1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. |
4 | * |
5 | * Begun April 1, 1996, Mike Shaver. |
6 | * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] |
7 | */ |
8 | |
9 | #include <linux/mm.h> |
10 | #include <linux/module.h> |
11 | #include <linux/sysctl.h> |
12 | #include <linux/igmp.h> |
13 | #include <linux/inetdevice.h> |
14 | #include <linux/seqlock.h> |
15 | #include <linux/init.h> |
16 | #include <linux/slab.h> |
17 | #include <linux/nsproxy.h> |
18 | #include <linux/swap.h> |
19 | #include <net/snmp.h> |
20 | #include <net/icmp.h> |
21 | #include <net/ip.h> |
22 | #include <net/route.h> |
23 | #include <net/tcp.h> |
24 | #include <net/udp.h> |
25 | #include <net/cipso_ipv4.h> |
26 | #include <net/inet_frag.h> |
27 | #include <net/ping.h> |
28 | #include <net/protocol.h> |
29 | #include <net/netevent.h> |
30 | |
31 | static int zero; |
32 | static int one = 1; |
33 | static int two = 2; |
34 | static int four = 4; |
35 | static int thousand = 1000; |
36 | static int gso_max_segs = GSO_MAX_SEGS; |
37 | static int tcp_retr1_max = 255; |
38 | static int ip_local_port_range_min[] = { 1, 1 }; |
39 | static int ip_local_port_range_max[] = { 65535, 65535 }; |
40 | static int tcp_adv_win_scale_min = -31; |
41 | static int tcp_adv_win_scale_max = 31; |
42 | static int ip_privileged_port_min; |
43 | static int ip_privileged_port_max = 65535; |
44 | static int ip_ttl_min = 1; |
45 | static int ip_ttl_max = 255; |
46 | static int tcp_syn_retries_min = 1; |
47 | static int tcp_syn_retries_max = MAX_TCP_SYNCNT; |
48 | static int ip_ping_group_range_min[] = { 0, 0 }; |
49 | static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; |
50 | static int comp_sack_nr_max = 255; |
51 | |
52 | /* obsolete */ |
53 | static int sysctl_tcp_low_latency __read_mostly; |
54 | |
55 | /* Update system visible IP port range */ |
56 | static void set_local_port_range(struct net *net, int range[2]) |
57 | { |
58 | bool same_parity = !((range[0] ^ range[1]) & 1); |
59 | |
60 | write_seqlock_bh(&net->ipv4.ip_local_ports.lock); |
61 | if (same_parity && !net->ipv4.ip_local_ports.warned) { |
62 | net->ipv4.ip_local_ports.warned = true; |
63 | pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n" ); |
64 | } |
65 | net->ipv4.ip_local_ports.range[0] = range[0]; |
66 | net->ipv4.ip_local_ports.range[1] = range[1]; |
67 | write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); |
68 | } |
69 | |
70 | /* Validate changes from /proc interface. */ |
71 | static int ipv4_local_port_range(struct ctl_table *table, int write, |
72 | void __user *buffer, |
73 | size_t *lenp, loff_t *ppos) |
74 | { |
75 | struct net *net = |
76 | container_of(table->data, struct net, ipv4.ip_local_ports.range); |
77 | int ret; |
78 | int range[2]; |
79 | struct ctl_table tmp = { |
80 | .data = &range, |
81 | .maxlen = sizeof(range), |
82 | .mode = table->mode, |
83 | .extra1 = &ip_local_port_range_min, |
84 | .extra2 = &ip_local_port_range_max, |
85 | }; |
86 | |
87 | inet_get_local_port_range(net, &range[0], &range[1]); |
88 | |
89 | ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); |
90 | |
91 | if (write && ret == 0) { |
92 | /* Ensure that the upper limit is not smaller than the lower, |
93 | * and that the lower does not encroach upon the privileged |
94 | * port limit. |
95 | */ |
96 | if ((range[1] < range[0]) || |
97 | (range[0] < net->ipv4.sysctl_ip_prot_sock)) |
98 | ret = -EINVAL; |
99 | else |
100 | set_local_port_range(net, range); |
101 | } |
102 | |
103 | return ret; |
104 | } |
105 | |
106 | /* Validate changes from /proc interface. */ |
107 | static int ipv4_privileged_ports(struct ctl_table *table, int write, |
108 | void __user *buffer, size_t *lenp, loff_t *ppos) |
109 | { |
110 | struct net *net = container_of(table->data, struct net, |
111 | ipv4.sysctl_ip_prot_sock); |
112 | int ret; |
113 | int pports; |
114 | int range[2]; |
115 | struct ctl_table tmp = { |
116 | .data = &pports, |
117 | .maxlen = sizeof(pports), |
118 | .mode = table->mode, |
119 | .extra1 = &ip_privileged_port_min, |
120 | .extra2 = &ip_privileged_port_max, |
121 | }; |
122 | |
123 | pports = net->ipv4.sysctl_ip_prot_sock; |
124 | |
125 | ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); |
126 | |
127 | if (write && ret == 0) { |
128 | inet_get_local_port_range(net, &range[0], &range[1]); |
129 | /* Ensure that the local port range doesn't overlap with the |
130 | * privileged port range. |
131 | */ |
132 | if (range[0] < pports) |
133 | ret = -EINVAL; |
134 | else |
135 | net->ipv4.sysctl_ip_prot_sock = pports; |
136 | } |
137 | |
138 | return ret; |
139 | } |
140 | |
141 | static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) |
142 | { |
143 | kgid_t *data = table->data; |
144 | struct net *net = |
145 | container_of(table->data, struct net, ipv4.ping_group_range.range); |
146 | unsigned int seq; |
147 | do { |
148 | seq = read_seqbegin(&net->ipv4.ping_group_range.lock); |
149 | |
150 | *low = data[0]; |
151 | *high = data[1]; |
152 | } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq)); |
153 | } |
