1 /* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8 #include <linux/mm.h> 9 #include <linux/module.h> 10 #include <linux/sysctl.h> 11 #include <linux/igmp.h> 12 #include <linux/inetdevice.h> 13 #include <linux/seqlock.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/nsproxy.h> 17 #include <linux/swap.h> 18 #include <net/snmp.h> 19 #include <net/icmp.h> 20 #include <net/ip.h> 21 #include <net/route.h> 22 #include <net/tcp.h> 23 #include <net/udp.h> 24 #include <net/cipso_ipv4.h> 25 #include <net/inet_frag.h> 26 #include <net/ping.h> 27 #include <net/tcp_memcontrol.h> 28 29 static int zero; 30 static int two = 2; 31 static int tcp_retr1_max = 255; 32 static int ip_local_port_range_min[] = { 1, 1 }; 33 static int ip_local_port_range_max[] = { 65535, 65535 }; 34 static int tcp_adv_win_scale_min = -31; 35 static int tcp_adv_win_scale_max = 31; 36 static int ip_ttl_min = 1; 37 static int ip_ttl_max = 255; 38 static int ip_ping_group_range_min[] = { 0, 0 }; 39 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 40 41 /* Update system visible IP port range */ 42 static void set_local_port_range(int range[2]) 43 { 44 write_seqlock(&sysctl_local_ports.lock); 45 sysctl_local_ports.range[0] = range[0]; 46 sysctl_local_ports.range[1] = range[1]; 47 write_sequnlock(&sysctl_local_ports.lock); 48 } 49 50 /* Validate changes from /proc interface. */ 51 static int ipv4_local_port_range(ctl_table *table, int write, 52 void __user *buffer, 53 size_t *lenp, loff_t *ppos) 54 { 55 int ret; 56 int range[2]; 57 ctl_table tmp = { 58 .data = &range, 59 .maxlen = sizeof(range), 60 .mode = table->mode, 61 .extra1 = &ip_local_port_range_min, 62 .extra2 = &ip_local_port_range_max, 63 }; 64 65 inet_get_local_port_range(range, range + 1); 66 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 67 68 if (write && ret == 0) { 69 if (range[1] < range[0]) 70 ret = -EINVAL; 71 else 72 set_local_port_range(range); 73 } 74 75 return ret; 76 } 77 78 79 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 80 { 81 kgid_t *data = table->data; 82 unsigned int seq; 83 do { 84 seq = read_seqbegin(&sysctl_local_ports.lock); 85 86 *low = data[0]; 87 *high = data[1]; 88 } while (read_seqretry(&sysctl_local_ports.lock, seq)); 89 } 90 91 /* Update system visible IP port range */ 92 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 93 { 94 kgid_t *data = table->data; 95 write_seqlock(&sysctl_local_ports.lock); 96 data[0] = low; 97 data[1] = high; 98 write_sequnlock(&sysctl_local_ports.lock); 99 } 100 101 /* Validate changes from /proc interface. */ 102 static int ipv4_ping_group_range(ctl_table *table, int write, 103 void __user *buffer, 104 size_t *lenp, loff_t *ppos) 105 { 106 struct user_namespace *user_ns = current_user_ns(); 107 int ret; 108 gid_t urange[2]; 109 kgid_t low, high; 110 ctl_table tmp = { 111 .data = &urange, 112 .maxlen = sizeof(urange), 113 .mode = table->mode, 114 .extra1 = &ip_ping_group_range_min, 115 .extra2 = &ip_ping_group_range_max, 116 }; 117 118 inet_get_ping_group_range_table(table, &low, &high); 119 urange[0] = from_kgid_munged(user_ns, low); 120 urange[1] = from_kgid_munged(user_ns, high); 121 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 122 123 if (write && ret == 0) { 124 low = make_kgid(user_ns, urange[0]); 125 high = make_kgid(user_ns, urange[1]); 126 if (!gid_valid(low) || !gid_valid(high) || 127 (urange[1] < urange[0]) || gid_lt(high, low)) { 128 low = make_kgid(&init_user_ns, 1); 129 high = make_kgid(&init_user_ns, 0); 130 } 131 set_ping_group_range(table, low, high); 132 } 133 134 return ret; 135 } 136 137 static int proc_tcp_congestion_control(ctl_table *ctl, int write, 138 void __user *buffer, size_t *lenp, loff_t *ppos) 139 { 140 char val[TCP_CA_NAME_MAX]; 141 ctl_table tbl = { 142 .data = val, 143 .maxlen = TCP_CA_NAME_MAX, 144 }; 145 int ret; 146 147 tcp_get_default_congestion_control(val); 148 149 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 150 if (write && ret == 0) 151 ret = tcp_set_default_congestion_control(val); 152 return ret; 153 } 154 155 static int proc_tcp_available_congestion_control(ctl_table *ctl, 156 int write, 157 void __user *buffer, size_t *lenp, 158 loff_t *ppos) 159 { 160 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 161 int ret; 162 163 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 164 if (!tbl.data) 165 return -ENOMEM; 166 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 167 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 168 kfree(tbl.data); 169 return ret; 170 } 171 172 static int proc_allowed_congestion_control(ctl_table *ctl, 173 int write, 174 void __user *buffer, size_t *lenp, 175 loff_t *ppos) 176 { 177 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 178 int ret; 179 180 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 181 if (!tbl.data) 182 return -ENOMEM; 183 184 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 185 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 186 if (write && ret == 0) 187 ret = tcp_set_allowed_congestion_control(tbl.data); 188 kfree(tbl.data); 189 return ret; 190 } 191 192 static int ipv4_tcp_mem(ctl_table *ctl, int write, 193 void __user *buffer, size_t *lenp, 194 loff_t *ppos) 195 { 196 int ret; 197 unsigned long vec[3]; 198 struct net *net = current->nsproxy->net_ns; 199 #ifdef CONFIG_MEMCG_KMEM 200 struct mem_cgroup *memcg; 201 #endif 202 203 ctl_table tmp = { 204 .data = &vec, 205 .maxlen = sizeof(vec), 206 .mode = ctl->mode, 207 }; 208 209 if (!write) { 210 ctl->data = &net->ipv4.sysctl_tcp_mem; 211 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos); 212 } 213 214 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 215 if (ret) 216 return ret; 217 218 #ifdef CONFIG_MEMCG_KMEM 219 rcu_read_lock(); 220 memcg = mem_cgroup_from_task(current); 221 222 tcp_prot_mem(memcg, vec[0], 0); 223 tcp_prot_mem(memcg, vec[1], 1); 224 tcp_prot_mem(memcg, vec[2], 2); 225 rcu_read_unlock(); 226 #endif 227 228 net->ipv4.sysctl_tcp_mem[0] = vec[0]; 229 net->ipv4.sysctl_tcp_mem[1] = vec[1]; 230 net->ipv4.sysctl_tcp_mem[2] = vec[2]; 231 232 return 0; 233 } 234 235 int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, 236 size_t *lenp, loff_t *ppos) 237 { 238 ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; 239 struct tcp_fastopen_context *ctxt; 240 int ret; 241 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ 242 243 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 244 if (!tbl.data) 245 return -ENOMEM; 246 247 rcu_read_lock(); 248 ctxt = rcu_dereference(tcp_fastopen_ctx); 249 if (ctxt) 250 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); 251 else 252 memset(user_key, 0, sizeof(user_key)); 253 rcu_read_unlock(); 254 255 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", 256 user_key[0], user_key[1], user_key[2], user_key[3]); 257 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 