1 /* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8 #include <linux/mm.h> 9 #include <linux/module.h> 10 #include <linux/sysctl.h> 11 #include <linux/igmp.h> 12 #include <linux/inetdevice.h> 13 #include <linux/seqlock.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/nsproxy.h> 17 #include <linux/swap.h> 18 #include <net/snmp.h> 19 #include <net/icmp.h> 20 #include <net/ip.h> 21 #include <net/route.h> 22 #include <net/tcp.h> 23 #include <net/udp.h> 24 #include <net/cipso_ipv4.h> 25 #include <net/inet_frag.h> 26 #include <net/ping.h> 27 #include <net/tcp_memcontrol.h> 28 29 static int zero; 30 static int one = 1; 31 static int four = 4; 32 static int tcp_retr1_max = 255; 33 static int ip_local_port_range_min[] = { 1, 1 }; 34 static int ip_local_port_range_max[] = { 65535, 65535 }; 35 static int tcp_adv_win_scale_min = -31; 36 static int tcp_adv_win_scale_max = 31; 37 static int ip_ttl_min = 1; 38 static int ip_ttl_max = 255; 39 static int ip_ping_group_range_min[] = { 0, 0 }; 40 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 41 42 /* Update system visible IP port range */ 43 static void set_local_port_range(int range[2]) 44 { 45 write_seqlock(&sysctl_local_ports.lock); 46 sysctl_local_ports.range[0] = range[0]; 47 sysctl_local_ports.range[1] = range[1]; 48 write_sequnlock(&sysctl_local_ports.lock); 49 } 50 51 /* Validate changes from /proc interface. */ 52 static int ipv4_local_port_range(struct ctl_table *table, int write, 53 void __user *buffer, 54 size_t *lenp, loff_t *ppos) 55 { 56 int ret; 57 int range[2]; 58 struct ctl_table tmp = { 59 .data = &range, 60 .maxlen = sizeof(range), 61 .mode = table->mode, 62 .extra1 = &ip_local_port_range_min, 63 .extra2 = &ip_local_port_range_max, 64 }; 65 66 inet_get_local_port_range(range, range + 1); 67 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 68 69 if (write && ret == 0) { 70 if (range[1] < range[0]) 71 ret = -EINVAL; 72 else 73 set_local_port_range(range); 74 } 75 76 return ret; 77 } 78 79 80 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 81 { 82 kgid_t *data = table->data; 83 unsigned int seq; 84 do { 85 seq = read_seqbegin(&sysctl_local_ports.lock); 86 87 *low = data[0]; 88 *high = data[1]; 89 } while (read_seqretry(&sysctl_local_ports.lock, seq)); 90 } 91 92 /* Update system visible IP port range */ 93 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 94 { 95 kgid_t *data = table->data; 96 write_seqlock(&sysctl_local_ports.lock); 97 data[0] = low; 98 data[1] = high; 99 write_sequnlock(&sysctl_local_ports.lock); 100 } 101 102 /* Validate changes from /proc interface. */ 103 static int ipv4_ping_group_range(struct ctl_table *table, int write, 104 void __user *buffer, 105 size_t *lenp, loff_t *ppos) 106 { 107 struct user_namespace *user_ns = current_user_ns(); 108 int ret; 109 gid_t urange[2]; 110 kgid_t low, high; 111 struct ctl_table tmp = { 112 .data = &urange, 113 .maxlen = sizeof(urange), 114 .mode = table->mode, 115 .extra1 = &ip_ping_group_range_min, 116 .extra2 = &ip_ping_group_range_max, 117 }; 118 119 inet_get_ping_group_range_table(table, &low, &high); 120 urange[0] = from_kgid_munged(user_ns, low); 121 urange[1] = from_kgid_munged(user_ns, high); 122 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 123 124 if (write && ret == 0) { 125 low = make_kgid(user_ns, urange[0]); 126 high = make_kgid(user_ns, urange[1]); 127 if (!gid_valid(low) || !gid_valid(high) || 128 (urange[1] < urange[0]) || gid_lt(high, low)) { 129 low = make_kgid(&init_user_ns, 1); 130 high = make_kgid(&init_user_ns, 0); 131 } 132 set_ping_group_range(table, low, high); 133 } 134 135 return ret; 136 } 137 138 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 139 void __user *buffer, size_t *lenp, loff_t *ppos) 140 { 141 char val[TCP_CA_NAME_MAX]; 142 struct ctl_table tbl = { 143 .data = val, 144 .maxlen = TCP_CA_NAME_MAX, 145 }; 146 int ret; 147 148 tcp_get_default_congestion_control(val); 149 150 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 151 if (write && ret == 0) 152 ret = tcp_set_default_congestion_control(val); 153 return ret; 154 } 155 156 static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 157 int write, 158 void __user *buffer, size_t *lenp, 159 loff_t *ppos) 160 { 161 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 162 int ret; 163 164 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 165 if (!tbl.data) 166 return -ENOMEM; 167 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 168 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 169 kfree(tbl.data); 170 return ret; 171 } 172 173 static int proc_allowed_congestion_control(struct ctl_table *ctl, 174 int write, 175 void __user *buffer, size_t *lenp, 176 loff_t *ppos) 177 { 178 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 179 int ret; 180 181 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 182 if (!tbl.data) 183 return -ENOMEM; 184 185 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 186 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 187 if (write && ret == 0) 188 ret = tcp_set_allowed_congestion_control(tbl.data); 189 kfree(tbl.data); 190 return ret; 191 } 192 193 static int ipv4_tcp_mem(struct ctl_table *ctl, int write, 194 void __user *buffer, size_t *lenp, 195 loff_t *ppos) 196 { 197 int ret; 198 unsigned long vec[3]; 199 struct net *net = current->nsproxy->net_ns; 200 #ifdef CONFIG_MEMCG_KMEM 201 struct mem_cgroup *memcg; 202 #endif 203 204 struct ctl_table tmp = { 205 .data = &vec, 206 .maxlen = sizeof(vec), 207 .mode = ctl->mode, 208 }; 209 210 if (!write) { 211 ctl->data = &net->ipv4.sysctl_tcp_mem; 212 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos); 213 } 214 215 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 216 if (ret) 217 return ret; 218 219 #ifdef CONFIG_MEMCG_KMEM 220 rcu_read_lock(); 221 memcg = mem_cgroup_from_task(current); 222 223 tcp_prot_mem(memcg, vec[0], 0); 224 tcp_prot_mem(memcg, vec[1], 1); 225 tcp_prot_mem(memcg, vec[2], 2); 226 rcu_read_unlock(); 227 #endif 228 229 net->ipv4.sysctl_tcp_mem[0] = vec[0]; 230 net->ipv4.sysctl_tcp_mem[1] = vec[1]; 231 net->ipv4.sysctl_tcp_mem[2] = vec[2]; 232 233 return 0; 234 } 235 236 static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, 237 void __user *buffer, size_t *lenp, 238 loff_t *ppos) 239 { 240 struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; 241 struct tcp_fastopen_context *ctxt; 242 int ret; 243 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ 244 245 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 246 if (!tbl.data) 247 return -ENOMEM; 248 249 rcu_read_lock(); 250 ctxt = rcu_dereference(tcp_fastopen_ctx); 251 if (ctxt) 252 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); 253 else 254 memset(user_key, 0, sizeof(user_key)); 255 rcu_read_unlock(); 