sysctl_net_ipv4.c source code [linux/net/ipv4/sysctl_net_ipv4.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
4	*
5	* Begun April 1, 1996, Mike Shaver.
6	* Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
7	*/
8
9	#include <linux/mm.h>
10	#include <linux/module.h>
11	#include <linux/sysctl.h>
12	#include <linux/igmp.h>
13	#include <linux/inetdevice.h>
14	#include <linux/seqlock.h>
15	#include <linux/init.h>
16	#include <linux/slab.h>
17	#include <linux/nsproxy.h>
18	#include <linux/swap.h>
19	#include <net/snmp.h>
20	#include <net/icmp.h>
21	#include <net/ip.h>
22	#include <net/route.h>
23	#include <net/tcp.h>
24	#include <net/udp.h>
25	#include <net/cipso_ipv4.h>
26	#include <net/inet_frag.h>
27	#include <net/ping.h>
28	#include <net/protocol.h>
29	#include <net/netevent.h>
30
31	static int zero;
32	static int one = `1`;
33	static int two = `2`;
34	static int four = `4`;
35	static int thousand = `1000`;
36	static int gso_max_segs = GSO_MAX_SEGS;
37	static int tcp_retr1_max = `255`;
38	static int ip_local_port_range_min[] = { `1`, `1` };
39	static int ip_local_port_range_max[] = { `65535`, `65535` };
40	static int tcp_adv_win_scale_min = -`31`;
41	static int tcp_adv_win_scale_max = `31`;
42	static int ip_privileged_port_min;
43	static int ip_privileged_port_max = `65535`;
44	static int ip_ttl_min = `1`;
45	static int ip_ttl_max = `255`;
46	static int tcp_syn_retries_min = `1`;
47	static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
48	static int ip_ping_group_range_min[] = { `0`, `0` };
49	static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
50	static int comp_sack_nr_max = `255`;
51	static u32 u32_max_div_HZ = UINT_MAX / HZ;
52
53	/ obsolete /
54	static int sysctl_tcp_low_latency __read_mostly;
55
56	/ Update system visible IP port range /
57	static void set_local_port_range(struct net net, int* range[`2`])
58	{
59	bool same_parity = !((range[`0`] ^ range[`1`]) & `1`);
60
61	write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
62	if (same_parity && !net->ipv4.ip_local_ports.warned) {
63	net->ipv4.ip_local_ports.warned = true;
64	pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
65	}
66	net->ipv4.ip_local_ports.range[`0`] = range[`0`];
67	net->ipv4.ip_local_ports.range[`1`] = range[`1`];
68	write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
69	}
70
71	/ Validate changes from /proc interface. /
72	static int ipv4_local_port_range(struct ctl_table table, int* write,
73	void __user *buffer,
74	size_t lenp, loff_t ppos)
75	{
76	struct net *net =
77	container_of(table->data, struct net, ipv4.ip_local_ports.range);
78	int ret;
79	int range[`2`];
80	struct ctl_table tmp = {
81	.data = &range,
82	.maxlen = sizeof(range),
83	.mode = table->mode,
84	.extra1 = &ip_local_port_range_min,
85	.extra2 = &ip_local_port_range_max,
86	};
87
88	inet_get_local_port_range(net, &range[`0`], &range[`1`]);
89
90	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
91
92	if (write && ret == `0`) {
93	/ Ensure that the upper limit is not smaller than the lower,*
94	* and that the lower does not encroach upon the privileged
95	* port limit.
96	*/
97	if ((range[`1`] < range[`0`]) \|\|
98	(range[`0`] < net->ipv4.sysctl_ip_prot_sock))
99	ret = -EINVAL;
100	else
101	set_local_port_range(net, range);
102	}
103
104	return ret;
105	}
106
107	/ Validate changes from /proc interface. /
108	static int ipv4_privileged_ports(struct ctl_table table, int* write,
109	void __user buffer, size_t lenp, loff_t *ppos)
110	{
111	struct net net = container_of(table->data, struct* net,
112	ipv4.sysctl_ip_prot_sock);
113	int ret;
114	int pports;
115	int range[`2`];
116	struct ctl_table tmp = {
117	.data = &pports,
118	.maxlen = sizeof(pports),
119	.mode = table->mode,
120	.extra1 = &ip_privileged_port_min,
121	.extra2 = &ip_privileged_port_max,
122	};
123
124	pports = net->ipv4.sysctl_ip_prot_sock;
125
126	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
127
128	if (write && ret == `0`) {
129	inet_get_local_port_range(net, &range[`0`], &range[`1`]);
130	/ Ensure that the local port range doesn't overlap with the*
131	* privileged port range.
