1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 7 */ 8 9 #include <linux/sysctl.h> 10 #include <linux/seqlock.h> 11 #include <linux/init.h> 12 #include <linux/slab.h> 13 #include <net/icmp.h> 14 #include <net/ip.h> 15 #include <net/ip_fib.h> 16 #include <net/tcp.h> 17 #include <net/udp.h> 18 #include <net/cipso_ipv4.h> 19 #include <net/ping.h> 20 #include <net/protocol.h> 21 #include <net/netevent.h> 22 23 static int tcp_retr1_max = 255; 24 static int ip_local_port_range_min[] = { 1, 1 }; 25 static int ip_local_port_range_max[] = { 65535, 65535 }; 26 static int tcp_adv_win_scale_min = -31; 27 static int tcp_adv_win_scale_max = 31; 28 static int tcp_app_win_max = 31; 29 static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS; 30 static int tcp_min_snd_mss_max = 65535; 31 static int ip_privileged_port_min; 32 static int ip_privileged_port_max = 65535; 33 static int ip_ttl_min = 1; 34 static int ip_ttl_max = 255; 35 static int tcp_syn_retries_min = 1; 36 static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 37 static int tcp_syn_linear_timeouts_max = MAX_TCP_SYNCNT; 38 static unsigned long ip_ping_group_range_min[] = { 0, 0 }; 39 static unsigned long ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 40 static u32 u32_max_div_HZ = UINT_MAX / HZ; 41 static int one_day_secs = 24 * 3600; 42 static u32 fib_multipath_hash_fields_all_mask __maybe_unused = 43 FIB_MULTIPATH_HASH_FIELD_ALL_MASK; 44 static unsigned int tcp_child_ehash_entries_max = 16 * 1024 * 1024; 45 static unsigned int udp_child_hash_entries_max = UDP_HTABLE_SIZE_MAX; 46 static int tcp_plb_max_rounds = 31; 47 static int tcp_plb_max_cong_thresh = 256; 48 static unsigned int tcp_tw_reuse_delay_max = TCP_PAWS_MSL * MSEC_PER_SEC; 49 50 /* obsolete */ 51 static int sysctl_tcp_low_latency __read_mostly; 52 53 /* Update system visible IP port range */ 54 static void set_local_port_range(struct net *net, unsigned int low, unsigned int high) 55 { 56 bool same_parity = !((low ^ high) & 1); 57 58 if (same_parity && !net->ipv4.ip_local_ports.warned) { 59 net->ipv4.ip_local_ports.warned = true; 60 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n"); 61 } 62 WRITE_ONCE(net->ipv4.ip_local_ports.range, high << 16 | low); 63 } 64 65 /* Validate changes from /proc interface. */ 66 static int ipv4_local_port_range(const struct ctl_table *table, int write, 67 void *buffer, size_t *lenp, loff_t *ppos) 68 { 69 struct net *net = table->data; 70 int ret; 71 int range[2]; 72 struct ctl_table tmp = { 73 .data = &range, 74 .maxlen = sizeof(range), 75 .mode = table->mode, 76 .extra1 = &ip_local_port_range_min, 77 .extra2 = &ip_local_port_range_max, 78 }; 79 80 inet_get_local_port_range(net, &range[0], &range[1]); 81 82 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 83 84 if (write && ret == 0) { 85 /* Ensure that the upper limit is not smaller than the lower, 86 * and that the lower does not encroach upon the privileged 87 * port limit. 88 */ 89 if ((range[1] < range[0]) || 90 (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock))) 91 ret = -EINVAL; 92 else 93 set_local_port_range(net, range[0], range[1]); 94 } 95 96 return ret; 97 } 98 99 /* Validate changes from /proc interface. */ 100 static int ipv4_privileged_ports(const struct ctl_table *table, int write, 101 void *buffer, size_t *lenp, loff_t *ppos) 102 { 103 struct net *net = container_of(table->data, struct net, 104 ipv4.sysctl_ip_prot_sock); 105 int ret; 106 int pports; 107 int range[2]; 108 struct ctl_table tmp = { 109 .data = &pports, 110 .maxlen = sizeof(pports), 111 .mode = table->mode, 112 .extra1 = &ip_privileged_port_min, 113 .extra2 = &ip_privileged_port_max, 114 }; 115 116 pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock); 117 118 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 119 120 if (write && ret == 0) { 121 inet_get_local_port_range(net, &range[0], &range[1]); 122 /* Ensure that the local port range doesn't overlap with the 123 * privileged port range. 124 */ 125 if (range[0] < pports) 126 ret = -EINVAL; 127 else 128 WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports); 129 } 130 131 return ret; 132 } 133 134 static void inet_get_ping_group_range_table(const struct ctl_table *table, 135 kgid_t *low, kgid_t *high) 136 { 137 kgid_t *data = table->data; 138 struct net *net = 139 container_of(table->data, struct net, ipv4.ping_group_range.range); 140 unsigned int seq; 141 do { 142 seq = read_seqbegin(&net->ipv4.ping_group_range.lock); 143 144 *low = data[0]; 145 *high = data[1]; 146 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq)); 147 } 148 149 /* Update system visible IP port range */ 150 static void set_ping_group_range(const struct ctl_table *table, 151 kgid_t low, kgid_t high) 152 { 153 kgid_t *data = table->data; 154 struct net *net = 155 container_of(table->data, struct net, ipv4.ping_group_range.range); 156 write_seqlock(&net->ipv4.ping_group_range.lock); 157 data[0] = low; 158 data[1] = high; 159 write_sequnlock(&net->ipv4.ping_group_range.lock); 160 } 161 162 /* Validate changes from /proc interface. */ 163 static int ipv4_ping_group_range(const struct ctl_table *table, int write, 164 void *buffer, size_t *lenp, loff_t *ppos) 165 { 166 struct user_namespace *user_ns = current_user_ns(); 167 int ret; 168 unsigned long urange[2]; 169 kgid_t low, high; 170 struct ctl_table tmp = { 171 .data = &urange, 172 .maxlen = sizeof(urange), 173 .mode = table->mode, 174 .extra1 = &ip_ping_group_range_min, 175 .extra2 = &ip_ping_group_range_max, 176 }; 177 178 inet_get_ping_group_range_table(table, &low, &high); 179 urange[0] = from_kgid_munged(user_ns, low); 180 urange[1] = from_kgid_munged(user_ns, high); 181 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 182 183 if (write && ret == 0) { 184 low = make_kgid(user_ns, urange[0]); 185 high = make_kgid(user_ns, urange[1]); 186 if (!gid_valid(low) || !gid_valid(high)) 187 