1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 7 */ 8 9 #include <linux/sysctl.h> 10 #include <linux/seqlock.h> 11 #include <linux/init.h> 12 #include <linux/slab.h> 13 #include <net/icmp.h> 14 #include <net/ip.h> 15 #include <net/ip_fib.h> 16 #include <net/tcp.h> 17 #include <net/udp.h> 18 #include <net/cipso_ipv4.h> 19 #include <net/ping.h> 20 #include <net/protocol.h> 21 #include <net/netevent.h> 22 23 static int tcp_retr1_max = 255; 24 static int ip_local_port_range_min[] = { 1, 1 }; 25 static int ip_local_port_range_max[] = { 65535, 65535 }; 26 static int tcp_adv_win_scale_min = -31; 27 static int tcp_adv_win_scale_max = 31; 28 static int tcp_app_win_max = 31; 29 static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS; 30 static int tcp_min_snd_mss_max = 65535; 31 static int ip_privileged_port_min; 32 static int ip_privileged_port_max = 65535; 33 static int ip_ttl_min = 1; 34 static int ip_ttl_max = 255; 35 static int tcp_syn_retries_min = 1; 36 static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 37 static int tcp_syn_linear_timeouts_max = MAX_TCP_SYNCNT; 38 static unsigned long ip_ping_group_range_min[] = { 0, 0 }; 39 static unsigned long ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 40 static u32 u32_max_div_HZ = UINT_MAX / HZ; 41 static int one_day_secs = 24 * 3600; 42 static u32 fib_multipath_hash_fields_all_mask __maybe_unused = 43 FIB_MULTIPATH_HASH_FIELD_ALL_MASK; 44 static unsigned int tcp_child_ehash_entries_max = 16 * 1024 * 1024; 45 static unsigned int udp_child_hash_entries_max = UDP_HTABLE_SIZE_MAX; 46 static int tcp_plb_max_rounds = 31; 47 static int tcp_plb_max_cong_thresh = 256; 48 49 /* obsolete */ 50 static int sysctl_tcp_low_latency __read_mostly; 51 52 /* Update system visible IP port range */ 53 static void set_local_port_range(struct net *net, int range[2]) 54 { 55 bool same_parity = !((range[0] ^ range[1]) & 1); 56 57 write_seqlock_bh(&net->ipv4.ip_local_ports.lock); 58 if (same_parity && !net->ipv4.ip_local_ports.warned) { 59 net->ipv4.ip_local_ports.warned = true; 60 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n"); 61 } 62 net->ipv4.ip_local_ports.range[0] = range[0]; 63 net->ipv4.ip_local_ports.range[1] = range[1]; 64 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); 65 } 66 67 /* Validate changes from /proc interface. */ 68 static int ipv4_local_port_range(struct ctl_table *table, int write, 69 void *buffer, size_t *lenp, loff_t *ppos) 70 { 71 struct net *net = 72 container_of(table->data, struct net, ipv4.ip_local_ports.range); 73 int ret; 74 int range[2]; 75 struct ctl_table tmp = { 76 .data = &range, 77 .maxlen = sizeof(range), 78 .mode = table->mode, 79 .extra1 = &ip_local_port_range_min, 80 .extra2 = &ip_local_port_range_max, 81 }; 82 83 inet_get_local_port_range(net, &range[0], &range[1]); 84 85 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 86 87 if (write && ret == 0) { 88 /* Ensure that the upper limit is not smaller than the lower, 89 * and that the lower does not encroach upon the privileged 90 * port limit. 91 */ 92 if ((range[1] < range[0]) || 93 (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock))) 94 ret = -EINVAL; 95 else 96 set_local_port_range(net, range); 97 } 98 99 return ret; 100 } 101 102 /* Validate changes from /proc interface. */ 103 static int ipv4_privileged_ports(struct ctl_table *table, int write, 104 void *buffer, size_t *lenp, loff_t *ppos) 105 { 106 struct net *net = container_of(table->data, struct net, 107 ipv4.sysctl_ip_prot_sock); 108 int ret; 109 int pports; 110 int range[2]; 111 struct ctl_table tmp = { 112 .data = &pports, 113 .maxlen = sizeof(pports), 114 .mode = table->mode, 115 .extra1 = &ip_privileged_port_min, 116 .extra2 = &ip_privileged_port_max, 117 }; 118 119 pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock); 120 121 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 122 123 if (write && ret == 0) { 124 inet_get_local_port_range(net, &range[0], &range[1]); 125 /* Ensure that the local port range doesn't overlap with the 126 * privileged port range. 127 */ 128 if (range[0] < pports) 129 ret = -EINVAL; 130 else 131 WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports); 132 } 133 134 return ret; 135 } 136 137 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 138 { 139 kgid_t *data = table->data; 140 struct net *net = 141 container_of(table->data, struct net, ipv4.ping_group_range.range); 142 unsigned int seq; 143 do { 144 seq = read_seqbegin(&net->ipv4.ping_group_range.lock); 145 146 *low = data[0]; 147 *high = data[1]; 148 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq)); 149 } 150 151 /* Update system visible IP port range */ 152 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 153 { 154 kgid_t *data = table->data; 155 struct net *net = 156 container_of(table->data, struct net, ipv4.ping_group_range.range); 157 write_seqlock(&net->ipv4.ping_group_range.lock); 158 data[0] = low; 159 data[1] = high; 160 write_sequnlock(&net->ipv4.ping_group_range.lock); 161 } 162 163 /* Validate changes from /proc interface. */ 164 static int ipv4_ping_group_range(struct ctl_table *table, int write, 165 void *buffer, size_t *lenp, loff_t *ppos) 166 { 167 struct user_namespace *user_ns = current_user_ns(); 168 int ret; 169 unsigned long urange[2]; 170 kgid_t low, high; 171 struct ctl_table tmp = { 172 .data = &urange, 173 .maxlen = sizeof(urange), 174 .mode = table->mode, 175 .extra1 = &ip_ping_group_range_min, 176 .extra2 = &ip_ping_group_range_max, 177 }; 178 179 inet_get_ping_group_range_table(table, &low, &high); 180 urange[0] = from_kgid_munged(user_ns, low); 181 urange[1] = from_kgid_munged(user_ns, high); 182 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 183 184 if (write && ret == 0) { 185 low = make_kgid(user_ns, urange[0]); 186 high = make_kgid(user_ns, urange[1]); 187 if (!gid_valid(low) || !gid_valid(high)) 188 return -EINVAL; 189 if (urange[1] < urange[0] || gid_lt(high, low)) { 190 low = make_kgid(&init_user_ns, 1); 191 high = make_kgid(&init_user_ns, 0); 192 } 193 set_ping_group_range(table, low, high); 194 } 195 196 return ret; 197 } 198 199 static int ipv4_fwd_update_priority(struct ctl_table *table, int write, 200 void *buffer, size_t *lenp, loff_t *ppos) 201 { 202 struct net *net; 203 int ret; 204 205 net = container_of(table->data, struct net, 206 ipv4.sysctl_ip_fwd_update_priority); 207 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 208 if (write && ret == 0) 209 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE, 210 net); 211 212 return ret; 213 } 214 215 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 216 void *buffer, size_t *lenp, loff_t *ppos) 217 { 218 struct net *net = container_of(ctl->data, struct net, 219 ipv4.tcp_congestion_control); 220 char val[TCP_CA_NAME_MAX]; 221 struct ctl_table tbl = { 222 .data = val, 223 .maxlen = TCP_CA_NAME_MAX, 224 }; 225 int ret; 226 227 tcp_get_default_congestion_control(net, val); 228 229 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 230 if (write && ret == 0) 231 ret = tcp_set_default_congestion_control(net, val); 232 return ret; 233 } 234 235 static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 236 int write, void *buffer, 237 size_t *lenp, loff_t *ppos) 238 { 239 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 240 int ret; 241 242 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 243 if (!tbl.data) 244 return -ENOMEM; 245 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 246 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 247 kfree(tbl.data); 248 return ret; 249 } 250 251 static int proc_allowed_congestion_control(struct ctl_table *ctl, 252 int write, void *buffer, 253 size_t *lenp, loff_t *ppos) 254 { 255 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 256 int ret; 257 258 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 259 if (!tbl.data) 260 return -ENOMEM; 261 262 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 263 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 264 if (write && ret == 0) 265 ret = tcp_set_allowed_congestion_control(tbl.data); 266 kfree(tbl.data); 267 return ret; 268 } 269 270 static int sscanf_key(char *buf, __le32 *key) 271 { 272 u32 user_key[4]; 273 int i, ret = 0; 274 275 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1, 276 user_key + 2, user_key + 3) != 4) { 277 ret = -EINVAL; 278 } else { 279 for (i = 0; i < ARRAY_SIZE(user_key); i++) 280 key[i] = cpu_to_le32(user_key[i]); 281 } 282 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 283 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret); 284 285 return ret; 286 } 287 288 static int proc_tcp_fastopen_key(struct ctl_table *table, int write, 289 void *buffer, size_t *lenp, loff_t *ppos) 290 { 291 struct net *net = container_of(table->data, struct net, 292 ipv4.sysctl_tcp_fastopen); 293 /* maxlen to print the list of keys in hex (*2), with dashes 294 * separating doublewords and a comma in between keys. 295 */ 296 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 297 2 * TCP_FASTOPEN_KEY_MAX) + 298 (TCP_FASTOPEN_KEY_MAX * 5)) }; 299 u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)]; 300 __le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)]; 301 char *backup_data; 302 int ret, i = 0, off = 0, n_keys; 303 304 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 305 if (!tbl.data) 306 return -ENOMEM; 307 308 n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key); 309 if (!n_keys) { 310 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH); 311 n_keys = 1; 312 } 313 314 for (i = 0; i < n_keys * 4; i++) 315 user_key[i] = le32_to_cpu(key[i]); 316 317 for (i = 0; i < n_keys; i++) { 318 off += snprintf(tbl.data + off, tbl.maxlen - off, 319 "%08x-%08x-%08x-%08x", 320 user_key[i * 4], 321 user_key[i * 4 + 1], 322 user_key[i * 4 + 2], 323 user_key[i * 4 + 3]); 324 325 if (WARN_ON_ONCE(off >= tbl.maxlen - 1)) 326 break; 327 328 if (i + 1 < n_keys) 329 off += snprintf(tbl.data + off, tbl.maxlen - off, ","); 330 } 331 332 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 333 334 if (write && ret == 0) { 335 backup_data = strchr(tbl.data, ','); 336 if (backup_data) { 337 *backup_data = '\0'; 338 backup_data++; 339 } 340 if (sscanf_key(tbl.data, key)) { 341 ret = -EINVAL; 342 goto bad_key; 343 } 344 if (backup_data) { 345 if (sscanf_key(backup_data, key + 4)) { 346 ret = -EINVAL; 347 goto bad_key; 348 } 349 } 350 tcp_fastopen_reset_cipher(net, NULL, key, 351 backup_data ? key + 4 : NULL); 352 } 353 354 bad_key: 355 kfree(tbl.data); 356 return ret; 357 } 358 359 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table, 360 int write, void *buffer, 361 size_t *lenp, loff_t *ppos) 362 { 363 struct net *net = container_of(table->data, struct net, 364 ipv4.sysctl_tcp_fastopen_blackhole_timeout); 365 int ret; 366 367 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 368 if (write && ret == 0) 369 atomic_set(&net->ipv4.tfo_active_disable_times, 0); 370 371 return ret; 372 } 373 374 static int proc_tcp_available_ulp(struct ctl_table *ctl, 375 int write, void *buffer, size_t *lenp, 