132	*/
133	if (range[`0`] < pports)
134	ret = -EINVAL;
135	else
136	net->ipv4.sysctl_ip_prot_sock = pports;
137	}
138
139	return ret;
140	}
141
142	static void inet_get_ping_group_range_table(struct ctl_table table, kgid_t low, kgid_t *high)
143	{
144	kgid_t *data = table->data;
145	struct net *net =
146	container_of(table->data, struct net, ipv4.ping_group_range.range);
147	unsigned int seq;
148	do {
149	seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
150
151	*low = data[`0`];
152	*high = data[`1`];
153	} while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
154	}
155
156	/ Update system visible IP port range /
157	static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
158	{
159	kgid_t *data = table->data;
160	struct net *net =
161	container_of(table->data, struct net, ipv4.ping_group_range.range);
162	write_seqlock(&net->ipv4.ping_group_range.lock);
163	data[`0`] = low;
164	data[`1`] = high;
165	write_sequnlock(&net->ipv4.ping_group_range.lock);
166	}
167
168	/ Validate changes from /proc interface. /
169	static int ipv4_ping_group_range(struct ctl_table table, int* write,
170	void __user *buffer,
171	size_t lenp, loff_t ppos)
172	{
173	struct user_namespace *user_ns = current_user_ns();
174	int ret;
175	gid_t urange[`2`];
176	kgid_t low, high;
177	struct ctl_table tmp = {
178	.data = &urange,
179	.maxlen = sizeof(urange),
180	.mode = table->mode,
181	.extra1 = &ip_ping_group_range_min,
182	.extra2 = &ip_ping_group_range_max,
183	};
184
185	inet_get_ping_group_range_table(table, &low, &high);
186	urange[`0`] = from_kgid_munged(user_ns, low);
187	urange[`1`] = from_kgid_munged(user_ns, high);
188	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
189
190	if (write && ret == `0`) {
191	low = make_kgid(user_ns, urange[`0`]);
192	high = make_kgid(user_ns, urange[`1`]);
193	if (!gid_valid(low) \|\| !gid_valid(high))
194	return -EINVAL;
195	if (urange[`1`] < urange[`0`] \|\| gid_lt(high, low)) {
196	low = make_kgid(&init_user_ns, `1`);
197	high = make_kgid(&init_user_ns, `0`);
198	}
199	set_ping_group_range(table, low, high);
200	}
201
202	return ret;
203	}
204
205	static int ipv4_fwd_update_priority(struct ctl_table table, int* write,
206	void __user *buffer,
207	size_t lenp, loff_t ppos)
208	{
209	struct net *net;
210	int ret;
211
212	net = container_of(table->data, struct net,
213	ipv4.sysctl_ip_fwd_update_priority);
214	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
215	if (write && ret == `0`)
216	call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
217	net);
218
219	return ret;
220	}
221
222	static int proc_tcp_congestion_control(struct ctl_table ctl, int* write,
223	void __user buffer, size_t lenp, loff_t *ppos)
224	{
225	struct net net = container_of(ctl->data, struct* net,
226	ipv4.tcp_congestion_control);
227	char val[TCP_CA_NAME_MAX];
228	struct ctl_table tbl = {
229	.data = val,
230	.maxlen = TCP_CA_NAME_MAX,
231	};
232	int ret;
233
234	tcp_get_default_congestion_control(net, val);
235
236	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
237	if (write && ret == `0`)
238	ret = tcp_set_default_congestion_control(net, val);
239	return ret;
240	}
241
242	static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
243	int write,
244	void __user buffer, size_t lenp,
245	loff_t *ppos)
246	{
247	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
248	int ret;
249
250	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
251	if (!tbl.data)
252	return -ENOMEM;
253	tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
254	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
255	kfree(tbl.data);
256	return ret;
257	}
258
259	static int proc_allowed_congestion_control(struct ctl_table *ctl,
260	int write,
261	void __user buffer, size_t lenp,
262	loff_t *ppos)
263	{
264	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
265	int ret;
266
267	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
268	if (!tbl.data)
269	return -ENOMEM;
270
271	tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
272	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
273	if (write && ret == `0`)
274	ret = tcp_set_allowed_congestion_control(tbl.data);
275	kfree(tbl.data);
276	return ret;
277	}
278
279	static int proc_tcp_fastopen_key(struct ctl_table table, int* write,
280	void __user buffer, size_t lenp,
281	loff_t *ppos)
282	{
283	struct net net = container_of(table->data, struct* net,
284	ipv4.sysctl_tcp_fastopen);
285	struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * `2` + `10`) };
286	struct tcp_fastopen_context *ctxt;
287	u32 user_key[`4`]; / 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH /
288	__le32 key[`4`];
289	int ret, i;
290
291	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
292	if (!tbl.data)
293	return -ENOMEM;
294
295	rcu_read_lock();
296	ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
297	if (ctxt)
298	memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
299	else
300	memset(key, `0`, sizeof(key));
301	rcu_read_unlock();
302
303	for (i = `0`; i < ARRAY_SIZE(key); i++)
304	user_key[i] = le32_to_cpu(key[i]);
305
306	snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
307	user_key[`0`], user_key[`1`], user_key[`2`], user_key[`3`]);
308	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
309
310	if (write && ret == `0`) {
311	if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + `1`,
312	user_key + `2`, user_key + `3`) != `4`) {
313	ret = -EINVAL;
314	goto bad_key;
315	}
316
317	for (i = `0`; i < ARRAY_SIZE(user_key); i++)
318	key[i] = cpu_to_le32(user_key[i]);
319
320	tcp_fastopen_reset_cipher(net, NULL, key,
321	TCP_FASTOPEN_KEY_LENGTH);
322	}
323
324	bad_key:
325	pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
326	user_key[`0`], user_key[`1`], user_key[`2`], user_key[`3`],
327	(char *)tbl.data, ret);
328	kfree(tbl.data);
329	return ret;
330	}
331
332	static void proc_configure_early_demux(int enabled, int protocol)
333	{
334	struct net_protocol *ipprot;
335	#if IS_ENABLED(CONFIG_IPV6)
336	struct inet6_protocol *ip6prot;
337	#endif
338
339	rcu_read_lock();
340
341	ipprot = rcu_dereference(inet_protos[protocol]);
342	if (ipprot)
343	ipprot->early_demux = enabled ? ipprot->early_demux_handler :
344	NULL;
345
346	#if IS_ENABLED(CONFIG_IPV6)
347	ip6prot = rcu_dereference(inet6_protos[protocol]);
348	if (ip6prot)
349	ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
350	NULL;
351	#endif
352	rcu_read_unlock();
353	}
354
355	static int proc_tcp_early_demux(struct ctl_table table, int* write,
356	void __user buffer, size_t lenp, loff_t *ppos)
357	{
358	int ret = `0`;
359
360	ret = proc_dointvec(table, write, buffer, lenp, ppos);
361
362	if (write && !ret) {
363	int enabled = init_net.ipv4.sysctl_tcp_early_demux;
364
365	proc_configure_early_demux(enabled, IPPROTO_TCP);
366	}
367
368	return ret;
369	}
370
371	static int proc_udp_early_demux(struct ctl_table table, int* write,
372	void __user buffer, size_t lenp, loff_t *ppos)
373	{
374	int ret = `0`;
375
376	ret = proc_dointvec(table, write, buffer, lenp, ppos);
377
378	if (write && !ret) {
379	int enabled = init_net.ipv4.sysctl_udp_early_demux;
380
381	proc_configure_early_demux(enabled, IPPROTO_UDP);
382	}
383
384	return ret;
385	}
386
387	static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
388	int write,
389	void __user *buffer,
390	size_t lenp, loff_t ppos)
391	{
392	struct net net = container_of(table->data, struct* net,
393	ipv4.sysctl_tcp_fastopen_blackhole_timeout);
394	int ret;
395
396	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
397	if (write && ret == `0`)
398	atomic_set(&net->ipv4.tfo_active_disable_times, `0`);
399
400	return ret;
401	}
402
403	static int proc_tcp_available_ulp(struct ctl_table *ctl,
404	int write,
405	void __user buffer, size_t lenp,
406	loff_t *ppos)
407	{
408	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
409	int ret;
410
411	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
412	if (!tbl.data)
413	return -ENOMEM;
414	tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
415	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
416	kfree(tbl.data);
417
418	return ret;
419	}
420
421	#ifdef CONFIG_IP_ROUTE_MULTIPATH
422	static int proc_fib_multipath_hash_policy(struct ctl_table table, int* write,
423	void __user buffer, size_t lenp,
424	loff_t *ppos)
425	{
426	struct net net = container_of(table->data, struct* net,
427	ipv4.sysctl_fib_multipath_hash_policy);
428	int ret;
429
430	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
431	if (write && ret == `0`)
432	call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
433
434	return ret;
435	}
436	#endif
437
438	static struct ctl_table ipv4_table[] = {
439	{
440	.procname = "tcp_max_orphans",
441	.data = &sysctl_tcp_max_orphans,
442	.maxlen = sizeof(int),
443	.mode = `0644`,
444	.proc_handler = proc_dointvec
445	},
446	{
447	.procname = "inet_peer_threshold",
448	.data = &inet_peer_threshold,
449	.maxlen = sizeof(int),
450	.mode = `0644`,
451	.proc_handler = proc_dointvec
452	},
453	{
454	.procname = "inet_peer_minttl",
455	.data = &inet_peer_minttl,
456	.maxlen = sizeof(int),
457	.mode = `0644`,
458	.proc_handler = proc_dointvec_jiffies,
459	},
460	{
461	.procname = "inet_peer_maxttl",
462	.data = &inet_peer_maxttl,
463	.maxlen = sizeof(int),
464	.mode = `0644`,
465	.proc_handler = proc_dointvec_jiffies,
466	},
467	{
468	.procname = "tcp_mem",
469	.maxlen = sizeof(sysctl_tcp_mem),
470	.data = &sysctl_tcp_mem,
471	.mode = `0644`,
472	.proc_handler = proc_doulongvec_minmax,
473	},
474	{
475	.procname = "tcp_low_latency",
476	.data = &sysctl_tcp_low_latency,
477	.maxlen = sizeof(int),
478	.mode = `0644`,
479	.proc_handler = proc_dointvec
480	},
481	#ifdef CONFIG_NETLABEL
482	{
483	.procname = "cipso_cache_enable",
484	.data = &cipso_v4_cache_enabled,
485	.maxlen = sizeof(int),
486	.mode = `0644`,
487	.proc_handler = proc_dointvec,
488	},
489	{
490	.procname = "cipso_cache_bucket_size",
491	.data = &cipso_v4_cache_bucketsize,
492	.maxlen = sizeof(int),
493	.mode = `0644`,
494	.proc_handler = proc_dointvec,
495	},
496	{
497	.procname = "cipso_rbm_optfmt",
498	.data = &cipso_v4_rbm_optfmt,
499	.maxlen = sizeof(int),
500	.mode = `0644`,
501	.proc_handler = proc_dointvec,
502	},
503	{
504	.procname = "cipso_rbm_strictvalid",
505	.data = &cipso_v4_rbm_strictvalid,
506	.maxlen = sizeof(int),
507	.mode = `0644`,
508	.proc_handler = proc_dointvec,
509	},
510	#endif /* CONFIG_NETLABEL */
511	{
512	.procname = "tcp_available_congestion_control",
513	.maxlen = TCP_CA_BUF_MAX,
514	.mode = `0444`,
515	.proc_handler = proc_tcp_available_congestion_control,
516	},
517	{
518	.procname = "tcp_allowed_congestion_control",
519	.maxlen = TCP_CA_BUF_MAX,
520	.mode = `0644`,
521	.proc_handler = proc_allowed_congestion_control,
522	},
523	{
524	.procname = "tcp_available_ulp",
525	.maxlen = TCP_ULP_BUF_MAX,
526	.mode = `0444`,
527	.proc_handler = proc_tcp_available_ulp,
528	},
529	{
530	.procname = "icmp_msgs_per_sec",
531	.data = &sysctl_icmp_msgs_per_sec,
532	.maxlen = sizeof(int),
533	.mode = `0644`,
534	.proc_handler = proc_dointvec_minmax,
535	.extra1 = &zero,
536	},
537	{
538	.procname = "icmp_msgs_burst",
539	.data = &sysctl_icmp_msgs_burst,
540	.maxlen = sizeof(int),
541	.mode = `0644`,
542	.proc_handler = proc_dointvec_minmax,
543	.extra1 = &zero,
544	},
545	{
546	.procname = "udp_mem",
547	.data = &sysctl_udp_mem,
548	.maxlen = sizeof(sysctl_udp_mem),
549	.mode = `0644`,
550	.proc_handler = proc_doulongvec_minmax,
551	},
552	{ }
553	};
554
555	static struct ctl_table ipv4_net_table[] = {
556	{
557	.procname = "icmp_echo_ignore_all",
558	.data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
559	.maxlen = sizeof(int),
560	.mode = `0644`,
561	.proc_handler = proc_dointvec
562	},
563	{
564	.procname = "icmp_echo_ignore_broadcasts",
565	.data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
566	.maxlen = sizeof(int),
567	.mode = `0644`,
568	.proc_handler = proc_dointvec
569	},
570	{
571	.procname = "icmp_ignore_bogus_error_responses",
572	.data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
573	.maxlen = sizeof(int),
574	.mode = `0644`,
575	.proc_handler = proc_dointvec
576	},
577	{
578	.procname = "icmp_errors_use_inbound_ifaddr",
579	.data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
580	.maxlen = sizeof(int),
581	.mode = `0644`,
582	.proc_handler = proc_dointvec
583	},
584	{
585	.procname = "icmp_ratelimit",
586	.data = &init_net.ipv4.sysctl_icmp_ratelimit,
587	.maxlen = sizeof(int),
588	.mode = `0644`,
589	.proc_handler = proc_dointvec_ms_jiffies,
590	},
591	{
592	.procname = "icmp_ratemask",
593	.data = &init_net.ipv4.sysctl_icmp_ratemask,
594	.maxlen = sizeof(int),
595	.mode = `0644`,
596	.proc_handler = proc_dointvec
597	},
598	{
599	.procname = "ping_group_range",
600	.data = &init_net.ipv4.ping_group_range.range,
601	.maxlen = sizeof(gid_t)*`2`,
602	.mode = `0644`,
603	.proc_handler = ipv4_ping_group_range,
604	},
605	#ifdef CONFIG_NET_L3_MASTER_DEV
606	{
607	.procname = "raw_l3mdev_accept",
608	.data = &init_net.ipv4.sysctl_raw_l3mdev_accept,
609	.maxlen = sizeof(int),
610	.mode = `0644`,
611	.proc_handler = proc_dointvec_minmax,
612	.extra1 = &zero,
613	.extra2 = &one,
614	},
615	#endif
616	{
617	.procname = "tcp_ecn",
618	.data = &init_net.ipv4.sysctl_tcp_ecn,
619	.maxlen = sizeof(int),
620	.mode = `0644`,
621	.proc_handler = proc_dointvec
622	},
623	{
624	.procname = "tcp_ecn_fallback",
625	.data = &init_net.ipv4.sysctl_tcp_ecn_fallback,
626	.maxlen = sizeof(int),
627	.mode = `0644`,
628	.proc_handler = proc_dointvec
629	},
630	{
631	.procname = "ip_dynaddr",
632	.data = &init_net.ipv4.sysctl_ip_dynaddr,
633	.maxlen = sizeof(int),
634	.mode = `0644`,
635	.proc_handler = proc_dointvec
636	},
637	{
638	.procname = "ip_early_demux",
