1 /* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8 #include <linux/mm.h> 9 #include <linux/module.h> 10 #include <linux/sysctl.h> 11 #include <linux/igmp.h> 12 #include <linux/inetdevice.h> 13 #include <linux/seqlock.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/nsproxy.h> 17 #include <net/snmp.h> 18 #include <net/icmp.h> 19 #include <net/ip.h> 20 #include <net/route.h> 21 #include <net/tcp.h> 22 #include <net/udp.h> 23 #include <net/cipso_ipv4.h> 24 #include <net/inet_frag.h> 25 #include <net/ping.h> 26 27 static int zero; 28 static int tcp_retr1_max = 255; 29 static int ip_local_port_range_min[] = { 1, 1 }; 30 static int ip_local_port_range_max[] = { 65535, 65535 }; 31 static int tcp_adv_win_scale_min = -31; 32 static int tcp_adv_win_scale_max = 31; 33 static int ip_ttl_min = 1; 34 static int ip_ttl_max = 255; 35 static int ip_ping_group_range_min[] = { 0, 0 }; 36 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 37 38 /* Update system visible IP port range */ 39 static void set_local_port_range(int range[2]) 40 { 41 write_seqlock(&sysctl_local_ports.lock); 42 sysctl_local_ports.range[0] = range[0]; 43 sysctl_local_ports.range[1] = range[1]; 44 write_sequnlock(&sysctl_local_ports.lock); 45 } 46 47 /* Validate changes from /proc interface. */ 48 static int ipv4_local_port_range(ctl_table *table, int write, 49 void __user *buffer, 50 size_t *lenp, loff_t *ppos) 51 { 52 int ret; 53 int range[2]; 54 ctl_table tmp = { 55 .data = &range, 56 .maxlen = sizeof(range), 57 .mode = table->mode, 58 .extra1 = &ip_local_port_range_min, 59 .extra2 = &ip_local_port_range_max, 60 }; 61 62 inet_get_local_port_range(range, range + 1); 63 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 64 65 if (write && ret == 0) { 66 if (range[1] < range[0]) 67 ret = -EINVAL; 68 else 69 set_local_port_range(range); 70 } 71 72 return ret; 73 } 74 75 76 void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high) 77 { 78 gid_t *data = table->data; 79 unsigned seq; 80 do { 81 seq = read_seqbegin(&sysctl_local_ports.lock); 82 83 *low = data[0]; 84 *high = data[1]; 85 } while (read_seqretry(&sysctl_local_ports.lock, seq)); 86 } 87 88 /* Update system visible IP port range */ 89 static void set_ping_group_range(struct ctl_table *table, int range[2]) 90 { 91 gid_t *data = table->data; 92 write_seqlock(&sysctl_local_ports.lock); 93 data[0] = range[0]; 94 data[1] = range[1]; 95 write_sequnlock(&sysctl_local_ports.lock); 96 } 97 98 /* Validate changes from /proc interface. */ 99 static int ipv4_ping_group_range(ctl_table *table, int write, 100 void __user *buffer, 101 size_t *lenp, loff_t *ppos) 102 { 103 int ret; 104 gid_t range[2]; 105 ctl_table tmp = { 106 .data = &range, 107 .maxlen = sizeof(range), 108 .mode = table->mode, 109 .extra1 = &ip_ping_group_range_min, 110 .extra2 = &ip_ping_group_range_max, 111 }; 112 113 inet_get_ping_group_range_table(table, range, range + 1); 114 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 115 116 if (write && ret == 0) 117 set_ping_group_range(table, range); 118 119 return ret; 120 } 121 122 static int proc_tcp_congestion_control(ctl_table *ctl, int write, 123 void __user *buffer, size_t *lenp, loff_t *ppos) 124 { 125 char val[TCP_CA_NAME_MAX]; 126 ctl_table tbl = { 127 .data = val, 128 .maxlen = TCP_CA_NAME_MAX, 129 }; 130 int ret; 131 132 tcp_get_default_congestion_control(val); 133 134 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 135 if (write && ret == 0) 136 ret = tcp_set_default_congestion_control(val); 137 return ret; 138 } 139 140 static int proc_tcp_available_congestion_control(ctl_table *ctl, 141 int write, 142 void __user *buffer, size_t *lenp, 143 loff_t *ppos) 144 { 145 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 146 int ret; 147 148 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 149 if (!tbl.data) 150 return -ENOMEM; 151 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 152 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 153 kfree(tbl.data); 154 return ret; 155 } 156 157 static int proc_allowed_congestion_control(ctl_table *ctl, 158 int write, 159 void __user *buffer, size_t *lenp, 160 loff_t *ppos) 161 { 162 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 163 int ret; 164 165 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 166 if (!tbl.data) 167 return -ENOMEM; 168 169 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 170 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 171 if (write && ret == 0) 172 ret = tcp_set_allowed_congestion_control(tbl.data); 173 kfree(tbl.data); 174 return ret; 175 } 176 177 static struct ctl_table ipv4_table[] = { 178 { 179 .procname = "tcp_timestamps", 180 .data = &sysctl_tcp_timestamps, 181 .maxlen = sizeof(int), 182 .mode = 0644, 183 .proc_handler = proc_dointvec 184 }, 185 { 186 .procname = "tcp_window_scaling", 187 .data = &sysctl_tcp_window_scaling, 188 .maxlen = sizeof(int), 189 .mode = 0644, 190 .proc_handler = proc_dointvec 191 }, 192 { 193 .procname = "tcp_sack", 194 .data = &sysctl_tcp_sack, 195 .maxlen = sizeof(int), 196 .mode = 0644, 197 .proc_handler = proc_dointvec 198 }, 199 { 200 .procname = "tcp_retrans_collapse", 201 .data = &sysctl_tcp_retrans_collapse, 202 .maxlen = sizeof(int), 203 .mode = 0644, 204 .proc_handler = proc_dointvec 205 }, 206 { 207 .procname = "ip_default_ttl", 208 .data = &sysctl_ip_default_ttl, 209 .maxlen = sizeof(int), 210 .mode = 0644, 211 .proc_handler = proc_dointvec_minmax, 212 .extra1 = &ip_ttl_min, 213 .extra2 = &ip_ttl_max, 214 }, 215 { 216 .procname = "ip_no_pmtu_disc", 217 .data = &ipv4_config.no_pmtu_disc, 218 .maxlen = sizeof(int), 219 .mode = 0644, 220 .proc_handler = proc_dointvec 221 }, 222 { 223 .procname = "ip_nonlocal_bind", 224 .data = &sysctl_ip_nonlocal_bind, 225 .maxlen = sizeof(int), 226 .mode = 0644, 227 .proc_handler = proc_dointvec 228 }, 229 { 230 .procname = "tcp_syn_retries", 231 .data = &sysctl_tcp_syn_retries, 232 .maxlen = sizeof(int), 233 .mode = 0644, 234 .proc_handler = proc_dointvec 235 }, 236 { 237 .procname = "tcp_synack_retries", 238 .data = &sysctl_tcp_synack_retries, 239 .maxlen = sizeof(int), 240 .mode = 0644, 241 .proc_handler = proc_dointvec 242 }, 243 { 244 .procname = "tcp_max_orphans", 245 .data = &sysctl_tcp_max_orphans, 246 .maxlen = sizeof(int), 247 .mode = 0644, 248 .proc_handler = proc_dointvec 249 }, 250 { 251 .procname = "tcp_max_tw_buckets", 252 .data = &tcp_death_row.sysctl_max_tw_buckets, 253 .maxlen = sizeof(int), 254 .mode = 0644, 255 .proc_handler = proc_dointvec 256 }, 257 { 258 .procname = "ip_dynaddr", 259 .data = &sysctl_ip_dynaddr, 260 .maxlen = sizeof(int), 261 .mode = 0644, 262 .proc_handler = proc_dointvec 263 }, 264 { 265 .procname = "tcp_keepalive_time", 266 .data = &sysctl_tcp_keepalive_time, 267 .maxlen = sizeof(int), 268 .mode = 0644, 269 .proc_handler = proc_dointvec_jiffies, 270 }, 