xref: /linux/net/ipv4/sysctl_net_ipv4.c (revision 019b383d1132e4051de0d2e43254454b86538cf4)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
4  *
5  * Begun April 1, 1996, Mike Shaver.
6  * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
7  */
8 
9 #include <linux/sysctl.h>
10 #include <linux/seqlock.h>
11 #include <linux/init.h>
12 #include <linux/slab.h>
13 #include <net/icmp.h>
14 #include <net/ip.h>
15 #include <net/ip_fib.h>
16 #include <net/tcp.h>
17 #include <net/udp.h>
18 #include <net/cipso_ipv4.h>
19 #include <net/ping.h>
20 #include <net/protocol.h>
21 #include <net/netevent.h>
22 
23 static int tcp_retr1_max = 255;
24 static int ip_local_port_range_min[] = { 1, 1 };
25 static int ip_local_port_range_max[] = { 65535, 65535 };
26 static int tcp_adv_win_scale_min = -31;
27 static int tcp_adv_win_scale_max = 31;
28 static int tcp_app_win_max = 31;
29 static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS;
30 static int tcp_min_snd_mss_max = 65535;
31 static int ip_privileged_port_min;
32 static int ip_privileged_port_max = 65535;
33 static int ip_ttl_min = 1;
34 static int ip_ttl_max = 255;
35 static int tcp_syn_retries_min = 1;
36 static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
37 static int tcp_syn_linear_timeouts_max = MAX_TCP_SYNCNT;
38 static unsigned long ip_ping_group_range_min[] = { 0, 0 };
39 static unsigned long ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
40 static u32 u32_max_div_HZ = UINT_MAX / HZ;
41 static int one_day_secs = 24 * 3600;
42 static u32 fib_multipath_hash_fields_all_mask __maybe_unused =
43 	FIB_MULTIPATH_HASH_FIELD_ALL_MASK;
44 static unsigned int tcp_child_ehash_entries_max = 16 * 1024 * 1024;
45 static unsigned int udp_child_hash_entries_max = UDP_HTABLE_SIZE_MAX;
46 static int tcp_plb_max_rounds = 31;
47 static int tcp_plb_max_cong_thresh = 256;
48 
49 /* obsolete */
50 static int sysctl_tcp_low_latency __read_mostly;
51 
52 /* Update system visible IP port range */
53 static void set_local_port_range(struct net *net, int range[2])
54 {
55 	bool same_parity = !((range[0] ^ range[1]) & 1);
56 
57 	write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
58 	if (same_parity && !net->ipv4.ip_local_ports.warned) {
59 		net->ipv4.ip_local_ports.warned = true;
60 		pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
61 	}
62 	net->ipv4.ip_local_ports.range[0] = range[0];
63 	net->ipv4.ip_local_ports.range[1] = range[1];
64 	write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
65 }
66 
67 /* Validate changes from /proc interface. */
68 static int ipv4_local_port_range(struct ctl_table *table, int write,
69 				 void *buffer, size_t *lenp, loff_t *ppos)
70 {
71 	struct net *net =
72 		container_of(table->data, struct net, ipv4.ip_local_ports.range);
73 	int ret;
74 	int range[2];
75 	struct ctl_table tmp = {
76 		.data = &range,
77 		.maxlen = sizeof(range),
78 		.mode = table->mode,
79 		.extra1 = &ip_local_port_range_min,
80 		.extra2 = &ip_local_port_range_max,
81 	};
82 
83 	inet_get_local_port_range(net, &range[0], &range[1]);
84 
85 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
86 
87 	if (write && ret == 0) {
88 		/* Ensure that the upper limit is not smaller than the lower,
89 		 * and that the lower does not encroach upon the privileged
90 		 * port limit.
91 		 */
92 		if ((range[1] < range[0]) ||
93 		    (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))
94 			ret = -EINVAL;
95 		else
96 			set_local_port_range(net, range);
97 	}
98 
99 	return ret;
100 }
101 
102 /* Validate changes from /proc interface. */
103 static int ipv4_privileged_ports(struct ctl_table *table, int write,
104 				void *buffer, size_t *lenp, loff_t *ppos)
105 {
106 	struct net *net = container_of(table->data, struct net,
107 	    ipv4.sysctl_ip_prot_sock);
108 	int ret;
109 	int pports;
110 	int range[2];
111 	struct ctl_table tmp = {
112 		.data = &pports,
113 		.maxlen = sizeof(pports),
114 		.mode = table->mode,
115 		.extra1 = &ip_privileged_port_min,
116 		.extra2 = &ip_privileged_port_max,
117 	};
118 
119 	pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);
120 
121 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
122 
123 	if (write && ret == 0) {
124 		inet_get_local_port_range(net, &range[0], &range[1]);
125 		/* Ensure that the local port range doesn't overlap with the
126 		 * privileged port range.
127 		 */
128 		if (range[0] < pports)
129 			ret = -EINVAL;
130 		else
131 			WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);
132 	}
133 
134 	return ret;
135 }
136 
137 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
138 {
139 	kgid_t *data = table->data;
140 	struct net *net =
141 		container_of(table->data, struct net, ipv4.ping_group_range.range);
142 	unsigned int seq;
143 	do {
144 		seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
145 
146 		*low = data[0];
147 		*high = data[1];
148 	} while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
149 }
150 
151 /* Update system visible IP port range */
152 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
153 {
154 	kgid_t *data = table->data;
155 	struct net *net =
156 		container_of(table->data, struct net, ipv4.ping_group_range.range);
157 	write_seqlock(&net->ipv4.ping_group_range.lock);
158 	data[0] = low;
159 	data[1] = high;
160 	write_sequnlock(&net->ipv4.ping_group_range.lock);
161 }
162 
163 /* Validate changes from /proc interface. */
164 static int ipv4_ping_group_range(struct ctl_table *table, int write,
165 				 void *buffer, size_t *lenp, loff_t *ppos)
166 {
167 	struct user_namespace *user_ns = current_user_ns();
168 	int ret;
169 	unsigned long urange[2];
170 	kgid_t low, high;
171 	struct ctl_table tmp = {
172 		.data = &urange,
173 		.maxlen = sizeof(urange),
174 		.mode = table->mode,
175 		.extra1 = &ip_ping_group_range_min,
176 		.extra2 = &ip_ping_group_range_max,
177 	};
178 
179 	inet_get_ping_group_range_table(table, &low, &high);
180 	urange[0] = from_kgid_munged(user_ns, low);
181 	urange[1] = from_kgid_munged(user_ns, high);
182 	ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
183 
184 	if (write && ret == 0) {
185 		low = make_kgid(user_ns, urange[0]);
186 		high = make_kgid(user_ns, urange[1]);
187 		if (!gid_valid(low) || !gid_valid(high))
188 			return -EINVAL;
189 		if (urange[1] < urange[0] || gid_lt(high, low)) {
190 			low = make_kgid(&init_user_ns, 1);
191 			high = make_kgid(&init_user_ns, 0);
192 		}
193 		set_ping_group_range(table, low, high);
194 	}
195 
196 	return ret;
197 }
198 
199 static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
200 				    void *buffer, size_t *lenp, loff_t *ppos)
201 {
202 	struct net *net;
203 	int ret;
204 
205 	net = container_of(table->data, struct net,
206 			   ipv4.sysctl_ip_fwd_update_priority);
207 	ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
208 	if (write && ret == 0)
209 		call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
210 					net);
211 
212 	return ret;
213 }
214 
215 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
216 				       void *buffer, size_t *lenp, loff_t *ppos)
217 {
218 	struct net *net = container_of(ctl->data, struct net,
219 				       ipv4.tcp_congestion_control);
220 	char val[TCP_CA_NAME_MAX];
221 	struct ctl_table tbl = {
222 		.data = val,
223 		.maxlen = TCP_CA_NAME_MAX,
224 	};
225 	int ret;
226 
227 	tcp_get_default_congestion_control(net, val);
228 
229 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
230 	if (write && ret == 0)
231 		ret = tcp_set_default_congestion_control(net, val);
232 	return ret;
233 }
234 
235 static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
236 						 int write, void *buffer,
237 						 size_t *lenp, loff_t *ppos)
238 {
239 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
240 	int ret;
241 
242 	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
243 	if (!tbl.data)
244 		return -ENOMEM;
245 	tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
246 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
247 	kfree(tbl.data);
248 	return ret;
249 }
250 
251 static int proc_allowed_congestion_control(struct ctl_table *ctl,
252 					   int write, void *buffer,
253 					   size_t *lenp, loff_t *ppos)
254 {
255 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
256 	int ret;
257 
258 	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
259 	if (!tbl.data)
260 		return -ENOMEM;
261 
262 	tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
263 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
264 	if (write && ret == 0)
265 		ret = tcp_set_allowed_congestion_control(tbl.data);
266 	kfree(tbl.data);
267 	return ret;
268 }
269 
270 static int sscanf_key(char *buf, __le32 *key)
271 {
272 	u32 user_key[4];
273 	int i, ret = 0;
274 
275 	if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
276 		   user_key + 2, user_key + 3) != 4) {
277 		ret = -EINVAL;
278 	} else {
279 		for (i = 0; i < ARRAY_SIZE(user_key); i++)
280 			key[i] = cpu_to_le32(user_key[i]);
281 	}
282 	pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
283 		 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
284 
285 	return ret;
286 }
287 
288 static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
289 				 void *buffer, size_t *lenp, loff_t *ppos)
290 {
291 	struct net *net = container_of(table->data, struct net,
292 	    ipv4.sysctl_tcp_fastopen);
293 	/* maxlen to print the list of keys in hex (*2), with dashes
294 	 * separating doublewords and a comma in between keys.
