Page MenuHomeFreeBSD

tcp: Fix expiring and purging hostcache entries of vnet jails
ClosedPublic

Authored by zlei on Sep 23 2025, 3:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jul 12, 9:50 AM
Unknown Object (File)
Tue, Jul 7, 11:45 AM
Unknown Object (File)
Sun, Jul 5, 3:14 PM
Unknown Object (File)
Sun, Jul 5, 8:20 AM
Unknown Object (File)
Thu, Jul 2, 6:08 PM
Unknown Object (File)
Thu, Jul 2, 6:08 PM
Unknown Object (File)
Thu, Jul 2, 6:07 PM
Unknown Object (File)
Wed, Jul 1, 11:30 PM

Details

Summary

A jailed process, sysctl -j foo or jexec foo sysctl, do not have
privilege to write to non-vnet sysctls but only to those marked as jail
writable, aka sysctls those marked with CTLFLAG_VNET flag.

Without this change we will get EPERM when trying to expire and purge
hostcache entries of vnet jails via the net.inet.tcp.hostcache.purgenow
sysctl. Fix that by adding a CTLFLAG_VNET flag.

Fixes: 264563806496 Add a new sysctl net.inet.tcp.hostcache.purgenow=1 to expire ...
MFC after: 3 days

Test Plan

Expire entries in hostcache of a jail immediately.

# jail -c name=foo vnet persist
#sysctl -j foo net.inet.tcp.hostcache.purgenow=1
net.inet.tcp.hostcache.purgenow: 0 -> 0

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable