1 /* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8 #include <linux/mm.h> 9 #include <linux/module.h> 10 #include <linux/sysctl.h> 11 #include <linux/igmp.h> 12 #include <linux/inetdevice.h> 13 #include <linux/seqlock.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/nsproxy.h> 17 #include <linux/swap.h> 18 #include <net/snmp.h> 19 #include <net/icmp.h> 20 #include <net/ip.h> 21 #include <net/route.h> 22 #include <net/tcp.h> 23 #include <net/udp.h> 24 #include <net/cipso_ipv4.h> 25 #include <net/inet_frag.h> 26 #include <net/ping.h> 27 #include <net/tcp_memcontrol.h> 28 29 static int zero; 30 static int one = 1; 31 static int four = 4; 32 static int tcp_retr1_max = 255; 33 static int ip_local_port_range_min[] = { 1, 1 }; 34 static int ip_local_port_range_max[] = { 65535, 65535 }; 35 static int tcp_adv_win_scale_min = -31; 36 static int tcp_adv_win_scale_max = 31; 37 static int ip_ttl_min = 1; 38 static int ip_ttl_max = 255; 39 static int tcp_syn_retries_min = 1; 40 static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 41 static int ip_ping_group_range_min[] = { 0, 0 }; 42 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 43 44 /* Update system visible IP port range */ 45 static void set_local_port_range(int range[2]) 46 { 47 write_seqlock(&sysctl_local_ports.lock); 48 sysctl_local_ports.range[0] = range[0]; 49 sysctl_local_ports.range[1] = range[1]; 50 write_sequnlock(&sysctl_local_ports.lock); 51 } 52 53 /* Validate changes from /proc interface. */ 54 static int ipv4_local_port_range(struct ctl_table *table, int write, 55 void __user *buffer, 56 size_t *lenp, loff_t *ppos) 57 { 58 int ret; 59 int range[2]; 60 struct ctl_table tmp = { 61 .data = &range, 62 .maxlen = sizeof(range), 63 .mode = table->mode, 64 .extra1 = &ip_local_port_range_min, 65 .extra2 = &ip_local_port_range_max, 66 }; 67 68 inet_get_local_port_range(range, range + 1); 69 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 70 71 if (write && ret == 0) { 72 if (range[1] < range[0]) 73 ret = -EINVAL; 74 else 75 set_local_port_range(range); 76 } 77 78 return ret; 79 } 80 81 82 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 83 { 84 kgid_t *data = table->data; 85 unsigned int seq; 86 do { 87 seq = read_seqbegin(&sysctl_local_ports.lock); 88 89 *low = data[0]; 90 *high = data[1]; 91 } while (read_seqretry(&sysctl_local_ports.lock, seq)); 92 } 93 94 /* Update system visible IP port range */ 95 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 96 { 97 kgid_t *data = table->data; 98 write_seqlock(&sysctl_local_ports.lock); 99 data[0] = low; 100 data[1] = high; 101 write_sequnlock(&sysctl_local_ports.lock); 102 } 103 104 /* Validate changes from /proc interface. */ 105 static int ipv4_ping_group_range(struct ctl_table *table, int write, 106 void __user *buffer, 107 size_t *lenp, loff_t *ppos) 108 { 109 struct user_namespace *user_ns = current_user_ns(); 110 int ret; 111 gid_t urange[2]; 112 kgid_t low, high; 113 struct ctl_table tmp = { 114 .data = &urange, 115 .maxlen = sizeof(urange), 116 .mode = table->mode, 117 .extra1 = &ip_ping_group_range_min, 118 .extra2 = &ip_ping_group_range_max, 119 }; 120 121 inet_get_ping_group_range_table(table, &low, &high); 122 urange[0] = from_kgid_munged(user_ns, low); 123 urange[1] = from_kgid_munged(user_ns, high); 124 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 125 126 if (write && ret == 0) { 127 low = make_kgid(user_ns, urange[0]); 128 high = make_kgid(user_ns, urange[1]); 129 if (!gid_valid(low) || !gid_valid(high) || 130 (urange[1] < urange[0]) || gid_lt(high, low)) { 131 low = make_kgid(&init_user_ns, 1); 132 high = make_kgid(&init_user_ns, 0); 133 } 134 set_ping_group_range(table, low, high); 135 } 136 137 return ret; 138 } 139 140 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 141 void __user *buffer, size_t *lenp, loff_t *ppos) 142 { 143 char val[TCP_CA_NAME_MAX]; 144 struct ctl_table tbl = { 145 .data = val, 146 .maxlen = TCP_CA_NAME_MAX, 147 }; 148 int ret; 149 150 tcp_get_default_congestion_control(val); 151 152 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 153 if (write && ret == 0) 154 ret = tcp_set_default_congestion_control(val); 155 return ret; 156 } 157 158 static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 159 int write, 160 void __user *buffer, size_t *lenp, 161 loff_t *ppos) 162 { 163 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 164 int ret; 165 166 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 167 if (!tbl.data) 168 return -ENOMEM; 169 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 170 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 171 kfree(tbl.data); 172 return ret; 173 } 174 175 static int proc_allowed_congestion_control(struct ctl_table *ctl, 176 int write, 177 void __user *buffer, size_t *lenp, 178 loff_t *ppos) 179 { 180 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 181 int ret; 182 183 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 184 if (!tbl.data) 185 return -ENOMEM; 186 187 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 188 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 189 if (write && ret == 0) 190 ret = tcp_set_allowed_congestion_control(tbl.data); 191 kfree(tbl.data); 192 return ret; 193 } 194 195 static int ipv4_tcp_mem(struct ctl_table *ctl, int write, 196 void __user *buffer, size_t *lenp, 197 loff_t *ppos) 198 { 199 int ret; 200 unsigned long vec[3]; 201 struct net *net = current->nsproxy->net_ns; 202 #ifdef CONFIG_MEMCG_KMEM 203 struct mem_cgroup *memcg; 204 #endif 205 206 struct ctl_table tmp = { 207 .data = &vec, 208 .maxlen = sizeof(vec), 209 .mode = ctl->mode, 210 }; 211 212 if (!write) { 213 ctl->data = &net->ipv4.sysctl_tcp_mem; 214 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos); 215 } 216 217 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 218 if (ret) 219 return ret; 220 221 #ifdef CONFIG_MEMCG_KMEM 222 rcu_read_lock(); 223 memcg = mem_cgroup_from_task(current); 224 225 tcp_prot_mem(memcg, vec[0], 0); 226 tcp_prot_mem(memcg, vec[1], 1); 227 tcp_prot_mem(memcg, vec[2], 2); 228 rcu_read_unlock(); 229 #endif 230 231 net->ipv4.sysctl_tcp_mem[0] = vec[0]; 232 net->ipv4.sysctl_tcp_mem[1] = vec[1]; 233 net->ipv4.sysctl_tcp_mem[2] = vec[2]; 234 235 return 0; 236 } 237 238 static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write, 239 void __user *buffer, size_t *lenp, 240 loff_t *ppos) 241 { 242 struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; 243 struct tcp_fastopen_context *ctxt; 244 int ret; 245 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ 246 247 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 248 if (!tbl.data) 249 return -ENOMEM; 250 251 rcu_read_lock(); 252 ctxt = rcu_dereference(tcp_fastopen_ctx); 253 if (ctxt) 254 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); 255 else 256 