Add single sign-on support via SSPI on Windows (#8463)

* Add single sign-on support via SSPI on Windows

* Ensure plugins implement interface

* Ensure plugins implement interface

* Move functions used only by the SSPI auth method to sspi_windows.go

* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected

* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.

* Update documentation for the new 'SPNEGO with SSPI' login source

* Mention in documentation that ROOT_URL should contain the FQDN of the server

* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)

* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)

* Add option in SSPIConfig for removing of domains from logon names

* Update helper text for StripDomainNames option

* Make sure handleSignIn() is called after a new user object is created by SSPI auth method

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates

* Remove code duplication

* Log errors in ActiveLoginSources

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert suffix of randomly generated E-mails for Reverse proxy authentication

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert unneeded white-space change in template

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add copyright comments at the top of new files

* Use loopback name for randomly generated emails

* Add locale tag for the SSPISeparatorReplacement field with proper casing

* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields

* Update docs/content/doc/features/authentication.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Remove Priority() method and define the order in which SSO auth methods should be executed in one place

* Log authenticated username only if it's not empty

* Rephrase helper text for automatic creation of users

* Return error if more than one active SSPI auth source is found

* Change newUser() function to return error, letting caller log/handle the error

* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed

* Refactor initialization of the list containing SSO auth methods

* Validate SSPI settings on POST

* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page

* Make 'Default language' in SSPI config empty, unless changed by admin

* Show error if admin tries to add a second authentication source of type SSPI

* Simplify declaration of global variable

* Rebuild gitgraph.js on Linux

* Make sure config values containing only whitespace are not accepted

docs/content/doc/features/authentication.en-us.md

@@ -216,3 +216,42 @@ configure this, set the fields below:
 
 - Log in to Gitea as an Administrator and click on "Authentication" under Admin Panel.
   Then click `Add New Source` and fill in the details, changing all where appropriate.
+
+## SPNEGO with SSPI (Kerberos/NTLM, for Windows only)
+
+Gitea supports SPNEGO single sign-on authentication (the scheme defined by RFC4559) for the web part of the server via the Security Support Provider Interface (SSPI) built in Windows. SSPI works only in Windows environments - when both the server and the clients are running Windows.
+
+Before activating SSPI single sign-on authentication (SSO) you have to prepare your environment:
+
+- Create a separate user account in active directory, under which the `gitea.exe` process will be running (eg. `user` under domain `domain.local`):
+
+- Create a service principal name for the host where `gitea.exe` is running with class `HTTP`:
+  - Start `Command Prompt` or `PowerShell` as a priviledged domain user (eg. Domain Administrator)
+  - Run the command below, replacing `host.domain.local` with the fully qualified domain name (FQDN) of the server where the web application will be running, and `domain\user` with the name of the account created in the previous step:
+  ```
+    setspn -A HTTP/host.domain.local domain\user
+  ```
+
+- Sign in (*sign out if you were already signed in*) with the user created
+
+- Make sure that `ROOT_URL` in the `[server]` section of `custom/conf/app.ini` is the fully qualified domain name of the server where the web application will be running - the same you used when creating the service principal name (eg. `host.domain.local`)
+
+- Start the web server (`gitea.exe web`)
+
+- Enable SSPI authentication by adding an `SPNEGO with SSPI` authentication source in `Site Administration -> Authentication Sources`
+
+- Sign in to a client computer in the same domain with any domain user (client computer, different from the server running `gitea.exe`)
+
+- If you are using Chrome, Edge or Internet Explorer, add the URL of the web app to the Local intranet sites (`Internet Options -> Security -> Local intranet -> Sites`)
+
+- Start Chrome, Edge or Internet Explorer and navigate to the FQDN URL of gitea (eg. `http://host.domain.local:3000`)
+
+- Click the `Sign In` button on the dashboard and choose SSPI to be automatically logged in with the same user that is currently logged on to the computer
+
+- If it does not work, make sure that:
+  - You are not running the web browser on the same server where gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are runnning on the same computer NTLM will be prefered over Kerberos.
+  - There is only one `HTTP/...` SPN for the host
+  - The SPN contains only the hostname, without the port
+  - You have added the URL of the web app to the `Local intranet zone`
+  - The clocks of the server and client should not differ with more than 5 minutes (depends on group policy)
+  - `Integrated Windows Authentication` should be enabled in Internet Explorer (under `Advanced settings`)

go.mod

@@ -78,6 +78,7 @@ require (
 	github.com/pquerna/otp v0.0.0-20160912161815-54653902c20e
 	github.com/prometheus/client_golang v1.1.0
 	github.com/prometheus/procfs v0.0.4 // indirect
+	github.com/quasoft/websspi v1.0.0
 	github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001 // indirect
 	github.com/russross/blackfriday/v2 v2.0.1
 	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
@@ -101,7 +102,7 @@ require (
 	golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f
 	golang.org/x/net v0.0.0-20191101175033-0deb6923b6d9
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/sys v0.0.0-20190910064555-bbd175535a8b
+	golang.org/x/sys v0.0.0-20191010194322-b09406accb47
 	golang.org/x/text v0.3.2
 	golang.org/x/tools v0.0.0-20190910221609-7f5965fd7709 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect

go.sum

@@ -459,6 +459,8 @@ github.com/prometheus/procfs v0.0.4 h1:w8DjqFMJDjuVwdZBQoOozr4MVWOnwF7RcL/7uxBjY
 github.com/prometheus/procfs v0.0.4/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/prometheus/tsdb v0.10.0/go.mod h1:oi49uRhEe9dPUTlS3JRZOwJuVi6tmh10QSgwXEyGCt4=
+github.com/quasoft/websspi v1.0.0 h1:5nDgdM5xSur9s+B5w2xQ5kxf5nUGqgFgU4W0aDLZ8Mw=
+github.com/quasoft/websspi v1.0.0/go.mod h1:HmVdl939dQ0WIXZhyik+ARdI03M6bQzaSEKcgpFmewk=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001 h1:YDeskXpkNDhPdWN3REluVa46HQOVuVkjkd2sWnrABNQ=
 github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
@@ -656,8 +658,8 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190910064555-bbd175535a8b h1:3S2h5FadpNr0zUUCVZjlKIEYF+KaX/OBplTGo89CYHI=
-golang.org/x/sys v0.0.0-20190910064555-bbd175535a8b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47 h1:/XfQ9z7ib8eEJX2hdgFTZJ/ntt0swNk5oYBziWeTCvY=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=

models/login_source.go

@@ -39,6 +39,7 @@ const (
 	LoginPAM              // 4
 	LoginDLDAP            // 5
 	LoginOAuth2           // 6
+	LoginSSPI             // 7
 )
 
 // LoginNames contains the name of LoginType values.
@@ -48,6 +49,7 @@ var LoginNames = map[LoginType]string{
 	LoginSMTP:   "SMTP",
 	LoginPAM:    "PAM",
 	LoginOAuth2: "OAuth2",
+	LoginSSPI:   "SPNEGO with SSPI",
 }
 
 // SecurityProtocolNames contains the name of SecurityProtocol values.
@@ -63,6 +65,7 @@ var (
 	_ core.Conversion = &SMTPConfig{}
 	_ core.Conversion = &PAMConfig{}
 	_ core.Conversion = &OAuth2Config{}
+	_ core.Conversion = &SSPIConfig{}
 )
 
 // LDAPConfig holds configuration for LDAP login source.
@@ -140,6 +143,25 @@ func (cfg *OAuth2Config) ToDB() ([]byte, error) {
 	return json.Marshal(cfg)
 }
 
+// SSPIConfig holds configuration for SSPI single sign-on.
+type SSPIConfig struct {
+	AutoCreateUsers      bool
+	AutoActivateUsers    bool
+	StripDomainNames     bool
+	SeparatorReplacement string
+	DefaultLanguage      string
+}
+
+// FromDB fills up an SSPIConfig from serialized format.
+func (cfg *SSPIConfig) FromDB(bs []byte) error {
+	return json.Unmarshal(bs, cfg)
+}
+
+// ToDB exports an SSPIConfig to a serialized format.
+func (cfg *SSPIConfig) ToDB() ([]byte, error) {
+	return json.Marshal(cfg)
+}
+
 // LoginSource represents an external way for authorizing users.
 type LoginSource struct {
 	ID            int64 `xorm:"pk autoincr"`
@@ -176,6 +198,8 @@ func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
 			source.Cfg = new(PAMConfig)
 		case LoginOAuth2:
 			source.Cfg = new(OAuth2Config)
+		case LoginSSPI:
+			source.Cfg = new(SSPIConfig)
 		default:
 			panic("unrecognized login source type: " + com.ToStr(*val))
 		}
@@ -212,6 +236,11 @@ func (source *LoginSource) IsOAuth2() bool {
 	return source.Type == LoginOAuth2
 }
 
+// IsSSPI returns true of this source is of the SSPI type.
+func (source *LoginSource) IsSSPI() bool {
+	return source.Type == LoginSSPI
+}
+
 // HasTLS returns true of this source supports TLS.
 func (source *LoginSource) HasTLS() bool {
 	return ((source.IsLDAP() || source.IsDLDAP()) &&
@@ -264,6 +293,11 @@ func (source *LoginSource) OAuth2() *OAuth2Config {
 	return source.Cfg.(*OAuth2Config)
 }
 
+// SSPI returns SSPIConfig for this source, if of SSPI type.
+func (source *LoginSource) SSPI() *SSPIConfig {
+	return source.Cfg.(*SSPIConfig)
+}
+
 // CreateLoginSource inserts a LoginSource in the DB if not already
 // existing with the given name.
 func CreateLoginSource(source *LoginSource) error {
@@ -300,6 +334,38 @@ func LoginSources() ([]*LoginSource, error) {
 	return auths, x.Find(&auths)
 }
 
+// LoginSourcesByType returns all sources of the specified type
+func LoginSourcesByType(loginType LoginType) ([]*LoginSource, error) {
+	sources := make([]*LoginSource, 0, 1)
+	if err := x.Where("type = ?", loginType).Find(&sources); err != nil {
+		return nil, err
+	}
+	return sources, nil
+}
+
+// ActiveLoginSources returns all active sources of the specified type
+func ActiveLoginSources(loginType LoginType) ([]*LoginSource, error) {
+	sources := make([]*LoginSource, 0, 1)
+	if err := x.Where("is_actived = ? and type = ?", true, loginType).Find(&sources); err != nil {
+		return nil, err
+	}
+	return sources, nil
+}
+
+// IsSSPIEnabled returns true if there is at least one activated login
+// source of type LoginSSPI
+func IsSSPIEnabled() bool {
+	if !HasEngine {
+		return false
+	}
+	sources, err := ActiveLoginSources(LoginSSPI)
+	if err != nil {
+		log.Error("ActiveLoginSources: %v", err)
+		return false
+	}
+	return len(sources) > 0
+}
+
 // GetLoginSourceByID returns login source by given ID.
 func GetLoginSourceByID(id int64) (*LoginSource, error) {
 	source := new(LoginSource)
@@ -719,8 +785,8 @@ func UserSignIn(username, password string) (*User, error) {
 	}
 
 	for _, source := range sources {
-		if source.IsOAuth2() {
-			// don't try to authenticate against OAuth2 sources
+		if source.IsOAuth2() || source.IsSSPI() {
+			// don't try to authenticate against OAuth2 and SSPI sources here
 			continue
 		}
 		authUser, err := ExternalUserLogin(nil, username, password, source, true)

modules/auth/auth.go

@@ -8,19 +8,14 @@ package auth
 import (
 	"reflect"
 	"strings"
-	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/validation"
 
 	"gitea.com/macaron/binding"
 	"gitea.com/macaron/macaron"
 	"gitea.com/macaron/session"
-	gouuid "github.com/satori/go.uuid"
 	"github.com/unknwon/com"
 )
 
@@ -29,92 +24,6 @@ func IsAPIPath(url string) bool {
 	return strings.HasPrefix(url, "/api/")
 }
 
-// IsAttachmentDownload check if request is a file download (GET) with URL to an attachment
-func IsAttachmentDownload(ctx *macaron.Context) bool {
-	return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET"
-}
-
-// SignedInID returns the id of signed in user.
-func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
-	if !models.HasEngine {
-		return 0
-	}
-
-	// Check access token.
-	if IsAPIPath(ctx.Req.URL.Path) || IsAttachmentDownload(ctx) {
-		tokenSHA := ctx.Query("token")
-		if len(tokenSHA) == 0 {
-			tokenSHA = ctx.Query("access_token")
-		}
-		if len(tokenSHA) == 0 {
-			// Well, check with header again.
-			auHead := ctx.Req.Header.Get("Authorization")
-			if len(auHead) > 0 {
-				auths := strings.Fields(auHead)
-				if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
-					tokenSHA = auths[1]
-				}
-			}
-		}
-
-		// Let's see if token is valid.
-		if len(tokenSHA) > 0 {
-			if strings.Contains(tokenSHA, ".") {
-				uid := CheckOAuthAccessToken(tokenSHA)
-				if uid != 0 {
-					ctx.Data["IsApiToken"] = true
-				}
-				return uid
-			}
-			t, err := models.GetAccessTokenBySHA(tokenSHA)
-			if err != nil {
-				if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
-					log.Error("GetAccessTokenBySHA: %v", err)
-				}
-				return 0
-			}
-			t.UpdatedUnix = timeutil.TimeStampNow()
-			if err = models.UpdateAccessToken(t); err != nil {
-				log.Error("UpdateAccessToken: %v", err)
-			}
-			ctx.Data["IsApiToken"] = true
-			return t.UID
-		}
-	}
-
-	uid := sess.Get("uid")
-	if uid == nil {
-		return 0
-	} else if id, ok := uid.(int64); ok {
-		return id
-	}
-	return 0
-}
-
-// CheckOAuthAccessToken returns uid of user from oauth token token
-func CheckOAuthAccessToken(accessToken string) int64 {
-	// JWT tokens require a "."
-	if !strings.Contains(accessToken, ".") {
-		return 0
-	}
-	token, err := models.ParseOAuth2Token(accessToken)
-	if err != nil {
-		log.Trace("ParseOAuth2Token: %v", err)
-		return 0
-	}
-	var grant *models.OAuth2Grant
-	if grant, err = models.GetOAuth2GrantByID(token.GrantID); err != nil || grant == nil {
-		return 0
-	}
-	if token.Type != models.TypeAccessToken {
-		return 0
-	}
-	if token.ExpiresAt < time.Now().Unix() || token.IssuedAt > time.Now().Unix() {
-		return 0
-	}
-	return grant.UserID
-}
-
 // SignedInUser returns the user object of signed user.
 // It returns a bool value to indicate whether user uses basic auth or not.
 func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
@@ -122,125 +31,18 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 		return nil, false
 	}
 
-	if uid := SignedInID(ctx, sess); uid > 0 {
-		user, err := models.GetUserByID(uid)
-		if err == nil {
-			return user, false
-		} else if !models.IsErrUserNotExist(err) {
-			log.Error("GetUserById: %v", err)
+	// Try to sign in with each of the enabled plugins
+	for _, ssoMethod := range sso.Methods() {
+		if !ssoMethod.IsEnabled() {
+			continue
 		}
-	}
-
-	if setting.Service.EnableReverseProxyAuth {
-		webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
-		if len(webAuthUser) > 0 {
-			u, err := models.GetUserByName(webAuthUser)
-			if err != nil {
-				if !models.IsErrUserNotExist(err) {
-					log.Error("GetUserByName: %v", err)
-					return nil, false
-				}
-
-				// Check if enabled auto-registration.
-				if setting.Service.EnableReverseProxyAutoRegister {
-					email := gouuid.NewV4().String() + "@localhost"
-					if setting.Service.EnableReverseProxyEmail {
-						webAuthEmail := ctx.Req.Header.Get(setting.ReverseProxyAuthEmail)
-						if len(webAuthEmail) > 0 {
-							email = webAuthEmail
-						}
-					}
-					u := &models.User{
-						Name:     webAuthUser,
-						Email:    email,
-						Passwd:   webAuthUser,
-						IsActive: true,
-					}
-					if err = models.CreateUser(u); err != nil {
-						// FIXME: should I create a system notice?
-						log.Error("CreateUser: %v", err)
-						return nil, false
-					}
-					return u, false
-				}
-			}
-			return u, false
+		user := ssoMethod.VerifyAuthData(ctx, sess)
+		if user != nil {
+			_, isBasic := ssoMethod.(*sso.Basic)
+			return user, isBasic
 		}
 	}
 
-	// Check with basic auth.
-	baHead := ctx.Req.Header.Get("Authorization")
-	if len(baHead) > 0 {
-		auths := strings.Fields(baHead)
-		if len(auths) == 2 && auths[0] == "Basic" {
-			var u *models.User
-
-			uname, passwd, _ := base.BasicAuthDecode(auths[1])
-
-			// Check if username or password is a token
-			isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
-			// Assume username is token
-			authToken := uname
-			if !isUsernameToken {
-				// Assume password is token
-				authToken = passwd
-			}
-
-			uid := CheckOAuthAccessToken(authToken)
-			if uid != 0 {
-				var err error
-				ctx.Data["IsApiToken"] = true
-
-				u, err = models.GetUserByID(uid)
-				if err != nil {
-					log.Error("GetUserByID:  %v", err)
-					return nil, false
-				}
-			}
-			token, err := models.GetAccessTokenBySHA(authToken)
-			if err == nil {
-				if isUsernameToken {
-					u, err = models.GetUserByID(token.UID)
-					if err != nil {
-						log.Error("GetUserByID:  %v", err)
-						return nil, false
-					}
-				} else {
-					u, err = models.GetUserByName(uname)
-					if err != nil {
-						log.Error("GetUserByID:  %v", err)
-						return nil, false
-					}
-					if u.ID != token.UID {
-						return nil, false
-					}
-				}
-				token.UpdatedUnix = timeutil.TimeStampNow()
-				if err = models.UpdateAccessToken(token); err != nil {
-					log.Error("UpdateAccessToken:  %v", err)
-				}
-			} else if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
-				log.Error("GetAccessTokenBySha: %v", err)
-			}
-
-			if u == nil {
-				if !setting.Service.EnableBasicAuth {
-					return nil, false
-				}
-				u, err = models.UserSignIn(uname, passwd)
-				if err != nil {
-					if !models.IsErrUserNotExist(err) {
-						log.Error("UserSignIn: %v", err)
-					}
-					return nil, false
-				}
-			} else {
-				ctx.Data["IsApiToken"] = true
-			}
-
-			return u, true
-		}
-	}
 	return nil, false
 }
 

modules/auth/auth_form.go

@@ -12,7 +12,7 @@ import (
 // AuthenticationForm form for authentication
 type AuthenticationForm struct {
 	ID                            int64
-	Type                          int    `binding:"Range(2,6)"`
+	Type                          int    `binding:"Range(2,7)"`
 	Name                          string `binding:"Required;MaxSize(30)"`
 	Host                          string
 	Port                          int
@@ -49,6 +49,11 @@ type AuthenticationForm struct {
 	Oauth2AuthURL                 string
 	Oauth2ProfileURL              string
 	Oauth2EmailURL                string
+	SSPIAutoCreateUsers           bool
+	SSPIAutoActivateUsers         bool
+	SSPIStripDomainNames          bool
+	SSPISeparatorReplacement      string `binding:"AlphaDashDot;MaxSize(5)"`
+	SSPIDefaultLanguage           string
 }
 