376 loff_t *ppos) 377 { 378 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; 379 int ret; 380 381 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 382 if (!tbl.data) 383 return -ENOMEM; 384 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX); 385 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 386 kfree(tbl.data); 387 388 return ret; 389 } 390 391 static int proc_tcp_ehash_entries(struct ctl_table *table, int write, 392 void *buffer, size_t *lenp, loff_t *ppos) 393 { 394 struct net *net = container_of(table->data, struct net, 395 ipv4.sysctl_tcp_child_ehash_entries); 396 struct inet_hashinfo *hinfo = net->ipv4.tcp_death_row.hashinfo; 397 int tcp_ehash_entries; 398 struct ctl_table tbl; 399 400 tcp_ehash_entries = hinfo->ehash_mask + 1; 401 402 /* A negative number indicates that the child netns 403 * shares the global ehash. 404 */ 405 if (!net_eq(net, &init_net) && !hinfo->pernet) 406 tcp_ehash_entries *= -1; 407 408 memset(&tbl, 0, sizeof(tbl)); 409 tbl.data = &tcp_ehash_entries; 410 tbl.maxlen = sizeof(int); 411 412 return proc_dointvec(&tbl, write, buffer, lenp, ppos); 413 } 414 415 static int proc_udp_hash_entries(struct ctl_table *table, int write, 416 void *buffer, size_t *lenp, loff_t *ppos) 417 { 418 struct net *net = container_of(table->data, struct net, 419 ipv4.sysctl_udp_child_hash_entries); 420 int udp_hash_entries; 421 struct ctl_table tbl; 422 423 udp_hash_entries = net->ipv4.udp_table->mask + 1; 424 425 /* A negative number indicates that the child netns 426 * shares the global udp_table. 427 */ 428 if (!net_eq(net, &init_net) && net->ipv4.udp_table == &udp_table) 429 udp_hash_entries *= -1; 430 431 memset(&tbl, 0, sizeof(tbl)); 432 tbl.data = &udp_hash_entries; 433 tbl.maxlen = sizeof(int); 434 435 return proc_dointvec(&tbl, write, buffer, lenp, ppos); 436 } 437 438 #ifdef CONFIG_IP_ROUTE_MULTIPATH 439 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write, 440 void *buffer, size_t *lenp, 441 loff_t *ppos) 442 { 443 struct net *net = container_of(table->data, struct net, 444 ipv4.sysctl_fib_multipath_hash_policy); 445 int ret; 446 447 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 448 if (write && ret == 0) 449 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 450 451 return ret; 452 } 453 454 static int proc_fib_multipath_hash_fields(struct ctl_table *table, int write, 455 void *buffer, size_t *lenp, 456 loff_t *ppos) 457 { 458 struct net *net; 459 int ret; 460 461 net = container_of(table->data, struct net, 462 ipv4.sysctl_fib_multipath_hash_fields); 463 ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos); 464 if (write && ret == 0) 465 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 466 467 return ret; 468 } 469 #endif 470 471 static struct ctl_table ipv4_table[] = { 472 { 473 .procname = "tcp_max_orphans", 474 .data = &sysctl_tcp_max_orphans, 475 .maxlen = sizeof(int), 476 .mode = 0644, 477 .proc_handler = proc_dointvec 478 }, 479 { 480 .procname = "inet_peer_threshold", 481 .data = &inet_peer_threshold, 482 .maxlen = sizeof(int), 483 .mode = 0644, 484 .proc_handler = proc_dointvec 485 }, 486 { 487 .procname = "inet_peer_minttl", 488 .data = &inet_peer_minttl, 489 .maxlen = sizeof(int), 490 .mode = 0644, 491 .proc_handler = proc_dointvec_jiffies, 492 }, 493 { 494 .procname = "inet_peer_maxttl", 495 .data = &inet_peer_maxttl, 496 .maxlen = sizeof(int), 497 .mode = 0644, 498 .proc_handler = proc_dointvec_jiffies, 499 }, 500 { 501 .procname = "tcp_mem", 502 .maxlen = sizeof(sysctl_tcp_mem), 503 .data = &sysctl_tcp_mem, 504 .mode = 0644, 505 .proc_handler = proc_doulongvec_minmax, 506 }, 507 { 508 .procname = "tcp_low_latency", 509 .data = &sysctl_tcp_low_latency, 510 .maxlen = sizeof(int), 511 .mode = 0644, 512 .proc_handler = proc_dointvec 513 }, 514 #ifdef CONFIG_NETLABEL 515 { 516 .procname = "cipso_cache_enable", 517 .data = &cipso_v4_cache_enabled, 518 .maxlen = sizeof(int), 519 .mode = 0644, 520 .proc_handler = proc_dointvec, 521 }, 522 { 523 .procname = "cipso_cache_bucket_size", 524 .data = &cipso_v4_cache_bucketsize, 525 .maxlen = sizeof(int), 526 .mode = 0644, 527 .proc_handler = proc_dointvec, 528 }, 529 { 530 .procname = "cipso_rbm_optfmt", 531 .data = &cipso_v4_rbm_optfmt, 532 .maxlen = sizeof(int), 533 .mode = 0644, 534 .proc_handler = proc_dointvec, 535 }, 536 { 537 .procname = "cipso_rbm_strictvalid", 538 .data = &cipso_v4_rbm_strictvalid, 539 .maxlen = sizeof(int), 540 .mode = 0644, 541 .proc_handler = proc_dointvec, 542 }, 543 #endif /* CONFIG_NETLABEL */ 544 { 545 .procname = "tcp_available_ulp", 546 .maxlen = TCP_ULP_BUF_MAX, 547 .mode = 0444, 548 .proc_handler = proc_tcp_available_ulp, 549 }, 550 { 551 .procname = "icmp_msgs_per_sec", 552 .data = &sysctl_icmp_msgs_per_sec, 553 .maxlen = sizeof(int), 554 .mode = 0644, 555 .proc_handler = proc_dointvec_minmax, 556 .extra1 = SYSCTL_ZERO, 557 }, 558 { 559 .procname = "icmp_msgs_burst", 560 .data = &sysctl_icmp_msgs_burst, 561 .maxlen = sizeof(int), 562 .mode = 0644, 563 .proc_handler = proc_dointvec_minmax, 564 .extra1 = SYSCTL_ZERO, 565 }, 566 { 567 .procname = "udp_mem", 568 .data = &sysctl_udp_mem, 569 .maxlen = sizeof(sysctl_udp_mem), 570 .mode = 0644, 571 .proc_handler = proc_doulongvec_minmax, 572 }, 573 { 574 .procname = "fib_sync_mem", 575 .data = &sysctl_fib_sync_mem, 576 .maxlen = sizeof(sysctl_fib_sync_mem), 577 .mode = 0644, 578 .proc_handler = proc_douintvec_minmax, 579 .extra1 = &sysctl_fib_sync_mem_min, 580 .extra2 = &sysctl_fib_sync_mem_max, 581 }, 582 { } 583 }; 584 585 static struct ctl_table ipv4_net_table[] = { 586 { 587 .procname = "tcp_max_tw_buckets", 588 .