memset(user_key, 0, sizeof(user_key)); 257 rcu_read_unlock(); 258 259 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", 260 user_key[0], user_key[1], user_key[2], user_key[3]); 261 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 262 263 if (write && ret == 0) { 264 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1, 265 user_key + 2, user_key + 3) != 4) { 266 ret = -EINVAL; 267 goto bad_key; 268 } 269 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH); 270 } 271 272 bad_key: 273 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 274 user_key[0], user_key[1], user_key[2], user_key[3], 275 (char *)tbl.data, ret); 276 kfree(tbl.data); 277 return ret; 278 } 279 280 static struct ctl_table ipv4_table[] = { 281 { 282 .procname = "tcp_timestamps", 283 .data = &sysctl_tcp_timestamps, 284 .maxlen = sizeof(int), 285 .mode = 0644, 286 .proc_handler = proc_dointvec 287 }, 288 { 289 .procname = "tcp_window_scaling", 290 .data = &sysctl_tcp_window_scaling, 291 .maxlen = sizeof(int), 292 .mode = 0644, 293 .proc_handler = proc_dointvec 294 }, 295 { 296 .procname = "tcp_sack", 297 .data = &sysctl_tcp_sack, 298 .maxlen = sizeof(int), 299 .mode = 0644, 300 .proc_handler = proc_dointvec 301 }, 302 { 303 .procname = "tcp_retrans_collapse", 304 .data = &sysctl_tcp_retrans_collapse, 305 .maxlen = sizeof(int), 306 .mode = 0644, 307 .proc_handler = proc_dointvec 308 }, 309 { 310 .procname = "ip_default_ttl", 311 .data = &sysctl_ip_default_ttl, 312 .maxlen = sizeof(int), 313 .mode = 0644, 314 .proc_handler = proc_dointvec_minmax, 315 .extra1 = &ip_ttl_min, 316 .extra2 = &ip_ttl_max, 317 }, 318 { 319 .procname = "ip_no_pmtu_disc", 320 .data = &ipv4_config.no_pmtu_disc, 321 .maxlen = sizeof(int), 322 .mode = 0644, 323 .proc_handler = proc_dointvec 324 }, 325 { 326 .procname = "ip_nonlocal_bind", 327 .data = &sysctl_ip_nonlocal_bind, 328 .maxlen = sizeof(int), 329 .mode = 0644, 330 .proc_handler = proc_dointvec 331 }, 332 { 333 .procname = "tcp_syn_retries", 334 .data = &sysctl_tcp_syn_retries, 335 .maxlen = sizeof(int), 336 .mode = 0644, 337 .proc_handler = proc_dointvec_minmax, 338 .extra1 = &tcp_syn_retries_min, 339 .extra2 = &tcp_syn_retries_max 340 }, 341 { 342 .procname = "tcp_synack_retries", 343 .data = &sysctl_tcp_synack_retries, 344 .maxlen = sizeof(int), 345 .mode = 0644, 346 .proc_handler = proc_dointvec 347 }, 348 { 349 .procname = "tcp_max_orphans", 350 .data = &sysctl_tcp_max_orphans, 351 .maxlen = sizeof(int), 352 .mode = 0644, 353 .proc_handler = proc_dointvec 354 }, 355 { 356 .procname = "tcp_max_tw_buckets", 357 .data = &tcp_death_row.sysctl_max_tw_buckets, 358 .maxlen = sizeof(int), 359 .mode = 0644, 360 .proc_handler = proc_dointvec 361 }, 362 { 363 .procname = "ip_early_demux", 364 .data = &sysctl_ip_early_demux, 365 .maxlen = sizeof(int), 366 .mode = 0644, 367 .proc_handler = proc_dointvec 368 }, 369 { 370 .procname = "ip_dynaddr", 371 .data = &sysctl_ip_dynaddr, 372 .maxlen = sizeof(int), 373 .mode = 0644, 374 .proc_handler = proc_dointvec 375 }, 376 { 377 .procname = "tcp_keepalive_time", 378 .data = &sysctl_tcp_keepalive_time, 379 .maxlen = sizeof(int), 380 .mode = 0644, 381 .proc_handler = proc_dointvec_jiffies, 382 }, 383 { 384 .procname = "tcp_keepalive_probes", 385 .data = &sysctl_tcp_keepalive_probes, 386 .maxlen = sizeof(int), 387 .mode = 0644, 388 .proc_handler = proc_dointvec 389 }, 390 { 391 .procname = "tcp_keepalive_intvl", 