 // Validate validates fields

modules/auth/sso/basic.go

@@ -0,0 +1,125 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+)
+
+// Ensure the struct implements the interface.
+var (
+	_ SingleSignOn = &Basic{}
+)
+
+// Basic implements the SingleSignOn interface and authenticates requests (API requests
+// only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
+// header.
+type Basic struct {
+}
+
+// Init does nothing as the Basic implementation does not need to allocate any resources
+func (b *Basic) Init() error {
+	return nil
+}
+
+// Free does nothing as the Basic implementation does not have to release any resources
+func (b *Basic) Free() error {
+	return nil
+}
+
+// IsEnabled returns true as this plugin is enabled by default and its not possible to disable
+// it from settings.
+func (b *Basic) IsEnabled() bool {
+	return setting.Service.EnableBasicAuth
+}
+
+// VerifyAuthData extracts and validates Basic data (username and password/token) from the
+// "Authorization" header of the request and returns the corresponding user object for that
+// name/token on successful validation.
+// Returns nil if header is empty or validation fails.
+func (b *Basic) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User {
+	baHead := ctx.Req.Header.Get("Authorization")
+	if len(baHead) == 0 {
+		return nil
+	}
+
+	auths := strings.Fields(baHead)
+	if len(auths) != 2 || auths[0] != "Basic" {
+		return nil
+	}
+
+	var u *models.User
+	uname, passwd, _ := base.BasicAuthDecode(auths[1])
+
+	// Check if username or password is a token
+	isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
+	// Assume username is token
+	authToken := uname
+	if !isUsernameToken {
+		// Assume password is token
+		authToken = passwd
+	}
+
+	uid := CheckOAuthAccessToken(authToken)
+	if uid != 0 {
+		var err error
+		ctx.Data["IsApiToken"] = true
+
+		u, err = models.GetUserByID(uid)
+		if err != nil {
+			log.Error("GetUserByID:  %v", err)
+			return nil
+		}
+	}
+	token, err := models.GetAccessTokenBySHA(authToken)
+	if err == nil {
+		if isUsernameToken {
+			u, err = models.GetUserByID(token.UID)
+			if err != nil {
+				log.Error("GetUserByID:  %v", err)
+				return nil
+			}
+		} else {
+			u, err = models.GetUserByName(uname)
+			if err != nil {
+				log.Error("GetUserByID:  %v", err)
+				return nil
+			}
+			if u.ID != token.UID {
+				return nil
+			}
+		}
+		token.UpdatedUnix = timeutil.TimeStampNow()
+		if err = models.UpdateAccessToken(token); err != nil {
+			log.Error("UpdateAccessToken:  %v", err)
+		}
+	} else if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
+		log.Error("GetAccessTokenBySha: %v", err)
+	}
+
+	if u == nil {
+		u, err = models.UserSignIn(uname, passwd)
+		if err != nil {
+			if !models.IsErrUserNotExist(err) {
+				log.Error("UserSignIn: %v", err)
+			}
+			return nil
+		}
+	} else {
+		ctx.Data["IsApiToken"] = true
+	}
+
+	return u
+}

modules/auth/sso/interface.go

@@ -0,0 +1,33 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"code.gitea.io/gitea/models"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+)
+
+// SingleSignOn represents a SSO authentication method (plugin) for HTTP requests.
+type SingleSignOn interface {
+	// Init should be called exactly once before using any of the other methods,
+	// in order to allow the plugin to allocate necessary resources
+	Init() error
+
+	// Free should be called exactly once before application closes, in order to
+	// give chance to the plugin to free any allocated resources
+	Free() error
+
+	// IsEnabled checks if the current SSO method has been enabled in settings.
+	IsEnabled() bool
+
+	// VerifyAuthData tries to verify the SSO authentication data contained in the request.
+	// If verification is successful returns either an existing user object (with id > 0)
+	// or a new user object (with id = 0) populated with the information that was found
+	// in the authentication data (username or email).
+	// Returns nil if verification fails.
+	VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User
+}

modules/auth/sso/oauth2.go

@@ -0,0 +1,142 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"strings"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+)
+
+// Ensure the struct implements the interface.
+var (
+	_ SingleSignOn = &OAuth2{}
+)
+
+// CheckOAuthAccessToken returns uid of user from oauth token
+func CheckOAuthAccessToken(accessToken string) int64 {
+	// JWT tokens require a "."
+	if !strings.Contains(accessToken, ".") {
+		return 0
+	}
+	token, err := models.ParseOAuth2Token(accessToken)
+	if err != nil {
+		log.Trace("ParseOAuth2Token: %v", err)
+		return 0
+	}
+	var grant *models.OAuth2Grant
+	if grant, err = models.GetOAuth2GrantByID(token.GrantID); err != nil || grant == nil {
+		return 0
+	}
+	if token.Type != models.TypeAccessToken {
+		return 0
+	}
+	if token.ExpiresAt < time.Now().Unix() || token.IssuedAt > time.Now().Unix() {
+		return 0
+	}
+	return grant.UserID
+}
+
+// OAuth2 implements the SingleSignOn interface and authenticates requests
+// (API requests only) by looking for an OAuth token in query parameters or the
+// "Authorization" header.
+type OAuth2 struct {
+}
+
+// Init does nothing as the OAuth2 implementation does not need to allocate any resources
+func (o *OAuth2) Init() error {
+	return nil
+}
+
+// Free does nothing as the OAuth2 implementation does not have to release any resources
+func (o *OAuth2) Free() error {
+	return nil
+}
+
+// userIDFromToken returns the user id corresponding to the OAuth token.
+func (o *OAuth2) userIDFromToken(ctx *macaron.Context) int64 {
+	// Check access token.
+	tokenSHA := ctx.Query("token")
+	if len(tokenSHA) == 0 {
+		tokenSHA = ctx.Query("access_token")
+	}
+	if len(tokenSHA) == 0 {
+		// Well, check with header again.
+		auHead := ctx.Req.Header.Get("Authorization")
+		if len(auHead) > 0 {
+			auths := strings.Fields(auHead)
+			if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
+				tokenSHA = auths[1]
+			}
+		}
+	}
+	if len(tokenSHA) == 0 {
+		return 0
+	}
+
+	// Let's see if token is valid.
+	if strings.Contains(tokenSHA, ".") {
+		uid := CheckOAuthAccessToken(tokenSHA)
+		if uid != 0 {
+			ctx.Data["IsApiToken"] = true
+		}
+		return uid
+	}
+	t, err := models.GetAccessTokenBySHA(tokenSHA)
+	if err != nil {
+		if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
+			log.Error("GetAccessTokenBySHA: %v", err)
+		}
+		return 0
+	}
+	t.UpdatedUnix = timeutil.TimeStampNow()
+	if err = models.UpdateAccessToken(t); err != nil {
+		log.Error("UpdateAccessToken: %v", err)
+	}
+	ctx.Data["IsApiToken"] = true
+	return t.UID
+}
+
+// IsEnabled returns true as this plugin is enabled by default and its not possible
+// to disable it from settings.
+func (o *OAuth2) IsEnabled() bool {
+	return true
+}
+
+// VerifyAuthData extracts the user ID from the OAuth token in the query parameters
+// or the "Authorization" header and returns the corresponding user object for that ID.
+// If verification is successful returns an existing user object.
+// Returns nil if verification fails.
+func (o *OAuth2) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User {
+	if !models.HasEngine {
+		return nil
+	}
+
+	if !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
+		return nil
+	}
+
+	id := o.userIDFromToken(ctx)
+	if id <= 0 {
+		return nil
+	}
+
+	user, err := models.GetUserByID(id)
+	if err != nil {
+		if !models.IsErrUserNotExist(err) {
+			log.Error("GetUserByName: %v", err)
+		}
+		return nil
+	}
+
+	return user
+}

modules/auth/sso/reverseproxy.go

@@ -0,0 +1,115 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+	gouuid "github.com/satori/go.uuid"
+)
+
+// Ensure the struct implements the interface.
+var (
+	_ SingleSignOn = &ReverseProxy{}
+)
+
+// ReverseProxy implements the SingleSignOn interface, but actually relies on
+// a reverse proxy for authentication of users.
+// On successful authentication the proxy is expected to populate the username in the
+// "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the
+// user in the "setting.ReverseProxyAuthEmail" header.
+type ReverseProxy struct {
+}
+
+// getUserName extracts the username from the "setting.ReverseProxyAuthUser" header
+func (r *ReverseProxy) getUserName(ctx *macaron.Context) string {
+	webAuthUser := strings.TrimSpace(ctx.Req.Header.Get(setting.ReverseProxyAuthUser))
+	if len(webAuthUser) == 0 {
+		return ""
+	}
+	return webAuthUser
+}
+
+// Init does nothing as the ReverseProxy implementation does not need initialization
+func (r *ReverseProxy) Init() error {
+	return nil
+}
+
+// Free does nothing as the ReverseProxy implementation does not have to release resources
+func (r *ReverseProxy) Free() error {
+	return nil
+}
+
+// IsEnabled checks if EnableReverseProxyAuth setting is true
+func (r *ReverseProxy) IsEnabled() bool {
+	return setting.Service.EnableReverseProxyAuth
+}
+
+// VerifyAuthData extracts the username from the "setting.ReverseProxyAuthUser" header
+// of the request and returns the corresponding user object for that name.
+// Verification of header data is not performed as it should have already been done by
+// the revese proxy.
+// If a username is available in the "setting.ReverseProxyAuthUser" header an existing
+// user object is returned (populated with username or email found in header).
+// Returns nil if header is empty.
+func (r *ReverseProxy) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User {
+	username := r.getUserName(ctx)
+	if len(username) == 0 {
+		return nil
+	}
+
+	user, err := models.GetUserByName(username)
+	if err != nil {
+		if models.IsErrUserNotExist(err) && r.isAutoRegisterAllowed() {
+			return r.newUser(ctx)
+		}
+		log.Error("GetUserByName: %v", err)
+		return nil
+	}
+
+	return user
+}
+
+// isAutoRegisterAllowed checks if EnableReverseProxyAutoRegister setting is true
+func (r *ReverseProxy) isAutoRegisterAllowed() bool {
+	return setting.Service.EnableReverseProxyAutoRegister
+}
+
+// newUser creates a new user object for the purpose of automatic registration
+// and populates its name and email with the information present in request headers.
+func (r *ReverseProxy) newUser(ctx *macaron.Context) *models.User {
+	username := r.getUserName(ctx)
+	if len(username) == 0 {
+		return nil
+	}
+
+	email := gouuid.NewV4().String() + "@localhost"
+	if setting.Service.EnableReverseProxyEmail {
+		webAuthEmail := ctx.Req.Header.Get(setting.ReverseProxyAuthEmail)
+		if len(webAuthEmail) > 0 {
+			email = webAuthEmail
+		}
+	}
+
+	user := &models.User{
+		Name:     username,
+		Email:    email,
+		Passwd:   username,
+		IsActive: true,
+	}
+	if err := models.CreateUser(user); err != nil {
+		// FIXME: should I create a system notice?
+		log.Error("CreateUser: %v", err)
+		return nil
+	}
+	return user
+}

modules/auth/sso/session.go

@@ -0,0 +1,49 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"code.gitea.io/gitea/models"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+)
+
+// Ensure the struct implements the interface.
+var (
+	_ SingleSignOn = &Session{}
+)
+
+// Session checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+type Session struct {
+}
+
+// Init does nothing as the Session implementation does not need to allocate any resources
+func (s *Session) Init() error {
+	return nil
+}
+
+// Free does nothing as the Session implementation does not have to release any resources
+func (s *Session) Free() error {
+	return nil
+}
+
+// IsEnabled returns true as this plugin is enabled by default and its not possible to disable
+// it from settings.
+func (s *Session) IsEnabled() bool {
+	return true
+}
+
+// VerifyAuthData checks if there is a user uid stored in the session and returns the user
+// object for that uid.
+// Returns nil if there is no user uid stored in the session.
+func (s *Session) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User {
+	user := SessionUser(sess)
+	if user != nil {
+		return user
+	}
+	return nil
+}

modules/auth/sso/sso.go

@@ -0,0 +1,141 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+)
+
+// ssoMethods contains the list of SSO authentication plugins in the order they are expected to be
+// executed.
+//
+// The OAuth2 plugin is expected to be executed first, as it must ignore the user id stored
+// in the session (if there is a user id stored in session other plugins might return the user
+// object for that id).
+//
+// The Session plugin is expected to be executed second, in order to skip authentication
+// for users that have already signed in.
+var ssoMethods = []SingleSignOn{
+	&OAuth2{},
+	&Session{},
+	&ReverseProxy{},
+	&Basic{},
+}
+
+// The purpose of the following three function variables is to let the linter know that
+// those functions are not dead code and are actually being used
+var (
+	_ = handleSignIn
+)
+
+// Methods returns the instances of all registered SSO methods
+func Methods() []SingleSignOn {
+	return ssoMethods
+}
+
+// Register adds the specified instance to the list of available SSO methods
+func Register(method SingleSignOn) {
+	ssoMethods = append(ssoMethods, method)
+}
+
+// Init should be called exactly once when the application starts to allow SSO plugins
+// to allocate necessary resources
+func Init() {
+	for _, method := range Methods() {
+		err := method.Init()
+		if err != nil {
+			log.Error("Could not initialize '%s' SSO method, error: %s", reflect.TypeOf(method).String(), err)
+		}
+	}
+}
+
+// Free should be called exactly once when the application is terminating to allow SSO plugins
+// to release necessary resources
+func Free() {
+	for _, method := range Methods() {
+		err := method.Free()
+		if err != nil {
+			log.Error("Could not free '%s' SSO method, error: %s", reflect.TypeOf(method).String(), err)
+		}
+	}
+}
+
+// SessionUser returns the user object corresponding to the "uid" session variable.
+func SessionUser(sess session.Store) *models.User {
+	// Get user ID
+	uid := sess.Get("uid")
+	if uid == nil {
+		return nil
+	}
+	id, ok := uid.(int64)
+	if !ok {
+		return nil
+	}
+
+	// Get user object
+	user, err := models.GetUserByID(id)
+	if err != nil {
+		if !models.IsErrUserNotExist(err) {
+			log.Error("GetUserById: %v", err)
+		}
+		return nil
+	}
+	return user
+}
+
+// isAPIPath returns true if the specified URL is an API path
+func isAPIPath(ctx *macaron.Context) bool {
+	return strings.HasPrefix(ctx.Req.URL.Path, "/api/")
+}
+
+// isAttachmentDownload check if request is a file download (GET) with URL to an attachment
+func isAttachmentDownload(ctx *macaron.Context) bool {
+	return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET"
+}
+
+// handleSignIn clears existing session variables and stores new ones for the specified user object
+func handleSignIn(ctx *macaron.Context, sess session.Store, user *models.User) {
+	_ = sess.Delete("openid_verified_uri")
+	_ = sess.Delete("openid_signin_remember")
+	_ = sess.Delete("openid_determined_email")
+	_ = sess.Delete("openid_determined_username")
+	_ = sess.Delete("twofaUid")
+	_ = sess.Delete("twofaRemember")
+	_ = sess.Delete("u2fChallenge")
+	_ = sess.Delete("linkAccount")
+	err := sess.Set("uid", user.ID)
+	if err != nil {
+		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	}
+	err = sess.Set("uname", user.Name)
+	if err != nil {
+		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	}
+
+	// Language setting of the user overwrites the one previously set
+	// If the user does not have a locale set, we save the current one.
+	if len(user.Language) == 0 {
+		user.Language = ctx.Locale.Language()
+		if err := models.UpdateUserCols(user, "language"); err != nil {
+			log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", user.ID, user.Language))
+			return
+		}
+	}
+
+	ctx.SetCookie("lang", user.Language, nil, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+
+	// Clear whatever CSRF has right now, force to generate a new one
+	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+}