295 	 */
296 	struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
297 					    2 * TCP_FASTOPEN_KEY_MAX) +
298 					    (TCP_FASTOPEN_KEY_MAX * 5)) };
299 	u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
300 	__le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
301 	char *backup_data;
302 	int ret, i = 0, off = 0, n_keys;
303 
304 	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
305 	if (!tbl.data)
306 		return -ENOMEM;
307 
308 	n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
309 	if (!n_keys) {
310 		memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
311 		n_keys = 1;
312 	}
313 
314 	for (i = 0; i < n_keys * 4; i++)
315 		user_key[i] = le32_to_cpu(key[i]);
316 
317 	for (i = 0; i < n_keys; i++) {
318 		off += snprintf(tbl.data + off, tbl.maxlen - off,
319 				"%08x-%08x-%08x-%08x",
320 				user_key[i * 4],
321 				user_key[i * 4 + 1],
322 				user_key[i * 4 + 2],
323 				user_key[i * 4 + 3]);
324 
325 		if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
326 			break;
327 
328 		if (i + 1 < n_keys)
329 			off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
330 	}
331 
332 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
333 
334 	if (write && ret == 0) {
335 		backup_data = strchr(tbl.data, ',');
336 		if (backup_data) {
337 			*backup_data = '\0';
338 			backup_data++;
339 		}
340 		if (sscanf_key(tbl.data, key)) {
341 			ret = -EINVAL;
342 			goto bad_key;
343 		}
344 		if (backup_data) {
345 			if (sscanf_key(backup_data, key + 4)) {
346 				ret = -EINVAL;
347 				goto bad_key;
348 			}
349 		}
350 		tcp_fastopen_reset_cipher(net, NULL, key,
351 					  backup_data ? key + 4 : NULL);
352 	}
353 
354 bad_key:
355 	kfree(tbl.data);
356 	return ret;
357 }
358 
359 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
360 					     int write, void *buffer,
361 					     size_t *lenp, loff_t *ppos)
362 {
363 	struct net *net = container_of(table->data, struct net,
364 	    ipv4.sysctl_tcp_fastopen_blackhole_timeout);
365 	int ret;
366 
367 	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
368 	if (write && ret == 0)
369 		atomic_set(&net->ipv4.tfo_active_disable_times, 0);
370 
371 	return ret;
372 }
373 
374 static int proc_tcp_available_ulp(struct ctl_table *ctl,
375 				  int write, void *buffer, size_t *lenp,
376 				  loff_t *ppos)
377 {
378 	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
379 	int ret;
380 
381 	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
382 	if (!tbl.data)
383 		return -ENOMEM;
384 	tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
385 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
386 	kfree(tbl.data);
387 
388 	return ret;
389 }
390 
391 static int proc_tcp_ehash_entries(struct ctl_table *table, int write,
392 				  void *buffer, size_t *lenp, loff_t *ppos)
393 {
394 	struct net *net = container_of(table->data, struct net,
395 				       ipv4.sysctl_tcp_child_ehash_entries);
396 	struct inet_hashinfo *hinfo = net->ipv4.tcp_death_row.hashinfo;
397 	int tcp_ehash_entries;
398 	struct ctl_table tbl;
399 
400 	tcp_ehash_entries = hinfo->ehash_mask + 1;
401 
402 	/* A negative number indicates that the child netns
403 	 * shares the global ehash.
404 	 */
405 	if (!net_eq(net, &init_net) && !hinfo->pernet)
406 		tcp_ehash_entries *= -1;
407 
408 	memset(&tbl, 0, sizeof(tbl));
409 	tbl.data = &tcp_ehash_entries;
410 	tbl.maxlen = sizeof(int);
411 
412 	return proc_dointvec(&tbl, write, buffer, lenp, ppos);
413 }
414 
415 static int proc_udp_hash_entries(struct ctl_table *table, int write,
416 				 void *buffer, size_t *lenp, loff_t *ppos)
417 {
418 	struct net *net = container_of(table->data, struct net,
419 				       ipv4.sysctl_udp_child_hash_entries);
420 	int udp_hash_entries;
421 	struct ctl_table tbl;
422 
423 	udp_hash_entries = net->ipv4.udp_table->mask + 1;
424 
425 	/* A negative number indicates that the child netns
426 	 * shares the global udp_table.
