument, NULL, ARG_NOTIFY_READY           },
                 { "root-hash",              required_argument, NULL, ARG_ROOT_HASH              },
+                { "root-hash-sig",          required_argument, NULL, ARG_ROOT_HASH_SIG          },
+                { "verity-data",            required_argument, NULL, ARG_VERITY_DATA            },
                 { "system-call-filter",     required_argument, NULL, ARG_SYSTEM_CALL_FILTER     },
                 { "rlimit",                 required_argument, NULL, ARG_RLIMIT                 },
                 { "oom-score-adjust",       required_argument, NULL, ARG_OOM_SCORE_ADJUST       },
@@ -753,8 +747,6 @@ static int parse_argv(int argc, char *argv[]) {
                 { "pipe",                   no_argument,       NULL, ARG_PIPE                   },
                 { "oci-bundle",             required_argument, NULL, ARG_OCI_BUNDLE             },
                 { "no-pager",               no_argument,       NULL, ARG_NO_PAGER               },
-                { "verity-data",            required_argument, NULL, ARG_VERITY_DATA            },
-                { "root-hash-sig",          required_argument, NULL, ARG_ROOT_HASH_SIG          },
                 { "set-credential",         required_argument, NULL, ARG_SET_CREDENTIAL         },
                 { "load-credential",        required_argument, NULL, ARG_LOAD_CREDENTIAL        },
                 {}
@@ -1328,54 +1320,47 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_ROOT_HASH: {
-                        void *k;
+                        _cleanup_free_ void *k = NULL;
                         size_t l;
 
                         r = unhexmem(optarg, strlen(optarg), &k, &l);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse root hash: %s", optarg);
-                        if (l < sizeof(sd_id128_t)) {
-                                free(k);
+                        if (l < sizeof(sd_id128_t))
                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Root hash must be at least 128bit long: %s", optarg);
-                        }
 
-                        free(arg_root_hash);
-                        arg_root_hash = k;
-                        arg_root_hash_size = l;
+                        free_and_replace(arg_verity_settings.root_hash, k);
+                        arg_verity_settings.root_hash_size = l;
                         break;
                 }
 
-                case ARG_VERITY_DATA:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
-                        if (r < 0)
-                                return r;
-                        break;
-
                 case ARG_ROOT_HASH_SIG: {
                         char *value;
+                        size_t l;
+                        void *p;
 
                         if ((value = startswith(optarg, "base64:"))) {
-                                void *p;
-                                size_t l;
-
                                 r = unbase64mem(value, strlen(value), &p, &l);
                                 if (r < 0)
                                         return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
 
-                                free_and_replace(arg_root_hash_sig, p);
-                                arg_root_hash_sig_size = l;
-                                arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
                         } else {
-                                r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
+                                r = read_full_file(optarg, (char**) &p, &l);
                                 if (r < 0)
-                                        return r;
-                                arg_root_hash_sig = mfree(arg_root_hash_sig);
-                                arg_root_hash_sig_size = 0;
+                                        return log_error_errno(r, "Failed parse root hash signature file '%s': %m", optarg);
                         }
 
+                        free_and_replace(arg_verity_settings.root_hash_sig, p);
+                        arg_verity_settings.root_hash_sig_size = l;
                         break;
                 }
 
+                case ARG_VERITY_DATA:
+                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_settings.data_path);
+                        if (r < 0)
+                                return r;
+                        break;
+
                 case ARG_SYSTEM_CALL_FILTER: {
                         bool negative;
                         const char *items;
@@ -5375,14 +5360,16 @@ static int run(int argc, char *argv[]) {
                                 goto finish;
                         }
 
-                        r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
-                                        arg_verity_data ? NULL : &arg_verity_data,
-                                        arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
+                        r = verity_settings_load(
+                                        &arg_verity_settings,
+                                        arg_image, NULL, NULL);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
                                 goto finish;
                         }
-                        dissect_image_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
+
+                        if (arg_verity_settings.data_path)
+                                dissect_image_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE;
                 }
 
                 if (!mkdtemp(tmprootdir)) {
@@ -5398,7 +5385,11 @@ static int run(int argc, char *argv[]) {
                         goto finish;
                 }
 
-                r = loop_device_make_by_path(arg_image, arg_read_only ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &loop);
+                r = loop_device_make_by_path(
+                                arg_image,
+                                arg_read_only ? O_RDONLY : O_RDWR,
+                                FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
+                                &loop);
                 if (r < 0) {
                         log_error_errno(r, "Failed to set up loopback block device: %m");
                         goto finish;
@@ -5407,8 +5398,7 @@ static int run(int argc, char *argv[]) {
                 r = dissect_image_and_warn(
                                 loop->fd,
                                 arg_image,
-                                arg_root_hash, arg_root_hash_size,
-                                arg_verity_data,
+                                &arg_verity_settings,
                                 NULL,
                                 dissect_image_flags,
                                 &dissected_image);
@@ -5425,10 +5415,15 @@ static int run(int argc, char *argv[]) {
                 if (r < 0)
                         goto finish;
 
