1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 7 */ 8 9 #include <linux/mm.h> 10 #include <linux/module.h> 11 #include <linux/sysctl.h> 12 #include <linux/igmp.h> 13 #include <linux/inetdevice.h> 14 #include <linux/seqlock.h> 15 #include <linux/init.h> 16 #include <linux/slab.h> 17 #include <linux/nsproxy.h> 18 #include <linux/swap.h> 19 #include <net/snmp.h> 20 #include <net/icmp.h> 21 #include <net/ip.h> 22 #include <net/route.h> 23 #include <net/tcp.h> 24 #include <net/udp.h> 25 #include <net/cipso_ipv4.h> 26 #include <net/inet_frag.h> 27 #include <net/ping.h> 28 #include <net/protocol.h> 29 #include <net/netevent.h> 30 31 static int zero; 32 static int one = 1; 33 static int two = 2; 34 static int four = 4; 35 static int thousand = 1000; 36 static int gso_max_segs = GSO_MAX_SEGS; 37 static int tcp_retr1_max = 255; 38 static int ip_local_port_range_min[] = { 1, 1 }; 39 static int ip_local_port_range_max[] = { 65535, 65535 }; 40 static int tcp_adv_win_scale_min = -31; 41 static int tcp_adv_win_scale_max = 31; 42 static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS; 43 static int tcp_min_snd_mss_max = 65535; 44 static int ip_privileged_port_min; 45 static int ip_privileged_port_max = 65535; 46 static int ip_ttl_min = 1; 47 static int ip_ttl_max = 255; 48 static int tcp_syn_retries_min = 1; 49 static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 50 static int ip_ping_group_range_min[] = { 0, 0 }; 51 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 52 static int comp_sack_nr_max = 255; 53 static u32 u32_max_div_HZ = UINT_MAX / HZ; 54 static int one_day_secs = 24 * 3600; 55 56 /* obsolete */ 57 static int sysctl_tcp_low_latency __read_mostly; 58 59 /* Update system visible IP port range */ 60 static void set_local_port_range(struct net *net, int range[2]) 61 { 62 bool same_parity = !((range[0] ^ range[1]) & 1); 63 64 write_seqlock_bh(&net->ipv4.ip_local_ports.lock); 65 if (same_parity && !net->ipv4.ip_local_ports.warned) { 66 net->ipv4.ip_local_ports.warned = true; 67 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n"); 68 } 69 net->ipv4.ip_local_ports.range[0] = range[0]; 70 net->ipv4.ip_local_ports.range[1] = range[1]; 71 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); 72 } 73 74 /* Validate changes from /proc interface. */ 75 static int ipv4_local_port_range(struct ctl_table *table, int write, 76 void __user *buffer, 77 size_t *lenp, loff_t *ppos) 78 { 79 struct net *net = 80 container_of(table->data, struct net, ipv4.ip_local_ports.range); 81 int ret; 82 int range[2]; 83 struct ctl_table tmp = { 84 .data = &range, 85 .maxlen = sizeof(range), 86 .mode = table->mode, 87 .extra1 = &ip_local_port_range_min, 88 .extra2 = &ip_local_port_range_max, 89 }; 90 91 inet_get_local_port_range(net, &range[0], &range[1]); 92 93 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 94 95 if (write && ret == 0) { 96 /* Ensure that the upper limit is not smaller than the lower, 97 * and that the lower does not encroach upon the privileged 98 * port limit. 99 */ 100 if ((range[1] < range[0]) || 101 (range[0] < net->ipv4.sysctl_ip_prot_sock)) 102 ret = -EINVAL; 103 else 104 set_local_port_range(net, range); 105 } 106 107 return ret; 108 } 109 110 /* Validate changes from /proc interface. */ 111 static int ipv4_privileged_ports(struct ctl_table *table, int write, 112 void __user *buffer, size_t *lenp, loff_t *ppos) 113 { 114 struct net *net = container_of(table->data, struct net, 115 ipv4.sysctl_ip_prot_sock); 116 int ret; 117 int pports; 118 int range[2]; 119 struct ctl_table tmp = { 120 .data = &pports, 121 .maxlen = sizeof(pports), 122 .mode = table->mode, 123 .extra1 = &ip_privileged_port_min, 124 .extra2 = &ip_privileged_port_max, 125 }; 126 127 pports = net->ipv4.sysctl_ip_prot_sock; 128 129 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 130 131 if (write && ret == 0) { 132 inet_get_local_port_range(net, &range[0], &range[1]); 133 /* Ensure that the local port range doesn't overlap with the 134 * privileged port range. 