Download raw body.
sysctl: unlock IPCTL_DEFTTL case of ip_sysctl()
On Tue, Jun 24, 2025 at 09:53:52PM +0300, Vitaliy Makkoveev wrote:
> Read-only access at initialization time of interfaces, PCBs and IP
> packets.
The previous time have I looked into this, I was totally distracted
by the fact that pseudo interfaces use IPv4 ttl to build IPv6 packets
with hlim. Fixing it is not trivial.
Of course this does not affect the locking diff.
OK bluhm@
> Index: sys/net/if_etherip.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_etherip.c,v
> retrieving revision 1.57
> diff -u -p -r1.57 if_etherip.c
> --- sys/net/if_etherip.c 2 Mar 2025 21:28:31 -0000 1.57
> +++ sys/net/if_etherip.c 24 Jun 2025 18:50:15 -0000
> @@ -148,7 +148,7 @@ etherip_clone_create(struct if_clone *if
> snprintf(ifp->if_xname, sizeof(ifp->if_xname), "%s%d",
> ifc->ifc_name, unit);
>
> - sc->sc_ttl = ip_defttl;
> + sc->sc_ttl = atomic_load_int(&ip_defttl);
> sc->sc_txhprio = IFQ_TOS2PRIO(IPTOS_PREC_ROUTINE); /* 0 */
> sc->sc_rxhprio = IF_HDRPRIO_PACKET;
> sc->sc_df = htons(0);
> Index: sys/net/if_gif.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_gif.c,v
> retrieving revision 1.139
> diff -u -p -r1.139 if_gif.c
> --- sys/net/if_gif.c 2 Mar 2025 21:28:31 -0000 1.139
> +++ sys/net/if_gif.c 24 Jun 2025 18:50:15 -0000
> @@ -152,7 +152,7 @@ gif_clone_create(struct if_clone *ifc, i
> ifp = &sc->sc_if;
>
> sc->sc_df = htons(0);
> - sc->sc_ttl = ip_defttl;
> + sc->sc_ttl = atomic_load_int(&ip_defttl);
> sc->sc_txhprio = IF_HDRPRIO_PAYLOAD;
> sc->sc_rxhprio = IF_HDRPRIO_PAYLOAD;
> sc->sc_ecn = ECN_ALLOWED;
> Index: sys/net/if_gre.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_gre.c,v
> retrieving revision 1.188
> diff -u -p -r1.188 if_gre.c
> --- sys/net/if_gre.c 5 Jun 2025 04:30:49 -0000 1.188
> +++ sys/net/if_gre.c 24 Jun 2025 18:50:15 -0000
> @@ -659,7 +659,7 @@ gre_clone_create(struct if_clone *ifc, i
> ifp->if_ioctl = gre_ioctl;
> ifp->if_rtrequest = p2p_rtrequest;
>
> - sc->sc_tunnel.t_ttl = ip_defttl;
> + sc->sc_tunnel.t_ttl = atomic_load_int(&ip_defttl);
> sc->sc_tunnel.t_txhprio = IF_HDRPRIO_PAYLOAD;
> sc->sc_tunnel.t_rxhprio = IF_HDRPRIO_PACKET;
> sc->sc_tunnel.t_df = htons(0);
> @@ -730,7 +730,7 @@ mgre_clone_create(struct if_clone *ifc,
> ifp->if_start = mgre_start;
> ifp->if_ioctl = mgre_ioctl;
>
> - sc->sc_tunnel.t_ttl = ip_defttl;
> + sc->sc_tunnel.t_ttl = atomic_load_int(&ip_defttl);
> sc->sc_tunnel.t_txhprio = IF_HDRPRIO_PAYLOAD;
> sc->sc_tunnel.t_rxhprio = IF_HDRPRIO_PACKET;
> sc->sc_tunnel.t_df = htons(0);
> @@ -784,7 +784,7 @@ egre_clone_create(struct if_clone *ifc,
> ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
> ether_fakeaddr(ifp);
>
> - sc->sc_tunnel.t_ttl = ip_defttl;
> + sc->sc_tunnel.t_ttl = atomic_load_int(&ip_defttl);
> sc->sc_tunnel.t_txhprio = 0;
> sc->sc_tunnel.t_rxhprio = IF_HDRPRIO_PACKET;
> sc->sc_tunnel.t_df = htons(0);
> @@ -919,7 +919,7 @@ eoip_clone_create(struct if_clone *ifc,
> ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
> ether_fakeaddr(ifp);
>
> - sc->sc_tunnel.t_ttl = ip_defttl;
> + sc->sc_tunnel.t_ttl = atomic_load_int(&ip_defttl);
> sc->sc_tunnel.t_txhprio = 0;
> sc->sc_tunnel.t_rxhprio = IF_HDRPRIO_PACKET;
> sc->sc_tunnel.t_df = htons(0);
> @@ -3098,7 +3098,8 @@ gre_keepalive_send(void *arg)
> SipHash24_Update(&ctx, &gk->gk_random, sizeof(gk->gk_random));
> SipHash24_Final(gk->gk_digest, &ctx);
>
> - ttl = sc->sc_tunnel.t_ttl == -1 ? ip_defttl : sc->sc_tunnel.t_ttl;
> + ttl = sc->sc_tunnel.t_ttl == -1 ?