154 | |
155 | /* Update system visible IP port range */ |
156 | static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) |
157 | { |
158 | kgid_t *data = table->data; |
159 | struct net *net = |
160 | container_of(table->data, struct net, ipv4.ping_group_range.range); |
161 | write_seqlock(&net->ipv4.ping_group_range.lock); |
162 | data[0] = low; |
163 | data[1] = high; |
164 | write_sequnlock(&net->ipv4.ping_group_range.lock); |
165 | } |
166 | |
167 | /* Validate changes from /proc interface. */ |
168 | static int ipv4_ping_group_range(struct ctl_table *table, int write, |
169 | void __user *buffer, |
170 | size_t *lenp, loff_t *ppos) |
171 | { |
172 | struct user_namespace *user_ns = current_user_ns(); |
173 | int ret; |
174 | gid_t urange[2]; |
175 | kgid_t low, high; |
176 | struct ctl_table tmp = { |
177 | .data = &urange, |
178 | .maxlen = sizeof(urange), |
179 | .mode = table->mode, |
180 | .extra1 = &ip_ping_group_range_min, |
181 | .extra2 = &ip_ping_group_range_max, |
182 | }; |
183 | |
184 | inet_get_ping_group_range_table(table, &low, &high); |
185 | urange[0] = from_kgid_munged(user_ns, low); |
186 | urange[1] = from_kgid_munged(user_ns, high); |
187 | ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); |
188 | |
189 | if (write && ret == 0) { |
190 | low = make_kgid(user_ns, urange[0]); |
191 | high = make_kgid(user_ns, urange[1]); |
192 | if (!gid_valid(low) || !gid_valid(high)) |
193 | return -EINVAL; |
194 | if (urange[1] < urange[0] || gid_lt(high, low)) { |
195 | low = make_kgid(&init_user_ns, 1); |
196 | high = make_kgid(&init_user_ns, 0); |
197 | } |
198 | set_ping_group_range(table, low, high); |
199 | } |
200 | |
201 | return ret; |
202 | } |
203 | |
204 | static int ipv4_fwd_update_priority(struct ctl_table *table, int write, |
205 | void __user *buffer, |
206 | size_t *lenp, loff_t *ppos) |
207 | { |
208 | struct net *net; |
209 | int ret; |
210 | |
211 | net = container_of(table->data, struct net, |
212 | ipv4.sysctl_ip_fwd_update_priority); |
213 | ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); |
214 | if (write && ret == 0) |
215 | call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE, |
216 | net); |
217 | |
218 | return ret; |
219 | } |
220 | |
221 | static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, |
222 | void __user *buffer, size_t *lenp, loff_t *ppos) |
223 | { |
224 | struct net *net = container_of(ctl->data, struct net, |
225 | ipv4.tcp_congestion_control); |
226 | char val[TCP_CA_NAME_MAX]; |
227 | struct ctl_table tbl = { |
228 | .data = val, |
229 | .maxlen = TCP_CA_NAME_MAX, |
230 | }; |
231 | int ret; |
232 | |
233 | tcp_get_default_congestion_control(net, val); |
234 | |
235 | ret = proc_dostring(&tbl, write, buffer, lenp, ppos); |
236 | if (write && ret == 0) |
237 | ret = tcp_set_default_congestion_control(net, val); |
238 | return ret; |
239 | } |
240 | |
241 | static int proc_tcp_available_congestion_control(struct ctl_table *ctl, |
242 | int write, |
243 | void __user *buffer, size_t *lenp, |
244 | loff_t *ppos) |
245 | { |
246 | struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; |
247 | int ret; |
248 | |
249 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); |
250 | if (!tbl.data) |
251 | return -ENOMEM; |
252 | tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); |
253 | ret = proc_dostring(&tbl, write, buffer, lenp, ppos); |
254 | kfree(tbl.data); |
255 | return ret; |
256 | } |
257 | |
258 | static int proc_allowed_congestion_control(struct ctl_table *ctl, |
259 | int write, |
260 | void __user *buffer, size_t *lenp, |
261 | loff_t *ppos) |
262 | { |
263 | struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; |
264 | int ret; |
265 | |
266 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); |
267 | if (!tbl.data) |
268 | return -ENOMEM; |
269 | |
270 | tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); |
271 | ret = proc_dostring(&tbl, write, buffer, lenp, ppos); |
272 | if (write && ret == 0) |
273 | ret = tcp_set_allowed_congestion_control(tbl.data); |
274 | kfree(tbl.data); |
275 | return ret; |
276 | } |
277 | |
278 | static int proc_tcp_fastopen_key(struct ctl_table *table, int write, |
279 | void __user *buffer, size_t *lenp, |
280 | loff_t *ppos) |
281 | { |
282 | struct net *net = container_of(table->data, struct net, |
283 | ipv4.sysctl_tcp_fastopen); |
284 | struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; |
285 | struct tcp_fastopen_context *ctxt; |
286 | u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ |
287 | __le32 key[4]; |
288 | int ret, i; |
289 | |
290 | tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); |
291 | if (!tbl.data) |
292 | return -ENOMEM; |
293 | |
294 | rcu_read_lock(); |
295 | ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx); |
296 | if (ctxt) |
297 | memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); |
298 | else |
299 | memset(key, 0, sizeof(key)); |
300 | rcu_read_unlock(); |
301 | |
302 | for (i = 0; i < ARRAY_SIZE(key); i++) |
303 | user_key[i] = le32_to_cpu(key[i]); |
304 | |