256 257 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", 258 user_key[0], user_key[1], user_key[2], user_key[3]); 259 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 260 261 if (write && ret == 0) { 262 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1, 263 user_key + 2, user_key + 3) != 4) { 264 ret = -EINVAL; 265 goto bad_key; 266 } 267 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH); 268 } 269 270 bad_key: 271 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 272 user_key[0], user_key[1], user_key[2], user_key[3], 273 (char *)tbl.data, ret); 274 kfree(tbl.data); 275 return ret; 276 } 277 278 static struct ctl_table ipv4_table[] = { 279 { 280 .procname = "tcp_timestamps", 281 .data = &sysctl_tcp_timestamps, 282 .maxlen = sizeof(int), 283 .mode = 0644, 284 .proc_handler = proc_dointvec 285 }, 286 { 287 .procname = "tcp_window_scaling", 288 .data = &sysctl_tcp_window_scaling, 289 .maxlen = sizeof(int), 290 .mode = 0644, 291 .proc_handler = proc_dointvec 292 }, 293 { 294 .procname = "tcp_sack", 295 .data = &sysctl_tcp_sack, 296 .maxlen = sizeof(int), 297 .mode = 0644, 298 .proc_handler = proc_dointvec 299 }, 300 { 301 .procname = "tcp_retrans_collapse", 302 .data = &sysctl_tcp_retrans_collapse, 303 .maxlen = sizeof(int), 304 .mode = 0644, 305 .proc_handler = proc_dointvec 306 }, 307 { 308 .procname = "ip_default_ttl", 309 .data = &sysctl_ip_default_ttl, 310 .maxlen = sizeof(int), 311 .mode = 0644, 312 .proc_handler = proc_dointvec_minmax, 313 .extra1 = &ip_ttl_min, 314 .extra2 = &ip_ttl_max, 315 }, 316 { 317 .procname = "ip_no_pmtu_disc", 318 .data = &ipv4_config.no_pmtu_disc, 319 .maxlen = sizeof(int), 320 .mode = 0644, 321 .proc_handler = proc_dointvec 322 }, 323 { 324 .procname = "ip_nonlocal_bind", 325 .data = &sysctl_ip_nonlocal_bind, 326 .maxlen = sizeof(int), 327 .mode = 0644, 328 .proc_handler = proc_dointvec 329 }, 330 { 331 .procname = "tcp_syn_retries", 332 .data = &sysctl_tcp_syn_retries, 333 .maxlen = sizeof(int), 334 .mode = 0644, 335 .proc_handler = proc_dointvec 336 }, 337 { 338 .procname = "tcp_synack_retries", 339 .data = &sysctl_tcp_synack_retries, 340 .maxlen = sizeof(int), 341 .mode = 0644, 342 .proc_handler = proc_dointvec 343 }, 344 { 345 .procname = "tcp_max_orphans", 346 .data = &sysctl_tcp_max_orphans, 347 .maxlen = sizeof(int), 348 .mode = 0644, 349 .proc_handler = proc_dointvec 350 }, 351 { 352 .procname = "tcp_max_tw_buckets", 353 .data = &tcp_death_row.sysctl_max_tw_buckets, 354 .maxlen = sizeof(int), 355 .mode = 0644, 356 .proc_handler = proc_dointvec 357 }, 358 { 359 .procname = "ip_early_demux", 360 .data = &sysctl_ip_early_demux, 361 .maxlen = sizeof(int), 362 .mode = 0644, 363 .proc_handler = proc_dointvec 364 }, 365 { 366 .procname = "ip_dynaddr", 367 .data = &sysctl_ip_dynaddr, 368 .maxlen = sizeof(int), 369 .mode = 0644, 370 .proc_handler = proc_dointvec 371 }, 372 { 373 .procname = "tcp_keepalive_time", 374 .data = &sysctl_tcp_keepalive_time, 375 .maxlen = sizeof(int), 376 .mode = 0644, 377 .proc_handler = proc_dointvec_jiffies, 378 }, 379 { 380 .procname = "tcp_keepalive_probes", 381 .data = &sysctl_tcp_keepalive_probes, 382 .maxlen = sizeof(int), 383 .mode = 0644, 384 .proc_handler = proc_dointvec 385 }, 386 { 387 .procname = "tcp_keepalive_intvl", 388 .data = &sysctl_tcp_keepalive_intvl, 389 .maxlen = sizeof(int), 390 .mode = 0644, 391 .proc_handler = proc_dointvec_jiffies, 392 }, 393 { 394 .procname = "tcp_retries1", 395 .data = &sysctl_tcp_retries1, 396 .maxlen = sizeof(int), 397 .mode = 0644, 398 .proc_handler = proc_dointvec_minmax, 399 .extra2 = &tcp_retr1_max 400 }, 401 { 402 .procname = "tcp_retries2", 403 .data = &sysctl_tcp_retries2, 404 .maxlen = sizeof(int), 405 .mode = 0644, 406 .proc_handler = proc_dointvec 407 }, 408 { 409 .procname = "tcp_fin_timeout", 410 .data = &sysctl_tcp_fin_timeout, 411 .maxlen = sizeof(int), 412 .mode = 0644, 413 .proc_handler = proc_dointvec_jiffies, 414 }, 415 #ifdef CONFIG_SYN_COOKIES 416 { 417 .procname = "tcp_syncookies", 418 .data = &sysctl_tcp_syncookies, 419 .maxlen = sizeof(int), 420 .mode = 0644, 421 .proc_handler = proc_dointvec 422 }, 423 #endif 424 { 425 .procname = "tcp_fastopen", 426 .data = &sysctl_tcp_fastopen, 427 .maxlen = sizeof(int), 428 .mode = 0644, 429 .proc_handler = proc_dointvec, 430 }, 431 { 432 .procname = "tcp_fastopen_key", 433 .mode = 0600, 434 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), 435 .proc_handler = proc_tcp_fastopen_key, 436 }, 437 { 438 .procname = "tcp_tw_recycle", 439 .data = &tcp_death_row.sysctl_tw_recycle, 440 .maxlen = sizeof(int), 441 .mode = 0644, 442 .proc_handler = proc_dointvec 443 }, 444 { 445 .procname = "tcp_abort_on_overflow", 446 .data = &sysctl_tcp_abort_on_overflow, 447 .maxlen = sizeof(int), 448 .mode = 0644, 449 .proc_handler = proc_dointvec 450 }, 451 { 452 .procname = "tcp_stdurg", 453 .data = &sysctl_tcp_stdurg, 454 .maxlen = sizeof(int), 455 .mode = 0644, 456 .proc_handler = proc_dointvec 457 }, 458 { 459 .procname = "tcp_rfc1337", 460 .data = &sysctl_tcp_rfc1337, 461 .maxlen = sizeof(int), 462 .mode = 0644, 463 .proc_handler = proc_dointvec 464 }, 465 { 466 .procname = "tcp_max_syn_backlog", 467 .data = &sysctl_max_syn_backlog, 468 .maxlen = sizeof(int), 469 .mode = 0644, 470 .proc_handler = proc_dointvec 471 }, 472 { 473 .procname = "ip_local_port_range", 474 .data = &sysctl_local_ports.range, 475 .maxlen = sizeof(sysctl_local_ports.range), 476 .mode = 0644, 477 .proc_handler = ipv4_local_port_range, 478 }, 479 { 480 .procname = "ip_local_reserved_ports", 481 .data = NULL, /* initialized in sysctl_ipv4_init */ 482 .maxlen = 65536, 483 .mode = 0644, 484 .proc_handler = proc_do_large_bitmap, 485 }, 486 { 487 .procname = "igmp_max_memberships", 488 .data = &sysctl_igmp_max_memberships, 489 .maxlen = sizeof(int), 490 .mode = 0644, 491 .proc_handler = proc_dointvec 492 }, 493 { 494 .procname = "igmp_max_msf", 495 .data = &sysctl_igmp_max_msf, 496 .maxlen = sizeof(int), 497 .mode = 0644, 498 .proc_handler = proc_dointvec 499 }, 500 { 501 .procname = "inet_peer_threshold", 502 .data = &inet_peer_threshold, 503 .maxlen = sizeof(int), 504 .mode = 0644, 505 .proc_handler = proc_dointvec 506 }, 507 { 508 .procname = "inet_peer_minttl", 509 .data = &inet_peer_minttl, 510 .maxlen = sizeof(int), 511 .mode = 0644, 512 .proc_handler = proc_dointvec_jiffies, 513 }, 514 { 515 .procname = "inet_peer_maxttl", 516 .data = &inet_peer_maxttl, 517 .maxlen = sizeof(int), 518 .mode = 0644, 519 .proc_handler = proc_dointvec_jiffies, 520 }, 521 { 522 .procname = "tcp_orphan_retries", 523 .data = &sysctl_tcp_orphan_retries, 524 .maxlen = sizeof(int), 525 .mode = 0644, 526 .proc_handler = proc_dointvec 527 }, 528 { 529 .procname = "tcp_fack", 530 .data = &sysctl_tcp_fack, 531 .maxlen = sizeof(int), 532 .mode = 0644, 533 .proc_handler = proc_dointvec 534 }, 535 { 536 .procname = "tcp_reordering", 537 .data = &sysctl_tcp_reordering, 538 .maxlen = sizeof(int), 539 .mode = 0644, 540 .proc_handler = proc_dointvec 541 }, 542 { 543 .procname = "tcp_dsack", 544 .data = &sysctl_tcp_dsack, 545 .maxlen = sizeof(int), 546 .mode = 0644, 547 .proc_handler = proc_dointvec 548 }, 549 { 550 .procname = "tcp_wmem", 551 .data = &sysctl_tcp_wmem, 552 .maxlen = sizeof(sysctl_tcp_wmem), 553 .mode = 0644, 554 .proc_handler = proc_dointvec_minmax, 555 .extra1 = &one, 556 }, 557 { 558 .procname = "tcp_rmem", 559 .data = &sysctl_tcp_rmem, 560 .maxlen = sizeof(sysctl_tcp_rmem), 561 .mode = 0644, 562 .proc_handler = proc_dointvec_minmax, 563 .extra1 = &one, 564 }, 565 { 566 .procname = "tcp_app_win", 567 .data = &sysctl_tcp_app_win, 568 .maxlen = sizeof(int), 569 .mode = 0644, 570 .proc_handler = proc_dointvec 571 }, 572 { 573 .procname = "tcp_adv_win_scale", 574 .data = &sysctl_tcp_adv_win_scale, 575 .maxlen = sizeof(int), 576 .mode = 0644, 577 .proc_handler = proc_dointvec_minmax, 578 .extra1 = &tcp_adv_win_scale_min, 579 .extra2 = &tcp_adv_win_scale_max, 580 }, 581 { 582 .procname = "tcp_tw_reuse", 583 .data = &sysctl_tcp_tw_reuse, 584 .maxlen = sizeof(int), 585 .mode = 0644, 586 .proc_handler = proc_dointvec 587 }, 588 { 589 .procname = "tcp_frto", 590 .data = &sysctl_tcp_frto, 591 .maxlen = sizeof(int), 592 .mode = 0644, 593 .proc_handler = proc_dointvec 594 }, 595 { 596 .procname = "tcp_low_latency", 597 .data = &sysctl_tcp_low_latency, 598 .maxlen = sizeof(int), 599 .mode = 0644, 600 .proc_handler = proc_dointvec 601 }, 602 { 603 .procname = "tcp_no_metrics_save", 604 .data = &sysctl_tcp_nometrics_save, 605 .maxlen = sizeof(int), 606 .mode = 0644, 607 .proc_handler = proc_dointvec, 608 }, 609 { 610 .procname = "tcp_moderate_rcvbuf", 611 .data = &sysctl_tcp_moderate_rcvbuf, 612 .maxlen = sizeof(int), 613 .mode = 0644, 614 .proc_handler = proc_dointvec, 615 }, 616 { 617 .procname = "tcp_tso_win_divisor", 618 .data = &sysctl_tcp_tso_win_divisor, 619 .maxlen = sizeof(int), 620 .mode = 0644, 621 .proc_handler = proc_dointvec, 622 }, 623 { 624 .procname = "tcp_congestion_control", 625 .mode = 0644, 626 .maxlen = TCP_CA_NAME_MAX, 627 .proc_handler = proc_tcp_congestion_control, 628 }, 629 { 630 .procname = "tcp_mtu_probing", 631 .data = &sysctl_tcp_mtu_probing, 632 .maxlen = sizeof(int), 633 .mode = 0644, 634 .proc_handler = proc_dointvec, 635 }, 636 { 637 .procname = "tcp_base_mss", 638 .data = &sysctl_tcp_base_mss, 639 .maxlen = sizeof(int), 640 .mode = 0644, 641 .proc_handler = proc_dointvec, 642 }, 643 { 644 .procname = "tcp_workaround_signed_windows", 645 .data = &sysctl_tcp_workaround_signed_windows, 646 .maxlen = sizeof(int), 647 .mode = 0644, 648 .proc_handler = proc_dointvec 649 }, 650 { 651 .procname = "tcp_limit_output_bytes", 652 .data = &sysctl_tcp_limit_output_bytes, 653 .maxlen = sizeof(int), 654 .mode = 0644, 655 .proc_handler = proc_dointvec 656 }, 657 { 658 .procname = "tcp_challenge_ack_limit", 659 .data = &sysctl_tcp_challenge_ack_limit, 660 .maxlen = sizeof(int), 661 .mode = 0644, 662 .proc_handler = proc_dointvec 663 }, 664 #ifdef CONFIG_NET_DMA 665 { 666 .procname = "tcp_dma_copybreak", 667 .data = &sysctl_tcp_dma_copybreak, 668 .maxlen = sizeof(int), 669 .mode = 0644, 670 .proc_handler = proc_dointvec 671 }, 