1/* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8#include <linux/mm.h> 9#include <linux/module.h> 10#include <linux/sysctl.h> 11#include <linux/igmp.h> 12#include <linux/inetdevice.h> 13#include <linux/seqlock.h> 14#include <linux/init.h> 15#include <linux/slab.h> 16#include <linux/nsproxy.h> 17#include <linux/swap.h> 18#include <net/snmp.h> 19#include <net/icmp.h> 20#include <net/ip.h> 21#include <net/route.h> 22#include <net/tcp.h> 23#include <net/udp.h> 24#include <net/cipso_ipv4.h> 25#include <net/inet_frag.h> 26#include <net/ping.h> 27#include <net/tcp_memcontrol.h> 28 29static int zero; 30static int one = 1; 31static int four = 4; 32static int gso_max_segs = GSO_MAX_SEGS; 33static int tcp_retr1_max = 255; 34static int ip_local_port_range_min[] = { 1, 1 }; 35static int ip_local_port_range_max[] = { 65535, 65535 }; 36static int tcp_adv_win_scale_min = -31; 37static int tcp_adv_win_scale_max = 31; 38static int ip_ttl_min = 1; 39static int ip_ttl_max = 255; 40static int tcp_syn_retries_min = 1; 41static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 42static int ip_ping_group_range_min[] = { 0, 0 }; 43static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 44 45/* Update system visible IP port range */ 46static void set_local_port_range(struct net *net, int range[2]) 47{ 48 write_seqlock_bh(&net->ipv4.ip_local_ports.lock); 49 net->ipv4.ip_local_ports.range[0] = range[0]; 50 net->ipv4.ip_local_ports.range[1] = range[1]; 51 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); 52} 53 54/* Validate changes from /proc interface. */ 55static int ipv4_local_port_range(struct ctl_table *table, int write, 56 void __user *buffer, 57 size_t *lenp, loff_t *ppos) 58{ 59 struct net *net = 60 container_of(table->data, struct net, ipv4.ip_local_ports.range); 61 int ret; 62 int range[2]; 63 struct ctl_table tmp = { 64 .data = &range, 65 .maxlen = sizeof(range), 66 .mode = table->mode, 67 .extra1 = &ip_local_port_range_min, 68 .extra2 = &ip_local_port_range_max, 69 }; 70 71 inet_get_local_port_range(net, &range[0], &range[1]); 72 73 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 74 75 if (write && ret == 0) { 76 if (range[1] < range[0]) 77 ret = -EINVAL; 78 else 79 set_local_port_range(net, range); 80 } 81 82 return ret; 83} 84 85 86static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 87{ 88 kgid_t *data = table->data; 89 struct net *net = 90 container_of(table->data, struct net, ipv4.ping_group_range.range); 91 unsigned int seq; 92 do { 93 seq = read_seqbegin(&net->ipv4.ip_local_ports.lock); 94 95 *low = data[0]; 96 *high = data[1]; 97 } while (read_seqretry(&net->ipv4.ip_local_ports.lock, seq)); 98} 99 100/* Update system visible IP port range */ 101static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 102{ 103 kgid_t *data = table->data; 104 struct net *net = 105 container_of(table->data, struct net, ipv4.ping_group_range.range); 106 write_seqlock(&net->ipv4.ip_local_ports.lock); 107 data[0] = low; 108 data[1] = high; 109 write_sequnlock(&net->ipv4.ip_local_ports.lock); 110} 111 112/* Validate changes from /proc interface. */ 113static int