271 { 272 .procname = "tcp_keepalive_probes", 273 .data = &sysctl_tcp_keepalive_probes, 274 .maxlen = sizeof(int), 275 .mode = 0644, 276 .proc_handler = proc_dointvec 277 }, 278 { 279 .procname = "tcp_keepalive_intvl", 280 .data = &sysctl_tcp_keepalive_intvl, 281 .maxlen = sizeof(int), 282 .mode = 0644, 283 .proc_handler = proc_dointvec_jiffies, 284 }, 285 { 286 .procname = "tcp_retries1", 287 .data = &sysctl_tcp_retries1, 288 .maxlen = sizeof(int), 289 .mode = 0644, 290 .proc_handler = proc_dointvec_minmax, 291 .extra2 = &tcp_retr1_max 292 }, 293 { 294 .procname = "tcp_retries2", 295 .data = &sysctl_tcp_retries2, 296 .maxlen = sizeof(int), 297 .mode = 0644, 298 .proc_handler = proc_dointvec 299 }, 300 { 301 .procname = "tcp_fin_timeout", 302 .data = &sysctl_tcp_fin_timeout, 303 .maxlen = sizeof(int), 304 .mode = 0644, 305 .proc_handler = proc_dointvec_jiffies, 306 }, 307 #ifdef CONFIG_SYN_COOKIES 308 { 309 .procname = "tcp_syncookies", 310 .data = &sysctl_tcp_syncookies, 311 .maxlen = sizeof(int), 312 .mode = 0644, 313 .proc_handler = proc_dointvec 314 }, 315 #endif 316 { 317 .procname = "tcp_tw_recycle", 318 .data = &tcp_death_row.sysctl_tw_recycle, 319 .maxlen = sizeof(int), 320 .mode = 0644, 321 .proc_handler = proc_dointvec 322 }, 323 { 324 .procname = "tcp_abort_on_overflow", 325 .data = &sysctl_tcp_abort_on_overflow, 326 .maxlen = sizeof(int), 327 .mode = 0644, 328 .proc_handler = proc_dointvec 329 }, 330 { 331 .procname = "tcp_stdurg", 332 .data = &sysctl_tcp_stdurg, 333 .maxlen = sizeof(int), 334 .mode = 0644, 335 .proc_handler = proc_dointvec 336 }, 337 { 338 .procname = "tcp_rfc1337", 339 .data = &sysctl_tcp_rfc1337, 340 .maxlen = sizeof(int), 341 .mode = 0644, 342 .proc_handler = proc_dointvec 343 }, 344 { 345 .procname = "tcp_max_syn_backlog", 346 .data = &sysctl_max_syn_backlog, 347 .maxlen = sizeof(int), 348 .mode = 0644, 349 .proc_handler = proc_dointvec 350 }, 351 { 352 .procname = "ip_local_port_range", 353 .data = &sysctl_local_ports.range, 354 .maxlen = sizeof(sysctl_local_ports.range), 355 .mode = 0644, 356 .proc_handler = ipv4_local_port_range, 357 }, 358 { 359 .procname = "ip_local_reserved_ports", 360 .data = NULL, /* initialized in sysctl_ipv4_init */ 361 .maxlen = 65536, 362 .mode = 0644, 363 .proc_handler = proc_do_large_bitmap, 364 }, 365 { 366 .procname = "igmp_max_memberships", 367 .data = &sysctl_igmp_max_memberships, 368 .maxlen = sizeof(int), 369 .mode = 0644, 370 .proc_handler = proc_dointvec 371 }, 372 { 373 .procname = "igmp_max_msf", 374 .data = &sysctl_igmp_max_msf, 375 .maxlen = sizeof(int), 376 .mode = 0644, 377 .proc_handler = proc_dointvec 378 }, 379 { 380 .procname = "inet_peer_threshold", 381 .data = &inet_peer_threshold, 382 .maxlen = sizeof(int), 383 .mode = 0644, 384 .proc_handler = proc_dointvec 385 }, 386 { 387 .procname = "inet_peer_minttl", 388 .data = &inet_peer_minttl, 389 .maxlen = sizeof(int), 390 .mode = 0644, 391 .proc_handler = proc_dointvec_jiffies, 392 }, 393 { 394 .procname = "inet_peer_maxttl", 395 .data = &inet_peer_maxttl, 396 .maxlen = sizeof(int), 397 .mode = 0644, 398 .proc_handler = proc_dointvec_jiffies, 399 }, 400 { 401 .procname = "tcp_orphan_retries", 402 .data = &sysctl_tcp_orphan_retries, 403 .maxlen = sizeof(int), 404 .mode = 0644, 405 .proc_handler = proc_dointvec 406 }, 407 { 408 .procname = "tcp_fack", 409 .data = &sysctl_tcp_fack, 410 .maxlen = sizeof(int), 411 .mode = 0644, 412 .proc_handler = proc_dointvec 413 }, 414 { 415 .procname = "tcp_reordering", 416 .data = &sysctl_tcp_reordering, 417 .maxlen = sizeof(int), 418 .mode = 0644, 419 .proc_handler = proc_dointvec 420 }, 421 { 422 .procname = "tcp_ecn", 423 .data = &sysctl_tcp_ecn, 424 .maxlen = sizeof(int), 425 .mode = 0644, 426 .proc_handler = proc_dointvec 427 }, 428 { 429 .procname = "tcp_dsack", 430 .data = &sysctl_tcp_dsack, 431 .maxlen = sizeof(int), 432 .mode = 0644, 433 .proc_handler = proc_dointvec 434 }, 435 { 436 .procname = "tcp_mem", 437 .data = &sysctl_tcp_mem, 438 .maxlen = sizeof(sysctl_tcp_mem), 439 .mode = 0644, 440 .proc_handler = proc_doulongvec_minmax 441 }, 442 { 443 .procname = "tcp_wmem", 444 .data = &sysctl_tcp_wmem, 445 .maxlen = sizeof(sysctl_tcp_wmem), 446 .mode = 0644, 447 .proc_handler = proc_dointvec 448 }, 449 { 450 .procname = "tcp_rmem", 451 .data = &sysctl_tcp_rmem, 452 .maxlen = sizeof(sysctl_tcp_rmem), 453 .mode = 0644, 454 .proc_handler = proc_dointvec 455 }, 456 { 457 .procname = "tcp_app_win", 458 .data = &sysctl_tcp_app_win, 459 .maxlen = sizeof(int), 460 .mode = 0644, 461 .proc_handler = proc_dointvec 462 }, 463 { 464 .procname = "tcp_adv_win_scale", 465 .data = &sysctl_tcp_adv_win_scale, 466 .maxlen = sizeof(int), 467 .mode = 0644, 468 .proc_handler = proc_dointvec_minmax, 469 .extra1 = &tcp_adv_win_scale_min, 470 .extra2 = &tcp_adv_win_scale_max, 471 }, 472 { 473 .procname = "tcp_tw_reuse", 474 .data = &sysctl_tcp_tw_reuse, 475 .maxlen = sizeof(int), 476 .mode = 0644, 477 .proc_handler = proc_dointvec 478 }, 479 { 480 .procname = "tcp_frto", 481 .data = &sysctl_tcp_frto, 482 .maxlen = sizeof(int), 483 .mode = 0644, 484 .proc_handler = proc_dointvec 485 }, 486 { 487 .procname = "tcp_frto_response", 488 .data = &sysctl_tcp_frto_response, 489 .maxlen = sizeof(int), 490 .mode = 0644, 491 .proc_handler = proc_dointvec 492 }, 493 { 494 .procname = "tcp_low_latency", 495 .data = &sysctl_tcp_low_latency, 496 .maxlen = sizeof(int), 497 .mode = 0644, 498 .proc_handler = proc_dointvec 499 }, 500 { 501 .procname = "tcp_no_metrics_save", 502 .data = &sysctl_tcp_nometrics_save, 503 .maxlen = sizeof(int), 504 .mode = 0644, 505 .proc_handler = proc_dointvec, 506 }, 507 { 508 .procname = "tcp_moderate_rcvbuf", 509 .data = &sysctl_tcp_moderate_rcvbuf, 510 .maxlen = sizeof(int), 511 .mode = 0644, 512 .proc_handler = proc_dointvec, 513 }, 514 { 515 .procname = "tcp_tso_win_divisor", 516 .data = &sysctl_tcp_tso_win_divisor, 517 .maxlen = sizeof(int), 518 .mode = 0644, 519 .proc_handler = proc_dointvec, 520 }, 521 { 522 .procname = "tcp_congestion_control", 523 .mode = 0644, 524 .maxlen = TCP_CA_NAME_MAX, 525 .proc_handler = proc_tcp_congestion_control, 526 }, 527 { 528 .procname = "tcp_abc", 529 .data = &sysctl_tcp_abc, 530 .maxlen = sizeof(int), 531 .mode = 0644, 532 .proc_handler = proc_dointvec, 533 }, 534 { 535 .procname = "tcp_mtu_probing", 536 .data = &sysctl_tcp_mtu_probing, 537 .maxlen = sizeof(int), 538 .mode = 0644, 539 .proc_handler = proc_dointvec, 540 }, 541 { 542 .procname = "tcp_base_mss", 543 .data = &sysctl_tcp_base_mss, 544 .maxlen = sizeof(int), 545 .mode = 0644, 546 .proc_handler = proc_dointvec, 547 }, 548 { 549 .procname = "tcp_workaround_signed_windows", 550 .data = &sysctl_tcp_workaround_signed_windows, 551 .maxlen = sizeof(int), 552 .mode = 0644, 553 .proc_handler = proc_dointvec 554 }, 555 #ifdef CONFIG_NET_DMA 556 { 557 .procname = "tcp_dma_copybreak", 558 .data = &sysctl_tcp_dma_copybreak, 559 .maxlen = sizeof(int), 560 .mode = 0644, 561 .proc_handler = proc_dointvec 562 }, 563 #endif 564 { 565 .procname = "tcp_slow_start_after_idle", 566 .data = &sysctl_tcp_slow_start_after_idle, 567 .maxlen = sizeof(int), 568 .mode = 0644, 569 .proc_handler = proc_dointvec 570 }, 571 #ifdef CONFIG_NETLABEL 572 { 573 .procname = "cipso_cache_enable", 574 .data = &cipso_v4_cache_enabled, 575 .maxlen = sizeof(int), 576 .mode = 0644, 577 .proc_handler = proc_dointvec, 578 }, 579 { 580 .procname = "cipso_cache_bucket_size", 581 .data = &cipso_v4_cache_bucketsize, 582 .maxlen = sizeof(int), 583 .mode = 0644, 584 .proc_handler = proc_dointvec, 585 }, 586 { 587 .procname = "cipso_rbm_optfmt", 588 .data = &cipso_v4_rbm_optfmt, 589 .maxlen = sizeof(int), 590 .mode = 0644, 591 .proc_handler = proc_dointvec, 592 }, 593 { 594 .procname = "cipso_rbm_strictvalid", 595 .data = &cipso_v4_rbm_strictvalid, 596 .maxlen = sizeof(int), 597 .mode = 0644, 598 .proc_handler = proc_dointvec, 599 }, 600 #endif /* CONFIG_NETLABEL */ 601 { 602 .procname = "tcp_available_congestion_control", 603 .maxlen = TCP_CA_BUF_MAX, 604 .mode = 0444, 605 .proc_handler = proc_tcp_available_congestion_control, 606 }, 607 { 608 .procname = "tcp_allowed_congestion_control", 609 .maxlen = TCP_CA_BUF_MAX, 610 .mode = 0644, 611 .proc_handler = proc_allowed_congestion_control, 612 }, 613 { 614 .procname = "tcp_max_ssthresh", 615 .data = &sysctl_tcp_max_ssthresh, 616 .maxlen = sizeof(int), 617 .mode = 0644, 618 .proc_handler = proc_dointvec, 619 }, 620 { 621 .procname = "tcp_cookie_size", 622 .data = &sysctl_tcp_cookie_size, 623 .maxlen = sizeof(int), 624 .mode = 0644, 625 .proc_handler = proc_dointvec 626 }, 627 { 628 .procname = "tcp_thin_linear_timeouts", 629 .data = &sysctl_tcp_thin_linear_timeouts, 630 .maxlen = sizeof(int), 631 .mode = 0644, 632 .proc_handler = proc_dointvec 633 }, 634 { 635 .procname = "tcp_thin_dupack", 636 .data = &sysctl_tcp_thin_dupack, 637 .maxlen = sizeof(int), 638 .mode = 0644, 639 .proc_handler = proc_dointvec 640 }, 641 { 642 .procname = "udp_mem", 643 .data = &sysctl_udp_mem, 644 .maxlen = sizeof(sysctl_udp_mem), 645 .mode = 0644, 646 .proc_handler = proc_doulongvec_minmax, 647 }, 648 { 649 .procname = "udp_rmem_min", 650 .data = &sysctl_udp_rmem_min, 651 .maxlen = sizeof(sysctl_udp_rmem_min), 652 .mode = 0644, 653 .proc_handler = proc_dointvec_minmax, 654 .extra1 = &zero 655 }, 656 { 657 .procname = "udp_wmem_min", 658 .data = &sysctl_udp_wmem_min, 659 .maxlen = sizeof(sysctl_udp_wmem_min), 660 .mode = 0644, 661 .proc_handler = proc_dointvec_minmax, 662 .extra1 = &zero 663 }, 664 { } 665 }; 666 667 static struct ctl_table ipv4_net_table[] = { 668 { 669 .procname = "icmp_echo_ignore_all", 670 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 671 .maxlen = sizeof(int), 672 .mode = 0644, 673 .proc_handler = proc_dointvec 674 }, 675 { 676 .procname = "icmp_echo_ignore_broadcasts", 677 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 678 .maxlen = sizeof(int), 679 .mode = 0644, 680 .proc_handler = proc_dointvec 681 }, 682 { 683 .procname = "icmp_ignore_bogus_error_responses", 684 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 685 .maxlen = sizeof(int), 686 .mode = 0644, 687 .proc_handler = proc_dointvec 688 }, 689 { 690 .procname = "icmp_errors_use_inbound_ifaddr", 691 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 