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets, 589 .maxlen = sizeof(int), 590 .mode = 0644, 591 .proc_handler = proc_dointvec 592 }, 593 { 594 .procname = "icmp_echo_ignore_all", 595 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 596 .maxlen = sizeof(u8), 597 .mode = 0644, 598 .proc_handler = proc_dou8vec_minmax, 599 .extra1 = SYSCTL_ZERO, 600 .extra2 = SYSCTL_ONE 601 }, 602 { 603 .procname = "icmp_echo_enable_probe", 604 .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe, 605 .maxlen = sizeof(u8), 606 .mode = 0644, 607 .proc_handler = proc_dou8vec_minmax, 608 .extra1 = SYSCTL_ZERO, 609 .extra2 = SYSCTL_ONE 610 }, 611 { 612 .procname = "icmp_echo_ignore_broadcasts", 613 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 614 .maxlen = sizeof(u8), 615 .mode = 0644, 616 .proc_handler = proc_dou8vec_minmax, 617 .extra1 = SYSCTL_ZERO, 618 .extra2 = SYSCTL_ONE 619 }, 620 { 621 .procname = "icmp_ignore_bogus_error_responses", 622 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 623 .maxlen = sizeof(u8), 624 .mode = 0644, 625 .proc_handler = proc_dou8vec_minmax, 626 .extra1 = SYSCTL_ZERO, 627 .extra2 = SYSCTL_ONE 628 }, 629 { 630 .procname = "icmp_errors_use_inbound_ifaddr", 631 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 632 .maxlen = sizeof(u8), 633 .mode = 0644, 634 .proc_handler = proc_dou8vec_minmax, 635 .extra1 = SYSCTL_ZERO, 636 .extra2 = SYSCTL_ONE 637 }, 638 { 639 .procname = "icmp_ratelimit", 640 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 641 .maxlen = sizeof(int), 642 .mode = 0644, 643 .proc_handler = proc_dointvec_ms_jiffies, 644 }, 645 { 646 .procname = "icmp_ratemask", 647 .data = &init_net.ipv4.sysctl_icmp_ratemask, 648 .maxlen = sizeof(int), 649 .mode = 0644, 650 .proc_handler = proc_dointvec 651 }, 652 { 653 .procname = "ping_group_range", 654 .data = &init_net.ipv4.ping_group_range.range, 655 .maxlen = sizeof(gid_t)*2, 656 .mode = 0644, 657 .proc_handler = ipv4_ping_group_range, 658 }, 659 #ifdef CONFIG_NET_L3_MASTER_DEV 660 { 661 .procname = "raw_l3mdev_accept", 662 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept, 663 .maxlen = sizeof(u8), 664 .mode = 0644, 665 .proc_handler = proc_dou8vec_minmax, 666 .extra1 = SYSCTL_ZERO, 667 .extra2 = SYSCTL_ONE, 668 }, 669 #endif 670 { 671 .procname = "tcp_ecn", 672 .data = &init_net.ipv4.sysctl_tcp_ecn, 673 .maxlen = sizeof(u8), 674 .mode = 0644, 675 .proc_handler = proc_dou8vec_minmax, 676 .extra1 = SYSCTL_ZERO, 677 .extra2 = SYSCTL_TWO, 678 }, 679 { 680 .procname = "tcp_ecn_fallback", 681 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback, 682 .maxlen = sizeof(u8), 683 .mode = 0644, 684 .proc_handler = proc_dou8vec_minmax, 685 .extra1 = SYSCTL_ZERO, 686 .extra2 = SYSCTL_ONE, 687 }, 688 { 689 .procname = "ip_dynaddr", 690 .data = &init_net.ipv4.sysctl_ip_dynaddr, 691 .maxlen = sizeof(u8), 692 .mode = 0644, 693 .proc_handler = proc_dou8vec_minmax, 694 }, 695 { 696 .procname = "ip_early_demux", 697 .data = &init_net.ipv4.sysctl_ip_early_demux, 698 .maxlen = sizeof(u8), 699 .mode = 0644, 700 .proc_handler = proc_dou8vec_minmax, 701 }, 702 { 703 .procname = "udp_early_demux", 704 .data = &init_net.ipv4.sysctl_udp_early_demux, 705 .maxlen = sizeof(u8), 706 .mode = 0644, 707 .proc_handler = proc_dou8vec_minmax, 708 }, 709 { 710 .procname = "tcp_early_demux", 711 .data = &init_net.ipv4.sysctl_tcp_early_demux, 712 .maxlen = sizeof(u8), 713 .mode = 0644, 714 .proc_handler = proc_dou8vec_minmax, 715 }, 716 { 717 .procname = "nexthop_compat_mode", 718 .data = &init_net.ipv4.sysctl_nexthop_compat_mode, 719 .maxlen = sizeof(u8), 720 .mode = 0644, 721 .proc_handler = proc_dou8vec_minmax, 722 .extra1 = SYSCTL_ZERO, 723 .extra2 = SYSCTL_ONE, 724 }, 725 { 726 .procname = "ip_default_ttl", 727 .data = &init_net.ipv4.sysctl_ip_default_ttl, 728 .maxlen = sizeof(u8), 729 .mode = 0644, 730 .proc_handler = proc_dou8vec_minmax, 731 .extra1 = &ip_ttl_min, 732 .extra2 = &ip_ttl_max, 733 }, 734 { 735 .procname = "ip_local_port_range", 736 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), 737 .data = &init_net.ipv4.ip_local_ports.range, 738 .mode = 0644, 739 .proc_handler = ipv4_local_port_range, 740 }, 741 { 742 .procname = "ip_local_reserved_ports", 743 .data = &init_net.ipv4.sysctl_local_reserved_ports, 744 .maxlen = 65536, 745 .mode = 0644, 746 .proc_handler = proc_do_large_bitmap, 747 }, 748 { 749 .procname = "ip_no_pmtu_disc", 750 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, 751 .maxlen = sizeof(u8), 752 .mode = 0644, 753 .proc_handler = proc_dou8vec_minmax, 754 }, 755 { 756 .procname = "ip_forward_use_pmtu", 757 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, 758 .maxlen = sizeof(u8), 759 .mode = 0644, 760 .proc_handler = proc_dou8vec_minmax, 761 }, 762 { 763 .procname = "ip_forward_update_priority", 764 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, 765 .maxlen = sizeof(u8), 766 .mode = 0644, 767 .proc_handler = ipv4_fwd_update_priority, 768 .extra1 = SYSCTL_ZERO, 769 .extra2 = SYSCTL_ONE, 770 }, 771 { 772 .procname = "ip_nonlocal_bind", 773 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, 774 .maxlen = sizeof(u8), 775 .mode = 0644, 776 .proc_handler = proc_dou8vec_minmax, 777 }, 778 { 779 .procname = "ip_autobind_reuse", 780 .data = &init_net.ipv4.sysctl_ip_autobind_reuse, 781 .maxlen = sizeof(u8), 782 .mode = 0644, 783 .proc_handler = proc_dou8vec_minmax, 784 .extra1 = SYSCTL_ZERO, 785 .extra2 = SYSCTL_ONE, 786 }, 787 { 788 .procname = "fwmark_reflect", 789 .data = &init_net.ipv4.sysctl_fwmark_reflect, 790 .maxlen = sizeof(u8), 791 .mode = 0644, 792 .proc_handler = proc_dou8vec_minmax, 793 }, 794 { 795 .procname = "tcp_fwmark_accept", 796 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, 797 .maxlen = sizeof(u8), 798 .mode = 0644, 799 .proc_handler = proc_dou8vec_minmax, 800 }, 801 #ifdef CONFIG_NET_L3_MASTER_DEV 802 { 803 .procname = "tcp_l3mdev_accept", 804 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept, 805 .maxlen = sizeof(u8), 806 .mode = 0644, 807 .proc_handler = proc_dou8vec_minmax, 808 .extra1 = SYSCTL_ZERO, 809 .extra2 = SYSCTL_ONE, 810 }, 811 #endif 812 { 813 .procname = "tcp_mtu_probing", 814 .data = &init_net.ipv4.sysctl_tcp_mtu_probing, 815 .maxlen = sizeof(u8), 816 .mode = 0644, 817 .proc_handler = proc_dou8vec_minmax, 818 }, 819 { 820 .procname = "tcp_base_mss", 821 .data = &init_net.ipv4.sysctl_tcp_base_mss, 822 .maxlen = sizeof(int), 823 .mode = 0644, 824 .proc_handler = proc_dointvec, 825 }, 826 { 827 .procname = "tcp_min_snd_mss", 828 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss, 829 .maxlen = sizeof(int), 830 .mode = 0644, 831 .proc_handler = proc_dointvec_minmax, 832 .extra1 = &tcp_min_snd_mss_min, 833 .extra2 = &tcp_min_snd_mss_max, 834 }, 835 { 836 .procname = "tcp_mtu_probe_floor", 837 .data = &init_net.ipv4.sysctl_tcp_mtu_probe_floor, 838 .maxlen = sizeof(int), 839 .mode = 0644, 840 .proc_handler = proc_dointvec_minmax, 841 .extra1 = &tcp_min_snd_mss_min, 842 .extra2 = &tcp_min_snd_mss_max, 843 }, 844 { 845 .procname = "tcp_probe_threshold", 846 .data = &init_net.ipv4.sysctl_tcp_probe_threshold, 847 .maxlen = sizeof(int), 848 .mode = 0644, 849 .proc_handler = proc_dointvec, 850 }, 851 { 852 .procname = "tcp_probe_interval", 853 .data = &init_net.ipv4.sysctl_tcp_probe_interval, 854 .maxlen = sizeof(u32), 855 .mode = 0644, 856 .proc_handler = proc_douintvec_minmax, 857 .extra2 = &u32_max_div_HZ, 858 }, 859 { 860 .procname = "igmp_link_local_mcast_reports", 861 .data = &init_net.ipv4.sysctl_igmp_llm_reports, 862 .maxlen = sizeof(u8), 863 .mode = 0644, 864 .proc_handler = proc_dou8vec_minmax, 865 }, 866 { 867 .procname = "igmp_max_memberships", 868 .data = &init_net.ipv4.sysctl_igmp_max_memberships, 869 .maxlen = sizeof(int), 870 .mode = 0644, 871 .proc_handler = proc_dointvec 872 }, 873 { 874 .procname = "igmp_max_msf", 875 .data = &init_net.ipv4.sysctl_igmp_max_msf, 876 .maxlen = sizeof(int), 877 .mode = 0644, 878 .proc_handler = proc_dointvec 879 }, 880 #ifdef CONFIG_IP_MULTICAST 881 { 882 .procname = "igmp_qrv", 883 .data = &init_net.ipv4.sysctl_igmp_qrv, 884 .maxlen = sizeof(int), 885 .mode = 0644, 886 .proc_handler = proc_dointvec_minmax, 887 .extra1 = SYSCTL_ONE 888 }, 889 #endif 890 { 891 .procname = "tcp_congestion_control", 892 .data = &init_net.ipv4.tcp_congestion_control, 893 .mode = 0644, 894 .maxlen = TCP_CA_NAME_MAX, 895 .proc_handler = proc_tcp_congestion_control, 896 }, 897 { 898 .procname = "tcp_available_congestion_control", 899 .maxlen = TCP_CA_BUF_MAX, 900 .mode = 0444, 901 .proc_handler = proc_tcp_available_congestion_control, 902 }, 903 { 904 .procname = "tcp_allowed_congestion_control", 905 .maxlen = TCP_CA_BUF_MAX, 906 .mode = 0644, 907 .proc_handler = proc_allowed_congestion_control, 908 }, 909 { 910 .procname = "tcp_keepalive_time", 911 .data = &init_net.ipv4.sysctl_tcp_keepalive_time, 912 .maxlen = sizeof(int), 913 .mode = 0644, 914 .proc_handler = proc_dointvec_jiffies, 915 }, 916 { 917 .procname = "tcp_keepalive_probes", 918 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes, 919 .maxlen = sizeof(u8), 920 .mode = 0644, 921 .proc_handler = proc_dou8vec_minmax, 922 }, 923 { 924 .procname = "tcp_keepalive_intvl", 925 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl, 926 .maxlen = sizeof(int), 927 .mode = 0644, 928 .proc_handler = proc_dointvec_jiffies, 929 }, 930 { 931 .procname = "tcp_syn_retries", 932 .data = &init_net.ipv4.sysctl_tcp_syn_retries, 933 .maxlen = sizeof(u8), 934 .mode = 0644, 935 .proc_handler = proc_dou8vec_minmax, 936 .extra1 = &tcp_syn_retries_min, 937 .extra2 = &tcp_syn_retries_max 938 }, 939 { 940 .procname = "tcp_synack_retries", 941 .data = &init_net.ipv4.sysctl_tcp_synack_retries, 942 .maxlen = sizeof(u8), 943 .mode = 0644, 944 .proc_handler = proc_dou8vec_minmax, 945 }, 946 #ifdef CONFIG_SYN_COOKIES 947 { 948 .procname = "tcp_syncookies", 949 .data = &init_net.ipv4.sysctl_tcp_syncookies, 950 .maxlen = sizeof(u8), 951 .mode = 0644, 952 .proc_handler = proc_dou8vec_minmax, 953 }, 954 #endif 955 { 956 .procname = "tcp_migrate_req", 957 .data = &init_net.ipv4.sysctl_tcp_migrate_req, 958 .maxlen = sizeof(u8), 959 .mode = 0644, 960 .proc_handler = proc_dou8vec_minmax, 961 .extra1 = SYSCTL_ZERO, 962 .extra2 = SYSCTL_ONE 963 }, 964 { 965 .procname = "tcp_reordering", 966 .data = &init_net.ipv4.sysctl_tcp_reordering, 967 .maxlen = sizeof(int), 968 .mode = 0644, 969 .proc_handler = proc_dointvec 970 }, 971 { 972 .procname = "tcp_retries1", 973 .data = &init_net.ipv4.sysctl_tcp_retries1, 974 .maxlen = sizeof(u8), 975 .mode = 0644, 976 .proc_handler = proc_dou8vec_minmax, 977 .extra2 = &tcp_retr1_max 978 }, 979 { 980 .procname = "tcp_retries2", 981 .data = &init_net.ipv4.sysctl_tcp_retries2, 982 .maxlen = sizeof(u8), 983 .mode = 0644, 984 .proc_handler = proc_dou8vec_minmax, 985 }, 986 { 987 .procname = "tcp_orphan_retries", 988 .data = &init_net.ipv4.sysctl_tcp_orphan_retries, 989 .maxlen = sizeof(u8), 990 .mode = 0644, 991 .proc_handler = proc_dou8vec_minmax, 992 }, 