sysctl_net_ipv4.c source code [linux/net/ipv4/sysctl_net_ipv4.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
4	*
5	* Begun April 1, 1996, Mike Shaver.
6	* Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
7	*/
8
9	#include <linux/mm.h>
10	#include <linux/module.h>
11	#include <linux/sysctl.h>
12	#include <linux/igmp.h>
13	#include <linux/inetdevice.h>
14	#include <linux/seqlock.h>
15	#include <linux/init.h>
16	#include <linux/slab.h>
17	#include <linux/nsproxy.h>
18	#include <linux/swap.h>
19	#include <net/snmp.h>
20	#include <net/icmp.h>
21	#include <net/ip.h>
22	#include <net/route.h>
23	#include <net/tcp.h>
24	#include <net/udp.h>
25	#include <net/cipso_ipv4.h>
26	#include <net/inet_frag.h>
27	#include <net/ping.h>
28	#include <net/protocol.h>
29	#include <net/netevent.h>
30
31	static int zero;
32	static int one = `1`;
33	static int two = `2`;
34	static int four = `4`;
35	static int thousand = `1000`;
36	static int gso_max_segs = GSO_MAX_SEGS;
37	static int tcp_retr1_max = `255`;
38	static int ip_local_port_range_min[] = { `1`, `1` };
39	static int ip_local_port_range_max[] = { `65535`, `65535` };
40	static int tcp_adv_win_scale_min = -`31`;
41	static int tcp_adv_win_scale_max = `31`;
42	static int ip_privileged_port_min;
43	static int ip_privileged_port_max = `65535`;
44	static int ip_ttl_min = `1`;
45	static int ip_ttl_max = `255`;
46	static int tcp_syn_retries_min = `1`;
47	static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
48	static int ip_ping_group_range_min[] = { `0`, `0` };
49	static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
50	static int comp_sack_nr_max = `255`;
51
52	/ obsolete /
53	static int sysctl_tcp_low_latency __read_mostly;
54
55	/ Update system visible IP port range /
56	static void set_local_port_range(struct net net, int* range[`2`])
57	{
58	bool same_parity = !((range[`0`] ^ range[`1`]) & `1`);
59
60	write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
61	if (same_parity && !net->ipv4.ip_local_ports.warned) {
62	net->ipv4.ip_local_ports.warned = true;
63	pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
64	}
65	net->ipv4.ip_local_ports.range[`0`] = range[`0`];
66	net->ipv4.ip_local_ports.range[`1`] = range[`1`];
67	write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
68	}
69
70	/ Validate changes from /proc interface. /
71	static int ipv4_local_port_range(struct ctl_table table, int* write,
72	void __user *buffer,
73	size_t lenp, loff_t ppos)
74	{
75	struct net *net =
76	container_of(table->data, struct net, ipv4.ip_local_ports.range);
77	int ret;
78	int range[`2`];
79	struct ctl_table tmp = {
80	.data = &range,
81	.maxlen = sizeof(range),
82	.mode = table->mode,
83	.extra1 = &ip_local_port_range_min,
84	.extra2 = &ip_local_port_range_max,
85	};
86
87	inet_get_local_port_range(net, &range[`0`], &range[`1`]);
88
89	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
90
91	if (write && ret == `0`) {
92	/ Ensure that the upper limit is not smaller than the lower,*
93	* and that the lower does not encroach upon the privileged
94	* port limit.
95	*/
96	if ((range[`1`] < range[`0`]) \|\|
97	(range[`0`] < net->ipv4.sysctl_ip_prot_sock))
98	ret = -EINVAL;
99	else
100	set_local_port_range(net, range);
101	}
102
103	return ret;
104	}
105
106	/ Validate changes from /proc interface. /
107	static int ipv4_privileged_ports(struct ctl_table table, int* write,
108	void __user buffer, size_t lenp, loff_t *ppos)
109	{
110	struct net net = container_of(table->data, struct* net,
111	ipv4.sysctl_ip_prot_sock);
112	int ret;
113	int pports;
114	int range[`2`];
115	struct ctl_table tmp = {
116	.data = &pports,
117	.maxlen = sizeof(pports),
118	.mode = table->mode,
119	.extra1 = &ip_privileged_port_min,
120	.extra2 = &ip_privileged_port_max,
121	};
122
123	pports = net->ipv4.sysctl_ip_prot_sock;
124
125	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
126
127	if (write && ret == `0`) {
128	inet_get_local_port_range(net, &range[`0`], &range[`1`]);
129	/ Ensure that the local port range doesn't overlap with the*
130	* privileged port range.