639	.data = &init_net.ipv4.sysctl_ip_early_demux,
640	.maxlen = sizeof(int),
641	.mode = `0644`,
642	.proc_handler = proc_dointvec
643	},
644	{
645	.procname = "udp_early_demux",
646	.data = &init_net.ipv4.sysctl_udp_early_demux,
647	.maxlen = sizeof(int),
648	.mode = `0644`,
649	.proc_handler = proc_udp_early_demux
650	},
651	{
652	.procname = "tcp_early_demux",
653	.data = &init_net.ipv4.sysctl_tcp_early_demux,
654	.maxlen = sizeof(int),
655	.mode = `0644`,
656	.proc_handler = proc_tcp_early_demux
657	},
658	{
659	.procname = "ip_default_ttl",
660	.data = &init_net.ipv4.sysctl_ip_default_ttl,
661	.maxlen = sizeof(int),
662	.mode = `0644`,
663	.proc_handler = proc_dointvec_minmax,
664	.extra1 = &ip_ttl_min,
665	.extra2 = &ip_ttl_max,
666	},
667	{
668	.procname = "ip_local_port_range",
669	.maxlen = sizeof(init_net.ipv4.ip_local_ports.range),
670	.data = &init_net.ipv4.ip_local_ports.range,
671	.mode = `0644`,
672	.proc_handler = ipv4_local_port_range,
673	},
674	{
675	.procname = "ip_local_reserved_ports",
676	.data = &init_net.ipv4.sysctl_local_reserved_ports,
677	.maxlen = `65536`,
678	.mode = `0644`,
679	.proc_handler = proc_do_large_bitmap,
680	},
681	{
682	.procname = "ip_no_pmtu_disc",
683	.data = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
684	.maxlen = sizeof(int),
685	.mode = `0644`,
686	.proc_handler = proc_dointvec
687	},
688	{
689	.procname = "ip_forward_use_pmtu",
690	.data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
691	.maxlen = sizeof(int),
692	.mode = `0644`,
693	.proc_handler = proc_dointvec,
694	},
695	{
696	.procname = "ip_forward_update_priority",
697	.data = &init_net.ipv4.sysctl_ip_fwd_update_priority,
698	.maxlen = sizeof(int),
699	.mode = `0644`,
700	.proc_handler = ipv4_fwd_update_priority,
701	.extra1 = &zero,
702	.extra2 = &one,
703	},
704	{
705	.procname = "ip_nonlocal_bind",
706	.data = &init_net.ipv4.sysctl_ip_nonlocal_bind,
707	.maxlen = sizeof(int),
708	.mode = `0644`,
709	.proc_handler = proc_dointvec
710	},
711	{
712	.procname = "fwmark_reflect",
713	.data = &init_net.ipv4.sysctl_fwmark_reflect,
714	.maxlen = sizeof(int),
715	.mode = `0644`,
716	.proc_handler = proc_dointvec,
717	},
718	{
719	.procname = "tcp_fwmark_accept",
720	.data = &init_net.ipv4.sysctl_tcp_fwmark_accept,
721	.maxlen = sizeof(int),
722	.mode = `0644`,
723	.proc_handler = proc_dointvec,
724	},
725	#ifdef CONFIG_NET_L3_MASTER_DEV
726	{
727	.procname = "tcp_l3mdev_accept",
728	.data = &init_net.ipv4.sysctl_tcp_l3mdev_accept,
729	.maxlen = sizeof(int),
730	.mode = `0644`,
731	.proc_handler = proc_dointvec_minmax,
732	.extra1 = &zero,
733	.extra2 = &one,
734	},
735	#endif
736	{
737	.procname = "tcp_mtu_probing",
738	.data = &init_net.ipv4.sysctl_tcp_mtu_probing,
739	.maxlen = sizeof(int),
740	.mode = `0644`,
741	.proc_handler = proc_dointvec,
742	},
743	{
744	.procname = "tcp_base_mss",
745	.data = &init_net.ipv4.sysctl_tcp_base_mss,
746	.maxlen = sizeof(int),
747	.mode = `0644`,
748	.proc_handler = proc_dointvec,
749	},
750	{
751	.procname = "tcp_probe_threshold",
752	.data = &init_net.ipv4.sysctl_tcp_probe_threshold,
753	.maxlen = sizeof(int),
754	.mode = `0644`,
755	.proc_handler = proc_dointvec,
756	},
757	{
758	.procname = "tcp_probe_interval",
759	.data = &init_net.ipv4.sysctl_tcp_probe_interval,
760	.maxlen = sizeof(u32),
761	.mode = `0644`,
762	.proc_handler = proc_douintvec_minmax,
763	.extra2 = &u32_max_div_HZ,
764	},
765	{
766	.procname = "igmp_link_local_mcast_reports",
767	.data = &init_net.ipv4.sysctl_igmp_llm_reports,
768	.maxlen = sizeof(int),
769	.mode = `0644`,
770	.proc_handler = proc_dointvec
771	},
772	{
773	.procname = "igmp_max_memberships",
774	.data = &init_net.ipv4.sysctl_igmp_max_memberships,
775	.maxlen = sizeof(int),
776	.mode = `0644`,
777	.proc_handler = proc_dointvec
778	},
779	{
780	.procname = "igmp_max_msf",
781	.data = &init_net.ipv4.sysctl_igmp_max_msf,
782	.maxlen = sizeof(int),
783	.mode = `0644`,
784	.proc_handler = proc_dointvec
785	},
786	#ifdef CONFIG_IP_MULTICAST
787	{
788	.procname = "igmp_qrv",
789	.data = &init_net.ipv4.sysctl_igmp_qrv,
790	.maxlen = sizeof(int),
791	.mode = `0644`,
792	.proc_handler = proc_dointvec_minmax,
793	.extra1 = &one
794	},
795	#endif
796	{
797	.procname = "tcp_congestion_control",
798	.data = &init_net.ipv4.tcp_congestion_control,
799	.mode = `0644`,
800	.maxlen = TCP_CA_NAME_MAX,
801	.proc_handler = proc_tcp_congestion_control,
802	},
803	{
804	.procname = "tcp_keepalive_time",
805	.data = &init_net.ipv4.sysctl_tcp_keepalive_time,
806	.maxlen = sizeof(int),
807	.mode = `0644`,
808	.proc_handler = proc_dointvec_jiffies,