modules/auth/sso/sspi_windows.go

@@ -0,0 +1,237 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package sso
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
+
+	"github.com/quasoft/websspi"
+	gouuid "github.com/satori/go.uuid"
+)
+
+const (
+	tplSignIn base.TplName = "user/auth/signin"
+)
+
+var (
+	// sspiAuth is a global instance of the websspi authentication package,
+	// which is used to avoid acquiring the server credential handle on
+	// every request
+	sspiAuth *websspi.Authenticator
+
+	// Ensure the struct implements the interface.
+	_ SingleSignOn = &SSPI{}
+)
+
+// SSPI implements the SingleSignOn interface and authenticates requests
+// via the built-in SSPI module in Windows for SPNEGO authentication.
+// On successful authentication returns a valid user object.
+// Returns nil if authentication fails.
+type SSPI struct {
+}
+
+// Init creates a new global websspi.Authenticator object
+func (s *SSPI) Init() error {
+	config := websspi.NewConfig()
+	var err error
+	sspiAuth, err = websspi.New(config)
+	return err
+}
+
+// Free releases resources used by the global websspi.Authenticator object
+func (s *SSPI) Free() error {
+	return sspiAuth.Free()
+}
+
+// IsEnabled checks if there is an active SSPI authentication source
+func (s *SSPI) IsEnabled() bool {
+	return models.IsSSPIEnabled()
+}
+
+// VerifyAuthData uses SSPI (Windows implementation of SPNEGO) to authenticate the request.
+// If authentication is successful, returs the corresponding user object.
+// If negotiation should continue or authentication fails, immediately returns a 401 HTTP
+// response code, as required by the SPNEGO protocol.
+func (s *SSPI) VerifyAuthData(ctx *macaron.Context, sess session.Store) *models.User {
+	if !s.shouldAuthenticate(ctx) {
+		return nil
+	}
+
+	cfg, err := s.getConfig()
+	if err != nil {
+		log.Error("could not get SSPI config: %v", err)
+		return nil
+	}
+
+	userInfo, outToken, err := sspiAuth.Authenticate(ctx.Req.Request, ctx.Resp)
+	if err != nil {
+		log.Warn("Authentication failed with error: %v\n", err)
+		sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken)
+
+		// Include the user login page in the 401 response to allow the user
+		// to login with another authentication method if SSPI authentication
+		// fails
+		addFlashErr(ctx, ctx.Tr("auth.sspi_auth_failed"))
+		ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
+		ctx.Data["EnableSSPI"] = true
+		ctx.HTML(401, string(tplSignIn))
+		return nil
+	}
+	if outToken != "" {
+		sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken)
+	}
+
+	username := sanitizeUsername(userInfo.Username, cfg)
+	if len(username) == 0 {
+		return nil
+	}
+	log.Info("Authenticated as %s\n", username)
+
+	user, err := models.GetUserByName(username)
+	if err != nil {
+		if !models.IsErrUserNotExist(err) {
+			log.Error("GetUserByName: %v", err)
+			return nil
+		}
+		if !cfg.AutoCreateUsers {
+			log.Error("User '%s' not found", username)
+			return nil
+		}
+		user, err = s.newUser(ctx, username, cfg)
+		if err != nil {
+			log.Error("CreateUser: %v", err)
+			return nil
+		}
+	}
+
+	// Make sure requests to API paths and PWA resources do not create a new session
+	if !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
+		handleSignIn(ctx, sess, user)
+	}
+
+	return user
+}
+
+// getConfig retrieves the SSPI configuration from login sources
+func (s *SSPI) getConfig() (*models.SSPIConfig, error) {
+	sources, err := models.ActiveLoginSources(models.LoginSSPI)
+	if err != nil {
+		return nil, err
+	}
+	if len(sources) == 0 {
+		return nil, errors.New("no active login sources of type SSPI found")
+	}
+	if len(sources) > 1 {
+		return nil, errors.New("more than one active login source of type SSPI found")
+	}
+	return sources[0].SSPI(), nil
+}
+
+func (s *SSPI) shouldAuthenticate(ctx *macaron.Context) (shouldAuth bool) {
+	shouldAuth = false
+	path := strings.TrimSuffix(ctx.Req.URL.Path, "/")
+	if path == "/user/login" {
+		if ctx.Req.FormValue("user_name") != "" && ctx.Req.FormValue("password") != "" {
+			shouldAuth = false
+		} else if ctx.Req.FormValue("auth_with_sspi") == "1" {
+			shouldAuth = true
+		}
+	} else if isAPIPath(ctx) || isAttachmentDownload(ctx) {
+		shouldAuth = true
+	}
+	return
+}
+
+// newUser creates a new user object for the purpose of automatic registration
+// and populates its name and email with the information present in request headers.
+func (s *SSPI) newUser(ctx *macaron.Context, username string, cfg *models.SSPIConfig) (*models.User, error) {
+	email := gouuid.NewV4().String() + "@localhost.localdomain"
+	user := &models.User{
+		Name:                         username,
+		Email:                        email,
+		KeepEmailPrivate:             true,
+		Passwd:                       gouuid.NewV4().String(),
+		IsActive:                     cfg.AutoActivateUsers,
+		Language:                     cfg.DefaultLanguage,
+		UseCustomAvatar:              true,
+		Avatar:                       base.DefaultAvatarLink(),
+		EmailNotificationsPreference: models.EmailNotificationsDisabled,
+	}
+	if err := models.CreateUser(user); err != nil {
+		return nil, err
+	}
+	return user, nil
+}
+
+// stripDomainNames removes NETBIOS domain name and separator from down-level logon names
+// (eg. "DOMAIN\user" becomes "user"), and removes the UPN suffix (domain name) and separator
+// from UPNs (eg. "user@domain.local" becomes "user")
+func stripDomainNames(username string) string {
+	if strings.Contains(username, "\\") {
+		parts := strings.SplitN(username, "\\", 2)
+		if len(parts) > 1 {
+			username = parts[1]
+		}
+	} else if strings.Contains(username, "@") {
+		parts := strings.Split(username, "@")
+		if len(parts) > 1 {
+			username = parts[0]
+		}
+	}
+	return username
+}
+
+func replaceSeparators(username string, cfg *models.SSPIConfig) string {
+	newSep := cfg.SeparatorReplacement
+	username = strings.ReplaceAll(username, "\\", newSep)
+	username = strings.ReplaceAll(username, "/", newSep)
+	username = strings.ReplaceAll(username, "@", newSep)
+	return username
+}
+
+func sanitizeUsername(username string, cfg *models.SSPIConfig) string {
+	if len(username) == 0 {
+		return ""
+	}
+	if cfg.StripDomainNames {
+		username = stripDomainNames(username)
+	}
+	// Replace separators even if we have already stripped the domain name part,
+	// as the username can contain several separators: eg. "MICROSOFT\useremail@live.com"
+	username = replaceSeparators(username, cfg)
+	return username
+}
+
+// addFlashErr adds an error message to the Flash object mapped to a macaron.Context
+func addFlashErr(ctx *macaron.Context, err string) {
+	fv := ctx.GetVal(reflect.TypeOf(&session.Flash{}))
+	if !fv.IsValid() {
+		return
+	}
+	flash, ok := fv.Interface().(*session.Flash)
+	if !ok {
+		return
+	}
+	flash.Error(err)
+	ctx.Data["Flash"] = flash
+}
+
+// init registers the SSPI auth method as the last method in the list.
+// The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation
+// fails (or if negotiation should continue), which would prevent other authentication methods
+// to execute at all.
+func init() {
+	Register(&SSPI{})
+}

options/locale/locale_en-US.ini

@@ -270,6 +270,7 @@ authorize_title = Authorize "%s" to access your account?
 authorization_failed = Authorization failed
 authorization_failed_desc = The authorization failed because we detected an invalid request. Please contact the maintainer of the app you've tried to authorize.
 disable_forgot_password_mail = Account recovery is disabled. Please contact your site administrator.
+sspi_auth_failed = SSPI authentication failed
 
 [mail]
 activate_account = Please activate your account
@@ -303,6 +304,9 @@ CommitChoice = Commit choice
 TreeName = File path
 Content = Content
 
+SSPISeparatorReplacement = Separator
+SSPIDefaultLanguage = Default Language
+
 require_error = ` cannot be empty.`
 alpha_dash_error = ` should contain only alphanumeric, dash ('-') and underscore ('_') characters.`
 alpha_dash_dot_error = ` should contain only alphanumeric, dash ('-'), underscore ('_') and dot ('.') characters.`
@@ -317,6 +321,7 @@ glob_pattern_error = ` glob pattern is invalid: %s.`
 unknown_error = Unknown error:
 captcha_incorrect = The CAPTCHA code is incorrect.
 password_not_match = The passwords do not match.
+lang_select_error = Select a language from the list.
 
 username_been_taken = The username is already taken.
 repo_name_been_taken = The repository name is already used.
@@ -1809,6 +1814,16 @@ auths.oauth2_authURL = Authorize URL
 auths.oauth2_profileURL = Profile URL
 auths.oauth2_emailURL = Email URL
 auths.enable_auto_register = Enable Auto Registration
+auths.sspi_auto_create_users = Automatically create users
+auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time
+auths.sspi_auto_activate_users = Automatically activate users
+auths.sspi_auto_activate_users_helper = Allow SSPI auth method to automatically activate new users
+auths.sspi_strip_domain_names = Remove domain names from usernames
+auths.sspi_strip_domain_names_helper = If checked, domain names will be removed from logon names (eg. "DOMAIN\user" and "user@example.org" both will become just "user").
+auths.sspi_separator_replacement = Separator to use instead of \, / and @
+auths.sspi_separator_replacement_helper = The character to use to replace the separators of down-level logon names (eg. the \ in "DOMAIN\user") and user principal names (eg. the @ in "user@example.org").
+auths.sspi_default_language = Default user language
+auths.sspi_default_language_helper = Default language for users automatically created by SSPI auth method. Leave empty if you prefer language to be automatically detected.
 auths.tips = Tips
 auths.tips.oauth2.general = OAuth2 Authentication
 auths.tips.oauth2.general.tip = When registering a new OAuth2 authentication, the callback/redirect URL should be: <host>/user/oauth2/<Authentication Name>/callback
@@ -1834,6 +1849,7 @@ auths.delete_auth_desc = Deleting an authentication source prevents users from u
 auths.still_in_used = The authentication source is still in use. Convert or delete any users using this authentication source first.
 auths.deletion_success = The authentication source has been deleted.
 auths.login_source_exist = The authentication source '%s' already exists.
+auths.login_source_of_type_exist = An authentication source of this type already exists.
 
 config.server_config = Server Configuration
 config.app_name = Site Title

routers/admin/auths.go

@@ -5,7 +5,9 @@
 package admin
 
 import (
+	"errors"
 	"fmt"
+	"regexp"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
@@ -15,6 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 
 	"github.com/unknwon/com"
 	"xorm.io/core"
@@ -26,6 +29,11 @@ const (
 	tplAuthEdit base.TplName = "admin/auth/edit"
 )
 
+var (
+	separatorAntiPattern = regexp.MustCompile(`[^\w-\.]`)
+	langCodePattern      = regexp.MustCompile(`^[a-z]{2}-[A-Z]{2}$`)
+)
+
 // Authentications show authentication config page
 func Authentications(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.authentication")
@@ -55,6 +63,7 @@ var (
 		{models.LoginNames[models.LoginSMTP], models.LoginSMTP},
 		{models.LoginNames[models.LoginPAM], models.LoginPAM},
 		{models.LoginNames[models.LoginOAuth2], models.LoginOAuth2},
+		{models.LoginNames[models.LoginSSPI], models.LoginSSPI},
 	}
 	securityProtocols = []dropdownItem{
 		{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
@@ -81,6 +90,12 @@ func NewAuthSource(ctx *context.Context) {
 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers
 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
 
+	ctx.Data["SSPIAutoCreateUsers"] = true
+	ctx.Data["SSPIAutoActivateUsers"] = true
+	ctx.Data["SSPIStripDomainNames"] = true
+	ctx.Data["SSPISeparatorReplacement"] = "_"
+	ctx.Data["SSPIDefaultLanguage"] = ""
+
 	// only the first as default
 	for key := range models.OAuth2Providers {
 		ctx.Data["oauth2_provider"] = key
@@ -152,6 +167,30 @@ func parseOAuth2Config(form auth.AuthenticationForm) *models.OAuth2Config {
 	}
 }
 
+func parseSSPIConfig(ctx *context.Context, form auth.AuthenticationForm) (*models.SSPIConfig, error) {
+	if util.IsEmptyString(form.SSPISeparatorReplacement) {
+		ctx.Data["Err_SSPISeparatorReplacement"] = true
+		return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.require_error"))
+	}
+	if separatorAntiPattern.MatchString(form.SSPISeparatorReplacement) {
+		ctx.Data["Err_SSPISeparatorReplacement"] = true
+		return nil, errors.New(ctx.Tr("form.SSPISeparatorReplacement") + ctx.Tr("form.alpha_dash_dot_error"))
+	}
+
+	if form.SSPIDefaultLanguage != "" && !langCodePattern.MatchString(form.SSPIDefaultLanguage) {
+		ctx.Data["Err_SSPIDefaultLanguage"] = true
+		return nil, errors.New(ctx.Tr("form.lang_select_error"))
+	}
+
+	return &models.SSPIConfig{
+		AutoCreateUsers:      form.SSPIAutoCreateUsers,
+		AutoActivateUsers:    form.SSPIAutoActivateUsers,
+		StripDomainNames:     form.SSPIStripDomainNames,
+		SeparatorReplacement: form.SSPISeparatorReplacement,
+		DefaultLanguage:      form.SSPIDefaultLanguage,
+	}, nil
+}
+
 // NewAuthSourcePost response for adding an auth source
 func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 	ctx.Data["Title"] = ctx.Tr("admin.auths.new")
@@ -166,6 +205,12 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 	ctx.Data["OAuth2Providers"] = models.OAuth2Providers
 	ctx.Data["OAuth2DefaultCustomURLMappings"] = models.OAuth2DefaultCustomURLMappings
 
+	ctx.Data["SSPIAutoCreateUsers"] = true
+	ctx.Data["SSPIAutoActivateUsers"] = true
+	ctx.Data["SSPIStripDomainNames"] = true
+	ctx.Data["SSPISeparatorReplacement"] = "_"
+	ctx.Data["SSPIDefaultLanguage"] = ""
+
 	hasTLS := false
 	var config core.Conversion
 	switch models.LoginType(form.Type) {
@@ -181,6 +226,19 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 		}
 	case models.LoginOAuth2:
 		config = parseOAuth2Config(form)
+	case models.LoginSSPI:
+		var err error
+		config, err = parseSSPIConfig(ctx, form)
+		if err != nil {
+			ctx.RenderWithErr(err.Error(), tplAuthNew, form)
+			return
+		}
+		existing, err := models.LoginSourcesByType(models.LoginSSPI)
+		if err != nil || len(existing) > 0 {
+			ctx.Data["Err_Type"] = true
+			ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_of_type_exist"), tplAuthNew, form)
+			return
+		}
 	default:
 		ctx.Error(400)
 		return
@@ -274,6 +332,12 @@ func EditAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 		}
 	case models.LoginOAuth2:
 		config = parseOAuth2Config(form)
+	case models.LoginSSPI:
+		config, err = parseSSPIConfig(ctx, form)
+		if err != nil {
+			ctx.RenderWithErr(err.Error(), tplAuthEdit, form)
+			return
+		}
 	default:
 		ctx.Error(400)
 		return

routers/init.go

@@ -10,6 +10,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
+	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/cron"
 	"code.gitea.io/gitea/modules/git"
@@ -124,4 +125,8 @@ func GlobalInit() {
 			ssh.Unused()
 		}
 	}
+
+	if setting.InstallLock {
+		sso.Init()
+	}
 }

routers/repo/http.go

@@ -19,7 +19,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
@@ -169,7 +169,7 @@ func HTTP(ctx *context.Context) {
 				// Assume password is token
 				authToken = authPasswd
 			}
-			uid := auth.CheckOAuthAccessToken(authToken)
+			uid := sso.CheckOAuthAccessToken(authToken)
 			if uid != 0 {
 				ctx.Data["IsApiToken"] = true
 

routers/user/auth.go

@@ -137,6 +137,7 @@ func SignIn(ctx *context.Context) {
 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsLogin"] = true
+	ctx.Data["EnableSSPI"] = models.IsSSPIEnabled()
 
 	ctx.HTML(200, tplSignIn)
 }
@@ -156,6 +157,7 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login"
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsLogin"] = true
+	ctx.Data["EnableSSPI"] = models.IsSSPIEnabled()
 
 	if ctx.HasError() {
 		ctx.HTML(200, tplSignIn)

templates/admin/auth/edit.tmpl

@@ -213,6 +213,52 @@
 					{{end}}{{end}}
 				{{end}}
 
+				<!-- SSPI -->
+				{{if .Source.IsSSPI}}
+					{{ $cfg:=.Source.SSPI }}
+					<div class="field">
+						<div class="ui checkbox">
+							<label for="sspi_auto_create_users"><strong>{{.i18n.Tr "admin.auths.sspi_auto_create_users"}}</strong></label>
+							<input id="sspi_auto_create_users" name="sspi_auto_create_users" class="sspi-auto-create-users" type="checkbox" {{if $cfg.AutoCreateUsers}}checked{{end}}>
+							<p class="help">{{.i18n.Tr "admin.auths.sspi_auto_create_users_helper"}}</p>
+						</div>
+					</div>
+					<div class="field">
+						<div class="ui checkbox">
+							<label for="sspi_auto_activate_users"><strong>{{.i18n.Tr "admin.auths.sspi_auto_activate_users"}}</strong></label>
+							<input id="sspi_auto_activate_users" name="sspi_auto_activate_users" class="sspi-auto-activate-users" type="checkbox" {{if $cfg.AutoActivateUsers}}checked{{end}}>
+							<p class="help">{{.i18n.Tr "admin.auths.sspi_auto_activate_users_helper"}}</p>
+						</div>
+					</div>
+					<div class="field">
+						<div class="ui checkbox">
+							<label for="sspi_strip_domain_names"><strong>{{.i18n.Tr "admin.auths.sspi_strip_domain_names"}}</strong></label>
+							<input id="sspi_strip_domain_names" name="sspi_strip_domain_names" class="sspi-strip-domain-names" type="checkbox" {{if $cfg.StripDomainNames}}checked{{end}}>
+							<p class="help">{{.i18n.Tr "admin.auths.sspi_strip_domain_names_helper"}}</p>
+						</div>
+					</div>
+					<div class="required field">
+						<label for="sspi_separator_replacement">{{.i18n.Tr "admin.auths.sspi_separator_replacement"}}</label>
+						<input id="sspi_separator_replacement" name="sspi_separator_replacement" value="{{$cfg.SeparatorReplacement}}" required>
+						<p class="help">{{.i18n.Tr "admin.auths.sspi_separator_replacement_helper"}}</p>
+					</div>
+					<div class="field">
+						<label for="sspi_default_language">{{.i18n.Tr "admin.auths.sspi_default_language"}}</label>
+						<div class="ui language selection dropdown" id="sspi_default_language">
+							<input name="sspi_default_language" type="hidden" value="{{$cfg.DefaultLanguage}}">
+							<i class="dropdown icon"></i>
+							<div class="text">{{range .AllLangs}}{{if eq $cfg.DefaultLanguage .Lang}}{{.Name}}{{end}}{{end}}</div>
+							<div class="menu">
+								<div class="item{{if not $.SSPIDefaultLanguage}} active selected{{end}}" data-value="">-</div>
+							{{range .AllLangs}}
+								<div class="item{{if eq $cfg.DefaultLanguage .Lang}} active selected{{end}}" data-value="{{.Lang}}">{{.Name}}</div>
+							{{end}}
+							</div>
+						</div>
+						<p class="help">{{.i18n.Tr "admin.auths.sspi_default_language_helper"}}</p>
+					</div>
+				{{end}}
+
 				<div class="inline field {{if not .Source.IsSMTP}}hide{{end}}">
 					<div class="ui checkbox">
 						<label><strong>{{.i18n.Tr "admin.auths.enable_tls"}}</strong></label>

templates/admin/auth/new.tmpl

@@ -43,6 +43,9 @@
 				<!-- OAuth2 -->
 				{{ template "admin/auth/source/oauth" . }}
 