131	*/
132	if (range[`0`] < pports)
133	ret = -EINVAL;
134	else
135	net->ipv4.sysctl_ip_prot_sock = pports;
136	}
137
138	return ret;
139	}
140
141	static void inet_get_ping_group_range_table(struct ctl_table table, kgid_t low, kgid_t *high)
142	{
143	kgid_t *data = table->data;
144	struct net *net =
145	container_of(table->data, struct net, ipv4.ping_group_range.range);
146	unsigned int seq;
147	do {
148	seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
149
150	*low = data[`0`];
151	*high = data[`1`];
152	} while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
153	}
154
155	/ Update system visible IP port range /
156	static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
157	{
158	kgid_t *data = table->data;
159	struct net *net =
160	container_of(table->data, struct net, ipv4.ping_group_range.range);
161	write_seqlock(&net->ipv4.ping_group_range.lock);
162	data[`0`] = low;
163	data[`1`] = high;
164	write_sequnlock(&net->ipv4.ping_group_range.lock);
165	}
166
167	/ Validate changes from /proc interface. /
168	static int ipv4_ping_group_range(struct ctl_table table, int* write,
169	void __user *buffer,
170	size_t lenp, loff_t ppos)
171	{
172	struct user_namespace *user_ns = current_user_ns();
173	int ret;
174	gid_t urange[`2`];
175	kgid_t low, high;
176	struct ctl_table tmp = {
177	.data = &urange,
178	.maxlen = sizeof(urange),
179	.mode = table->mode,
180	.extra1 = &ip_ping_group_range_min,
181	.extra2 = &ip_ping_group_range_max,
182	};
183
184	inet_get_ping_group_range_table(table, &low, &high);
185	urange[`0`] = from_kgid_munged(user_ns, low);
186	urange[`1`] = from_kgid_munged(user_ns, high);
187	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
188
189	if (write && ret == `0`) {
190	low = make_kgid(user_ns, urange[`0`]);
191	high = make_kgid(user_ns, urange[`1`]);
192	if (!gid_valid(low) \|\| !gid_valid(high))
193	return -EINVAL;
194	if (urange[`1`] < urange[`0`] \|\| gid_lt(high, low)) {
195	low = make_kgid(&init_user_ns, `1`);
196	high = make_kgid(&init_user_ns, `0`);
197	}
198	set_ping_group_range(table, low, high);
199	}
200
201	return ret;
202	}
203
204	static int ipv4_fwd_update_priority(struct ctl_table table, int* write,
205	void __user *buffer,
206	size_t lenp, loff_t ppos)
207	{
208	struct net *net;
209	int ret;
210
211	net = container_of(table->data, struct net,
212	ipv4.sysctl_ip_fwd_update_priority);
213	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
214	if (write && ret == `0`)
215	call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
216	net);
217
218	return ret;
219	}
220
221	static int proc_tcp_congestion_control(struct ctl_table ctl, int* write,
222	void __user buffer, size_t lenp, loff_t *ppos)
223	{
224	struct net net = container_of(ctl->data, struct* net,
225	ipv4.tcp_congestion_control);
226	char val[TCP_CA_NAME_MAX];
227	struct ctl_table tbl = {
228	.data = val,
229	.maxlen = TCP_CA_NAME_MAX,
230	};
231	int ret;
232
233	tcp_get_default_congestion_control(net, val);
234
235	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
236	if (write && ret == `0`)
237	ret = tcp_set_default_congestion_control(net, val);
238	return ret;
239	}
240
241	static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
242	int write,
243	void __user buffer, size_t lenp,
244	loff_t *ppos)
245	{
246	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
247	int ret;
248
249	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
250	if (!tbl.data)
251	return -ENOMEM;
252	tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
253	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
254	kfree(tbl.data);
255	return ret;
256	}
257
258	static int proc_allowed_congestion_control(struct ctl_table *ctl,
259	int write,
260	void __user buffer, size_t lenp,
261	loff_t *ppos)
262	{
263	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
264	int ret;
265
266	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
267	if (!tbl.data)
268	return -ENOMEM;
269
270	tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
271	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
272	if (write && ret == `0`)
273	ret = tcp_set_allowed_congestion_control(tbl.data);
274	kfree(tbl.data);
275	return ret;
276	}
277
278	static int proc_tcp_fastopen_key(struct ctl_table table, int* write,
279	void __user buffer, size_t lenp,
280	loff_t *ppos)
281	{
282	struct net net = container_of(table->data, struct* net,
283	ipv4.sysctl_tcp_fastopen);
284	struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * `2` + `10`) };
285	struct tcp_fastopen_context *ctxt;
