From: Alexander Bluhm Subject: Re: sysctl: deny negative values for `ip6_maxdynroutes' To: Vitaliy Makkoveev Cc: tech@openbsd.org Date: Sun, 3 Aug 2025 12:07:09 +0200 On Sun, Aug 03, 2025 at 07:45:31AM +0300, Vitaliy Makkoveev wrote: > Negative value allows unlimited count of redirect routes. > > By default previously modified `ip6_neighborgcthresh' and > `ip6_maxdynroutes' are positive and I doubt someone sets them to '-1' at > current. No reason to wait API change fallout. OK bluhm@ > Index: sys/netinet6/icmp6.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/icmp6.c,v > retrieving revision 1.273 > diff -u -p -r1.273 icmp6.c > --- sys/netinet6/icmp6.c 2 Aug 2025 12:53:04 -0000 1.273 > +++ sys/netinet6/icmp6.c 3 Aug 2025 04:34:23 -0000 > @@ -1292,7 +1292,6 @@ icmp6_redirect_input(struct mbuf *m, int > struct sockaddr_in6 ssrc; > unsigned long rtcount; > struct rtentry *newrt = NULL; > - int ip6_maxdynroutes_local = atomic_load_int(&ip6_maxdynroutes); > > /* > * do not install redirect route, if the number of entries > @@ -1301,8 +1300,7 @@ icmp6_redirect_input(struct mbuf *m, int > * (there will be additional hops, though). > */ > rtcount = rt_timer_queue_count(&icmp6_redirect_timeout_q); > - if (ip6_maxdynroutes_local >= 0 && > - rtcount >= ip6_maxdynroutes_local) > + if (rtcount >= atomic_load_int(&ip6_maxdynroutes)) > goto freeit; > > bzero(&sdst, sizeof(sdst)); > Index: sys/netinet6/ip6_input.c > =================================================================== > RCS file: /cvs/src/sys/netinet6/ip6_input.c,v > retrieving revision 1.295 > diff -u -p -r1.295 ip6_input.c > --- sys/netinet6/ip6_input.c 3 Aug 2025 04:11:57 -0000 1.295 > +++ sys/netinet6/ip6_input.c 3 Aug 2025 04:34:23 -0000 > @@ -1460,7 +1460,7 @@ const struct sysctl_bounded_args ipv6ctl > { IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 }, > { IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 }, > { IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, 0, 5 * 2048 }, > - { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 }, > + { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, 0, 5 * 4096 }, > }; > > int