135 */ 136 if (range[0] < pports) 137 ret = -EINVAL; 138 else 139 net->ipv4.sysctl_ip_prot_sock = pports; 140 } 141 142 return ret; 143 } 144 145 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 146 { 147 kgid_t *data = table->data; 148 struct net *net = 149 container_of(table->data, struct net, ipv4.ping_group_range.range); 150 unsigned int seq; 151 do { 152 seq = read_seqbegin(&net->ipv4.ping_group_range.lock); 153 154 *low = data[0]; 155 *high = data[1]; 156 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq)); 157 } 158 159 /* Update system visible IP port range */ 160 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 161 { 162 kgid_t *data = table->data; 163 struct net *net = 164 container_of(table->data, struct net, ipv4.ping_group_range.range); 165 write_seqlock(&net->ipv4.ping_group_range.lock); 166 data[0] = low; 167 data[1] = high; 168 write_sequnlock(&net->ipv4.ping_group_range.lock); 169 } 170 171 /* Validate changes from /proc interface. */ 172 static int ipv4_ping_group_range(struct ctl_table *table, int write, 173 void __user *buffer, 174 size_t *lenp, loff_t *ppos) 175 { 176 struct user_namespace *user_ns = current_user_ns(); 177 int ret; 178 gid_t urange[2]; 179 kgid_t low, high; 180 struct ctl_table tmp = { 181 .data = &urange, 182 .maxlen = sizeof(urange), 183 .mode = table->mode, 184 .extra1 = &ip_ping_group_range_min, 185 .extra2 = &ip_ping_group_range_max, 186 }; 187 188 inet_get_ping_group_range_table(table, &low, &high); 189 urange[0] = from_kgid_munged(user_ns, low); 190 urange[1] = from_kgid_munged(user_ns, high); 191 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 192 193 if (write && ret == 0) { 194 low = make_kgid(user_ns, urange[0]); 195 high = make_kgid(user_ns, urange[1]); 196 if (!gid_valid(low) || !gid_valid(high)) 197 return -EINVAL; 198 if (urange[1] < urange[0] || gid_lt(high, low)) { 199 low = make_kgid(&init_user_ns, 1); 200 high = make_kgid(&init_user_ns, 0); 201 } 202 set_ping_group_range(table, low, high); 203 } 204 205 return ret; 206 } 207 208 static int ipv4_fwd_update_priority(struct ctl_table *table, int write, 209 void __user *buffer, 210 size_t *lenp, loff_t *ppos) 211 { 212 struct net *net; 213 int ret; 214 215 net = container_of(table->data, struct net, 216 ipv4.sysctl_ip_fwd_update_priority); 217 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 218 if (write && ret == 0) 219 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE, 220 net); 221 222 return ret; 223 } 224 225 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 226 void __user *buffer, size_t *lenp, loff_t *ppos) 227 { 228 struct net *net = container_of(ctl->data, struct net, 229 ipv4.tcp_congestion_control); 230 char val[TCP_CA_NAME_MAX]; 231 struct ctl_table tbl = { 232 .data = val, 233 .maxlen = TCP_CA_NAME_MAX, 234 }; 235 int ret; 236 237 tcp_get_default_congestion_control(net, val); 238 239 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 240 if (write && ret == 0) 241 ret = tcp_set_default_congestion_control(net, val); 242 return ret; 243 } 244 245 static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 246 int write, 247 void __user *buffer, size_t *lenp, 248 loff_t *ppos) 249 { 250 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 251 int ret; 252 253 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 254 if (!tbl.data) 255 return -ENOMEM; 256 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 257 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 258 kfree(tbl.data); 259 return ret; 260 } 261 262 static int proc_allowed_congestion_control(struct ctl_table *ctl, 263 int write, 264 void __user *buffer, size_t *lenp, 265 loff_t *ppos) 266 { 267 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 268 int ret; 269 270 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 271 if (!tbl.data) 272 return -ENOMEM; 273 274 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 275 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 276 if (write && ret == 0) 277 ret = tcp_set_allowed_congestion_control(tbl.data); 278 kfree(tbl.data); 279 return ret; 280 } 281 282 static int sscanf_key(char *buf, __le32 *key) 283 { 284 u32 user_key[4]; 285 int i, ret = 0; 286 287 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1, 288 user_key + 2, user_key + 3) != 4) { 289 ret = -EINVAL; 290 } else { 291 for (i = 0; i < ARRAY_SIZE(user_key); i++) 292 key[i] = cpu_to_le32(user_key[i]); 293 } 294 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 295 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret); 296 297 return ret; 298 } 299 300 static int proc_tcp_fastopen_key(struct ctl_table *table, int write, 301 void __user *buffer, size_t *lenp, 302 loff_t *ppos) 303 { 304 struct net *net = container_of(table->data, struct net, 305 ipv4.sysctl_tcp_fastopen); 306 /* maxlen to print the list of keys in hex (*2), with dashes 307 * separating doublewords and a comma in between keys. 308 */ 309 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 310 2 * TCP_FASTOPEN_KEY_MAX) + 311 (TCP_FASTOPEN_KEY_MAX * 5)) }; 312 struct tcp_fastopen_context *ctx; 313 u32 user_key[TCP_FASTOPEN_KEY_MAX * 4]; 314 __le32 key[TCP_FASTOPEN_KEY_MAX * 4]; 315 char *backup_data; 316 int ret, i = 0, off = 0, n_keys = 0; 317 318 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 319 if (!tbl.data) 320 return -ENOMEM; 321 322 rcu_read_lock(); 323 ctx = rcu_dereference(net->ipv4.tcp_fastopen_ctx); 