258 259 if (write && ret == 0) { 260 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1, 261 user_key + 2, user_key + 3) != 4) { 262 ret = -EINVAL; 263 goto bad_key; 264 } 265 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH); 266 } 267 268 bad_key: 269 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 270 user_key[0], user_key[1], user_key[2], user_key[3], 271 (char *)tbl.data, ret); 272 kfree(tbl.data); 273 return ret; 274 } 275 276 static struct ctl_table ipv4_table[] = { 277 { 278 .procname = "tcp_timestamps", 279 .data = &sysctl_tcp_timestamps, 280 .maxlen = sizeof(int), 281 .mode = 0644, 282 .proc_handler = proc_dointvec 283 }, 284 { 285 .procname = "tcp_window_scaling", 286 .data = &sysctl_tcp_window_scaling, 287 .maxlen = sizeof(int), 288 .mode = 0644, 289 .proc_handler = proc_dointvec 290 }, 291 { 292 .procname = "tcp_sack", 293 .data = &sysctl_tcp_sack, 294 .maxlen = sizeof(int), 295 .mode = 0644, 296 .proc_handler = proc_dointvec 297 }, 298 { 299 .procname = "tcp_retrans_collapse", 300 .data = &sysctl_tcp_retrans_collapse, 301 .maxlen = sizeof(int), 302 .mode = 0644, 303 .proc_handler = proc_dointvec 304 }, 305 { 306 .procname = "ip_default_ttl", 307 .data = &sysctl_ip_default_ttl, 308 .maxlen = sizeof(int), 309 .mode = 0644, 310 .proc_handler = proc_dointvec_minmax, 311 .extra1 = &ip_ttl_min, 312 .extra2 = &ip_ttl_max, 313 }, 314 { 315 .procname = "ip_no_pmtu_disc", 316 .data = &ipv4_config.no_pmtu_disc, 317 .maxlen = sizeof(int), 318 .mode = 0644, 319 .proc_handler = proc_dointvec 320 }, 321 { 322 .procname = "ip_nonlocal_bind", 323 .data = &sysctl_ip_nonlocal_bind, 324 .maxlen = sizeof(int), 325 .mode = 0644, 326 .proc_handler = proc_dointvec 327 }, 328 { 329 .procname = "tcp_syn_retries", 330 .data = &sysctl_tcp_syn_retries, 331 .maxlen = sizeof(int), 332 .mode = 0644, 333 .proc_handler = proc_dointvec 334 }, 335 { 336 .procname = "tcp_synack_retries", 337 .data = &sysctl_tcp_synack_retries, 338 .maxlen = sizeof(int), 339 .mode = 0644, 340 .proc_handler = proc_dointvec 341 }, 342 { 343 .procname = "tcp_max_orphans", 344 .data = &sysctl_tcp_max_orphans, 345 .maxlen = sizeof(int), 346 .mode = 0644, 347 .proc_handler = proc_dointvec 348 }, 349 { 350 .procname = "tcp_max_tw_buckets", 351 .data = &tcp_death_row.sysctl_max_tw_buckets, 352 .maxlen = sizeof(int), 353 .mode = 0644, 354 .proc_handler = proc_dointvec 355 }, 356 { 357 .procname = "ip_early_demux", 358 .data = &sysctl_ip_early_demux, 359 .maxlen = sizeof(int), 360 .mode = 0644, 361 .proc_handler = proc_dointvec 362 }, 363 { 364 .procname = "ip_dynaddr", 365 .data = &sysctl_ip_dynaddr, 366 .maxlen = sizeof(int), 367 .mode = 0644, 368 .proc_handler = proc_dointvec 369 }, 370 { 371 .procname = "tcp_keepalive_time", 372 .data = &sysctl_tcp_keepalive_time, 373 .maxlen = sizeof(int), 374 .mode = 0644, 375 .proc_handler = proc_dointvec_jiffies, 376 }, 377 { 378 .procname = "tcp_keepalive_probes", 379 .data = &sysctl_tcp_keepalive_probes, 380 .maxlen = sizeof(int), 381 .mode = 0644, 382 .proc_handler = proc_dointvec 383 }, 384 { 385 .procname = "tcp_keepalive_intvl", 386 .data = &sysctl_tcp_keepalive_intvl, 387 .maxlen = sizeof(int), 388 .mode = 0644, 389 .proc_handler = proc_dointvec_jiffies, 390 }, 391 { 392 .procname = "tcp_retries1", 393 .data = &sysctl_tcp_retries1, 394 .maxlen = sizeof(int), 395 .mode = 0644, 396 .proc_handler = proc_dointvec_minmax, 397 .extra2 = &tcp_retr1_max 398 }, 399 { 400 .procname = "tcp_retries2", 401 .data = &sysctl_tcp_retries2, 402 .maxlen = sizeof(int), 403 .mode = 0644, 404 .proc_handler = proc_dointvec 405 }, 406 { 407 .procname = "tcp_fin_timeout", 408 .data = &sysctl_tcp_fin_timeout, 409 .maxlen = sizeof(int), 410 .mode = 0644, 411 .proc_handler = proc_dointvec_jiffies, 412 }, 413 #ifdef CONFIG_SYN_COOKIES 414 { 415 .procname = "tcp_syncookies", 416 .data = &sysctl_tcp_syncookies, 417 .maxlen = sizeof(int), 418 .mode = 0644, 419 .proc_handler = proc_dointvec 420 }, 421 #endif 422 { 423 .procname = "tcp_fastopen", 424 .data = &sysctl_tcp_fastopen, 425 .maxlen = sizeof(int), 426 .mode = 0644, 427 .proc_handler = proc_dointvec, 428 }, 429 { 430 .procname = "tcp_fastopen_key", 431 .mode = 0600, 432 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), 433 .proc_handler = proc_tcp_fastopen_key, 434 }, 435 { 436 .procname = "tcp_tw_recycle", 437 .data = &tcp_death_row.sysctl_tw_recycle, 438 .maxlen = sizeof(int), 439 .mode = 0644, 440 .proc_handler = proc_dointvec 441 }, 442 { 443 .procname = "tcp_abort_on_overflow", 444 .data = &sysctl_tcp_abort_on_overflow, 445 .maxlen = sizeof(int), 446 .mode = 0644, 447 .proc_handler = proc_dointvec 448 }, 449 { 450 .procname = "tcp_stdurg", 451 .data = &sysctl_tcp_stdurg, 452 .maxlen = sizeof(int), 453 .mode = 0644, 454 .proc_handler = proc_dointvec 455 }, 456 { 457 .procname = "tcp_rfc1337", 458 .data = &sysctl_tcp_rfc1337, 459 .maxlen = sizeof(int), 460 .mode = 0644, 461 .proc_handler = proc_dointvec 462 }, 463 { 464 .procname = "tcp_max_syn_backlog", 465 .data = &sysctl_max_syn_backlog, 466 .maxlen = sizeof(int), 467 .mode = 0644, 468 .proc_handler = proc_dointvec 469 }, 470 { 471 .procname = "ip_local_port_range", 472 .data = &sysctl_local_ports.range, 473 .maxlen = sizeof(sysctl_local_ports.range), 474 .mode = 0644, 475 .proc_handler = ipv4_local_port_range, 476 }, 477 { 478 .procname = "ip_local_reserved_ports", 479 .data = NULL, /* initialized in sysctl_ipv4_init */ 480 .maxlen = 65536, 481 .mode = 0644, 482 .proc_handler = proc_do_large_bitmap, 483 }, 484 { 485 .procname = "igmp_max_memberships", 486 .data = &sysctl_igmp_max_memberships, 487 .maxlen = sizeof(int), 488 .mode = 0644, 489 .proc_handler = proc_dointvec 490 }, 491 { 492 .procname = "igmp_max_msf", 493 .data = &sysctl_igmp_max_msf, 494 .maxlen = sizeof(int), 495 .mode = 0644, 496 .proc_handler = proc_dointvec 497 }, 498 { 499 .procname = "inet_peer_threshold", 500 .data = &inet_peer_threshold, 501 .maxlen = sizeof(int), 502 .mode = 0644, 503 .proc_handler = proc_dointvec 504 }, 505 { 506 .procname = "inet_peer_minttl", 507 .data = &inet_peer_minttl, 508 .maxlen = sizeof(int), 509 .mode = 0644, 510 .proc_handler = proc_dointvec_jiffies, 511 }, 512 { 513 .procname = "inet_peer_maxttl", 514 .data = &inet_peer_maxttl, 515 .maxlen = sizeof(int), 516 .mode = 0644, 517 .proc_handler = proc_dointvec_jiffies, 518 }, 519 { 520 .procname = "tcp_orphan_retries", 521 .data = &sysctl_tcp_orphan_retries, 522 .maxlen = sizeof(int), 523 .mode = 0644, 524 .proc_handler = proc_dointvec 525 }, 526 { 527 .procname = "tcp_fack", 528 .data = &sysctl_tcp_fack, 529 .maxlen = sizeof(int), 530 .mode = 0644, 531 .proc_handler = proc_dointvec 532 }, 533 { 534 .procname = "tcp_reordering", 535 .data = &sysctl_tcp_reordering, 536 .maxlen = sizeof(int), 537 .mode = 0644, 538 .proc_handler = proc_dointvec 539 }, 540 { 541 .procname = "tcp_ecn", 542 .data = &sysctl_tcp_ecn, 543 .maxlen = sizeof(int), 544 .mode = 0644, 545 .proc_handler = proc_dointvec 546 }, 547 { 548 .procname = "tcp_dsack", 549 .data = &sysctl_tcp_dsack, 550 .maxlen = sizeof(int), 551 .mode = 0644, 552 .proc_handler = proc_dointvec 553 }, 554 { 555 .procname = "tcp_wmem", 556 .data = &sysctl_tcp_wmem, 557 .maxlen = sizeof(sysctl_tcp_wmem), 558 .mode = 0644, 559 .proc_handler = proc_dointvec 560 }, 561 { 562 .procname = "tcp_rmem", 563 .data = &sysctl_tcp_rmem, 564 .maxlen = sizeof(sysctl_tcp_rmem), 565 .mode = 0644, 566 .proc_handler = proc_dointvec 567 }, 568 { 569 .procname = "tcp_app_win", 570 .data = &sysctl_tcp_app_win, 571 .maxlen = sizeof(int), 572 .mode = 0644, 573 .proc_handler = proc_dointvec 574 }, 575 { 576 .procname = "tcp_adv_win_scale", 577 .data = &sysctl_tcp_adv_win_scale, 578 .maxlen = sizeof(int), 579 .mode = 0644, 580 .proc_handler = proc_dointvec_minmax, 581 .extra1 = &tcp_adv_win_scale_min, 582 .extra2 = &tcp_adv_win_scale_max, 583 }, 584 { 585 .procname = "tcp_tw_reuse", 586 .data = &sysctl_tcp_tw_reuse, 587 .maxlen = sizeof(int), 588 .mode = 0644, 589 .proc_handler = proc_dointvec 590 }, 591 { 592 .procname = "tcp_frto", 593 .data = &sysctl_tcp_frto, 594 .maxlen = sizeof(int), 595 .mode = 0644, 596 .proc_handler = proc_dointvec 597 }, 598 { 599 .procname = "tcp_frto_response", 600 .data = &sysctl_tcp_frto_response, 601 .maxlen = sizeof(int), 602 .mode = 0644, 603 .proc_handler = proc_dointvec 604 }, 605 { 606 .procname = "tcp_low_latency", 607 .data = &sysctl_tcp_low_latency, 608 .maxlen = sizeof(int), 609 .mode = 0644, 610 .proc_handler = proc_dointvec 611 }, 612 { 613 .procname = "tcp_no_metrics_save", 614 .data = &sysctl_tcp_nometrics_save, 615 .maxlen = sizeof(int), 616 .mode = 0644, 617 .proc_handler = proc_dointvec, 618 }, 619 { 620 .procname = "tcp_moderate_rcvbuf", 621 .data = &sysctl_tcp_moderate_rcvbuf, 622 .maxlen = sizeof(int), 623 .mode = 0644, 624 .proc_handler = proc_dointvec, 625 }, 626 { 627 .procname = "tcp_tso_win_divisor", 628 .data = &sysctl_tcp_tso_win_divisor, 629 .maxlen = sizeof(int), 630 .mode = 0644, 631 .proc_handler = proc_dointvec, 632 }, 633 { 634 .procname = "tcp_congestion_control", 635 .mode = 0644, 636 .maxlen = TCP_CA_NAME_MAX, 637 .proc_handler = proc_tcp_congestion_control, 638 }, 639 { 640 .procname = "tcp_abc", 641 .data = &sysctl_tcp_abc, 642 .maxlen = sizeof(int), 643 .mode = 0644, 644 .proc_handler = proc_dointvec, 645 }, 646 { 647 .procname = "tcp_mtu_probing", 648 .data = &sysctl_tcp_mtu_probing, 649 .maxlen = sizeof(int), 650 .mode = 0644, 651 .proc_handler = proc_dointvec, 652 }, 653 { 654 .procname = "tcp_base_mss", 655 .data = &sysctl_tcp_base_mss, 656 .maxlen = sizeof(int), 657 .mode = 0644, 658 .proc_handler = proc_dointvec, 659 }, 660 { 661 .procname = "tcp_workaround_signed_windows", 662 .data = &sysctl_tcp_workaround_signed_windows, 663 .maxlen = sizeof(int), 664 .mode = 0644, 665 .proc_handler = proc_dointvec 666 }, 667 { 668 .procname = "tcp_limit_output_bytes", 669 .data = &sysctl_tcp_limit_output_bytes, 670 .maxlen = sizeof(int), 671 .mode = 0644, 672 .proc_handler = proc_dointvec 673 }, 674 { 675 .procname = "tcp_challenge_ack_limit", 676 .data = &sysctl_tcp_challenge_ack_limit, 677 .maxlen = sizeof(int), 678 .mode = 0644, 679 .proc_handler = proc_dointvec 680 }, 681 #ifdef CONFIG_NET_DMA 682 { 683 .procname = "tcp_dma_copybreak", 