392 .data = &sysctl_tcp_keepalive_intvl, 393 .maxlen = sizeof(int), 394 .mode = 0644, 395 .proc_handler = proc_dointvec_jiffies, 396 }, 397 { 398 .procname = "tcp_retries1", 399 .data = &sysctl_tcp_retries1, 400 .maxlen = sizeof(int), 401 .mode = 0644, 402 .proc_handler = proc_dointvec_minmax, 403 .extra2 = &tcp_retr1_max 404 }, 405 { 406 .procname = "tcp_retries2", 407 .data = &sysctl_tcp_retries2, 408 .maxlen = sizeof(int), 409 .mode = 0644, 410 .proc_handler = proc_dointvec 411 }, 412 { 413 .procname = "tcp_fin_timeout", 414 .data = &sysctl_tcp_fin_timeout, 415 .maxlen = sizeof(int), 416 .mode = 0644, 417 .proc_handler = proc_dointvec_jiffies, 418 }, 419 #ifdef CONFIG_SYN_COOKIES 420 { 421 .procname = "tcp_syncookies", 422 .data = &sysctl_tcp_syncookies, 423 .maxlen = sizeof(int), 424 .mode = 0644, 425 .proc_handler = proc_dointvec 426 }, 427 #endif 428 { 429 .procname = "tcp_fastopen", 430 .data = &sysctl_tcp_fastopen, 431 .maxlen = sizeof(int), 432 .mode = 0644, 433 .proc_handler = proc_dointvec, 434 }, 435 { 436 .procname = "tcp_fastopen_key", 437 .mode = 0600, 438 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), 439 .proc_handler = proc_tcp_fastopen_key, 440 }, 441 { 442 .procname = "tcp_tw_recycle", 443 .data = &tcp_death_row.sysctl_tw_recycle, 444 .maxlen = sizeof(int), 445 .mode = 0644, 446 .proc_handler = proc_dointvec 447 }, 448 { 449 .procname = "tcp_abort_on_overflow", 450 .data = &sysctl_tcp_abort_on_overflow, 451 .maxlen = sizeof(int), 452 .mode = 0644, 453 .proc_handler = proc_dointvec 454 }, 455 { 456 .procname = "tcp_stdurg", 457 .data = &sysctl_tcp_stdurg, 458 .maxlen = sizeof(int), 459 .mode = 0644, 460 .proc_handler = proc_dointvec 461 }, 462 { 463 .procname = "tcp_rfc1337", 464 .data = &sysctl_tcp_rfc1337, 465 .maxlen = sizeof(int), 466 .mode = 0644, 467 .proc_handler = proc_dointvec 468 }, 469 { 470 .procname = "tcp_max_syn_backlog", 471 .data = &sysctl_max_syn_backlog, 472 .maxlen = sizeof(int), 473 .mode = 0644, 474 .proc_handler = proc_dointvec 475 }, 476 { 477 .procname = "ip_local_port_range", 478 .data = &sysctl_local_ports.range, 479 .maxlen = sizeof(sysctl_local_ports.range), 480 .mode = 0644, 481 .proc_handler = ipv4_local_port_range, 482 }, 483 { 484 .procname = "ip_local_reserved_ports", 485 .data = NULL, /* initialized in sysctl_ipv4_init */ 486 .maxlen = 65536, 487 .mode = 0644, 488 .proc_handler = proc_do_large_bitmap, 489 }, 490 { 491 .procname = "igmp_max_memberships", 492 .data = &sysctl_igmp_max_memberships, 493 .maxlen = sizeof(int), 494 .mode = 0644, 495 .proc_handler = proc_dointvec 496 }, 497 { 498 .procname = "igmp_max_msf", 499 .data = &sysctl_igmp_max_msf, 500 .maxlen = sizeof(int), 501 .mode = 0644, 502 .proc_handler = proc_dointvec 503 }, 504 { 505 .procname = "inet_peer_threshold", 506 .data = &inet_peer_threshold, 507 .maxlen = sizeof(int), 508 .mode = 0644, 509 .proc_handler = proc_dointvec 510 }, 511 { 512 .procname = "inet_peer_minttl", 513 .data = &inet_peer_minttl, 514 .maxlen = sizeof(int), 515 .mode = 0644, 516 .proc_handler = proc_dointvec_jiffies, 517 }, 518 { 519 .procname = "inet_peer_maxttl", 520 .data = &inet_peer_maxttl, 521 .maxlen = sizeof(int), 522 .mode = 0644, 523 .proc_handler = proc_dointvec_jiffies, 524 }, 525 { 526 .procname = "tcp_orphan_retries", 527 .data = &sysctl_tcp_orphan_retries, 528 .maxlen = sizeof(int), 529 .mode = 0644, 530 .proc_handler = proc_dointvec 531 }, 532 { 533 .procname = "tcp_fack", 534 .data = &sysctl_tcp_fack, 535 .maxlen = sizeof(int), 536 .mode = 0644, 537 .proc_handler = proc_dointvec 538 }, 539 { 540 .procname = "tcp_reordering", 541 .data = &sysctl_tcp_reordering, 542 .maxlen = sizeof(int), 543 .mode = 0644, 544 .proc_handler = proc_dointvec 545 }, 546 { 547 .procname = "tcp_dsack", 548 .data = &sysctl_tcp_dsack, 549 .maxlen = sizeof(int), 550 .mode = 0644, 551 .proc_handler = proc_dointvec 552 }, 553 { 554 .procname = "tcp_wmem", 555 .data = &sysctl_tcp_wmem, 556 .maxlen = sizeof(sysctl_tcp_wmem), 557 .mode = 0644, 558 .proc_handler = proc_dointvec_minmax, 559 .extra1 = &one, 560 }, 561 { 562 .procname = "tcp_rmem", 563 .data = &sysctl_tcp_rmem, 564 .maxlen = sizeof(sysctl_tcp_rmem), 565 .mode = 0644, 566 .proc_handler = proc_dointvec_minmax, 567 .extra1 = &one, 568 }, 569 { 570 .procname = "tcp_app_win", 571 .data = &sysctl_tcp_app_win, 572 .maxlen = sizeof(int), 573 .mode = 0644, 574 .proc_handler = proc_dointvec 575 }, 576 { 577 .procname = "tcp_adv_win_scale", 578 .data = &sysctl_tcp_adv_win_scale, 579 .maxlen = sizeof(int), 580 .mode = 0644, 581 .proc_handler = proc_dointvec_minmax, 582 .extra1 = &tcp_adv_win_scale_min, 583 .extra2 = &tcp_adv_win_scale_max, 584 }, 585 { 586 .procname = "tcp_tw_reuse", 587 .data = &sysctl_tcp_tw_reuse, 588 .maxlen = sizeof(int), 589 .mode = 0644, 590 .proc_handler = proc_dointvec 591 }, 592 { 593 .procname = "tcp_frto", 594 .data = &sysctl_tcp_frto, 595 .maxlen = sizeof(int), 596 .mode = 0644, 597 .proc_handler = proc_dointvec 598 }, 599 { 600 .procname = "tcp_low_latency", 601 .data = &sysctl_tcp_low_latency, 602 .maxlen = sizeof(int), 603 .mode = 0644, 604 .proc_handler = proc_dointvec 605 }, 606 { 607 .procname = "tcp_no_metrics_save", 608 .data = &sysctl_tcp_nometrics_save, 609 .maxlen = sizeof(int), 610 .mode = 0644, 611 .proc_handler = proc_dointvec, 612 }, 613 { 614 .procname = "tcp_moderate_rcvbuf", 615 .data = &sysctl_tcp_moderate_rcvbuf, 616 .maxlen = sizeof(int), 617 .mode = 0644, 618 .proc_handler = proc_dointvec, 619 }, 620 { 621 .procname = "tcp_tso_win_divisor", 622 .data = &sysctl_tcp_tso_win_divisor, 623 .maxlen = sizeof(int), 624 .mode = 0644, 625 .proc_handler = proc_dointvec, 626 }, 627 { 628 .procname = "tcp_congestion_control", 629 .mode = 0644, 630 .maxlen = TCP_CA_NAME_MAX, 631 .proc_handler = proc_tcp_congestion_control, 632 }, 633 { 634 .procname = "tcp_mtu_probing", 635 .data = &sysctl_tcp_mtu_probing, 636 .maxlen = sizeof(int), 637 .mode = 0644, 638 .proc_handler = proc_dointvec, 639 }, 640 { 641 .procname = "tcp_base_mss", 642 .data = &sysctl_tcp_base_mss, 643 .maxlen = sizeof(int), 644 .mode = 0644, 645 .proc_handler = proc_dointvec, 646 }, 647 { 648 .procname = "tcp_workaround_signed_windows", 649 .data = &sysctl_tcp_workaround_signed_windows, 650 .maxlen = sizeof(int), 651 .mode = 0644, 652 .proc_handler = proc_dointvec 653 }, 654 { 655 .procname = "tcp_limit_output_bytes", 656 .data = &sysctl_tcp_limit_output_bytes, 657 .maxlen = sizeof(int), 658 .mode = 0644, 659 .proc_handler = proc_dointvec 660 }, 661 { 662 .procname = "tcp_challenge_ack_limit", 663 .data = &sysctl_tcp_challenge_ack_limit, 664 .maxlen = sizeof(int), 665 .mode = 0644, 666 .proc_handler = proc_dointvec 667 }, 668 #ifdef CONFIG_NET_DMA 669 { 670 .procname = "tcp_dma_copybreak", 671 .data = &sysctl_tcp_dma_copybreak, 672 .maxlen = sizeof(int), 673 .mode = 0644, 674 .proc_handler = proc_dointvec 675 }, 676 #endif 677 { 678 .procname = "tcp_slow_start_after_idle", 679 .data = &sysctl_tcp_slow_start_after_idle, 680 .maxlen = sizeof(int), 681 .mode = 0644, 682 .proc_handler = proc_dointvec 683 }, 684 #ifdef CONFIG_NETLABEL 685 { 686 .procname = "cipso_cache_enable", 687 .data = &cipso_v4_cache_enabled, 688 .maxlen = sizeof(int), 689 .mode = 0644, 690 .proc_handler = proc_dointvec, 691 }, 692 { 693 .procname = "cipso_cache_bucket_size", 694 .data = &cipso_v4_cache_bucketsize, 695 .maxlen = sizeof(int), 696 .mode = 0644, 697 .proc_handler = proc_dointvec, 698 }, 699 { 700 .procname = "cipso_rbm_optfmt", 701 .data = &cipso_v4_rbm_optfmt, 702 .maxlen = sizeof(int), 703 .mode = 0644, 704 .proc_handler = proc_dointvec, 705 }, 706 { 707 .procname = "cipso_rbm_strictvalid", 708 .data = &cipso_v4_rbm_strictvalid, 709 .maxlen = sizeof(int), 710 .mode = 0644, 711 .proc_handler = proc_dointvec, 712 }, 713 #endif /* CONFIG_NETLABEL */ 714 { 715 .procname = "tcp_available_congestion_control", 716 .maxlen = TCP_CA_BUF_MAX, 717 .mode = 0444, 718 .proc_handler = proc_tcp_available_congestion_control, 719 }, 720 { 721 .procname = "tcp_allowed_congestion_control", 722 .maxlen = TCP_CA_BUF_MAX, 723 .mode = 0644, 724 .proc_handler = proc_allowed_congestion_control, 725 }, 726 { 727 .procname = "tcp_max_ssthresh", 728 .data = &sysctl_tcp_max_ssthresh, 729 .maxlen = sizeof(int), 730 .mode = 0644, 731 .proc_handler = proc_dointvec, 732 }, 733 { 734 .procname = "tcp_thin_linear_timeouts", 735 .data = &sysctl_tcp_thin_linear_timeouts, 736 .maxlen = sizeof(int), 737 .mode = 0644, 738 .proc_handler = proc_dointvec 739 }, 740 { 741 .procname = "tcp_thin_dupack", 742 .data = &sysctl_tcp_thin_dupack, 743 .maxlen = sizeof(int), 744 .mode = 0644, 745 .proc_handler = proc_dointvec 746 }, 747 { 748 .procname = "tcp_early_retrans", 749 .data = &sysctl_tcp_early_retrans, 750 .maxlen = sizeof(int), 751 .mode = 0644, 752 .proc_handler = proc_dointvec_minmax, 753 .extra1 = &zero, 754 .extra2 = &four, 755 }, 756 { 757 .procname = "udp_mem", 758 .data = &sysctl_udp_mem, 759 .maxlen = sizeof(sysctl_udp_mem), 760 .mode = 0644, 761 .proc_handler = proc_doulongvec_minmax, 762 }, 763 { 764 .procname = "udp_rmem_min", 765 .data = &sysctl_udp_rmem_min, 766 .maxlen = sizeof(sysctl_udp_rmem_min), 767 .mode = 0644, 768 .proc_handler = proc_dointvec_minmax, 769 .extra1 = &one 770 }, 771 { 772 .procname = "udp_wmem_min", 773 .data = &sysctl_udp_wmem_min, 774 .maxlen = sizeof(sysctl_udp_wmem_min), 775 .mode = 0644, 776 .proc_handler = proc_dointvec_minmax, 777 .extra1 = &one 778 }, 779 { } 780 }; 781 782 static struct ctl_table ipv4_net_table[] = { 783 { 784 .procname = "icmp_echo_ignore_all", 785 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 786 .maxlen = sizeof(int), 787 .mode = 0644, 788 .proc_handler = proc_dointvec 789 }, 790 { 791 .procname = "icmp_echo_ignore_broadcasts", 792 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 793 .maxlen = sizeof(int), 794 .mode = 0644, 795 .proc_handler = proc_dointvec 796 }, 797 { 798 .procname = "icmp_ignore_bogus_error_responses", 799 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 800 .maxlen = sizeof(int), 801 .mode = 0644, 802 .proc_handler = proc_dointvec 803 }, 804 { 805 .procname = "icmp_errors_use_inbound_ifaddr", 806 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 807 .maxlen = sizeof(int), 808 .mode = 0644, 809 .proc_handler = proc_dointvec 810 }, 811 { 812 .procname = "icmp_ratelimit", 813 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 814 .maxlen = sizeof(int), 815 .mode = 0644, 816 .proc_handler = proc_dointvec_ms_jiffies, 817 }, 818 { 819 .procname = "icmp_ratemask", 820 .data = &init_net.ipv4.sysctl_icmp_ratemask, 821 .maxlen = sizeof(int), 822 .mode = 0644, 823 .proc_handler = proc_dointvec 824 }, 825 { 826 .procname = "ping_group_range", 827 .data = &init_net.ipv4.sysctl_ping_group_range, 828 .maxlen = sizeof(gid_t)*2, 829 .mode = 0644, 830 .proc_handler = ipv4_ping_group_range, 831 }, 832 { 833 .procname = "tcp_ecn", 834 .data = &init_net.ipv4.sysctl_tcp_ecn, 835 .maxlen = sizeof(int), 836 .mode = 0644, 837 .proc_handler = proc_dointvec 838 }, 839 { 840 .procname = "tcp_mem", 841 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem), 842 .mode = 0644, 843 .proc_handler = ipv4_tcp_mem, 844 }, 845 { } 846 }; 847 848 static __net_init int ipv4_sysctl_init_net(struct net *net) 849 { 850 struct ctl_table *table; 851 852 table = ipv4_net_table; 853 if (!net_eq(net, &init_net)) { 854 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 855 if (table == NULL) 856 goto err_alloc; 857 858 table[0].data = 859 &net->ipv4.sysctl_icmp_echo_ignore_all; 860 table[1].data = 861 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; 862 table[2].data = 863 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; 864 table[3].data = 865 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; 866 table[4].data = 867 &net->ipv4.sysctl_icmp_ratelimit; 868 table[5].data = 869 &net->ipv4.sysctl_icmp_ratemask; 870 table[6].data = 871 &net->ipv4.sysctl_ping_group_range; 872 table[7].data = 873 &net->ipv4.sysctl_tcp_ecn; 874 875 /* Don't export sysctls to unprivileged users */ 876 if (net->user_ns != &init_user_ns) 877 table[0].procname = NULL; 878 } 879 880 /* 881 * Sane defaults - nobody may create ping sockets. 882 * Boot scripts should set this to distro-specific group. 883 */ 884 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1); 885 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0); 886 887 tcp_init_mem(net); 888 889 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 890 if (net->ipv4.ipv4_hdr == NULL) 891 goto err_reg; 892 893 return 0; 894 895 err_reg: 896 if (!net_eq(net, &init_net)) 897 kfree(table); 898 err_alloc: 899 return -ENOMEM; 900 } 901 902 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 903 { 904 struct ctl_table *table; 905 906 table = net->ipv4.ipv4_hdr->ctl_table_arg; 907 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 908 kfree(table); 909 } 910 911 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 912 .init = ipv4_sysctl_init_net, 913 .exit = ipv4_sysctl_exit_net, 914 }; 915 916 static __init int sysctl_ipv4_init(void) 917 { 918 struct ctl_table_header *hdr; 919 struct ctl_table *i; 920 921 for (i = ipv4_table; i->procname; i++) { 922 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { 923 i->data = sysctl_local_reserved_ports; 924 break; 925 } 926 } 927 if (!i->procname) 928 return -EINVAL; 929 930 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 931 if (hdr == NULL) 932 return -ENOMEM; 933 934 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 935 unregister_net_sysctl_table(hdr); 936 return -ENOMEM; 937 } 938 939 return 0; 940 } 941 942 __initcall(sysctl_ipv4_init); 943