324 if (ctx) { 325 n_keys = tcp_fastopen_context_len(ctx); 326 memcpy(&key[0], &ctx->key[0], TCP_FASTOPEN_KEY_LENGTH * n_keys); 327 } 328 rcu_read_unlock(); 329 330 if (!n_keys) { 331 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH); 332 n_keys = 1; 333 } 334 335 for (i = 0; i < n_keys * 4; i++) 336 user_key[i] = le32_to_cpu(key[i]); 337 338 for (i = 0; i < n_keys; i++) { 339 off += snprintf(tbl.data + off, tbl.maxlen - off, 340 "%08x-%08x-%08x-%08x", 341 user_key[i * 4], 342 user_key[i * 4 + 1], 343 user_key[i * 4 + 2], 344 user_key[i * 4 + 3]); 345 if (i + 1 < n_keys) 346 off += snprintf(tbl.data + off, tbl.maxlen - off, ","); 347 } 348 349 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 350 351 if (write && ret == 0) { 352 backup_data = strchr(tbl.data, ','); 353 if (backup_data) { 354 *backup_data = '\0'; 355 backup_data++; 356 } 357 if (sscanf_key(tbl.data, key)) { 358 ret = -EINVAL; 359 goto bad_key; 360 } 361 if (backup_data) { 362 if (sscanf_key(backup_data, key + 4)) { 363 ret = -EINVAL; 364 goto bad_key; 365 } 366 } 367 tcp_fastopen_reset_cipher(net, NULL, key, 368 backup_data ? key + 4 : NULL); 369 } 370 371 bad_key: 372 kfree(tbl.data); 373 return ret; 374 } 375 376 static void proc_configure_early_demux(int enabled, int protocol) 377 { 378 struct net_protocol *ipprot; 379 #if IS_ENABLED(CONFIG_IPV6) 380 struct inet6_protocol *ip6prot; 381 #endif 382 383 rcu_read_lock(); 384 385 ipprot = rcu_dereference(inet_protos[protocol]); 386 if (ipprot) 387 ipprot->early_demux = enabled ? ipprot->early_demux_handler : 388 NULL; 389 390 #if IS_ENABLED(CONFIG_IPV6) 391 ip6prot = rcu_dereference(inet6_protos[protocol]); 392 if (ip6prot) 393 ip6prot->early_demux = enabled ? ip6prot->early_demux_handler : 394 NULL; 395 #endif 396 rcu_read_unlock(); 397 } 398 399 static int proc_tcp_early_demux(struct ctl_table *table, int write, 400 void __user *buffer, size_t *lenp, loff_t *ppos) 401 { 402 int ret = 0; 403 404 ret = proc_dointvec(table, write, buffer, lenp, ppos); 405 406 if (write && !ret) { 407 int enabled = init_net.ipv4.sysctl_tcp_early_demux; 408 409 proc_configure_early_demux(enabled, IPPROTO_TCP); 410 } 411 412 return ret; 413 } 414 415 static int proc_udp_early_demux(struct ctl_table *table, int write, 416 void __user *buffer, size_t *lenp, loff_t *ppos) 417 { 418 int ret = 0; 419 420 ret = proc_dointvec(table, write, buffer, lenp, ppos); 421 422 if (write && !ret) { 423 int enabled = init_net.ipv4.sysctl_udp_early_demux; 424 425 proc_configure_early_demux(enabled, IPPROTO_UDP); 426 } 427 428 return ret; 429 } 430 431 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table, 432 int write, 433 void __user *buffer, 434 size_t *lenp, loff_t *ppos) 435 { 436 struct net *net = container_of(table->data, struct net, 437 ipv4.sysctl_tcp_fastopen_blackhole_timeout); 438 int ret; 439 440 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 441 if (write && ret == 0) 442 atomic_set(&net->ipv4.tfo_active_disable_times, 0); 443 444 return ret; 445 } 446 447 static int proc_tcp_available_ulp(struct ctl_table *ctl, 448 int write, 449 void __user *buffer, size_t *lenp, 450 loff_t *ppos) 451 { 452 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; 453 int ret; 454 455 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 456 if (!tbl.data) 457 return -ENOMEM; 458 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX); 459 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 460 kfree(tbl.data); 461 462 return ret; 463 } 464 465 #ifdef CONFIG_IP_ROUTE_MULTIPATH 466 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write, 467 void __user *buffer, size_t *lenp, 468 loff_t *ppos) 469 { 470 struct net *net = container_of(table->data, struct net, 471 ipv4.sysctl_fib_multipath_hash_policy); 472 int ret; 473 474 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 475 if (write && ret == 0) 476 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 477 478 return ret; 479 } 480 #endif 481 482 static struct ctl_table ipv4_table[] = { 483 { 484 .procname = "tcp_max_orphans", 485 .data = &sysctl_tcp_max_orphans, 486 .maxlen = sizeof(int), 487 .mode = 0644, 488 .proc_handler = proc_dointvec 489 }, 490 { 491 .procname = "inet_peer_threshold", 492 .data = &inet_peer_threshold, 493 .maxlen = sizeof(int), 494 .mode = 0644, 495 .proc_handler = proc_dointvec 496 }, 497 { 498 .procname = "inet_peer_minttl", 499 .data = &inet_peer_minttl, 500 .maxlen = sizeof(int), 501 .mode = 0644, 502 .proc_handler = proc_dointvec_jiffies, 503 }, 504 { 505 .procname = "inet_peer_maxttl", 506 .data = &inet_peer_maxttl, 507 .maxlen = sizeof(int), 508 .mode = 0644, 509 .proc_handler = proc_dointvec_jiffies, 510 }, 511 { 512 .procname = "tcp_mem", 513 .maxlen = sizeof(sysctl_tcp_mem), 514 .data = &sysctl_tcp_mem, 515 .mode = 0644, 516 .proc_handler = proc_doulongvec_minmax, 517 }, 518 { 519 .procname = "tcp_low_latency", 520 .data = &sysctl_tcp_low_latency, 521 .maxlen = sizeof(int), 522 .mode = 0644, 523 .proc_handler = proc_dointvec 524 }, 525 #ifdef CONFIG_NETLABEL 526 { 527 .procname = "cipso_cache_enable", 528 .data = &cipso_v4_cache_enabled, 529 .maxlen = sizeof(int), 530 .mode = 0644, 531 .proc_handler = proc_dointvec, 532 }, 533 { 534 .procname = "cipso_cache_bucket_size", 535 .data = &cipso_v4_cache_bucketsize, 536 .maxlen = sizeof(int), 537 .mode = 0644, 538 .proc_handler = proc_dointvec, 539 }, 540 { 541 .procname = "cipso_rbm_optfmt", 542 .data = &cipso_v4_rbm_optfmt, 543 .maxlen = sizeof(int), 544 .mode = 0644, 545 .proc_handler = proc_dointvec, 546 }, 547 { 548 .procname = "cipso_rbm_strictvalid", 549 .data = &cipso_v4_rbm_strictvalid, 550 .maxlen = sizeof(int), 551 .mode = 0644, 552 .proc_handler = proc_dointvec, 553 }, 554 #endif /* CONFIG_NETLABEL */ 555 { 556 .procname = "tcp_available_congestion_control", 557 .maxlen = TCP_CA_BUF_MAX, 558 .mode = 0444, 559 .proc_handler = proc_tcp_available_congestion_control, 560 }, 561 { 562 .procname = "tcp_allowed_congestion_control", 563 .maxlen = TCP_CA_BUF_MAX, 564 .mode = 0644, 565 .proc_handler = proc_allowed_congestion_control, 566 }, 567 { 568 .procname = "tcp_available_ulp", 569 .maxlen = TCP_ULP_BUF_MAX, 570 .mode = 0444, 571 .proc_handler = proc_tcp_available_ulp, 572 }, 573 { 574 .procname = "icmp_msgs_per_sec", 575 .data = &sysctl_icmp_msgs_per_sec, 576 .maxlen = sizeof(int), 577 .mode = 0644, 578 .proc_handler = proc_dointvec_minmax, 579 .extra1 = &zero, 580 }, 581 { 582 .procname = "icmp_msgs_burst", 583 .data = &sysctl_icmp_msgs_burst, 584 .maxlen = sizeof(int), 585 .mode = 0644, 586 .proc_handler = proc_dointvec_minmax, 587 .extra1 = &zero, 588 }, 589 { 590 .procname = "udp_mem", 591 .data = &sysctl_udp_mem, 592 .maxlen = sizeof(sysctl_udp_mem), 593 .mode = 0644, 594 .proc_handler = proc_doulongvec_minmax, 595 }, 596 { 597 .procname = "fib_sync_mem", 598 .data = &sysctl_fib_sync_mem, 599 .maxlen = sizeof(sysctl_fib_sync_mem), 600 .mode = 0644, 601 .proc_handler = proc_douintvec_minmax, 602 .extra1 = &sysctl_fib_sync_mem_min, 603 .extra2 = &sysctl_fib_sync_mem_max, 604 }, 605 { 606 .procname = "tcp_rx_skb_cache", 607 .data = &tcp_rx_skb_cache_key.key, 608 .mode = 0644, 609 .proc_handler = proc_do_static_key, 610 }, 611 { 612 .procname = "tcp_tx_skb_cache", 613 .data = &tcp_tx_skb_cache_key.key, 614 .mode = 0644, 615 .proc_handler = proc_do_static_key, 616 }, 617 { } 618 }; 619 620 static struct ctl_table ipv4_net_table[] = { 621 { 622 .procname = "icmp_echo_ignore_all", 623 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 624 .maxlen = sizeof(int), 625 .mode = 0644, 626 .proc_handler = proc_dointvec 627 }, 628 { 629 .procname = "icmp_echo_ignore_broadcasts", 630 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 631 .maxlen = sizeof(int), 632 .mode = 0644, 633 .proc_handler = proc_dointvec 634 }, 635 { 636 .procname = "icmp_ignore_bogus_error_responses", 637 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 638 .maxlen = sizeof(int), 639 .mode = 0644, 640 .proc_handler = proc_dointvec 641 }, 642 { 643 .procname = "icmp_errors_use_inbound_ifaddr", 644 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 645 .maxlen = sizeof(int), 646 .mode = 0644, 647 .proc_handler = proc_dointvec 648 }, 649 { 650 .procname = "icmp_ratelimit", 651 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 652 .maxlen = sizeof(int), 653 .mode = 0644, 654 .proc_handler = proc_dointvec_ms_jiffies, 655 }, 656 { 657 .procname = "icmp_ratemask", 658 .data = &init_net.ipv4.sysctl_icmp_ratemask, 659 .maxlen = sizeof(int), 660 .mode = 0644, 661 .proc_handler = proc_dointvec 662 }, 663 { 664 .procname = "ping_group_range", 665 .data = &init_net.ipv4.ping_group_range.range, 666 .maxlen = sizeof(gid_t)*2, 667 .mode = 0644, 668 .proc_handler = ipv4_ping_group_range, 669 }, 670 #ifdef CONFIG_NET_L3_MASTER_DEV 671 { 672 .procname = "raw_l3mdev_accept", 673 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept, 674 .maxlen = sizeof(int), 675 .mode = 0644, 676 .proc_handler = proc_dointvec_minmax, 677 .extra1 = &zero, 678 .extra2 = &one, 679 }, 680 #endif 681 { 682 .procname = "tcp_ecn", 683 .data = &init_net.ipv4.sysctl_tcp_ecn, 684 .maxlen = sizeof(int), 685 .mode = 0644, 686 .proc_handler = proc_dointvec 687 }, 688 { 689 .procname = "tcp_ecn_fallback", 690 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback, 691 .maxlen = sizeof(int), 692 .mode = 0644, 693 .proc_handler = proc_dointvec 694 }, 695 { 696 .procname = "ip_dynaddr", 697 .data = &init_net.ipv4.sysctl_ip_dynaddr, 698 .maxlen = sizeof(int), 699 .mode = 0644, 700 .proc_handler = proc_dointvec 701 }, 702 { 703 .procname = "ip_early_demux", 704 .data = &init_net.ipv4.sysctl_ip_early_demux, 705 .maxlen = sizeof(int), 706 .mode = 0644, 707 .proc_handler = proc_dointvec 708 }, 709 { 710 .procname = "udp_early_demux", 711 .data = &init_net.ipv4.sysctl_udp_early_demux, 712 .maxlen = sizeof(int), 713 .mode = 0644, 714 .proc_handler = proc_udp_early_demux 715 }, 716 { 717 .procname = "tcp_early_demux", 718 .data = &init_net.ipv4.sysctl_tcp_early_demux, 719 .maxlen = sizeof(int), 720 .mode = 0644, 721 .proc_handler = proc_tcp_early_demux 722 }, 723 { 724 .procname = "ip_default_ttl", 725 .data = &init_net.ipv4.sysctl_ip_default_ttl, 726 .maxlen = sizeof(int), 727 .mode = 0644, 728 .proc_handler = proc_dointvec_minmax, 729 .extra1 = &ip_ttl_min, 730 .extra2 = &ip_ttl_max, 731 }, 732 { 733 .procname = "ip_local_port_range", 734 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), 735 .data = &init_net.ipv4.ip_local_ports.range, 736 .mode = 0644, 737 .proc_handler = ipv4_local_port_range, 738 }, 739 { 740 .procname = "ip_local_reserved_ports", 741 .data = &init_net.ipv4.sysctl_local_reserved_ports, 742 .maxlen = 65536, 743 .mode = 0644, 744 .proc_handler = proc_do_large_bitmap, 745 }, 746 { 747 .procname = "ip_no_pmtu_disc", 748 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, 749 .maxlen = sizeof(int), 750 .mode = 0644, 751 .proc_handler = proc_dointvec 752 }, 753 { 754 .procname = "ip_forward_use_pmtu", 755 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, 756 .maxlen = sizeof(int), 757 .mode = 0644, 758 .proc_handler = proc_dointvec, 759 }, 760 { 761 .procname = "ip_forward_update_priority", 762 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, 763 .maxlen = sizeof(int), 764 .mode = 0644, 765 .proc_handler = ipv4_fwd_update_priority, 766 .extra1 = &zero, 767 .extra2 = &one, 768 }, 769 { 770 .procname = "ip_nonlocal_bind", 771 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, 772 .maxlen = sizeof(int), 773 .mode = 0644, 774 .proc_handler = proc_dointvec 775 }, 776 { 777 .procname = "fwmark_reflect", 778 .data = &init_net.ipv4.sysctl_fwmark_reflect, 779 .maxlen = sizeof(int), 780 .mode = 0644, 781 .proc_handler = proc_dointvec, 782 }, 783 { 784 .procname = "tcp_fwmark_accept", 785 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, 786 .maxlen = sizeof(int), 787 .mode = 0644, 788 .proc_handler = proc_dointvec, 789 }, 790 #ifdef CONFIG_NET_L3_MASTER_DEV 791 { 792 .procname = "tcp_l3mdev_accept", 793 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept, 794 .maxlen = sizeof(int), 795 .mode = 0644, 796 .proc_handler = proc_dointvec_minmax, 797 .extra1 = &zero, 798 .extra2 = &one, 799 }, 800 #endif 801 { 802 .procname = "tcp_mtu_probing", 803 .data = &init_net.ipv4.sysctl_tcp_mtu_probing, 804 .maxlen = sizeof(int), 805 .mode = 0644, 806 .proc_handler = proc_dointvec, 807 }, 808 { 809 .procname = "tcp_base_mss", 810 .data = &init_net.ipv4.sysctl_tcp_base_mss, 811 .maxlen = sizeof(int), 812 .mode = 0644, 813 .proc_handler = proc_dointvec, 814 }, 815 { 816 .procname = "tcp_min_snd_mss", 817 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss, 818 .maxlen = sizeof(int), 819 .mode = 0644, 820 .proc_handler = proc_dointvec_minmax, 821 .extra1 = &tcp_min_snd_mss_min, 822 .extra2 = &tcp_min_snd_mss_max, 823 }, 824 { 825 .procname = "tcp_probe_threshold", 826 .data = &init_net.ipv4.sysctl_tcp_probe_threshold, 827 .maxlen = sizeof(int), 828 .mode = 0644, 829 .proc_handler = proc_dointvec, 830 }, 831 { 832 .procname = "tcp_probe_interval", 833 .data = &init_net.ipv4.sysctl_tcp_probe_interval, 834 .maxlen = sizeof(u32), 835 .mode = 0644, 836 .proc_handler = proc_douintvec_minmax, 837 .extra2 = &u32_max_div_HZ, 838 }, 839 { 840 .procname = "igmp_link_local_mcast_reports", 841 .data = &init_net.ipv4.sysctl_igmp_llm_reports, 842 .maxlen = sizeof(int), 843 .mode = 0644, 844 .proc_handler = proc_dointvec 845 }, 846 { 847 .procname = "igmp_max_memberships", 848 .data = &init_net.ipv4.sysctl_igmp_max_memberships, 849 .maxlen = sizeof(int), 850 .mode = 0644, 851 .proc_handler = proc_dointvec 852 }, 853 { 854 .procname = "igmp_max_msf", 855 .data = &init_net.ipv4.sysctl_igmp_max_msf, 856 .maxlen = sizeof(int), 857 .mode = 0644, 858 .proc_handler = proc_dointvec 859 }, 860 #ifdef CONFIG_IP_MULTICAST 861 { 862 .procname = "igmp_qrv", 863 .data = &init_net.ipv4.sysctl_igmp_qrv, 864 .maxlen = sizeof(int), 865 .mode = 0644, 866 .proc_handler = proc_dointvec_minmax, 867 .extra1 = &one 868 }, 869 #endif 870 { 871 .procname = "tcp_congestion_control", 872 .data = &init_net.ipv4.tcp_congestion_control, 873 .mode = 0644, 