427 	 */
428 	if (!net_eq(net, &init_net) && net->ipv4.udp_table == &udp_table)
429 		udp_hash_entries *= -1;
430 
431 	memset(&tbl, 0, sizeof(tbl));
432 	tbl.data = &udp_hash_entries;
433 	tbl.maxlen = sizeof(int);
434 
435 	return proc_dointvec(&tbl, write, buffer, lenp, ppos);
436 }
437 
438 #ifdef CONFIG_IP_ROUTE_MULTIPATH
439 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
440 					  void *buffer, size_t *lenp,
441 					  loff_t *ppos)
442 {
443 	struct net *net = container_of(table->data, struct net,
444 	    ipv4.sysctl_fib_multipath_hash_policy);
445 	int ret;
446 
447 	ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
448 	if (write && ret == 0)
449 		call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
450 
451 	return ret;
452 }
453 
454 static int proc_fib_multipath_hash_fields(struct ctl_table *table, int write,
455 					  void *buffer, size_t *lenp,
456 					  loff_t *ppos)
457 {
458 	struct net *net;
459 	int ret;
460 
461 	net = container_of(table->data, struct net,
462 			   ipv4.sysctl_fib_multipath_hash_fields);
463 	ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos);
464 	if (write && ret == 0)
465 		call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
466 
467 	return ret;
468 }
469 #endif
470 
471 static struct ctl_table ipv4_table[] = {
472 	{
473 		.procname	= "tcp_max_orphans",
474 		.data		= &sysctl_tcp_max_orphans,
475 		.maxlen		= sizeof(int),
476 		.mode		= 0644,
477 		.proc_handler	= proc_dointvec
478 	},
479 	{
480 		.procname	= "inet_peer_threshold",
481 		.data		= &inet_peer_threshold,
482 		.maxlen		= sizeof(int),
483 		.mode		= 0644,
484 		.proc_handler	= proc_dointvec
485 	},
486 	{
487 		.procname	= "inet_peer_minttl",
488 		.data		= &inet_peer_minttl,
489 		.maxlen		= sizeof(int),
490 		.mode		= 0644,
491 		.proc_handler	= proc_dointvec_jiffies,
492 	},
493 	{
494 		.procname	= "inet_peer_maxttl",
495 		.data		= &inet_peer_maxttl,
496 		.maxlen		= sizeof(int),
497 		.mode		= 0644,
498 		.proc_handler	= proc_dointvec_jiffies,
499 	},
500 	{
501 		.procname	= "tcp_mem",
502 		.maxlen		= sizeof(sysctl_tcp_mem),
503 		.data		= &sysctl_tcp_mem,
504 		.mode		= 0644,
505 		.proc_handler	= proc_doulongvec_minmax,
506 	},
507 	{
508 		.procname	= "tcp_low_latency",
509 		.data		= &sysctl_tcp_low_latency,
510 		.maxlen		= sizeof(int),
511 		.mode		= 0644,
512 		.proc_handler	= proc_dointvec
513 	},
514 #ifdef CONFIG_NETLABEL
515 	{
516 		.procname	= "cipso_cache_enable",
517 		.data		= &cipso_v4_cache_enabled,
518 		.maxlen		= sizeof(int),
519 		.mode		= 0644,
520 		.proc_handler	= proc_dointvec,
521 	},
522 	{
523 		.procname	= "cipso_cache_bucket_size",
524 		.data		= &cipso_v4_cache_bucketsize,
525 		.maxlen		= sizeof(int),
526 		.mode		= 0644,
527 		.proc_handler	= proc_dointvec,
528 	},
529 	{
530 		.procname	= "cipso_rbm_optfmt",
531 		.data		= &cipso_v4_rbm_optfmt,
532 		.maxlen		= sizeof(int),
533 		.mode		= 0644,
534 		.proc_handler	= proc_dointvec,
535 	},
536 	{
537 		.procname	= "cipso_rbm_strictvalid",
538 		.data		= &cipso_v4_rbm_strictvalid,
539 		.maxlen		= sizeof(int),
540 		.mode		= 0644,
541 		.proc_handler	= proc_dointvec,
542 	},
543 #endif /* CONFIG_NETLABEL */
544 	{
545 		.procname	= "tcp_available_ulp",
546 		.maxlen		= TCP_ULP_BUF_MAX,
547 		.mode		= 0444,
548 		.proc_handler   = proc_tcp_available_ulp,
549 	},
550 	{
551 		.procname	= "icmp_msgs_per_sec",
552 		.data		= &sysctl_icmp_msgs_per_sec,
553 		.maxlen		= sizeof(int),
554 		.mode		= 0644,
555 		.proc_handler	= proc_dointvec_minmax,
556 		.extra1		= SYSCTL_ZERO,
557 	},
558 	{
559 		.procname	= "icmp_msgs_burst",
560 		.data		= &sysctl_icmp_msgs_burst,
561 		.maxlen		= sizeof(int),
562 		.mode		= 0644,
563 		.proc_handler	= proc_dointvec_minmax,
564 		.extra1		= SYSCTL_ZERO,
565 	},
566 	{
567 		.procname	= "udp_mem",
568 		.data		= &sysctl_udp_mem,
569 		.maxlen		= sizeof(sysctl_udp_mem),
570 		.mode		= 0644,
571 		.proc_handler	= proc_doulongvec_minmax,
572 	},
573 	{
574 		.procname	= "fib_sync_mem",
575 		.data		= &sysctl_fib_sync_mem,
576 		.maxlen		= sizeof(sysctl_fib_sync_mem),
577 		.mode		= 0644,
578 		.proc_handler	= proc_douintvec_minmax,
579 		.extra1		= &sysctl_fib_sync_mem_min,
580 		.extra2		= &sysctl_fib_sync_mem_max,
581 	},
582 	{ }
583 };
584 
585 static struct ctl_table ipv4_net_table[] = {
586 	{
587 		.procname	= "tcp_max_tw_buckets",
588 		.data		= &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets,
589 		.maxlen		= sizeof(int),
590 		.mode		= 0644,
591 		.proc_handler	= proc_dointvec
592 	},
593 	{
594 		.procname	= "icmp_echo_ignore_all",
595 		.data		= &init_net.ipv4.sysctl_icmp_echo_ignore_all,
596 		.maxlen		= sizeof(u8),
597 		.mode		= 0644,
598 		.proc_handler	= proc_dou8vec_minmax,
599 		.extra1		= SYSCTL_ZERO,
600 		.extra2		= SYSCTL_ONE
601 	},
602 	{
603 		.procname	= "icmp_echo_enable_probe",
604 		.data		= &init_net.ipv4.sysctl_icmp_echo_enable_probe,
605 		.maxlen		= sizeof(u8),
606 		.mode		= 0644,
607 		.proc_handler	= proc_dou8vec_minmax,
608 		.extra1		= SYSCTL_ZERO,
609 		.extra2		= SYSCTL_ONE
610 	},
611 	{
612 		.procname	= "icmp_echo_ignore_broadcasts",
613 		.data		= &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
614 		.maxlen		= sizeof(u8),
615 		.mode		= 0644,
616 		.proc_handler	= proc_dou8vec_minmax,
617 		.extra1		= SYSCTL_ZERO,
618 		.extra2		= SYSCTL_ONE
619 	},
620 	{
621 		.procname	= "icmp_ignore_bogus_error_responses",
622 		.data		= &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
623 		.maxlen		= sizeof(u8),
624 		.mode		= 0644,
625 		.proc_handler	= proc_dou8vec_minmax,
626 		.extra1		= SYSCTL_ZERO,
627 		.extra2		= SYSCTL_ONE
628 	},
629 	{
630 		.procname	= "icmp_errors_use_inbound_ifaddr",
631 		.data		= &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
632 		.maxlen		= sizeof(u8),
633 		.mode		= 0644,
634 		.proc_handler	= proc_dou8vec_minmax,
635 		.extra1		= SYSCTL_ZERO,
