From: Alexander Bluhm Subject: Re: Unlock IPV6CTL_NEIGHBORGCTHRESH case of ip6_sysctl() To: Vitaliy Makkoveev Cc: tech@openbsd.org Date: Sat, 26 Jul 2025 02:57:20 +0200 On Sat, Jul 26, 2025 at 02:08:19AM +0300, Vitaliy Makkoveev wrote: > Both sysctl(2) and IPv6 stack accept negative value for > `ip6_neighborgcthresh' to disable garbage collector of NDP entries. No > limits is bad design, however I don't want to mix unlocking with > behavior change. > > Not used in ramdisk. OK bluhm@ > Index: sys/netinet6/in6_proto.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/in6_proto.c,v > retrieving revision 1.146 > diff -u -p -r1.146 in6_proto.c > --- sys/netinet6/in6_proto.c 25 Jul 2025 22:24:06 -0000 1.146 > +++ sys/netinet6/in6_proto.c 25 Jul 2025 23:02:15 -0000 > @@ -363,7 +363,7 @@ int ip6_dad_pending; /* number of curren > int ip6_auto_flowlabel = 1; /* [a] */ > int ip6_use_deprecated = 1; /* [a] allow deprecated addr (RFC2462 5.5.4) */ > int ip6_mcast_pmtu = 0; /* [a] enable pMTU discovery for multicast? */ > -int ip6_neighborgcthresh = 2048; /* Threshold # of NDP entries for GC */ > +int ip6_neighborgcthresh = 2048; /* [a] Threshold # of NDP entries for GC */ > int ip6_maxdynroutes = 4096; /* Max # of routes created via redirect */ > time_t ip6_log_time = (time_t)0L; > > Index: sys/netinet6/ip6_input.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/ip6_input.c,v > retrieving revision 1.291 > diff -u -p -r1.291 ip6_input.c > --- sys/netinet6/ip6_input.c 25 Jul 2025 22:24:06 -0000 1.291 > +++ sys/netinet6/ip6_input.c 25 Jul 2025 23:02:15 -0000 > @@ -1458,10 +1458,10 @@ const struct sysctl_bounded_args ipv6ctl > { IPV6CTL_MAXFRAGS, &ip6_maxfrags, 0, 1000 }, > { IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 }, > { IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 }, > + { IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, -1, 5 * 2048 }, > }; > > const struct sysctl_bounded_args ipv6ctl_vars[] = { > - { IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, -1, 5 * 2048 }, > { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 }, > }; > > @@ -1578,6 +1578,7 @@ ip6_sysctl(int *name, u_int namelen, voi > case IPV6CTL_MAXFRAGS: > case IPV6CTL_MFORWARDING: > case IPV6CTL_MCAST_PMTU: > + case IPV6CTL_NEIGHBORGCTHRESH: > return (sysctl_bounded_arr( > ipv6ctl_vars_unlocked, nitems(ipv6ctl_vars_unlocked), > name, namelen, oldp, oldlenp, newp, newlen)); > Index: sys/netinet6/nd6.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/nd6.c,v > retrieving revision 1.292 > diff -u -p -r1.292 nd6.c > --- sys/netinet6/nd6.c 8 Jul 2025 00:47:41 -0000 1.292 > +++ sys/netinet6/nd6.c 25 Jul 2025 23:02:15 -0000 > @@ -729,6 +729,7 @@ nd6_rtrequest(struct ifnet *ifp, int req > struct llinfo_nd6 *ln; > struct ifaddr *ifa; > struct in6_ifaddr *ifa6; > + int ip6_neighborgcthresh_local; > > if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS)) > return; > @@ -829,8 +830,11 @@ nd6_rtrequest(struct ifnet *ifp, int req > * cause re-entering rtable related routines triggering > * lock-order-reversal problems. > */ > - if (ip6_neighborgcthresh >= 0 && > - nd6_inuse >= ip6_neighborgcthresh) { > + ip6_neighborgcthresh_local = > + atomic_load_int(&ip6_neighborgcthresh); > + > + if (ip6_neighborgcthresh_local >= 0 && > + nd6_inuse >= ip6_neighborgcthresh_local) { > int i; > > for (i = 0; i < 10; i++) { >