From 225bc4feaa1a76f009b645ed9b52cc66f64c77ec Mon Sep 17 00:00:00 2001 From: mvs Date: Wed, 21 Aug 2024 12:53:36 +0000 Subject: [PATCH] Revert previous. It was committed mistakenly. --- sys/netinet/in_proto.c | 4 ++-- sys/netinet/ip_ipip.c | 24 +++++++++++------------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index 9aefbd326a0..cd64f177724 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_proto.c,v 1.111 2024/08/21 07:36:12 mvs Exp $ */ +/* $OpenBSD: in_proto.c,v 1.112 2024/08/21 12:53:36 mvs Exp $ */ /* $NetBSD: in_proto.c,v 1.14 1996/02/18 18:58:32 christos Exp $ */ /* @@ -230,7 +230,7 @@ const struct protosw inetsw[] = { .pr_type = SOCK_RAW, .pr_domain = &inetdomain, .pr_protocol = IPPROTO_IPV4, - .pr_flags = PR_ATOMIC|PR_ADDR|PR_MPSOCKET|PR_MPSYSCTL, + .pr_flags = PR_ATOMIC|PR_ADDR|PR_MPSOCKET, #if NGIF > 0 .pr_input = in_gif_input, #else diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 760eb8c9de9..67434ca1fb1 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.103 2024/08/21 07:36:12 mvs Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.104 2024/08/21 12:53:36 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -72,11 +72,6 @@ #include #endif -/* - * Locks used to protect data: - * a atomic - */ - #ifdef ENCDEBUG #define DPRINTF(fmt, args...) \ do { \ @@ -92,7 +87,7 @@ * We can control the acceptance of IP4 packets by altering the sysctl * net.inet.ipip.allow value. Zero means drop them, all else is acceptance. */ -int ipip_allow = 0; /* [a] */ +int ipip_allow = 0; struct cpumem *ipipcounters; @@ -111,8 +106,7 @@ ipip_input(struct mbuf **mp, int *offp, int nxt, int af) struct ifnet *ifp; /* If we do not accept IP-in-IP explicitly, drop. */ - if (atomic_load_int(&ipip_allow) == 0 && - ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { + if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { DPRINTF("dropped due to policy"); ipipstat_inc(ipips_pdrops); m_freemp(mp); @@ -277,8 +271,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, } /* Check for local address spoofing. */ - if (!(ifp->if_flags & IFF_LOOPBACK) && - atomic_load_int(&ipip_allow) != 2) { + if (!(ifp->if_flags & IFF_LOOPBACK) && ipip_allow != 2) { struct sockaddr_storage ss; struct rtentry *rt; @@ -591,14 +584,19 @@ int ipip_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, size_t newlen) { + int error; + /* All sysctl names at this level are terminal. */ if (namelen != 1) return (ENOTDIR); switch (name[0]) { case IPIPCTL_ALLOW: - return (sysctl_int_bounded(oldp, oldlenp, newp, newlen, - &ipip_allow, 0, 2)); + NET_LOCK(); + error = sysctl_int_bounded(oldp, oldlenp, newp, newlen, + &ipip_allow, 0, 2); + NET_UNLOCK(); + return (error); case IPIPCTL_STATS: return (ipip_sysctl_ipipstat(oldp, oldlenp, newp)); default: -- 2.20.1