+				<!-- SSPI -->
+				{{ template "admin/auth/source/sspi" . }}
+
 				<div class="ldap field">
 					<div class="ui checkbox">
 						<label><strong>{{.i18n.Tr "admin.auths.attributes_in_bind"}}</strong></label>

templates/admin/auth/source/sspi.tmpl

@@ -0,0 +1,43 @@
+<div class="sspi field {{if not (eq .type 7)}}hide{{end}}">
+	<div class="field">
+		<div class="ui checkbox">
+			<label for="sspi_auto_create_users"><strong>{{.i18n.Tr "admin.auths.sspi_auto_create_users"}}</strong></label>
+			<input id="sspi_auto_create_users" name="sspi_auto_create_users" class="sspi-auto-create-users" type="checkbox" {{if .SSPIAutoCreateUsers}}checked{{end}}>
+			<p class="help">{{.i18n.Tr "admin.auths.sspi_auto_create_users_helper"}}</p>
+		</div>
+	</div>
+	<div class="field">
+		<div class="ui checkbox">
+			<label for="sspi_auto_activate_users"><strong>{{.i18n.Tr "admin.auths.sspi_auto_activate_users"}}</strong></label>
+			<input id="sspi_auto_activate_users" name="sspi_auto_activate_users" class="sspi-auto-activate-users" type="checkbox" {{if .SSPIAutoActivateUsers}}checked{{end}}>
+			<p class="help">{{.i18n.Tr "admin.auths.sspi_auto_activate_users_helper"}}</p>
+		</div>
+	</div>
+	<div class="field">
+		<div class="ui checkbox">
+			<label for="sspi_strip_domain_names"><strong>{{.i18n.Tr "admin.auths.sspi_strip_domain_names"}}</strong></label>
+			<input id="sspi_strip_domain_names" name="sspi_strip_domain_names" class="sspi-strip-domain-names" type="checkbox" {{if .SSPIStripDomainNames}}checked{{end}}>
+			<p class="help">{{.i18n.Tr "admin.auths.sspi_strip_domain_names_helper"}}</p>
+		</div>
+	</div>
+	<div class="required field">
+		<label for="sspi_separator_replacement">{{.i18n.Tr "admin.auths.sspi_separator_replacement"}}</label>
+		<input id="sspi_separator_replacement" name="sspi_separator_replacement" value="{{.SSPISeparatorReplacement}}">
+		<p class="help">{{.i18n.Tr "admin.auths.sspi_separator_replacement_helper"}}</p>
+	</div>
+	<div class="field">
+		<label for="sspi_default_language">{{.i18n.Tr "admin.auths.sspi_default_language"}}</label>
+		<div class="ui language selection dropdown" id="sspi_default_language">
+			<input name="sspi_default_language" type="hidden" value="{{.SSPIDefaultLanguage}}">
+			<i class="dropdown icon"></i>
+			<div class="text">{{range .AllLangs}}{{if eq $.SSPIDefaultLanguage .Lang}}{{.Name}}{{end}}{{end}}</div>
+			<div class="menu">
+				<div class="item{{if not $.SSPIDefaultLanguage}} active selected{{end}}" data-value="">-</div>
+			{{range .AllLangs}}
+				<div class="item{{if eq $.SSPIDefaultLanguage .Lang}} active selected{{end}}" data-value="{{.Lang}}">{{.Name}}</div>
+			{{end}}
+			</div>
+		</div>
+		<p class="help">{{.i18n.Tr "admin.auths.sspi_default_language_helper"}}</p>
+	</div>
+</div>

templates/user/auth/signin_navbar.tmpl

@@ -1,11 +1,19 @@
-{{if .EnableOpenIDSignIn}}
+{{if or .EnableOpenIDSignIn .EnableSSPI}}
 <div class="ui secondary pointing tabular top attached borderless menu new-menu navbar">
 	<a class="{{if .PageIsLogin}}active{{end}} item" rel="nofollow" href="{{AppSubUrl}}/user/login">
 		{{.i18n.Tr "auth.login_userpass"}}
 	</a>
+	{{if .EnableOpenIDSignIn}}
 	<a class="{{if .PageIsLoginOpenID}}active{{end}} item" rel="nofollow" href="{{AppSubUrl}}/user/login/openid">
 		<i class="fa fa-openid"></i>
 		&nbsp;OpenID
 	</a>
+	{{end}}
+	{{if .EnableSSPI}}
+	<a class="item" rel="nofollow" href="{{AppSubUrl}}/user/login?auth_with_sspi=1">
+		<i class="fa fa-windows"></i>
+		&nbsp;SSPI
+	</a>
+	{{end}}
 </div>
 {{end}}

vendor/github.com/quasoft/websspi/.gitignore

@@ -0,0 +1,12 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

vendor/github.com/quasoft/websspi/.travis.yml

@@ -0,0 +1,13 @@
+jobs:
+  include:
+    - os: windows
+      script: $GOPATH/bin/goveralls -service=travis-ci
+      language: go
+      sudo: false
+      go: 1.13.x
+      before_install: go get github.com/mattn/goveralls
+    - os: linux
+      script: go build
+      language: go
+      sudo: false
+      go: 1.13.x

vendor/github.com/quasoft/websspi/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 QuaSoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/quasoft/websspi/README.md

@@ -0,0 +1,41 @@
+# websspi
+
+[![GoDoc](https://godoc.org/github.com/quasoft/websspi?status.svg)](https://godoc.org/github.com/quasoft/websspi) [![Build Status](https://travis-ci.org/quasoft/websspi.png?branch=master)](https://travis-ci.org/quasoft/websspi) [![Coverage Status](https://coveralls.io/repos/github/quasoft/websspi/badge.svg?branch=master)](https://coveralls.io/github/quasoft/websspi?branch=master) [![Go Report Card](https://goreportcard.com/badge/github.com/quasoft/websspi)](https://goreportcard.com/report/github.com/quasoft/websspi)
+
+`websspi` will be an HTTP middleware for Golang that uses Kerberos for single sign-on (SSO) authentication of browser based clients in a Windows environment.
+
+The main goal is to create a middleware that performs authentication of HTTP requests without the need to create or use keytab files.
+
+The middleware will implement the scheme defined by RFC4559 (SPNEGO-based HTTP Authentication in Microsoft Windows) to exchange security tokens via HTTP headers and will use SSPI (Security Support Provider Interface) to authenticate HTTP requests.
+
+## How to use
+
+The examples directory contains a simple web server that demonstrates how to use the package.
+Before trying it, you need to prepare your environment:
+
+1. Create a separate user account in active directory, under which the web server process will be running (eg. `user` under the `domain.local` domain)
+
+2. Create a service principal name for the host with class HTTP:
+   - Start Command prompt or PowerShell as domain administrator
+   - Run the command below, replacing `host.domain.local` with the fully qualified domain name of the server where the web application will be running, and `domain\user` with the name of the account created in step 1.:
+
+         setspn -A HTTP/host.domain.local domain\user
+
+3. Start the web server app under the account created in step 1.
+
+4. If you are using Chrome, Edge or Internet Explorer, add the URL of the web app to the Local intranet sites (`Internet Options -> Security -> Local intranet -> Sites`)
+
+5. Start Chrome, Edge or Internet Explorer and navigate to the URL of the web app (eg. `http://host.domain.local:9000`)
+
+6. The web app should greet you with the name of your AD account without asking you to login. In case it doesn't, make sure that:
+
+   - You are not running the web browser on the same server where the web app is running. You should be running the web browser on a domain joined computer (client) that is different from the server
+   - There is only one HTTP/... SPN for the host
+   - The SPN contains only the hostname, without the port
+   - You have added the URL of the web app to the `Local intranet` zone
+   - The clocks of the server and client should not differ with more than 5 minutes
+   - `Integrated Windows Authentication` should be enabled in Internet Explorer (under `Advanced settings`)
+
+## Security requirements
+
+- SPNEGO HTTP provides no facilities for protecting the HTTP headers or data including the Authorization and WWW-Authenticate headers, which means that the HTTP server **MUST** enforce use of SSL to provide confidentiality to data in these headers!

vendor/github.com/quasoft/websspi/go.mod

@@ -0,0 +1,9 @@
+module github.com/quasoft/websspi
+
+go 1.13
+
+require (
+	github.com/gorilla/securecookie v1.1.1
+	github.com/gorilla/sessions v1.2.0
+	golang.org/x/sys v0.0.0-20191010194322-b09406accb47
+)

vendor/github.com/quasoft/websspi/go.sum

@@ -0,0 +1,6 @@
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ=
+github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47 h1:/XfQ9z7ib8eEJX2hdgFTZJ/ntt0swNk5oYBziWeTCvY=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

vendor/github.com/quasoft/websspi/secctx/session.go

@@ -0,0 +1,36 @@
+package secctx
+
+import (
+	"net/http"
+
+	"github.com/gorilla/securecookie"
+	"github.com/gorilla/sessions"
+)
+
+// CookieStore can store and retrieve SSPI context handles to/from an encrypted Cookie.
+type CookieStore struct {
+	store *sessions.CookieStore
+}
+
+// NewCookieStore creates a new CookieStore for storing and retrieving of SSPI context handles
+// to/from encrypted Cookies
+func NewCookieStore() *CookieStore {
+	s := &CookieStore{}
+	s.store = sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(32)))
+	return s
+}
+
+// GetHandle retrieves a *websspi.CtxtHandle value from the store
+func (s *CookieStore) GetHandle(r *http.Request) (interface{}, error) {
+	session, _ := s.store.Get(r, "websspi")
+	contextHandle := session.Values["contextHandle"]
+	return contextHandle, nil
+}
+
+// SetHandle saves a *websspi.CtxtHandle value to the store
+func (s *CookieStore) SetHandle(r *http.Request, w http.ResponseWriter, contextHandle interface{}) error {
+	session, _ := s.store.Get(r, "websspi")
+	session.Values["contextHandle"] = contextHandle
+	err := session.Save(r, w)
+	return err
+}

vendor/github.com/quasoft/websspi/secctx/store.go

@@ -0,0 +1,13 @@
+package secctx
+
+import "net/http"
+
+// Store is an interface for storage of SSPI context handles.
+// SSPI context handles are Windows API handles and have nothing to do
+// with the "context" package in Go.
+type Store interface {
+	// GetHandle retrieves a *websspi.CtxtHandle value from the store
+	GetHandle(r *http.Request) (interface{}, error)
+	// SetHandle saves a *websspi.CtxtHandle value to the store
+	SetHandle(r *http.Request, w http.ResponseWriter, contextHandle interface{}) error
+}

vendor/github.com/quasoft/websspi/userinfo.go

@@ -0,0 +1,7 @@
+package websspi
+
+// UserInfo represents an authenticated user.
+type UserInfo struct {
+	Username string   // Name of user, usually in the form DOMAIN\User
+	Groups   []string // The global groups the user is a member of
+}

vendor/github.com/quasoft/websspi/utf16.go

@@ -0,0 +1,22 @@
+package websspi
+
+import (
+	"unicode/utf16"
+	"unsafe"
+)
+
+// UTF16PtrToString converts a pointer to a UTF16 string to a string
+func UTF16PtrToString(ptr *uint16, maxLen int) (s string) {
+	if ptr == nil {
+		return ""
+	}
+	buf := make([]uint16, 0, maxLen)
+	for i, p := 0, uintptr(unsafe.Pointer(ptr)); i < maxLen; i, p = i+1, p+2 {
+		char := *(*uint16)(unsafe.Pointer(p))
+		if char == 0 {
+			return string(utf16.Decode(buf))
+		}
+		buf = append(buf, char)
+	}
+	return ""
+}

