From: Alexander Bluhm Subject: Re: sysctl: unlock IPV6CTL_DEFHLIM case of ip6_sysctl() To: Vitaliy Makkoveev Cc: tech@openbsd.org Date: Fri, 18 Jul 2025 00:50:31 +0200 On Thu, Jul 17, 2025 at 10:58:57PM +0300, Vitaliy Makkoveev wrote: > As the corresponding IPv4 `ip_defttl', `ip6_defhlim' used at > initialization time. > > traceroute(8) is the only user of IPV6CTL_DEFHLIM, but it doesn't > included in the ramdisk. OK bluhm@ > Index: sys/netinet/ip_ipip.c > =================================================================== > RCS file: /cvs/src/sys/netinet/ip_ipip.c,v > retrieving revision 1.110 > diff -u -p -r1.110 ip_ipip.c > --- sys/netinet/ip_ipip.c 8 Jul 2025 00:47:41 -0000 1.110 > +++ sys/netinet/ip_ipip.c 17 Jul 2025 19:23:35 -0000 > @@ -483,7 +483,7 @@ ipip_output(struct mbuf **mp, struct tdb > ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; > ip6o->ip6_vfc |= IPV6_VERSION; > ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); > - ip6o->ip6_hlim = ip6_defhlim; > + ip6o->ip6_hlim = atomic_load_int(&ip6_defhlim); > in6_embedscope(&ip6o->ip6_src, &tdb->tdb_src.sin6, NULL, NULL); > in6_embedscope(&ip6o->ip6_dst, &tdb->tdb_dst.sin6, NULL, NULL); > > Index: sys/netinet/tcp_subr.c > =================================================================== > RCS file: /cvs/src/sys/netinet/tcp_subr.c,v > retrieving revision 1.215 > diff -u -p -r1.215 tcp_subr.c > --- sys/netinet/tcp_subr.c 8 Jul 2025 00:47:41 -0000 1.215 > +++ sys/netinet/tcp_subr.c 17 Jul 2025 19:23:35 -0000 > @@ -461,7 +461,7 @@ tcp_newtcpcb(struct inpcb *inp, int wait > #ifdef INET6 > if (ISSET(inp->inp_flags, INP_IPV6)) { > tp->pf = PF_INET6; > - inp->inp_ipv6.ip6_hlim = ip6_defhlim; > + inp->inp_ipv6.ip6_hlim = atomic_load_int(&ip6_defhlim); > } else > #endif > { > Index: sys/netinet/udp_usrreq.c > =================================================================== > RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v > retrieving revision 1.348 > diff -u -p -r1.348 udp_usrreq.c > --- sys/netinet/udp_usrreq.c 14 Jul 2025 09:06:17 -0000 1.348 > +++ sys/netinet/udp_usrreq.c 17 Jul 2025 19:23:35 -0000 > @@ -1134,7 +1134,8 @@ udp_attach(struct socket *so, int proto, > return error; > #ifdef INET6 > if (ISSET(sotoinpcb(so)->inp_flags, INP_IPV6)) > - sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; > + sotoinpcb(so)->inp_ipv6.ip6_hlim = > + atomic_load_int(&ip6_defhlim); > else > #endif > sotoinpcb(so)->inp_ip.ip_ttl = atomic_load_int(&ip_defttl); > Index: sys/netinet6/icmp6.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/icmp6.c,v > retrieving revision 1.269 > diff -u -p -r1.269 icmp6.c > --- sys/netinet6/icmp6.c 17 Jul 2025 03:00:45 -0000 1.269 > +++ sys/netinet6/icmp6.c 17 Jul 2025 19:23:35 -0000 > @@ -1158,7 +1158,7 @@ icmp6_reflect(struct mbuf **mp, size_t o > ip6->ip6_vfc &= ~IPV6_VERSION_MASK; > ip6->ip6_vfc |= IPV6_VERSION; > ip6->ip6_nxt = IPPROTO_ICMPV6; > - ip6->ip6_hlim = ip6_defhlim; > + ip6->ip6_hlim = atomic_load_int(&ip6_defhlim); > > icmp6->icmp6_cksum = 0; > m->m_pkthdr.csum_flags = M_ICMP_CSUM_OUT; > Index: sys/netinet6/in6_proto.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/in6_proto.c,v > retrieving revision 1.135 > diff -u -p -r1.135 in6_proto.c > --- sys/netinet6/in6_proto.c 8 Jul 2025 00:47:41 -0000 1.135 > +++ sys/netinet6/in6_proto.c 17 Jul 2025 19:23:35 -0000 > @@ -352,7 +352,7 @@ int ip6_forwarding = 0; /* [a] no forwar > int ip6_mforwarding = 0; /* no multicast forwarding unless ... */ > int ip6_multipath = 0; /* [a] no using multipath routes unless ... */ > int ip6_sendredirects = 1; /* [a] */ > -int ip6_defhlim = IPV6_DEFHLIM; > +int ip6_defhlim = IPV6_DEFHLIM; /* [a] */ > int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; > int ip6_maxfragpackets = 200; > int ip6_maxfrags = 200; > Index: sys/netinet6/in6_src.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/in6_src.c,v > retrieving revision 1.103 > diff -u -p -r1.103 in6_src.c > --- sys/netinet6/in6_src.c 8 Jul 2025 00:47:41 -0000 1.103 > +++ sys/netinet6/in6_src.c 17 Jul 2025 19:23:35 -0000 > @@ -377,7 +377,7 @@ in6_selecthlim(const struct inpcb *inp) > if (inp && inp->inp_hops >= 0) > return (inp->inp_hops); > > - return (ip6_defhlim); > + return (atomic_load_int(&ip6_defhlim)); > } > > /* > Index: sys/netinet6/ip6_input.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/ip6_input.c,v > retrieving revision 1.279 > diff -u -p -r1.279 ip6_input.c > --- sys/netinet6/ip6_input.c 8 Jul 2025 00:47:41 -0000 1.279 > +++ sys/netinet6/ip6_input.c 17 Jul 2025 19:23:35 -0000 > @@ -1446,10 +1446,10 @@ const struct sysctl_bounded_args ipv6ctl > #ifdef MROUTING > { IPV6CTL_MRTPROTO, &ip6_mrtproto, SYSCTL_INT_READONLY }, > #endif > + { IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 }, > }; > > const struct sysctl_bounded_args ipv6ctl_vars[] = { > - { IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 }, > { IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 }, > { IPV6CTL_LOG_INTERVAL, &ip6_log_interval, 0, INT_MAX }, > { IPV6CTL_HDRNESTLIMIT, &ip6_hdrnestlimit, 0, 100 }, > @@ -1569,6 +1569,7 @@ ip6_sysctl(int *name, u_int namelen, voi > #ifdef MROUTING > case IPV6CTL_MRTPROTO: > #endif > + case IPV6CTL_DEFHLIM: > return (sysctl_bounded_arr( > ipv6ctl_vars_unlocked, nitems(ipv6ctl_vars_unlocked), > name, namelen, oldp, oldlenp, newp, newlen)); >