-                if (!arg_root_hash && dissected_image->can_verity)
+                if (!arg_verity_settings.root_hash && dissected_image->can_verity)
                         log_notice("Note: image %s contains verity information, but no root hash specified! Proceeding without integrity checking.", arg_image);
 
-                r = dissected_image_decrypt_interactively(dissected_image, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size, 0, &decrypted_image);
+                r = dissected_image_decrypt_interactively(
+                                dissected_image,
+                                NULL,
+                                &arg_verity_settings,
+                                0,
+                                &decrypted_image);
                 if (r < 0)
                         goto finish;
 

src/partition/repart.c

@@ -72,6 +72,12 @@
 /* LUKS2 takes off 16M of the partition size with its metadata by default */
 #define LUKS2_METADATA_SIZE (16*1024*1024)
 
+#if !HAVE_LIBCRYPTSETUP
+struct crypt_device;
+static inline void sym_crypt_free(struct crypt_device* cd) {}
+static inline void sym_crypt_freep(struct crypt_device** cd) {}
+#endif
+
 /* Note: When growing and placing new partitions we always align to 4K sector size. It's how newer hard disks
  * are designed, and if everything is aligned to that performance is best. And for older hard disks with 512B
  * sector size devices were generally assumed to have an even number of sectors, hence at the worst we'll
@@ -2369,7 +2375,7 @@ static int partition_encrypt(
                 struct crypt_device **ret_cd,
                 char **ret_volume,
                 int *ret_fd) {
-
+#if HAVE_LIBCRYPTSETUP
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         _cleanup_(erase_and_freep) void *volume_key = NULL;
         _cleanup_free_ char *dm_name = NULL, *vol = NULL;
@@ -2465,9 +2471,13 @@ static int partition_encrypt(
                 *ret_volume = TAKE_PTR(vol);
 
         return 0;
+#else
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libcryptsetup is not supported, cannot encrypt: %m");
+#endif
 }
 
 static int deactivate_luks(struct crypt_device *cd, const char *node) {
+#if HAVE_LIBCRYPTSETUP
         int r;
 
         if (!cd)
@@ -2483,6 +2493,9 @@ static int deactivate_luks(struct crypt_device *cd, const char *node) {
                 return log_error_errno(r, "Failed to deactivate LUKS device: %m");
 
         return 1;
+#else
+        return 0;
+#endif
 }
 
 static int context_copy_blocks(Context *context) {

src/portable/portable.c

@@ -379,7 +379,7 @@ static int portable_extract_by_path(
                 if (r < 0)
                         return log_debug_errno(r, "Failed to create temporary directory: %m");
 
-                r = dissect_image(d->fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
+                r = dissect_image(d->fd, NULL, NULL, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
                 if (r == -ENOPKG)
                         sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't identify a suitable partition table or file system in '%s'.", path);
                 else if (r == -EADDRNOTAVAIL)

src/shared/dissect-image.c

@@ -304,9 +304,7 @@ static void check_partition_flags(
 
 int dissect_image(
                 int fd,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *verity_data,
+                const VeritySettings *verity,
                 const MountOptions *mount_options,
                 DissectImageFlags flags,
                 DissectedImage **ret) {
@@ -328,7 +326,7 @@ int dissect_image(
 
         assert(fd >= 0);
         assert(ret);
-        assert(root_hash || root_hash_size == 0);
+        assert(!verity || verity->root_hash || verity->root_hash_size == 0);
         assert(!((flags & DISSECT_IMAGE_GPT_ONLY) && (flags & DISSECT_IMAGE_NO_PARTITION_TABLE)));
 
         /* Probes a disk image, and returns information about what it found in *ret.
@@ -336,16 +334,16 @@ int dissect_image(
          * Returns -ENOPKG if no suitable partition table or file system could be found.
          * Returns -EADDRNOTAVAIL if a root hash was specified but no matching root/verity partitions found. */
 
-        if (root_hash) {
+        if (verity && verity->root_hash) {
                 /* If a root hash is supplied, then we use the root partition that has a UUID that match the first
                  * 128bit of the root hash. And we use the verity partition that has a UUID that match the final
                  * 128bit. */
 
-                if (root_hash_size < sizeof(sd_id128_t))
+                if (verity->root_hash_size < sizeof(sd_id128_t))
                         return -EINVAL;
 
-                memcpy(&root_uuid, root_hash, sizeof(sd_id128_t));
-                memcpy(&verity_uuid, (const uint8_t*) root_hash + root_hash_size - sizeof(sd_id128_t), sizeof(sd_id128_t));
+                memcpy(&root_uuid, verity->root_hash, sizeof(sd_id128_t));
+                memcpy(&verity_uuid, (const uint8_t*) verity->root_hash + verity->root_hash_size - sizeof(sd_id128_t), sizeof(sd_id128_t));
 
                 if (sd_id128_is_null(root_uuid))
                         return -EINVAL;
@@ -416,8 +414,8 @@ int dissect_image(
                                 return r;
 
                         m->single_file_system = true;
-                        m->verity = root_hash && verity_data;
-                        m->can_verity = !!verity_data;
+                        m->verity = verity && verity->root_hash && verity->data_path;
+                        m->can_verity = verity && verity->data_path;
 