692 .maxlen = sizeof(int), 693 .mode = 0644, 694 .proc_handler = proc_dointvec 695 }, 696 { 697 .procname = "icmp_ratelimit", 698 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 699 .maxlen = sizeof(int), 700 .mode = 0644, 701 .proc_handler = proc_dointvec_ms_jiffies, 702 }, 703 { 704 .procname = "icmp_ratemask", 705 .data = &init_net.ipv4.sysctl_icmp_ratemask, 706 .maxlen = sizeof(int), 707 .mode = 0644, 708 .proc_handler = proc_dointvec 709 }, 710 { 711 .procname = "rt_cache_rebuild_count", 712 .data = &init_net.ipv4.sysctl_rt_cache_rebuild_count, 713 .maxlen = sizeof(int), 714 .mode = 0644, 715 .proc_handler = proc_dointvec 716 }, 717 { 718 .procname = "ping_group_range", 719 .data = &init_net.ipv4.sysctl_ping_group_range, 720 .maxlen = sizeof(init_net.ipv4.sysctl_ping_group_range), 721 .mode = 0644, 722 .proc_handler = ipv4_ping_group_range, 723 }, 724 { } 725 }; 726 727 struct ctl_path net_ipv4_ctl_path[] = { 728 { .procname = "net", }, 729 { .procname = "ipv4", }, 730 { }, 731 }; 732 EXPORT_SYMBOL_GPL(net_ipv4_ctl_path); 733 734 static __net_init int ipv4_sysctl_init_net(struct net *net) 735 { 736 struct ctl_table *table; 737 738 table = ipv4_net_table; 739 if (!net_eq(net, &init_net)) { 740 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 741 if (table == NULL) 742 goto err_alloc; 743 744 table[0].data = 745 &net->ipv4.sysctl_icmp_echo_ignore_all; 746 table[1].data = 747 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; 748 table[2].data = 749 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; 750 table[3].data = 751 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; 752 table[4].data = 753 &net->ipv4.sysctl_icmp_ratelimit; 754 table[5].data = 755 &net->ipv4.sysctl_icmp_ratemask; 756 table[6].data = 757 &net->ipv4.sysctl_rt_cache_rebuild_count; 758 table[7].data = 759 &net->ipv4.sysctl_ping_group_range; 760 761 } 762 763 /* 764 * Sane defaults - nobody may create ping sockets. 765 * Boot scripts should set this to distro-specific group. 766 */ 767 net->ipv4.sysctl_ping_group_range[0] = 1; 768 net->ipv4.sysctl_ping_group_range[1] = 0; 769 770 net->ipv4.sysctl_rt_cache_rebuild_count = 4; 771 772 net->ipv4.ipv4_hdr = register_net_sysctl_table(net, 773 net_ipv4_ctl_path, table); 774 if (net->ipv4.ipv4_hdr == NULL) 775 goto err_reg; 776 777 return 0; 778 779 err_reg: 780 if (!net_eq(net, &init_net)) 781 kfree(table); 782 err_alloc: 783 return -ENOMEM; 784 } 785 786 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 787 { 788 struct ctl_table *table; 789 790 table = net->ipv4.ipv4_hdr->ctl_table_arg; 791 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 792 kfree(table); 793 } 794 795 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 796 .init = ipv4_sysctl_init_net, 797 .exit = ipv4_sysctl_exit_net, 798 }; 799 800 static __init int sysctl_ipv4_init(void) 801 { 802 struct ctl_table_header *hdr; 803 struct ctl_table *i; 804 805 for (i = ipv4_table; i->procname; i++) { 806 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { 807 i->data = sysctl_local_reserved_ports; 808 break; 809 } 810 } 811 if (!i->procname) 812 return -EINVAL; 813 814 hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table); 815 if (hdr == NULL) 816 return -ENOMEM; 817 818 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 819 unregister_sysctl_table(hdr); 820 return -ENOMEM; 821 } 822 823 return 0; 824 } 825 826 __initcall(sysctl_ipv4_init); 827