Download raw body.
Unlock IPV6CTL_MAXDYNROUTES case of ip6_sysctl()
On Sat, Jul 26, 2025 at 04:54:57AM +0300, Vitaliy Makkoveev wrote:
> The last one of `ipv6ctl_vars' variables. The sysctl(2) and IPv6 stack
> both allow negative value for unlimited queue, so use cached value and
> keep current behavior.
>
> We have no `ipv6ctl_vars' used in ramdisk, so exclude them from
> SMALL_KERNEL.
OK bluhm@
> Index: sys/netinet6/icmp6.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/icmp6.c,v
> retrieving revision 1.270
> diff -u -p -r1.270 icmp6.c
> --- sys/netinet6/icmp6.c 18 Jul 2025 08:39:14 -0000 1.270
> +++ sys/netinet6/icmp6.c 26 Jul 2025 01:43:45 -0000
> @@ -1292,6 +1292,7 @@ icmp6_redirect_input(struct mbuf *m, int
> struct sockaddr_in6 ssrc;
> unsigned long rtcount;
> struct rtentry *newrt = NULL;
> + int ip6_maxdynroutes_local = atomic_load_int(&ip6_maxdynroutes);
>
> /*
> * do not install redirect route, if the number of entries
> @@ -1300,7 +1301,8 @@ icmp6_redirect_input(struct mbuf *m, int
> * (there will be additional hops, though).
> */
> rtcount = rt_timer_queue_count(&icmp6_redirect_timeout_q);
> - if (0 <= ip6_maxdynroutes && rtcount >= ip6_maxdynroutes)
> + if (ip6_maxdynroutes_local >= 0 &&
> + rtcount >= ip6_maxdynroutes_local)
> goto freeit;
>
> bzero(&sdst, sizeof(sdst));
> Index: sys/netinet6/in6_proto.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/in6_proto.c,v
> retrieving revision 1.147
> diff -u -p -r1.147 in6_proto.c
> --- sys/netinet6/in6_proto.c 26 Jul 2025 01:16:59 -0000 1.147
> +++ sys/netinet6/in6_proto.c 26 Jul 2025 01:43:45 -0000
> @@ -364,7 +364,7 @@ int ip6_auto_flowlabel = 1; /* [a] */
> int ip6_use_deprecated = 1; /* [a] allow deprecated addr (RFC2462 5.5.4) */
> int ip6_mcast_pmtu = 0; /* [a] enable pMTU discovery for multicast? */
> int ip6_neighborgcthresh = 2048; /* [a] Threshold # of NDP entries for GC */
> -int ip6_maxdynroutes = 4096; /* Max # of routes created via redirect */
> +int ip6_maxdynroutes = 4096; /* [a] Max # of routes created via redirect */
> time_t ip6_log_time = (time_t)0L;
>
> /* raw IP6 parameters */
> Index: sys/netinet6/ip6_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.292
> diff -u -p -r1.292 ip6_input.c
> --- sys/netinet6/ip6_input.c 26 Jul 2025 01:16:59 -0000 1.292
> +++ sys/netinet6/ip6_input.c 26 Jul 2025 01:43:45 -0000
> @@ -1440,7 +1440,8 @@ const u_char inet6ctlerrmap[PRC_NCMDS] =
> extern int ip6_mrtproto;
> #endif
>
> -const struct sysctl_bounded_args ipv6ctl_vars_unlocked[] = {
> +#ifndef SMALL_KERNEL
> +const struct sysctl_bounded_args ipv6ctl_vars[] = {
> { IPV6CTL_FORWARDING, &ip6_forwarding, 0, 2 },
> { IPV6CTL_SENDREDIRECTS, &ip6_sendredirects, 0, 1 },
> { IPV6CTL_DAD_PENDING, &ip6_dad_pending, SYSCTL_INT_READONLY },
> @@ -1459,13 +1460,9 @@ const struct sysctl_bounded_args ipv6ctl
> { IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 },
> { IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 },
> { IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, -1, 5 * 2048 },
> -};
> -
> -const struct sysctl_bounded_args ipv6ctl_vars[] = {
> { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 },
> };
>
> -#ifndef SMALL_KERNEL
> int
> ip6_sysctl_ip6stat(void *oldp, size_t *oldlenp, void *newp)
> {
> @@ -1501,13 +1498,13 @@ int
> ip6_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
> void *newp, size_t newlen)
> {
> - int error;
> -
> /* Almost all sysctl names at this level are terminal. */
> if (namelen != 1 && name[0] != IPV6CTL_IFQUEUE)
> return (ENOTDIR);
>
> switch (name[0]) {
> + case IPV6CTL_SOIIKEY:
> + return (ip6_sysctl_soiikey(oldp, oldlenp, newp, newlen));
> #ifndef SMALL_KERNEL
> case IPV6CTL_STATS:
> return (ip6_sysctl_ip6stat(oldp, oldlenp, newp));
> @@ -1530,7 +1527,7 @@ ip6_sysctl(int *name, u_int namelen, voi
> return (EOPNOTSUPP);
> #endif
> case IPV6CTL_MTUDISCTIMEOUT: {
> - int oldval, newval;
> + int oldval, newval, error;
>
> oldval = newval = atomic_load_int(&ip6_mtudisc_timeout);
> error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
> @@ -1548,7 +1545,7 @@ ip6_sysctl(int *name, u_int namelen, voi
> return (sysctl_niq(name + 1, namelen - 1,
> oldp, oldlenp, newp, newlen, &ip6intrq));
> case IPV6CTL_MULTIPATH: {
> - int oldval, newval;
> + int oldval, newval, error;
>
> oldval = newval = atomic_load_int(&ip6_multipath);
> error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
> @@ -1561,36 +1558,13 @@ ip6_sysctl(int *name, u_int namelen, voi
>
> return (error);
> }
> - case IPV6CTL_FORWARDING:
> - case IPV6CTL_SENDREDIRECTS:
> - case IPV6CTL_DAD_PENDING:
> -#ifdef MROUTING
> - case IPV6CTL_MRTPROTO:
> -#endif
> - case IPV6CTL_DEFHLIM:
> - case IPV6CTL_MAXFRAGPACKETS:
> - case IPV6CTL_LOG_INTERVAL:
> - case IPV6CTL_HDRNESTLIMIT:
> - case IPV6CTL_DAD_COUNT:
> - case IPV6CTL_AUTO_FLOWLABEL:
> - case IPV6CTL_DEFMCASTHLIM:
> - case IPV6CTL_USE_DEPRECATED:
> - case IPV6CTL_MAXFRAGS:
> - case IPV6CTL_MFORWARDING:
> - case IPV6CTL_MCAST_PMTU:
> - case IPV6CTL_NEIGHBORGCTHRESH:
> - return (sysctl_bounded_arr(
> - ipv6ctl_vars_unlocked, nitems(ipv6ctl_vars_unlocked),
> + default:
> + return (sysctl_bounded_arr(ipv6ctl_vars, nitems(ipv6ctl_vars),
> name, namelen, oldp, oldlenp, newp, newlen));
> -#endif /* SMALL_KERNEL */
> - case IPV6CTL_SOIIKEY:
> - return (ip6_sysctl_soiikey(oldp, oldlenp, newp, newlen));
> +#else
> default:
> - NET_LOCK();
> - error = sysctl_bounded_arr(ipv6ctl_vars, nitems(ipv6ctl_vars),
> - name, namelen, oldp, oldlenp, newp, newlen);
> - NET_UNLOCK();
> - return (error);
> + return (EOPNOTSUPP);
> +#endif /* SMALL_KERNEL */
> }
> /* NOTREACHED */
> }
Unlock IPV6CTL_MAXDYNROUTES case of ip6_sysctl()