ipv4_ping_group_range(struct ctl_table *table, int write, 114 void __user *buffer, 115 size_t *lenp, loff_t *ppos) 116{ 117 struct user_namespace *user_ns = current_user_ns(); 118 int ret; 119 gid_t urange[2]; 120 kgid_t low, high; 121 struct ctl_table tmp = { 122 .data = &urange, 123 .maxlen = sizeof(urange), 124 .mode = table->mode, 125 .extra1 = &ip_ping_group_range_min, 126 .extra2 = &ip_ping_group_range_max, 127 }; 128 129 inet_get_ping_group_range_table(table, &low, &high); 130 urange[0] = from_kgid_munged(user_ns, low); 131 urange[1] = from_kgid_munged(user_ns, high); 132 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 133 134 if (write && ret == 0) { 135 low = make_kgid(user_ns, urange[0]); 136 high = make_kgid(user_ns, urange[1]); 137 if (!gid_valid(low) || !gid_valid(high) || 138 (urange[1] < urange[0]) || gid_lt(high, low)) { 139 low = make_kgid(&init_user_ns, 1); 140 high = make_kgid(&init_user_ns, 0); 141 } 142 set_ping_group_range(table, low, high); 143 } 144 145 return ret; 146} 147 148static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 149 void __user *buffer, size_t *lenp, loff_t *ppos) 150{ 151 char val[TCP_CA_NAME_MAX]; 152 struct ctl_table tbl = { 153 .data = val, 154 .maxlen = TCP_CA_NAME_MAX, 155 }; 156 int ret; 157 158 tcp_get_default_congestion_control(val); 159 160 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 161 if (write && ret == 0) 162 ret = tcp_set_default_congestion_control(val); 163 return ret; 164} 165 166static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 167 int write, 168 void __user *buffer, size_t *lenp, 169 loff_t *ppos) 170{ 171 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 172 int ret; 173 174 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 175 if (!tbl.data) 176 return -ENOMEM; 177 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 178 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 179 kfree(tbl.data); 180 return ret; 181} 182 183static int proc_allowed_congestion_control(struct ctl_table *ctl, 184 int write, 185 void __user *buffer, size_t *lenp, 186 loff_t *ppos) 187{ 188 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 189 int ret; 190 191 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 192 if (!tbl.data) 193 return -ENOMEM; 194 195 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 196 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 197 if (write && ret == 0) 198 ret = tcp_set_allowed_congestion_control(tbl.data); 199 kfree(tbl.data); 200 return ret; 201} 202 203static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, 204 void __user *buffer, size_t *lenp, 205 loff_t *ppos) 206{ 207 struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; 208 struct tcp_fastopen_context *ctxt; 209 int ret; 210 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ 211 212 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 213 if (!tbl.data) 214 return -ENOMEM; 215 216 rcu_read_lock(); 217 ctxt = rcu_dereference(tcp_fastopen_ctx); 218 if (ctxt) 219 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); 220 else 221 memset(user_key, 0, sizeof(user_key)); 