git: fa30199a3dbf - stable/15 - tcp: Fix expiring and purging hostcache entries of vnet jails

From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Sat, 27 Sep 2025 14:02:14 UTC 
The branch stable/15 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa30199a3dbfe1d4994e7e4e63ad9c582c6f8a1a

commit fa30199a3dbfe1d4994e7e4e63ad9c582c6f8a1a
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-24 01:16:13 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-27 14:00:56 +0000

    tcp: Fix expiring and purging hostcache entries of vnet jails
    
    A jailed process, `sysctl -j foo` or `jexec foo sysctl`, do not have
    privilege to write to non-vnet sysctls but only to those marked as jail
    writable, aka sysctls those marked with CTLFLAG_VNET flag.
    
    Without this change we will get EPERM when trying to expire and purge
    hostcache entries of vnet jails via the net.inet.tcp.hostcache.purgenow
    sysctl. Fix that by adding a CTLFLAG_VNET flag.
    
    Reviewed by:    tuexen, #transport, #network
    Fixes:  264563806496 Add a new sysctl net.inet.tcp.hostcache.purgenow=1 to expire ...
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D52692
    
    (cherry picked from commit 33ceb31e256e386da5a42cc7ca2ef8d4b81b6eda)
---
 sys/netinet/tcp_hostcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c
index dbc966acc56b..36a4f813d590 100644
--- a/sys/netinet/tcp_hostcache.c
+++ b/sys/netinet/tcp_hostcache.c
@@ -202,7 +202,7 @@ SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, histo,
     "Print a histogram of hostcache hashbucket utilization");
 
 SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, purgenow,
-    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, 0, sysctl_tcp_hc_purgenow, "I",
     "Immediately purge all entries");