636 		.extra2		= SYSCTL_ONE
637 	},
638 	{
639 		.procname	= "icmp_ratelimit",
640 		.data		= &init_net.ipv4.sysctl_icmp_ratelimit,
641 		.maxlen		= sizeof(int),
642 		.mode		= 0644,
643 		.proc_handler	= proc_dointvec_ms_jiffies,
644 	},
645 	{
646 		.procname	= "icmp_ratemask",
647 		.data		= &init_net.ipv4.sysctl_icmp_ratemask,
648 		.maxlen		= sizeof(int),
649 		.mode		= 0644,
650 		.proc_handler	= proc_dointvec
651 	},
652 	{
653 		.procname	= "ping_group_range",
654 		.data		= &init_net.ipv4.ping_group_range.range,
655 		.maxlen		= sizeof(gid_t)*2,
656 		.mode		= 0644,
657 		.proc_handler	= ipv4_ping_group_range,
658 	},
659 #ifdef CONFIG_NET_L3_MASTER_DEV
660 	{
661 		.procname	= "raw_l3mdev_accept",
662 		.data		= &init_net.ipv4.sysctl_raw_l3mdev_accept,
663 		.maxlen		= sizeof(u8),
664 		.mode		= 0644,
665 		.proc_handler	= proc_dou8vec_minmax,
666 		.extra1		= SYSCTL_ZERO,
667 		.extra2		= SYSCTL_ONE,
668 	},
669 #endif
670 	{
671 		.procname	= "tcp_ecn",
672 		.data		= &init_net.ipv4.sysctl_tcp_ecn,
673 		.maxlen		= sizeof(u8),
674 		.mode		= 0644,
675 		.proc_handler	= proc_dou8vec_minmax,
676 		.extra1		= SYSCTL_ZERO,
677 		.extra2		= SYSCTL_TWO,
678 	},
679 	{
680 		.procname	= "tcp_ecn_fallback",
681 		.data		= &init_net.ipv4.sysctl_tcp_ecn_fallback,
682 		.maxlen		= sizeof(u8),
683 		.mode		= 0644,
684 		.proc_handler	= proc_dou8vec_minmax,
685 		.extra1		= SYSCTL_ZERO,
686 		.extra2		= SYSCTL_ONE,
687 	},
688 	{
689 		.procname	= "ip_dynaddr",
690 		.data		= &init_net.ipv4.sysctl_ip_dynaddr,
691 		.maxlen		= sizeof(u8),
692 		.mode		= 0644,
693 		.proc_handler	= proc_dou8vec_minmax,
694 	},
695 	{
696 		.procname	= "ip_early_demux",
697 		.data		= &init_net.ipv4.sysctl_ip_early_demux,
698 		.maxlen		= sizeof(u8),
699 		.mode		= 0644,
700 		.proc_handler	= proc_dou8vec_minmax,
701 	},
702 	{
703 		.procname       = "udp_early_demux",
704 		.data           = &init_net.ipv4.sysctl_udp_early_demux,
705 		.maxlen         = sizeof(u8),
706 		.mode           = 0644,
707 		.proc_handler   = proc_dou8vec_minmax,
708 	},
709 	{
710 		.procname       = "tcp_early_demux",
711 		.data           = &init_net.ipv4.sysctl_tcp_early_demux,
712 		.maxlen         = sizeof(u8),
713 		.mode           = 0644,
714 		.proc_handler   = proc_dou8vec_minmax,
715 	},
716 	{
717 		.procname       = "nexthop_compat_mode",
718 		.data           = &init_net.ipv4.sysctl_nexthop_compat_mode,
719 		.maxlen         = sizeof(u8),
720 		.mode           = 0644,
721 		.proc_handler   = proc_dou8vec_minmax,
722 		.extra1		= SYSCTL_ZERO,
723 		.extra2		= SYSCTL_ONE,
724 	},
725 	{
726 		.procname	= "ip_default_ttl",
727 		.data		= &init_net.ipv4.sysctl_ip_default_ttl,
728 		.maxlen		= sizeof(u8),
729 		.mode		= 0644,
730 		.proc_handler	= proc_dou8vec_minmax,
731 		.extra1		= &ip_ttl_min,
732 		.extra2		= &ip_ttl_max,
733 	},
734 	{
735 		.procname	= "ip_local_port_range",
736 		.maxlen		= sizeof(init_net.ipv4.ip_local_ports.range),
737 		.data		= &init_net.ipv4.ip_local_ports.range,
738 		.mode		= 0644,
739 		.proc_handler	= ipv4_local_port_range,
740 	},
741 	{
742 		.procname	= "ip_local_reserved_ports",
743 		.data		= &init_net.ipv4.sysctl_local_reserved_ports,
744 		.maxlen		= 65536,
745 		.mode		= 0644,
746 		.proc_handler	= proc_do_large_bitmap,
747 	},
748 	{
749 		.procname	= "ip_no_pmtu_disc",
750 		.data		= &init_net.ipv4.sysctl_ip_no_pmtu_disc,
751 		.maxlen		= sizeof(u8),
752 		.mode		= 0644,
753 		.proc_handler	= proc_dou8vec_minmax,
754 	},
755 	{
756 		.procname	= "ip_forward_use_pmtu",
757 		.data		= &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
758 		.maxlen		= sizeof(u8),
759 		.mode		= 0644,
760 		.proc_handler	= proc_dou8vec_minmax,
761 	},
762 	{
763 		.procname	= "ip_forward_update_priority",
764 		.data		= &init_net.ipv4.sysctl_ip_fwd_update_priority,
765 		.maxlen		= sizeof(u8),
766 		.mode		= 0644,
767 		.proc_handler   = ipv4_fwd_update_priority,
768 		.extra1		= SYSCTL_ZERO,
769 		.extra2		= SYSCTL_ONE,
770 	},
771 	{
772 		.procname	= "ip_nonlocal_bind",
773 		.data		= &init_net.ipv4.sysctl_ip_nonlocal_bind,
774 		.maxlen		= sizeof(u8),
775 		.mode		= 0644,
776 		.proc_handler	= proc_dou8vec_minmax,
777 	},
778 	{
779 		.procname	= "ip_autobind_reuse",
780 		.data		= &init_net.ipv4.sysctl_ip_autobind_reuse,
781 		.maxlen		= sizeof(u8),
782 		.mode		= 0644,
783 		.proc_handler	= proc_dou8vec_minmax,
784 		.extra1         = SYSCTL_ZERO,
785 		.extra2         = SYSCTL_ONE,
786 	},
787 	{
788 		.procname	= "fwmark_reflect",
789 		.data		= &init_net.ipv4.sysctl_fwmark_reflect,
790 		.maxlen		= sizeof(u8),
791 		.mode		= 0644,
792 		.proc_handler	= proc_dou8vec_minmax,
793 	},
794 	{
795 		.procname	= "tcp_fwmark_accept",
796 		.data		= &init_net.ipv4.sysctl_tcp_fwmark_accept,
797 		.maxlen		= sizeof(u8),
798 		.mode		= 0644,
799 		.proc_handler	= proc_dou8vec_minmax,
800 	},
801 #ifdef CONFIG_NET_L3_MASTER_DEV
802 	{
803 		.procname	= "tcp_l3mdev_accept",
804 		.data		= &init_net.ipv4.sysctl_tcp_l3mdev_accept,
805 		.maxlen		= sizeof(u8),
806 		.mode		= 0644,
807 		.proc_handler	= proc_dou8vec_minmax,
808 		.extra1		= SYSCTL_ZERO,
809 		.extra2		= SYSCTL_ONE,
810 	},
811 #endif
812 	{
813 		.procname	= "tcp_mtu_probing",
814 		.data		= &init_net.ipv4.sysctl_tcp_mtu_probing,
815 		.maxlen		= sizeof(u8),
816 		.mode		= 0644,
817 		.proc_handler	= proc_dou8vec_minmax,
818 	},
819 	{
820 		.procname	= "tcp_base_mss",
821 		.data		= &init_net.ipv4.sysctl_tcp_base_mss,
822 		.maxlen		= sizeof(int),
823 		.mode		= 0644,
824 		.proc_handler	= proc_dointvec,
825 	},
826 	{
827 		.procname	= "tcp_min_snd_mss",
828 		.data		= &init_net.ipv4.sysctl_tcp_min_snd_mss,
829 		.maxlen		= sizeof(int),
830 		.mode		= 0644,
831 		.proc_handler	= proc_dointvec_minmax,
832 		.extra1		= &tcp_min_snd_mss_min,
833 		.extra2		= &tcp_min_snd_mss_max,
834 	},
835 	{
836 		.procname	= "tcp_mtu_probe_floor",