222 rcu_read_unlock(); 223 224 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", 225 user_key[0], user_key[1], user_key[2], user_key[3]); 226 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 227 228 if (write && ret == 0) { 229 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1, 230 user_key + 2, user_key + 3) != 4) { 231 ret = -EINVAL; 232 goto bad_key; 233 } 234 /* Generate a dummy secret but don't publish it. This 235 * is needed so we don't regenerate a new key on the 236 * first invocation of tcp_fastopen_cookie_gen 237 */ 238 tcp_fastopen_init_key_once(false); 239 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH); 240 } 241 242bad_key: 243 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 244 user_key[0], user_key[1], user_key[2], user_key[3], 245 (char *)tbl.data, ret); 246 kfree(tbl.data); 247 return ret; 248} 249 250static struct ctl_table ipv4_table[] = { 251 { 252 .procname = "tcp_timestamps", 253 .data = &sysctl_tcp_timestamps, 254 .maxlen = sizeof(int), 255 .mode = 0644, 256 .proc_handler = proc_dointvec 257 }, 258 { 259 .procname = "tcp_window_scaling", 260 .data = &sysctl_tcp_window_scaling, 261 .maxlen = sizeof(int), 262 .mode = 0644, 263 .proc_handler = proc_dointvec 264 }, 265 { 266 .procname = "tcp_sack", 267 .data = &sysctl_tcp_sack, 268 .maxlen = sizeof(int), 269 .mode = 0644, 270 .proc_handler = proc_dointvec 271 }, 272 { 273 .procname = "tcp_retrans_collapse", 274 .data = &sysctl_tcp_retrans_collapse, 275 .maxlen = sizeof(int), 276 .mode = 0644, 277 .proc_handler = proc_dointvec 278 }, 279 { 280 .procname = "ip_default_ttl", 281 .data = &sysctl_ip_default_ttl, 282 .maxlen = sizeof(int), 283 .mode = 0644, 284 .proc_handler = proc_dointvec_minmax, 285 .extra1 = &ip_ttl_min, 286 .extra2 = &ip_ttl_max, 287 }, 288 { 289 .procname = "tcp_syn_retries", 290 .data = &sysctl_tcp_syn_retries, 291 .maxlen = sizeof(int), 292 .mode = 0644, 293 .proc_handler = proc_dointvec_minmax, 294 .extra1 = &tcp_syn_retries_min, 295 .extra2 = &tcp_syn_retries_max 296 }, 297 { 298 .procname = "tcp_synack_retries", 299 .data = &sysctl_tcp_synack_retries, 300 .maxlen = sizeof(int), 301 .mode = 0644, 302 .proc_handler = proc_dointvec 303 }, 304 { 305 .procname = "tcp_max_orphans", 306 .data = &sysctl_tcp_max_orphans, 307 .maxlen = sizeof(int), 308 .mode = 0644, 309 .proc_handler = proc_dointvec 310 }, 311 { 312 .procname = "tcp_max_tw_buckets", 313 .data = &tcp_death_row.sysctl_max_tw_buckets, 314 .maxlen = sizeof(int), 315 .mode = 0644, 316 .proc_handler = proc_dointvec 317 }, 318 { 319 .procname = "ip_early_demux", 320 .data = &sysctl_ip_early_demux, 321 .maxlen = sizeof(int), 322 .mode = 0644, 323 .proc_handler = proc_dointvec 324 }, 325 { 326 .procname = "ip_dynaddr", 327 .data = &sysctl_ip_dynaddr, 328 .maxlen = sizeof(int), 329 .mode = 0644, 330 .proc_handler = proc_dointvec 331 }, 332 { 333 .procname = "tcp_keepalive_time", 334 .data = &sysctl_tcp_keepalive_time, 335 .maxlen = sizeof(int), 336 .mode = 0644, 337 .proc_handler = proc_dointvec_jiffies, 338 }, 339 { 340 .procname = "tcp_keepalive_probes", 341 .data = &sysctl_tcp_keepalive_probes, 