684 .data = &sysctl_tcp_dma_copybreak, 685 .maxlen = sizeof(int), 686 .mode = 0644, 687 .proc_handler = proc_dointvec 688 }, 689 #endif 690 { 691 .procname = "tcp_slow_start_after_idle", 692 .data = &sysctl_tcp_slow_start_after_idle, 693 .maxlen = sizeof(int), 694 .mode = 0644, 695 .proc_handler = proc_dointvec 696 }, 697 #ifdef CONFIG_NETLABEL 698 { 699 .procname = "cipso_cache_enable", 700 .data = &cipso_v4_cache_enabled, 701 .maxlen = sizeof(int), 702 .mode = 0644, 703 .proc_handler = proc_dointvec, 704 }, 705 { 706 .procname = "cipso_cache_bucket_size", 707 .data = &cipso_v4_cache_bucketsize, 708 .maxlen = sizeof(int), 709 .mode = 0644, 710 .proc_handler = proc_dointvec, 711 }, 712 { 713 .procname = "cipso_rbm_optfmt", 714 .data = &cipso_v4_rbm_optfmt, 715 .maxlen = sizeof(int), 716 .mode = 0644, 717 .proc_handler = proc_dointvec, 718 }, 719 { 720 .procname = "cipso_rbm_strictvalid", 721 .data = &cipso_v4_rbm_strictvalid, 722 .maxlen = sizeof(int), 723 .mode = 0644, 724 .proc_handler = proc_dointvec, 725 }, 726 #endif /* CONFIG_NETLABEL */ 727 { 728 .procname = "tcp_available_congestion_control", 729 .maxlen = TCP_CA_BUF_MAX, 730 .mode = 0444, 731 .proc_handler = proc_tcp_available_congestion_control, 732 }, 733 { 734 .procname = "tcp_allowed_congestion_control", 735 .maxlen = TCP_CA_BUF_MAX, 736 .mode = 0644, 737 .proc_handler = proc_allowed_congestion_control, 738 }, 739 { 740 .procname = "tcp_max_ssthresh", 741 .data = &sysctl_tcp_max_ssthresh, 742 .maxlen = sizeof(int), 743 .mode = 0644, 744 .proc_handler = proc_dointvec, 745 }, 746 { 747 .procname = "tcp_cookie_size", 748 .data = &sysctl_tcp_cookie_size, 749 .maxlen = sizeof(int), 750 .mode = 0644, 751 .proc_handler = proc_dointvec 752 }, 753 { 754 .procname = "tcp_thin_linear_timeouts", 755 .data = &sysctl_tcp_thin_linear_timeouts, 756 .maxlen = sizeof(int), 757 .mode = 0644, 758 .proc_handler = proc_dointvec 759 }, 760 { 761 .procname = "tcp_thin_dupack", 762 .data = &sysctl_tcp_thin_dupack, 763 .maxlen = sizeof(int), 764 .mode = 0644, 765 .proc_handler = proc_dointvec 766 }, 767 { 768 .procname = "tcp_early_retrans", 769 .data = &sysctl_tcp_early_retrans, 770 .maxlen = sizeof(int), 771 .mode = 0644, 772 .proc_handler = proc_dointvec_minmax, 773 .extra1 = &zero, 774 .extra2 = &two, 775 }, 776 { 777 .procname = "udp_mem", 778 .data = &sysctl_udp_mem, 779 .maxlen = sizeof(sysctl_udp_mem), 780 .mode = 0644, 781 .proc_handler = proc_doulongvec_minmax, 782 }, 783 { 784 .procname = "udp_rmem_min", 785 .data = &sysctl_udp_rmem_min, 786 .maxlen = sizeof(sysctl_udp_rmem_min), 787 .mode = 0644, 788 .proc_handler = proc_dointvec_minmax, 789 .extra1 = &zero 790 }, 791 { 792 .procname = "udp_wmem_min", 793 .data = &sysctl_udp_wmem_min, 794 .maxlen = sizeof(sysctl_udp_wmem_min), 795 .mode = 0644, 796 .proc_handler = proc_dointvec_minmax, 797 .extra1 = &zero 798 }, 799 { } 800 }; 801 802 static struct ctl_table ipv4_net_table[] = { 803 { 804 .procname = "icmp_echo_ignore_all", 805 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 806 .maxlen = sizeof(int), 807 .mode = 0644, 808 .proc_handler = proc_dointvec 809 }, 810 { 811 .procname = "icmp_echo_ignore_broadcasts", 812 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 813 .maxlen = sizeof(int), 814 .mode = 0644, 815 .proc_handler = proc_dointvec 816 }, 817 { 818 .procname = "icmp_ignore_bogus_error_responses", 819 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 