809	},
810	{
811	.procname = "tcp_keepalive_probes",
812	.data = &init_net.ipv4.sysctl_tcp_keepalive_probes,
813	.maxlen = sizeof(int),
814	.mode = `0644`,
815	.proc_handler = proc_dointvec
816	},
817	{
818	.procname = "tcp_keepalive_intvl",
819	.data = &init_net.ipv4.sysctl_tcp_keepalive_intvl,
820	.maxlen = sizeof(int),
821	.mode = `0644`,
822	.proc_handler = proc_dointvec_jiffies,
823	},
824	{
825	.procname = "tcp_syn_retries",
826	.data = &init_net.ipv4.sysctl_tcp_syn_retries,
827	.maxlen = sizeof(int),
828	.mode = `0644`,
829	.proc_handler = proc_dointvec_minmax,
830	.extra1 = &tcp_syn_retries_min,
831	.extra2 = &tcp_syn_retries_max
832	},
833	{
834	.procname = "tcp_synack_retries",
835	.data = &init_net.ipv4.sysctl_tcp_synack_retries,
836	.maxlen = sizeof(int),
837	.mode = `0644`,
838	.proc_handler = proc_dointvec
839	},
840	#ifdef CONFIG_SYN_COOKIES
841	{
842	.procname = "tcp_syncookies",
843	.data = &init_net.ipv4.sysctl_tcp_syncookies,
844	.maxlen = sizeof(int),
845	.mode = `0644`,
846	.proc_handler = proc_dointvec
847	},
848	#endif
849	{
850	.procname = "tcp_reordering",
851	.data = &init_net.ipv4.sysctl_tcp_reordering,
852	.maxlen = sizeof(int),
853	.mode = `0644`,
854	.proc_handler = proc_dointvec
855	},
856	{
857	.procname = "tcp_retries1",
858	.data = &init_net.ipv4.sysctl_tcp_retries1,
859	.maxlen = sizeof(int),
860	.mode = `0644`,
861	.proc_handler = proc_dointvec_minmax,
862	.extra2 = &tcp_retr1_max
863	},
864	{
865	.procname = "tcp_retries2",
866	.data = &init_net.ipv4.sysctl_tcp_retries2,
867	.maxlen = sizeof(int),
868	.mode = `0644`,
869	.proc_handler = proc_dointvec
870	},
871	{
872	.procname = "tcp_orphan_retries",
873	.data = &init_net.ipv4.sysctl_tcp_orphan_retries,
874	.maxlen = sizeof(int),
875	.mode = `0644`,
876	.proc_handler = proc_dointvec
877	},
878	{
879	.procname = "tcp_fin_timeout",
880	.data = &init_net.ipv4.sysctl_tcp_fin_timeout,
881	.maxlen = sizeof(int),
882	.mode = `0644`,
883	.proc_handler = proc_dointvec_jiffies,
884	},
885	{
886	.procname = "tcp_notsent_lowat",
887	.data = &init_net.ipv4.sysctl_tcp_notsent_lowat,
888	.maxlen = sizeof(unsigned int),
889	.mode = `0644`,
890	.proc_handler = proc_douintvec,
891	},
892	{
893	.procname = "tcp_tw_reuse",
894	.data = &init_net.ipv4.sysctl_tcp_tw_reuse,
895	.maxlen = sizeof(int),
896	.mode = `0644`,
897	.proc_handler = proc_dointvec_minmax,
898	.extra1 = &zero,
899	.extra2 = &two,
900	},
901	{
902	.procname = "tcp_max_tw_buckets",
903	.data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets,
904	.maxlen = sizeof(int),
905	.mode = `0644`,
906	.proc_handler = proc_dointvec
907	},
908	{
909	.procname = "tcp_max_syn_backlog",
910	.data = &init_net.ipv4.sysctl_max_syn_backlog,
911	.maxlen = sizeof(int),
912	.mode = `0644`,
913	.proc_handler = proc_dointvec
914	},
915	{
916	.procname = "tcp_fastopen",
917	.data = &init_net.ipv4.sysctl_tcp_fastopen,
918	.maxlen = sizeof(int),
919	.mode = `0644`,
920	.proc_handler = proc_dointvec,
921	},
922	{
923	.procname = "tcp_fastopen_key",
924	.mode = `0600`,
925	.data = &init_net.ipv4.sysctl_tcp_fastopen,
926	.maxlen = ((TCP_FASTOPEN_KEY_LENGTH * `2`) + `10`),
927	.proc_handler = proc_tcp_fastopen_key,
928	},
929	{
930	.procname = "tcp_fastopen_blackhole_timeout_sec",
931	.data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
932	.maxlen = sizeof(int),
933	.mode = `0644`,
934	.proc_handler = proc_tfo_blackhole_detect_timeout,
935	.extra1 = &zero,
936	},
937	#ifdef CONFIG_IP_ROUTE_MULTIPATH
938	{
939	.procname = "fib_multipath_use_neigh",
940	.data = &init_net.ipv4.sysctl_fib_multipath_use_neigh,
941	.maxlen = sizeof(int),
942	.mode = `0644`,
943	.proc_handler = proc_dointvec_minmax,
944	.extra1 = &zero,
945	.extra2 = &one,
946	},
947	{
948	.procname = "fib_multipath_hash_policy",
949	.data = &init_net.ipv4.sysctl_fib_multipath_hash_policy,
950	.maxlen = sizeof(int),
951	.mode = `0644`,
952	.proc_handler = proc_fib_multipath_hash_policy,
953	.extra1 = &zero,
954	.extra2 = &one,
955	},
956	#endif
957	{
958	.procname = "ip_unprivileged_port_start",
959	.maxlen = sizeof(int),
960	.data = &init_net.ipv4.sysctl_ip_prot_sock,
961	.mode = `0644`,
962	.proc_handler = ipv4_privileged_ports,
963	},
964	#ifdef CONFIG_NET_L3_MASTER_DEV
965	{
966	.procname = "udp_l3mdev_accept",
967	.data = &init_net.ipv4.sysctl_udp_l3mdev_accept,
968	.maxlen = sizeof(int),
969	.mode = `0644`,
970	.proc_handler = proc_dointvec_minmax,
971	.extra1 = &zero,
972	.extra2 = &one,
973	},
974	#endif
975	{
976	.procname = "tcp_sack",
977	.data = &init_net.ipv4.sysctl_tcp_sack,
978	.maxlen = sizeof(int),
979	.mode = `0644`,