                         options = mount_options_from_designator(mount_options, PARTITION_ROOT);
                         if (options) {
@@ -815,7 +813,7 @@ int dissect_image(
 
                         /* If the root hash was set, then we won't fall back to a generic node, because the
                          * root hash decides. */
-                        if (root_hash)
+                        if (verity && verity->root_hash)
                                 return -EADDRNOTAVAIL;
 
                         /* If we didn't find a generic node, then we can't fix this up either */
@@ -846,7 +844,7 @@ int dissect_image(
                 }
         }
 
-        if (root_hash) {
+        if (verity && verity->root_hash) {
                 if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
                         return -EADDRNOTAVAIL;
 
@@ -1333,14 +1331,20 @@ static int decrypt_partition(
         return 0;
 }
 
-static int verity_can_reuse(const void *root_hash, size_t root_hash_size, bool has_sig, const char *name, struct crypt_device **ret_cd) {
+static int verity_can_reuse(
+                const VeritySettings *verity,
+                const char *name,
+                struct crypt_device **ret_cd) {
+
         /* If the same volume was already open, check that the root hashes match, and reuse it if they do */
         _cleanup_free_ char *root_hash_existing = NULL;
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         struct crypt_params_verity crypt_params = {};
-        size_t root_hash_existing_size = root_hash_size;
+        size_t root_hash_existing_size;
         int r;
 
+        assert(verity);
+        assert(name);
         assert(ret_cd);
 
         r = sym_crypt_init_by_name(&cd, name);
@@ -1351,20 +1355,23 @@ static int verity_can_reuse(const void *root_hash, size_t root_hash_size, bool h
         if (r < 0)
                 return log_debug_errno(r, "Error opening verity device, crypt_get_verity_info failed: %m");
 
-        root_hash_existing = malloc0(root_hash_size);
+        root_hash_existing_size = verity->root_hash_size;
+        root_hash_existing = malloc0(root_hash_existing_size);
         if (!root_hash_existing)
                 return -ENOMEM;
 
         r = sym_crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_existing, &root_hash_existing_size, NULL, 0);
         if (r < 0)
                 return log_debug_errno(r, "Error opening verity device, crypt_volume_key_get failed: %m");
-        if (root_hash_size != root_hash_existing_size || memcmp(root_hash_existing, root_hash, root_hash_size) != 0)
+        if (verity->root_hash_size != root_hash_existing_size ||
+            memcmp(root_hash_existing, verity->root_hash, verity->root_hash_size) != 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Error opening verity device, it already exists but root hashes are different.");
+
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-        /* Ensure that, if signatures are supported, we only reuse the device if the previous mount
-         * used the same settings, so that a previous unsigned mount will not be reused if the user
-         * asks to use signing for the new one, and viceversa. */
-        if (has_sig != !!(crypt_params.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE))
+        /* Ensure that, if signatures are supported, we only reuse the device if the previous mount used the
+         * same settings, so that a previous unsigned mount will not be reused if the user asks to use
+         * signing for the new one, and viceversa. */
+        if (!!verity->root_hash_sig != !!(crypt_params.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE))
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Error opening verity device, it already exists but signature settings are not the same.");
 #endif
 
@@ -1384,29 +1391,24 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(char *, dm_deferred_remove_clean);
 static int verity_partition(
                 DissectedPartition *m,
                 DissectedPartition *v,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *verity_data,
-                const char *root_hash_sig_path,
-                const void *root_hash_sig,
-                size_t root_hash_sig_size,
+                const VeritySettings *verity,
                 DissectImageFlags flags,
                 DecryptedImage *d) {
 
-        _cleanup_free_ char *node = NULL, *name = NULL, *hash_sig_from_file = NULL;
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         _cleanup_(dm_deferred_remove_cleanp) char *restore_deferred_remove = NULL;
+        _cleanup_free_ char *node = NULL, *name = NULL;
         int r;
 
         assert(m);
-        assert(v || verity_data);
+        assert(v || (verity && verity->data_path));
 
-        if (!root_hash)
+        if (!verity || !verity->root_hash)
                 return 0;
 
         if (!m->found || !m->node || !m->fstype)
                 return 0;
-        if (!verity_data) {
+        if (!verity->data_path) {
                 if (!v->found || !v->node || !v->fstype)
                         return 0;
 
@@ -1422,7 +1424,7 @@ static int verity_partition(
                 /* Use the roothash, which is unique per volume, as the device node name, so that it can be reused */
                 _cleanup_free_ char *root_hash_encoded = NULL;
 
-                root_hash_encoded = hexmem(root_hash, root_hash_size);
+                root_hash_encoded = hexmem(verity->root_hash, verity->root_hash_size);
                 if (!root_hash_encoded)
 
                         return -ENOMEM;
@@ -1432,13 +1434,7 @@ static int verity_partition(
         if (r < 0)
                 return r;
 