> + atomic_load_int(&ip_defttl) : sc->sc_tunnel.t_ttl;
>
> m->m_pkthdr.pf.prio = sc->sc_if.if_llprio;
> tos = gre_l3_tos(&sc->sc_tunnel, m, IFQ_PRIO2TOS(m->m_pkthdr.pf.prio));
> @@ -4461,7 +4462,7 @@ erspan_clone_create(struct if_clone *ifc
> ether_fakeaddr(ifp);
>
> sc->sc_tunnel.t_key = ~0;
> - sc->sc_tunnel.t_ttl = ip_defttl;
> + sc->sc_tunnel.t_ttl = atomic_load_int(&ip_defttl);
> sc->sc_tunnel.t_txhprio = IF_HDRPRIO_PACKET; /* XXX */
> sc->sc_tunnel.t_rxhprio = IF_HDRPRIO_PAYLOAD;
> sc->sc_tunnel.t_df = htons(0);
> Index: sys/net/pf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1216
> diff -u -p -r1.1216 pf.c
> --- sys/net/pf.c 23 Jun 2025 20:59:25 -0000 1.1216
> +++ sys/net/pf.c 24 Jun 2025 18:50:17 -0000
> @@ -3326,7 +3326,7 @@ pf_build_tcp(const struct pf_rule *r, sa
> h->ip_tos = IPTOS_LOWDELAY;
> h->ip_len = htons(len);
> h->ip_off = htons(atomic_load_int(&ip_mtudisc) ? IP_DF : 0);
> - h->ip_ttl = ttl ? ttl : ip_defttl;
> + h->ip_ttl = ttl ? ttl : atomic_load_int(&ip_defttl);
> h->ip_sum = 0;
> h->ip_src.s_addr = saddr->v4.s_addr;
> h->ip_dst.s_addr = daddr->v4.s_addr;
> Index: sys/netinet/ip_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_input.c,v
> retrieving revision 1.414
> diff -u -p -r1.414 ip_input.c
> --- sys/netinet/ip_input.c 24 Jun 2025 18:05:51 -0000 1.414
> +++ sys/netinet/ip_input.c 24 Jun 2025 18:50:19 -0000
> @@ -96,7 +96,7 @@ int ipmforwarding = 0;
> int ipmultipath = 0; /* [a] */
> int ip_sendredirects = 1; /* [a] */
> int ip_dosourceroute = 0; /* [a] */
> -int ip_defttl = IPDEFTTL;
> +int ip_defttl = IPDEFTTL; /* [a] */
> int ip_mtudisc = 1; /* [a] */
> int ip_mtudisc_timeout = IPMTUDISCTIMEOUT; /* [a] */
> int ip_directedbcast = 0; /* [a] */
> @@ -119,6 +119,7 @@ const struct sysctl_bounded_args ipctl_v
> #ifdef MROUTING
> { IPCTL_MRTPROTO, &ip_mrtproto, SYSCTL_INT_READONLY },
> #endif
> + { IPCTL_DEFTTL, &ip_defttl, 0, 255 },
> { IPCTL_IPPORT_FIRSTAUTO, &ipport_firstauto, 0, 65535 },
> { IPCTL_IPPORT_LASTAUTO, &ipport_lastauto, 0, 65535 },
> { IPCTL_IPPORT_HIFIRSTAUTO, &ipport_hifirstauto, 0, 65535 },
> @@ -126,7 +127,6 @@ const struct sysctl_bounded_args ipctl_v
> };
>
> const struct sysctl_bounded_args ipctl_vars[] = {
> - { IPCTL_DEFTTL, &ip_defttl, 0, 255 },
> { IPCTL_IPPORT_MAXQUEUE, &ip_maxqueue, 0, 10000 },
> { IPCTL_MFORWARDING, &ipmforwarding, 0, 1 },
> { IPCTL_ARPTIMEOUT, &arpt_keep, 0, INT_MAX },
> @@ -1839,6 +1839,7 @@ ip_sysctl(int *name, u_int namelen, void
> #ifdef MROUTING
> case IPCTL_MRTPROTO:
> #endif
> + case IPCTL_DEFTTL:
> case IPCTL_IPPORT_FIRSTAUTO:
> case IPCTL_IPPORT_LASTAUTO:
> case IPCTL_IPPORT_HIFIRSTAUTO:
> Index: sys/netinet/ip_ipip.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_ipip.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 ip_ipip.c
> --- sys/netinet/ip_ipip.c 12 Jun 2025 20:37:59 -0000 1.108
> +++ sys/netinet/ip_ipip.c 24 Jun 2025 18:50:19 -0000
> @@ -387,7 +387,7 @@ ipip_output(struct mbuf **mp, struct tdb
> ipo->ip_v = IPVERSION;
> ipo->ip_hl = 5;
