Download raw body.
sysctl: deny negative values for `ip6_maxdynroutes'
Negative value allows unlimited count of redirect routes.
By default previously modified `ip6_neighborgcthresh' and
`ip6_maxdynroutes' are positive and I doubt someone sets them to '-1' at
current. No reason to wait API change fallout.
Index: sys/netinet6/icmp6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.273
diff -u -p -r1.273 icmp6.c
--- sys/netinet6/icmp6.c 2 Aug 2025 12:53:04 -0000 1.273
+++ sys/netinet6/icmp6.c 3 Aug 2025 04:34:23 -0000
@@ -1292,7 +1292,6 @@ icmp6_redirect_input(struct mbuf *m, int
struct sockaddr_in6 ssrc;
unsigned long rtcount;
struct rtentry *newrt = NULL;
- int ip6_maxdynroutes_local = atomic_load_int(&ip6_maxdynroutes);
/*
* do not install redirect route, if the number of entries
@@ -1301,8 +1300,7 @@ icmp6_redirect_input(struct mbuf *m, int
* (there will be additional hops, though).
*/
rtcount = rt_timer_queue_count(&icmp6_redirect_timeout_q);
- if (ip6_maxdynroutes_local >= 0 &&
- rtcount >= ip6_maxdynroutes_local)
+ if (rtcount >= atomic_load_int(&ip6_maxdynroutes))
goto freeit;
bzero(&sdst, sizeof(sdst));
Index: sys/netinet6/ip6_input.c
===================================================================
RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.295
diff -u -p -r1.295 ip6_input.c
--- sys/netinet6/ip6_input.c 3 Aug 2025 04:11:57 -0000 1.295
+++ sys/netinet6/ip6_input.c 3 Aug 2025 04:34:23 -0000
@@ -1460,7 +1460,7 @@ const struct sysctl_bounded_args ipv6ctl
{ IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 },
{ IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 },
{ IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, 0, 5 * 2048 },
- { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 },
+ { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, 0, 5 * 4096 },
};
int
sysctl: deny negative values for `ip6_maxdynroutes'