From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: Unlock IPV6CTL_HDRNESTLIMIT case of ip6_sysctl()
To: Vitaliy Makkoveev <mvs@openbsd.org>
Cc: tech@openbsd.org
Date: Wed, 23 Jul 2025 22:35:39 +0200

On Wed, Jul 23, 2025 at 11:08:48PM +0300, Vitaliy Makkoveev wrote:
> `ip6_hdrnestlimit' loaded only once in ip_deliver(). In the
> `ip6_hdrnestlimit' is null, the "(++nest > ip6_hdrnestlimit)" check will
> be always true, so the check of `ip6_hdrnestlimit' against null could be
> omitted.
> 
> Also unused in ramdisk.

OK bluhm@

> Index: sys/netinet/ip_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_input.c,v
> retrieving revision 1.422
> diff -u -p -r1.422 ip_input.c
> --- sys/netinet/ip_input.c	19 Jul 2025 16:40:40 -0000	1.422
> +++ sys/netinet/ip_input.c	23 Jul 2025 20:03:08 -0000
> @@ -788,7 +788,7 @@ ip_deliver(struct mbuf **mp, int *offp, 
>  
>  #ifdef INET6
>  		if (af == AF_INET6 &&
> -		    ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
> +		    (++nest > atomic_load_int(&ip6_hdrnestlimit))) {
>  			ip6stat_inc(ip6s_toomanyhdr);
>  			goto bad;
>  		}
> Index: sys/netinet6/in6_proto.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/in6_proto.c,v
> retrieving revision 1.138
> diff -u -p -r1.138 in6_proto.c
> --- sys/netinet6/in6_proto.c	23 Jul 2025 18:58:38 -0000	1.138
> +++ sys/netinet6/in6_proto.c	23 Jul 2025 20:03:08 -0000
> @@ -357,7 +357,7 @@ int	ip6_defmcasthlim = IPV6_DEFAULT_MULT
>  int	ip6_maxfragpackets = 200;	/* [a] */
>  int	ip6_maxfrags = 200;
>  int	ip6_log_interval = 5;	/* [a] */
> -int	ip6_hdrnestlimit = 10;	/* appropriate? */
> +int	ip6_hdrnestlimit = 10;	/* [a] appropriate? */
>  int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
>  int	ip6_dad_pending;	/* number of currently running DADs */
>  int	ip6_auto_flowlabel = 1;
> Index: sys/netinet6/ip6_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.282
> diff -u -p -r1.282 ip6_input.c
> --- sys/netinet6/ip6_input.c	23 Jul 2025 18:58:38 -0000	1.282
> +++ sys/netinet6/ip6_input.c	23 Jul 2025 20:03:08 -0000
> @@ -1449,10 +1449,10 @@ const struct sysctl_bounded_args ipv6ctl
>  	{ IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 },
>  	{ IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 },
>  	{ IPV6CTL_LOG_INTERVAL, &ip6_log_interval, 0, INT_MAX },
> +	{ IPV6CTL_HDRNESTLIMIT, &ip6_hdrnestlimit, 0, 100 },
>  };
>  
>  const struct sysctl_bounded_args ipv6ctl_vars[] = {
> -	{ IPV6CTL_HDRNESTLIMIT, &ip6_hdrnestlimit, 0, 100 },
>  	{ IPV6CTL_DAD_COUNT, &ip6_dad_count, 0, 10 },
>  	{ IPV6CTL_AUTO_FLOWLABEL, &ip6_auto_flowlabel, 0, 1 },
>  	{ IPV6CTL_DEFMCASTHLIM, &ip6_defmcasthlim, 0, 255 },
> @@ -1572,6 +1572,7 @@ ip6_sysctl(int *name, u_int namelen, voi
>  	case IPV6CTL_DEFHLIM:
>  	case IPV6CTL_MAXFRAGPACKETS:
>  	case IPV6CTL_LOG_INTERVAL:
> +	case IPV6CTL_HDRNESTLIMIT:
>  		return (sysctl_bounded_arr(
>  		    ipv6ctl_vars_unlocked, nitems(ipv6ctl_vars_unlocked),
>  		    name, namelen, oldp, oldlenp, newp, newlen));