-        if (!root_hash_sig && root_hash_sig_path) {
-                r = read_full_file_full(AT_FDCWD, root_hash_sig_path, 0, &hash_sig_from_file, &root_hash_sig_size);
-                if (r < 0)
-                        return r;
-        }
-
-        r = sym_crypt_init(&cd, verity_data ?: v->node);
+        r = sym_crypt_init(&cd, verity->data_path ?: v->node);
         if (r < 0)
                 return r;
 
@@ -1459,20 +1455,33 @@ static int verity_partition(
          * In case of ENODEV/ENOENT, which can happen if another process is activating at the exact same time,
          * retry a few times before giving up. */
         for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) {
-                if (root_hash_sig || hash_sig_from_file) {
+                if (verity->root_hash_sig) {
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-                        r = sym_crypt_activate_by_signed_key(cd, name, root_hash, root_hash_size, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, CRYPT_ACTIVATE_READONLY);
+                        r = sym_crypt_activate_by_signed_key(
+                                        cd,
+                                        name,
+                                        verity->root_hash,
+                                        verity->root_hash_size,
+                                        verity->root_hash_sig,
+                                        verity->root_hash_sig_size,
+                                        CRYPT_ACTIVATE_READONLY);
 #else
                         r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()");
 #endif
                 } else
-                        r = sym_crypt_activate_by_volume_key(cd, name, root_hash, root_hash_size, CRYPT_ACTIVATE_READONLY);
+                        r = sym_crypt_activate_by_volume_key(
+                                        cd,
+                                        name,
+                                        verity->root_hash,
+                                        verity->root_hash_size,
+                                        CRYPT_ACTIVATE_READONLY);
                 /* libdevmapper can return EINVAL when the device is already in the activation stage.
                  * There's no way to distinguish this situation from a genuine error due to invalid
                  * parameters, so immediately fall back to activating the device with a unique name.
-                 * Improvements in libcrypsetup can ensure this never happens: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
+                 * Improvements in libcrypsetup can ensure this never happens:
+                 * https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
                 if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                        return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                        return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
                 if (!IN_SET(r,
                             0, /* Success */
                             -EEXIST, /* Volume is already open and ready to be used */
@@ -1495,10 +1504,10 @@ static int verity_partition(
                                 }
                         }
 
-                        r = verity_can_reuse(root_hash, root_hash_size, !!root_hash_sig || !!hash_sig_from_file, name, &existing_cd);
+                        r = verity_can_reuse(verity, name, &existing_cd);
                         /* Same as above, -EINVAL can randomly happen when it actually means -EEXIST */
                         if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                                return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                                return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
                         if (!IN_SET(r, 0, -ENODEV, -ENOENT, -EBUSY))
                                 return log_debug_errno(r, "Checking whether existing verity device %s can be reused failed: %m", node);
                         if (r == 0) {
@@ -1526,7 +1535,7 @@ static int verity_partition(
         /* An existing verity device was reported by libcryptsetup/libdevmapper, but we can't use it at this time.
          * Fall back to activating it with a unique device name. */
         if (r != 0 && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
 
         /* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
         restore_deferred_remove = mfree(restore_deferred_remove);
@@ -1544,12 +1553,7 @@ static int verity_partition(
 int dissected_image_decrypt(
                 DissectedImage *m,
                 const char *passphrase,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *verity_data,
-                const char *root_hash_sig_path,
-                const void *root_hash_sig,
-                size_t root_hash_sig_size,
+                const VeritySettings *verity,
                 DissectImageFlags flags,
                 DecryptedImage **ret) {
 
@@ -1559,7 +1563,7 @@ int dissected_image_decrypt(
 #endif
 
         assert(m);
-        assert(root_hash || root_hash_size == 0);
+        assert(!verity || verity->root_hash || verity->root_hash_size == 0);
 
         /* Returns:
          *
@@ -1569,7 +1573,7 @@ int dissected_image_decrypt(
          *      -EKEYREJECTED → Passed key was not correct
          */
 
-        if (root_hash && root_hash_size < sizeof(sd_id128_t))
+        if (verity && verity->root_hash && verity->root_hash_size < sizeof(sd_id128_t))
                 return -EINVAL;
 
         if (!m->encrypted && !m->verity) {
@@ -1595,7 +1599,7 @@ int dissected_image_decrypt(
 
                 k = PARTITION_VERITY_OF(i);
                 if (k >= 0) {
-                        r = verity_partition(p, m->partitions + k, root_hash, root_hash_size, verity_data, root_hash_sig_path, root_hash_sig, root_hash_sig_size, flags | DISSECT_IMAGE_VERITY_SHARE, d);
+                        r = verity_partition(p, m->partitions + k, verity, flags | DISSECT_IMAGE_VERITY_SHARE, d);
                         if (r < 0)
                                 return r;
                 }
@@ -1618,12 +1622,7 @@ int dissected_image_decrypt(
 int dissected_image_decrypt_interactively(
                 DissectedImage *m,
                 const char *passphrase,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *verity_data,
-                const char *root_hash_sig_path,
-                const void *root_hash_sig,
-                size_t root_hash_sig_size,
+                const VeritySettings *verity,
                 DissectImageFlags flags,
                 DecryptedImage **ret) {
 