vendor/github.com/quasoft/websspi/websspi_windows.go

@@ -0,0 +1,615 @@
+package websspi
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/gob"
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"sync"
+	"syscall"
+	"time"
+	"unsafe"
+
+	"github.com/quasoft/websspi/secctx"
+)
+
+// The Config object determines the behaviour of the Authenticator.
+type Config struct {
+	contextStore    secctx.Store
+	authAPI         API
+	KrbPrincipal    string // Name of Kerberos principle used by the service (optional).
+	AuthUserKey     string // Key of header to fill with authenticated username, eg. "X-Authenticated-User" or "REMOTE_USER" (optional).
+	EnumerateGroups bool   // If true, groups the user is a member of are enumerated and stored in request context (default false)
+	ServerName      string // Specifies the DNS or NetBIOS name of the remote server which to query about user groups. Ignored if EnumerateGroups is false.
+}
+
+// NewConfig creates a configuration object with default values.
+func NewConfig() *Config {
+	return &Config{
+		contextStore: secctx.NewCookieStore(),
+		authAPI:      &Win32{},
+	}
+}
+
+// Validate makes basic validation of configuration to make sure that important and required fields
+// have been set with values in expected format.
+func (c *Config) Validate() error {
+	if c.contextStore == nil {
+		return errors.New("Store for context handles not specified in Config")
+	}
+	if c.authAPI == nil {
+		return errors.New("Authentication API not specified in Config")
+	}
+	return nil
+}
+
+// contextKey represents a custom key for values stored in context.Context
+type contextKey string
+
+func (c contextKey) String() string {
+	return "websspi-key-" + string(c)
+}
+
+var (
+	UserInfoKey = contextKey("UserInfo")
+)
+
+// The Authenticator type provides middleware methods for authentication of http requests.
+// A single authenticator object can be shared by concurrent goroutines.
+type Authenticator struct {
+	Config     Config
+	serverCred *CredHandle
+	credExpiry *time.Time
+	ctxList    []CtxtHandle
+	ctxListMux *sync.Mutex
+}
+
+// New creates a new Authenticator object with the given configuration options.
+func New(config *Config) (*Authenticator, error) {
+	err := config.Validate()
+	if err != nil {
+		return nil, fmt.Errorf("invalid config: %v", err)
+	}
+
+	var auth = &Authenticator{
+		Config:     *config,
+		ctxListMux: &sync.Mutex{},
+	}
+
+	err = auth.PrepareCredentials(config.KrbPrincipal)
+	if err != nil {
+		return nil, fmt.Errorf("could not acquire credentials handle for the service: %v", err)
+	}
+	log.Printf("Credential handle expiry: %v\n", *auth.credExpiry)
+
+	return auth, nil
+}
+
+// PrepareCredentials method acquires a credentials handle for the specified principal
+// for use during the live of the application.
+// On success stores the handle in the serverCred field and its expiry time in the
+// credExpiry field.
+// This method must be called once - when the application is starting or when the first
+// request from a client is received.
+func (a *Authenticator) PrepareCredentials(principal string) error {
+	var principalPtr *uint16
+	if principal != "" {
+		var err error
+		principalPtr, err = syscall.UTF16PtrFromString(principal)
+		if err != nil {
+			return err
+		}
+	}
+	credentialUsePtr, err := syscall.UTF16PtrFromString(NEGOSSP_NAME)
+	if err != nil {
+		return err
+	}
+	var handle CredHandle
+	var expiry syscall.Filetime
+	status := a.Config.authAPI.AcquireCredentialsHandle(
+		principalPtr,
+		credentialUsePtr,
+		SECPKG_CRED_INBOUND,
+		nil, // logonId
+		nil, // authData
+		0,   // getKeyFn
+		0,   // getKeyArgument
+		&handle,
+		&expiry,
+	)
+	if status != SEC_E_OK {
+		return fmt.Errorf("call to AcquireCredentialsHandle failed with code 0x%x", status)
+	}
+	expiryTime := time.Unix(0, expiry.Nanoseconds())
+	a.credExpiry = &expiryTime
+	a.serverCred = &handle
+	return nil
+}
+
+// Free method should be called before shutting down the server to let
+// it release allocated Win32 resources
+func (a *Authenticator) Free() error {
+	var status SECURITY_STATUS
+	a.ctxListMux.Lock()
+	for _, ctx := range a.ctxList {
+		// TODO: Also check for stale security contexts and delete them periodically
+		status = a.Config.authAPI.DeleteSecurityContext(&ctx)
+		if status != SEC_E_OK {
+			return fmt.Errorf("call to DeleteSecurityContext failed with code 0x%x", status)
+		}
+	}
+	a.ctxList = nil
+	a.ctxListMux.Unlock()
+	if a.serverCred != nil {
+		status = a.Config.authAPI.FreeCredentialsHandle(a.serverCred)
+		if status != SEC_E_OK {
+			return fmt.Errorf("call to FreeCredentialsHandle failed with code 0x%x", status)
+		}
+		a.serverCred = nil
+	}
+	return nil
+}
+
+// StoreCtxHandle stores the specified context to the internal list (ctxList)
+func (a *Authenticator) StoreCtxHandle(handle *CtxtHandle) {
+	if handle == nil || *handle == (CtxtHandle{}) {
+		// Should not add nil or empty handle
+		return
+	}
+	a.ctxListMux.Lock()
+	defer a.ctxListMux.Unlock()
+	a.ctxList = append(a.ctxList, *handle)
+}
+
+// ReleaseCtxHandle deletes a context handle and removes it from the internal list (ctxList)
+func (a *Authenticator) ReleaseCtxHandle(handle *CtxtHandle) error {
+	if handle == nil || *handle == (CtxtHandle{}) {
+		// Removing a nil or empty handle is not an error condition
+		return nil
+	}
+	a.ctxListMux.Lock()
+	defer a.ctxListMux.Unlock()
+
+	// First, try to delete the handle
+	status := a.Config.authAPI.DeleteSecurityContext(handle)
+	if status != SEC_E_OK {
+		return fmt.Errorf("call to DeleteSecurityContext failed with code 0x%x", status)
+	}
+
+	// Then remove it from the internal list
+	foundAt := -1
+	for i, ctx := range a.ctxList {
+		if ctx == *handle {
+			foundAt = i
+			break
+		}
+	}
+	if foundAt > -1 {
+		a.ctxList[foundAt] = a.ctxList[len(a.ctxList)-1]
+		a.ctxList = a.ctxList[:len(a.ctxList)-1]
+	}
+	return nil
+}
+
+// AcceptOrContinue tries to validate the auth-data token by calling the AcceptSecurityContext
+// function and returns and error if validation failed or continuation of the negotiation is needed.
+// No error is returned if the token was validated (user was authenticated).
+func (a *Authenticator) AcceptOrContinue(context *CtxtHandle, authData []byte) (newCtx *CtxtHandle, out []byte, exp *time.Time, err error) {
+	if authData == nil {
+		err = errors.New("input token cannot be nil")
+		return
+	}
+
+	var inputDesc SecBufferDesc
+	var inputBuf SecBuffer
+	inputDesc.BuffersCount = 1
+	inputDesc.Version = SECBUFFER_VERSION
+	inputDesc.Buffers = &inputBuf
+	inputBuf.BufferSize = uint32(len(authData))
+	inputBuf.BufferType = SECBUFFER_TOKEN
+	inputBuf.Buffer = &authData[0]
+
+	var outputDesc SecBufferDesc
+	var outputBuf SecBuffer
+	outputDesc.BuffersCount = 1
+	outputDesc.Version = SECBUFFER_VERSION
+	outputDesc.Buffers = &outputBuf
+	outputBuf.BufferSize = 0
+	outputBuf.BufferType = SECBUFFER_TOKEN
+	outputBuf.Buffer = nil
+
+	var expiry syscall.Filetime
+	var contextAttr uint32
+	var newContextHandle CtxtHandle
+
+	var status = a.Config.authAPI.AcceptSecurityContext(
+		a.serverCred,
+		context,
+		&inputDesc,
+		ASC_REQ_ALLOCATE_MEMORY|ASC_REQ_MUTUAL_AUTH|ASC_REQ_CONFIDENTIALITY|
+			ASC_REQ_INTEGRITY|ASC_REQ_REPLAY_DETECT|ASC_REQ_SEQUENCE_DETECT, // contextReq uint32,
+		SECURITY_NATIVE_DREP, // targDataRep uint32,
+		&newContextHandle,
+		&outputDesc,  // *SecBufferDesc
+		&contextAttr, // contextAttr *uint32,
+		&expiry,      // *syscall.Filetime
+	)
+	if newContextHandle.Lower != 0 || newContextHandle.Upper != 0 {
+		newCtx = &newContextHandle
+	}
+	tm := time.Unix(0, expiry.Nanoseconds())
+	exp = &tm
+	if status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED {
+		// Copy outputBuf.Buffer to out and free the outputBuf.Buffer
+		out = make([]byte, outputBuf.BufferSize)
+		var bufPtr = uintptr(unsafe.Pointer(outputBuf.Buffer))
+		for i := 0; i < len(out); i++ {
+			out[i] = *(*byte)(unsafe.Pointer(bufPtr))
+			bufPtr++
+		}
+	}
+	if outputBuf.Buffer != nil {
+		freeStatus := a.Config.authAPI.FreeContextBuffer(outputBuf.Buffer)
+		if freeStatus != SEC_E_OK {
+			status = freeStatus
+			err = fmt.Errorf("could not free output buffer; FreeContextBuffer() failed with code: 0x%x", freeStatus)
+			return
+		}
+	}
+	if status == SEC_I_CONTINUE_NEEDED {
+		err = errors.New("Negotiation should continue")
+		return
+	} else if status != SEC_E_OK {
+		err = fmt.Errorf("call to AcceptSecurityContext failed with code 0x%x", status)
+		return
+	}
+	// TODO: Check contextAttr?
+	return
+}
+
+// GetCtxHandle retrieves the context handle for this client from request's cookies
+func (a *Authenticator) GetCtxHandle(r *http.Request) (*CtxtHandle, error) {
+	sessionHandle, err := a.Config.contextStore.GetHandle(r)
+	if err != nil {
+		return nil, fmt.Errorf("could not get context handle from session: %s", err)
+	}
+	if contextHandle, ok := sessionHandle.(*CtxtHandle); ok {
+		log.Printf("CtxHandle: 0x%x\n", *contextHandle)
+		if contextHandle.Lower == 0 && contextHandle.Upper == 0 {
+			return nil, nil
+		}
+		return contextHandle, nil
+	}
+	log.Printf("CtxHandle: nil\n")
+	return nil, nil
+}
+
+// SetCtxHandle stores the context handle for this client to cookie of response
+func (a *Authenticator) SetCtxHandle(r *http.Request, w http.ResponseWriter, newContext *CtxtHandle) error {
+	// Store can't store nil value, so if newContext is nil, store an empty CtxHandle
+	ctx := &CtxtHandle{}
+	if newContext != nil {
+		ctx = newContext
+	}
+	err := a.Config.contextStore.SetHandle(r, w, ctx)
+	if err != nil {
+		return fmt.Errorf("could not save context to cookie: %s", err)
+	}
+	log.Printf("New context: 0x%x\n", *ctx)
+	return nil
+}
+
+// GetFlags returns the negotiated context flags
+func (a *Authenticator) GetFlags(context *CtxtHandle) (uint32, error) {
+	var flags SecPkgContext_Flags
+	status := a.Config.authAPI.QueryContextAttributes(context, SECPKG_ATTR_FLAGS, (*byte)(unsafe.Pointer(&flags)))
+	if status != SEC_E_OK {
+		return 0, fmt.Errorf("QueryContextAttributes failed with status 0x%x", status)
+	}
+	return flags.Flags, nil
+}
+
+// GetUsername returns the name of the user associated with the specified security context
+func (a *Authenticator) GetUsername(context *CtxtHandle) (username string, err error) {
+	var names SecPkgContext_Names
+	status := a.Config.authAPI.QueryContextAttributes(context, SECPKG_ATTR_NAMES, (*byte)(unsafe.Pointer(&names)))
+	if status != SEC_E_OK {
+		err = fmt.Errorf("QueryContextAttributes failed with status 0x%x", status)
+		return
+	}
+	if names.UserName != nil {
+		username = UTF16PtrToString(names.UserName, 2048)
+		status = a.Config.authAPI.FreeContextBuffer((*byte)(unsafe.Pointer(names.UserName)))
+		if status != SEC_E_OK {
+			err = fmt.Errorf("FreeContextBuffer failed with status 0x%x", status)
+		}
+		return
+	}
+	err = errors.New("QueryContextAttributes returned empty name")
+	return
+}
+
+// GetUserGroups returns the groups the user is a member of
+func (a *Authenticator) GetUserGroups(userName string) (groups []string, err error) {
+	var serverNamePtr *uint16
+	if a.Config.ServerName != "" {
+		serverNamePtr, err = syscall.UTF16PtrFromString(a.Config.ServerName)
+		if err != nil {
+			return
+		}
+	}
+
+	userNamePtr, err := syscall.UTF16PtrFromString(userName)
+	if err != nil {
+		return
+	}
+	var buf *byte
+	var entriesRead uint32
+	var totalEntries uint32
+	err = a.Config.authAPI.NetUserGetGroups(
+		serverNamePtr,
+		userNamePtr,
+		0,
+		&buf,
+		MAX_PREFERRED_LENGTH,
+		&entriesRead,
+		&totalEntries,
+	)
+	if buf == nil {
+		err = fmt.Errorf("NetUserGetGroups(): returned nil buffer, error: %s", err)
+		return
+	}
+	defer func() {
+		freeErr := a.Config.authAPI.NetApiBufferFree(buf)
+		if freeErr != nil {
+			err = freeErr
+		}
+	}()
+	if err != nil {
+		return
+	}
+	if entriesRead < totalEntries {
+		err = fmt.Errorf("NetUserGetGroups(): could not read all entries, read only %d entries of %d", entriesRead, totalEntries)
+		return
+	}
+
+	ptr := uintptr(unsafe.Pointer(buf))
+	for i := uint32(0); i < entriesRead; i++ {
+		groupInfo := (*GroupUsersInfo0)(unsafe.Pointer(ptr))
+		groupName := UTF16PtrToString(groupInfo.Grui0_name, MAX_GROUP_NAME_LENGTH)
+		if groupName != "" {
+			groups = append(groups, groupName)
+		}
+		ptr += unsafe.Sizeof(GroupUsersInfo0{})
+	}
+	return
+}
+
+// GetUserInfo returns a structure containing the name of the user associated with the
+// specified security context and the groups to which they are a member of (if Config.EnumerateGroups)
+// is enabled
+func (a *Authenticator) GetUserInfo(context *CtxtHandle) (*UserInfo, error) {
+	// Get username
+	username, err := a.GetUsername(context)
+	if err != nil {
+		return nil, err
+	}
+	info := UserInfo{
+		Username: username,
+	}
+
+	// Get groups
+	if a.Config.EnumerateGroups {
+		info.Groups, err = a.GetUserGroups(username)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &info, nil
+}
+
+// GetAuthData parses the "Authorization" header received from the client,
+// extracts the auth-data token (input token) and decodes it to []byte
+func (a *Authenticator) GetAuthData(r *http.Request, w http.ResponseWriter) (authData []byte, err error) {
+	// 1. Check if Authorization header is present
+	headers := r.Header["Authorization"]
+	if len(headers) == 0 {
+		err = errors.New("the Authorization header is not provided")
+		return
+	}
+	if len(headers) > 1 {
+		err = errors.New("received multiple Authorization headers, but expected only one")
+		return
+	}
+
+	authzHeader := strings.TrimSpace(headers[0])
+	if authzHeader == "" {
+		err = errors.New("the Authorization header is empty")
+		return
+	}
+	// 1.1. Make sure header starts with "Negotiate"
+	if !strings.HasPrefix(strings.ToLower(authzHeader), "negotiate") {
+		err = errors.New("the Authorization header does not start with 'Negotiate'")
+		return
+	}
+
+	// 2. Extract token from Authorization header
+	authzParts := strings.Split(authzHeader, " ")
+	if len(authzParts) < 2 {
+		err = errors.New("the Authorization header does not contain token (gssapi-data)")
+		return
+	}
+	token := authzParts[len(authzParts)-1]
+	if token == "" {
+		err = errors.New("the token (gssapi-data) in the Authorization header is empty")
+		return
+	}
+
+	// 3. Decode token
+	authData, err = base64.StdEncoding.DecodeString(token)
+	if err != nil {
+		err = errors.New("could not decode token as base64 string")
+		return
+	}
+
+	return
+}
+
+// Authenticate tries to authenticate the HTTP request and returns nil
+// if authentication was successful.
+// Returns error and data for continuation if authentication was not successful.
+func (a *Authenticator) Authenticate(r *http.Request, w http.ResponseWriter) (userInfo *UserInfo, outToken string, err error) {
+	// 1. Extract auth-data from Authorization header
+	authData, err := a.GetAuthData(r, w)
+	if err != nil {
+		err = fmt.Errorf("could not get auth data: %s", err)
+		return
+	}
+
+	// 2. Authenticate user with provided token
+	contextHandle, err := a.GetCtxHandle(r)
+	if err != nil {
+		return
+	}
+	newCtx, output, _, err := a.AcceptOrContinue(contextHandle, authData)
+
+	// If a new context was created, make sure to delete it or store it
+	// both in internal list and response Cookie
+	defer func() {
+		// Negotiation is ending if we don't expect further responses from the client
+		// (authentication was successful or no output token is going to be sent back),
+		// clear client cookie
+		endOfNegotiation := err == nil || len(output) == 0
+
+		// Current context (contextHandle) is not needed anymore and should be deleted if:
+		// - we don't expect further responses from the client
+		// - a new context has been returned by AcceptSecurityContext
+		currCtxNotNeeded := endOfNegotiation || newCtx != nil
+		if !currCtxNotNeeded {
+			// Release current context only if its different than the new context
+			if contextHandle != nil && *contextHandle != *newCtx {
+				remErr := a.ReleaseCtxHandle(contextHandle)
+				if remErr != nil {
+					err = remErr
+					return
+				}
+			}
+		}
+
+		if endOfNegotiation {
+			// Clear client cookie
+			setErr := a.SetCtxHandle(r, w, nil)
+			if setErr != nil {
+				err = fmt.Errorf("could not clear context, error: %s", setErr)
+				return
+			}
+
+			// Delete any new context handle
+			remErr := a.ReleaseCtxHandle(newCtx)
+			if remErr != nil {
+				err = remErr
+				return
+			}
+
+			// Exit defer func
+			return
+		}
+
+		if newCtx != nil {
+			// Store new context handle to internal list and response Cookie
+			a.StoreCtxHandle(newCtx)
+			setErr := a.SetCtxHandle(r, w, newCtx)
+			if setErr != nil {
+				err = setErr
+				return
+			}
+		}
+	}()
+
+	outToken = base64.StdEncoding.EncodeToString(output)
+	if err != nil {
+		err = fmt.Errorf("AcceptOrContinue failed: %s", err)
+		return
+	}
+
+	// 3. Get username and user groups
+	currentCtx := newCtx
+	if currentCtx == nil {
+		currentCtx = contextHandle
+	}
+	userInfo, err = a.GetUserInfo(currentCtx)
+	if err != nil {
+		err = fmt.Errorf("could not get username, error: %s", err)
+		return
+	}
+
+	return
+}
+
+// AppendAuthenticateHeader populates WWW-Authenticate header,
+// indicating to client that authentication is required and returns a 401 (Unauthorized)
+// response code.
+// The data parameter can be empty for the first 401 response from the server.
+// For subsequent 401 responses the data parameter should contain the gssapi-data,
+// which is required for continuation of the negotiation.
+func (a *Authenticator) AppendAuthenticateHeader(w http.ResponseWriter, data string) {
+	value := "Negotiate"
+	if data != "" {
+		value += " " + data
+	}
+	w.Header().Set("WWW-Authenticate", value)
+}
+
+// Return401 populates WWW-Authenticate header, indicating to client that authentication
+// is required and returns a 401 (Unauthorized) response code.
+// The data parameter can be empty for the first 401 response from the server.
+// For subsequent 401 responses the data parameter should contain the gssapi-data,
+// which is required for continuation of the negotiation.
+func (a *Authenticator) Return401(w http.ResponseWriter, data string) {
+	a.AppendAuthenticateHeader(w, data)
+	http.Error(w, "Error!", http.StatusUnauthorized)
+}
+
+// WithAuth authenticates the request. On successful authentication the request
+// is passed down to the next http handler. The next handler can access information
+// about the authenticated user via the GetUserName method.
+// If authentication was not successful, the server returns 401 response code with
+// a WWW-Authenticate, indicating that authentication is required.
+func (a *Authenticator) WithAuth(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		log.Printf("Authenticating request to %s\n", r.RequestURI)
+
+		user, data, err := a.Authenticate(r, w)
+		if err != nil {
+			log.Printf("Authentication failed with error: %v\n", err)
+			a.Return401(w, data)
+			return
+		}
+
+		log.Print("Authenticated\n")
+		// Add the UserInfo value to the reqest's context
+		r = r.WithContext(context.WithValue(r.Context(), UserInfoKey, user))
+		// and to the request header with key Config.AuthUserKey
+		if a.Config.AuthUserKey != "" {
+			r.Header.Set(a.Config.AuthUserKey, user.Username)
+		}
+
+		// The WWW-Authenticate header might need to be sent back even
+		// on successful authentication (eg. in order to let the client complete
+		// mutual authentication).
+		if data != "" {
+			a.AppendAuthenticateHeader(w, data)
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+func init() {
+	gob.Register(&CtxtHandle{})
+	gob.Register(&UserInfo{})
+}

vendor/github.com/quasoft/websspi/win32_windows.go

@@ -0,0 +1,312 @@
+package websspi
+
+import (
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+// secur32.dll
+
+type SECURITY_STATUS syscall.Errno
+
+const (
+	SEC_E_OK = SECURITY_STATUS(0)
+
+	SEC_E_INCOMPLETE_MESSAGE          = SECURITY_STATUS(0x80090318)
+	SEC_E_INSUFFICIENT_MEMORY         = SECURITY_STATUS(0x80090300)
+	SEC_E_INTERNAL_ERROR              = SECURITY_STATUS(0x80090304)
+	SEC_E_INVALID_HANDLE              = SECURITY_STATUS(0x80090301)
+	SEC_E_INVALID_TOKEN               = SECURITY_STATUS(0x80090308)
+	SEC_E_LOGON_DENIED                = SECURITY_STATUS(0x8009030C)
+	SEC_E_NO_AUTHENTICATING_AUTHORITY = SECURITY_STATUS(0x80090311)
+	SEC_E_NO_CREDENTIALS              = SECURITY_STATUS(0x8009030E)
+	SEC_E_UNSUPPORTED_FUNCTION        = SECURITY_STATUS(0x80090302)
+	SEC_I_COMPLETE_AND_CONTINUE       = SECURITY_STATUS(0x00090314)
+	SEC_I_COMPLETE_NEEDED             = SECURITY_STATUS(0x00090313)
+	SEC_I_CONTINUE_NEEDED             = SECURITY_STATUS(0x00090312)
+	SEC_E_NOT_OWNER                   = SECURITY_STATUS(0x80090306)
+	SEC_E_SECPKG_NOT_FOUND            = SECURITY_STATUS(0x80090305)
+	SEC_E_UNKNOWN_CREDENTIALS         = SECURITY_STATUS(0x8009030D)
+
+	NEGOSSP_NAME         = "Negotiate"
+	SECPKG_CRED_INBOUND  = 1
+	SECURITY_NATIVE_DREP = 16
+
+	ASC_REQ_DELEGATE        = 1
+	ASC_REQ_MUTUAL_AUTH     = 2
+	ASC_REQ_REPLAY_DETECT   = 4
+	ASC_REQ_SEQUENCE_DETECT = 8
+	ASC_REQ_CONFIDENTIALITY = 16
+	ASC_REQ_USE_SESSION_KEY = 32
+	ASC_REQ_ALLOCATE_MEMORY = 256
+	ASC_REQ_USE_DCE_STYLE   = 512
+	ASC_REQ_DATAGRAM        = 1024
+	ASC_REQ_CONNECTION      = 2048
+	ASC_REQ_EXTENDED_ERROR  = 32768
+	ASC_REQ_STREAM          = 65536
+	ASC_REQ_INTEGRITY       = 131072
+
+	SECPKG_ATTR_SIZES            = 0
+	SECPKG_ATTR_NAMES            = 1
+	SECPKG_ATTR_LIFESPAN         = 2
+	SECPKG_ATTR_DCE_INFO         = 3
+	SECPKG_ATTR_STREAM_SIZES     = 4
+	SECPKG_ATTR_KEY_INFO         = 5
+	SECPKG_ATTR_AUTHORITY        = 6
+	SECPKG_ATTR_PROTO_INFO       = 7
+	SECPKG_ATTR_PASSWORD_EXPIRY  = 8
+	SECPKG_ATTR_SESSION_KEY      = 9
+	SECPKG_ATTR_PACKAGE_INFO     = 10
+	SECPKG_ATTR_USER_FLAGS       = 11
+	SECPKG_ATTR_NEGOTIATION_INFO = 12
+	SECPKG_ATTR_NATIVE_NAMES     = 13
+	SECPKG_ATTR_FLAGS            = 14
+
+	SECBUFFER_VERSION = 0
+	SECBUFFER_TOKEN   = 2
+)
+
+type CredHandle struct {
+	Lower uintptr
+	Upper uintptr
+}
+
+type CtxtHandle struct {
+	Lower uintptr
+	Upper uintptr
+}
+
+type SecBuffer struct {
+	BufferSize uint32
+	BufferType uint32
+	Buffer     *byte
+}
+
+type SecBufferDesc struct {
+	Version      uint32
+	BuffersCount uint32
+	Buffers      *SecBuffer
+}
+
+type LUID struct {
+	LowPart  uint32
+	HighPart int32
+}
+
+type SecPkgContext_Names struct {
+	UserName *uint16
+}
+
+type SecPkgContext_Flags struct {
+	Flags uint32
+}
+
+// netapi32.dll
+
+const (
+	NERR_Success       = 0x0
+	NERR_InternalError = 0x85C
+	NERR_UserNotFound  = 0x8AD
+
+	ERROR_ACCESS_DENIED     = 0x5
+	ERROR_BAD_NETPATH       = 0x35
+	ERROR_INVALID_LEVEL     = 0x7C
+	ERROR_INVALID_NAME      = 0x7B
+	ERROR_MORE_DATA         = 0xEA
+	ERROR_NOT_ENOUGH_MEMORY = 0x8
+
+	MAX_PREFERRED_LENGTH  = 0xFFFFFFFF
+	MAX_GROUP_NAME_LENGTH = 256
+
+	SE_GROUP_MANDATORY          = 0x1
+	SE_GROUP_ENABLED_BY_DEFAULT = 0x2
+	SE_GROUP_ENABLED            = 0x4
+	SE_GROUP_OWNER              = 0x8
+	SE_GROUP_USE_FOR_DENY_ONLY  = 0x10
+	SE_GROUP_INTEGRITY          = 0x20
+	SE_GROUP_INTEGRITY_ENABLED  = 0x40
+	SE_GROUP_LOGON_ID           = 0xC0000000
+	SE_GROUP_RESOURCE           = 0x20000000
+)
+
+type GroupUsersInfo0 struct {
+	Grui0_name *uint16
+}
+
+type GroupUsersInfo1 struct {
+	Grui1_name       *uint16
+	Grui1_attributes uint32
+}
+
+// The API interface describes the Win32 functions used in this package and
+// its primary purpose is to allow replacing them with stub functions in unit tests.
+type API interface {
+	AcquireCredentialsHandle(
+		principal *uint16,
+		_package *uint16,
+		credentialUse uint32,
+		logonID *LUID,
+		authData *byte,
+		getKeyFn uintptr,
+		getKeyArgument uintptr,
+		credHandle *CredHandle,
+		expiry *syscall.Filetime,
+	) SECURITY_STATUS
+	AcceptSecurityContext(
+		credential *CredHandle,
+		context *CtxtHandle,
+		input *SecBufferDesc,
+		contextReq uint32,
+		targDataRep uint32,
+		newContext *CtxtHandle,
+		output *SecBufferDesc,
+		contextAttr *uint32,
+		expiry *syscall.Filetime,
+	) SECURITY_STATUS
+	QueryContextAttributes(context *CtxtHandle, attribute uint32, buffer *byte) SECURITY_STATUS
+	DeleteSecurityContext(context *CtxtHandle) SECURITY_STATUS
+	FreeContextBuffer(buffer *byte) SECURITY_STATUS
+	FreeCredentialsHandle(handle *CredHandle) SECURITY_STATUS
+	NetUserGetGroups(
+		serverName *uint16,
+		userName *uint16,
+		level uint32,
+		buf **byte,
+		prefmaxlen uint32,
+		entriesread *uint32,
+		totalentries *uint32,
+	) (neterr error)
+	NetApiBufferFree(buf *byte) (neterr error)
+}
+
+// Win32 implements the API interface by calling the relevant system functions
+// from secur32.dll and netapi32.dll
+type Win32 struct{}
+
+var (
+	secur32dll  = windows.NewLazySystemDLL("secur32.dll")
+	netapi32dll = windows.NewLazySystemDLL("netapi32.dll")
+
+	procAcquireCredentialsHandleW = secur32dll.NewProc("AcquireCredentialsHandleW")
+	procAcceptSecurityContext     = secur32dll.NewProc("AcceptSecurityContext")
+	procQueryContextAttributesW   = secur32dll.NewProc("QueryContextAttributesW")
+	procDeleteSecurityContext     = secur32dll.NewProc("DeleteSecurityContext")
+	procFreeContextBuffer         = secur32dll.NewProc("FreeContextBuffer")
+	procFreeCredentialsHandle     = secur32dll.NewProc("FreeCredentialsHandle")
+	procNetUserGetGroups          = netapi32dll.NewProc("NetUserGetGroups")
+)
+
+func (w *Win32) AcquireCredentialsHandle(
+	principal *uint16,
+	_package *uint16,
+	credentialUse uint32,
+	logonId *LUID,
+	authData *byte,
+	getKeyFn uintptr,
+	getKeyArgument uintptr,
+	credHandle *CredHandle,
+	expiry *syscall.Filetime,
+) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall9(
+		procAcquireCredentialsHandleW.Addr(), 9,
+		uintptr(unsafe.Pointer(principal)),
+		uintptr(unsafe.Pointer(_package)),
+		uintptr(credentialUse),
+		uintptr(unsafe.Pointer(logonId)),
+		uintptr(unsafe.Pointer(authData)),
+		uintptr(getKeyFn),
+		uintptr(getKeyArgument),
+		uintptr(unsafe.Pointer(credHandle)),
+		uintptr(unsafe.Pointer(expiry)),
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) AcceptSecurityContext(
+	credential *CredHandle,
+	context *CtxtHandle,
+	input *SecBufferDesc,
+	contextReq uint32,
+	targDataRep uint32,
+	newContext *CtxtHandle,
+	output *SecBufferDesc,
+	contextAttr *uint32,
+	expiry *syscall.Filetime,
+) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall9(
+		procAcceptSecurityContext.Addr(), 9,
+		uintptr(unsafe.Pointer(credential)),
+		uintptr(unsafe.Pointer(context)),
+		uintptr(unsafe.Pointer(input)),
+		uintptr(contextReq),
+		uintptr(targDataRep),
+		uintptr(unsafe.Pointer(newContext)),
+		uintptr(unsafe.Pointer(output)),
+		uintptr(unsafe.Pointer(contextAttr)),
+		uintptr(unsafe.Pointer(expiry)),
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) QueryContextAttributes(
+	context *CtxtHandle,
+	attribute uint32,
+	buffer *byte,
+) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall(
+		procQueryContextAttributesW.Addr(), 3,
+		uintptr(unsafe.Pointer(context)),
+		uintptr(attribute),
+		uintptr(unsafe.Pointer(buffer)),
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) DeleteSecurityContext(context *CtxtHandle) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall(
+		procDeleteSecurityContext.Addr(), 1,
+		uintptr(unsafe.Pointer(context)),
+		0, 0,
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) FreeContextBuffer(buffer *byte) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall(
+		procFreeContextBuffer.Addr(), 1,
+		uintptr(unsafe.Pointer(buffer)),
+		0, 0,
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) FreeCredentialsHandle(handle *CredHandle) SECURITY_STATUS {
+	r1, _, _ := syscall.Syscall(
+		procFreeCredentialsHandle.Addr(), 1,
+		uintptr(unsafe.Pointer(handle)),
+		0, 0,
+	)
+	return SECURITY_STATUS(r1)
+}
+
+func (w *Win32) NetUserGetGroups(
+	serverName *uint16,
+	userName *uint16,
+	level uint32,
+	buf **byte,
+	prefmaxlen uint32,
+	entriesread *uint32,
+	totalentries *uint32,
+) (neterr error) {
+	r0, _, _ := syscall.Syscall9(procNetUserGetGroups.Addr(), 7, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), uintptr(prefmaxlen), uintptr(unsafe.Pointer(entriesread)), uintptr(unsafe.Pointer(totalentries)), 0, 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
+func (w *Win32) NetApiBufferFree(buf *byte) (neterr error) {
+	return syscall.NetApiBufferFree(buf)
+}

