git: 79d114544fab - stable/14 - tcp: Fix expiring and purging hostcache entries of vnet jails

The branch stable/14 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=79d114544fabd5a80198e925e4dc34f47a9f9e3a

commit 79d114544fabd5a80198e925e4dc34f47a9f9e3a
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-24 01:16:13 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-27 15:11:41 +0000

    tcp: Fix expiring and purging hostcache entries of vnet jails
    
    A jailed process, `sysctl -j foo` or `jexec foo sysctl`, do not have
    privilege to write to non-vnet sysctls but only to those marked as jail
    writable, aka sysctls those marked with CTLFLAG_VNET flag.
    
    Without this change we will get EPERM when trying to expire and purge
    hostcache entries of vnet jails via the net.inet.tcp.hostcache.purgenow
    sysctl. Fix that by adding a CTLFLAG_VNET flag.
    
    Reviewed by:    tuexen, #transport, #network
    Fixes:  264563806496 Add a new sysctl net.inet.tcp.hostcache.purgenow=1 to expire ...
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D52692
    
    (cherry picked from commit 33ceb31e256e386da5a42cc7ca2ef8d4b81b6eda)
    (cherry picked from commit fa30199a3dbfe1d4994e7e4e63ad9c582c6f8a1a)
---
 sys/netinet/tcp_hostcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c
index ed90a9ba7196..489ea270704e 100644
--- a/sys/netinet/tcp_hostcache.c
+++ b/sys/netinet/tcp_hostcache.c
@@ -203,7 +203,7 @@ SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, histo,
     "Print a histogram of hostcache hashbucket utilization");
 
 SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, purgenow,
-    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, 0, sysctl_tcp_hc_purgenow, "I",
     "Immediately purge all entries");