From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: sysctl: unlock IPV6CTL_DAD_PENDING and IPV6CTL_MRTPROTO
To: Vitaliy Makkoveev <mvs@openbsd.org>
Cc: tech@openbsd.org
Date: Mon, 23 Jun 2025 23:13:33 +0200

On Mon, Jun 23, 2025 at 04:15:39PM +0300, Vitaliy Makkoveev wrote:
> Read-only access from sysctl(2) interface.

ip6_dad_pending modifications are protected by exclusive netlock.

In theory one would need atomic_store_int(&ip6_dad_pending,
ip6_dad_pending - 1) instead of ip6_dad_pending-- in nd6_dad_destroy().
But in practice the write of the decrement will be atomic anyway.
Let's keep the simple code.  sysctl read cannot go wrong.

OK bluhm@

> Index: sys/netinet6/ip6_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> diff -u -p -r1.275 ip6_input.c
> --- sys/netinet6/ip6_input.c	23 Jun 2025 09:16:32 -0000	1.275
> +++ sys/netinet6/ip6_input.c	23 Jun 2025 13:12:13 -0000
> @@ -1450,13 +1450,13 @@ extern int ip6_mrtproto;
>  const struct sysctl_bounded_args ipv6ctl_vars_unlocked[] = {
>  	{ IPV6CTL_FORWARDING, &ip6_forwarding, 0, 2 },
>  	{ IPV6CTL_SENDREDIRECTS, &ip6_sendredirects, 0, 1 },
> -};
> -
> -const struct sysctl_bounded_args ipv6ctl_vars[] = {
>  	{ IPV6CTL_DAD_PENDING, &ip6_dad_pending, SYSCTL_INT_READONLY },
>  #ifdef MROUTING
>  	{ IPV6CTL_MRTPROTO, &ip6_mrtproto, SYSCTL_INT_READONLY },
>  #endif
> +};
> +
> +const struct sysctl_bounded_args ipv6ctl_vars[] = {
>  	{ IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 },
>  	{ IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 },
>  	{ IPV6CTL_LOG_INTERVAL, &ip6_log_interval, 0, INT_MAX },
> @@ -1581,6 +1581,10 @@ ip6_sysctl(int *name, u_int namelen, voi
>  	}
>  	case IPV6CTL_FORWARDING:
>  	case IPV6CTL_SENDREDIRECTS:
> +	case IPV6CTL_DAD_PENDING:
> +#ifdef MROUTING
> +	case IPV6CTL_MRTPROTO:
> +#endif
>  		return (sysctl_bounded_arr(
>  		    ipv6ctl_vars_unlocked, nitems(ipv6ctl_vars_unlocked),
>  		    name, namelen, oldp, oldlenp, newp, newlen));