342 .maxlen = sizeof(int), 343 .mode = 0644, 344 .proc_handler = proc_dointvec 345 }, 346 { 347 .procname = "tcp_keepalive_intvl", 348 .data = &sysctl_tcp_keepalive_intvl, 349 .maxlen = sizeof(int), 350 .mode = 0644, 351 .proc_handler = proc_dointvec_jiffies, 352 }, 353 { 354 .procname = "tcp_retries1", 355 .data = &sysctl_tcp_retries1, 356 .maxlen = sizeof(int), 357 .mode = 0644, 358 .proc_handler = proc_dointvec_minmax, 359 .extra2 = &tcp_retr1_max 360 }, 361 { 362 .procname = "tcp_retries2", 363 .data = &sysctl_tcp_retries2, 364 .maxlen = sizeof(int), 365 .mode = 0644, 366 .proc_handler = proc_dointvec 367 }, 368 { 369 .procname = "tcp_fin_timeout", 370 .data = &sysctl_tcp_fin_timeout, 371 .maxlen = sizeof(int), 372 .mode = 0644, 373 .proc_handler = proc_dointvec_jiffies, 374 }, 375#ifdef CONFIG_SYN_COOKIES 376 { 377 .procname = "tcp_syncookies", 378 .data = &sysctl_tcp_syncookies, 379 .maxlen = sizeof(int), 380 .mode = 0644, 381 .proc_handler = proc_dointvec 382 }, 383#endif 384 { 385 .procname = "tcp_fastopen", 386 .data = &sysctl_tcp_fastopen, 387 .maxlen = sizeof(int), 388 .mode = 0644, 389 .proc_handler = proc_dointvec, 390 }, 391 { 392 .procname = "tcp_fastopen_key", 393 .mode = 0600, 394 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), 395 .proc_handler = proc_tcp_fastopen_key, 396 }, 397 { 398 .procname = "tcp_tw_recycle", 399 .data = &tcp_death_row.sysctl_tw_recycle, 400 .maxlen = sizeof(int), 401 .mode = 0644, 402 .proc_handler = proc_dointvec 403 }, 404 { 405 .procname = "tcp_abort_on_overflow", 406 .data = &sysctl_tcp_abort_on_overflow, 407 .maxlen = sizeof(int), 408 .mode = 0644, 409 .proc_handler = proc_dointvec 410 }, 411 { 412 .procname = "tcp_stdurg", 413 .data = &sysctl_tcp_stdurg, 414 .maxlen = sizeof(int), 415 .mode = 0644, 416 .proc_handler = proc_dointvec 417 }, 418 { 419 .procname = "tcp_rfc1337", 420 .data = &sysctl_tcp_rfc1337, 421 .maxlen = sizeof(int), 422 .mode = 0644, 423 .proc_handler = proc_dointvec 424 }, 425 { 426 .procname = "tcp_max_syn_backlog", 427 .data = &sysctl_max_syn_backlog, 428 .maxlen = sizeof(int), 429 .mode = 0644, 430 .proc_handler = proc_dointvec 431 }, 432 { 433 .procname = "igmp_max_memberships", 434 .data = &sysctl_igmp_max_memberships, 435 .maxlen = sizeof(int), 436 .mode = 0644, 437 .proc_handler = proc_dointvec 438 }, 439 { 440 .procname = "igmp_max_msf", 441 .data = &sysctl_igmp_max_msf, 442 .maxlen = sizeof(int), 443 .mode = 0644, 444 .proc_handler = proc_dointvec 445 }, 446#ifdef CONFIG_IP_MULTICAST 447 { 448 .procname = "igmp_qrv", 449 .data = &sysctl_igmp_qrv, 450 .maxlen = sizeof(int), 451 .mode = 0644, 452 .proc_handler = proc_dointvec_minmax, 453 .extra1 = &one 454 }, 455#endif 456 { 457 .procname = "inet_peer_threshold", 458 .data = &inet_peer_threshold, 459 .maxlen = sizeof(int), 460 .mode = 0644, 461 .proc_handler = proc_dointvec 462 }, 463 { 464 .procname = "inet_peer_minttl", 465 .data = &inet_peer_minttl, 466 .maxlen = sizeof(int), 467 .mode = 0644, 468 .proc_handler = proc_dointvec_jiffies, 469 }, 470 { 471 .procname = "inet_peer_maxttl", 472 .data = &inet_peer_maxttl, 473 .maxlen = sizeof(int), 