672 #endif 673 { 674 .procname = "tcp_slow_start_after_idle", 675 .data = &sysctl_tcp_slow_start_after_idle, 676 .maxlen = sizeof(int), 677 .mode = 0644, 678 .proc_handler = proc_dointvec 679 }, 680 #ifdef CONFIG_NETLABEL 681 { 682 .procname = "cipso_cache_enable", 683 .data = &cipso_v4_cache_enabled, 684 .maxlen = sizeof(int), 685 .mode = 0644, 686 .proc_handler = proc_dointvec, 687 }, 688 { 689 .procname = "cipso_cache_bucket_size", 690 .data = &cipso_v4_cache_bucketsize, 691 .maxlen = sizeof(int), 692 .mode = 0644, 693 .proc_handler = proc_dointvec, 694 }, 695 { 696 .procname = "cipso_rbm_optfmt", 697 .data = &cipso_v4_rbm_optfmt, 698 .maxlen = sizeof(int), 699 .mode = 0644, 700 .proc_handler = proc_dointvec, 701 }, 702 { 703 .procname = "cipso_rbm_strictvalid", 704 .data = &cipso_v4_rbm_strictvalid, 705 .maxlen = sizeof(int), 706 .mode = 0644, 707 .proc_handler = proc_dointvec, 708 }, 709 #endif /* CONFIG_NETLABEL */ 710 { 711 .procname = "tcp_available_congestion_control", 712 .maxlen = TCP_CA_BUF_MAX, 713 .mode = 0444, 714 .proc_handler = proc_tcp_available_congestion_control, 715 }, 716 { 717 .procname = "tcp_allowed_congestion_control", 718 .maxlen = TCP_CA_BUF_MAX, 719 .mode = 0644, 720 .proc_handler = proc_allowed_congestion_control, 721 }, 722 { 723 .procname = "tcp_max_ssthresh", 724 .data = &sysctl_tcp_max_ssthresh, 725 .maxlen = sizeof(int), 726 .mode = 0644, 727 .proc_handler = proc_dointvec, 728 }, 729 { 730 .procname = "tcp_thin_linear_timeouts", 731 .data = &sysctl_tcp_thin_linear_timeouts, 732 .maxlen = sizeof(int), 733 .mode = 0644, 734 .proc_handler = proc_dointvec 735 }, 736 { 737 .procname = "tcp_thin_dupack", 738 .data = &sysctl_tcp_thin_dupack, 739 .maxlen = sizeof(int), 740 .mode = 0644, 741 .proc_handler = proc_dointvec 742 }, 743 { 744 .procname = "tcp_early_retrans", 745 .data = &sysctl_tcp_early_retrans, 746 .maxlen = sizeof(int), 747 .mode = 0644, 748 .proc_handler = proc_dointvec_minmax, 749 .extra1 = &zero, 750 .extra2 = &four, 751 }, 752 { 753 .procname = "udp_mem", 754 .data = &sysctl_udp_mem, 755 .maxlen = sizeof(sysctl_udp_mem), 756 .mode = 0644, 757 .proc_handler = proc_doulongvec_minmax, 758 }, 759 { 760 .procname = "udp_rmem_min", 761 .data = &sysctl_udp_rmem_min, 762 .maxlen = sizeof(sysctl_udp_rmem_min), 763 .mode = 0644, 764 .proc_handler = proc_dointvec_minmax, 765 .extra1 = &one 766 }, 767 { 768 .procname = "udp_wmem_min", 769 .data = &sysctl_udp_wmem_min, 770 .maxlen = sizeof(sysctl_udp_wmem_min), 771 .mode = 0644, 772 .proc_handler = proc_dointvec_minmax, 773 .extra1 = &one 774 }, 775 { } 776 }; 777 778 static struct ctl_table ipv4_net_table[] = { 779 { 780 .procname = "icmp_echo_ignore_all", 781 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 782 .maxlen = sizeof(int), 783 .mode = 0644, 784 .proc_handler = proc_dointvec 785 }, 786 { 787 .procname = "icmp_echo_ignore_broadcasts", 788 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 789 .maxlen = sizeof(int), 790 .mode = 0644, 791 .proc_handler = proc_dointvec 792 }, 793 { 794 .procname = "icmp_ignore_bogus_error_responses", 795 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 796 .maxlen = sizeof(int), 797 .mode = 0644, 798 .proc_handler = proc_dointvec 799 }, 800 { 801 .procname = "icmp_errors_use_inbound_ifaddr", 802 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 803 .maxlen = sizeof(int), 804 .mode = 0644, 