305 | snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x" , |
306 | user_key[0], user_key[1], user_key[2], user_key[3]); |
307 | ret = proc_dostring(&tbl, write, buffer, lenp, ppos); |
308 | |
309 | if (write && ret == 0) { |
310 | if (sscanf(tbl.data, "%x-%x-%x-%x" , user_key, user_key + 1, |
311 | user_key + 2, user_key + 3) != 4) { |
312 | ret = -EINVAL; |
313 | goto bad_key; |
314 | } |
315 | |
316 | for (i = 0; i < ARRAY_SIZE(user_key); i++) |
317 | key[i] = cpu_to_le32(user_key[i]); |
318 | |
319 | tcp_fastopen_reset_cipher(net, NULL, key, |
320 | TCP_FASTOPEN_KEY_LENGTH); |
321 | } |
322 | |
323 | bad_key: |
324 | pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n" , |
325 | user_key[0], user_key[1], user_key[2], user_key[3], |
326 | (char *)tbl.data, ret); |
327 | kfree(tbl.data); |
328 | return ret; |
329 | } |
330 | |
331 | static void proc_configure_early_demux(int enabled, int protocol) |
332 | { |
333 | struct net_protocol *ipprot; |
334 | #if IS_ENABLED(CONFIG_IPV6) |
335 | struct inet6_protocol *ip6prot; |
336 | #endif |
337 | |
338 | rcu_read_lock(); |
339 | |
340 | ipprot = rcu_dereference(inet_protos[protocol]); |
341 | if (ipprot) |
342 | ipprot->early_demux = enabled ? ipprot->early_demux_handler : |
343 | NULL; |
344 | |
345 | #if IS_ENABLED(CONFIG_IPV6) |
346 | ip6prot = rcu_dereference(inet6_protos[protocol]); |
347 | if (ip6prot) |
348 | ip6prot->early_demux = enabled ? ip6prot->early_demux_handler : |
349 | NULL; |
350 | #endif |
351 | rcu_read_unlock(); |
352 | } |
353 | |
354 | static int proc_tcp_early_demux(struct ctl_table *table, int write, |
355 | void __user *buffer, size_t *lenp, loff_t *ppos) |
356 | { |
357 | int ret = 0; |
358 | |
359 | ret = proc_dointvec(table, write, buffer, lenp, ppos); |
360 | |
361 | if (write && !ret) { |
362 | int enabled = init_net.ipv4.sysctl_tcp_early_demux; |
363 | |
364 | proc_configure_early_demux(enabled, IPPROTO_TCP); |
365 | } |
366 | |
367 | return ret; |
368 | } |
369 | |
370 | static int proc_udp_early_demux(struct ctl_table *table, int write, |
371 | void __user *buffer, size_t *lenp, loff_t *ppos) |
372 | { |
373 | int ret = 0; |
374 | |
375 | ret = proc_dointvec(table, write, buffer, lenp, ppos); |
376 | |
377 | if (write && !ret) { |
378 | int enabled = init_net.ipv4.sysctl_udp_early_demux; |
379 | |
380 | proc_configure_early_demux(enabled, IPPROTO_UDP); |
381 | } |
382 | |
383 | return ret; |
384 | } |
385 | |
386 | static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table, |
387 | int write, |
388 | void __user *buffer, |
389 | size_t *lenp, loff_t *ppos) |
390 | { |
391 | struct net *net = container_of(table->data, struct net, |
392 | ipv4.sysctl_tcp_fastopen_blackhole_timeout); |
393 | int ret; |
394 | |
395 | ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); |
396 | if (write && ret == 0) |
397 | atomic_set(&net->ipv4.tfo_active_disable_times, 0); |
398 | |
399 | return ret; |
400 | } |
401 | |
402 | static int proc_tcp_available_ulp(struct ctl_table *ctl, |
403 | int write, |
404 | void __user *buffer, size_t *lenp, |
405 | loff_t *ppos) |
406 | { |
407 | struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; |
408 | int ret; |
409 | |
410 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); |
411 | if (!tbl.data) |
412 | return -ENOMEM; |
413 | tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX); |
414 | ret = proc_dostring(&tbl, write, buffer, lenp, ppos); |
415 | kfree(tbl.data); |
416 | |
417 | return ret; |
418 | } |
419 | |
420 | #ifdef CONFIG_IP_ROUTE_MULTIPATH |
421 | static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write, |
422 | void __user *buffer, size_t *lenp, |
423 | loff_t *ppos) |
424 | { |
425 | struct net *net = container_of(table->data, struct net, |
426 | ipv4.sysctl_fib_multipath_hash_policy); |
427 | int ret; |
428 | |
429 | ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); |
430 | if (write && ret == 0) |
431 | call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); |
432 | |
433 | return ret; |
434 | } |
435 | #endif |
436 | |
437 | static struct ctl_table ipv4_table[] = { |
438 | { |
439 | .procname = "tcp_max_orphans" , |
440 | .data = &sysctl_tcp_max_orphans, |
441 | .maxlen = sizeof(int), |
442 | .mode = 0644, |
443 | .proc_handler = proc_dointvec |
444 | }, |
445 | { |
446 | .procname = "inet_peer_threshold" , |
447 | .data = &inet_peer_threshold, |
448 | .maxlen = sizeof(int), |
449 | .mode = 0644, |
450 | .proc_handler = proc_dointvec |
451 | }, |
452 | { |
453 | .procname = "inet_peer_minttl" , |
454 | .data = &inet_peer_minttl, |
455 | .maxlen = sizeof(int), |
456 | .mode = 0644, |
457 | .proc_handler = proc_dointvec_jiffies, |
458 | }, |
459 | { |
460 | .procname = "inet_peer_maxttl" , |
461 | .data = &inet_peer_maxttl, |
462 | .maxlen = sizeof(int), |
463 | .mode = 0644, |
464 | .proc_handler = proc_dointvec_jiffies, |
465 | }, |
466 | { |
467 | .procname = "tcp_mem" , |
468 | .maxlen = sizeof(sysctl_tcp_mem), |
469 | .data = &sysctl_tcp_mem, |
470 | .mode = 0644, |
471 | .proc_handler = proc_doulongvec_minmax, |
472 | }, |
473 | { |
