On Sun, Aug 03, 2025 at 07:45:31AM +0300, Vitaliy Makkoveev wrote:
> Negative value allows unlimited count of redirect routes.
> 
> By default previously modified `ip6_neighborgcthresh' and
> `ip6_maxdynroutes' are positive and I doubt someone sets them to '-1' at
> current. No reason to wait API change fallout.

OK bluhm@

> Index: sys/netinet6/icmp6.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/icmp6.c,v
> retrieving revision 1.273
> diff -u -p -r1.273 icmp6.c
> --- sys/netinet6/icmp6.c	2 Aug 2025 12:53:04 -0000	1.273
> +++ sys/netinet6/icmp6.c	3 Aug 2025 04:34:23 -0000
> @@ -1292,7 +1292,6 @@ icmp6_redirect_input(struct mbuf *m, int
>  		struct sockaddr_in6 ssrc;
>  		unsigned long rtcount;
>  		struct rtentry *newrt = NULL;
> -		int ip6_maxdynroutes_local = atomic_load_int(&ip6_maxdynroutes);
>  
>  		/*
>  		 * do not install redirect route, if the number of entries
> @@ -1301,8 +1300,7 @@ icmp6_redirect_input(struct mbuf *m, int
>  		 * (there will be additional hops, though).
>  		 */
>  		rtcount = rt_timer_queue_count(&icmp6_redirect_timeout_q);
> -		if (ip6_maxdynroutes_local >= 0 &&
> -		    rtcount >= ip6_maxdynroutes_local)
> +		if (rtcount >= atomic_load_int(&ip6_maxdynroutes))
>  			goto freeit;
>  
>  		bzero(&sdst, sizeof(sdst));
> Index: sys/netinet6/ip6_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.295
> diff -u -p -r1.295 ip6_input.c
> --- sys/netinet6/ip6_input.c	3 Aug 2025 04:11:57 -0000	1.295
> +++ sys/netinet6/ip6_input.c	3 Aug 2025 04:34:23 -0000
> @@ -1460,7 +1460,7 @@ const struct sysctl_bounded_args ipv6ctl
>  	{ IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 },
>  	{ IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 },
>  	{ IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, 0, 5 * 2048 },
> -	{ IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 },
> +	{ IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, 0, 5 * 4096 },
>  };
>  
>  int