return -EINVAL; 188 if (urange[1] < urange[0] || gid_lt(high, low)) { 189 low = make_kgid(&init_user_ns, 1); 190 high = make_kgid(&init_user_ns, 0); 191 } 192 set_ping_group_range(table, low, high); 193 } 194 195 return ret; 196 } 197 198 static int ipv4_fwd_update_priority(const struct ctl_table *table, int write, 199 void *buffer, size_t *lenp, loff_t *ppos) 200 { 201 struct net *net; 202 int ret; 203 204 net = container_of(table->data, struct net, 205 ipv4.sysctl_ip_fwd_update_priority); 206 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 207 if (write && ret == 0) 208 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE, 209 net); 210 211 return ret; 212 } 213 214 static int proc_tcp_congestion_control(const struct ctl_table *ctl, int write, 215 void *buffer, size_t *lenp, loff_t *ppos) 216 { 217 struct net *net = container_of(ctl->data, struct net, 218 ipv4.tcp_congestion_control); 219 char val[TCP_CA_NAME_MAX]; 220 struct ctl_table tbl = { 221 .data = val, 222 .maxlen = TCP_CA_NAME_MAX, 223 }; 224 int ret; 225 226 tcp_get_default_congestion_control(net, val); 227 228 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 229 if (write && ret == 0) 230 ret = tcp_set_default_congestion_control(net, val); 231 return ret; 232 } 233 234 static int proc_tcp_available_congestion_control(const struct ctl_table *ctl, 235 int write, void *buffer, 236 size_t *lenp, loff_t *ppos) 237 { 238 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 239 int ret; 240 241 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 242 if (!tbl.data) 243 return -ENOMEM; 244 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 245 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 246 kfree(tbl.data); 247 return ret; 248 } 249 250 static int proc_allowed_congestion_control(const struct ctl_table *ctl, 251 int write, void *buffer, 252 size_t *lenp, loff_t *ppos) 253 { 254 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 255 int ret; 256 257 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 258 if (!tbl.data) 259 return -ENOMEM; 260 261 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 262 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 263 if (write && ret == 0) 264 ret = tcp_set_allowed_congestion_control(tbl.data); 265 kfree(tbl.data); 266 return ret; 267 } 268 269 static int sscanf_key(char *buf, __le32 *key) 270 { 271 u32 user_key[4]; 272 int i, ret = 0; 273 274 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1, 275 user_key + 2, user_key + 3) != 4) { 276 ret = -EINVAL; 277 } else { 278 for (i = 0; i < ARRAY_SIZE(user_key); i++) 279 key[i] = cpu_to_le32(user_key[i]); 280 } 281 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 282 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret); 283 284 return ret; 285 } 286 287 static int proc_tcp_fastopen_key(const struct ctl_table *table, int write, 288 void *buffer, size_t *lenp, loff_t *ppos) 289 { 290 struct net *net = container_of(table->data, struct net, 291 ipv4.sysctl_tcp_fastopen); 292 /* maxlen to print the list of keys in hex (*2), with dashes 293 * separating doublewords and a comma in between keys. 294 */ 295 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 296 2 * TCP_FASTOPEN_KEY_MAX) + 297 (TCP_FASTOPEN_KEY_MAX * 5)) }; 298 u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)]; 299 __le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)]; 300 char *backup_data; 301 int ret, i = 0, off = 0, n_keys; 302 303 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 304 if (!tbl.data) 305 return -ENOMEM; 306 307 n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key); 308 if (!n_keys) { 309 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH); 310 n_keys = 1; 311 } 312 313 for (i = 0; i < n_keys * 4; i++) 314 user_key[i] = le32_to_cpu(key[i]); 315 316 for (i = 0; i < n_keys; i++) { 317 off += snprintf(tbl.data + off, tbl.maxlen - off, 318 "%08x-%08x-%08x-%08x", 319 user_key[i * 4], 320 user_key[i * 4 + 1], 321 user_key[i * 4 + 2], 322 user_key[i * 4 + 3]); 323 324 if (WARN_ON_ONCE(off >= tbl.maxlen - 1)) 325 break; 326 327 if (i + 1 < n_keys) 328 off += snprintf(tbl.data + off, tbl.maxlen - off, ","); 329 } 330 331 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 332 333 if (write && ret == 0) { 334 backup_data = strchr(tbl.data, ','); 335 if (backup_data) { 336 *backup_data = '\0'; 337 backup_data++; 338 } 339 if (sscanf_key(tbl.data, key)) { 340 ret = -EINVAL; 341 goto bad_key; 342 } 343 if (backup_data) { 344 if (sscanf_key(backup_data, key + 4)) { 345 ret = -EINVAL; 346 goto bad_key; 347 } 348 } 349 tcp_fastopen_reset_cipher(net, NULL, key, 350 backup_data ? key + 4 : NULL); 351 } 352 353 bad_key: 354 kfree(tbl.data); 355 return ret; 356 } 357 358 static int proc_tfo_blackhole_detect_timeout(const struct ctl_table *table, 359 int write, void *buffer, 360 size_t *lenp, loff_t *ppos) 361 { 362 struct net *net = container_of(table->data, struct net, 363 ipv4.sysctl_tcp_fastopen_blackhole_timeout); 364 int ret; 365 366 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 367 if (write && ret == 0) 368 atomic_set(&net->ipv4.tfo_active_disable_times, 0); 369 370 return ret; 371 } 372 373 static int proc_tcp_available_ulp(const struct ctl_table *ctl, 374 int write, void *buffer, size_t *lenp, 375 loff_t *ppos) 376 { 377 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; 378 int ret; 379 380 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 381 if (!tbl.data) 382 return -ENOMEM; 383 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX); 384 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 385 kfree(tbl.data); 386 387 return ret; 388 } 389 390 static int proc_tcp_ehash_entries(const struct ctl_table *table, int write, 391 void *buffer, size_t *lenp, loff_t *ppos) 392 { 393 struct net *net = container_of(table->data, struct net, 394 ipv4.sysctl_tcp_child_ehash_entries); 395 struct inet_hashinfo *hinfo = net->ipv4.tcp_death_row.hashinfo; 396 int tcp_ehash_entries; 397 struct ctl_table tbl; 398 399 tcp_ehash_entries = hinfo->ehash_mask + 1; 400 401 /* A negative number indicates that the child netns 402 * shares the global ehash. 