474 | .procname = "tcp_low_latency" , |
475 | .data = &sysctl_tcp_low_latency, |
476 | .maxlen = sizeof(int), |
477 | .mode = 0644, |
478 | .proc_handler = proc_dointvec |
479 | }, |
480 | #ifdef CONFIG_NETLABEL |
481 | { |
482 | .procname = "cipso_cache_enable" , |
483 | .data = &cipso_v4_cache_enabled, |
484 | .maxlen = sizeof(int), |
485 | .mode = 0644, |
486 | .proc_handler = proc_dointvec, |
487 | }, |
488 | { |
489 | .procname = "cipso_cache_bucket_size" , |
490 | .data = &cipso_v4_cache_bucketsize, |
491 | .maxlen = sizeof(int), |
492 | .mode = 0644, |
493 | .proc_handler = proc_dointvec, |
494 | }, |
495 | { |
496 | .procname = "cipso_rbm_optfmt" , |
497 | .data = &cipso_v4_rbm_optfmt, |
498 | .maxlen = sizeof(int), |
499 | .mode = 0644, |
500 | .proc_handler = proc_dointvec, |
501 | }, |
502 | { |
503 | .procname = "cipso_rbm_strictvalid" , |
504 | .data = &cipso_v4_rbm_strictvalid, |
505 | .maxlen = sizeof(int), |
506 | .mode = 0644, |
507 | .proc_handler = proc_dointvec, |
508 | }, |
509 | #endif /* CONFIG_NETLABEL */ |
510 | { |
511 | .procname = "tcp_available_congestion_control" , |
512 | .maxlen = TCP_CA_BUF_MAX, |
513 | .mode = 0444, |
514 | .proc_handler = proc_tcp_available_congestion_control, |
515 | }, |
516 | { |
517 | .procname = "tcp_allowed_congestion_control" , |
518 | .maxlen = TCP_CA_BUF_MAX, |
519 | .mode = 0644, |
520 | .proc_handler = proc_allowed_congestion_control, |
521 | }, |
522 | { |
523 | .procname = "tcp_available_ulp" , |
524 | .maxlen = TCP_ULP_BUF_MAX, |
525 | .mode = 0444, |
526 | .proc_handler = proc_tcp_available_ulp, |
527 | }, |
528 | { |
529 | .procname = "icmp_msgs_per_sec" , |
530 | .data = &sysctl_icmp_msgs_per_sec, |
531 | .maxlen = sizeof(int), |
532 | .mode = 0644, |
533 | .proc_handler = proc_dointvec_minmax, |
534 | .extra1 = &zero, |
535 | }, |
536 | { |
537 | .procname = "icmp_msgs_burst" , |
538 | .data = &sysctl_icmp_msgs_burst, |
539 | .maxlen = sizeof(int), |
540 | .mode = 0644, |
541 | .proc_handler = proc_dointvec_minmax, |
542 | .extra1 = &zero, |
543 | }, |
544 | { |
545 | .procname = "udp_mem" , |
546 | .data = &sysctl_udp_mem, |
547 | .maxlen = sizeof(sysctl_udp_mem), |
548 | .mode = 0644, |
549 | .proc_handler = proc_doulongvec_minmax, |
550 | }, |
551 | { } |
552 | }; |
553 | |
554 | static struct ctl_table ipv4_net_table[] = { |
555 | { |
556 | .procname = "icmp_echo_ignore_all" , |
557 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, |
558 | .maxlen = sizeof(int), |
559 | .mode = 0644, |
560 | .proc_handler = proc_dointvec |
561 | }, |
562 | { |
563 | .procname = "icmp_echo_ignore_broadcasts" , |
564 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, |
565 | .maxlen = sizeof(int), |
566 | .mode = 0644, |
567 | .proc_handler = proc_dointvec |
568 | }, |
569 | { |
570 | .procname = "icmp_ignore_bogus_error_responses" , |
571 | .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, |
572 | .maxlen = sizeof(int), |
573 | .mode = 0644, |
574 | .proc_handler = proc_dointvec |
575 | }, |
576 | { |
577 | .procname = "icmp_errors_use_inbound_ifaddr" , |
578 | .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, |
579 | .maxlen = sizeof(int), |
580 | .mode = 0644, |
581 | .proc_handler = proc_dointvec |
582 | }, |
583 | { |
584 | .procname = "icmp_ratelimit" , |
585 | .data = &init_net.ipv4.sysctl_icmp_ratelimit, |
586 | .maxlen = sizeof(int), |
587 | .mode = 0644, |
588 | .proc_handler = proc_dointvec_ms_jiffies, |
589 | }, |
590 | { |
591 | .procname = "icmp_ratemask" , |
592 | .data = &init_net.ipv4.sysctl_icmp_ratemask, |
593 | .maxlen = sizeof(int), |
594 | .mode = 0644, |
595 | .proc_handler = proc_dointvec |
596 | }, |
597 | { |
598 | .procname = "ping_group_range" , |
599 | .data = &init_net.ipv4.ping_group_range.range, |
600 | .maxlen = sizeof(gid_t)*2, |
601 | .mode = 0644, |
602 | .proc_handler = ipv4_ping_group_range, |
603 | }, |
604 | { |
605 | .procname = "tcp_ecn" , |
606 | .data = &init_net.ipv4.sysctl_tcp_ecn, |
607 | .maxlen = sizeof(int), |
608 | .mode = 0644, |
609 | .proc_handler = proc_dointvec |
610 | }, |
611 | { |
612 | .procname = "tcp_ecn_fallback" , |
613 | .data = &init_net.ipv4.sysctl_tcp_ecn_fallback, |
614 | .maxlen = sizeof(int), |
615 | .mode = 0644, |
616 | .proc_handler = proc_dointvec |
617 | }, |
618 | { |
619 | .procname = "ip_dynaddr" , |
620 | .data = &init_net.ipv4.sysctl_ip_dynaddr, |
621 | .maxlen = sizeof(int), |
622 | .mode = 0644, |
623 | .proc_handler = proc_dointvec |
624 | }, |
625 | { |
626 | .procname = "ip_early_demux" , |
627 | .data = &init_net.ipv4.sysctl_ip_early_demux, |
628 | .maxlen = sizeof(int), |
629 | .mode = 0644, |
630 | .proc_handler = proc_dointvec |
631 | }, |
632 | { |
633 | .procname = "udp_early_demux" , |
634 | .data = &init_net.ipv4.sysctl_udp_early_demux, |
635 | .maxlen = sizeof(int), |
636 | .mode = 0644, |
637 | .proc_handler = proc_udp_early_demux |
638 | }, |
639 | { |
640 | .procname = "tcp_early_demux" , |
641 | .data = &init_net.ipv4.sysctl_tcp_early_demux, |
642 | .maxlen = sizeof(int), |
643 | .mode = 0644, |