837 		.data		= &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
838 		.maxlen		= sizeof(int),
839 		.mode		= 0644,
840 		.proc_handler	= proc_dointvec_minmax,
841 		.extra1		= &tcp_min_snd_mss_min,
842 		.extra2		= &tcp_min_snd_mss_max,
843 	},
844 	{
845 		.procname	= "tcp_probe_threshold",
846 		.data		= &init_net.ipv4.sysctl_tcp_probe_threshold,
847 		.maxlen		= sizeof(int),
848 		.mode		= 0644,
849 		.proc_handler	= proc_dointvec,
850 	},
851 	{
852 		.procname	= "tcp_probe_interval",
853 		.data		= &init_net.ipv4.sysctl_tcp_probe_interval,
854 		.maxlen		= sizeof(u32),
855 		.mode		= 0644,
856 		.proc_handler	= proc_douintvec_minmax,
857 		.extra2		= &u32_max_div_HZ,
858 	},
859 	{
860 		.procname	= "igmp_link_local_mcast_reports",
861 		.data		= &init_net.ipv4.sysctl_igmp_llm_reports,
862 		.maxlen		= sizeof(u8),
863 		.mode		= 0644,
864 		.proc_handler	= proc_dou8vec_minmax,
865 	},
866 	{
867 		.procname	= "igmp_max_memberships",
868 		.data		= &init_net.ipv4.sysctl_igmp_max_memberships,
869 		.maxlen		= sizeof(int),
870 		.mode		= 0644,
871 		.proc_handler	= proc_dointvec
872 	},
873 	{
874 		.procname	= "igmp_max_msf",
875 		.data		= &init_net.ipv4.sysctl_igmp_max_msf,
876 		.maxlen		= sizeof(int),
877 		.mode		= 0644,
878 		.proc_handler	= proc_dointvec
879 	},
880 #ifdef CONFIG_IP_MULTICAST
881 	{
882 		.procname	= "igmp_qrv",
883 		.data		= &init_net.ipv4.sysctl_igmp_qrv,
884 		.maxlen		= sizeof(int),
885 		.mode		= 0644,
886 		.proc_handler	= proc_dointvec_minmax,
887 		.extra1		= SYSCTL_ONE
888 	},
889 #endif
890 	{
891 		.procname	= "tcp_congestion_control",
892 		.data		= &init_net.ipv4.tcp_congestion_control,
893 		.mode		= 0644,
894 		.maxlen		= TCP_CA_NAME_MAX,
895 		.proc_handler	= proc_tcp_congestion_control,
896 	},
897 	{
898 		.procname	= "tcp_available_congestion_control",
899 		.maxlen		= TCP_CA_BUF_MAX,
900 		.mode		= 0444,
901 		.proc_handler   = proc_tcp_available_congestion_control,
902 	},
903 	{
904 		.procname	= "tcp_allowed_congestion_control",
905 		.maxlen		= TCP_CA_BUF_MAX,
906 		.mode		= 0644,
907 		.proc_handler   = proc_allowed_congestion_control,
908 	},
909 	{
910 		.procname	= "tcp_keepalive_time",
911 		.data		= &init_net.ipv4.sysctl_tcp_keepalive_time,
912 		.maxlen		= sizeof(int),
913 		.mode		= 0644,
914 		.proc_handler	= proc_dointvec_jiffies,
915 	},
916 	{
917 		.procname	= "tcp_keepalive_probes",
918 		.data		= &init_net.ipv4.sysctl_tcp_keepalive_probes,
919 		.maxlen		= sizeof(u8),
920 		.mode		= 0644,
921 		.proc_handler	= proc_dou8vec_minmax,
922 	},
923 	{
924 		.procname	= "tcp_keepalive_intvl",
925 		.data		= &init_net.ipv4.sysctl_tcp_keepalive_intvl,
926 		.maxlen		= sizeof(int),
927 		.mode		= 0644,
928 		.proc_handler	= proc_dointvec_jiffies,
929 	},
930 	{
931 		.procname	= "tcp_syn_retries",
932 		.data		= &init_net.ipv4.sysctl_tcp_syn_retries,
933 		.maxlen		= sizeof(u8),
934 		.mode		= 0644,
935 		.proc_handler	= proc_dou8vec_minmax,
936 		.extra1		= &tcp_syn_retries_min,
937 		.extra2		= &tcp_syn_retries_max
938 	},
939 	{
940 		.procname	= "tcp_synack_retries",
941 		.data		= &init_net.ipv4.sysctl_tcp_synack_retries,
942 		.maxlen		= sizeof(u8),
943 		.mode		= 0644,
944 		.proc_handler	= proc_dou8vec_minmax,
945 	},
946 #ifdef CONFIG_SYN_COOKIES
947 	{
948 		.procname	= "tcp_syncookies",
949 		.data		= &init_net.ipv4.sysctl_tcp_syncookies,
950 		.maxlen		= sizeof(u8),
951 		.mode		= 0644,
952 		.proc_handler	= proc_dou8vec_minmax,
953 	},
954 #endif
955 	{
956 		.procname	= "tcp_migrate_req",
957 		.data		= &init_net.ipv4.sysctl_tcp_migrate_req,
958 		.maxlen		= sizeof(u8),
959 		.mode		= 0644,
960 		.proc_handler	= proc_dou8vec_minmax,
961 		.extra1		= SYSCTL_ZERO,
962 		.extra2		= SYSCTL_ONE
963 	},
964 	{
965 		.procname	= "tcp_reordering",
966 		.data		= &init_net.ipv4.sysctl_tcp_reordering,
967 		.maxlen		= sizeof(int),
968 		.mode		= 0644,
969 		.proc_handler	= proc_dointvec
970 	},
971 	{
972 		.procname	= "tcp_retries1",
973 		.data		= &init_net.ipv4.sysctl_tcp_retries1,
974 		.maxlen		= sizeof(u8),
975 		.mode		= 0644,
976 		.proc_handler	= proc_dou8vec_minmax,
977 		.extra2		= &tcp_retr1_max
978 	},
979 	{
980 		.procname	= "tcp_retries2",
981 		.data		= &init_net.ipv4.sysctl_tcp_retries2,
982 		.maxlen		= sizeof(u8),
983 		.mode		= 0644,
984 		.proc_handler	= proc_dou8vec_minmax,
985 	},
986 	{
987 		.procname	= "tcp_orphan_retries",
988 		.data		= &init_net.ipv4.sysctl_tcp_orphan_retries,
989 		.maxlen		= sizeof(u8),
990 		.mode		= 0644,
991 		.proc_handler	= proc_dou8vec_minmax,
992 	},
993 	{
994 		.procname	= "tcp_fin_timeout",
995 		.data		= &init_net.ipv4.sysctl_tcp_fin_timeout,
996 		.maxlen		= sizeof(int),
997 		.mode		= 0644,
998 		.proc_handler	= proc_dointvec_jiffies,
999 	},
1000 	{
1001 		.procname	= "tcp_notsent_lowat",
1002 		.data		= &init_net.ipv4.sysctl_tcp_notsent_lowat,
1003 		.maxlen		= sizeof(unsigned int),
1004 		.mode		= 0644,
1005 		.proc_handler	= proc_douintvec,
1006 	},
1007 	{
1008 		.procname	= "tcp_tw_reuse",
1009 		.data		= &init_net.ipv4.sysctl_tcp_tw_reuse,
1010 		.maxlen		= sizeof(u8),
1011 		.mode		= 0644,
1012 		.proc_handler	= proc_dou8vec_minmax,
1013 		.extra1		= SYSCTL_ZERO,
1014 		.extra2		= SYSCTL_TWO,
1015 	},
1016 	{
1017 		.procname	= "tcp_max_syn_backlog",
1018 		.data		= &init_net.ipv4.sysctl_max_syn_backlog,
1019 		.maxlen		= sizeof(int),
1020 		.mode		= 0644,
1021 		.proc_handler	= proc_dointvec
1022 	},
1023 	{
1024 		.procname	= "tcp_fastopen",
1025 		.data		= &init_net.ipv4.sysctl_tcp_fastopen,
1026 		.maxlen		= sizeof(int),
1027 		.mode		= 0644,
1028 		.proc_handler	= proc_dointvec,
1029 	},
1030 	{
1031 		.procname	= "tcp_fastopen_key",
1032 		.mode		= 0600,
1033 		.data		= &init_net.ipv4.sysctl_tcp_fastopen,
1034 		/* maxlen to print the list of keys in hex (*2), with dashes
1035 		 * separating doublewords and a comma in between keys.