820 .maxlen = sizeof(int), 821 .mode = 0644, 822 .proc_handler = proc_dointvec 823 }, 824 { 825 .procname = "icmp_errors_use_inbound_ifaddr", 826 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 827 .maxlen = sizeof(int), 828 .mode = 0644, 829 .proc_handler = proc_dointvec 830 }, 831 { 832 .procname = "icmp_ratelimit", 833 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 834 .maxlen = sizeof(int), 835 .mode = 0644, 836 .proc_handler = proc_dointvec_ms_jiffies, 837 }, 838 { 839 .procname = "icmp_ratemask", 840 .data = &init_net.ipv4.sysctl_icmp_ratemask, 841 .maxlen = sizeof(int), 842 .mode = 0644, 843 .proc_handler = proc_dointvec 844 }, 845 { 846 .procname = "ping_group_range", 847 .data = &init_net.ipv4.sysctl_ping_group_range, 848 .maxlen = sizeof(gid_t)*2, 849 .mode = 0644, 850 .proc_handler = ipv4_ping_group_range, 851 }, 852 { 853 .procname = "tcp_mem", 854 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem), 855 .mode = 0644, 856 .proc_handler = ipv4_tcp_mem, 857 }, 858 { } 859 }; 860 861 static __net_init int ipv4_sysctl_init_net(struct net *net) 862 { 863 struct ctl_table *table; 864 865 table = ipv4_net_table; 866 if (!net_eq(net, &init_net)) { 867 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 868 if (table == NULL) 869 goto err_alloc; 870 871 table[0].data = 872 &net->ipv4.sysctl_icmp_echo_ignore_all; 873 table[1].data = 874 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; 875 table[2].data = 876 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; 877 table[3].data = 878 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; 879 table[4].data = 880 &net->ipv4.sysctl_icmp_ratelimit; 881 table[5].data = 882 &net->ipv4.sysctl_icmp_ratemask; 883 table[6].data = 884 &net->ipv4.sysctl_ping_group_range; 885 886 /* Don't export sysctls to unprivileged users */ 887 if (net->user_ns != &init_user_ns) 888 table[0].procname = NULL; 889 } 890 891 /* 892 * Sane defaults - nobody may create ping sockets. 893 * Boot scripts should set this to distro-specific group. 894 */ 895 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1); 896 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0); 897 898 tcp_init_mem(net); 899 900 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 901 if (net->ipv4.ipv4_hdr == NULL) 902 goto err_reg; 903 904 return 0; 905 906 err_reg: 907 if (!net_eq(net, &init_net)) 908 kfree(table); 909 err_alloc: 910 return -ENOMEM; 911 } 912 913 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 914 { 915 struct ctl_table *table; 916 917 table = net->ipv4.ipv4_hdr->ctl_table_arg; 918 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 919 kfree(table); 920 } 921 922 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 923 .init = ipv4_sysctl_init_net, 924 .exit = ipv4_sysctl_exit_net, 925 }; 926 927 static __init int sysctl_ipv4_init(void) 928 { 929 struct ctl_table_header *hdr; 930 struct ctl_table *i; 931 932 for (i = ipv4_table; i->procname; i++) { 933 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { 934 i->data = sysctl_local_reserved_ports; 935 break; 936 } 937 } 938 if (!i->procname) 939 return -EINVAL; 940 941 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 942 if (hdr == NULL) 943 return -ENOMEM; 944 945 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 946 unregister_net_sysctl_table(hdr); 947 return -ENOMEM; 948 } 949 950 return 0; 951 } 952 953 __initcall(sysctl_ipv4_init); 954