286	u32 user_key[`4`]; / 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH /
287	__le32 key[`4`];
288	int ret, i;
289
290	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
291	if (!tbl.data)
292	return -ENOMEM;
293
294	rcu_read_lock();
295	ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
296	if (ctxt)
297	memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
298	else
299	memset(key, `0`, sizeof(key));
300	rcu_read_unlock();
301
302	for (i = `0`; i < ARRAY_SIZE(key); i++)
303	user_key[i] = le32_to_cpu(key[i]);
304
305	snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
306	user_key[`0`], user_key[`1`], user_key[`2`], user_key[`3`]);
307	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
308
309	if (write && ret == `0`) {
310	if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + `1`,
311	user_key + `2`, user_key + `3`) != `4`) {
312	ret = -EINVAL;
313	goto bad_key;
314	}
315
316	for (i = `0`; i < ARRAY_SIZE(user_key); i++)
317	key[i] = cpu_to_le32(user_key[i]);
318
319	tcp_fastopen_reset_cipher(net, NULL, key,
320	TCP_FASTOPEN_KEY_LENGTH);
321	}
322
323	bad_key:
324	pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
325	user_key[`0`], user_key[`1`], user_key[`2`], user_key[`3`],
326	(char *)tbl.data, ret);
327	kfree(tbl.data);
328	return ret;
329	}
330
331	static void proc_configure_early_demux(int enabled, int protocol)
332	{
333	struct net_protocol *ipprot;
334	#if IS_ENABLED(CONFIG_IPV6)
335	struct inet6_protocol *ip6prot;
336	#endif
337
338	rcu_read_lock();
339
340	ipprot = rcu_dereference(inet_protos[protocol]);
341	if (ipprot)
342	ipprot->early_demux = enabled ? ipprot->early_demux_handler :
343	NULL;
344
345	#if IS_ENABLED(CONFIG_IPV6)
346	ip6prot = rcu_dereference(inet6_protos[protocol]);
347	if (ip6prot)
348	ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
349	NULL;
350	#endif
351	rcu_read_unlock();
352	}
353
354	static int proc_tcp_early_demux(struct ctl_table table, int* write,
355	void __user buffer, size_t lenp, loff_t *ppos)
356	{
357	int ret = `0`;
358
359	ret = proc_dointvec(table, write, buffer, lenp, ppos);
360
361	if (write && !ret) {
362	int enabled = init_net.ipv4.sysctl_tcp_early_demux;
363
364	proc_configure_early_demux(enabled, IPPROTO_TCP);
365	}
366
367	return ret;
368	}
369
370	static int proc_udp_early_demux(struct ctl_table table, int* write,
371	void __user buffer, size_t lenp, loff_t *ppos)
372	{
373	int ret = `0`;
374
375	ret = proc_dointvec(table, write, buffer, lenp, ppos);
376
377	if (write && !ret) {
378	int enabled = init_net.ipv4.sysctl_udp_early_demux;
379
380	proc_configure_early_demux(enabled, IPPROTO_UDP);
381	}
382
383	return ret;
384	}
385
386	static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
387	int write,
388	void __user *buffer,
389	size_t lenp, loff_t ppos)
390	{
391	struct net net = container_of(table->data, struct* net,
392	ipv4.sysctl_tcp_fastopen_blackhole_timeout);
393	int ret;
394
395	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
396	if (write && ret == `0`)
397	atomic_set(&net->ipv4.tfo_active_disable_times, `0`);
398
399	return ret;
400	}
401
402	static int proc_tcp_available_ulp(struct ctl_table *ctl,
403	int write,
404	void __user buffer, size_t lenp,
405	loff_t *ppos)
406	{
407	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
408	int ret;
409
410	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
411	if (!tbl.data)
412	return -ENOMEM;
413	tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
414	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
415	kfree(tbl.data);
416
417	return ret;
418	}
419
420	#ifdef CONFIG_IP_ROUTE_MULTIPATH
421	static int proc_fib_multipath_hash_policy(struct ctl_table table, int* write,
422	void __user buffer, size_t lenp,
423	loff_t *ppos)
424	{
425	struct net net = container_of(table->data, struct* net,
426	ipv4.sysctl_fib_multipath_hash_policy);
427	int ret;
428
429	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
430	if (write && ret == `0`)
431	call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
432
433	return ret;
434	}
435	#endif
436
437	static struct ctl_table ipv4_table[] = {
438	{
439	.procname = "tcp_max_orphans",
440	.data = &sysctl_tcp_max_orphans,
441	.maxlen = sizeof(int),
442	.mode = `0644`,
443	.proc_handler = proc_dointvec
444	},
445	{
446	.procname = "inet_peer_threshold",
447	.data = &inet_peer_threshold,
448	.maxlen = sizeof(int),
449	.mode = `0644`,
450	.proc_handler = proc_dointvec
451	},
452	{
453	.procname = "inet_peer_minttl",
454	.data = &inet_peer_minttl,
455	.maxlen = sizeof(int),
456	.mode = `0644`,
457	.proc_handler = proc_dointvec_jiffies,
458	},
459	{
460	.procname = "inet_peer_maxttl",
461	.data = &inet_peer_maxttl,
462	.maxlen = sizeof(int),
463	.mode = `0644`,
464	.proc_handler = proc_dointvec_jiffies,
465	},
466	{
467	.procname = "tcp_mem",
468	.maxlen = sizeof(sysctl_tcp_mem),
469	.data = &sysctl_tcp_mem,
470	.mode = `0644`,
471	.proc_handler = proc_doulongvec_minmax,
472	},
473	{
474	.procname = "tcp_low_latency",
475	.data = &sysctl_tcp_low_latency,
476	.maxlen = sizeof(int),
477	.mode = `0644`,
478	.proc_handler = proc_dointvec
479	},
480	#ifdef CONFIG_NETLABEL
481	{
482	.procname = "cipso_cache_enable",
483	.data = &cipso_v4_cache_enabled,
484	.maxlen = sizeof(int),
485	.mode = `0644`,
486	.proc_handler = proc_dointvec,
487	},
488	{
489	.procname = "cipso_cache_bucket_size",
490	.data = &cipso_v4_cache_bucketsize,
491	.maxlen = sizeof(int),
492	.mode = `0644`,
493	.proc_handler = proc_dointvec,
494	},
495	{
496	.procname = "cipso_rbm_optfmt",
497	.data = &cipso_v4_rbm_optfmt,
498	.maxlen = sizeof(int),
499	.mode = `0644`,
500	.proc_handler = proc_dointvec,
501	},
502	{
503	.procname = "cipso_rbm_strictvalid",
504	.data = &cipso_v4_rbm_strictvalid,
505	.maxlen = sizeof(int),
506	.mode = `0644`,
507	.proc_handler = proc_dointvec,
508	},
509	#endif /* CONFIG_NETLABEL */
510	{
511	.procname = "tcp_available_congestion_control",
512	.maxlen = TCP_CA_BUF_MAX,
513	.mode = `0444`,
514	.proc_handler = proc_tcp_available_congestion_control,
515	},
516	{
517	.procname = "tcp_allowed_congestion_control",
518	.maxlen = TCP_CA_BUF_MAX,
519	.mode = `0644`,
520	.proc_handler = proc_allowed_congestion_control,
521	},
522	{
523	.procname = "tcp_available_ulp",
524	.maxlen = TCP_ULP_BUF_MAX,
525	.mode = `0444`,
526	.proc_handler = proc_tcp_available_ulp,
527	},
528	{
529	.procname = "icmp_msgs_per_sec",
530	.data = &sysctl_icmp_msgs_per_sec,
531	.maxlen = sizeof(int),
532	.mode = `0644`,
533	.proc_handler = proc_dointvec_minmax,
534	.extra1 = &zero,
535	},
536	{
537	.procname = "icmp_msgs_burst",
538	.data = &sysctl_icmp_msgs_burst,
539	.maxlen = sizeof(int),
540	.mode = `0644`,
541	.proc_handler = proc_dointvec_minmax,
542	.extra1 = &zero,
543	},
544	{
545	.procname = "udp_mem",
546	.data = &sysctl_udp_mem,
547	.maxlen = sizeof(sysctl_udp_mem),
548	.mode = `0644`,
549	.proc_handler = proc_doulongvec_minmax,
550	},
551	{ }
552	};
553
554	static struct ctl_table ipv4_net_table[] = {
555	{
556	.procname = "icmp_echo_ignore_all",
557	.data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
558	.maxlen = sizeof(int),
559	.mode = `0644`,
560	.proc_handler = proc_dointvec
561	},
562	{
563	.procname = "icmp_echo_ignore_broadcasts",
564	.data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
565	.maxlen = sizeof(int),
566	.mode = `0644`,
567	.proc_handler = proc_dointvec
568	},
569	{
570	.procname = "icmp_ignore_bogus_error_responses",
571	.data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
572	.maxlen = sizeof(int),
573	.mode = `0644`,
574	.proc_handler = proc_dointvec
575	},
576	{
577	.procname = "icmp_errors_use_inbound_ifaddr",
578	.data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
579	.maxlen = sizeof(int),
580	.mode = `0644`,
581	.proc_handler = proc_dointvec
582	},
583	{
584	.procname = "icmp_ratelimit",
585	.data = &init_net.ipv4.sysctl_icmp_ratelimit,
586	.maxlen = sizeof(int),
587	.mode = `0644`,
588	.proc_handler = proc_dointvec_ms_jiffies,
589	},
590	{
591	.procname = "icmp_ratemask",
592	.data = &init_net.ipv4.sysctl_icmp_ratemask,
593	.maxlen = sizeof(int),
594	.mode = `0644`,
595	.proc_handler = proc_dointvec
596	},
597	{
598	.procname = "ping_group_range",
599	.data = &init_net.ipv4.ping_group_range.range,
600	.maxlen = sizeof(gid_t)*`2`,
601	.mode = `0644`,
602	.proc_handler = ipv4_ping_group_range,
603	},
604	{
605	.procname = "tcp_ecn",
606	.data = &init_net.ipv4.sysctl_tcp_ecn,
607	.maxlen = sizeof(int),
608	.mode = `0644`,
609	.proc_handler = proc_dointvec
610	},
611	{
612	.procname = "tcp_ecn_fallback",
613	.data = &init_net.ipv4.sysctl_tcp_ecn_fallback,
614	.maxlen = sizeof(int),
615	.mode = `0644`,
616	.proc_handler = proc_dointvec
617	},
618	{
619	.procname = "ip_dynaddr",
620	.data = &init_net.ipv4.sysctl_ip_dynaddr,
621	.maxlen = sizeof(int),
622	.mode = `0644`,
623	.proc_handler = proc_dointvec
624	},
625	{
626	.procname = "ip_early_demux",
627	.data = &init_net.ipv4.sysctl_ip_early_demux,
628	.maxlen = sizeof(int),
629	.mode = `0644`,
630	.proc_handler = proc_dointvec
631	},
632	{