vendor/golang.org/x/sys/cpu/byteorder.go

@@ -5,26 +5,56 @@
 package cpu
 
 import (
-	"encoding/binary"
 	"runtime"
 )
 
+// byteOrder is a subset of encoding/binary.ByteOrder.
+type byteOrder interface {
+	Uint32([]byte) uint32
+	Uint64([]byte) uint64
+}
+
+type littleEndian struct{}
+type bigEndian struct{}
+
+func (littleEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func (littleEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func (bigEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+}
+
+func (bigEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+		uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+}
+
 // hostByteOrder returns binary.LittleEndian on little-endian machines and
 // binary.BigEndian on big-endian machines.
-func hostByteOrder() binary.ByteOrder {
+func hostByteOrder() byteOrder {
 	switch runtime.GOARCH {
 	case "386", "amd64", "amd64p32",
 		"arm", "arm64",
 		"mipsle", "mips64le", "mips64p32le",
 		"ppc64le",
 		"riscv", "riscv64":
-		return binary.LittleEndian
+		return littleEndian{}
 	case "armbe", "arm64be",
 		"mips", "mips64", "mips64p32",
 		"ppc", "ppc64",
 		"s390", "s390x",
 		"sparc", "sparc64":
-		return binary.BigEndian
+		return bigEndian{}
 	}
 	panic("unknown architecture")
 }

vendor/golang.org/x/sys/cpu/cpu.go

@@ -78,6 +78,42 @@ var ARM64 struct {
 	_           CacheLinePad
 }
 
+// ARM contains the supported CPU features of the current ARM (32-bit) platform.
+// All feature flags are false if:
+//   1. the current platform is not arm, or
+//   2. the current operating system is not Linux.
+var ARM struct {
+	_           CacheLinePad
+	HasSWP      bool // SWP instruction support
+	HasHALF     bool // Half-word load and store support
+	HasTHUMB    bool // ARM Thumb instruction set
+	Has26BIT    bool // Address space limited to 26-bits
+	HasFASTMUL  bool // 32-bit operand, 64-bit result multiplication support
+	HasFPA      bool // Floating point arithmetic support
+	HasVFP      bool // Vector floating point support
+	HasEDSP     bool // DSP Extensions support
+	HasJAVA     bool // Java instruction set
+	HasIWMMXT   bool // Intel Wireless MMX technology support
+	HasCRUNCH   bool // MaverickCrunch context switching and handling
+	HasTHUMBEE  bool // Thumb EE instruction set
+	HasNEON     bool // NEON instruction set
+	HasVFPv3    bool // Vector floating point version 3 support
+	HasVFPv3D16 bool // Vector floating point version 3 D8-D15
+	HasTLS      bool // Thread local storage support
+	HasVFPv4    bool // Vector floating point version 4 support
+	HasIDIVA    bool // Integer divide instruction support in ARM mode
+	HasIDIVT    bool // Integer divide instruction support in Thumb mode
+	HasVFPD32   bool // Vector floating point version 3 D15-D31
+	HasLPAE     bool // Large Physical Address Extensions
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	_           CacheLinePad
+}
+
 // PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
 // If the current platform is not ppc64/ppc64le then all feature flags are false.
 //

vendor/golang.org/x/sys/cpu/cpu_arm.go

@@ -6,4 +6,35 @@ package cpu
 
 const cacheLineSize = 32
 
-func doinit() {}
+// HWCAP/HWCAP2 bits.
+// These are specific to Linux.
+const (
+	hwcap_SWP       = 1 << 0
+	hwcap_HALF      = 1 << 1
+	hwcap_THUMB     = 1 << 2
+	hwcap_26BIT     = 1 << 3
+	hwcap_FAST_MULT = 1 << 4
+	hwcap_FPA       = 1 << 5
+	hwcap_VFP       = 1 << 6
+	hwcap_EDSP      = 1 << 7
+	hwcap_JAVA      = 1 << 8
+	hwcap_IWMMXT    = 1 << 9
+	hwcap_CRUNCH    = 1 << 10
+	hwcap_THUMBEE   = 1 << 11
+	hwcap_NEON      = 1 << 12
+	hwcap_VFPv3     = 1 << 13
+	hwcap_VFPv3D16  = 1 << 14
+	hwcap_TLS       = 1 << 15
+	hwcap_VFPv4     = 1 << 16
+	hwcap_IDIVA     = 1 << 17
+	hwcap_IDIVT     = 1 << 18
+	hwcap_VFPD32    = 1 << 19
+	hwcap_LPAE      = 1 << 20
+	hwcap_EVTSTRM   = 1 << 21
+
+	hwcap2_AES   = 1 << 0
+	hwcap2_PMULL = 1 << 1
+	hwcap2_SHA1  = 1 << 2
+	hwcap2_SHA2  = 1 << 3
+	hwcap2_CRC32 = 1 << 4
+)

vendor/golang.org/x/sys/cpu/cpu_linux_arm.go

@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func doinit() {
+	ARM.HasSWP = isSet(hwCap, hwcap_SWP)
+	ARM.HasHALF = isSet(hwCap, hwcap_HALF)
+	ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
+	ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
+	ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
+	ARM.HasFPA = isSet(hwCap, hwcap_FPA)
+	ARM.HasVFP = isSet(hwCap, hwcap_VFP)
+	ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
+	ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
+	ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
+	ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
+	ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
+	ARM.HasNEON = isSet(hwCap, hwcap_NEON)
+	ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
+	ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
+	ARM.HasTLS = isSet(hwCap, hwcap_TLS)
+	ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
+	ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
+	ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
+	ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
+	ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
+	ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM.HasAES = isSet(hwCap2, hwcap2_AES)
+	ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
+	ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
+	ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
+	ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}

vendor/golang.org/x/sys/unix/mkall.sh

@@ -212,9 +212,11 @@ esac
 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ;
 			elif [ "$GOOS" == "darwin" ]; then
 			        # pre-1.12, direct syscalls
-			        echo "$mksyscall -tags $GOOS,$GOARCH,!go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.1_11.go";
+			        echo "$mksyscall -tags $GOOS,$GOARCH,!go1.12 $syscall_goos syscall_darwin_${GOARCH}.1_11.go $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.1_11.go";
 			        # 1.12 and later, syscalls via libSystem
 				echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
+				# 1.13 and later, syscalls via libSystem (including syscallPtr)
+				echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go";
 			else
 				echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go";
 			fi

vendor/golang.org/x/sys/unix/mkerrors.sh

@@ -60,6 +60,7 @@ includes_Darwin='
 #include <sys/types.h>
 #include <sys/event.h>
 #include <sys/ptrace.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/sysctl.h>
@@ -80,6 +81,7 @@ includes_Darwin='
 includes_DragonFly='
 #include <sys/types.h>
 #include <sys/event.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/stat.h>
@@ -103,6 +105,7 @@ includes_FreeBSD='
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/event.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/stat.h>
@@ -179,24 +182,31 @@ struct ltchars {
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/time.h>
+#include <sys/select.h>
 #include <sys/signalfd.h>
 #include <sys/socket.h>
 #include <sys/xattr.h>
 #include <linux/bpf.h>
+#include <linux/can.h>
 #include <linux/capability.h>
+#include <linux/cryptouser.h>
 #include <linux/errqueue.h>
+#include <linux/falloc.h>
+#include <linux/fanotify.h>
+#include <linux/filter.h>
+#include <linux/fs.h>
+#include <linux/genetlink.h>
+#include <linux/hdreg.h>
+#include <linux/icmpv6.h>
 #include <linux/if.h>
+#include <linux/if_addr.h>
 #include <linux/if_alg.h>
 #include <linux/if_arp.h>
 #include <linux/if_ether.h>
 #include <linux/if_ppp.h>
 #include <linux/if_tun.h>
 #include <linux/if_packet.h>
-#include <linux/if_addr.h>
-#include <linux/falloc.h>
-#include <linux/fanotify.h>
-#include <linux/filter.h>
-#include <linux/fs.h>
+#include <linux/if_xdp.h>
 #include <linux/kexec.h>
 #include <linux/keyctl.h>
 #include <linux/loop.h>
@@ -208,26 +218,21 @@ struct ltchars {
 #include <linux/net_namespace.h>
 #include <linux/nsfs.h>
 #include <linux/perf_event.h>
+#include <linux/ptrace.h>
 #include <linux/random.h>
 #include <linux/reboot.h>
+#include <linux/rtc.h>
 #include <linux/rtnetlink.h>
-#include <linux/ptrace.h>
 #include <linux/sched.h>
 #include <linux/seccomp.h>
-#include <linux/sockios.h>
-#include <linux/wait.h>
-#include <linux/icmpv6.h>
 #include <linux/serial.h>
-#include <linux/can.h>
-#include <linux/vm_sockets.h>
+#include <linux/sockios.h>
 #include <linux/taskstats.h>
-#include <linux/genetlink.h>
-#include <linux/watchdog.h>
-#include <linux/hdreg.h>
-#include <linux/rtc.h>
-#include <linux/if_xdp.h>
-#include <linux/cryptouser.h>
 #include <linux/tipc.h>
+#include <linux/vm_sockets.h>
+#include <linux/wait.h>
+#include <linux/watchdog.h>
+
 #include <mtd/ubi-user.h>
 #include <net/route.h>
 
@@ -266,6 +271,11 @@ struct ltchars {
 #define FS_KEY_DESC_PREFIX              "fscrypt:"
 #define FS_KEY_DESC_PREFIX_SIZE         8
 #define FS_MAX_KEY_SIZE                 64
+
+// The code generator produces -0x1 for (~0), but an unsigned value is necessary
+// for the tipc_subscr timeout __u32 field.
+#undef TIPC_WAIT_FOREVER
+#define TIPC_WAIT_FOREVER 0xffffffff
 '
 
 includes_NetBSD='
@@ -275,6 +285,7 @@ includes_NetBSD='
 #include <sys/extattr.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/sysctl.h>
@@ -301,6 +312,7 @@ includes_OpenBSD='
 #include <sys/event.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/stat.h>
@@ -337,6 +349,7 @@ includes_OpenBSD='
 includes_SunOS='
 #include <limits.h>
 #include <sys/types.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/stat.h>
@@ -429,6 +442,7 @@ ccflags="$@"
 		$2 == "XCASE" ||
 		$2 == "ALTWERASE" ||
 		$2 == "NOKERNINFO" ||
+		$2 == "NFDBITS" ||
 		$2 ~ /^PAR/ ||
 		$2 ~ /^SIG[^_]/ ||
 		$2 ~ /^O[CNPFPL][A-Z]+[^_][A-Z]+$/ ||

vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go

@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.12,!go1.13
+
+package unix
+
+import (
+	"unsafe"
+)
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// To implement this using libSystem we'd need syscall_syscallPtr for
+	// fdopendir. However, syscallPtr was only added in Go 1.13, so we fall
+	// back to raw syscalls for this func on Go 1.12.
+	var p unsafe.Pointer
+	if len(buf) > 0 {
+		p = unsafe.Pointer(&buf[0])
+	} else {
+		p = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(p), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		return n, errnoErr(e1)
+	}
+	return n, nil
+}

vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go

@@ -0,0 +1,103 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,go1.13
+
+package unix
+
+import "unsafe"
+
+//sys	closedir(dir uintptr) (err error)
+//sys	readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno)
+
+func fdopendir(fd int) (dir uintptr, err error) {
+	r0, _, e1 := syscall_syscallPtr(funcPC(libc_fdopendir_trampoline), uintptr(fd), 0, 0)
+	dir = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_fdopendir_trampoline()
+
+//go:linkname libc_fdopendir libc_fdopendir
+//go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib"
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	// Simulate Getdirentries using fdopendir/readdir_r/closedir.
+	const ptrSize = unsafe.Sizeof(uintptr(0))
+
+	// We store the number of entries to skip in the seek
+	// offset of fd. See issue #31368.
+	// It's not the full required semantics, but should handle the case
+	// of calling Getdirentries or ReadDirent repeatedly.
+	// It won't handle assigning the results of lseek to *basep, or handle
+	// the directory being edited underfoot.
+	skip, err := Seek(fd, 0, 1 /* SEEK_CUR */)
+	if err != nil {
+		return 0, err
+	}
+
+	// We need to duplicate the incoming file descriptor
+	// because the caller expects to retain control of it, but
+	// fdopendir expects to take control of its argument.
+	// Just Dup'ing the file descriptor is not enough, as the
+	// result shares underlying state. Use Openat to make a really
+	// new file descriptor referring to the same directory.
+	fd2, err := Openat(fd, ".", O_RDONLY, 0)
+	if err != nil {
+		return 0, err
+	}
+	d, err := fdopendir(fd2)
+	if err != nil {
+		Close(fd2)
+		return 0, err
+	}
+	defer closedir(d)
+
+	var cnt int64
+	for {
+		var entry Dirent
+		var entryp *Dirent
+		e := readdir_r(d, &entry, &entryp)
+		if e != 0 {
+			return n, errnoErr(e)
+		}
+		if entryp == nil {
+			break
+		}
+		if skip > 0 {
+			skip--
+			cnt++
+			continue
+		}
+		reclen := int(entry.Reclen)
+		if reclen > len(buf) {
+			// Not enough room. Return for now.
+			// The counter will let us know where we should start up again.
+			// Note: this strategy for suspending in the middle and
+			// restarting is O(n^2) in the length of the directory. Oh well.
+			break
+		}
+		// Copy entry into return buffer.
+		s := struct {
+			ptr unsafe.Pointer
+			siz int
+			cap int
+		}{ptr: unsafe.Pointer(&entry), siz: reclen, cap: reclen}
+		copy(buf, *(*[]byte)(unsafe.Pointer(&s)))
+		buf = buf[reclen:]
+		n += reclen
+		cnt++
+	}
+	// Set the seek offset of the input fd to record
+	// how many files we've already returned.
+	_, err = Seek(fd, cnt, 0 /* SEEK_SET */)
+	if err != nil {
+		return n, err
+	}
+
+	return n, nil
+}

vendor/golang.org/x/sys/unix/syscall_darwin.go

@@ -460,7 +460,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sys	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/syscall_darwin_386.1_11.go