805 .proc_handler = proc_dointvec 806 }, 807 { 808 .procname = "icmp_ratelimit", 809 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 810 .maxlen = sizeof(int), 811 .mode = 0644, 812 .proc_handler = proc_dointvec_ms_jiffies, 813 }, 814 { 815 .procname = "icmp_ratemask", 816 .data = &init_net.ipv4.sysctl_icmp_ratemask, 817 .maxlen = sizeof(int), 818 .mode = 0644, 819 .proc_handler = proc_dointvec 820 }, 821 { 822 .procname = "ping_group_range", 823 .data = &init_net.ipv4.sysctl_ping_group_range, 824 .maxlen = sizeof(gid_t)*2, 825 .mode = 0644, 826 .proc_handler = ipv4_ping_group_range, 827 }, 828 { 829 .procname = "tcp_ecn", 830 .data = &init_net.ipv4.sysctl_tcp_ecn, 831 .maxlen = sizeof(int), 832 .mode = 0644, 833 .proc_handler = proc_dointvec 834 }, 835 { 836 .procname = "tcp_mem", 837 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem), 838 .mode = 0644, 839 .proc_handler = ipv4_tcp_mem, 840 }, 841 { } 842 }; 843 844 static __net_init int ipv4_sysctl_init_net(struct net *net) 845 { 846 struct ctl_table *table; 847 848 table = ipv4_net_table; 849 if (!net_eq(net, &init_net)) { 850 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 851 if (table == NULL) 852 goto err_alloc; 853 854 table[0].data = 855 &net->ipv4.sysctl_icmp_echo_ignore_all; 856 table[1].data = 857 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; 858 table[2].data = 859 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; 860 table[3].data = 861 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; 862 table[4].data = 863 &net->ipv4.sysctl_icmp_ratelimit; 864 table[5].data = 865 &net->ipv4.sysctl_icmp_ratemask; 866 table[6].data = 867 &net->ipv4.sysctl_ping_group_range; 868 table[7].data = 869 &net->ipv4.sysctl_tcp_ecn; 870 871 /* Don't export sysctls to unprivileged users */ 872 if (net->user_ns != &init_user_ns) 873 table[0].procname = NULL; 874 } 875 876 /* 877 * Sane defaults - nobody may create ping sockets. 878 * Boot scripts should set this to distro-specific group. 879 */ 880 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1); 881 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0); 882 883 tcp_init_mem(net); 884 885 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 886 if (net->ipv4.ipv4_hdr == NULL) 887 goto err_reg; 888 889 return 0; 890 891 err_reg: 892 if (!net_eq(net, &init_net)) 893 kfree(table); 894 err_alloc: 895 return -ENOMEM; 896 } 897 898 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 899 { 900 struct ctl_table *table; 901 902 table = net->ipv4.ipv4_hdr->ctl_table_arg; 903 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 904 kfree(table); 905 } 906 907 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 908 .init = ipv4_sysctl_init_net, 909 .exit = ipv4_sysctl_exit_net, 910 }; 911 912 static __init int sysctl_ipv4_init(void) 913 { 914 struct ctl_table_header *hdr; 915 struct ctl_table *i; 916 917 for (i = ipv4_table; i->procname; i++) { 918 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { 919 i->data = sysctl_local_reserved_ports; 920 break; 921 } 922 } 923 if (!i->procname) 924 return -EINVAL; 925 926 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 927 if (hdr == NULL) 928 return -ENOMEM; 929 930 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 931 unregister_net_sysctl_table(hdr); 932 return -ENOMEM; 933 } 934 935 return 0; 936 } 937 938 __initcall(sysctl_ipv4_init); 939