633	.procname = "udp_early_demux",
634	.data = &init_net.ipv4.sysctl_udp_early_demux,
635	.maxlen = sizeof(int),
636	.mode = `0644`,
637	.proc_handler = proc_udp_early_demux
638	},
639	{
640	.procname = "tcp_early_demux",
641	.data = &init_net.ipv4.sysctl_tcp_early_demux,
642	.maxlen = sizeof(int),
643	.mode = `0644`,
644	.proc_handler = proc_tcp_early_demux
645	},
646	{
647	.procname = "ip_default_ttl",
648	.data = &init_net.ipv4.sysctl_ip_default_ttl,
649	.maxlen = sizeof(int),
650	.mode = `0644`,
651	.proc_handler = proc_dointvec_minmax,
652	.extra1 = &ip_ttl_min,
653	.extra2 = &ip_ttl_max,
654	},
655	{
656	.procname = "ip_local_port_range",
657	.maxlen = sizeof(init_net.ipv4.ip_local_ports.range),
658	.data = &init_net.ipv4.ip_local_ports.range,
659	.mode = `0644`,
660	.proc_handler = ipv4_local_port_range,
661	},
662	{
663	.procname = "ip_local_reserved_ports",
664	.data = &init_net.ipv4.sysctl_local_reserved_ports,
665	.maxlen = `65536`,
666	.mode = `0644`,
667	.proc_handler = proc_do_large_bitmap,
668	},
669	{
670	.procname = "ip_no_pmtu_disc",
671	.data = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
672	.maxlen = sizeof(int),
673	.mode = `0644`,
674	.proc_handler = proc_dointvec
675	},
676	{
677	.procname = "ip_forward_use_pmtu",
678	.data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
679	.maxlen = sizeof(int),
680	.mode = `0644`,
681	.proc_handler = proc_dointvec,
682	},
683	{
684	.procname = "ip_forward_update_priority",
685	.data = &init_net.ipv4.sysctl_ip_fwd_update_priority,
686	.maxlen = sizeof(int),
687	.mode = `0644`,
688	.proc_handler = ipv4_fwd_update_priority,
689	.extra1 = &zero,
690	.extra2 = &one,
691	},
692	{
693	.procname = "ip_nonlocal_bind",
694	.data = &init_net.ipv4.sysctl_ip_nonlocal_bind,
695	.maxlen = sizeof(int),
696	.mode = `0644`,
697	.proc_handler = proc_dointvec
698	},
699	{
700	.procname = "fwmark_reflect",
701	.data = &init_net.ipv4.sysctl_fwmark_reflect,
702	.maxlen = sizeof(int),
703	.mode = `0644`,
704	.proc_handler = proc_dointvec,
705	},
706	{
707	.procname = "tcp_fwmark_accept",
708	.data = &init_net.ipv4.sysctl_tcp_fwmark_accept,
709	.maxlen = sizeof(int),
710	.mode = `0644`,
711	.proc_handler = proc_dointvec,
712	},
713	#ifdef CONFIG_NET_L3_MASTER_DEV
714	{
715	.procname = "tcp_l3mdev_accept",
716	.data = &init_net.ipv4.sysctl_tcp_l3mdev_accept,
717	.maxlen = sizeof(int),
718	.mode = `0644`,
719	.proc_handler = proc_dointvec_minmax,
720	.extra1 = &zero,
721	.extra2 = &one,
722	},
723	#endif
724	{
725	.procname = "tcp_mtu_probing",
726	.data = &init_net.ipv4.sysctl_tcp_mtu_probing,
727	.maxlen = sizeof(int),
728	.mode = `0644`,
729	.proc_handler = proc_dointvec,
730	},
731	{
732	.procname = "tcp_base_mss",
733	.data = &init_net.ipv4.sysctl_tcp_base_mss,
734	.maxlen = sizeof(int),
735	.mode = `0644`,
736	.proc_handler = proc_dointvec,
737	},
738	{
739	.procname = "tcp_probe_threshold",
740	.data = &init_net.ipv4.sysctl_tcp_probe_threshold,
741	.maxlen = sizeof(int),
742	.mode = `0644`,
743	.proc_handler = proc_dointvec,
744	},
745	{
746	.procname = "tcp_probe_interval",
747	.data = &init_net.ipv4.sysctl_tcp_probe_interval,
748	.maxlen = sizeof(int),
749	.mode = `0644`,
750	.proc_handler = proc_dointvec,
751	},
752	{
753	.procname = "igmp_link_local_mcast_reports",
754	.data = &init_net.ipv4.sysctl_igmp_llm_reports,
755	.maxlen = sizeof(int),
756	.mode = `0644`,
757	.proc_handler = proc_dointvec
758	},
759	{
760	.procname = "igmp_max_memberships",
761	.data = &init_net.ipv4.sysctl_igmp_max_memberships,
762	.maxlen = sizeof(int),
763	.mode = `0644`,
764	.proc_handler = proc_dointvec
765	},
766	{
767	.procname = "igmp_max_msf",
768	.data = &init_net.ipv4.sysctl_igmp_max_msf,
769	.maxlen = sizeof(int),
770	.mode = `0644`,
771	.proc_handler = proc_dointvec
772	},
773	#ifdef CONFIG_IP_MULTICAST
774	{
775	.procname = "igmp_qrv",
776	.data = &init_net.ipv4.sysctl_igmp_qrv,
777	.maxlen = sizeof(int),
778	.mode = `0644`,
779	.proc_handler = proc_dointvec_minmax,
780	.extra1 = &one
781	},
782	#endif
783	{
784	.procname = "tcp_congestion_control",
785	.data = &init_net.ipv4.tcp_congestion_control,
786	.mode = `0644`,
787	.maxlen = TCP_CA_NAME_MAX,
788	.proc_handler = proc_tcp_congestion_control,
789	},
790	{
791	.procname = "tcp_keepalive_time",
792	.data = &init_net.ipv4.sysctl_tcp_keepalive_time,
793	.maxlen = sizeof(int),
794	.mode = `0644`,
795	.proc_handler = proc_dointvec_jiffies,
796	},
797	{
798	.procname = "tcp_keepalive_probes",
799	.data = &init_net.ipv4.sysctl_tcp_keepalive_probes,
800	.maxlen = sizeof(int),