874 .maxlen = TCP_CA_NAME_MAX, 875 .proc_handler = proc_tcp_congestion_control, 876 }, 877 { 878 .procname = "tcp_keepalive_time", 879 .data = &init_net.ipv4.sysctl_tcp_keepalive_time, 880 .maxlen = sizeof(int), 881 .mode = 0644, 882 .proc_handler = proc_dointvec_jiffies, 883 }, 884 { 885 .procname = "tcp_keepalive_probes", 886 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes, 887 .maxlen = sizeof(int), 888 .mode = 0644, 889 .proc_handler = proc_dointvec 890 }, 891 { 892 .procname = "tcp_keepalive_intvl", 893 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl, 894 .maxlen = sizeof(int), 895 .mode = 0644, 896 .proc_handler = proc_dointvec_jiffies, 897 }, 898 { 899 .procname = "tcp_syn_retries", 900 .data = &init_net.ipv4.sysctl_tcp_syn_retries, 901 .maxlen = sizeof(int), 902 .mode = 0644, 903 .proc_handler = proc_dointvec_minmax, 904 .extra1 = &tcp_syn_retries_min, 905 .extra2 = &tcp_syn_retries_max 906 }, 907 { 908 .procname = "tcp_synack_retries", 909 .data = &init_net.ipv4.sysctl_tcp_synack_retries, 910 .maxlen = sizeof(int), 911 .mode = 0644, 912 .proc_handler = proc_dointvec 913 }, 914 #ifdef CONFIG_SYN_COOKIES 915 { 916 .procname = "tcp_syncookies", 917 .data = &init_net.ipv4.sysctl_tcp_syncookies, 918 .maxlen = sizeof(int), 919 .mode = 0644, 920 .proc_handler = proc_dointvec 921 }, 922 #endif 923 { 924 .procname = "tcp_reordering", 925 .data = &init_net.ipv4.sysctl_tcp_reordering, 926 .maxlen = sizeof(int), 927 .mode = 0644, 928 .proc_handler = proc_dointvec 929 }, 930 { 931 .procname = "tcp_retries1", 932 .data = &init_net.ipv4.sysctl_tcp_retries1, 933 .maxlen = sizeof(int), 934 .mode = 0644, 935 .proc_handler = proc_dointvec_minmax, 936 .extra2 = &tcp_retr1_max 937 }, 938 { 939 .procname = "tcp_retries2", 940 .data = &init_net.ipv4.sysctl_tcp_retries2, 941 .maxlen = sizeof(int), 942 .mode = 0644, 943 .proc_handler = proc_dointvec 944 }, 945 { 946 .procname = "tcp_orphan_retries", 947 .data = &init_net.ipv4.sysctl_tcp_orphan_retries, 948 .maxlen = sizeof(int), 949 .mode = 0644, 950 .proc_handler = proc_dointvec 951 }, 952 { 953 .procname = "tcp_fin_timeout", 954 .data = &init_net.ipv4.sysctl_tcp_fin_timeout, 955 .maxlen = sizeof(int), 956 .mode = 0644, 957 .proc_handler = proc_dointvec_jiffies, 958 }, 959 { 960 .procname = "tcp_notsent_lowat", 961 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, 962 .maxlen = sizeof(unsigned int), 963 .mode = 0644, 964 .proc_handler = proc_douintvec, 965 }, 966 { 967 .procname = "tcp_tw_reuse", 968 .data = &init_net.ipv4.sysctl_tcp_tw_reuse, 969 .maxlen = sizeof(int), 970 .mode = 0644, 971 .proc_handler = proc_dointvec_minmax, 972 .extra1 = &zero, 973 .extra2 = &two, 974 }, 975 { 976 .procname = "tcp_max_tw_buckets", 977 .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets, 978 .maxlen = sizeof(int), 979 .mode = 0644, 980 .proc_handler = proc_dointvec 981 }, 982 { 983 .procname = "tcp_max_syn_backlog", 984 .data = &init_net.ipv4.sysctl_max_syn_backlog, 985 .maxlen = sizeof(int), 986 .mode = 0644, 987 .proc_handler = proc_dointvec 988 }, 989 { 990 .procname = "tcp_fastopen", 991 .data = &init_net.ipv4.sysctl_tcp_fastopen, 992 .maxlen = sizeof(int), 993 .mode = 0644, 994 .proc_handler = proc_dointvec, 995 }, 996 { 997 .procname = "tcp_fastopen_key", 998 .mode = 0600, 999 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1000 /* maxlen to print the list of keys in hex (*2), with dashes 1001 * separating doublewords and a comma in between keys. 1002 */ 1003 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 1004 2 * TCP_FASTOPEN_KEY_MAX) + 1005 (TCP_FASTOPEN_KEY_MAX * 5)), 1006 .proc_handler = proc_tcp_fastopen_key, 1007 }, 1008 { 1009 .procname = "tcp_fastopen_blackhole_timeout_sec", 1010 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout, 1011 .maxlen = sizeof(int), 1012 .mode = 0644, 1013 .proc_handler = proc_tfo_blackhole_detect_timeout, 1014 .extra1 = &zero, 1015 }, 1016 #ifdef CONFIG_IP_ROUTE_MULTIPATH 1017 { 1018 .procname = "fib_multipath_use_neigh", 1019 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh, 1020 .maxlen = sizeof(int), 1021 .mode = 0644, 1022 .proc_handler = proc_dointvec_minmax, 1023 .extra1 = &zero, 1024 .extra2 = &one, 1025 }, 1026 { 1027 .procname = "fib_multipath_hash_policy", 1028 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy, 1029 .maxlen = sizeof(int), 1030 .mode = 0644, 1031 .proc_handler = proc_fib_multipath_hash_policy, 1032 .extra1 = &zero, 1033 .extra2 = &two, 1034 }, 1035 #endif 1036 { 1037 .procname = "ip_unprivileged_port_start", 1038 .maxlen = sizeof(int), 1039 .data = &init_net.ipv4.sysctl_ip_prot_sock, 1040 .mode = 0644, 1041 .proc_handler = ipv4_privileged_ports, 1042 }, 1043 #ifdef CONFIG_NET_L3_MASTER_DEV 1044 { 