@@ -1634,7 +1633,7 @@ int dissected_image_decrypt_interactively(
                 n--;
 
         for (;;) {
-                r = dissected_image_decrypt(m, passphrase, root_hash, root_hash_size, verity_data, root_hash_sig_path, root_hash_sig, root_hash_sig_size, flags, ret);
+                r = dissected_image_decrypt(m, passphrase, verity, flags, ret);
                 if (r >= 0)
                         return r;
                 if (r == -EKEYREJECTED)
@@ -1686,126 +1685,138 @@ int decrypted_image_relinquish(DecryptedImage *d) {
         return 0;
 }
 
-int verity_metadata_load(
-                const char *image,
-                const char *root_hash_path,
-                void **ret_roothash,
-                size_t *ret_roothash_size,
-                char **ret_verity_data,
-                char **ret_roothashsig) {
-
-        _cleanup_free_ char *verity_filename = NULL, *roothashsig_filename = NULL;
-        _cleanup_free_ void *roothash_decoded = NULL;
-        size_t roothash_decoded_size = 0;
-        int r;
+static char *build_auxiliary_path(const char *image, const char *suffix) {
+        const char *e;
+        char *n;
 
+        assert(image);
+        assert(suffix);
+
+        e = endswith(image, ".raw");
+        if (!e)
+                return strjoin(e, suffix);
+
+        n = new(char, e - image + strlen(suffix) + 1);
+        if (!n)
+                return NULL;
+
+        strcpy(mempcpy(n, image, e - image), suffix);
+        return n;
+}
+
+void verity_settings_done(VeritySettings *v) {
+        assert(v);
+
+        v->root_hash = mfree(v->root_hash);
+        v->root_hash_size = 0;
+
+        v->root_hash_sig = mfree(v->root_hash_sig);
+        v->root_hash_sig_size = 0;
+
+        v->data_path = mfree(v->data_path);
+}
+
+int verity_settings_load(
+                VeritySettings *verity,
+                const char *image,
+                const char *root_hash_path,
+                const char *root_hash_sig_path) {
+
+        _cleanup_free_ void *root_hash = NULL, *root_hash_sig = NULL;
+        size_t root_hash_size = 0, root_hash_sig_size = 0;
+        _cleanup_free_ char *verity_data_path = NULL;
+        int r;
+
+        assert(verity);
         assert(image);
 
-        if (is_device_path(image)) {
         /* If we are asked to load the root hash for a device node, exit early */
-                if (ret_roothash)
-                        *ret_roothash = NULL;
-                if (ret_roothash_size)
-                        *ret_roothash_size = 0;
-                if (ret_verity_data)
-                        *ret_verity_data = NULL;
-                if (ret_roothashsig)
-                        *ret_roothashsig = NULL;
+        if (is_device_path(image))
                 return 0;
-        }
 
-        if (ret_verity_data) {
-                char *e;
+        /* We only fill in what isn't already filled in */
 
-                verity_filename = new(char, strlen(image) + STRLEN(".verity") + 1);
-                if (!verity_filename)
-                        return -ENOMEM;
-                strcpy(verity_filename, image);
-                e = endswith(verity_filename, ".raw");
-                if (e)
-                        strcpy(e, ".verity");
-                else
-                        strcat(verity_filename, ".verity");
-
-                r = access(verity_filename, F_OK);
-                if (r < 0) {
-                        if (errno != ENOENT)
-                                return -errno;
-                        verity_filename = mfree(verity_filename);
-                }
-        }
-
-        if (ret_roothashsig) {
-                char *e;
-
-                /* Follow naming convention recommended by the relevant RFC:
-                 * https://tools.ietf.org/html/rfc5751#section-3.2.1 */
-                roothashsig_filename = new(char, strlen(image) + STRLEN(".roothash.p7s") + 1);
-                if (!roothashsig_filename)
-                        return -ENOMEM;
-                strcpy(roothashsig_filename, image);
-                e = endswith(roothashsig_filename, ".raw");
-                if (e)
-                        strcpy(e, ".roothash.p7s");
-                else
-                        strcat(roothashsig_filename, ".roothash.p7s");
-
-                r = access(roothashsig_filename, R_OK);
-                if (r < 0) {
-                        if (errno != ENOENT)
-                                return -errno;
-                        roothashsig_filename = mfree(roothashsig_filename);
-                }
-        }
-
-        if (ret_roothash) {
+        if (!verity->root_hash) {
                 _cleanup_free_ char *text = NULL;
-                assert(ret_roothash_size);
 
                 if (root_hash_path) {
-                        /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
                         r = read_one_line_file(root_hash_path, &text);
                         if (r < 0)
                                 return r;
                 } else {
                         r = getxattr_malloc(image, "user.verity.roothash", &text, true);
                         if (r < 0) {
-                                char *fn, *e, *n;
+                                _cleanup_free_ char *p = NULL;
 
-                                if (!IN_SET(r, -ENODATA, -EOPNOTSUPP, -ENOENT))
+                                if (!IN_SET(r, -ENODATA, -ENOENT) && !ERRNO_IS_NOT_SUPPORTED(r))
                                         return r;
 