801	.mode = `0644`,
802	.proc_handler = proc_dointvec
803	},
804	{
805	.procname = "tcp_keepalive_intvl",
806	.data = &init_net.ipv4.sysctl_tcp_keepalive_intvl,
807	.maxlen = sizeof(int),
808	.mode = `0644`,
809	.proc_handler = proc_dointvec_jiffies,
810	},
811	{
812	.procname = "tcp_syn_retries",
813	.data = &init_net.ipv4.sysctl_tcp_syn_retries,
814	.maxlen = sizeof(int),
815	.mode = `0644`,
816	.proc_handler = proc_dointvec_minmax,
817	.extra1 = &tcp_syn_retries_min,
818	.extra2 = &tcp_syn_retries_max
819	},
820	{
821	.procname = "tcp_synack_retries",
822	.data = &init_net.ipv4.sysctl_tcp_synack_retries,
823	.maxlen = sizeof(int),
824	.mode = `0644`,
825	.proc_handler = proc_dointvec
826	},
827	#ifdef CONFIG_SYN_COOKIES
828	{
829	.procname = "tcp_syncookies",
830	.data = &init_net.ipv4.sysctl_tcp_syncookies,
831	.maxlen = sizeof(int),
832	.mode = `0644`,
833	.proc_handler = proc_dointvec
834	},
835	#endif
836	{
837	.procname = "tcp_reordering",
838	.data = &init_net.ipv4.sysctl_tcp_reordering,
839	.maxlen = sizeof(int),
840	.mode = `0644`,
841	.proc_handler = proc_dointvec
842	},
843	{
844	.procname = "tcp_retries1",
845	.data = &init_net.ipv4.sysctl_tcp_retries1,
846	.maxlen = sizeof(int),
847	.mode = `0644`,
848	.proc_handler = proc_dointvec_minmax,
849	.extra2 = &tcp_retr1_max
850	},
851	{
852	.procname = "tcp_retries2",
853	.data = &init_net.ipv4.sysctl_tcp_retries2,
854	.maxlen = sizeof(int),
855	.mode = `0644`,
856	.proc_handler = proc_dointvec
857	},
858	{
859	.procname = "tcp_orphan_retries",
860	.data = &init_net.ipv4.sysctl_tcp_orphan_retries,
861	.maxlen = sizeof(int),
862	.mode = `0644`,
863	.proc_handler = proc_dointvec
864	},
865	{
866	.procname = "tcp_fin_timeout",
867	.data = &init_net.ipv4.sysctl_tcp_fin_timeout,
868	.maxlen = sizeof(int),
869	.mode = `0644`,
870	.proc_handler = proc_dointvec_jiffies,
871	},
872	{
873	.procname = "tcp_notsent_lowat",
874	.data = &init_net.ipv4.sysctl_tcp_notsent_lowat,
875	.maxlen = sizeof(unsigned int),
876	.mode = `0644`,
877	.proc_handler = proc_douintvec,
878	},
879	{
880	.procname = "tcp_tw_reuse",
881	.data = &init_net.ipv4.sysctl_tcp_tw_reuse,
882	.maxlen = sizeof(int),
883	.mode = `0644`,
884	.proc_handler = proc_dointvec_minmax,
885	.extra1 = &zero,
886	.extra2 = &two,
887	},
888	{
889	.procname = "tcp_max_tw_buckets",
890	.data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets,
891	.maxlen = sizeof(int),
892	.mode = `0644`,
893	.proc_handler = proc_dointvec
894	},
895	{
896	.procname = "tcp_max_syn_backlog",
897	.data = &init_net.ipv4.sysctl_max_syn_backlog,
898	.maxlen = sizeof(int),
899	.mode = `0644`,
900	.proc_handler = proc_dointvec
901	},
902	{
903	.procname = "tcp_fastopen",
904	.data = &init_net.ipv4.sysctl_tcp_fastopen,
905	.maxlen = sizeof(int),
906	.mode = `0644`,
907	.proc_handler = proc_dointvec,
908	},
909	{
910	.procname = "tcp_fastopen_key",
911	.mode = `0600`,
912	.data = &init_net.ipv4.sysctl_tcp_fastopen,
913	.maxlen = ((TCP_FASTOPEN_KEY_LENGTH * `2`) + `10`),
914	.proc_handler = proc_tcp_fastopen_key,
915	},
916	{
917	.procname = "tcp_fastopen_blackhole_timeout_sec",
918	.data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
919	.maxlen = sizeof(int),
920	.mode = `0644`,
921	.proc_handler = proc_tfo_blackhole_detect_timeout,
922	.extra1 = &zero,
923	},
924	#ifdef CONFIG_IP_ROUTE_MULTIPATH
925	{
926	.procname = "fib_multipath_use_neigh",
927	.data = &init_net.ipv4.sysctl_fib_multipath_use_neigh,
928	.maxlen = sizeof(int),
929	.mode = `0644`,
930	.proc_handler = proc_dointvec_minmax,
931	.extra1 = &zero,
932	.extra2 = &one,
933	},
934	{
935	.procname = "fib_multipath_hash_policy",
936	.data = &init_net.ipv4.sysctl_fib_multipath_hash_policy,
937	.maxlen = sizeof(int),
938	.mode = `0644`,
939	.proc_handler = proc_fib_multipath_hash_policy,
940	.extra1 = &zero,
941	.extra2 = &one,
942	},
943	#endif
944	{
945	.procname = "ip_unprivileged_port_start",
946	.maxlen = sizeof(int),
947	.data = &init_net.ipv4.sysctl_ip_prot_sock,
948	.mode = `0644`,
949	.proc_handler = ipv4_privileged_ports,
950	},
951	#ifdef CONFIG_NET_L3_MASTER_DEV
952	{
953	.procname = "udp_l3mdev_accept",
954	.data = &init_net.ipv4.sysctl_udp_l3mdev_accept,
955	.maxlen = sizeof(int),
956	.mode = `0644`,
957	.proc_handler = proc_dointvec_minmax,
958	.extra1 = &zero,
959	.extra2 = &one,
960	},
961	#endif
962	{
963	.procname = "tcp_sack",
964	.data = &init_net.ipv4.sysctl_tcp_sack,
965	.maxlen = sizeof(int),
966	.mode = `0644`,
967	.proc_handler = proc_dointvec
968	},
969	{
970	.procname = "tcp_window_scaling",