> ipo->ip_len = htons(m->m_pkthdr.len);
> - ipo->ip_ttl = ip_defttl;
> + ipo->ip_ttl = atomic_load_int(&ip_defttl);
> ipo->ip_sum = 0;
> ipo->ip_src = tdb->tdb_src.sin.sin_addr;
> ipo->ip_dst = tdb->tdb_dst.sin.sin_addr;
> Index: sys/netinet/ip_output.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_output.c,v
> retrieving revision 1.410
> diff -u -p -r1.410 ip_output.c
> --- sys/netinet/ip_output.c 23 Jun 2025 20:59:25 -0000 1.410
> +++ sys/netinet/ip_output.c 24 Jun 2025 18:50:19 -0000
> @@ -909,7 +909,8 @@ ip_ctloutput(int op, struct socket *so,
> if (optval > 0 && optval <= MAXTTL)
> inp->inp_ip.ip_ttl = optval;
> else if (optval == -1)
> - inp->inp_ip.ip_ttl = ip_defttl;
> + inp->inp_ip.ip_ttl =
> + atomic_load_int(&ip_defttl);
> else
> error = EINVAL;
> break;
> @@ -1125,7 +1126,7 @@ ip_ctloutput(int op, struct socket *so,
> break;
>
> case IP_IPDEFTTL:
> - optval = ip_defttl;
> + optval = atomic_load_int(&ip_defttl);
> break;
>
> #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
> Index: sys/netinet/tcp_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/tcp_input.c,v
> retrieving revision 1.454
> diff -u -p -r1.454 tcp_input.c
> --- sys/netinet/tcp_input.c 23 Jun 2025 20:59:25 -0000 1.454
> +++ sys/netinet/tcp_input.c 24 Jun 2025 18:50:23 -0000
> @@ -4279,7 +4279,8 @@ syn_cache_respond(struct syn_cache *sc,
> switch (sc->sc_src.sa.sa_family) {
> case AF_INET:
> ip->ip_len = htons(tlen);
> - ip->ip_ttl = inp ? inp->inp_ip.ip_ttl : ip_defttl;
> + ip->ip_ttl = inp ?
> + inp->inp_ip.ip_ttl : atomic_load_int(&ip_defttl);
> if (inp != NULL)
> ip->ip_tos = inp->inp_ip.ip_tos;
>
> Index: sys/netinet/tcp_subr.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
> retrieving revision 1.213
> diff -u -p -r1.213 tcp_subr.c
> --- sys/netinet/tcp_subr.c 23 Jun 2025 20:59:25 -0000 1.213
> +++ sys/netinet/tcp_subr.c 24 Jun 2025 18:50:24 -0000
> @@ -408,7 +408,7 @@ tcp_respond(struct tcpcb *tp, caddr_t te
> #endif /* INET6 */
> case AF_INET:
> ip->ip_len = htons(tlen);
> - ip->ip_ttl = ip_defttl;
> + ip->ip_ttl = atomic_load_int(&ip_defttl);
> ip->ip_tos = 0;
> ip_output(m, NULL,
> tp ? &tp->t_inpcb->inp_route : NULL,
> @@ -469,7 +469,7 @@ tcp_newtcpcb(struct inpcb *inp, int wait
> #endif
> {
> tp->pf = PF_INET;
> - inp->inp_ip.ip_ttl = ip_defttl;
> + inp->inp_ip.ip_ttl = atomic_load_int(&ip_defttl);
> }
>
> inp->inp_ppcb = (caddr_t)tp;
> Index: sys/netinet/udp_usrreq.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
> retrieving revision 1.345
> diff -u -p -r1.345 udp_usrreq.c
> --- sys/netinet/udp_usrreq.c 23 Jun 2025 20:59:25 -0000 1.345
> +++ sys/netinet/udp_usrreq.c 24 Jun 2025 18:50:24 -0000
> @@ -1141,7 +1141,7 @@ udp_attach(struct socket *so, int proto,
> sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim;
> else
> #endif
> - sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl;
> + sotoinpcb(so)->inp_ip.ip_ttl = atomic_load_int(&ip_defttl);
> return 0;
> }
>
sysctl: unlock IPCTL_DEFTTL case of ip_sysctl()