993 { 994 .procname = "tcp_fin_timeout", 995 .data = &init_net.ipv4.sysctl_tcp_fin_timeout, 996 .maxlen = sizeof(int), 997 .mode = 0644, 998 .proc_handler = proc_dointvec_jiffies, 999 }, 1000 { 1001 .procname = "tcp_notsent_lowat", 1002 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, 1003 .maxlen = sizeof(unsigned int), 1004 .mode = 0644, 1005 .proc_handler = proc_douintvec, 1006 }, 1007 { 1008 .procname = "tcp_tw_reuse", 1009 .data = &init_net.ipv4.sysctl_tcp_tw_reuse, 1010 .maxlen = sizeof(u8), 1011 .mode = 0644, 1012 .proc_handler = proc_dou8vec_minmax, 1013 .extra1 = SYSCTL_ZERO, 1014 .extra2 = SYSCTL_TWO, 1015 }, 1016 { 1017 .procname = "tcp_max_syn_backlog", 1018 .data = &init_net.ipv4.sysctl_max_syn_backlog, 1019 .maxlen = sizeof(int), 1020 .mode = 0644, 1021 .proc_handler = proc_dointvec 1022 }, 1023 { 1024 .procname = "tcp_fastopen", 1025 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1026 .maxlen = sizeof(int), 1027 .mode = 0644, 1028 .proc_handler = proc_dointvec, 1029 }, 1030 { 1031 .procname = "tcp_fastopen_key", 1032 .mode = 0600, 1033 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1034 /* maxlen to print the list of keys in hex (*2), with dashes 1035 * separating doublewords and a comma in between keys. 1036 */ 1037 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 1038 2 * TCP_FASTOPEN_KEY_MAX) + 1039 (TCP_FASTOPEN_KEY_MAX * 5)), 1040 .proc_handler = proc_tcp_fastopen_key, 1041 }, 1042 { 1043 .procname = "tcp_fastopen_blackhole_timeout_sec", 1044 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout, 1045 .maxlen = sizeof(int), 1046 .mode = 0644, 1047 .proc_handler = proc_tfo_blackhole_detect_timeout, 1048 .extra1 = SYSCTL_ZERO, 1049 }, 1050 #ifdef CONFIG_IP_ROUTE_MULTIPATH 1051 { 1052 .procname = "fib_multipath_use_neigh", 1053 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh, 1054 .maxlen = sizeof(u8), 1055 .mode = 0644, 1056 .proc_handler = proc_dou8vec_minmax, 1057 .extra1 = SYSCTL_ZERO, 1058 .extra2 = SYSCTL_ONE, 1059 }, 1060 { 1061 .procname = "fib_multipath_hash_policy", 1062 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy, 1063 .maxlen = sizeof(u8), 1064 .mode = 0644, 1065 .proc_handler = proc_fib_multipath_hash_policy, 1066 .extra1 = SYSCTL_ZERO, 1067 .extra2 = SYSCTL_THREE, 1068 }, 1069 { 1070 .procname = "fib_multipath_hash_fields", 1071 .data = &init_net.ipv4.sysctl_fib_multipath_hash_fields, 1072 .maxlen = sizeof(u32), 1073 .mode = 0644, 1074 .proc_handler = proc_fib_multipath_hash_fields, 1075 .extra1 = SYSCTL_ONE, 1076 .extra2 = &fib_multipath_hash_fields_all_mask, 1077 }, 1078 #endif 1079 { 1080 .procname = "ip_unprivileged_port_start", 1081 .maxlen = sizeof(int), 1082 .data = &init_net.ipv4.sysctl_ip_prot_sock, 1083 .mode = 0644, 1084 .proc_handler = ipv4_privileged_ports, 1085 }, 1086 #ifdef CONFIG_NET_L3_MASTER_DEV 1087 { 1088 .procname = "udp_l3mdev_accept", 1089 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept, 1090 .maxlen = sizeof(u8), 1091 .mode = 0644, 1092 .proc_handler = proc_dou8vec_minmax, 1093 .extra1 = SYSCTL_ZERO, 1094 .extra2 = SYSCTL_ONE, 1095 }, 1096 #endif 1097 { 1098 .procname = "tcp_sack", 1099 .data = &init_net.ipv4.sysctl_tcp_sack, 1100 .maxlen = sizeof(u8), 1101 .mode = 0644, 1102 .proc_handler = proc_dou8vec_minmax, 1103 }, 1104 { 1105 .procname = "tcp_window_scaling", 1106 .data = &init_net.ipv4.sysctl_tcp_window_scaling, 1107 .maxlen = sizeof(u8), 1108 .mode = 0644, 1109 .proc_handler = proc_dou8vec_minmax, 1110 }, 1111 { 1112 .procname = "tcp_timestamps", 1113 .data = &init_net.ipv4.sysctl_tcp_timestamps, 1114 .maxlen = sizeof(u8), 1115 .mode = 0644, 1116 .proc_handler = proc_dou8vec_minmax, 1117 }, 1118 { 1119 .procname = "tcp_early_retrans", 1120 .data = &init_net.ipv4.sysctl_tcp_early_retrans, 1121 .maxlen = sizeof(u8), 1122 .mode = 0644, 1123 .proc_handler = proc_dou8vec_minmax, 1124 .extra1 = SYSCTL_ZERO, 1125 .extra2 = SYSCTL_FOUR, 1126 }, 1127 { 1128 .procname = "tcp_recovery", 1129 .data = &init_net.ipv4.sysctl_tcp_recovery, 1130 .maxlen = sizeof(u8), 1131 .mode = 0644, 1132 .proc_handler = proc_dou8vec_minmax, 1133 }, 1134 { 1135 .procname = "tcp_thin_linear_timeouts", 1136 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts, 1137 .maxlen = sizeof(u8), 1138 .mode = 0644, 1139 .proc_handler = proc_dou8vec_minmax, 1140 }, 1141 { 1142 .procname = "tcp_slow_start_after_idle", 1143 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle, 1144 .maxlen = sizeof(u8), 1145 .mode = 0644, 1146 .proc_handler = proc_dou8vec_minmax, 1147 }, 1148 { 1149 .procname = "tcp_retrans_collapse", 1150 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse, 1151 .maxlen = sizeof(u8), 1152 .mode = 0644, 1153 .proc_handler = proc_dou8vec_minmax, 1154 }, 1155 { 1156 .procname = "tcp_stdurg", 1157 .data = &init_net.ipv4.sysctl_tcp_stdurg, 1158 .maxlen = sizeof(u8), 1159 .mode = 0644, 1160 .proc_handler = proc_dou8vec_minmax, 1161 }, 1162 { 1163 .procname = "tcp_rfc1337", 1164 .data = &init_net.ipv4.sysctl_tcp_rfc1337, 1165 .maxlen = sizeof(u8), 1166 .mode = 0644, 1167 .proc_handler = proc_dou8vec_minmax, 1168 }, 1169 { 1170 .procname = "tcp_abort_on_overflow", 1171 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow, 1172 .maxlen = sizeof(u8), 1173 .mode = 0644, 1174 .proc_handler = proc_dou8vec_minmax, 1175 }, 1176 { 1177 .procname = "tcp_fack", 1178 .data = &init_net.ipv4.sysctl_tcp_fack, 1179 .maxlen = sizeof(u8), 1180 .mode = 0644, 1181 .proc_handler = proc_dou8vec_minmax, 1182 }, 1183 { 1184 .procname = "tcp_max_reordering", 1185 .data = &init_net.ipv4.sysctl_tcp_max_reordering, 1186 .maxlen = sizeof(int), 1187 .mode = 0644, 1188 .proc_handler = proc_dointvec 1189 }, 1190 { 1191 .procname = "tcp_dsack", 1192 .data = &init_net.ipv4.sysctl_tcp_dsack, 1193 .maxlen = sizeof(u8), 1194 .mode = 0644, 1195 .proc_handler = proc_dou8vec_minmax, 1196 }, 1197 { 1198 .procname = "tcp_app_win", 1199 .data = &init_net.ipv4.sysctl_tcp_app_win, 1200 .maxlen = sizeof(u8), 1201 .mode = 0644, 1202 .proc_handler = proc_dou8vec_minmax, 1203 .extra1 = SYSCTL_ZERO, 1204 .extra2 = &tcp_app_win_max, 1205 }, 1206 { 1207 .procname = "tcp_adv_win_scale", 1208 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale, 1209 .maxlen = sizeof(int), 1210 .mode = 0644, 1211 .proc_handler = proc_dointvec_minmax, 1212 .extra1 = &tcp_adv_win_scale_min, 1213 .extra2 = &tcp_adv_win_scale_max, 1214 }, 1215 { 1216 .procname = "tcp_frto", 1217 .data = &init_net.ipv4.sysctl_tcp_frto, 1218 .maxlen = sizeof(u8), 1219 .mode = 0644, 1220 .proc_handler = proc_dou8vec_minmax, 1221 }, 1222 { 1223 .procname = "tcp_no_metrics_save", 1224 .data = &init_net.ipv4.sysctl_tcp_nometrics_save, 1225 .maxlen = sizeof(u8), 1226 .mode = 0644, 1227 .proc_handler = proc_dou8vec_minmax, 1228 }, 1229 { 1230 .procname = "tcp_no_ssthresh_metrics_save", 1231 .data = &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save, 1232 .maxlen = sizeof(u8), 1233 .mode = 0644, 1234 .proc_handler = proc_dou8vec_minmax, 1235 .extra1 = SYSCTL_ZERO, 1236 .extra2 = SYSCTL_ONE, 1237 }, 1238 { 1239 .procname = "tcp_moderate_rcvbuf", 1240 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf, 1241 .maxlen = sizeof(u8), 1242 .mode = 0644, 1243 .proc_handler = proc_dou8vec_minmax, 1244 }, 1245 { 1246 .procname = "tcp_tso_win_divisor", 1247 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor, 1248 .maxlen = sizeof(u8), 1249 .mode = 0644, 1250 .proc_handler = proc_dou8vec_minmax, 1251 }, 1252 { 1253 .procname = "tcp_workaround_signed_windows", 1254 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows, 1255 .maxlen = sizeof(u8), 1256 .mode = 0644, 1257 .proc_handler = proc_dou8vec_minmax, 1258 }, 1259 { 1260 .procname = "tcp_limit_output_bytes", 1261 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes, 1262 .maxlen = sizeof(int), 1263 .mode = 0644, 1264 .proc_handler = proc_dointvec 1265 }, 1266 { 1267 .procname = "tcp_challenge_ack_limit", 1268 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit, 1269 .maxlen = sizeof(int), 1270 .mode = 0644, 1271 .proc_handler = proc_dointvec 1272 }, 1273 { 1274 .procname = "tcp_min_tso_segs", 1275 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs, 1276 .maxlen = sizeof(u8), 1277 .mode = 0644, 1278 .proc_handler = proc_dou8vec_minmax, 1279 .extra1 = SYSCTL_ONE, 1280 }, 1281 { 1282 .procname = "tcp_tso_rtt_log", 1283 .data = &init_net.ipv4.sysctl_tcp_tso_rtt_log, 1284 .maxlen = sizeof(u8), 1285 .mode = 0644, 1286 .proc_handler = proc_dou8vec_minmax, 1287 }, 1288 { 1289 .procname = "tcp_min_rtt_wlen", 1290 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen, 1291 .maxlen = sizeof(int), 1292 .mode = 0644, 1293 .proc_handler = proc_dointvec_minmax, 1294 .extra1 = SYSCTL_ZERO, 1295 .extra2 = &one_day_secs 1296 }, 1297 { 1298 .procname = "tcp_autocorking", 1299 .data = &init_net.ipv4.sysctl_tcp_autocorking, 1300 .maxlen = sizeof(u8), 1301 .mode = 0644, 1302 .proc_handler = proc_dou8vec_minmax, 1303 .extra1 = SYSCTL_ZERO, 1304 .extra2 = SYSCTL_ONE, 1305 }, 1306 { 1307 .procname = "tcp_invalid_ratelimit", 1308 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit, 1309 .maxlen = sizeof(int), 1310 .mode = 0644, 1311 .proc_handler = proc_dointvec_ms_jiffies, 1312 }, 1313 { 1314 .procname = "tcp_pacing_ss_ratio", 1315 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio, 1316 .maxlen = sizeof(int), 1317 .mode = 0644, 1318 .proc_handler = proc_dointvec_minmax, 1319 .extra1 = SYSCTL_ZERO, 1320 .extra2 = SYSCTL_ONE_THOUSAND, 1321 }, 1322 { 1323 .procname = "tcp_pacing_ca_ratio", 1324 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio, 1325 .maxlen = sizeof(int), 1326 .mode = 0644, 1327 .proc_handler = proc_dointvec_minmax, 1328 .extra1 = SYSCTL_ZERO, 1329 .extra2 = SYSCTL_ONE_THOUSAND, 1330 }, 1331 { 1332 .procname = "tcp_wmem", 1333 .data = &init_net.ipv4.sysctl_tcp_wmem, 1334 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem), 1335 .mode = 0644, 1336 .proc_handler = proc_dointvec_minmax, 1337 .extra1 = SYSCTL_ONE, 1338 }, 1339 { 1340 .procname = "tcp_rmem", 1341 .data = &init_net.ipv4.sysctl_tcp_rmem, 1342 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem), 1343 .mode = 0644, 1344 .proc_handler = proc_dointvec_minmax, 1345 .extra1 = SYSCTL_ONE, 1346 }, 1347 { 1348 .procname = "tcp_comp_sack_delay_ns", 1349 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns, 1350 .maxlen = sizeof(unsigned long), 1351 .mode = 0644, 1352 .proc_handler = proc_doulongvec_minmax, 1353 }, 1354 { 1355 .procname = "tcp_comp_sack_slack_ns", 1356 .data = &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns, 1357 .maxlen = sizeof(unsigned long), 1358 .mode = 0644, 1359 .proc_handler = proc_doulongvec_minmax, 1360 }, 1361 { 1362 .procname = "tcp_comp_sack_nr", 1363 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr, 1364 .maxlen = sizeof(u8), 1365 .mode = 0644, 1366 .proc_handler = proc_dou8vec_minmax, 1367 .extra1 = SYSCTL_ZERO, 1368 }, 1369 { 1370 .procname = "tcp_reflect_tos", 1371 .data = &init_net.ipv4.sysctl_tcp_reflect_tos, 1372 .maxlen = sizeof(u8), 1373 .mode = 0644, 1374 .proc_handler = proc_dou8vec_minmax, 