1036 		 */
1037 		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH *
1038 				   2 * TCP_FASTOPEN_KEY_MAX) +
1039 				   (TCP_FASTOPEN_KEY_MAX * 5)),
1040 		.proc_handler	= proc_tcp_fastopen_key,
1041 	},
1042 	{
1043 		.procname	= "tcp_fastopen_blackhole_timeout_sec",
1044 		.data		= &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
1045 		.maxlen		= sizeof(int),
1046 		.mode		= 0644,
1047 		.proc_handler	= proc_tfo_blackhole_detect_timeout,
1048 		.extra1		= SYSCTL_ZERO,
1049 	},
1050 #ifdef CONFIG_IP_ROUTE_MULTIPATH
1051 	{
1052 		.procname	= "fib_multipath_use_neigh",
1053 		.data		= &init_net.ipv4.sysctl_fib_multipath_use_neigh,
1054 		.maxlen		= sizeof(u8),
1055 		.mode		= 0644,
1056 		.proc_handler	= proc_dou8vec_minmax,
1057 		.extra1		= SYSCTL_ZERO,
1058 		.extra2		= SYSCTL_ONE,
1059 	},
1060 	{
1061 		.procname	= "fib_multipath_hash_policy",
1062 		.data		= &init_net.ipv4.sysctl_fib_multipath_hash_policy,
1063 		.maxlen		= sizeof(u8),
1064 		.mode		= 0644,
1065 		.proc_handler	= proc_fib_multipath_hash_policy,
1066 		.extra1		= SYSCTL_ZERO,
1067 		.extra2		= SYSCTL_THREE,
1068 	},
1069 	{
1070 		.procname	= "fib_multipath_hash_fields",
1071 		.data		= &init_net.ipv4.sysctl_fib_multipath_hash_fields,
1072 		.maxlen		= sizeof(u32),
1073 		.mode		= 0644,
1074 		.proc_handler	= proc_fib_multipath_hash_fields,
1075 		.extra1		= SYSCTL_ONE,
1076 		.extra2		= &fib_multipath_hash_fields_all_mask,
1077 	},
1078 #endif
1079 	{
1080 		.procname	= "ip_unprivileged_port_start",
1081 		.maxlen		= sizeof(int),
1082 		.data		= &init_net.ipv4.sysctl_ip_prot_sock,
1083 		.mode		= 0644,
1084 		.proc_handler	= ipv4_privileged_ports,
1085 	},
1086 #ifdef CONFIG_NET_L3_MASTER_DEV
1087 	{
1088 		.procname	= "udp_l3mdev_accept",
1089 		.data		= &init_net.ipv4.sysctl_udp_l3mdev_accept,
1090 		.maxlen		= sizeof(u8),
1091 		.mode		= 0644,
1092 		.proc_handler	= proc_dou8vec_minmax,
1093 		.extra1		= SYSCTL_ZERO,
1094 		.extra2		= SYSCTL_ONE,
1095 	},
1096 #endif
1097 	{
1098 		.procname	= "tcp_sack",
1099 		.data		= &init_net.ipv4.sysctl_tcp_sack,
1100 		.maxlen		= sizeof(u8),
1101 		.mode		= 0644,
1102 		.proc_handler	= proc_dou8vec_minmax,
1103 	},
1104 	{
1105 		.procname	= "tcp_window_scaling",
1106 		.data		= &init_net.ipv4.sysctl_tcp_window_scaling,
1107 		.maxlen		= sizeof(u8),
1108 		.mode		= 0644,
1109 		.proc_handler	= proc_dou8vec_minmax,
1110 	},
1111 	{
1112 		.procname	= "tcp_timestamps",
1113 		.data		= &init_net.ipv4.sysctl_tcp_timestamps,
1114 		.maxlen		= sizeof(u8),
1115 		.mode		= 0644,
1116 		.proc_handler	= proc_dou8vec_minmax,
1117 	},
1118 	{
1119 		.procname	= "tcp_early_retrans",
1120 		.data		= &init_net.ipv4.sysctl_tcp_early_retrans,
1121 		.maxlen		= sizeof(u8),
1122 		.mode		= 0644,
1123 		.proc_handler	= proc_dou8vec_minmax,
1124 		.extra1		= SYSCTL_ZERO,
1125 		.extra2		= SYSCTL_FOUR,
1126 	},
1127 	{
1128 		.procname	= "tcp_recovery",
1129 		.data		= &init_net.ipv4.sysctl_tcp_recovery,
1130 		.maxlen		= sizeof(u8),
1131 		.mode		= 0644,
1132 		.proc_handler	= proc_dou8vec_minmax,
1133 	},
1134 	{
1135 		.procname       = "tcp_thin_linear_timeouts",
1136 		.data           = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1137 		.maxlen         = sizeof(u8),
1138 		.mode           = 0644,
1139 		.proc_handler   = proc_dou8vec_minmax,
1140 	},
1141 	{
1142 		.procname	= "tcp_slow_start_after_idle",
1143 		.data		= &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1144 		.maxlen		= sizeof(u8),
1145 		.mode		= 0644,
1146 		.proc_handler	= proc_dou8vec_minmax,
1147 	},
1148 	{
1149 		.procname	= "tcp_retrans_collapse",
1150 		.data		= &init_net.ipv4.sysctl_tcp_retrans_collapse,
1151 		.maxlen		= sizeof(u8),
1152 		.mode		= 0644,
1153 		.proc_handler	= proc_dou8vec_minmax,
1154 	},
1155 	{
1156 		.procname	= "tcp_stdurg",
1157 		.data		= &init_net.ipv4.sysctl_tcp_stdurg,
1158 		.maxlen		= sizeof(u8),
1159 		.mode		= 0644,
1160 		.proc_handler	= proc_dou8vec_minmax,
1161 	},
1162 	{
1163 		.procname	= "tcp_rfc1337",
1164 		.data		= &init_net.ipv4.sysctl_tcp_rfc1337,
1165 		.maxlen		= sizeof(u8),
1166 		.mode		= 0644,
1167 		.proc_handler	= proc_dou8vec_minmax,
1168 	},
1169 	{
1170 		.procname	= "tcp_abort_on_overflow",
1171 		.data		= &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1172 		.maxlen		= sizeof(u8),
1173 		.mode		= 0644,
1174 		.proc_handler	= proc_dou8vec_minmax,
1175 	},
1176 	{
1177 		.procname	= "tcp_fack",
1178 		.data		= &init_net.ipv4.sysctl_tcp_fack,
1179 		.maxlen		= sizeof(u8),
1180 		.mode		= 0644,
1181 		.proc_handler	= proc_dou8vec_minmax,
1182 	},
1183 	{
1184 		.procname	= "tcp_max_reordering",
1185 		.data		= &init_net.ipv4.sysctl_tcp_max_reordering,
1186 		.maxlen		= sizeof(int),
1187 		.mode		= 0644,
1188 		.proc_handler	= proc_dointvec
1189 	},
1190 	{
1191 		.procname	= "tcp_dsack",
1192 		.data		= &init_net.ipv4.sysctl_tcp_dsack,
1193 		.maxlen		= sizeof(u8),
1194 		.mode		= 0644,
1195 		.proc_handler	= proc_dou8vec_minmax,
1196 	},
1197 	{
1198 		.procname	= "tcp_app_win",
1199 		.data		= &init_net.ipv4.sysctl_tcp_app_win,
1200 		.maxlen		= sizeof(u8),
1201 		.mode		= 0644,
1202 		.proc_handler	= proc_dou8vec_minmax,
1203 		.extra1		= SYSCTL_ZERO,
1204 		.extra2		= &tcp_app_win_max,
1205 	},
1206 	{
1207 		.procname	= "tcp_adv_win_scale",
1208 		.data		= &init_net.ipv4.sysctl_tcp_adv_win_scale,
1209 		.maxlen		= sizeof(int),
1210 		.mode		= 0644,
1211 		.proc_handler	= proc_dointvec_minmax,
1212 		.extra1		= &tcp_adv_win_scale_min,
1213 		.extra2		= &tcp_adv_win_scale_max,
1214 	},
1215 	{
1216 		.procname	= "tcp_frto",