474 .mode = 0644, 475 .proc_handler = proc_dointvec_jiffies, 476 }, 477 { 478 .procname = "tcp_orphan_retries", 479 .data = &sysctl_tcp_orphan_retries, 480 .maxlen = sizeof(int), 481 .mode = 0644, 482 .proc_handler = proc_dointvec 483 }, 484 { 485 .procname = "tcp_fack", 486 .data = &sysctl_tcp_fack, 487 .maxlen = sizeof(int), 488 .mode = 0644, 489 .proc_handler = proc_dointvec 490 }, 491 { 492 .procname = "tcp_reordering", 493 .data = &sysctl_tcp_reordering, 494 .maxlen = sizeof(int), 495 .mode = 0644, 496 .proc_handler = proc_dointvec 497 }, 498 { 499 .procname = "tcp_max_reordering", 500 .data = &sysctl_tcp_max_reordering, 501 .maxlen = sizeof(int), 502 .mode = 0644, 503 .proc_handler = proc_dointvec 504 }, 505 { 506 .procname = "tcp_dsack", 507 .data = &sysctl_tcp_dsack, 508 .maxlen = sizeof(int), 509 .mode = 0644, 510 .proc_handler = proc_dointvec 511 }, 512 { 513 .procname = "tcp_mem", 514 .maxlen = sizeof(sysctl_tcp_mem), 515 .data = &sysctl_tcp_mem, 516 .mode = 0644, 517 .proc_handler = proc_doulongvec_minmax, 518 }, 519 { 520 .procname = "tcp_wmem", 521 .data = &sysctl_tcp_wmem, 522 .maxlen = sizeof(sysctl_tcp_wmem), 523 .mode = 0644, 524 .proc_handler = proc_dointvec_minmax, 525 .extra1 = &one, 526 }, 527 { 528 .procname = "tcp_notsent_lowat", 529 .data = &sysctl_tcp_notsent_lowat, 530 .maxlen = sizeof(sysctl_tcp_notsent_lowat), 531 .mode = 0644, 532 .proc_handler = proc_dointvec, 533 }, 534 { 535 .procname = "tcp_rmem", 536 .data = &sysctl_tcp_rmem, 537 .maxlen = sizeof(sysctl_tcp_rmem), 538 .mode = 0644, 539 .proc_handler = proc_dointvec_minmax, 540 .extra1 = &one, 541 }, 542 { 543 .procname = "tcp_app_win", 544 .data = &sysctl_tcp_app_win, 545 .maxlen = sizeof(int), 546 .mode = 0644, 547 .proc_handler = proc_dointvec 548 }, 549 { 550 .procname = "tcp_adv_win_scale", 551 .data = &sysctl_tcp_adv_win_scale, 552 .maxlen = sizeof(int), 553 .mode = 0644, 554 .proc_handler = proc_dointvec_minmax, 555 .extra1 = &tcp_adv_win_scale_min, 556 .extra2 = &tcp_adv_win_scale_max, 557 }, 558 { 559 .procname = "tcp_tw_reuse", 560 .data = &sysctl_tcp_tw_reuse, 561 .maxlen = sizeof(int), 562 .mode = 0644, 563 .proc_handler = proc_dointvec 564 }, 565 { 566 .procname = "tcp_frto", 567 .data = &sysctl_tcp_frto, 568 .maxlen = sizeof(int), 569 .mode = 0644, 570 .proc_handler = proc_dointvec 571 }, 572 { 573 .procname = "tcp_low_latency", 574 .data = &sysctl_tcp_low_latency, 575 .maxlen = sizeof(int), 576 .mode = 0644, 577 .proc_handler = proc_dointvec 578 }, 579 { 580 .procname = "tcp_no_metrics_save", 581 .data = &sysctl_tcp_nometrics_save, 582 .maxlen = sizeof(int), 583 .mode = 0644, 584 .proc_handler = proc_dointvec, 585 }, 586 { 587 .procname = "tcp_moderate_rcvbuf", 588 .data = &sysctl_tcp_moderate_rcvbuf, 589 .maxlen = sizeof(int), 590 .mode = 0644, 591 .proc_handler = proc_dointvec, 592 }, 593 { 594 .procname = "tcp_tso_win_divisor", 595 .data = &sysctl_tcp_tso_win_divisor, 596 .maxlen = sizeof(int), 597 .mode = 0644, 598 .proc_handler = proc_dointvec, 599 }, 600 { 601 .procname = "tcp_congestion_control", 602 .mode = 0644, 603 .maxlen = TCP_CA_NAME_MAX, 604 .proc_handler = proc_tcp_congestion_control, 605 }, 606 { 607 .procname = "tcp_workaround_signed_windows", 608 .data = &sysctl_tcp_workaround_signed_windows, 609 .maxlen = sizeof(int), 610 .mode = 0644, 611 .proc_handler = proc_dointvec 612 }, 613 { 614 .procname = "tcp_limit_output_bytes", 615 .data = &sysctl_tcp_limit_output_bytes, 616 .maxlen = sizeof(int), 617 .mode = 0644, 618 .proc_handler = proc_dointvec 619 }, 620 { 621 .procname = "tcp_challenge_ack_limit", 622 .data = &sysctl_tcp_challenge_ack_limit, 623 .maxlen = sizeof(int), 624 .mode = 0644, 625 .proc_handler = proc_dointvec 626 }, 627 { 628 .procname = "tcp_slow_start_after_idle", 629 .data = &sysctl_tcp_slow_start_after_idle, 630 .maxlen = sizeof(int), 631 .mode = 0644, 632 .proc_handler = proc_dointvec 633 }, 634#ifdef CONFIG_NETLABEL 635 { 636 .procname = "cipso_cache_enable", 637 .data = &cipso_v4_cache_enabled, 638 .maxlen = sizeof(int), 639 .mode = 0644, 640 .proc_handler = proc_dointvec, 641 }, 642 { 643 .procname = "cipso_cache_bucket_size", 644 .data = &cipso_v4_cache_bucketsize, 645 .maxlen = sizeof(int), 646 .mode = 0644, 647 .proc_handler = proc_dointvec, 648 }, 649 { 650 .procname = "cipso_rbm_optfmt", 651 .data = &cipso_v4_rbm_optfmt, 652 .maxlen = sizeof(int), 653 .mode = 0644, 654 .proc_handler = proc_dointvec, 655 }, 656 { 657 .procname = "cipso_rbm_strictvalid", 658 .data = &cipso_v4_rbm_strictvalid, 659 .maxlen = sizeof(int), 660 .mode = 0644, 661 .proc_handler = proc_dointvec, 662 }, 663#endif /* CONFIG_NETLABEL */ 664 { 665 .procname = "tcp_available_congestion_control", 666 .maxlen = TCP_CA_BUF_MAX, 667 .mode = 0444, 668 .proc_handler = proc_tcp_available_congestion_control, 669 }, 670 { 671 .procname = "tcp_allowed_congestion_control", 672 .maxlen = TCP_CA_BUF_MAX, 673 .mode = 0644, 674 .proc_handler = proc_allowed_congestion_control, 675 }, 676 { 677 .procname = "tcp_thin_linear_timeouts", 678 .data = &sysctl_tcp_thin_linear_timeouts, 679 .maxlen = sizeof(int), 680 .mode = 0644, 681 .proc_handler = proc_dointvec 682 }, 683 { 684 .procname = "tcp_thin_dupack", 685 .data = &sysctl_tcp_thin_dupack, 686 .maxlen = sizeof(int), 687 .mode = 0644, 688 .proc_handler = proc_dointvec 689 }, 690 { 691 .procname = "tcp_early_retrans", 692 .data = &sysctl_tcp_early_retrans, 693 .maxlen = sizeof(int), 694 .mode = 0644, 695 .proc_handler = proc_dointvec_minmax, 696 .extra1 = &zero, 697 .extra2 = &four, 698 }, 699 { 700 .procname = "tcp_min_tso_segs", 701 .data = &sysctl_tcp_min_tso_segs, 702 .maxlen = sizeof(int), 703 .mode = 0644, 704 .proc_handler = proc_dointvec_minmax, 705 .extra1 = &zero, 706 .extra2 = &gso_max_segs, 707 }, 708 { 709 .procname = "tcp_autocorking", 710 .data = &sysctl_tcp_autocorking, 711 .maxlen = sizeof(int), 712 .mode = 0644, 713 .proc_handler = proc_dointvec_minmax, 714 .extra1 = &zero, 715 .extra2 = &one, 716 }, 717 { 718 .procname = "tcp_invalid_ratelimit", 719 .data = &sysctl_tcp_invalid_ratelimit, 720 .maxlen = sizeof(int), 721 .mode = 0644, 722 .proc_handler = proc_dointvec_ms_jiffies, 723 }, 724 { 725 .procname = "icmp_msgs_per_sec", 726 .data = &sysctl_icmp_msgs_per_sec, 