971	.data = &init_net.ipv4.sysctl_tcp_window_scaling,
972	.maxlen = sizeof(int),
973	.mode = `0644`,
974	.proc_handler = proc_dointvec
975	},
976	{
977	.procname = "tcp_timestamps",
978	.data = &init_net.ipv4.sysctl_tcp_timestamps,
979	.maxlen = sizeof(int),
980	.mode = `0644`,
981	.proc_handler = proc_dointvec
982	},
983	{
984	.procname = "tcp_early_retrans",
985	.data = &init_net.ipv4.sysctl_tcp_early_retrans,
986	.maxlen = sizeof(int),
987	.mode = `0644`,
988	.proc_handler = proc_dointvec_minmax,
989	.extra1 = &zero,
990	.extra2 = &four,
991	},
992	{
993	.procname = "tcp_recovery",
994	.data = &init_net.ipv4.sysctl_tcp_recovery,
995	.maxlen = sizeof(int),
996	.mode = `0644`,
997	.proc_handler = proc_dointvec,
998	},
999	{
1000	.procname = "tcp_thin_linear_timeouts",
1001	.data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1002	.maxlen = sizeof(int),
1003	.mode = `0644`,
1004	.proc_handler = proc_dointvec
1005	},
1006	{
1007	.procname = "tcp_slow_start_after_idle",
1008	.data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1009	.maxlen = sizeof(int),
1010	.mode = `0644`,
1011	.proc_handler = proc_dointvec
1012	},
1013	{
1014	.procname = "tcp_retrans_collapse",
1015	.data = &init_net.ipv4.sysctl_tcp_retrans_collapse,
1016	.maxlen = sizeof(int),
1017	.mode = `0644`,
1018	.proc_handler = proc_dointvec
1019	},
1020	{
1021	.procname = "tcp_stdurg",
1022	.data = &init_net.ipv4.sysctl_tcp_stdurg,
1023	.maxlen = sizeof(int),
1024	.mode = `0644`,
1025	.proc_handler = proc_dointvec
1026	},
1027	{
1028	.procname = "tcp_rfc1337",
1029	.data = &init_net.ipv4.sysctl_tcp_rfc1337,
1030	.maxlen = sizeof(int),
1031	.mode = `0644`,
1032	.proc_handler = proc_dointvec
1033	},
1034	{
1035	.procname = "tcp_abort_on_overflow",
1036	.data = &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1037	.maxlen = sizeof(int),
1038	.mode = `0644`,
1039	.proc_handler = proc_dointvec
1040	},
1041	{
1042	.procname = "tcp_fack",
1043	.data = &init_net.ipv4.sysctl_tcp_fack,
1044	.maxlen = sizeof(int),
1045	.mode = `0644`,
1046	.proc_handler = proc_dointvec
1047	},
1048	{
1049	.procname = "tcp_max_reordering",
1050	.data = &init_net.ipv4.sysctl_tcp_max_reordering,
1051	.maxlen = sizeof(int),
1052	.mode = `0644`,
1053	.proc_handler = proc_dointvec
1054	},
1055	{
1056	.procname = "tcp_dsack",
1057	.data = &init_net.ipv4.sysctl_tcp_dsack,
1058	.maxlen = sizeof(int),
1059	.mode = `0644`,
1060	.proc_handler = proc_dointvec
1061	},
1062	{
1063	.procname = "tcp_app_win",
1064	.data = &init_net.ipv4.sysctl_tcp_app_win,
1065	.maxlen = sizeof(int),
1066	.mode = `0644`,
1067	.proc_handler = proc_dointvec
1068	},
1069	{
1070	.procname = "tcp_adv_win_scale",
1071	.data = &init_net.ipv4.sysctl_tcp_adv_win_scale,
1072	.maxlen = sizeof(int),
1073	.mode = `0644`,
1074	.proc_handler = proc_dointvec_minmax,
1075	.extra1 = &tcp_adv_win_scale_min,
1076	.extra2 = &tcp_adv_win_scale_max,
1077	},
1078	{
1079	.procname = "tcp_frto",
1080	.data = &init_net.ipv4.sysctl_tcp_frto,
1081	.maxlen = sizeof(int),
1082	.mode = `0644`,
1083	.proc_handler = proc_dointvec
1084	},
1085	{
1086	.procname = "tcp_no_metrics_save",
1087	.data = &init_net.ipv4.sysctl_tcp_nometrics_save,
1088	.maxlen = sizeof(int),
1089	.mode = `0644`,
1090	.proc_handler = proc_dointvec,
1091	},
1092	{
1093	.procname = "tcp_moderate_rcvbuf",
1094	.data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1095	.maxlen = sizeof(int),
1096	.mode = `0644`,
1097	.proc_handler = proc_dointvec,
1098	},
1099	{
1100	.procname = "tcp_tso_win_divisor",
1101	.data = &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1102	.maxlen = sizeof(int),
1103	.mode = `0644`,
1104	.proc_handler = proc_dointvec,
1105	},
1106	{
1107	.procname = "tcp_workaround_signed_windows",
1108	.data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1109	.maxlen = sizeof(int),
1110	.mode = `0644`,
1111	.proc_handler = proc_dointvec
1112	},
1113	{
1114	.procname = "tcp_limit_output_bytes",
1115	.data = &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1116	.maxlen = sizeof(int),
1117	.mode = `0644`,
1118	.proc_handler = proc_dointvec
1119	},
1120	{
1121	.procname = "tcp_challenge_ack_limit",
1122	.data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1123	.maxlen = sizeof(int),
1124	.mode = `0644`,
1125	.proc_handler = proc_dointvec
1126	},
1127	{
1128	.procname = "tcp_min_tso_segs",
1129	.data = &init_net.ipv4.sysctl_tcp_min_tso_segs,
1130	.maxlen = sizeof(int),
1131	.mode = `0644`,
1132	.proc_handler = proc_dointvec_minmax,
1133	.extra1 = &one,