-                                fn = newa(char, strlen(image) + STRLEN(".roothash") + 1);
-                                n = stpcpy(fn, image);
-                                e = endswith(fn, ".raw");
-                                if (e)
-                                        n = e;
+                                p = build_auxiliary_path(image, ".roothash");
+                                if (!p)
+                                        return -ENOMEM;
 
-                                strcpy(n, ".roothash");
-
-                                r = read_one_line_file(fn, &text);
+                                r = read_one_line_file(p, &text);
                                 if (r < 0 && r != -ENOENT)
                                         return r;
                         }
                 }
 
                 if (text) {
-                        r = unhexmem(text, strlen(text), &roothash_decoded, &roothash_decoded_size);
+                        r = unhexmem(text, strlen(text), &root_hash, &root_hash_size);
                         if (r < 0)
                                 return r;
-                        if (roothash_decoded_size < sizeof(sd_id128_t))
+                        if (root_hash_size < sizeof(sd_id128_t))
                                 return -EINVAL;
                 }
         }
 
-        if (ret_roothash) {
-                *ret_roothash = TAKE_PTR(roothash_decoded);
-                *ret_roothash_size = roothash_decoded_size;
+        if (!verity->root_hash_sig) {
+                _cleanup_free_ char *p = NULL;
+
+                if (!root_hash_sig_path) {
+                        /* Follow naming convention recommended by the relevant RFC:
+                         * https://tools.ietf.org/html/rfc5751#section-3.2.1 */
+                        p = build_auxiliary_path(image, ".roothash.p7s");
+                        if (!p)
+                                return -ENOMEM;
+
+                        root_hash_sig_path = p;
                 }
-        if (ret_verity_data)
-                *ret_verity_data = TAKE_PTR(verity_filename);
-        if (roothashsig_filename)
-                *ret_roothashsig = TAKE_PTR(roothashsig_filename);
+
+                r = read_full_file_full(AT_FDCWD, root_hash_sig_path, 0, (char**) &root_hash_sig, &root_hash_sig_size);
+                if (r < 0) {
+                        if (r != -ENOENT)
+                                return r;
+                } else if (root_hash_sig_size == 0) /* refuse empty size signatures */
+                        return -EINVAL;
+        }
+
+        if (!verity->data_path) {
+                _cleanup_free_ char *p = NULL;
+
+                p = build_auxiliary_path(image, ".verity");
+                if (!p)
+                        return -ENOMEM;
+
+                if (access(p, F_OK) < 0) {
+                        if (errno != ENOENT)
+                                return -errno;
+                } else
+                        verity_data_path = TAKE_PTR(p);
+        }
+
+        if (root_hash) {
+                verity->root_hash = TAKE_PTR(root_hash);
+                verity->root_hash_size = root_hash_size;
+        }
+
+        if (root_hash_sig) {
+                verity->root_hash_sig = TAKE_PTR(root_hash_sig);
+                verity->root_hash_sig_size = root_hash_sig_size;
+        }
+
+        if (verity_data_path)
+                verity->data_path = TAKE_PTR(verity_data_path);
 
         return 1;
 }
@@ -1988,9 +1999,7 @@ finish:
 int dissect_image_and_warn(
                 int fd,
                 const char *name,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *verity_data,
+                const VeritySettings *verity,
                 const MountOptions *mount_options,
                 DissectImageFlags flags,
                 DissectedImage **ret) {
@@ -2006,7 +2015,7 @@ int dissect_image_and_warn(
                 name = buffer;
         }
 
-        r = dissect_image(fd, root_hash, root_hash_size, verity_data, mount_options, flags, ret);
+        r = dissect_image(fd, verity, mount_options, flags, ret);
 
         switch (r) {
 
@@ -2110,11 +2119,11 @@ int mount_image_privately_interactively(
         if (r < 0)
                 return log_error_errno(r, "Failed to set up loopback device: %m");
 
-        r = dissect_image_and_warn(d->fd, image, NULL, 0, NULL, NULL, flags, &dissected_image);
+        r = dissect_image_and_warn(d->fd, image, NULL, NULL, flags, &dissected_image);
         if (r < 0)
                 return r;
 
-        r = dissected_image_decrypt_interactively(dissected_image, NULL, NULL, 0, NULL, NULL, NULL, 0, flags, &decrypted_image);
+        r = dissected_image_decrypt_interactively(dissected_image, NULL, NULL, flags, &decrypted_image);
         if (r < 0)
                 return r;
 

src/shared/dissect-image.h

@@ -13,6 +13,7 @@ typedef struct DissectedImage DissectedImage;
 typedef struct DissectedPartition DissectedPartition;
 typedef struct DecryptedImage DecryptedImage;
 typedef struct MountOptions MountOptions;
+typedef struct VeritySettings VeritySettings;
 
 struct DissectedPartition {
         bool found:1;
@@ -92,19 +93,32 @@ struct MountOptions {
         LIST_FIELDS(MountOptions, mount_options);
 };
 
