From: Alexander Bluhm Subject: Re: sysctl: move IPCTL_SOURCEROUTE out of netlock To: Vitaliy Makkoveev Cc: tech@openbsd.org Date: Mon, 19 May 2025 10:47:36 +0900 On Fri, May 09, 2025 at 03:19:51PM +0300, Vitaliy Makkoveev wrote: > Atomically accessed integer. sysctl_securelevel_int() is mp-safe. Both reads of ip_dosourceroute might happen while the same packet is processed. I could not find or imagine any bad behavior. OK bluhm@ > Index: sys/netinet/ip_input.c > =================================================================== > RCS file: /cvs/src/sys/netinet/ip_input.c,v > retrieving revision 1.406 > diff -u -p -r1.406 ip_input.c > --- sys/netinet/ip_input.c 9 May 2025 14:43:47 -0000 1.406 > +++ sys/netinet/ip_input.c 9 May 2025 20:16:49 -0000 > @@ -95,7 +95,7 @@ int ip_forwarding = 0; /* [a] */ > int ipmforwarding = 0; > int ipmultipath = 0; > int ip_sendredirects = 1; /* [a] */ > -int ip_dosourceroute = 0; > +int ip_dosourceroute = 0; /* [a] */ > int ip_defttl = IPDEFTTL; > int ip_mtudisc = 1; > int ip_mtudisc_timeout = IPMTUDISCTIMEOUT; > @@ -1241,7 +1241,7 @@ ip_dooptions(struct mbuf *m, struct ifne > */ > case IPOPT_LSRR: > case IPOPT_SSRR: > - if (!ip_dosourceroute) { > + if (atomic_load_int(&ip_dosourceroute) == 0) { > type = ICMP_UNREACH; > code = ICMP_UNREACH_SRCFAIL; > goto bad; > @@ -1463,7 +1463,7 @@ ip_srcroute(struct mbuf *m0) > struct ip_srcrt *isr; > struct m_tag *mtag; > > - if (!ip_dosourceroute) > + if (atomic_load_int(&ip_dosourceroute) == 0) > return (NULL); > > mtag = m_tag_find(m0, PACKET_TAG_SRCROUTE, NULL); > @@ -1736,11 +1736,8 @@ ip_sysctl(int *name, u_int namelen, void > > switch (name[0]) { > case IPCTL_SOURCEROUTE: > - NET_LOCK(); > - error = sysctl_securelevel_int(oldp, oldlenp, newp, newlen, > - &ip_dosourceroute); > - NET_UNLOCK(); > - return (error); > + return (sysctl_securelevel_int(oldp, oldlenp, newp, newlen, > + &ip_dosourceroute)); > case IPCTL_MTUDISC: > NET_LOCK(); > error = sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtudisc);