diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2024-07-14 18:53:40 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2024-07-14 18:53:40 +0000 |
| commit | e43f1ba566da2560296a93354b23e33c6b310edd (patch) | |
| tree | da39059475e84b22f2e0089734ebdb5693e11521 /sys/netinet6/icmp6.c | |
| parent | 5fe003520dd96ae19a9f0e36b6d1bd44b663b7e5 (diff) | |
Unlock IPv6 sysctl net.inet6.ip6.forwarding from net lock.
Use atomic operations to read ip6_forwarding while processing packets
in the network stack.
To make clear where actually the router property is needed, use the
i_am_router variable based on ip6_forwarding. It already existed
in nd6_nbr. Move i_am_router setting up the call stack until all
users are independent.
The forwarding decisions in pf_test, pf_refragment6, ip6_input do
also not interfere.
Use a new array ipv6ctl_vars_unlocked to make transition of all the
integer sysctls easier. Adapt IPv4 to the new style.
OK mvs@
Diffstat (limited to 'sys/netinet6/icmp6.c')
| -rw-r--r-- | sys/netinet6/icmp6.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 2a8950d0a66..04ad1b3e023 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.253 2024/06/20 19:25:42 bluhm Exp $ */ +/* $OpenBSD: icmp6.c,v 1.254 2024/07/14 18:53:39 bluhm Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -1228,6 +1228,7 @@ icmp6_redirect_input(struct mbuf *m, int off) char *lladdr = NULL; int lladdrlen = 0; struct rtentry *rt = NULL; + int i_am_router = (atomic_load_int(&ip6_forwarding) != 0); int is_router; int is_onlink; struct in6_addr src6 = ip6->ip6_src; @@ -1241,7 +1242,7 @@ icmp6_redirect_input(struct mbuf *m, int off) return; /* if we are router, we don't update route by icmp6 redirect */ - if (ip6_forwarding != 0) + if (i_am_router) goto freeit; if (!(ifp->if_xflags & IFXF_AUTOCONF6)) goto freeit; @@ -1366,7 +1367,7 @@ icmp6_redirect_input(struct mbuf *m, int off) /* RFC 2461 8.3 */ nd6_cache_lladdr(ifp, &redtgt6, lladdr, lladdrlen, ND_REDIRECT, - is_onlink ? ND_REDIRECT_ONLINK : ND_REDIRECT_ROUTER); + is_onlink ? ND_REDIRECT_ONLINK : ND_REDIRECT_ROUTER, i_am_router); if (!is_onlink) { /* better router case. perform rtredirect. */ /* perform rtredirect */ @@ -1438,11 +1439,12 @@ icmp6_redirect_output(struct mbuf *m0, struct rtentry *rt) size_t maxlen; u_char *p; struct sockaddr_in6 src_sa; + int i_am_router = (atomic_load_int(&ip6_forwarding) != 0); icmp6_errcount(ND_REDIRECT, 0); /* if we are not router, we don't send icmp6 redirect */ - if (ip6_forwarding == 0) + if (!i_am_router) goto fail; /* sanity check */ |