+struct VeritySettings {
+        /* Binary root hash for the Verity Merkle tree */
+        void *root_hash;
+        size_t root_hash_size;
+
+        /* PKCS#7 signature of the above */
+        void *root_hash_sig;
+        size_t root_hash_sig_size;
+
+        /* Path to the verity data file, if stored externally */
+        char *data_path;
+};
+
 MountOptions* mount_options_free_all(MountOptions *options);
 DEFINE_TRIVIAL_CLEANUP_FUNC(MountOptions*, mount_options_free_all);
 const char* mount_options_from_designator(const MountOptions *options, PartitionDesignator designator);
 
 int probe_filesystem(const char *node, char **ret_fstype);
-int dissect_image(int fd, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
-int dissect_image_and_warn(int fd, const char *name, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
+int dissect_image(int fd, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
+int dissect_image_and_warn(int fd, const char *name, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
 
 DissectedImage* dissected_image_unref(DissectedImage *m);
 DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
 
-int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret);
-int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret);
+int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret);
+int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret);
 int dissected_image_mount(DissectedImage *m, const char *dest, uid_t uid_shift, DissectImageFlags flags);
 int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, DissectImageFlags flags);
 
@@ -117,7 +131,9 @@ int decrypted_image_relinquish(DecryptedImage *d);
 const char* partition_designator_to_string(PartitionDesignator d) _const_;
 PartitionDesignator partition_designator_from_string(const char *name) _pure_;
 
-int verity_metadata_load(const char *image, const char *root_hash_path, void **ret_roothash, size_t *ret_roothash_size, char **ret_verity_data, char **ret_roothashsig);
+int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
+void verity_settings_done(VeritySettings *verity);
+
 bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator d);
 bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d);
 

src/shared/machine-image.c

@@ -1171,7 +1171,7 @@ int image_read_metadata(Image *i) {
                 if (r < 0)
                         return r;
 
-                r = dissect_image(d->fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
+                r = dissect_image(d->fd, NULL, NULL, DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
                 if (r < 0)
                         return r;
 

src/udev/udev-builtin-input_id.c

@@ -154,17 +154,20 @@ static bool test_pointers(sd_device *dev,
         bool has_rel_coordinates = false;
         bool has_mt_coordinates = false;
         bool has_joystick_axes_or_buttons = false;
+        bool has_pad_buttons = false;
         bool is_direct = false;
         bool has_touch = false;
         bool has_3d_coordinates = false;
         bool has_keys = false;
-        bool stylus_or_pen = false;
+        bool has_stylus = false;
+        bool has_pen = false;
         bool finger_but_no_pen = false;
         bool has_mouse_button = false;
         bool is_mouse = false;
         bool is_touchpad = false;
         bool is_touchscreen = false;
         bool is_tablet = false;
+        bool is_tablet_pad = false;
         bool is_joystick = false;
         bool is_accelerometer = false;
         bool is_pointing_stick = false;
@@ -183,7 +186,8 @@ static bool test_pointers(sd_device *dev,
         }
 
         is_pointing_stick = test_bit(INPUT_PROP_POINTING_STICK, bitmask_props);
-        stylus_or_pen = test_bit(BTN_STYLUS, bitmask_key) || test_bit(BTN_TOOL_PEN, bitmask_key);
+        has_stylus = test_bit(BTN_STYLUS, bitmask_key);
+        has_pen = test_bit(BTN_TOOL_PEN, bitmask_key);
         finger_but_no_pen = test_bit(BTN_TOOL_FINGER, bitmask_key) && !test_bit(BTN_TOOL_PEN, bitmask_key);
         for (button = BTN_MOUSE; button < BTN_JOYSTICK && !has_mouse_button; button++)
                 has_mouse_button = test_bit(button, bitmask_key);
@@ -195,6 +199,7 @@ static bool test_pointers(sd_device *dev,
                 has_mt_coordinates = false;
         is_direct = test_bit(INPUT_PROP_DIRECT, bitmask_props);
         has_touch = test_bit(BTN_TOUCH, bitmask_key);
+        has_pad_buttons = test_bit(BTN_0, bitmask_key) && has_stylus && !has_pen;
 
         /* joysticks don't necessarily have buttons; e. g.
          * rudders/pedals are joystick-like, but buttonless; they have
@@ -216,7 +221,7 @@ static bool test_pointers(sd_device *dev,
                 has_joystick_axes_or_buttons = test_bit(axis, bitmask_abs);
 
         if (has_abs_coordinates) {
-                if (stylus_or_pen)
+                if (has_stylus || has_pen)
                         is_tablet = true;
                 else if (finger_but_no_pen && !is_direct)
                         is_touchpad = true;
@@ -232,7 +237,7 @@ static bool test_pointers(sd_device *dev,
                 is_joystick = true;
 
         if (has_mt_coordinates) {
-                if (stylus_or_pen)
+                if (has_stylus || has_pen)
                         is_tablet = true;
                 else if (finger_but_no_pen && !is_direct)
                         is_touchpad = true;
@@ -240,6 +245,9 @@ static bool test_pointers(sd_device *dev,
                         is_touchscreen = true;
         }
 