1217 		.data		= &init_net.ipv4.sysctl_tcp_frto,
1218 		.maxlen		= sizeof(u8),
1219 		.mode		= 0644,
1220 		.proc_handler	= proc_dou8vec_minmax,
1221 	},
1222 	{
1223 		.procname	= "tcp_no_metrics_save",
1224 		.data		= &init_net.ipv4.sysctl_tcp_nometrics_save,
1225 		.maxlen		= sizeof(u8),
1226 		.mode		= 0644,
1227 		.proc_handler	= proc_dou8vec_minmax,
1228 	},
1229 	{
1230 		.procname	= "tcp_no_ssthresh_metrics_save",
1231 		.data		= &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1232 		.maxlen		= sizeof(u8),
1233 		.mode		= 0644,
1234 		.proc_handler	= proc_dou8vec_minmax,
1235 		.extra1		= SYSCTL_ZERO,
1236 		.extra2		= SYSCTL_ONE,
1237 	},
1238 	{
1239 		.procname	= "tcp_moderate_rcvbuf",
1240 		.data		= &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1241 		.maxlen		= sizeof(u8),
1242 		.mode		= 0644,
1243 		.proc_handler	= proc_dou8vec_minmax,
1244 	},
1245 	{
1246 		.procname	= "tcp_tso_win_divisor",
1247 		.data		= &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1248 		.maxlen		= sizeof(u8),
1249 		.mode		= 0644,
1250 		.proc_handler	= proc_dou8vec_minmax,
1251 	},
1252 	{
1253 		.procname	= "tcp_workaround_signed_windows",
1254 		.data		= &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1255 		.maxlen		= sizeof(u8),
1256 		.mode		= 0644,
1257 		.proc_handler	= proc_dou8vec_minmax,
1258 	},
1259 	{
1260 		.procname	= "tcp_limit_output_bytes",
1261 		.data		= &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1262 		.maxlen		= sizeof(int),
1263 		.mode		= 0644,
1264 		.proc_handler	= proc_dointvec
1265 	},
1266 	{
1267 		.procname	= "tcp_challenge_ack_limit",
1268 		.data		= &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1269 		.maxlen		= sizeof(int),
1270 		.mode		= 0644,
1271 		.proc_handler	= proc_dointvec
1272 	},
1273 	{
1274 		.procname	= "tcp_min_tso_segs",
1275 		.data		= &init_net.ipv4.sysctl_tcp_min_tso_segs,
1276 		.maxlen		= sizeof(u8),
1277 		.mode		= 0644,
1278 		.proc_handler	= proc_dou8vec_minmax,
1279 		.extra1		= SYSCTL_ONE,
1280 	},
1281 	{
1282 		.procname	= "tcp_tso_rtt_log",
1283 		.data		= &init_net.ipv4.sysctl_tcp_tso_rtt_log,
1284 		.maxlen		= sizeof(u8),
1285 		.mode		= 0644,
1286 		.proc_handler	= proc_dou8vec_minmax,
1287 	},
1288 	{
1289 		.procname	= "tcp_min_rtt_wlen",
1290 		.data		= &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1291 		.maxlen		= sizeof(int),
1292 		.mode		= 0644,
1293 		.proc_handler	= proc_dointvec_minmax,
1294 		.extra1		= SYSCTL_ZERO,
1295 		.extra2		= &one_day_secs
1296 	},
1297 	{
1298 		.procname	= "tcp_autocorking",
1299 		.data		= &init_net.ipv4.sysctl_tcp_autocorking,
1300 		.maxlen		= sizeof(u8),
1301 		.mode		= 0644,
1302 		.proc_handler	= proc_dou8vec_minmax,
1303 		.extra1		= SYSCTL_ZERO,
1304 		.extra2		= SYSCTL_ONE,
1305 	},
1306 	{
1307 		.procname	= "tcp_invalid_ratelimit",
1308 		.data		= &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1309 		.maxlen		= sizeof(int),
1310 		.mode		= 0644,
1311 		.proc_handler	= proc_dointvec_ms_jiffies,
1312 	},
1313 	{
1314 		.procname	= "tcp_pacing_ss_ratio",
1315 		.data		= &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1316 		.maxlen		= sizeof(int),
1317 		.mode		= 0644,
1318 		.proc_handler	= proc_dointvec_minmax,
1319 		.extra1		= SYSCTL_ZERO,
1320 		.extra2		= SYSCTL_ONE_THOUSAND,
1321 	},
1322 	{
1323 		.procname	= "tcp_pacing_ca_ratio",
1324 		.data		= &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1325 		.maxlen		= sizeof(int),
1326 		.mode		= 0644,
1327 		.proc_handler	= proc_dointvec_minmax,
1328 		.extra1		= SYSCTL_ZERO,
1329 		.extra2		= SYSCTL_ONE_THOUSAND,
1330 	},
1331 	{
1332 		.procname	= "tcp_wmem",
1333 		.data		= &init_net.ipv4.sysctl_tcp_wmem,
1334 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_wmem),
1335 		.mode		= 0644,
1336 		.proc_handler	= proc_dointvec_minmax,
1337 		.extra1		= SYSCTL_ONE,
1338 	},
1339 	{
1340 		.procname	= "tcp_rmem",
1341 		.data		= &init_net.ipv4.sysctl_tcp_rmem,
1342 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_rmem),
1343 		.mode		= 0644,
1344 		.proc_handler	= proc_dointvec_minmax,
1345 		.extra1		= SYSCTL_ONE,
1346 	},
1347 	{
1348 		.procname	= "tcp_comp_sack_delay_ns",
1349 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1350 		.maxlen		= sizeof(unsigned long),
1351 		.mode		= 0644,
1352 		.proc_handler	= proc_doulongvec_minmax,
1353 	},
1354 	{
1355 		.procname	= "tcp_comp_sack_slack_ns",
1356 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
1357 		.maxlen		= sizeof(unsigned long),
1358 		.mode		= 0644,
1359 		.proc_handler	= proc_doulongvec_minmax,
1360 	},
1361 	{
1362 		.procname	= "tcp_comp_sack_nr",
1363 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1364 		.maxlen		= sizeof(u8),
1365 		.mode		= 0644,
1366 		.proc_handler	= proc_dou8vec_minmax,
1367 		.extra1		= SYSCTL_ZERO,
1368 	},
1369 	{
1370 		.procname       = "tcp_reflect_tos",
1371 		.data           = &init_net.ipv4.sysctl_tcp_reflect_tos,
1372 		.maxlen         = sizeof(u8),
1373 		.mode           = 0644,
1374 		.proc_handler   = proc_dou8vec_minmax,
1375 		.extra1         = SYSCTL_ZERO,
1376 		.extra2         = SYSCTL_ONE,
1377 	},
1378 	{
1379 		.procname	= "tcp_ehash_entries",
1380 		.data		= &init_net.ipv4.sysctl_tcp_child_ehash_entries,
1381 		.mode		= 0444,
1382 		.proc_handler	= proc_tcp_ehash_entries,
1383 	},
1384 	{
1385 		.procname	= "tcp_child_ehash_entries",
1386 		.data		= &init_net.ipv4.sysctl_tcp_child_ehash_entries,
1387 		.maxlen		= sizeof(unsigned int),
1388 		.mode		= 0644,
1389 		.proc_handler	= proc_douintvec_minmax,
1390 		.extra1		= SYSCTL_ZERO,