644 | .proc_handler = proc_tcp_early_demux |
645 | }, |
646 | { |
647 | .procname = "ip_default_ttl" , |
648 | .data = &init_net.ipv4.sysctl_ip_default_ttl, |
649 | .maxlen = sizeof(int), |
650 | .mode = 0644, |
651 | .proc_handler = proc_dointvec_minmax, |
652 | .extra1 = &ip_ttl_min, |
653 | .extra2 = &ip_ttl_max, |
654 | }, |
655 | { |
656 | .procname = "ip_local_port_range" , |
657 | .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), |
658 | .data = &init_net.ipv4.ip_local_ports.range, |
659 | .mode = 0644, |
660 | .proc_handler = ipv4_local_port_range, |
661 | }, |
662 | { |
663 | .procname = "ip_local_reserved_ports" , |
664 | .data = &init_net.ipv4.sysctl_local_reserved_ports, |
665 | .maxlen = 65536, |
666 | .mode = 0644, |
667 | .proc_handler = proc_do_large_bitmap, |
668 | }, |
669 | { |
670 | .procname = "ip_no_pmtu_disc" , |
671 | .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, |
672 | .maxlen = sizeof(int), |
673 | .mode = 0644, |
674 | .proc_handler = proc_dointvec |
675 | }, |
676 | { |
677 | .procname = "ip_forward_use_pmtu" , |
678 | .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, |
679 | .maxlen = sizeof(int), |
680 | .mode = 0644, |
681 | .proc_handler = proc_dointvec, |
682 | }, |
683 | { |
684 | .procname = "ip_forward_update_priority" , |
685 | .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, |
686 | .maxlen = sizeof(int), |
687 | .mode = 0644, |
688 | .proc_handler = ipv4_fwd_update_priority, |
689 | .extra1 = &zero, |
690 | .extra2 = &one, |
691 | }, |
692 | { |
693 | .procname = "ip_nonlocal_bind" , |
694 | .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, |
695 | .maxlen = sizeof(int), |
696 | .mode = 0644, |
697 | .proc_handler = proc_dointvec |
698 | }, |
699 | { |
700 | .procname = "fwmark_reflect" , |
701 | .data = &init_net.ipv4.sysctl_fwmark_reflect, |
702 | .maxlen = sizeof(int), |
703 | .mode = 0644, |
704 | .proc_handler = proc_dointvec, |
705 | }, |
706 | { |
707 | .procname = "tcp_fwmark_accept" , |
708 | .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, |
709 | .maxlen = sizeof(int), |
710 | .mode = 0644, |
711 | .proc_handler = proc_dointvec, |
712 | }, |
713 | #ifdef CONFIG_NET_L3_MASTER_DEV |
714 | { |
715 | .procname = "tcp_l3mdev_accept" , |
716 | .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept, |
717 | .maxlen = sizeof(int), |
718 | .mode = 0644, |
719 | .proc_handler = proc_dointvec_minmax, |
720 | .extra1 = &zero, |
721 | .extra2 = &one, |
722 | }, |
723 | #endif |
724 | { |
725 | .procname = "tcp_mtu_probing" , |
726 | .data = &init_net.ipv4.sysctl_tcp_mtu_probing, |
727 | .maxlen = sizeof(int), |
728 | .mode = 0644, |
729 | .proc_handler = proc_dointvec, |
730 | }, |
731 | { |
732 | .procname = "tcp_base_mss" , |
733 | .data = &init_net.ipv4.sysctl_tcp_base_mss, |
734 | .maxlen = sizeof(int), |
735 | .mode = 0644, |
736 | .proc_handler = proc_dointvec, |
737 | }, |
738 | { |
739 | .procname = "tcp_probe_threshold" , |
740 | .data = &init_net.ipv4.sysctl_tcp_probe_threshold, |
741 | .maxlen = sizeof(int), |
742 | .mode = 0644, |
743 | .proc_handler = proc_dointvec, |
744 | }, |
745 | { |
746 | .procname = "tcp_probe_interval" , |
747 | .data = &init_net.ipv4.sysctl_tcp_probe_interval, |
748 | .maxlen = sizeof(int), |
749 | .mode = 0644, |
750 | .proc_handler = proc_dointvec, |
751 | }, |
752 | { |
753 | .procname = "igmp_link_local_mcast_reports" , |
754 | .data = &init_net.ipv4.sysctl_igmp_llm_reports, |
755 | .maxlen = sizeof(int), |
756 | .mode = 0644, |
757 | .proc_handler = proc_dointvec |
758 | }, |
759 | { |
760 | .procname = "igmp_max_memberships" , |
761 | .data = &init_net.ipv4.sysctl_igmp_max_memberships, |
762 | .maxlen = sizeof(int), |
763 | .mode = 0644, |
764 | .proc_handler = proc_dointvec |
765 | }, |
766 | { |
767 | .procname = "igmp_max_msf" , |
768 | .data = &init_net.ipv4.sysctl_igmp_max_msf, |
769 | .maxlen = sizeof(int), |
770 | .mode = 0644, |
771 | .proc_handler = proc_dointvec |
772 | }, |
773 | #ifdef CONFIG_IP_MULTICAST |
774 | { |
775 | .procname = "igmp_qrv" , |
776 | .data = &init_net.ipv4.sysctl_igmp_qrv, |
777 | .maxlen = sizeof(int), |
778 | .mode = 0644, |
779 | .proc_handler = proc_dointvec_minmax, |
780 | .extra1 = &one |
781 | }, |
782 | #endif |
783 | { |
784 | .procname = "tcp_congestion_control" , |
785 | .data = &init_net.ipv4.tcp_congestion_control, |
786 | .mode = 0644, |
787 | .maxlen = TCP_CA_NAME_MAX, |
788 | .proc_handler = proc_tcp_congestion_control, |
789 | }, |
790 | { |
791 | .procname = "tcp_keepalive_time" , |
792 | .data = &init_net.ipv4.sysctl_tcp_keepalive_time, |
793 | .maxlen = sizeof(int), |
794 | .mode = 0644, |
795 | .proc_handler = proc_dointvec_jiffies, |
796 | }, |
797 | { |
798 | .procname = "tcp_keepalive_probes" , |
799 | .data = &init_net.ipv4.sysctl_tcp_keepalive_probes, |
800 | .maxlen = sizeof(int), |
801 | .mode = 0644, |
802 | .proc_handler = proc_dointvec |
803 | }, |
804 | { |
805 | .procname = "tcp_keepalive_intvl" , |
806 | .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl, |
807 | .maxlen = sizeof(int), |
808 | .mode = 0644, |