980	.proc_handler = proc_dointvec
981	},
982	{
983	.procname = "tcp_window_scaling",
984	.data = &init_net.ipv4.sysctl_tcp_window_scaling,
985	.maxlen = sizeof(int),
986	.mode = `0644`,
987	.proc_handler = proc_dointvec
988	},
989	{
990	.procname = "tcp_timestamps",
991	.data = &init_net.ipv4.sysctl_tcp_timestamps,
992	.maxlen = sizeof(int),
993	.mode = `0644`,
994	.proc_handler = proc_dointvec
995	},
996	{
997	.procname = "tcp_early_retrans",
998	.data = &init_net.ipv4.sysctl_tcp_early_retrans,
999	.maxlen = sizeof(int),
1000	.mode = `0644`,
1001	.proc_handler = proc_dointvec_minmax,
1002	.extra1 = &zero,
1003	.extra2 = &four,
1004	},
1005	{
1006	.procname = "tcp_recovery",
1007	.data = &init_net.ipv4.sysctl_tcp_recovery,
1008	.maxlen = sizeof(int),
1009	.mode = `0644`,
1010	.proc_handler = proc_dointvec,
1011	},
1012	{
1013	.procname = "tcp_thin_linear_timeouts",
1014	.data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1015	.maxlen = sizeof(int),
1016	.mode = `0644`,
1017	.proc_handler = proc_dointvec
1018	},
1019	{
1020	.procname = "tcp_slow_start_after_idle",
1021	.data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1022	.maxlen = sizeof(int),
1023	.mode = `0644`,
1024	.proc_handler = proc_dointvec
1025	},
1026	{
1027	.procname = "tcp_retrans_collapse",
1028	.data = &init_net.ipv4.sysctl_tcp_retrans_collapse,
1029	.maxlen = sizeof(int),
1030	.mode = `0644`,
1031	.proc_handler = proc_dointvec
1032	},
1033	{
1034	.procname = "tcp_stdurg",
1035	.data = &init_net.ipv4.sysctl_tcp_stdurg,
1036	.maxlen = sizeof(int),
1037	.mode = `0644`,
1038	.proc_handler = proc_dointvec
1039	},
1040	{
1041	.procname = "tcp_rfc1337",
1042	.data = &init_net.ipv4.sysctl_tcp_rfc1337,
1043	.maxlen = sizeof(int),
1044	.mode = `0644`,
1045	.proc_handler = proc_dointvec
1046	},
1047	{
1048	.procname = "tcp_abort_on_overflow",
1049	.data = &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1050	.maxlen = sizeof(int),
1051	.mode = `0644`,
1052	.proc_handler = proc_dointvec
1053	},
1054	{
1055	.procname = "tcp_fack",
1056	.data = &init_net.ipv4.sysctl_tcp_fack,
1057	.maxlen = sizeof(int),
1058	.mode = `0644`,
1059	.proc_handler = proc_dointvec
1060	},
1061	{
1062	.procname = "tcp_max_reordering",
1063	.data = &init_net.ipv4.sysctl_tcp_max_reordering,
1064	.maxlen = sizeof(int),
1065	.mode = `0644`,
1066	.proc_handler = proc_dointvec
1067	},
1068	{
1069	.procname = "tcp_dsack",
1070	.data = &init_net.ipv4.sysctl_tcp_dsack,
1071	.maxlen = sizeof(int),
1072	.mode = `0644`,
1073	.proc_handler = proc_dointvec
1074	},
1075	{
1076	.procname = "tcp_app_win",
1077	.data = &init_net.ipv4.sysctl_tcp_app_win,
1078	.maxlen = sizeof(int),
1079	.mode = `0644`,
1080	.proc_handler = proc_dointvec
1081	},
1082	{
1083	.procname = "tcp_adv_win_scale",
1084	.data = &init_net.ipv4.sysctl_tcp_adv_win_scale,
1085	.maxlen = sizeof(int),
1086	.mode = `0644`,
1087	.proc_handler = proc_dointvec_minmax,
1088	.extra1 = &tcp_adv_win_scale_min,
1089	.extra2 = &tcp_adv_win_scale_max,
1090	},
1091	{
1092	.procname = "tcp_frto",
1093	.data = &init_net.ipv4.sysctl_tcp_frto,
1094	.maxlen = sizeof(int),
1095	.mode = `0644`,
1096	.proc_handler = proc_dointvec
1097	},
1098	{
1099	.procname = "tcp_no_metrics_save",
1100	.data = &init_net.ipv4.sysctl_tcp_nometrics_save,
1101	.maxlen = sizeof(int),
1102	.mode = `0644`,
1103	.proc_handler = proc_dointvec,
1104	},
1105	{
1106	.procname = "tcp_moderate_rcvbuf",
1107	.data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1108	.maxlen = sizeof(int),
1109	.mode = `0644`,
1110	.proc_handler = proc_dointvec,
1111	},
1112	{
1113	.procname = "tcp_tso_win_divisor",
1114	.data = &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1115	.maxlen = sizeof(int),
1116	.mode = `0644`,
1117	.proc_handler = proc_dointvec,
1118	},
1119	{
1120	.procname = "tcp_workaround_signed_windows",
1121	.data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1122	.maxlen = sizeof(int),
1123	.mode = `0644`,
1124	.proc_handler = proc_dointvec
1125	},
1126	{
1127	.procname = "tcp_limit_output_bytes",
1128	.data = &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1129	.maxlen = sizeof(int),
1130	.mode = `0644`,
1131	.proc_handler = proc_dointvec
1132	},
1133	{
1134	.procname = "tcp_challenge_ack_limit",
1135	.data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1136	.maxlen = sizeof(int),
1137	.mode = `0644`,
1138	.proc_handler = proc_dointvec
1139	},
1140	{
1141	.procname = "tcp_min_tso_segs",
1142	.data = &init_net.ipv4.sysctl_tcp_min_tso_segs,
1143	.maxlen = sizeof(int),
1144	.mode = `0644`,
1145	.proc_handler = proc_dointvec_minmax,