@@ -0,0 +1,9 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,386,!go1.12
+
+package unix
+
+//sys  Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) = SYS_GETDIRENTRIES64

vendor/golang.org/x/sys/unix/syscall_darwin_386.go

@@ -63,7 +63,6 @@ const SYS___SYSCTL = SYS_SYSCTL
 //sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
 //sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
 //sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
-//sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) = SYS_GETDIRENTRIES64
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64

vendor/golang.org/x/sys/unix/syscall_darwin_amd64.1_11.go

@@ -0,0 +1,9 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,amd64,!go1.12
+
+package unix
+
+//sys  Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) = SYS_GETDIRENTRIES64

vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go

@@ -63,7 +63,6 @@ const SYS___SYSCTL = SYS_SYSCTL
 //sys	Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
 //sys	Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
 //sys	Fstatfs(fd int, stat *Statfs_t) (err error) = SYS_FSTATFS64
-//sys	Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) = SYS_GETDIRENTRIES64
 //sys	getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64
 //sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64

vendor/golang.org/x/sys/unix/syscall_darwin_arm.1_11.go

@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,386,!go1.12
+
+package unix
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	return 0, ENOSYS
+}

vendor/golang.org/x/sys/unix/syscall_darwin_arm.go

@@ -70,7 +70,3 @@ const SYS___SYSCTL = SYS_SYSCTL
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
-
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	return 0, ENOSYS
-}

vendor/golang.org/x/sys/unix/syscall_darwin_arm64.1_11.go

@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin,arm64,!go1.12
+
+package unix
+
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	return 0, ENOSYS
+}

vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go

@@ -72,7 +72,3 @@ const SYS___SYSCTL = SYS_SYSCTL
 //sys	Lstat(path string, stat *Stat_t) (err error)
 //sys	Stat(path string, stat *Stat_t) (err error)
 //sys	Statfs(path string, stat *Statfs_t) (err error)
-
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	return 0, ENOSYS
-}

vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go

@@ -15,6 +15,7 @@ func syscall_syscall6X(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err
 func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) // 32-bit only
 func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
 func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+func syscall_syscallPtr(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
 
 //go:linkname syscall_syscall syscall.syscall
 //go:linkname syscall_syscall6 syscall.syscall6
@@ -22,6 +23,7 @@ func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, er
 //go:linkname syscall_syscall9 syscall.syscall9
 //go:linkname syscall_rawSyscall syscall.rawSyscall
 //go:linkname syscall_rawSyscall6 syscall.rawSyscall6
+//go:linkname syscall_syscallPtr syscall.syscallPtr
 
 // Find the entry point for f. See comments in runtime/proc.go for the
 // function of the same name.

vendor/golang.org/x/sys/unix/syscall_dragonfly.go

@@ -290,7 +290,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/syscall_freebsd.go

@@ -653,7 +653,7 @@ func PtraceSingleStep(pid int) (err error) {
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/syscall_linux.go

@@ -1222,6 +1222,34 @@ func KeyctlDHCompute(params *KeyctlDHParams, buffer []byte) (size int, err error
 	return keyctlDH(KEYCTL_DH_COMPUTE, params, buffer)
 }
 
+// KeyctlRestrictKeyring implements the KEYCTL_RESTRICT_KEYRING command. This
+// command limits the set of keys that can be linked to the keyring, regardless
+// of keyring permissions. The command requires the "setattr" permission.
+//
+// When called with an empty keyType the command locks the keyring, preventing
+// any further keys from being linked to the keyring.
+//
+// The "asymmetric" keyType defines restrictions requiring key payloads to be
+// DER encoded X.509 certificates signed by keys in another keyring. Restrictions
+// for "asymmetric" include "builtin_trusted", "builtin_and_secondary_trusted",
+// "key_or_keyring:<key>", and "key_or_keyring:<key>:chain".
+//
+// As of Linux 4.12, only the "asymmetric" keyType defines type-specific
+// restrictions.
+//
+// See the full documentation at:
+// http://man7.org/linux/man-pages/man3/keyctl_restrict_keyring.3.html
+// http://man7.org/linux/man-pages/man2/keyctl.2.html
+func KeyctlRestrictKeyring(ringid int, keyType string, restriction string) error {
+	if keyType == "" {
+		return keyctlRestrictKeyring(KEYCTL_RESTRICT_KEYRING, ringid)
+	}
+	return keyctlRestrictKeyringByType(KEYCTL_RESTRICT_KEYRING, ringid, keyType, restriction)
+}
+
+//sys keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) = SYS_KEYCTL
+//sys keyctlRestrictKeyring(cmd int, arg2 int) (err error) = SYS_KEYCTL
+
 func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
 	var msg Msghdr
 	var rsa RawSockaddrAny
@@ -1465,8 +1493,12 @@ func PtraceSyscall(pid int, signal int) (err error) {
 
 func PtraceSingleStep(pid int) (err error) { return ptrace(PTRACE_SINGLESTEP, pid, 0, 0) }
 
+func PtraceInterrupt(pid int) (err error) { return ptrace(PTRACE_INTERRUPT, pid, 0, 0) }
+
 func PtraceAttach(pid int) (err error) { return ptrace(PTRACE_ATTACH, pid, 0, 0) }
 
+func PtraceSeize(pid int) (err error) { return ptrace(PTRACE_SEIZE, pid, 0, 0) }
+
 func PtraceDetach(pid int) (err error) { return ptrace(PTRACE_DETACH, pid, 0, 0) }
 
 //sys	reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error)
@@ -1823,6 +1855,17 @@ func OpenByHandleAt(mountFD int, handle FileHandle, flags int) (fd int, err erro
 	return openByHandleAt(mountFD, handle.fileHandle, flags)
 }
 
+// Klogset wraps the sys_syslog system call; it sets console_loglevel to
+// the value specified by arg and passes a dummy pointer to bufp.
+func Klogset(typ int, arg int) (err error) {
+	var p unsafe.Pointer
+	_, _, errno := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(p), uintptr(arg))
+	if errno != 0 {
+		return errnoErr(errno)
+	}
+	return nil
+}
+
 /*
  * Unimplemented
  */

vendor/golang.org/x/sys/unix/syscall_netbsd.go

@@ -330,7 +330,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/syscall_openbsd.go

@@ -305,7 +305,7 @@ func Uname(uname *Utsname) error {
 //sys	Revoke(path string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/syscall_solaris.go

@@ -649,7 +649,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 //sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
 //sys	Rmdir(path string) (err error)
 //sys	Seek(fd int, offset int64, whence int) (newoffset int64, err error) = lseek
-//sys	Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error)
+//sys	Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error)
 //sysnb	Setegid(egid int) (err error)
 //sysnb	Seteuid(euid int) (err error)
 //sysnb	Setgid(gid int) (err error)

vendor/golang.org/x/sys/unix/zerrors_darwin_386.go

@@ -3,7 +3,7 @@
 
 // +build 386,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -980,6 +980,7 @@ const (
 	NET_RT_MAXID                      = 0xa
 	NET_RT_STAT                       = 0x4
 	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
 	NL0                               = 0x0
 	NL1                               = 0x100
 	NL2                               = 0x200

vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go

@@ -3,7 +3,7 @@
 
 // +build amd64,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -980,6 +980,7 @@ const (
 	NET_RT_MAXID                      = 0xa
 	NET_RT_STAT                       = 0x4
 	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
 	NL0                               = 0x0
 	NL1                               = 0x100
 	NL2                               = 0x200

vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go

@@ -3,7 +3,7 @@
 
 // +build arm,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
 
 package unix
@@ -980,6 +980,7 @@ const (
 	NET_RT_MAXID                      = 0xa
 	NET_RT_STAT                       = 0x4
 	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
 	NL0                               = 0x0
 	NL1                               = 0x100
 	NL2                               = 0x200

vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go

@@ -3,7 +3,7 @@
 
 // +build arm64,darwin
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -980,6 +980,7 @@ const (
 	NET_RT_MAXID                      = 0xa
 	NET_RT_STAT                       = 0x4
 	NET_RT_TRASH                      = 0x5
+	NFDBITS                           = 0x20
 	NL0                               = 0x0
 	NL1                               = 0x100
 	NL2                               = 0x200

vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go

@@ -938,6 +938,7 @@ const (
 	NET_RT_FLAGS                      = 0x2
 	NET_RT_IFLIST                     = 0x3
 	NET_RT_MAXID                      = 0x4
+	NFDBITS                           = 0x40
 	NOFLSH                            = 0x80000000
 	NOKERNINFO                        = 0x2000000
 	NOTE_ATTRIB                       = 0x8

vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go

@@ -3,7 +3,7 @@
 
 // +build 386,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -1055,6 +1055,7 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
 	NOTE_ATTRIB                    = 0x8

vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go

@@ -3,7 +3,7 @@
 
 // +build amd64,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -1056,6 +1056,7 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
 	NOTE_ATTRIB                    = 0x8

vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go

@@ -3,7 +3,7 @@
 
 // +build arm,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
 
 package unix
@@ -1063,6 +1063,7 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x20
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
 	NOTE_ATTRIB                    = 0x8

vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go

@@ -3,7 +3,7 @@
 
 // +build arm64,freebsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -1056,6 +1056,7 @@ const (
 	NET_RT_IFLIST                  = 0x3
 	NET_RT_IFLISTL                 = 0x5
 	NET_RT_IFMALIST                = 0x4
+	NFDBITS                        = 0x40
 	NOFLSH                         = 0x80000000
 	NOKERNINFO                     = 0x2000000
 	NOTE_ATTRIB                    = 0x8

vendor/golang.org/x/sys/unix/zerrors_linux_386.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1087,6 +1091,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1099,6 +1114,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1344,6 +1361,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x20
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1677,6 +1695,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1692,6 +1712,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
@@ -1730,6 +1751,10 @@ const (
 	PTRACE_SINGLEBLOCK                   = 0x21
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_SYSEMU                        = 0x1f
 	PTRACE_SYSEMU_SINGLESTEP             = 0x20
 	PTRACE_TRACEME                       = 0x0
@@ -1790,7 +1815,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1863,6 +1888,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1887,6 +1913,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1894,7 +1921,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1906,6 +1933,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1914,8 +1942,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2140,6 +2168,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2497,7 +2526,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2518,7 +2547,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2717,6 +2746,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2733,6 +2764,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1087,6 +1091,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1099,6 +1114,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1344,6 +1361,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1678,6 +1696,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1693,6 +1713,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
@@ -1731,6 +1752,10 @@ const (
 	PTRACE_SINGLEBLOCK                   = 0x21
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_SYSEMU                        = 0x1f
 	PTRACE_SYSEMU_SINGLESTEP             = 0x20
 	PTRACE_TRACEME                       = 0x0
@@ -1791,7 +1816,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1864,6 +1889,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1888,6 +1914,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1895,7 +1922,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1907,6 +1934,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1915,8 +1943,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2141,6 +2169,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2498,7 +2527,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2519,7 +2548,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2717,6 +2746,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2733,6 +2764,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_arm.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x20
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1696,6 +1716,7 @@ const (
 	PTRACE_GETSIGMASK                    = 0x420a
 	PTRACE_GETVFPREGS                    = 0x1b
 	PTRACE_GETWMMXREGS                   = 0x12
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x16
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
@@ -1736,6 +1757,10 @@ const (
 	PTRACE_SET_SYSCALL                   = 0x17
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	PT_DATA_ADDR                         = 0x10004
 	PT_TEXT_ADDR                         = 0x10000
@@ -1797,7 +1822,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1870,6 +1895,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1894,6 +1920,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1901,7 +1928,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1913,6 +1940,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1921,8 +1949,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2147,6 +2175,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2504,7 +2533,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2525,7 +2554,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2723,6 +2752,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2739,6 +2770,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -561,6 +564,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1089,6 +1093,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1101,6 +1116,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1345,6 +1362,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1678,6 +1696,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1691,6 +1711,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1723,6 +1744,12 @@ const (
 	PTRACE_SETSIGMASK                    = 0x420b
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
+	PTRACE_SYSEMU                        = 0x1f
+	PTRACE_SYSEMU_SINGLESTEP             = 0x20
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1781,7 +1808,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1854,6 +1881,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1878,6 +1906,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1885,7 +1914,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1897,6 +1926,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1905,8 +1935,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2131,6 +2161,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2489,7 +2520,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2510,7 +2541,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2708,6 +2739,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2724,6 +2757,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_mips.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x20
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1689,6 +1709,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_GET_THREAD_AREA_3264          = 0xc4
 	PTRACE_GET_WATCH_REGS                = 0xd0
@@ -1732,6 +1753,10 @@ const (
 	PTRACE_SET_WATCH_REGS                = 0xd1
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1790,7 +1815,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1863,6 +1888,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1887,6 +1913,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1894,7 +1921,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1906,6 +1933,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1914,8 +1942,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2140,6 +2168,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x1029
 	SO_DONTROUTE                         = 0x10
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2499,7 +2528,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2520,7 +2549,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2719,6 +2748,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2735,6 +2766,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1689,6 +1709,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_GET_THREAD_AREA_3264          = 0xc4
 	PTRACE_GET_WATCH_REGS                = 0xd0
@@ -1732,6 +1753,10 @@ const (
 	PTRACE_SET_WATCH_REGS                = 0xd1
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1790,7 +1815,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1863,6 +1888,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1887,6 +1913,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1894,7 +1921,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1906,6 +1933,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1914,8 +1942,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2140,6 +2168,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x1029
 	SO_DONTROUTE                         = 0x10
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2499,7 +2528,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2520,7 +2549,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2719,6 +2748,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2735,6 +2766,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1689,6 +1709,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_GET_THREAD_AREA_3264          = 0xc4
 	PTRACE_GET_WATCH_REGS                = 0xd0
@@ -1732,6 +1753,10 @@ const (
 	PTRACE_SET_WATCH_REGS                = 0xd1
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1790,7 +1815,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1863,6 +1888,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1887,6 +1913,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1894,7 +1921,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1906,6 +1933,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1914,8 +1942,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2140,6 +2168,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x1029
 	SO_DONTROUTE                         = 0x10
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2499,7 +2528,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2520,7 +2549,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2719,6 +2748,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2735,6 +2766,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x20
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1689,6 +1709,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_GET_THREAD_AREA               = 0x19
 	PTRACE_GET_THREAD_AREA_3264          = 0xc4
 	PTRACE_GET_WATCH_REGS                = 0xd0
@@ -1732,6 +1753,10 @@ const (
 	PTRACE_SET_WATCH_REGS                = 0xd1
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1790,7 +1815,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1863,6 +1888,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1887,6 +1913,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1894,7 +1921,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1906,6 +1933,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1914,8 +1942,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2140,6 +2168,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x1029
 	SO_DONTROUTE                         = 0x10
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2499,7 +2528,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2520,7 +2549,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2719,6 +2748,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2735,6 +2766,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1341,6 +1358,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1677,6 +1695,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1696,6 +1716,7 @@ const (
 	PTRACE_GETVRREGS                     = 0x12
 	PTRACE_GETVSRREGS                    = 0x1b
 	PTRACE_GET_DEBUGREG                  = 0x19
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1735,6 +1756,10 @@ const (
 	PTRACE_SINGLEBLOCK                   = 0x100
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_SYSEMU                        = 0x1d
 	PTRACE_SYSEMU_SINGLESTEP             = 0x1e
 	PTRACE_TRACEME                       = 0x0
@@ -1848,7 +1873,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1921,6 +1946,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1945,6 +1971,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1952,7 +1979,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1964,6 +1991,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1972,8 +2000,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2198,6 +2226,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2559,7 +2588,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2580,7 +2609,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2778,6 +2807,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2794,6 +2825,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0xc00
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1341,6 +1358,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1677,6 +1695,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1696,6 +1716,7 @@ const (
 	PTRACE_GETVRREGS                     = 0x12
 	PTRACE_GETVSRREGS                    = 0x1b
 	PTRACE_GET_DEBUGREG                  = 0x19
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1735,6 +1756,10 @@ const (
 	PTRACE_SINGLEBLOCK                   = 0x100
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_SYSEMU                        = 0x1d
 	PTRACE_SYSEMU_SINGLESTEP             = 0x1e
 	PTRACE_TRACEME                       = 0x0
@@ -1848,7 +1873,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1921,6 +1946,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1945,6 +1971,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1952,7 +1979,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1964,6 +1991,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1972,8 +2000,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2198,6 +2226,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2559,7 +2588,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2580,7 +2609,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2778,6 +2807,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2794,6 +2825,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0xc00
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1675,6 +1693,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1688,6 +1708,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1720,6 +1741,10 @@ const (
 	PTRACE_SETSIGMASK                    = 0x420b
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	QNX4_SUPER_MAGIC                     = 0x2f
 	QNX6_SUPER_MAGIC                     = 0x68191122
@@ -1778,7 +1803,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1851,6 +1876,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1875,6 +1901,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1882,7 +1909,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1894,6 +1921,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1902,8 +1930,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2128,6 +2156,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2485,7 +2514,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2506,7 +2535,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2704,6 +2733,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2720,6 +2751,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go

