1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #include <linux/sysctl.h> |
3 | #include <linux/slab.h> |
4 | #include <net/net_namespace.h> |
5 | #include <net/xfrm.h> |
6 | |
7 | static void __net_init __xfrm_sysctl_init(struct net *net) |
8 | { |
9 | net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; |
10 | net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; |
11 | net->xfrm.sysctl_larval_drop = 1; |
12 | net->xfrm.sysctl_acq_expires = 30; |
13 | } |
14 | |
15 | #ifdef CONFIG_SYSCTL |
16 | static struct ctl_table xfrm_table[] = { |
17 | { |
18 | .procname = "xfrm_aevent_etime" , |
19 | .maxlen = sizeof(u32), |
20 | .mode = 0644, |
21 | .proc_handler = proc_douintvec |
22 | }, |
23 | { |
24 | .procname = "xfrm_aevent_rseqth" , |
25 | .maxlen = sizeof(u32), |
26 | .mode = 0644, |
27 | .proc_handler = proc_douintvec |
28 | }, |
29 | { |
30 | .procname = "xfrm_larval_drop" , |
31 | .maxlen = sizeof(int), |
32 | .mode = 0644, |
33 | .proc_handler = proc_dointvec |
34 | }, |
35 | { |
36 | .procname = "xfrm_acq_expires" , |
37 | .maxlen = sizeof(int), |
38 | .mode = 0644, |
39 | .proc_handler = proc_dointvec |
40 | }, |
41 | {} |
42 | }; |
43 | |
44 | int __net_init xfrm_sysctl_init(struct net *net) |
45 | { |
46 | struct ctl_table *table; |
47 | size_t table_size = ARRAY_SIZE(xfrm_table); |
48 | |
49 | __xfrm_sysctl_init(net); |
50 | |
51 | table = kmemdup(p: xfrm_table, size: sizeof(xfrm_table), GFP_KERNEL); |
52 | if (!table) |
53 | goto out_kmemdup; |
54 | table[0].data = &net->xfrm.sysctl_aevent_etime; |
55 | table[1].data = &net->xfrm.sysctl_aevent_rseqth; |
56 | table[2].data = &net->xfrm.sysctl_larval_drop; |
57 | table[3].data = &net->xfrm.sysctl_acq_expires; |
58 | |
59 | /* Don't export sysctls to unprivileged users */ |
60 | if (net->user_ns != &init_user_ns) { |
61 | table[0].procname = NULL; |
62 | table_size = 0; |
63 | } |
64 | |
65 | net->xfrm.sysctl_hdr = register_net_sysctl_sz(net, path: "net/core" , table, |
66 | table_size); |
67 | if (!net->xfrm.sysctl_hdr) |
68 | goto out_register; |
69 | return 0; |
70 | |
71 | out_register: |
72 | kfree(objp: table); |
73 | out_kmemdup: |
74 | return -ENOMEM; |
75 | } |
76 | |
77 | void __net_exit xfrm_sysctl_fini(struct net *net) |
78 | { |
79 | struct ctl_table *table; |
80 | |
81 | table = net->xfrm.sysctl_hdr->ctl_table_arg; |
82 | unregister_net_sysctl_table(header: net->xfrm.sysctl_hdr); |
83 | kfree(objp: table); |
84 | } |
85 | #else |
86 | int __net_init xfrm_sysctl_init(struct net *net) |
87 | { |
88 | __xfrm_sysctl_init(net); |
89 | return 0; |
90 | } |
91 | #endif |
92 | |