403 */ 404 if (!net_eq(net, &init_net) && !hinfo->pernet) 405 tcp_ehash_entries *= -1; 406 407 memset(&tbl, 0, sizeof(tbl)); 408 tbl.data = &tcp_ehash_entries; 409 tbl.maxlen = sizeof(int); 410 411 return proc_dointvec(&tbl, write, buffer, lenp, ppos); 412 } 413 414 static int proc_udp_hash_entries(const struct ctl_table *table, int write, 415 void *buffer, size_t *lenp, loff_t *ppos) 416 { 417 struct net *net = container_of(table->data, struct net, 418 ipv4.sysctl_udp_child_hash_entries); 419 int udp_hash_entries; 420 struct ctl_table tbl; 421 422 udp_hash_entries = net->ipv4.udp_table->mask + 1; 423 424 /* A negative number indicates that the child netns 425 * shares the global udp_table. 426 */ 427 if (!net_eq(net, &init_net) && net->ipv4.udp_table == &udp_table) 428 udp_hash_entries *= -1; 429 430 memset(&tbl, 0, sizeof(tbl)); 431 tbl.data = &udp_hash_entries; 432 tbl.maxlen = sizeof(int); 433 434 return proc_dointvec(&tbl, write, buffer, lenp, ppos); 435 } 436 437 #ifdef CONFIG_IP_ROUTE_MULTIPATH 438 static int proc_fib_multipath_hash_policy(const struct ctl_table *table, int write, 439 void *buffer, size_t *lenp, 440 loff_t *ppos) 441 { 442 struct net *net = container_of(table->data, struct net, 443 ipv4.sysctl_fib_multipath_hash_policy); 444 int ret; 445 446 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 447 if (write && ret == 0) 448 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 449 450 return ret; 451 } 452 453 static int proc_fib_multipath_hash_fields(const struct ctl_table *table, int write, 454 void *buffer, size_t *lenp, 455 loff_t *ppos) 456 { 457 struct net *net; 458 int ret; 459 460 net = container_of(table->data, struct net, 461 ipv4.sysctl_fib_multipath_hash_fields); 462 ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos); 463 if (write && ret == 0) 464 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 465 466 return ret; 467 } 468 469 static u32 proc_fib_multipath_hash_rand_seed __ro_after_init; 470 471 static void proc_fib_multipath_hash_init_rand_seed(void) 472 { 473 get_random_bytes(&proc_fib_multipath_hash_rand_seed, 474 sizeof(proc_fib_multipath_hash_rand_seed)); 475 } 476 477 static void proc_fib_multipath_hash_set_seed(struct net *net, u32 user_seed) 478 { 479 struct sysctl_fib_multipath_hash_seed new = { 480 .user_seed = user_seed, 481 .mp_seed = (user_seed ? user_seed : 482 proc_fib_multipath_hash_rand_seed), 483 }; 484 485 WRITE_ONCE(net->ipv4.sysctl_fib_multipath_hash_seed, new); 486 } 487 488 static int proc_fib_multipath_hash_seed(const struct ctl_table *table, int write, 489 void *buffer, size_t *lenp, 490 loff_t *ppos) 491 { 492 struct sysctl_fib_multipath_hash_seed *mphs; 493 struct net *net = table->data; 494 struct ctl_table tmp; 495 u32 user_seed; 496 int ret; 497 498 mphs = &net->ipv4.sysctl_fib_multipath_hash_seed; 499 user_seed = mphs->user_seed; 500 501 tmp = *table; 502 tmp.data = &user_seed; 503 504 ret = proc_douintvec_minmax(&tmp, write, buffer, lenp, ppos); 505 506 if (write && ret == 0) { 507 proc_fib_multipath_hash_set_seed(net, user_seed); 508 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 509 } 510 511 return ret; 512 } 513 #else 514 515 static void proc_fib_multipath_hash_init_rand_seed(void) 516 { 517 } 518 519 static void proc_fib_multipath_hash_set_seed(struct net *net, u32 user_seed) 520 { 521 } 522 523 #endif 524 525 static struct ctl_table ipv4_table[] = { 526 { 527 .procname = "tcp_max_orphans", 528 .data = &sysctl_tcp_max_orphans, 529 .maxlen = sizeof(int), 530 .mode = 0644, 531 .proc_handler = proc_dointvec 532 }, 533 { 534 .procname = "inet_peer_threshold", 535 .data = &inet_peer_threshold, 536 .maxlen = sizeof(int), 537 .mode = 0644, 538 .proc_handler = proc_dointvec 539 }, 540 { 541 .procname = "inet_peer_minttl", 542 .data = &inet_peer_minttl, 543 .maxlen = sizeof(int), 544 .mode = 0644, 545 .proc_handler = proc_dointvec_jiffies, 546 }, 547 { 548 .procname = "inet_peer_maxttl", 549 .data = &inet_peer_maxttl, 550 .maxlen = sizeof(int), 551 .mode = 0644, 552 .proc_handler = proc_dointvec_jiffies, 553 }, 554 { 555 .procname = "tcp_mem", 556 .maxlen = sizeof(sysctl_tcp_mem), 557 .data = &sysctl_tcp_mem, 558 .mode = 0644, 559 .proc_handler = proc_doulongvec_minmax, 560 }, 561 { 562 .procname = "tcp_low_latency", 563 .data = &sysctl_tcp_low_latency, 564 .maxlen = sizeof(int), 565 .mode = 0644, 566 .proc_handler = proc_dointvec 567 }, 568 #ifdef CONFIG_NETLABEL 569 { 570 .procname = "cipso_cache_enable", 571 .data = &cipso_v4_cache_enabled, 572 .maxlen = sizeof(int), 573 .mode = 0644, 574 .proc_handler = proc_dointvec, 575 }, 576 { 577 .procname = "cipso_cache_bucket_size", 578 .data = &cipso_v4_cache_bucketsize, 579 .maxlen = sizeof(int), 580 .mode = 0644, 581 .proc_handler = proc_dointvec, 582 }, 583 { 584 .procname = "cipso_rbm_optfmt", 585 .data = &cipso_v4_rbm_optfmt, 586 .maxlen = sizeof(int), 587 .mode = 0644, 588 .proc_handler = proc_dointvec, 589 }, 590 { 591 .procname = "cipso_rbm_strictvalid", 592 .data = &cipso_v4_rbm_strictvalid, 593 .maxlen = sizeof(int), 594 .mode = 0644, 595 .proc_handler = proc_dointvec, 596 }, 597 #endif /* CONFIG_NETLABEL */ 598 { 599 .procname = "tcp_available_ulp", 600 .maxlen = TCP_ULP_BUF_MAX, 601 .mode = 0444, 602 .proc_handler = proc_tcp_available_ulp, 603 }, 604 { 605 .procname = "udp_mem", 606 .data = &sysctl_udp_mem, 607 .maxlen = sizeof(sysctl_udp_mem), 608 .mode = 0644, 609 .proc_handler = proc_doulongvec_minmax, 610 }, 611 { 612 .procname = "fib_sync_mem", 613 .data = &sysctl_fib_sync_mem, 614 .maxlen = sizeof(sysctl_fib_sync_mem), 615 .mode = 0644, 616 .proc_handler = proc_douintvec_minmax, 617 .extra1 = &sysctl_fib_sync_mem_min, 618 .extra2 = &sysctl_fib_sync_mem_max, 619 }, 620 }; 621 622 static struct ctl_table ipv4_net_table[] = { 623 { 624 .procname = "tcp_max_tw_buckets", 625 .