727 .maxlen = sizeof(int), 728 .mode = 0644, 729 .proc_handler = proc_dointvec_minmax, 730 .extra1 = &zero, 731 }, 732 { 733 .procname = "icmp_msgs_burst", 734 .data = &sysctl_icmp_msgs_burst, 735 .maxlen = sizeof(int), 736 .mode = 0644, 737 .proc_handler = proc_dointvec_minmax, 738 .extra1 = &zero, 739 }, 740 { 741 .procname = "udp_mem", 742 .data = &sysctl_udp_mem, 743 .maxlen = sizeof(sysctl_udp_mem), 744 .mode = 0644, 745 .proc_handler = proc_doulongvec_minmax, 746 }, 747 { 748 .procname = "udp_rmem_min", 749 .data = &sysctl_udp_rmem_min, 750 .maxlen = sizeof(sysctl_udp_rmem_min), 751 .mode = 0644, 752 .proc_handler = proc_dointvec_minmax, 753 .extra1 = &one 754 }, 755 { 756 .procname = "udp_wmem_min", 757 .data = &sysctl_udp_wmem_min, 758 .maxlen = sizeof(sysctl_udp_wmem_min), 759 .mode = 0644, 760 .proc_handler = proc_dointvec_minmax, 761 .extra1 = &one 762 }, 763 { } 764}; 765 766static struct ctl_table ipv4_net_table[] = { 767 { 768 .procname = "icmp_echo_ignore_all", 769 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 770 .maxlen = sizeof(int), 771 .mode = 0644, 772 .proc_handler = proc_dointvec 773 }, 774 { 775 .procname = "icmp_echo_ignore_broadcasts", 776 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 777 .maxlen = sizeof(int), 778 .mode = 0644, 779 .proc_handler = proc_dointvec 780 }, 781 { 782 .procname = "icmp_ignore_bogus_error_responses", 783 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 784 .maxlen = sizeof(int), 785 .mode = 0644, 786 .proc_handler = proc_dointvec 787 }, 788 { 789 .procname = "icmp_errors_use_inbound_ifaddr", 790 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 791 .maxlen = sizeof(int), 792 .mode = 0644, 793 .proc_handler = proc_dointvec 794 }, 795 { 796 .procname = "icmp_ratelimit", 797 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 798 .maxlen = sizeof(int), 799 .mode = 0644, 800 .proc_handler = proc_dointvec_ms_jiffies, 801 }, 802 { 803 .procname = "icmp_ratemask", 804 .data = &init_net.ipv4.sysctl_icmp_ratemask, 805 .maxlen = sizeof(int), 806 .mode = 0644, 807 .proc_handler = proc_dointvec 808 }, 809 { 810 .procname = "ping_group_range", 811 .data = &init_net.ipv4.ping_group_range.range, 812 .maxlen = sizeof(gid_t)*2, 813 .mode = 0644, 814 .proc_handler = ipv4_ping_group_range, 815 }, 816 { 817 .procname = "tcp_ecn", 818 .data = &init_net.ipv4.sysctl_tcp_ecn, 819 .maxlen = sizeof(int), 820 .mode = 0644, 821 .proc_handler = proc_dointvec 822 }, 823 { 824 .procname = "ip_local_port_range", 825 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), 826 .data = &init_net.ipv4.ip_local_ports.range, 827 .mode = 0644, 828 .proc_handler = ipv4_local_port_range, 829 }, 830 { 831 .procname = "ip_local_reserved_ports", 832 .data = &init_net.ipv4.sysctl_local_reserved_ports, 833 .maxlen = 65536, 834 .mode = 0644, 835 .proc_handler = proc_do_large_bitmap, 836 }, 837 { 838 .procname = "ip_no_pmtu_disc", 839 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, 840 .maxlen = sizeof(int), 841 .mode = 0644, 842 .proc_handler = proc_dointvec 843 }, 844 { 845 .procname = "ip_forward_use_pmtu", 846 