1391 		.extra2		= &tcp_child_ehash_entries_max,
1392 	},
1393 	{
1394 		.procname	= "udp_hash_entries",
1395 		.data		= &init_net.ipv4.sysctl_udp_child_hash_entries,
1396 		.mode		= 0444,
1397 		.proc_handler	= proc_udp_hash_entries,
1398 	},
1399 	{
1400 		.procname	= "udp_child_hash_entries",
1401 		.data		= &init_net.ipv4.sysctl_udp_child_hash_entries,
1402 		.maxlen		= sizeof(unsigned int),
1403 		.mode		= 0644,
1404 		.proc_handler	= proc_douintvec_minmax,
1405 		.extra1		= SYSCTL_ZERO,
1406 		.extra2		= &udp_child_hash_entries_max,
1407 	},
1408 	{
1409 		.procname	= "udp_rmem_min",
1410 		.data		= &init_net.ipv4.sysctl_udp_rmem_min,
1411 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1412 		.mode		= 0644,
1413 		.proc_handler	= proc_dointvec_minmax,
1414 		.extra1		= SYSCTL_ONE
1415 	},
1416 	{
1417 		.procname	= "udp_wmem_min",
1418 		.data		= &init_net.ipv4.sysctl_udp_wmem_min,
1419 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1420 		.mode		= 0644,
1421 		.proc_handler	= proc_dointvec_minmax,
1422 		.extra1		= SYSCTL_ONE
1423 	},
1424 	{
1425 		.procname	= "fib_notify_on_flag_change",
1426 		.data		= &init_net.ipv4.sysctl_fib_notify_on_flag_change,
1427 		.maxlen		= sizeof(u8),
1428 		.mode		= 0644,
1429 		.proc_handler	= proc_dou8vec_minmax,
1430 		.extra1		= SYSCTL_ZERO,
1431 		.extra2		= SYSCTL_TWO,
1432 	},
1433 	{
1434 		.procname       = "tcp_plb_enabled",
1435 		.data           = &init_net.ipv4.sysctl_tcp_plb_enabled,
1436 		.maxlen         = sizeof(u8),
1437 		.mode           = 0644,
1438 		.proc_handler   = proc_dou8vec_minmax,
1439 		.extra1         = SYSCTL_ZERO,
1440 		.extra2         = SYSCTL_ONE,
1441 	},
1442 	{
1443 		.procname       = "tcp_plb_idle_rehash_rounds",
1444 		.data           = &init_net.ipv4.sysctl_tcp_plb_idle_rehash_rounds,
1445 		.maxlen         = sizeof(u8),
1446 		.mode           = 0644,
1447 		.proc_handler   = proc_dou8vec_minmax,
1448 		.extra2		= &tcp_plb_max_rounds,
1449 	},
1450 	{
1451 		.procname       = "tcp_plb_rehash_rounds",
1452 		.data           = &init_net.ipv4.sysctl_tcp_plb_rehash_rounds,
1453 		.maxlen         = sizeof(u8),
1454 		.mode           = 0644,
1455 		.proc_handler   = proc_dou8vec_minmax,
1456 		.extra2         = &tcp_plb_max_rounds,
1457 	},
1458 	{
1459 		.procname       = "tcp_plb_suspend_rto_sec",
1460 		.data           = &init_net.ipv4.sysctl_tcp_plb_suspend_rto_sec,
1461 		.maxlen         = sizeof(u8),
1462 		.mode           = 0644,
1463 		.proc_handler   = proc_dou8vec_minmax,
1464 	},
1465 	{
1466 		.procname       = "tcp_plb_cong_thresh",
1467 		.data           = &init_net.ipv4.sysctl_tcp_plb_cong_thresh,
1468 		.maxlen         = sizeof(int),
1469 		.mode           = 0644,
1470 		.proc_handler   = proc_dointvec_minmax,
1471 		.extra1         = SYSCTL_ZERO,
1472 		.extra2         = &tcp_plb_max_cong_thresh,
1473 	},
1474 	{
1475 		.procname	= "tcp_syn_linear_timeouts",
1476 		.data		= &init_net.ipv4.sysctl_tcp_syn_linear_timeouts,
1477 		.maxlen		= sizeof(u8),
1478 		.mode		= 0644,
1479 		.proc_handler	= proc_dou8vec_minmax,
1480 		.extra1		= SYSCTL_ZERO,
1481 		.extra2		= &tcp_syn_linear_timeouts_max,
1482 	},
1483 	{
1484 		.procname	= "tcp_shrink_window",
1485 		.data		= &init_net.ipv4.sysctl_tcp_shrink_window,
1486 		.maxlen		= sizeof(u8),
1487 		.mode		= 0644,
1488 		.proc_handler	= proc_dou8vec_minmax,
1489 		.extra1		= SYSCTL_ZERO,
1490 		.extra2		= SYSCTL_ONE,
1491 	},
1492 	{ }
1493 };
1494 
1495 static __net_init int ipv4_sysctl_init_net(struct net *net)
1496 {
1497 	struct ctl_table *table;
1498 
1499 	table = ipv4_net_table;
1500 	if (!net_eq(net, &init_net)) {
1501 		int i;
1502 
1503 		table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1504 		if (!table)
1505 			goto err_alloc;
1506 
1507 		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1508 			if (table[i].data) {
1509 				/* Update the variables to point into
1510 				 * the current struct net
1511 				 */
1512 				table[i].data += (void *)net - (void *)&init_net;
1513 			} else {
1514 				/* Entries without data pointer are global;
1515 				 * Make them read-only in non-init_net ns
1516 				 */
1517 				table[i].mode &= ~0222;
1518 			}
1519 		}
1520 	}
1521 
1522 	net->ipv4.ipv4_hdr = register_net_sysctl_sz(net, "net/ipv4", table,
1523 						    ARRAY_SIZE(ipv4_net_table));
1524 	if (!net->ipv4.ipv4_hdr)
1525 		goto err_reg;
1526 
1527 	net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1528 	if (!net->ipv4.sysctl_local_reserved_ports)
1529 		goto err_ports;
1530 
1531 	return 0;
1532 
1533 err_ports:
1534 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1535 err_reg:
1536 	if (!net_eq(net, &init_net))
1537 		kfree(table);
1538 err_alloc:
1539 	return -ENOMEM;
1540 }
1541 
1542 static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1543 {
1544 	struct ctl_table *table;
1545 
1546 	kfree(net->ipv4.sysctl_local_reserved_ports);
1547 	table = net->ipv4.ipv4_hdr->ctl_table_arg;
1548 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1549 	kfree(table);
1550 }
1551 
1552 static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1553 	.init = ipv4_sysctl_init_net,
1554 	.exit = ipv4_sysctl_exit_net,
1555 };
1556 
1557 static __init int sysctl_ipv4_init(void)
1558 {
1559 	struct ctl_table_header *hdr;
1560 
1561 	hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1562 	if (!hdr)
1563 		return -ENOMEM;
1564 
1565 	if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1566 		unregister_net_sysctl_table(hdr);
1567 		return -ENOMEM;
1568 	}
1569 
1570 	return 0;
1571 }
1572 
1573 __initcall(sysctl_ipv4_init);
1574