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets, 626 .maxlen = sizeof(int), 627 .mode = 0644, 628 .proc_handler = proc_dointvec 629 }, 630 { 631 .procname = "icmp_echo_ignore_all", 632 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 633 .maxlen = sizeof(u8), 634 .mode = 0644, 635 .proc_handler = proc_dou8vec_minmax, 636 .extra1 = SYSCTL_ZERO, 637 .extra2 = SYSCTL_ONE 638 }, 639 { 640 .procname = "icmp_echo_enable_probe", 641 .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe, 642 .maxlen = sizeof(u8), 643 .mode = 0644, 644 .proc_handler = proc_dou8vec_minmax, 645 .extra1 = SYSCTL_ZERO, 646 .extra2 = SYSCTL_ONE 647 }, 648 { 649 .procname = "icmp_echo_ignore_broadcasts", 650 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 651 .maxlen = sizeof(u8), 652 .mode = 0644, 653 .proc_handler = proc_dou8vec_minmax, 654 .extra1 = SYSCTL_ZERO, 655 .extra2 = SYSCTL_ONE 656 }, 657 { 658 .procname = "icmp_ignore_bogus_error_responses", 659 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 660 .maxlen = sizeof(u8), 661 .mode = 0644, 662 .proc_handler = proc_dou8vec_minmax, 663 .extra1 = SYSCTL_ZERO, 664 .extra2 = SYSCTL_ONE 665 }, 666 { 667 .procname = "icmp_errors_use_inbound_ifaddr", 668 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 669 .maxlen = sizeof(u8), 670 .mode = 0644, 671 .proc_handler = proc_dou8vec_minmax, 672 .extra1 = SYSCTL_ZERO, 673 .extra2 = SYSCTL_ONE 674 }, 675 { 676 .procname = "icmp_ratelimit", 677 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 678 .maxlen = sizeof(int), 679 .mode = 0644, 680 .proc_handler = proc_dointvec_ms_jiffies, 681 }, 682 { 683 .procname = "icmp_ratemask", 684 .data = &init_net.ipv4.sysctl_icmp_ratemask, 685 .maxlen = sizeof(int), 686 .mode = 0644, 687 .proc_handler = proc_dointvec 688 }, 689 { 690 .procname = "icmp_msgs_per_sec", 691 .data = &init_net.ipv4.sysctl_icmp_msgs_per_sec, 692 .maxlen = sizeof(int), 693 .mode = 0644, 694 .proc_handler = proc_dointvec_minmax, 695 .extra1 = SYSCTL_ZERO, 696 }, 697 { 698 .procname = "icmp_msgs_burst", 699 .data = &init_net.ipv4.sysctl_icmp_msgs_burst, 700 .maxlen = sizeof(int), 701 .mode = 0644, 702 .proc_handler = proc_dointvec_minmax, 703 .extra1 = SYSCTL_ZERO, 704 }, 705 { 706 .procname = "ping_group_range", 707 .data = &init_net.ipv4.ping_group_range.range, 708 .maxlen = sizeof(gid_t)*2, 709 .mode = 0644, 710 .proc_handler = ipv4_ping_group_range, 711 }, 712 #ifdef CONFIG_NET_L3_MASTER_DEV 713 { 714 .procname = "raw_l3mdev_accept", 715 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept, 716 .maxlen = sizeof(u8), 717 .mode = 0644, 718 .proc_handler = proc_dou8vec_minmax, 719 .extra1 = SYSCTL_ZERO, 720 .extra2 = SYSCTL_ONE, 721 }, 722 #endif 723 { 724 .procname = "tcp_ecn", 725 .data = &init_net.ipv4.sysctl_tcp_ecn, 726 .maxlen = sizeof(u8), 727 .mode = 0644, 728 .proc_handler = proc_dou8vec_minmax, 729 .extra1 = SYSCTL_ZERO, 730 .extra2 = SYSCTL_TWO, 731 }, 732 { 733 .procname = "tcp_ecn_fallback", 734 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback, 735 .maxlen = sizeof(u8), 736 .mode = 0644, 737 .proc_handler = proc_dou8vec_minmax, 738 .extra1 = SYSCTL_ZERO, 739 .extra2 = SYSCTL_ONE, 740 }, 741 { 742 .procname = "ip_dynaddr", 743 .data = &init_net.ipv4.sysctl_ip_dynaddr, 744 .maxlen = sizeof(u8), 745 .mode = 0644, 746 .proc_handler = proc_dou8vec_minmax, 747 }, 748 { 749 .procname = "ip_early_demux", 750 .data = &init_net.ipv4.sysctl_ip_early_demux, 751 .maxlen = sizeof(u8), 752 .mode = 0644, 753 .proc_handler = proc_dou8vec_minmax, 754 }, 755 { 756 .procname = "udp_early_demux", 757 .data = &init_net.ipv4.sysctl_udp_early_demux, 758 .maxlen = sizeof(u8), 759 .mode = 0644, 760 .proc_handler = proc_dou8vec_minmax, 761 }, 762 { 763 .procname = "tcp_early_demux", 764 .data = &init_net.ipv4.sysctl_tcp_early_demux, 765 .maxlen = sizeof(u8), 766 .mode = 0644, 767 .proc_handler = proc_dou8vec_minmax, 768 }, 769 { 770 .procname = "nexthop_compat_mode", 771 .data = &init_net.ipv4.sysctl_nexthop_compat_mode, 772 .maxlen = sizeof(u8), 773 .mode = 0644, 774 .proc_handler = proc_dou8vec_minmax, 775 .extra1 = SYSCTL_ZERO, 776 .extra2 = SYSCTL_ONE, 777 }, 778 { 779 .procname = "ip_default_ttl", 780 .data = &init_net.ipv4.sysctl_ip_default_ttl, 781 .maxlen = sizeof(u8), 782 .mode = 0644, 783 .proc_handler = proc_dou8vec_minmax, 784 .extra1 = &ip_ttl_min, 785 .extra2 = &ip_ttl_max, 786 }, 787 { 788 .procname = "ip_local_port_range", 789 .maxlen = 0, 790 .data = &init_net, 791 .mode = 0644, 792 .proc_handler = ipv4_local_port_range, 793 }, 794 { 795 .procname = "ip_local_reserved_ports", 796 .data = &init_net.ipv4.sysctl_local_reserved_ports, 797 .maxlen = 65536, 798 .mode = 0644, 799 .proc_handler = proc_do_large_bitmap, 800 }, 801 { 802 .procname = "ip_no_pmtu_disc", 803 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, 804 .maxlen = sizeof(u8), 805 .mode = 0644, 806 .proc_handler = proc_dou8vec_minmax, 807 }, 808 { 809 .procname = "ip_forward_use_pmtu", 810 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, 811 .maxlen = sizeof(u8), 812 .mode = 0644, 813 .proc_handler = proc_dou8vec_minmax, 814 }, 815 { 816 .procname = "ip_forward_update_priority", 817 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, 818 .maxlen = sizeof(u8), 819 .mode = 0644, 820 .proc_handler = ipv4_fwd_update_priority, 821 .extra1 = SYSCTL_ZERO, 822 .extra2 = SYSCTL_ONE, 823 }, 824 { 825 .procname = "ip_nonlocal_bind", 826 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, 827 .maxlen = sizeof(u8), 828 .mode = 0644, 829 .proc_handler = proc_dou8vec_minmax, 830 }, 831 { 832 .procname = "ip_autobind_reuse", 833 .data = &init_net.ipv4.sysctl_ip_autobind_reuse, 834 .maxlen = sizeof(u8), 835 .mode = 0644, 836 .proc_handler = proc_dou8vec_minmax, 837 .extra1 = SYSCTL_ZERO, 838 .extra2 = SYSCTL_ONE, 839 }, 840 { 841 .procname = "fwmark_reflect", 842 .data = &init_net.ipv4.sysctl_fwmark_reflect, 843 .maxlen = sizeof(u8), 844 .mode = 0644, 845 .proc_handler = proc_dou8vec_minmax, 846 }, 847 { 848 .procname = "tcp_fwmark_accept", 849 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, 850 .maxlen = sizeof(u8), 851 .mode = 0644, 852 .proc_handler = proc_dou8vec_minmax, 853 }, 854 #ifdef CONFIG_NET_L3_MASTER_DEV 855 { 856 .procname = "tcp_l3mdev_accept", 857 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept, 858 .maxlen = sizeof(u8), 859 .mode = 0644, 860 .proc_handler = proc_dou8vec_minmax, 861 .extra1 = SYSCTL_ZERO, 862 .extra2 = SYSCTL_ONE, 863 }, 864 #endif 865 { 866 .procname = "tcp_mtu_probing", 867 .data = &init_net.ipv4.sysctl_tcp_mtu_probing, 868 .maxlen = sizeof(u8), 869 .mode = 0644, 870 .proc_handler = proc_dou8vec_minmax, 871 }, 872 { 873 .procname = "tcp_base_mss", 874 .data = &init_net.ipv4.sysctl_tcp_base_mss, 875 .maxlen = sizeof(int), 876 .mode = 0644, 877 .proc_handler = proc_dointvec, 878 }, 879 { 880 .procname = "tcp_min_snd_mss", 881 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss, 882 .maxlen = sizeof(int), 883 .mode = 0644, 884 .proc_handler = proc_dointvec_minmax, 885 .extra1 = &tcp_min_snd_mss_min, 886 .extra2 = &tcp_min_snd_mss_max, 887 }, 888 { 889 .procname = "tcp_mtu_probe_floor", 890 .data = &init_net.ipv4.sysctl_tcp_mtu_probe_floor, 891 .maxlen = sizeof(int), 892 .mode = 0644, 893 .proc_handler = proc_dointvec_minmax, 894 .extra1 = &tcp_min_snd_mss_min, 895 .extra2 = &tcp_min_snd_mss_max, 896 }, 897 { 898 .procname = "tcp_probe_threshold", 899 .data = &init_net.ipv4.sysctl_tcp_probe_threshold, 900 .maxlen = sizeof(int), 901 .mode = 0644, 902 .proc_handler = proc_dointvec, 903 }, 904 { 905 .procname = "tcp_probe_interval", 906 .data = &init_net.ipv4.sysctl_tcp_probe_interval, 907 .maxlen = sizeof(u32), 908 .mode = 0644, 909 .proc_handler = proc_douintvec_minmax, 910 .extra2 = &u32_max_div_HZ, 911 }, 912 { 913 .procname = "igmp_link_local_mcast_reports", 914 .data = &init_net.ipv4.sysctl_igmp_llm_reports, 915 .maxlen = sizeof(u8), 916 .mode = 0644, 917 .proc_handler = proc_dou8vec_minmax, 918 }, 919 { 920 .procname = "igmp_max_memberships", 921 .data = &init_net.ipv4.sysctl_igmp_max_memberships, 922 .maxlen = sizeof(int), 923 .mode = 0644, 924 .proc_handler = proc_dointvec 925 }, 926 { 927 .procname = "igmp_max_msf", 928 .data = &init_net.ipv4.sysctl_igmp_max_msf, 929 .maxlen = sizeof(int), 930 .mode = 0644, 931 .proc_handler = proc_dointvec 932 }, 933 #ifdef CONFIG_IP_MULTICAST 934 { 935 .procname = "igmp_qrv", 936 .data = &init_net.ipv4.sysctl_igmp_qrv, 937 .maxlen = sizeof(int), 938 .mode = 0644, 939 .proc_handler = proc_dointvec_minmax, 940 .extra1 = SYSCTL_ONE 941 }, 942 #endif 943 { 944 .procname = "tcp_congestion_control", 945 .data = &init_net.ipv4.tcp_congestion_control, 946 .mode = 0644, 947 .maxlen = TCP_CA_NAME_MAX, 948 .proc_handler = proc_tcp_congestion_control, 949 }, 950 { 951 .procname = "tcp_available_congestion_control", 952 .maxlen = TCP_CA_BUF_MAX, 953 .mode = 0444, 954 .proc_handler = proc_tcp_available_congestion_control, 955 }, 956 { 957 .procname = "tcp_allowed_congestion_control", 958 .maxlen = TCP_CA_BUF_MAX, 959 .mode = 0644, 960 .proc_handler = proc_allowed_congestion_control, 961 }, 962 { 963 .procname = "tcp_keepalive_time", 964 .data = &init_net.ipv4.sysctl_tcp_keepalive_time, 965 .maxlen = sizeof(int), 966 .mode = 0644, 967 .proc_handler = proc_dointvec_jiffies, 968 }, 969 { 970 .procname = "tcp_keepalive_probes", 971 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes, 972 .maxlen = sizeof(u8), 973 .mode = 0644, 974 .proc_handler = proc_dou8vec_minmax, 975 }, 976 { 977 .procname = "tcp_keepalive_intvl", 978 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl, 979 .maxlen = sizeof(int), 980 .mode = 0644, 981 .proc_handler = proc_dointvec_jiffies, 982 }, 983 { 984 .procname = "tcp_syn_retries", 985 .data = &init_net.ipv4.sysctl_tcp_syn_retries, 986 .maxlen = sizeof(u8), 987 .mode = 0644, 988 .proc_handler = proc_dou8vec_minmax, 989 .extra1 = &tcp_syn_retries_min, 990 .extra2 = &tcp_syn_retries_max 991 }, 992 { 993 .procname = "tcp_synack_retries", 994 .data = &init_net.ipv4.sysctl_tcp_synack_retries, 995 .maxlen = sizeof(u8), 996 .mode = 0644, 997 .proc_handler = proc_dou8vec_minmax, 998 }, 999 #ifdef CONFIG_SYN_COOKIES 1000 { 1001 .procname = "tcp_syncookies", 1002 .data = &init_net.ipv4.sysctl_tcp_syncookies, 1003 .maxlen = sizeof(u8), 1004 .mode = 0644, 1005 .proc_handler = proc_dou8vec_minmax, 1006 }, 1007 #endif 1008 { 1009 .procname = "tcp_migrate_req", 1010 .data = &init_net.ipv4.sysctl_tcp_migrate_req, 1011 .maxlen = sizeof(u8), 1012 .mode = 0644, 1013 .proc_handler = proc_dou8vec_minmax, 1014 .extra1 = SYSCTL_ZERO, 1015 .extra2 = SYSCTL_ONE 1016 }, 1017 { 1018 .procname = "tcp_reordering", 1019 .data = &init_net.ipv4.sysctl_tcp_reordering, 1020 .maxlen = sizeof(int), 1021 .mode = 0644, 1022 .proc_handler = proc_dointvec 1023 }, 1024 { 1025 .procname = "tcp_retries1", 1026 .data = &init_net.ipv4.sysctl_tcp_retries1, 1027 .maxlen = sizeof(u8), 1028 .mode = 0644, 1029 .proc_handler = proc_dou8vec_minmax, 1030 .extra2 = &tcp_retr1_max 1031 }, 1032 { 1033 .procname = "tcp_retries2", 1034 .data = &init_net.ipv4.sysctl_tcp_retries2, 1035 .maxlen = sizeof(u8), 1036 .mode = 0644, 1037 .proc_handler = proc_dou8vec_minmax, 1038 }, 1039 { 1040 .procname = "tcp_orphan_retries", 1041 .data = &init_net.ipv4.sysctl_tcp_orphan_retries, 1042 .maxlen = sizeof(u8), 1043 .mode = 0644, 1044 .proc_handler = proc_dou8vec_minmax, 1045 }, 1046 { 1047 .procname = "tcp_fin_timeout", 1048 .data = &init_net.ipv4.sysctl_tcp_fin_timeout, 1049 .maxlen = sizeof(int), 1050 .mode = 0644, 1051 .proc_handler = proc_dointvec_jiffies, 1052 }, 1053 { 1054 .procname = "tcp_notsent_lowat", 1055 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, 1056 .maxlen = sizeof(unsigned int), 1057 .mode = 0644, 1058 .proc_handler = proc_douintvec, 1059 }, 1060 { 1061 .procname = "tcp_tw_reuse", 1062 .data = &init_net.ipv4.sysctl_tcp_tw_reuse, 1063 .maxlen = sizeof(u8), 1064 .mode = 0644, 1065 .proc_handler = proc_dou8vec_minmax, 1066 .extra1 = SYSCTL_ZERO, 1067 .extra2 = SYSCTL_TWO, 1068 }, 1069 { 1070 .procname = "tcp_tw_reuse_delay", 1071 .data = &init_net.ipv4.sysctl_tcp_tw_reuse_delay, 1072 .maxlen = sizeof(unsigned int), 1073 .mode = 0644, 1074 .proc_handler = proc_douintvec_minmax, 1075 .extra1 = SYSCTL_ONE, 1076 .extra2 = &tcp_tw_reuse_delay_max, 1077 }, 1078 { 1079 .procname = "tcp_max_syn_backlog", 1080 .data = &init_net.ipv4.sysctl_max_syn_backlog, 1081 .maxlen = sizeof(int), 1082 .mode = 0644, 1083 .proc_handler = proc_dointvec 1084 }, 1085 { 1086 .procname = "tcp_fastopen", 1087 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1088 .maxlen = sizeof(int), 1089 .mode = 0644, 1090 .proc_handler = proc_dointvec, 1091 }, 1092 { 1093 .procname = "tcp_fastopen_key", 1094 .mode = 0600, 1095 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1096 /* maxlen to print the list of keys in hex (*2), with dashes 1097 * separating doublewords and a comma in between keys. 1098 */ 1099 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 1100 2 * TCP_FASTOPEN_KEY_MAX) + 1101 (TCP_FASTOPEN_KEY_MAX * 5)), 1102 .proc_handler = proc_tcp_fastopen_key, 1103 }, 1104 { 1105 .procname = "tcp_fastopen_blackhole_timeout_sec", 1106 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout, 1107 .maxlen = sizeof(int), 1108 .mode = 0644, 1109 .proc_handler = proc_tfo_blackhole_detect_timeout, 1110 .extra1 = SYSCTL_ZERO, 1111 }, 1112 #ifdef CONFIG_IP_ROUTE_MULTIPATH 1113 { 1114 .procname = "fib_multipath_use_neigh", 1115 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh, 1116 .maxlen = sizeof(u8), 1117 .mode = 0644, 1118 .proc_handler = proc_dou8vec_minmax, 1119 .extra1 = SYSCTL_ZERO, 1120 .extra2 = SYSCTL_ONE, 1121 }, 1122 { 1123 .procname = "fib_multipath_hash_policy", 1124 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy, 1125 .maxlen = sizeof(u8), 1126 .mode = 0644, 1127 .proc_handler = proc_fib_multipath_hash_policy, 1128 .extra1 = SYSCTL_ZERO, 1129 .extra2 = SYSCTL_THREE, 1130 }, 1131 { 1132 .procname = "fib_multipath_hash_fields", 1133 .data = &init_net.ipv4.sysctl_fib_multipath_hash_fields, 1134 .maxlen = sizeof(u32), 1135 .mode = 0644, 1136 .proc_handler = proc_fib_multipath_hash_fields, 1137 .extra1 = SYSCTL_ONE, 1138 .extra2 = &fib_multipath_hash_fields_all_mask, 1139 }, 1140 { 1141 .procname = "fib_multipath_hash_seed", 1142 .data = &init_net, 1143 .maxlen = sizeof(u32), 1144 .mode = 0644, 1145 .proc_handler = proc_fib_multipath_hash_seed, 1146 }, 1147 #endif 1148 { 1149 .procname = "ip_unprivileged_port_start", 1150 .maxlen = sizeof(int), 1151 .data = &init_net.ipv4.sysctl_ip_prot_sock, 1152 .mode = 0644, 1153 .proc_handler = ipv4_privileged_ports, 1154 }, 1155 #ifdef CONFIG_NET_L3_MASTER_DEV 1156 { 1157 .procname = "udp_l3mdev_accept", 1158 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept, 1159 .maxlen = sizeof(u8), 1160 .mode = 0644, 1161 .proc_handler = proc_dou8vec_minmax, 1162 .extra1 = SYSCTL_ZERO, 1163 .extra2 = SYSCTL_ONE, 1164 }, 1165 #endif 1166 { 1167 .procname = "tcp_sack", 1168 .data = &init_net.ipv4.sysctl_tcp_sack, 1169 .maxlen = sizeof(u8), 1170 .mode = 0644, 1171 .proc_handler = proc_dou8vec_minmax, 1172 }, 1173 { 1174 .procname = "tcp_window_scaling", 1175 .data = &init_net.ipv4.sysctl_tcp_window_scaling, 1176 .maxlen = sizeof(u8), 1177 .mode = 0644, 1178 .proc_handler = proc_dou8vec_minmax, 1179 }, 1180 { 1181 .procname = "tcp_timestamps", 1182 .data = &init_net.ipv4.sysctl_tcp_timestamps, 1183 .maxlen = sizeof(u8), 1184 .mode = 0644, 1185 .proc_handler = proc_dou8vec_minmax, 1186 }, 1187 { 1188 .procname = "tcp_early_retrans", 1189 .data = &init_net.ipv4.sysctl_tcp_early_retrans, 1190 .maxlen = sizeof(u8), 1191 .mode = 0644, 1192 .proc_handler = proc_dou8vec_minmax, 1193 .extra1 = SYSCTL_ZERO, 1194 .extra2 = SYSCTL_FOUR, 1195 }, 1196 { 1197 .procname = "tcp_recovery", 1198 .data = &init_net.ipv4.sysctl_tcp_recovery, 1199 .maxlen = sizeof(u8), 1200 .mode = 0644, 1201 .proc_handler = proc_dou8vec_minmax, 1202 }, 1203 { 1204 .procname = "tcp_thin_linear_timeouts", 1205 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts, 1206 .maxlen = sizeof(u8), 1207 .mode = 0644, 1208 .proc_handler = proc_dou8vec_minmax, 1209 }, 1210 { 1211 .procname = "tcp_slow_start_after_idle", 1212 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle, 1213 .maxlen = sizeof(u8), 1214 .mode = 0644, 1215 .proc_handler = proc_dou8vec_minmax, 1216 }, 1217 { 1218 .procname = "tcp_retrans_collapse", 1219 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse, 1220 .maxlen = sizeof(u8), 1221 .mode = 0644, 1222 .proc_handler = proc_dou8vec_minmax, 1223 }, 1224 { 1225 .procname = "tcp_stdurg", 1226 .data = &init_net.ipv4.sysctl_tcp_stdurg, 1227 .maxlen = sizeof(u8), 1228 .mode = 0644, 1229 .proc_handler = proc_dou8vec_minmax, 1230 }, 1231 { 1232 .procname = "tcp_rfc1337", 1233 .data = &init_net.ipv4.sysctl_tcp_rfc1337, 1234 .maxlen = sizeof(u8), 1235 .mode = 0644, 1236 .proc_handler = proc_dou8vec_minmax, 1237 }, 1238 { 1239 .procname = "tcp_abort_on_overflow", 1240 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow, 1241 .maxlen = sizeof(u8), 1242 .mode = 0644, 1243 .proc_handler = proc_dou8vec_minmax, 1244 }, 1245 { 1246 .procname = "tcp_fack", 1247 .data = &init_net.ipv4.sysctl_tcp_fack, 1248 .maxlen = sizeof(u8), 1249 .mode = 0644, 1250 .proc_handler = proc_dou8vec_minmax, 1251 }, 1252 { 1253 .procname = "tcp_max_reordering", 1254 .data = &init_net.ipv4.sysctl_tcp_max_reordering, 1255 .maxlen = sizeof(int), 1256 .mode = 0644, 1257 .proc_handler = proc_dointvec 1258 }, 1259 { 1260 .procname = "tcp_dsack", 1261 .data = &init_net.ipv4.sysctl_tcp_dsack, 1262 .maxlen = sizeof(u8), 1263 .mode = 0644, 1264 .proc_handler = proc_dou8vec_minmax, 1265 }, 1266 { 1267 .procname = "tcp_app_win", 1268 .data = &init_net.ipv4.sysctl_tcp_app_win, 1269 .maxlen = sizeof(u8), 1270 .mode = 0644, 1271 .proc_handler = proc_dou8vec_minmax, 1272 .extra1 = SYSCTL_ZERO, 1273 .extra2 = &tcp_app_win_max, 1274 }, 1275 { 1276 .procname = "tcp_adv_win_scale", 1277 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale, 1278 .maxlen = sizeof(int), 1279 .mode = 0644, 1280 .proc_handler = proc_dointvec_minmax, 1281 .extra1 = &tcp_adv_win_scale_min, 1282 .extra2 = &tcp_adv_win_scale_max, 1283 }, 1284 { 1285 .procname = "tcp_frto", 1286 .data = &init_net.ipv4.sysctl_tcp_frto, 1287 .maxlen = sizeof(u8), 1288 .mode = 0644, 1289 .proc_handler = proc_dou8vec_minmax, 1290 }, 1291 { 1292 .procname = "tcp_no_metrics_save", 1293 .data = &init_net.ipv4.sysctl_tcp_nometrics_save, 1294 .maxlen = sizeof(u8), 1295 .mode = 0644, 1296 .proc_handler = proc_dou8vec_minmax, 1297 }, 1298 { 1299 .procname = "tcp_no_ssthresh_metrics_save", 1300 .data = &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save, 1301 .maxlen = sizeof(u8), 1302 .mode = 0644, 1303 .proc_handler = proc_dou8vec_minmax, 1304 .extra1 = SYSCTL_ZERO, 1305 .extra2 = SYSCTL_ONE, 1306 }, 1307 { 1308 .procname = "tcp_moderate_rcvbuf", 1309 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf, 1310 .maxlen = sizeof(u8), 1311 .mode = 0644, 1312 .proc_handler = proc_dou8vec_minmax, 1313 }, 1314 { 1315 .procname = "tcp_tso_win_divisor", 1316 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor, 1317 .maxlen = sizeof(u8), 1318 .mode = 0644, 1319 .proc_handler = proc_dou8vec_minmax, 1320 }, 1321 { 1322 .procname = "tcp_workaround_signed_windows", 1323 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows, 1324 .maxlen = sizeof(u8), 1325 .mode = 0644, 1326 .proc_handler = proc_dou8vec_minmax, 1327 }, 1328 { 1329 .procname = "tcp_limit_output_bytes", 1330 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes, 1331 .maxlen = sizeof(int), 1332 .mode = 0644, 1333 .proc_handler = proc_dointvec 1334 }, 1335 { 1336 .procname = "tcp_challenge_ack_limit", 1337 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit, 1338 .maxlen = sizeof(int), 1339 .mode = 0644, 1340 .proc_handler = proc_dointvec 1341 }, 1342 { 1343 .procname = "tcp_min_tso_segs", 1344 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs, 1345 .maxlen = sizeof(u8), 1346 .mode = 0644, 1347 .proc_handler = proc_dou8vec_minmax, 1348 .extra1 = SYSCTL_ONE, 1349 }, 1350 { 1351 .procname = "tcp_tso_rtt_log", 1352 .data = &init_net.ipv4.sysctl_tcp_tso_rtt_log, 1353 .maxlen = sizeof(u8), 1354 .mode = 0644, 1355 .proc_handler = proc_dou8vec_minmax, 1356 }, 1357 { 1358 .procname = "tcp_min_rtt_wlen", 1359 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen, 1360 .maxlen = sizeof(int), 1361 .mode = 0644, 1362 .proc_handler = proc_dointvec_minmax, 1363 .extra1 = SYSCTL_ZERO, 1364 .extra2 = &one_day_secs 1365 }, 1366 { 1367 .procname = "tcp_autocorking", 1368 .data = &init_net.ipv4.sysctl_tcp_autocorking, 1369 .maxlen = sizeof(u8), 1370 .mode = 0644, 1371 .proc_handler = proc_dou8vec_minmax, 1372 .extra1 = SYSCTL_ZERO, 1373 .extra2 = SYSCTL_ONE, 1374 }, 1375 { 1376 .procname = "tcp_invalid_ratelimit", 1377 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit, 1378 .maxlen = sizeof(int), 1379 .mode = 0644, 1380 .proc_handler = proc_dointvec_ms_jiffies, 1381 }, 1382 { 1383 .procname = "tcp_pacing_ss_ratio", 1384 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio, 1385 .maxlen = sizeof(int), 1386 .mode = 0644, 1387 .proc_handler = proc_dointvec_minmax, 1388 .extra1 = SYSCTL_ZERO, 1389 .extra2 = SYSCTL_ONE_THOUSAND, 1390 }, 1391 { 1392 .procname = "tcp_pacing_ca_ratio", 1393 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio, 1394 .maxlen = sizeof(int), 1395 .mode = 0644, 1396 .proc_handler = proc_dointvec_minmax, 1397 .extra1 = SYSCTL_ZERO, 1398 .extra2 = SYSCTL_ONE_THOUSAND, 1399 }, 1400 { 1401 .procname = "tcp_wmem", 1402 .data = &init_net.ipv4.sysctl_tcp_wmem, 1403 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem), 1404 .mode = 0644, 1405 .proc_handler = proc_dointvec_minmax, 1406 .extra1 = SYSCTL_ONE, 1407 }, 1408 { 1409 .procname = "tcp_rmem", 1410 .data = &init_net.ipv4.sysctl_tcp_rmem, 1411 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem), 1412 .mode = 0644, 1413 .proc_handler = proc_dointvec_minmax, 1414 .extra1 = SYSCTL_ONE, 1415 }, 1416 { 1417 .procname = "tcp_comp_sack_delay_ns", 1418 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns, 1419 .maxlen = sizeof(unsigned long), 1420 .mode = 0644, 1421 .proc_handler = proc_doulongvec_minmax, 1422 }, 1423 { 1424 .procname = "tcp_comp_sack_slack_ns", 1425 .data = &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns, 1426 .maxlen = sizeof(unsigned long), 1427 .mode = 0644, 1428 .proc_handler = proc_doulongvec_minmax, 1429 }, 1430 { 1431 .procname = "tcp_comp_sack_nr", 1432 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr, 1433 .maxlen = sizeof(u8), 1434 .mode = 0644, 1435 .proc_handler = proc_dou8vec_minmax, 1436 .extra1 = SYSCTL_ZERO, 1437 }, 1438 { 1439 .procname = "tcp_backlog_ack_defer", 1440 .data = &init_net.ipv4.sysctl_tcp_backlog_ack_defer, 1441 .maxlen = sizeof(u8), 1442 .mode = 0644, 1443 .proc_handler = proc_dou8vec_minmax, 1444 .extra1 = SYSCTL_ZERO, 1445 .extra2 = SYSCTL_ONE, 1446 }, 1447 { 1448 .procname = "tcp_reflect_tos", 1449 .data = &init_net.ipv4.sysctl_tcp_reflect_tos, 1450 .maxlen = sizeof(u8), 1451 .mode = 0644, 1452 .proc_handler = proc_dou8vec_minmax, 1453 .extra1 = SYSCTL_ZERO, 1454 .extra2 = SYSCTL_ONE, 1455 }, 1456 { 1457 .procname = "tcp_ehash_entries", 1458 .data = &init_net.ipv4.sysctl_tcp_child_ehash_entries, 1459 .mode = 0444, 1460 .proc_handler = proc_tcp_ehash_entries, 1461 }, 1462 { 1463 .procname = "tcp_child_ehash_entries", 1464 .data = &init_net.ipv4.sysctl_tcp_child_ehash_entries, 1465 .maxlen = sizeof(unsigned int), 1466 .mode = 0644, 1467 .proc_handler = proc_douintvec_minmax, 1468 .extra1 = SYSCTL_ZERO, 1469 .extra2 = &tcp_child_ehash_entries_max, 1470 }, 1471 { 1472 .procname = "udp_hash_entries", 1473 .data = &init_net.ipv4.sysctl_udp_child_hash_entries, 1474 .mode = 0444, 1475 .proc_handler = proc_udp_hash_entries, 1476 }, 1477 { 1478 .procname = "udp_child_hash_entries", 1479 .data = &init_net.ipv4.sysctl_udp_child_hash_entries, 1480 .maxlen = sizeof(unsigned int), 1481 .mode = 0644, 1482 .proc_handler = proc_douintvec_minmax, 1483 .extra1 = SYSCTL_ZERO, 1484 .extra2 = &udp_child_hash_entries_max, 1485 }, 1486 { 1487 .procname = "udp_rmem_min", 1488 .data = &init_net.ipv4.sysctl_udp_rmem_min, 1489 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min), 1490 .mode = 0644, 1491 .proc_handler = proc_dointvec_minmax, 1492 .extra1 = SYSCTL_ONE 1493 }, 1494 { 1495 .procname = "udp_wmem_min", 1496 .data = &init_net.ipv4.sysctl_udp_wmem_min, 1497 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min), 1498 .mode = 0644, 1499 .proc_handler = proc_dointvec_minmax, 1500 .extra1 = SYSCTL_ONE 1501 }, 1502 { 1503 .procname = "fib_notify_on_flag_change", 1504 .data = &init_net.ipv4.sysctl_fib_notify_on_flag_change, 1505 .maxlen = sizeof(u8), 1506 .mode = 0644, 1507 .proc_handler = proc_dou8vec_minmax, 1508 .extra1 = SYSCTL_ZERO, 1509 .extra2 = SYSCTL_TWO, 1510 }, 1511 { 1512 .procname = "tcp_plb_enabled", 1513 .data = &init_net.ipv4.sysctl_tcp_plb_enabled, 1514 .maxlen = sizeof(u8), 1515 .mode = 0644, 1516 .proc_handler = proc_dou8vec_minmax, 1517 .extra1 = SYSCTL_ZERO, 1518 .extra2 = SYSCTL_ONE, 1519 }, 1520 { 1521 .procname = "tcp_plb_idle_rehash_rounds", 1522 .data = &init_net.ipv4.sysctl_tcp_plb_idle_rehash_rounds, 1523 .maxlen = sizeof(u8), 1524 .mode = 0644, 1525 .proc_handler = proc_dou8vec_minmax, 1526 .extra2 = &tcp_plb_max_rounds, 1527 }, 1528 { 1529 .procname = "tcp_plb_rehash_rounds", 1530 .data = &init_net.ipv4.sysctl_tcp_plb_rehash_rounds, 1531 .maxlen = sizeof(u8), 1532 .mode = 0644, 1533 .proc_handler = proc_dou8vec_minmax, 1534 .extra2 = &tcp_plb_max_rounds, 1535 }, 1536 { 1537 .procname = "tcp_plb_suspend_rto_sec", 1538 .data = &init_net.ipv4.sysctl_tcp_plb_suspend_rto_sec, 1539 .maxlen = sizeof(u8), 1540 .mode = 0644, 1541 .proc_handler = proc_dou8vec_minmax, 1542 }, 1543 { 1544 .procname = "tcp_plb_cong_thresh", 1545 .data = &init_net.ipv4.sysctl_tcp_plb_cong_thresh, 1546 .maxlen = sizeof(int), 1547 .mode = 0644, 1548 .proc_handler = proc_dointvec_minmax, 1549 .extra1 = SYSCTL_ZERO, 1550 .extra2 = &tcp_plb_max_cong_thresh, 1551 }, 1552 { 1553 .procname = "tcp_syn_linear_timeouts", 1554 .data = &init_net.ipv4.sysctl_tcp_syn_linear_timeouts, 1555 .maxlen = sizeof(u8), 1556 .mode = 0644, 1557 .proc_handler = proc_dou8vec_minmax, 1558 .extra1 = SYSCTL_ZERO, 1559 .extra2 = &tcp_syn_linear_timeouts_max, 1560 }, 1561 { 1562 .procname = "tcp_shrink_window", 1563 .data = &init_net.ipv4.sysctl_tcp_shrink_window, 1564 .maxlen = sizeof(u8), 1565 .mode = 0644, 1566 .proc_handler = proc_dou8vec_minmax, 1567 .extra1 = SYSCTL_ZERO, 1568 .extra2 = SYSCTL_ONE, 1569 }, 1570 { 1571 .procname = "tcp_pingpong_thresh", 1572 .data = &init_net.ipv4.sysctl_tcp_pingpong_thresh, 1573 .maxlen = sizeof(u8), 1574 .mode = 0644, 1575 .proc_handler = proc_dou8vec_minmax, 1576 .extra1 = SYSCTL_ONE, 1577 }, 1578 { 1579 .procname = "tcp_rto_min_us", 1580 .data = &init_net.ipv4.sysctl_tcp_rto_min_us, 1581 .maxlen = sizeof(int), 1582 .mode = 0644, 1583 .proc_handler = proc_dointvec_minmax, 1584 .extra1 = SYSCTL_ONE, 1585 }, 1586 }; 1587 1588 static __net_init int ipv4_sysctl_init_net(struct net *net) 1589 { 1590 size_t table_size = ARRAY_SIZE(ipv4_net_table); 1591 struct ctl_table *table; 1592 1593 table = ipv4_net_table; 1594 if (!net_eq(net, &init_net)) { 1595 int i; 1596 1597 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 1598 if (!table) 1599 goto err_alloc; 1600 1601 for (i = 0; i < table_size; i++) { 1602 if (table[i].data) { 1603 /* Update the variables to point into 1604 * the current struct net 1605 */ 1606 table[i].data += (void *)net - (void *)&init_net; 1607 } else { 1608 /* Entries without data pointer are global; 1609 * Make them read-only in non-init_net ns 1610 */ 1611 table[i].mode &= ~0222; 1612 } 1613 } 1614 } 1615 1616 net->ipv4.ipv4_hdr = register_net_sysctl_sz(net, "net/ipv4", table, 1617 table_size); 1618 if (!net->ipv4.ipv4_hdr) 1619 goto err_reg; 1620 1621 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); 1622 if (!net->ipv4.sysctl_local_reserved_ports) 1623 goto err_ports; 1624 1625 proc_fib_multipath_hash_set_seed(net, 0); 1626 1627 return 0; 1628 1629 err_ports: 1630 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1631 err_reg: 1632 if (!net_eq(net, &init_net)) 1633 kfree(table); 1634 err_alloc: 1635 return -ENOMEM; 1636 } 1637 1638 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 1639 { 1640 const struct ctl_table *table; 1641 1642 kfree(net->ipv4.sysctl_local_reserved_ports); 1643 table = net->ipv4.ipv4_hdr->ctl_table_arg; 1644 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1645 kfree(table); 1646 } 1647 1648 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 1649 .init = ipv4_sysctl_init_net, 1650 .exit = ipv4_sysctl_exit_net, 1651 }; 1652 1653 static __init int sysctl_ipv4_init(void) 1654 { 1655 struct ctl_table_header *hdr; 1656 1657 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 1658 if (!hdr) 1659 return -ENOMEM; 1660 1661 proc_fib_multipath_hash_init_rand_seed(); 1662 1663 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 1664 unregister_net_sysctl_table(hdr); 1665 return -ENOMEM; 1666 } 1667 1668 return 0; 1669 } 1670 1671 __initcall(sysctl_ipv4_init); 1672