809 | .proc_handler = proc_dointvec_jiffies, |
810 | }, |
811 | { |
812 | .procname = "tcp_syn_retries" , |
813 | .data = &init_net.ipv4.sysctl_tcp_syn_retries, |
814 | .maxlen = sizeof(int), |
815 | .mode = 0644, |
816 | .proc_handler = proc_dointvec_minmax, |
817 | .extra1 = &tcp_syn_retries_min, |
818 | .extra2 = &tcp_syn_retries_max |
819 | }, |
820 | { |
821 | .procname = "tcp_synack_retries" , |
822 | .data = &init_net.ipv4.sysctl_tcp_synack_retries, |
823 | .maxlen = sizeof(int), |
824 | .mode = 0644, |
825 | .proc_handler = proc_dointvec |
826 | }, |
827 | #ifdef CONFIG_SYN_COOKIES |
828 | { |
829 | .procname = "tcp_syncookies" , |
830 | .data = &init_net.ipv4.sysctl_tcp_syncookies, |
831 | .maxlen = sizeof(int), |
832 | .mode = 0644, |
833 | .proc_handler = proc_dointvec |
834 | }, |
835 | #endif |
836 | { |
837 | .procname = "tcp_reordering" , |
838 | .data = &init_net.ipv4.sysctl_tcp_reordering, |
839 | .maxlen = sizeof(int), |
840 | .mode = 0644, |
841 | .proc_handler = proc_dointvec |
842 | }, |
843 | { |
844 | .procname = "tcp_retries1" , |
845 | .data = &init_net.ipv4.sysctl_tcp_retries1, |
846 | .maxlen = sizeof(int), |
847 | .mode = 0644, |
848 | .proc_handler = proc_dointvec_minmax, |
849 | .extra2 = &tcp_retr1_max |
850 | }, |
851 | { |
852 | .procname = "tcp_retries2" , |
853 | .data = &init_net.ipv4.sysctl_tcp_retries2, |
854 | .maxlen = sizeof(int), |
855 | .mode = 0644, |
856 | .proc_handler = proc_dointvec |
857 | }, |
858 | { |
859 | .procname = "tcp_orphan_retries" , |
860 | .data = &init_net.ipv4.sysctl_tcp_orphan_retries, |
861 | .maxlen = sizeof(int), |
862 | .mode = 0644, |
863 | .proc_handler = proc_dointvec |
864 | }, |
865 | { |
866 | .procname = "tcp_fin_timeout" , |
867 | .data = &init_net.ipv4.sysctl_tcp_fin_timeout, |
868 | .maxlen = sizeof(int), |
869 | .mode = 0644, |
870 | .proc_handler = proc_dointvec_jiffies, |
871 | }, |
872 | { |
873 | .procname = "tcp_notsent_lowat" , |
874 | .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, |
875 | .maxlen = sizeof(unsigned int), |
876 | .mode = 0644, |
877 | .proc_handler = proc_douintvec, |
878 | }, |
879 | { |
880 | .procname = "tcp_tw_reuse" , |
881 | .data = &init_net.ipv4.sysctl_tcp_tw_reuse, |
882 | .maxlen = sizeof(int), |
883 | .mode = 0644, |
884 | .proc_handler = proc_dointvec_minmax, |
885 | .extra1 = &zero, |
886 | .extra2 = &two, |
887 | }, |
888 | { |
889 | .procname = "tcp_max_tw_buckets" , |
890 | .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets, |
891 | .maxlen = sizeof(int), |
892 | .mode = 0644, |
893 | .proc_handler = proc_dointvec |
894 | }, |
895 | { |
896 | .procname = "tcp_max_syn_backlog" , |
897 | .data = &init_net.ipv4.sysctl_max_syn_backlog, |
898 | .maxlen = sizeof(int), |
899 | .mode = 0644, |
900 | .proc_handler = proc_dointvec |
901 | }, |
902 | { |
903 | .procname = "tcp_fastopen" , |
904 | .data = &init_net.ipv4.sysctl_tcp_fastopen, |
905 | .maxlen = sizeof(int), |
906 | .mode = 0644, |
907 | .proc_handler = proc_dointvec, |
908 | }, |
909 | { |
910 | .procname = "tcp_fastopen_key" , |
911 | .mode = 0600, |
912 | .data = &init_net.ipv4.sysctl_tcp_fastopen, |
913 | .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), |
914 | .proc_handler = proc_tcp_fastopen_key, |
915 | }, |
916 | { |
917 | .procname = "tcp_fastopen_blackhole_timeout_sec" , |
918 | .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout, |
919 | .maxlen = sizeof(int), |
920 | .mode = 0644, |
921 | .proc_handler = proc_tfo_blackhole_detect_timeout, |
922 | .extra1 = &zero, |
923 | }, |
924 | #ifdef CONFIG_IP_ROUTE_MULTIPATH |
925 | { |
926 | .procname = "fib_multipath_use_neigh" , |
927 | .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh, |
928 | .maxlen = sizeof(int), |
929 | .mode = 0644, |
930 | .proc_handler = proc_dointvec_minmax, |
931 | .extra1 = &zero, |
932 | .extra2 = &one, |
933 | }, |
934 | { |
935 | .procname = "fib_multipath_hash_policy" , |
936 | .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy, |
937 | .maxlen = sizeof(int), |
938 | .mode = 0644, |
939 | .proc_handler = proc_fib_multipath_hash_policy, |
940 | .extra1 = &zero, |
941 | .extra2 = &one, |
942 | }, |
943 | #endif |
944 | { |
945 | .procname = "ip_unprivileged_port_start" , |
946 | .maxlen = sizeof(int), |
947 | .data = &init_net.ipv4.sysctl_ip_prot_sock, |
948 | .mode = 0644, |
949 | .proc_handler = ipv4_privileged_ports, |
950 | }, |
951 | #ifdef CONFIG_NET_L3_MASTER_DEV |
952 | { |
953 | .procname = "udp_l3mdev_accept" , |
954 | .data = &init_net.ipv4.sysctl_udp_l3mdev_accept, |
955 | .maxlen = sizeof(int), |
956 | .mode = 0644, |
957 | .proc_handler = proc_dointvec_minmax, |
958 | .extra1 = &zero, |
959 | .extra2 = &one, |
960 | }, |
961 | #endif |
962 | { |
963 | .procname = "tcp_sack" , |
964 | .data = &init_net.ipv4.sysctl_tcp_sack, |
965 | .maxlen = sizeof(int), |
966 | .mode = 0644, |
967 | .proc_handler = proc_dointvec |
968 | }, |
969 | { |
970 | .procname = "tcp_window_scaling" , |
971 | .data = &init_net.ipv4.sysctl_tcp_window_scaling, |
972 | .maxlen = sizeof(int), |
973 | .mode = 0644, |