+        if (is_tablet && has_pad_buttons)
+                is_tablet_pad = true;
+
         if (!is_tablet && !is_touchpad && !is_joystick &&
             has_mouse_button &&
             (has_rel_coordinates ||
@@ -262,6 +270,8 @@ static bool test_pointers(sd_device *dev,
                 udev_builtin_add_property(dev, test, "ID_INPUT_JOYSTICK", "1");
         if (is_tablet)
                 udev_builtin_add_property(dev, test, "ID_INPUT_TABLET", "1");
+        if (is_tablet_pad)
+                udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1");
 
         return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick;
 }

test/fuzz/fuzz-netdev-parser/directives.netdev

@@ -116,6 +116,7 @@ PortRange=
 UDPChecksum=
 UDP6ZeroCheckSumTx=
 IPDoNotFragment=
+Independent=
 [VXCAN]
 Peer=
 [Bond]
@@ -215,3 +216,6 @@ Activate=
 [Xfrm]
 Independent=
 InterfaceId=
+[BareUDP]
+DestinationPort=
+EtherType=

test/test-network/conf/25-bareudp.netdev

@@ -0,0 +1,7 @@
+[NetDev]
+Kind=bareudp
+Name=bareudp99
+
+[BareUDP]
+DestinationPort=1000
+EtherType=ipv4

test/test-network/conf/25-vxlan-independent.netdev

@@ -0,0 +1,17 @@
+[NetDev]
+Name=vxlan98
+Kind=vxlan
+
+[VXLAN]
+VNI=1000
+L2MissNotification=true
+L3MissNotification=true
+RouteShortCircuit=true
+UDPChecksum=true
+UDP6ZeroChecksumTx=true
+UDP6ZeroChecksumRx=true
+RemoteChecksumTx=true
+RemoteChecksumRx=true
+GroupPolicyExtension=true
+DestinationPort=5556
+Independent=yes

test/test-network/conf/netdev-link-local-addressing-yes.network

@@ -1,4 +1,5 @@
 [Match]
+Name=bareudp99
 Name=ipvlan99
 Name=ipvtap99
 Name=macvlan99
@@ -14,6 +15,7 @@ Name=ifb99
 Name=ipiptun99
 Name=nlmon99
 Name=xfrm99
+Name=vxlan98
 Name=hogehogehogehogehogehoge
 
 [Network]

test/test-network/systemd-networkd-tests.py

@@ -732,6 +732,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
 
     links = [
         '6rdtun99',
+        'bareudp99',
         'bond99',
         'bridge99',
         'dropin-test',
@@ -785,6 +786,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         'vtitun98',
         'vtitun99',
         'vxcan99',
+        'vxlan98',
         'vxlan99',
         'wg97',
         'wg98',
@@ -805,6 +807,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         '21-vlan.netdev',
         '21-vlan.network',
         '25-6rd-tunnel.netdev',
+        '25-bareudp.netdev',
         '25-bond.netdev',
         '25-bond-balanced-tlb.netdev',
         '25-bridge.netdev',
@@ -870,6 +873,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         '25-vti-tunnel-remote-any.netdev',
         '25-vti-tunnel.netdev',
         '25-vxcan.netdev',
+        '25-vxlan-independent.netdev',
         '25-vxlan.netdev',
         '25-wireguard-23-peers.netdev',
         '25-wireguard-23-peers.network',
@@ -950,6 +954,18 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         self.wait_operstate('bridge99', '(off|no-carrier)', setup_state='configuring')
         self.wait_operstate('test1', 'degraded')
 
+    @expectedFailureIfModuleIsNotAvailable('bareudp')
+    def test_bareudp(self):
+        copy_unit_to_networkd_unit_path('25-bareudp.netdev', 'netdev-link-local-addressing-yes.network')
+        start_networkd()
+
+        self.wait_online(['bareudp99:degraded'])
+
+        output = check_output('ip -d link show bareudp99')
+        print(output)
+        self.assertRegex(output, 'dstport 1000 ')
+        self.assertRegex(output, 'ethertype ip ')
+
     def test_bridge(self):
         copy_unit_to_networkd_unit_path('25-bridge.netdev', '25-bridge-configure-without-carrier.network')
         start_networkd()
@@ -1516,10 +1532,11 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
 
     def test_vxlan(self):
         copy_unit_to_networkd_unit_path('25-vxlan.netdev', 'vxlan.network',
+                                        '25-vxlan-independent.netdev', 'netdev-link-local-addressing-yes.network',
                                         '11-dummy.netdev', 'vxlan-test1.network')
         start_networkd()
 
-        self.wait_online(['test1:degraded', 'vxlan99:degraded'])
+        self.wait_online(['test1:degraded', 'vxlan99:degraded', 'vxlan98:degraded'])
 
         output = check_output('ip -d link show vxlan99')
         print(output)
@@ -1546,6 +1563,9 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         self.assertRegex(output, 'Destination Port: 5555')
         self.assertRegex(output, 'Underlying Device: test1')
 
+        output = check_output('ip -d link show vxlan98')
+        print(output)
+
     def test_macsec(self):
         copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key',
                                         'macsec.network', '12-dummy.netdev')