1146	.extra1 = &one,
1147	.extra2 = &gso_max_segs,
1148	},
1149	{
1150	.procname = "tcp_min_rtt_wlen",
1151	.data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1152	.maxlen = sizeof(int),
1153	.mode = `0644`,
1154	.proc_handler = proc_dointvec
1155	},
1156	{
1157	.procname = "tcp_autocorking",
1158	.data = &init_net.ipv4.sysctl_tcp_autocorking,
1159	.maxlen = sizeof(int),
1160	.mode = `0644`,
1161	.proc_handler = proc_dointvec_minmax,
1162	.extra1 = &zero,
1163	.extra2 = &one,
1164	},
1165	{
1166	.procname = "tcp_invalid_ratelimit",
1167	.data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1168	.maxlen = sizeof(int),
1169	.mode = `0644`,
1170	.proc_handler = proc_dointvec_ms_jiffies,
1171	},
1172	{
1173	.procname = "tcp_pacing_ss_ratio",
1174	.data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1175	.maxlen = sizeof(int),
1176	.mode = `0644`,
1177	.proc_handler = proc_dointvec_minmax,
1178	.extra1 = &zero,
1179	.extra2 = &thousand,
1180	},
1181	{
1182	.procname = "tcp_pacing_ca_ratio",
1183	.data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1184	.maxlen = sizeof(int),
1185	.mode = `0644`,
1186	.proc_handler = proc_dointvec_minmax,
1187	.extra1 = &zero,
1188	.extra2 = &thousand,
1189	},
1190	{
1191	.procname = "tcp_wmem",
1192	.data = &init_net.ipv4.sysctl_tcp_wmem,
1193	.maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem),
1194	.mode = `0644`,
1195	.proc_handler = proc_dointvec_minmax,
1196	.extra1 = &one,
1197	},
1198	{
1199	.procname = "tcp_rmem",
1200	.data = &init_net.ipv4.sysctl_tcp_rmem,
1201	.maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem),
1202	.mode = `0644`,
1203	.proc_handler = proc_dointvec_minmax,
1204	.extra1 = &one,
1205	},
1206	{
1207	.procname = "tcp_comp_sack_delay_ns",
1208	.data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1209	.maxlen = sizeof(unsigned long),
1210	.mode = `0644`,
1211	.proc_handler = proc_doulongvec_minmax,
1212	},
1213	{
1214	.procname = "tcp_comp_sack_nr",
1215	.data = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1216	.maxlen = sizeof(int),
1217	.mode = `0644`,
1218	.proc_handler = proc_dointvec_minmax,
1219	.extra1 = &zero,
1220	.extra2 = &comp_sack_nr_max,
1221	},
1222	{
1223	.procname = "udp_rmem_min",
1224	.data = &init_net.ipv4.sysctl_udp_rmem_min,
1225	.maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1226	.mode = `0644`,
1227	.proc_handler = proc_dointvec_minmax,
1228	.extra1 = &one
1229	},
1230	{
1231	.procname = "udp_wmem_min",
1232	.data = &init_net.ipv4.sysctl_udp_wmem_min,
1233	.maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1234	.mode = `0644`,
1235	.proc_handler = proc_dointvec_minmax,
1236	.extra1 = &one
1237	},
1238	{ }
1239	};
1240
1241	static __net_init int ipv4_sysctl_init_net(struct net *net)
1242	{
1243	struct ctl_table *table;
1244
1245	table = ipv4_net_table;
1246	if (!net_eq(net, &init_net)) {
1247	int i;
1248
1249	table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1250	if (!table)
1251	goto err_alloc;
1252
1253	/ Update the variables to point into the current struct net /
1254	for (i = `0`; i < ARRAY_SIZE(ipv4_net_table) - `1`; i++)
1255	table[i].data += (void )net - (void* *)&init_net;
1256	}
1257
1258	net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1259	if (!net->ipv4.ipv4_hdr)
1260	goto err_reg;
1261
1262	net->ipv4.sysctl_local_reserved_ports = kzalloc(`65536` / `8`, GFP_KERNEL);
1263	if (!net->ipv4.sysctl_local_reserved_ports)
1264	goto err_ports;
1265
1266	return `0`;
1267
1268	err_ports:
1269	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1270	err_reg:
1271	if (!net_eq(net, &init_net))
1272	kfree(table);
1273	err_alloc:
1274	return -ENOMEM;
1275	}
1276
1277	static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1278	{
1279	struct ctl_table *table;
1280
1281	kfree(net->ipv4.sysctl_local_reserved_ports);
1282	table = net->ipv4.ipv4_hdr->ctl_table_arg;
1283	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1284	kfree(table);
1285	}
1286
1287	static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1288	.init = ipv4_sysctl_init_net,
1289	.exit = ipv4_sysctl_exit_net,
1290	};
1291
1292	static __init int sysctl_ipv4_init(void)
1293	{
1294	struct ctl_table_header *hdr;
1295
1296	hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1297	if (!hdr)
1298	return -ENOMEM;
1299
1300	if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1301	unregister_net_sysctl_table(hdr);
1302	return -ENOMEM;
1303	}
1304
1305	return `0`;
1306	}
1307
1308	__initcall(sysctl_ipv4_init);
1309

Browse the source code of linux/net/ipv4/sysctl_net_ipv4.c