974 | .proc_handler = proc_dointvec |
975 | }, |
976 | { |
977 | .procname = "tcp_timestamps" , |
978 | .data = &init_net.ipv4.sysctl_tcp_timestamps, |
979 | .maxlen = sizeof(int), |
980 | .mode = 0644, |
981 | .proc_handler = proc_dointvec |
982 | }, |
983 | { |
984 | .procname = "tcp_early_retrans" , |
985 | .data = &init_net.ipv4.sysctl_tcp_early_retrans, |
986 | .maxlen = sizeof(int), |
987 | .mode = 0644, |
988 | .proc_handler = proc_dointvec_minmax, |
989 | .extra1 = &zero, |
990 | .extra2 = &four, |
991 | }, |
992 | { |
993 | .procname = "tcp_recovery" , |
994 | .data = &init_net.ipv4.sysctl_tcp_recovery, |
995 | .maxlen = sizeof(int), |
996 | .mode = 0644, |
997 | .proc_handler = proc_dointvec, |
998 | }, |
999 | { |
1000 | .procname = "tcp_thin_linear_timeouts" , |
1001 | .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts, |
1002 | .maxlen = sizeof(int), |
1003 | .mode = 0644, |
1004 | .proc_handler = proc_dointvec |
1005 | }, |
1006 | { |
1007 | .procname = "tcp_slow_start_after_idle" , |
1008 | .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle, |
1009 | .maxlen = sizeof(int), |
1010 | .mode = 0644, |
1011 | .proc_handler = proc_dointvec |
1012 | }, |
1013 | { |
1014 | .procname = "tcp_retrans_collapse" , |
1015 | .data = &init_net.ipv4.sysctl_tcp_retrans_collapse, |
1016 | .maxlen = sizeof(int), |
1017 | .mode = 0644, |
1018 | .proc_handler = proc_dointvec |
1019 | }, |
1020 | { |
1021 | .procname = "tcp_stdurg" , |
1022 | .data = &init_net.ipv4.sysctl_tcp_stdurg, |
1023 | .maxlen = sizeof(int), |
1024 | .mode = 0644, |
1025 | .proc_handler = proc_dointvec |
1026 | }, |
1027 | { |
1028 | .procname = "tcp_rfc1337" , |
1029 | .data = &init_net.ipv4.sysctl_tcp_rfc1337, |
1030 | .maxlen = sizeof(int), |
1031 | .mode = 0644, |
1032 | .proc_handler = proc_dointvec |
1033 | }, |
1034 | { |
1035 | .procname = "tcp_abort_on_overflow" , |
1036 | .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow, |
1037 | .maxlen = sizeof(int), |
1038 | .mode = 0644, |
1039 | .proc_handler = proc_dointvec |
1040 | }, |
1041 | { |
1042 | .procname = "tcp_fack" , |
1043 | .data = &init_net.ipv4.sysctl_tcp_fack, |
1044 | .maxlen = sizeof(int), |
1045 | .mode = 0644, |
1046 | .proc_handler = proc_dointvec |
1047 | }, |
1048 | { |
1049 | .procname = "tcp_max_reordering" , |
1050 | .data = &init_net.ipv4.sysctl_tcp_max_reordering, |
1051 | .maxlen = sizeof(int), |
1052 | .mode = 0644, |
1053 | .proc_handler = proc_dointvec |
1054 | }, |
1055 | { |
1056 | .procname = "tcp_dsack" , |
1057 | .data = &init_net.ipv4.sysctl_tcp_dsack, |
1058 | .maxlen = sizeof(int), |
1059 | .mode = 0644, |
1060 | .proc_handler = proc_dointvec |
1061 | }, |
1062 | { |
1063 | .procname = "tcp_app_win" , |
1064 | .data = &init_net.ipv4.sysctl_tcp_app_win, |
1065 | .maxlen = sizeof(int), |
1066 | .mode = 0644, |
1067 | .proc_handler = proc_dointvec |
1068 | }, |
1069 | { |
1070 | .procname = "tcp_adv_win_scale" , |
1071 | .data = &init_net.ipv4.sysctl_tcp_adv_win_scale, |
1072 | .maxlen = sizeof(int), |
1073 | .mode = 0644, |
1074 | .proc_handler = proc_dointvec_minmax, |
1075 | .extra1 = &tcp_adv_win_scale_min, |
1076 | .extra2 = &tcp_adv_win_scale_max, |
1077 | }, |
1078 | { |
1079 | .procname = "tcp_frto" , |
1080 | .data = &init_net.ipv4.sysctl_tcp_frto, |
1081 | .maxlen = sizeof(int), |
1082 | .mode = 0644, |
1083 | .proc_handler = proc_dointvec |
1084 | }, |
1085 | { |
1086 | .procname = "tcp_no_metrics_save" , |
1087 | .data = &init_net.ipv4.sysctl_tcp_nometrics_save, |
1088 | .maxlen = sizeof(int), |
1089 | .mode = 0644, |
1090 | .proc_handler = proc_dointvec, |
1091 | }, |
1092 | { |
1093 | .procname = "tcp_moderate_rcvbuf" , |
1094 | .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf, |
1095 | .maxlen = sizeof(int), |
1096 | .mode = 0644, |
1097 | .proc_handler = proc_dointvec, |
1098 | }, |
1099 | { |
1100 | .procname = "tcp_tso_win_divisor" , |
1101 | .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor, |
1102 | .maxlen = sizeof(int), |
1103 | .mode = 0644, |
1104 | .proc_handler = proc_dointvec, |
1105 | }, |
1106 | { |
1107 | .procname = "tcp_workaround_signed_windows" , |
1108 | .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows, |
1109 | .maxlen = sizeof(int), |
1110 | .mode = 0644, |
1111 | .proc_handler = proc_dointvec |
1112 | }, |
1113 | { |
1114 | .procname = "tcp_limit_output_bytes" , |
1115 | .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes, |
1116 | .maxlen = sizeof(int), |
1117 | .mode = 0644, |
1118 | .proc_handler = proc_dointvec |
1119 | }, |
1120 | { |
1121 | .procname = "tcp_challenge_ack_limit" , |
1122 | .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit, |
1123 | .maxlen = sizeof(int), |
1124 | .mode = 0644, |
1125 | .proc_handler = proc_dointvec |
1126 | }, |
1127 | { |
1128 | .procname = "tcp_min_tso_segs" , |
1129 | .data = &init_net.ipv4.sysctl_tcp_min_tso_segs, |
1130 | .maxlen = sizeof(int), |
1131 | .mode = 0644, |
1132 | .proc_handler = proc_dointvec_minmax, |
1133 | .extra1 = &one, |
1134 | .extra2 = &gso_max_segs, |
1135 | }, |
1136 | { |