@@ -253,6 +253,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -304,9 +305,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -460,6 +462,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -560,6 +563,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1086,6 +1090,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1098,6 +1113,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1342,6 +1359,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1677,6 +1695,8 @@ const (
 	PTRACE_DETACH                        = 0x11
 	PTRACE_DISABLE_TE                    = 0x5010
 	PTRACE_ENABLE_TE                     = 0x5009
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1691,6 +1711,7 @@ const (
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
 	PTRACE_GET_LAST_BREAK                = 0x5006
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1734,6 +1755,10 @@ const (
 	PTRACE_SINGLEBLOCK                   = 0xc
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TE_ABORT_RAND                 = 0x5011
 	PTRACE_TRACEME                       = 0x0
 	PT_ACR0                              = 0x90
@@ -1851,7 +1876,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1924,6 +1949,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1948,6 +1974,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1955,7 +1982,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1967,6 +1994,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1975,8 +2003,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2201,6 +2229,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x44
 	SO_DOMAIN                            = 0x27
 	SO_DONTROUTE                         = 0x5
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2558,7 +2587,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2579,7 +2608,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2777,6 +2806,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2793,6 +2824,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 )
 

vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go

@@ -256,6 +256,7 @@ const (
 	BPF_F_STACK_BUILD_ID                 = 0x20
 	BPF_F_STRICT_ALIGNMENT               = 0x1
 	BPF_F_SYSCTL_BASE_NAME               = 0x1
+	BPF_F_TEST_RND_HI32                  = 0x4
 	BPF_F_TUNINFO_IPV6                   = 0x1
 	BPF_F_USER_BUILD_ID                  = 0x800
 	BPF_F_USER_STACK                     = 0x100
@@ -307,9 +308,10 @@ const (
 	BPF_RET                              = 0x6
 	BPF_RSH                              = 0x70
 	BPF_SK_STORAGE_GET_F_CREATE          = 0x1
-	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0x7
+	BPF_SOCK_OPS_ALL_CB_FLAGS            = 0xf
 	BPF_SOCK_OPS_RETRANS_CB_FLAG         = 0x2
 	BPF_SOCK_OPS_RTO_CB_FLAG             = 0x1
+	BPF_SOCK_OPS_RTT_CB_FLAG             = 0x8
 	BPF_SOCK_OPS_STATE_CB_FLAG           = 0x4
 	BPF_ST                               = 0x2
 	BPF_STX                              = 0x3
@@ -463,6 +465,7 @@ const (
 	DAXFS_MAGIC                          = 0x64646178
 	DEBUGFS_MAGIC                        = 0x64626720
 	DEVPTS_SUPER_MAGIC                   = 0x1cd1
+	DMA_BUF_MAGIC                        = 0x444d4142
 	DT_BLK                               = 0x6
 	DT_CHR                               = 0x2
 	DT_DIR                               = 0x4
@@ -564,6 +567,7 @@ const (
 	ETH_P_IRDA                           = 0x17
 	ETH_P_LAT                            = 0x6004
 	ETH_P_LINK_CTL                       = 0x886c
+	ETH_P_LLDP                           = 0x88cc
 	ETH_P_LOCALTALK                      = 0x9
 	ETH_P_LOOP                           = 0x60
 	ETH_P_LOOPBACK                       = 0x9000
@@ -1090,6 +1094,17 @@ const (
 	KEXEC_PRESERVE_CONTEXT               = 0x2
 	KEXEC_SEGMENT_MAX                    = 0x10
 	KEYCTL_ASSUME_AUTHORITY              = 0x10
+	KEYCTL_CAPABILITIES                  = 0x1f
+	KEYCTL_CAPS0_BIG_KEY                 = 0x10
+	KEYCTL_CAPS0_CAPABILITIES            = 0x1
+	KEYCTL_CAPS0_DIFFIE_HELLMAN          = 0x4
+	KEYCTL_CAPS0_INVALIDATE              = 0x20
+	KEYCTL_CAPS0_MOVE                    = 0x80
+	KEYCTL_CAPS0_PERSISTENT_KEYRINGS     = 0x2
+	KEYCTL_CAPS0_PUBLIC_KEY              = 0x8
+	KEYCTL_CAPS0_RESTRICT_KEYRING        = 0x40
+	KEYCTL_CAPS1_NS_KEYRING_NAME         = 0x1
+	KEYCTL_CAPS1_NS_KEY_TAG              = 0x2
 	KEYCTL_CHOWN                         = 0x4
 	KEYCTL_CLEAR                         = 0x7
 	KEYCTL_DESCRIBE                      = 0x6
@@ -1102,6 +1117,8 @@ const (
 	KEYCTL_INVALIDATE                    = 0x15
 	KEYCTL_JOIN_SESSION_KEYRING          = 0x1
 	KEYCTL_LINK                          = 0x8
+	KEYCTL_MOVE                          = 0x1e
+	KEYCTL_MOVE_EXCL                     = 0x1
 	KEYCTL_NEGATE                        = 0xd
 	KEYCTL_PKEY_DECRYPT                  = 0x1a
 	KEYCTL_PKEY_ENCRYPT                  = 0x19
@@ -1346,6 +1363,7 @@ const (
 	NETLINK_XFRM                         = 0x6
 	NETNSA_MAX                           = 0x5
 	NETNSA_NSID_NOT_ASSIGNED             = -0x1
+	NFDBITS                              = 0x40
 	NFNETLINK_V0                         = 0x0
 	NFNLGRP_ACCT_QUOTA                   = 0x8
 	NFNLGRP_CONNTRACK_DESTROY            = 0x3
@@ -1679,6 +1697,8 @@ const (
 	PTRACE_ATTACH                        = 0x10
 	PTRACE_CONT                          = 0x7
 	PTRACE_DETACH                        = 0x11
+	PTRACE_EVENTMSG_SYSCALL_ENTRY        = 0x1
+	PTRACE_EVENTMSG_SYSCALL_EXIT         = 0x2
 	PTRACE_EVENT_CLONE                   = 0x3
 	PTRACE_EVENT_EXEC                    = 0x4
 	PTRACE_EVENT_EXIT                    = 0x6
@@ -1696,6 +1716,7 @@ const (
 	PTRACE_GETREGSET                     = 0x4204
 	PTRACE_GETSIGINFO                    = 0x4202
 	PTRACE_GETSIGMASK                    = 0x420a
+	PTRACE_GET_SYSCALL_INFO              = 0x420e
 	PTRACE_INTERRUPT                     = 0x4207
 	PTRACE_KILL                          = 0x8
 	PTRACE_LISTEN                        = 0x4208
@@ -1735,6 +1756,10 @@ const (
 	PTRACE_SINGLESTEP                    = 0x9
 	PTRACE_SPARC_DETACH                  = 0xb
 	PTRACE_SYSCALL                       = 0x18
+	PTRACE_SYSCALL_INFO_ENTRY            = 0x1
+	PTRACE_SYSCALL_INFO_EXIT             = 0x2
+	PTRACE_SYSCALL_INFO_NONE             = 0x0
+	PTRACE_SYSCALL_INFO_SECCOMP          = 0x3
 	PTRACE_TRACEME                       = 0x0
 	PTRACE_WRITEDATA                     = 0x11
 	PTRACE_WRITETEXT                     = 0x13
@@ -1843,7 +1868,7 @@ const (
 	RTAX_UNSPEC                          = 0x0
 	RTAX_WINDOW                          = 0x3
 	RTA_ALIGNTO                          = 0x4
-	RTA_MAX                              = 0x1d
+	RTA_MAX                              = 0x1e
 	RTCF_DIRECTSRC                       = 0x4000000
 	RTCF_DOREDIRECT                      = 0x1000000
 	RTCF_LOG                             = 0x2000000
@@ -1916,6 +1941,7 @@ const (
 	RTM_DELMDB                           = 0x55
 	RTM_DELNEIGH                         = 0x1d
 	RTM_DELNETCONF                       = 0x51
+	RTM_DELNEXTHOP                       = 0x69
 	RTM_DELNSID                          = 0x59
 	RTM_DELQDISC                         = 0x25
 	RTM_DELROUTE                         = 0x19
@@ -1940,6 +1966,7 @@ const (
 	RTM_GETNEIGH                         = 0x1e
 	RTM_GETNEIGHTBL                      = 0x42
 	RTM_GETNETCONF                       = 0x52
+	RTM_GETNEXTHOP                       = 0x6a
 	RTM_GETNSID                          = 0x5a
 	RTM_GETQDISC                         = 0x26
 	RTM_GETROUTE                         = 0x1a
@@ -1947,7 +1974,7 @@ const (
 	RTM_GETSTATS                         = 0x5e
 	RTM_GETTCLASS                        = 0x2a
 	RTM_GETTFILTER                       = 0x2e
-	RTM_MAX                              = 0x67
+	RTM_MAX                              = 0x6b
 	RTM_NEWACTION                        = 0x30
 	RTM_NEWADDR                          = 0x14
 	RTM_NEWADDRLABEL                     = 0x48
@@ -1959,6 +1986,7 @@ const (
 	RTM_NEWNEIGH                         = 0x1c
 	RTM_NEWNEIGHTBL                      = 0x40
 	RTM_NEWNETCONF                       = 0x50
+	RTM_NEWNEXTHOP                       = 0x68
 	RTM_NEWNSID                          = 0x58
 	RTM_NEWPREFIX                        = 0x34
 	RTM_NEWQDISC                         = 0x24
@@ -1967,8 +1995,8 @@ const (
 	RTM_NEWSTATS                         = 0x5c
 	RTM_NEWTCLASS                        = 0x28
 	RTM_NEWTFILTER                       = 0x2c
-	RTM_NR_FAMILIES                      = 0x16
-	RTM_NR_MSGTYPES                      = 0x58
+	RTM_NR_FAMILIES                      = 0x17
+	RTM_NR_MSGTYPES                      = 0x5c
 	RTM_SETDCB                           = 0x4f
 	RTM_SETLINK                          = 0x13
 	RTM_SETNEIGHTBL                      = 0x43
@@ -2193,6 +2221,7 @@ const (
 	SO_DEBUG                             = 0x1
 	SO_DETACH_BPF                        = 0x1b
 	SO_DETACH_FILTER                     = 0x1b
+	SO_DETACH_REUSEPORT_BPF              = 0x47
 	SO_DOMAIN                            = 0x1029
 	SO_DONTROUTE                         = 0x10
 	SO_EE_CODE_TXTIME_INVALID_PARAM      = 0x1
@@ -2547,7 +2576,7 @@ const (
 	TIPC_SUB_PORTS                       = 0x1
 	TIPC_SUB_SERVICE                     = 0x2
 	TIPC_TOP_SRV                         = 0x1
-	TIPC_WAIT_FOREVER                    = -0x1
+	TIPC_WAIT_FOREVER                    = 0xffffffff
 	TIPC_WITHDRAWN                       = 0x2
 	TIPC_ZONE_BITS                       = 0x8
 	TIPC_ZONE_CLUSTER_MASK               = 0xfffff000
@@ -2568,7 +2597,7 @@ const (
 	TP_STATUS_LOSING                     = 0x4
 	TP_STATUS_SENDING                    = 0x2
 	TP_STATUS_SEND_REQUEST               = 0x1
-	TP_STATUS_TS_RAW_HARDWARE            = -0x80000000
+	TP_STATUS_TS_RAW_HARDWARE            = 0x80000000
 	TP_STATUS_TS_SOFTWARE                = 0x20000000
 	TP_STATUS_TS_SYS_HARDWARE            = 0x40000000
 	TP_STATUS_USER                       = 0x1
@@ -2766,6 +2795,8 @@ const (
 	XDP_FLAGS_SKB_MODE                   = 0x2
 	XDP_FLAGS_UPDATE_IF_NOEXIST          = 0x1
 	XDP_MMAP_OFFSETS                     = 0x1
+	XDP_OPTIONS                          = 0x8
+	XDP_OPTIONS_ZEROCOPY                 = 0x1
 	XDP_PACKET_HEADROOM                  = 0x100
 	XDP_PGOFF_RX_RING                    = 0x0
 	XDP_PGOFF_TX_RING                    = 0x80000000
@@ -2782,6 +2813,7 @@ const (
 	XENFS_SUPER_MAGIC                    = 0xabba1974
 	XFS_SUPER_MAGIC                      = 0x58465342
 	XTABS                                = 0x1800
+	Z3FOLD_MAGIC                         = 0x33
 	ZSMALLOC_MAGIC                       = 0x58295829
 	__TIOCFLUSH                          = 0x80047410
 )

vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go

@@ -3,7 +3,7 @@
 
 // +build 386,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -1085,6 +1085,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go

@@ -3,7 +3,7 @@
 
 // +build amd64,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -1075,6 +1075,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go

@@ -3,7 +3,7 @@
 
 // +build arm,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
 
 package unix
@@ -1065,6 +1065,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go

@@ -3,7 +3,7 @@
 
 // +build arm64,netbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -1075,6 +1075,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_OIFLIST                    = 0x4
 	NET_RT_OOIFLIST                   = 0x3
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go

@@ -3,7 +3,7 @@
 
 // +build 386,openbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
 
 package unix
@@ -881,14 +881,15 @@ const (
 	MADV_SPACEAVAIL                   = 0x5
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
-	MAP_COPY                          = 0x4
+	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
+	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x1ff7
-	MAP_HASSEMAPHORE                  = 0x200
-	MAP_INHERIT                       = 0x80
+	MAP_FLAGMASK                      = 0xfff7
+	MAP_HASSEMAPHORE                  = 0x0
+	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
-	MAP_INHERIT_DONATE_COPY           = 0x3
 	MAP_INHERIT_NONE                  = 0x2
 	MAP_INHERIT_SHARE                 = 0x0
 	MAP_NOEXTEND                      = 0x100
@@ -896,7 +897,8 @@ const (
 	MAP_PRIVATE                       = 0x2
 	MAP_RENAME                        = 0x20
 	MAP_SHARED                        = 0x1
-	MAP_TRYFIXED                      = 0x400
+	MAP_STACK                         = 0x4000
+	MAP_TRYFIXED                      = 0x0
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
 	MNT_ASYNC                         = 0x40
@@ -946,6 +948,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go

@@ -3,7 +3,7 @@
 
 // +build amd64,openbsd
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -920,10 +920,11 @@ const (
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
 	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
 	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x7ff7
+	MAP_FLAGMASK                      = 0xfff7
 	MAP_HASSEMAPHORE                  = 0x0
 	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
@@ -990,6 +991,7 @@ const (
 	NET_RT_MAXID                      = 0x7
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOKERNINFO                        = 0x2000000
 	NOTE_ATTRIB                       = 0x8

vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go

@@ -1,11 +1,11 @@
 // mkerrors.sh
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
-// Created by cgo -godefs - DO NOT EDIT
-// cgo -godefs -- _const.go
-
 // +build arm,openbsd
 
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- _const.go
+
 package unix
 
 import "syscall"
@@ -881,10 +881,11 @@ const (
 	MADV_WILLNEED                     = 0x3
 	MAP_ANON                          = 0x1000
 	MAP_ANONYMOUS                     = 0x1000
+	MAP_CONCEAL                       = 0x8000
 	MAP_COPY                          = 0x2
 	MAP_FILE                          = 0x0
 	MAP_FIXED                         = 0x10
-	MAP_FLAGMASK                      = 0x3ff7
+	MAP_FLAGMASK                      = 0xfff7
 	MAP_HASSEMAPHORE                  = 0x0
 	MAP_INHERIT                       = 0x0
 	MAP_INHERIT_COPY                  = 0x1
@@ -896,6 +897,7 @@ const (
 	MAP_PRIVATE                       = 0x2
 	MAP_RENAME                        = 0x0
 	MAP_SHARED                        = 0x1
+	MAP_STACK                         = 0x4000
 	MAP_TRYFIXED                      = 0x0
 	MCL_CURRENT                       = 0x1
 	MCL_FUTURE                        = 0x2
@@ -947,6 +949,7 @@ const (
 	NET_RT_MAXID                      = 0x6
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOTE_ATTRIB                       = 0x8
 	NOTE_CHILD                        = 0x4

vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go

@@ -996,6 +996,7 @@ const (
 	NET_RT_MAXID                      = 0x7
 	NET_RT_STATS                      = 0x4
 	NET_RT_TABLE                      = 0x5
+	NFDBITS                           = 0x20
 	NOFLSH                            = 0x80000000
 	NOKERNINFO                        = 0x2000000
 	NOTE_ATTRIB                       = 0x8

vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go

@@ -3,7 +3,7 @@
 
 // +build amd64,solaris
 
-// Created by cgo -godefs - DO NOT EDIT
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
 
 package unix
@@ -666,6 +666,7 @@ const (
 	M_FLUSH                       = 0x86
 	NAME_MAX                      = 0xff
 	NEWDEV                        = 0x1
+	NFDBITS                       = 0x40
 	NL0                           = 0x0
 	NL1                           = 0x100
 	NLDLY                         = 0x100

vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_11.go

@@ -1,4 +1,4 @@
-// go run mksyscall.go -l32 -tags darwin,386,!go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_386.go
+// go run mksyscall.go -l32 -tags darwin,386,!go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_386.1_11.go syscall_darwin_386.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build darwin,386,!go1.12
@@ -214,22 +214,6 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func utimes(path string, timeval *[2]Timeval) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -1342,8 +1326,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1681,6 +1666,39 @@ func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
 	_, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
 	if e1 != 0 {
@@ -1738,23 +1756,6 @@ func Fstatfs(fd int, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_GETFSSTAT64, uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)

vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.go

@@ -0,0 +1,41 @@
+// go run mksyscall.go -l32 -tags darwin,386,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,386,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"

vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s

@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go 386
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)

vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go

@@ -1851,8 +1851,9 @@ func libc_lseek_trampoline()
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2423,28 +2424,6 @@ func libc_fstatfs64_trampoline()
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall_syscall6(funcPC(libc___getdirentries64_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc___getdirentries64_trampoline()
-
-//go:linkname libc___getdirentries64 libc___getdirentries64
-//go:cgo_import_dynamic libc___getdirentries64 __getdirentries64 "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
 	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat64_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)

vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s

@@ -274,8 +274,6 @@ TEXT ·libc_fstatat64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fstatat64(SB)
 TEXT ·libc_fstatfs64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fstatfs64(SB)
-TEXT ·libc___getdirentries64_trampoline(SB),NOSPLIT,$0-0
-	JMP	libc___getdirentries64(SB)
 TEXT ·libc_getfsstat64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_getfsstat64(SB)
 TEXT ·libc_lstat64_trampoline(SB),NOSPLIT,$0-0

vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_11.go

@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags darwin,amd64,!go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go
+// go run mksyscall.go -tags darwin,amd64,!go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.1_11.go syscall_darwin_amd64.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 // +build darwin,amd64,!go1.12
@@ -1326,8 +1326,9 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := Syscall6(SYS_SELECT, uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -1665,6 +1666,23 @@ func writelen(fd int, buf *byte, nbuf int) (n int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -1738,23 +1756,6 @@ func Fstatfs(fd int, stat *Statfs_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall6(SYS_GETDIRENTRIES64, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
 	r0, _, e1 := Syscall(SYS_GETFSSTAT64, uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)

vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go

@@ -0,0 +1,41 @@
+// go run mksyscall.go -tags darwin,amd64,go1.13 syscall_darwin.1_13.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+// +build darwin,amd64,go1.13
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func closedir(dir uintptr) (err error) {
+	_, _, e1 := syscall_syscall(funcPC(libc_closedir_trampoline), uintptr(dir), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_closedir_trampoline()
+
+//go:linkname libc_closedir libc_closedir
+//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) {
+	r0, _, _ := syscall_syscall(funcPC(libc_readdir_r_trampoline), uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	res = Errno(r0)
+	return
+}
+
+func libc_readdir_r_trampoline()
+
+//go:linkname libc_readdir_r libc_readdir_r
+//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib"

vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s

@@ -0,0 +1,12 @@
+// go run mkasm_darwin.go amd64
+// Code generated by the command above; DO NOT EDIT.
+
+// +build go1.13
+
+#include "textflag.h"
+TEXT ·libc_fdopendir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_fdopendir(SB)
+TEXT ·libc_closedir_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_closedir(SB)
+TEXT ·libc_readdir_r_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_readdir_r(SB)

vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go

@@ -1851,8 +1851,9 @@ func libc_lseek_trampoline()
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(n int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (err error) {
-	_, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(n), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+	r0, _, e1 := syscall_syscall6(funcPC(libc_select_trampoline), uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+	n = int(r0)
 	if e1 != 0 {
 		err = errnoErr(e1)
 	}
@@ -2423,28 +2424,6 @@ func libc_fstatfs64_trampoline()
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall_syscall6(funcPC(libc___getdirentries64_trampoline), uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0)
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc___getdirentries64_trampoline()
-
-//go:linkname libc___getdirentries64 libc___getdirentries64
-//go:cgo_import_dynamic libc___getdirentries64 __getdirentries64 "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) {
 	r0, _, e1 := syscall_syscall(funcPC(libc_getfsstat64_trampoline), uintptr(buf), uintptr(size), uintptr(flags))
 	n = int(r0)