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, 847 .maxlen = sizeof(int), 848 .mode = 0644, 849 .proc_handler = proc_dointvec, 850 }, 851 { 852 .procname = "ip_nonlocal_bind", 853 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, 854 .maxlen = sizeof(int), 855 .mode = 0644, 856 .proc_handler = proc_dointvec 857 }, 858 { 859 .procname = "fwmark_reflect", 860 .data = &init_net.ipv4.sysctl_fwmark_reflect, 861 .maxlen = sizeof(int), 862 .mode = 0644, 863 .proc_handler = proc_dointvec, 864 }, 865 { 866 .procname = "tcp_fwmark_accept", 867 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, 868 .maxlen = sizeof(int), 869 .mode = 0644, 870 .proc_handler = proc_dointvec, 871 }, 872 { 873 .procname = "tcp_mtu_probing", 874 .data = &init_net.ipv4.sysctl_tcp_mtu_probing, 875 .maxlen = sizeof(int), 876 .mode = 0644, 877 .proc_handler = proc_dointvec, 878 }, 879 { 880 .procname = "tcp_base_mss", 881 .data = &init_net.ipv4.sysctl_tcp_base_mss, 882 .maxlen = sizeof(int), 883 .mode = 0644, 884 .proc_handler = proc_dointvec, 885 }, 886 { 887 .procname = "tcp_probe_threshold", 888 .data = &init_net.ipv4.sysctl_tcp_probe_threshold, 889 .maxlen = sizeof(int), 890 .mode = 0644, 891 .proc_handler = proc_dointvec, 892 }, 893 { 894 .procname = "tcp_probe_interval", 895 .data = &init_net.ipv4.sysctl_tcp_probe_interval, 896 .maxlen = sizeof(int), 897 .mode = 0644, 898 .proc_handler = proc_dointvec, 899 }, 900 { } 901}; 902 903static __net_init int ipv4_sysctl_init_net(struct net *net) 904{ 905 struct ctl_table *table; 906 907 table = ipv4_net_table; 908 if (!net_eq(net, &init_net)) { 909 int i; 910 911 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 912 if (!table) 913 goto err_alloc; 914 915 /* Update the variables to point into the current struct net */ 916 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) 917 table[i].data += (void *)net - (void *)&init_net; 918 } 919 920 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 921 if (!net->ipv4.ipv4_hdr) 922 goto err_reg; 923 924 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); 925 if (!net->ipv4.sysctl_local_reserved_ports) 926 goto err_ports; 927 928 return 0; 929 930err_ports: 931 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 932err_reg: 933 if (!net_eq(net, &init_net)) 934 kfree(table); 935err_alloc: 936 return -ENOMEM; 937} 938 939static __net_exit void ipv4_sysctl_exit_net(struct net *net) 940{ 941 struct ctl_table *table; 942 943 kfree(net->ipv4.sysctl_local_reserved_ports); 944 table = net->ipv4.ipv4_hdr->ctl_table_arg; 945 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 946 kfree(table); 947} 948 949static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 950 .init = ipv4_sysctl_init_net, 951 .exit = ipv4_sysctl_exit_net, 952}; 953 954static __init int sysctl_ipv4_init(void) 955{ 956 struct ctl_table_header *hdr; 957 958 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 959 if (!hdr) 960 return -ENOMEM; 961 962 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 963 unregister_net_sysctl_table(hdr); 964 return -ENOMEM; 965 } 966 967 return 0; 968} 969 970__initcall(sysctl_ipv4_init); 971