1137 | .procname = "tcp_min_rtt_wlen" , |
1138 | .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen, |
1139 | .maxlen = sizeof(int), |
1140 | .mode = 0644, |
1141 | .proc_handler = proc_dointvec |
1142 | }, |
1143 | { |
1144 | .procname = "tcp_autocorking" , |
1145 | .data = &init_net.ipv4.sysctl_tcp_autocorking, |
1146 | .maxlen = sizeof(int), |
1147 | .mode = 0644, |
1148 | .proc_handler = proc_dointvec_minmax, |
1149 | .extra1 = &zero, |
1150 | .extra2 = &one, |
1151 | }, |
1152 | { |
1153 | .procname = "tcp_invalid_ratelimit" , |
1154 | .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit, |
1155 | .maxlen = sizeof(int), |
1156 | .mode = 0644, |
1157 | .proc_handler = proc_dointvec_ms_jiffies, |
1158 | }, |
1159 | { |
1160 | .procname = "tcp_pacing_ss_ratio" , |
1161 | .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio, |
1162 | .maxlen = sizeof(int), |
1163 | .mode = 0644, |
1164 | .proc_handler = proc_dointvec_minmax, |
1165 | .extra1 = &zero, |
1166 | .extra2 = &thousand, |
1167 | }, |
1168 | { |
1169 | .procname = "tcp_pacing_ca_ratio" , |
1170 | .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio, |
1171 | .maxlen = sizeof(int), |
1172 | .mode = 0644, |
1173 | .proc_handler = proc_dointvec_minmax, |
1174 | .extra1 = &zero, |
1175 | .extra2 = &thousand, |
1176 | }, |
1177 | { |
1178 | .procname = "tcp_wmem" , |
1179 | .data = &init_net.ipv4.sysctl_tcp_wmem, |
1180 | .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem), |
1181 | .mode = 0644, |
1182 | .proc_handler = proc_dointvec_minmax, |
1183 | .extra1 = &one, |
1184 | }, |
1185 | { |
1186 | .procname = "tcp_rmem" , |
1187 | .data = &init_net.ipv4.sysctl_tcp_rmem, |
1188 | .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem), |
1189 | .mode = 0644, |
1190 | .proc_handler = proc_dointvec_minmax, |
1191 | .extra1 = &one, |
1192 | }, |
1193 | { |
1194 | .procname = "tcp_comp_sack_delay_ns" , |
1195 | .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns, |
1196 | .maxlen = sizeof(unsigned long), |
1197 | .mode = 0644, |
1198 | .proc_handler = proc_doulongvec_minmax, |
1199 | }, |
1200 | { |
1201 | .procname = "tcp_comp_sack_nr" , |
1202 | .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr, |
1203 | .maxlen = sizeof(int), |
1204 | .mode = 0644, |
1205 | .proc_handler = proc_dointvec_minmax, |
1206 | .extra1 = &zero, |
1207 | .extra2 = &comp_sack_nr_max, |
1208 | }, |
1209 | { |
1210 | .procname = "udp_rmem_min" , |
1211 | .data = &init_net.ipv4.sysctl_udp_rmem_min, |
1212 | .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min), |
1213 | .mode = 0644, |
1214 | .proc_handler = proc_dointvec_minmax, |
1215 | .extra1 = &one |
1216 | }, |
1217 | { |
1218 | .procname = "udp_wmem_min" , |
1219 | .data = &init_net.ipv4.sysctl_udp_wmem_min, |
1220 | .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min), |
1221 | .mode = 0644, |
1222 | .proc_handler = proc_dointvec_minmax, |
1223 | .extra1 = &one |
1224 | }, |
1225 | { } |
1226 | }; |
1227 | |
1228 | static __net_init int ipv4_sysctl_init_net(struct net *net) |
1229 | { |
1230 | struct ctl_table *table; |
1231 | |
1232 | table = ipv4_net_table; |
1233 | if (!net_eq(net, &init_net)) { |
1234 | int i; |
1235 | |
1236 | table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); |
1237 | if (!table) |
1238 | goto err_alloc; |
1239 | |
1240 | /* Update the variables to point into the current struct net */ |
1241 | for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) |
1242 | table[i].data += (void *)net - (void *)&init_net; |
1243 | } |
1244 | |
1245 | net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4" , table); |
1246 | if (!net->ipv4.ipv4_hdr) |
1247 | goto err_reg; |
1248 | |
1249 | net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); |
1250 | if (!net->ipv4.sysctl_local_reserved_ports) |
1251 | goto err_ports; |
1252 | |
1253 | return 0; |
1254 | |
1255 | err_ports: |
1256 | unregister_net_sysctl_table(net->ipv4.ipv4_hdr); |
1257 | err_reg: |
1258 | if (!net_eq(net, &init_net)) |
1259 | kfree(table); |
1260 | err_alloc: |
1261 | return -ENOMEM; |
1262 | } |
1263 | |
1264 | static __net_exit void ipv4_sysctl_exit_net(struct net *net) |
1265 | { |
1266 | struct ctl_table *table; |
1267 | |
1268 | kfree(net->ipv4.sysctl_local_reserved_ports); |
1269 | table = net->ipv4.ipv4_hdr->ctl_table_arg; |
1270 | unregister_net_sysctl_table(net->ipv4.ipv4_hdr); |
1271 | kfree(table); |
1272 | } |
1273 | |
1274 | static __net_initdata struct pernet_operations ipv4_sysctl_ops = { |
1275 | .init = ipv4_sysctl_init_net, |
1276 | .exit = ipv4_sysctl_exit_net, |
1277 | }; |
1278 | |
1279 | static __init int sysctl_ipv4_init(void) |
1280 | { |
1281 | struct ctl_table_header *hdr; |
1282 | |
1283 | hdr = register_net_sysctl(&init_net, "net/ipv4" , ipv4_table); |
1284 | if (!hdr) |
1285 | return -ENOMEM; |
1286 | |
1287 | if (register_pernet_subsys(&ipv4_sysctl_ops)) { |
1288 | unregister_net_sysctl_table(hdr); |
1289 | return -ENOMEM; |
1290 | } |
1291 | |
1292 | return 0; |
1293 | } |
1294 | |
1295 | __initcall(sysctl_ipv4_init); |
1296 | |