1134	.extra2 = &gso_max_segs,
1135	},
1136	{
1137	.procname = "tcp_min_rtt_wlen",
1138	.data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1139	.maxlen = sizeof(int),
1140	.mode = `0644`,
1141	.proc_handler = proc_dointvec
1142	},
1143	{
1144	.procname = "tcp_autocorking",
1145	.data = &init_net.ipv4.sysctl_tcp_autocorking,
1146	.maxlen = sizeof(int),
1147	.mode = `0644`,
1148	.proc_handler = proc_dointvec_minmax,
1149	.extra1 = &zero,
1150	.extra2 = &one,
1151	},
1152	{
1153	.procname = "tcp_invalid_ratelimit",
1154	.data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1155	.maxlen = sizeof(int),
1156	.mode = `0644`,
1157	.proc_handler = proc_dointvec_ms_jiffies,
1158	},
1159	{
1160	.procname = "tcp_pacing_ss_ratio",
1161	.data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1162	.maxlen = sizeof(int),
1163	.mode = `0644`,
1164	.proc_handler = proc_dointvec_minmax,
1165	.extra1 = &zero,
1166	.extra2 = &thousand,
1167	},
1168	{
1169	.procname = "tcp_pacing_ca_ratio",
1170	.data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1171	.maxlen = sizeof(int),
1172	.mode = `0644`,
1173	.proc_handler = proc_dointvec_minmax,
1174	.extra1 = &zero,
1175	.extra2 = &thousand,
1176	},
1177	{
1178	.procname = "tcp_wmem",
1179	.data = &init_net.ipv4.sysctl_tcp_wmem,
1180	.maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem),
1181	.mode = `0644`,
1182	.proc_handler = proc_dointvec_minmax,
1183	.extra1 = &one,
1184	},
1185	{
1186	.procname = "tcp_rmem",
1187	.data = &init_net.ipv4.sysctl_tcp_rmem,
1188	.maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem),
1189	.mode = `0644`,
1190	.proc_handler = proc_dointvec_minmax,
1191	.extra1 = &one,
1192	},
1193	{
1194	.procname = "tcp_comp_sack_delay_ns",
1195	.data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1196	.maxlen = sizeof(unsigned long),
1197	.mode = `0644`,
1198	.proc_handler = proc_doulongvec_minmax,
1199	},
1200	{
1201	.procname = "tcp_comp_sack_nr",
1202	.data = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1203	.maxlen = sizeof(int),
1204	.mode = `0644`,
1205	.proc_handler = proc_dointvec_minmax,
1206	.extra1 = &zero,
1207	.extra2 = &comp_sack_nr_max,
1208	},
1209	{
1210	.procname = "udp_rmem_min",
1211	.data = &init_net.ipv4.sysctl_udp_rmem_min,
1212	.maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1213	.mode = `0644`,
1214	.proc_handler = proc_dointvec_minmax,
1215	.extra1 = &one
1216	},
1217	{
1218	.procname = "udp_wmem_min",
1219	.data = &init_net.ipv4.sysctl_udp_wmem_min,
1220	.maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1221	.mode = `0644`,
1222	.proc_handler = proc_dointvec_minmax,
1223	.extra1 = &one
1224	},
1225	{ }
1226	};
1227
1228	static __net_init int ipv4_sysctl_init_net(struct net *net)
1229	{
1230	struct ctl_table *table;
1231
1232	table = ipv4_net_table;
1233	if (!net_eq(net, &init_net)) {
1234	int i;
1235
1236	table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1237	if (!table)
1238	goto err_alloc;
1239
1240	/ Update the variables to point into the current struct net /
1241	for (i = `0`; i < ARRAY_SIZE(ipv4_net_table) - `1`; i++)
1242	table[i].data += (void )net - (void* *)&init_net;
1243	}
1244
1245	net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1246	if (!net->ipv4.ipv4_hdr)
1247	goto err_reg;
1248
1249	net->ipv4.sysctl_local_reserved_ports = kzalloc(`65536` / `8`, GFP_KERNEL);
1250	if (!net->ipv4.sysctl_local_reserved_ports)
1251	goto err_ports;
1252
1253	return `0`;
1254
1255	err_ports:
1256	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1257	err_reg:
1258	if (!net_eq(net, &init_net))
1259	kfree(table);
1260	err_alloc:
1261	return -ENOMEM;
1262	}
1263
1264	static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1265	{
1266	struct ctl_table *table;
1267
1268	kfree(net->ipv4.sysctl_local_reserved_ports);
1269	table = net->ipv4.ipv4_hdr->ctl_table_arg;
1270	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1271	kfree(table);
1272	}
1273
1274	static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1275	.init = ipv4_sysctl_init_net,
1276	.exit = ipv4_sysctl_exit_net,
1277	};
1278
1279	static __init int sysctl_ipv4_init(void)
1280	{
1281	struct ctl_table_header *hdr;
1282
1283	hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1284	if (!hdr)
1285	return -ENOMEM;
1286
1287	if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1288	unregister_net_sysctl_table(hdr);
1289	return -ENOMEM;
1290	}
1291
1292	return `0`;
1293	}
1294
1295	__initcall(sysctl_ipv4_init);
1296

Browse the source code of linux/net/ipv4/sysctl_net_ipv4.c