1375 .extra1 = SYSCTL_ZERO, 1376 .extra2 = SYSCTL_ONE, 1377 }, 1378 { 1379 .procname = "tcp_ehash_entries", 1380 .data = &init_net.ipv4.sysctl_tcp_child_ehash_entries, 1381 .mode = 0444, 1382 .proc_handler = proc_tcp_ehash_entries, 1383 }, 1384 { 1385 .procname = "tcp_child_ehash_entries", 1386 .data = &init_net.ipv4.sysctl_tcp_child_ehash_entries, 1387 .maxlen = sizeof(unsigned int), 1388 .mode = 0644, 1389 .proc_handler = proc_douintvec_minmax, 1390 .extra1 = SYSCTL_ZERO, 1391 .extra2 = &tcp_child_ehash_entries_max, 1392 }, 1393 { 1394 .procname = "udp_hash_entries", 1395 .data = &init_net.ipv4.sysctl_udp_child_hash_entries, 1396 .mode = 0444, 1397 .proc_handler = proc_udp_hash_entries, 1398 }, 1399 { 1400 .procname = "udp_child_hash_entries", 1401 .data = &init_net.ipv4.sysctl_udp_child_hash_entries, 1402 .maxlen = sizeof(unsigned int), 1403 .mode = 0644, 1404 .proc_handler = proc_douintvec_minmax, 1405 .extra1 = SYSCTL_ZERO, 1406 .extra2 = &udp_child_hash_entries_max, 1407 }, 1408 { 1409 .procname = "udp_rmem_min", 1410 .data = &init_net.ipv4.sysctl_udp_rmem_min, 1411 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min), 1412 .mode = 0644, 1413 .proc_handler = proc_dointvec_minmax, 1414 .extra1 = SYSCTL_ONE 1415 }, 1416 { 1417 .procname = "udp_wmem_min", 1418 .data = &init_net.ipv4.sysctl_udp_wmem_min, 1419 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min), 1420 .mode = 0644, 1421 .proc_handler = proc_dointvec_minmax, 1422 .extra1 = SYSCTL_ONE 1423 }, 1424 { 1425 .procname = "fib_notify_on_flag_change", 1426 .data = &init_net.ipv4.sysctl_fib_notify_on_flag_change, 1427 .maxlen = sizeof(u8), 1428 .mode = 0644, 1429 .proc_handler = proc_dou8vec_minmax, 1430 .extra1 = SYSCTL_ZERO, 1431 .extra2 = SYSCTL_TWO, 1432 }, 1433 { 1434 .procname = "tcp_plb_enabled", 1435 .data = &init_net.ipv4.sysctl_tcp_plb_enabled, 1436 .maxlen = sizeof(u8), 1437 .mode = 0644, 1438 .proc_handler = proc_dou8vec_minmax, 1439 .extra1 = SYSCTL_ZERO, 1440 .extra2 = SYSCTL_ONE, 1441 }, 1442 { 1443 .procname = "tcp_plb_idle_rehash_rounds", 1444 .data = &init_net.ipv4.sysctl_tcp_plb_idle_rehash_rounds, 1445 .maxlen = sizeof(u8), 1446 .mode = 0644, 1447 .proc_handler = proc_dou8vec_minmax, 1448 .extra2 = &tcp_plb_max_rounds, 1449 }, 1450 { 1451 .procname = "tcp_plb_rehash_rounds", 1452 .data = &init_net.ipv4.sysctl_tcp_plb_rehash_rounds, 1453 .maxlen = sizeof(u8), 1454 .mode = 0644, 1455 .proc_handler = proc_dou8vec_minmax, 1456 .extra2 = &tcp_plb_max_rounds, 1457 }, 1458 { 1459 .procname = "tcp_plb_suspend_rto_sec", 1460 .data = &init_net.ipv4.sysctl_tcp_plb_suspend_rto_sec, 1461 .maxlen = sizeof(u8), 1462 .mode = 0644, 1463 .proc_handler = proc_dou8vec_minmax, 1464 }, 1465 { 1466 .procname = "tcp_plb_cong_thresh", 1467 .data = &init_net.ipv4.sysctl_tcp_plb_cong_thresh, 1468 .maxlen = sizeof(int), 1469 .mode = 0644, 1470 .proc_handler = proc_dointvec_minmax, 1471 .extra1 = SYSCTL_ZERO, 1472 .extra2 = &tcp_plb_max_cong_thresh, 1473 }, 1474 { 1475 .procname = "tcp_syn_linear_timeouts", 1476 .data = &init_net.ipv4.sysctl_tcp_syn_linear_timeouts, 1477 .maxlen = sizeof(u8), 1478 .mode = 0644, 1479 .proc_handler = proc_dou8vec_minmax, 1480 .extra1 = SYSCTL_ZERO, 1481 .extra2 = &tcp_syn_linear_timeouts_max, 1482 }, 1483 { 1484 .procname = "tcp_shrink_window", 1485 .data = &init_net.ipv4.sysctl_tcp_shrink_window, 1486 .maxlen = sizeof(u8), 1487 .mode = 0644, 1488 .proc_handler = proc_dou8vec_minmax, 1489 .extra1 = SYSCTL_ZERO, 1490 .extra2 = SYSCTL_ONE, 1491 }, 1492 { } 1493 }; 1494 1495 static __net_init int ipv4_sysctl_init_net(struct net *net) 1496 { 1497 struct ctl_table *table; 1498 1499 table = ipv4_net_table; 1500 if (!net_eq(net, &init_net)) { 1501 int i; 1502 1503 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 1504 if (!table) 1505 goto err_alloc; 1506 1507 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) { 1508 if (table[i].data) { 1509 /* Update the variables to point into 1510 * the current struct net 1511 */ 1512 table[i].data += (void *)net - (void *)&init_net; 1513 } else { 1514 /* Entries without data pointer are global; 1515 * Make them read-only in non-init_net ns 1516 */ 1517 table[i].mode &= ~0222; 1518 } 1519 } 1520 } 1521 1522 net->ipv4.ipv4_hdr = register_net_sysctl_sz(net, "net/ipv4", table, 1523 ARRAY_SIZE(ipv4_net_table)); 1524 if (!net->ipv4.ipv4_hdr) 1525 goto err_reg; 1526 1527 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); 1528 if (!net->ipv4.sysctl_local_reserved_ports) 1529 goto err_ports; 1530 1531 return 0; 1532 1533 err_ports: 1534 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1535 err_reg: 1536 if (!net_eq(net, &init_net)) 1537 kfree(table); 1538 err_alloc: 1539 return -ENOMEM; 1540 } 1541 1542 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 1543 { 1544 struct ctl_table *table; 1545 1546 kfree(net->ipv4.sysctl_local_reserved_ports); 1547 table = net->ipv4.ipv4_hdr->ctl_table_arg; 1548 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1549 kfree(table); 1550 } 1551 1552 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 1553 .init = ipv4_sysctl_init_net, 1554 .exit = ipv4_sysctl_exit_net, 1555 }; 1556 1557 static __init int sysctl_ipv4_init(void) 1558 { 1559 struct ctl_table_header *hdr; 1560 1561 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 1562 if (!hdr) 1563 return -ENOMEM; 1564 1565 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 1566 unregister_net_sysctl_table(hdr); 1567 return -ENOMEM; 1568 } 1569 1570 return 0; 1571 } 1572 1573 __initcall(sysctl_ipv4_init); 1574