1045 .procname = "udp_l3mdev_accept", 1046 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept, 1047 .maxlen = sizeof(int), 1048 .mode = 0644, 1049 .proc_handler = proc_dointvec_minmax, 1050 .extra1 = &zero, 1051 .extra2 = &one, 1052 }, 1053 #endif 1054 { 1055 .procname = "tcp_sack", 1056 .data = &init_net.ipv4.sysctl_tcp_sack, 1057 .maxlen = sizeof(int), 1058 .mode = 0644, 1059 .proc_handler = proc_dointvec 1060 }, 1061 { 1062 .procname = "tcp_window_scaling", 1063 .data = &init_net.ipv4.sysctl_tcp_window_scaling, 1064 .maxlen = sizeof(int), 1065 .mode = 0644, 1066 .proc_handler = proc_dointvec 1067 }, 1068 { 1069 .procname = "tcp_timestamps", 1070 .data = &init_net.ipv4.sysctl_tcp_timestamps, 1071 .maxlen = sizeof(int), 1072 .mode = 0644, 1073 .proc_handler = proc_dointvec 1074 }, 1075 { 1076 .procname = "tcp_early_retrans", 1077 .data = &init_net.ipv4.sysctl_tcp_early_retrans, 1078 .maxlen = sizeof(int), 1079 .mode = 0644, 1080 .proc_handler = proc_dointvec_minmax, 1081 .extra1 = &zero, 1082 .extra2 = &four, 1083 }, 1084 { 1085 .procname = "tcp_recovery", 1086 .data = &init_net.ipv4.sysctl_tcp_recovery, 1087 .maxlen = sizeof(int), 1088 .mode = 0644, 1089 .proc_handler = proc_dointvec, 1090 }, 1091 { 1092 .procname = "tcp_thin_linear_timeouts", 1093 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts, 1094 .maxlen = sizeof(int), 1095 .mode = 0644, 1096 .proc_handler = proc_dointvec 1097 }, 1098 { 1099 .procname = "tcp_slow_start_after_idle", 1100 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle, 1101 .maxlen = sizeof(int), 1102 .mode = 0644, 1103 .proc_handler = proc_dointvec 1104 }, 1105 { 1106 .procname = "tcp_retrans_collapse", 1107 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse, 1108 .maxlen = sizeof(int), 1109 .mode = 0644, 1110 .proc_handler = proc_dointvec 1111 }, 1112 { 1113 .procname = "tcp_stdurg", 1114 .data = &init_net.ipv4.sysctl_tcp_stdurg, 1115 .maxlen = sizeof(int), 1116 .mode = 0644, 1117 .proc_handler = proc_dointvec 1118 }, 1119 { 1120 .procname = "tcp_rfc1337", 1121 .data = &init_net.ipv4.sysctl_tcp_rfc1337, 1122 .maxlen = sizeof(int), 1123 .mode = 0644, 1124 .proc_handler = proc_dointvec 1125 }, 1126 { 1127 .procname = "tcp_abort_on_overflow", 1128 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow, 1129 .maxlen = sizeof(int), 1130 .mode = 0644, 1131 .proc_handler = proc_dointvec 1132 }, 1133 { 1134 .procname = "tcp_fack", 1135 .data = &init_net.ipv4.sysctl_tcp_fack, 1136 .maxlen = sizeof(int), 1137 .mode = 0644, 1138 .proc_handler = proc_dointvec 1139 }, 1140 { 1141 .procname = "tcp_max_reordering", 1142 .data = &init_net.ipv4.sysctl_tcp_max_reordering, 1143 .maxlen = sizeof(int), 1144 .mode = 0644, 1145 .proc_handler = proc_dointvec 1146 }, 1147 { 1148 .procname = "tcp_dsack", 1149 .data = &init_net.ipv4.sysctl_tcp_dsack, 1150 .maxlen = sizeof(int), 1151 .mode = 0644, 1152 .proc_handler = proc_dointvec 1153 }, 1154 { 1155 .procname = "tcp_app_win", 1156 .data = &init_net.ipv4.sysctl_tcp_app_win, 1157 .maxlen = sizeof(int), 1158 .mode = 0644, 1159 .proc_handler = proc_dointvec 1160 }, 1161 { 1162 .procname = "tcp_adv_win_scale", 1163 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale, 1164 .maxlen = sizeof(int), 1165 .mode = 0644, 1166 .proc_handler = proc_dointvec_minmax, 1167 .extra1 = &tcp_adv_win_scale_min, 1168 .extra2 = &tcp_adv_win_scale_max, 1169 }, 1170 { 1171 .procname = "tcp_frto", 1172 .data = &init_net.ipv4.sysctl_tcp_frto, 1173 .maxlen = sizeof(int), 1174 .mode = 0644, 1175 .proc_handler = proc_dointvec 1176 }, 1177 { 1178 .procname = "tcp_no_metrics_save", 1179 .data = &init_net.ipv4.sysctl_tcp_nometrics_save, 1180 .maxlen = sizeof(int), 1181 .mode = 0644, 1182 .proc_handler = proc_dointvec, 1183 }, 1184 { 1185 .procname = "tcp_moderate_rcvbuf", 1186 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf, 1187 .maxlen = sizeof(int), 1188 .mode = 0644, 1189 .proc_handler = proc_dointvec, 1190 }, 1191 { 1192 .procname = "tcp_tso_win_divisor", 1193 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor, 1194 .maxlen = sizeof(int), 1195 .mode = 0644, 1196 .proc_handler = proc_dointvec, 1197 }, 1198 { 1199 .procname = "tcp_workaround_signed_windows", 1200 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows, 1201 .maxlen = sizeof(int), 1202 .mode = 0644, 1203 .proc_handler = proc_dointvec 1204 }, 1205 { 1206 .procname = "tcp_limit_output_bytes", 1207 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes, 1208 .maxlen = sizeof(int), 1209 .mode = 0644, 1210 .proc_handler = proc_dointvec 1211 }, 1212 { 1213 .procname = "tcp_challenge_ack_limit", 1214 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit, 1215 .maxlen = sizeof(int), 1216 .mode = 0644, 1217 .proc_handler = proc_dointvec 1218 }, 1219 { 1220 .procname = "tcp_min_tso_segs", 1221 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs, 1222 .maxlen = sizeof(int), 1223 .mode = 0644, 1224 .proc_handler = proc_dointvec_minmax, 1225 .extra1 = &one, 1226 .extra2 = &gso_max_segs, 1227 }, 1228 { 1229 .procname = "tcp_min_rtt_wlen", 1230 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen, 1231 .maxlen = sizeof(int), 1232 .mode = 0644, 1233 .proc_handler = proc_dointvec_minmax, 1234 .extra1 = &zero, 1235 .extra2 = &one_day_secs 1236 }, 1237 { 1238 .procname = "tcp_autocorking", 1239 .data = &init_net.ipv4.sysctl_tcp_autocorking, 1240 .maxlen = sizeof(int), 1241 .mode = 0644, 1242 .proc_handler = proc_dointvec_minmax, 1243 .extra1 = &zero, 1244 .extra2 = &one, 1245 }, 1246 { 1247 .procname = "tcp_invalid_ratelimit", 1248 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit, 1249 .maxlen = sizeof(int), 1250 .mode = 0644, 1251 .proc_handler = proc_dointvec_ms_jiffies, 1252 }, 1253 { 1254 .procname = "tcp_pacing_ss_ratio", 1255 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio, 1256 .maxlen = sizeof(int), 1257 .mode = 0644, 1258 .proc_handler = proc_dointvec_minmax, 1259 .extra1 = &zero, 1260 .extra2 = &thousand, 1261 }, 1262 { 1263 .procname = "tcp_pacing_ca_ratio", 1264 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio, 1265 .maxlen = sizeof(int), 1266 .mode = 0644, 1267 .proc_handler = proc_dointvec_minmax, 1268 .extra1 = &zero, 1269 .extra2 = &thousand, 1270 }, 1271 { 1272 .procname = "tcp_wmem", 1273 .data = &init_net.ipv4.sysctl_tcp_wmem, 1274 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem), 1275 .mode = 0644, 1276 .proc_handler = proc_dointvec_minmax, 1277 .extra1 = &one, 1278 }, 1279 { 1280 .procname = "tcp_rmem", 1281 .data = &init_net.ipv4.sysctl_tcp_rmem, 1282 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem), 1283 .mode = 0644, 1284 .proc_handler = proc_dointvec_minmax, 1285 .extra1 = &one, 1286 }, 1287 { 1288 .procname = "tcp_comp_sack_delay_ns", 1289 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns, 1290 .maxlen = sizeof(unsigned long), 1291 .mode = 0644, 1292 .proc_handler = proc_doulongvec_minmax, 1293 }, 1294 { 1295 .procname = "tcp_comp_sack_nr", 1296 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr, 1297 .maxlen = sizeof(int), 1298 .mode = 0644, 1299 .proc_handler = proc_dointvec_minmax, 1300 .extra1 = &zero, 1301 .extra2 = &comp_sack_nr_max, 1302 }, 1303 { 1304 .procname = "udp_rmem_min", 1305 .data = &init_net.ipv4.sysctl_udp_rmem_min, 1306 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min), 1307 .mode = 0644, 1308 .proc_handler = proc_dointvec_minmax, 1309 .extra1 = &one 1310 }, 1311 { 1312 .procname = "udp_wmem_min", 1313 .data = &init_net.ipv4.sysctl_udp_wmem_min, 1314 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min), 1315 .mode = 0644, 1316 .proc_handler = proc_dointvec_minmax, 1317 .extra1 = &one 1318 }, 1319 { } 1320 }; 1321 1322 static __net_init int ipv4_sysctl_init_net(struct net *net) 1323 { 1324 struct ctl_table *table; 1325 1326 table = ipv4_net_table; 1327 if (!net_eq(net, &init_net)) { 1328 int i; 1329 1330 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 1331 if (!table) 1332 goto err_alloc; 1333 1334 /* Update the variables to point into the current struct net */ 1335 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) 1336 table[i].data += (void *)net - (void *)&init_net; 1337 } 1338 1339 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 1340 if (!net->ipv4.ipv4_hdr) 1341 goto err_reg; 1342 1343 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); 1344 if (!net->ipv4.sysctl_local_reserved_ports) 1345 goto err_ports; 1346 1347 return 0; 1348 1349 err_ports: 1350 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1351 err_reg: 1352 if (!net_eq(net, &init_net)) 1353 kfree(table); 1354 err_alloc: 1355 return -ENOMEM; 1356 } 1357 1358 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 1359 { 1360 struct ctl_table *table; 1361 1362 kfree(net->ipv4.sysctl_local_reserved_ports); 1363 table = net->ipv4.ipv4_hdr->ctl_table_arg; 1364 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1365 kfree(table); 1366 } 1367 1368 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 1369 .init = ipv4_sysctl_init_net, 1370 .exit = ipv4_sysctl_exit_net, 1371 }; 1372 1373 static __init int sysctl_ipv4_init(void) 1374 { 1375 struct ctl_table_header *hdr; 1376 1377 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 1378 if (!hdr) 1379 return -ENOMEM; 1380 1381 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 1382 unregister_net_sysctl_table(hdr); 1383 return -ENOMEM; 1384 } 1385 1386 return 0; 1387 } 1388 1389 __initcall(sysctl_ipv4_init); 1390