1 /* 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 3 * 4 * Begun April 1, 1996, Mike Shaver. 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 6 */ 7 8 #include <linux/mm.h> 9 #include <linux/module.h> 10 #include <linux/sysctl.h> 11 #include <linux/igmp.h> 12 #include <linux/inetdevice.h> 13 #include <linux/seqlock.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/nsproxy.h> 17 #include <linux/swap.h> 18 #include <net/snmp.h> 19 #include <net/icmp.h> 20 #include <net/ip.h> 21 #include <net/route.h> 22 #include <net/tcp.h> 23 #include <net/udp.h> 24 #include <net/cipso_ipv4.h> 25 #include <net/inet_frag.h> 26 #include <net/ping.h> 27 #include <net/tcp_memcontrol.h> 28 29 static int zero; 30 static int two = 2; 31 static int tcp_retr1_max = 255; 32 static int ip_local_port_range_min[] = { 1, 1 }; 33 static int ip_local_port_range_max[] = { 65535, 65535 }; 34 static int tcp_adv_win_scale_min = -31; 35 static int tcp_adv_win_scale_max = 31; 36 static int ip_ttl_min = 1; 37 static int ip_ttl_max = 255; 38 static int ip_ping_group_range_min[] = { 0, 0 }; 39 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 40 41 /* Update system visible IP port range */ 42 static void set_local_port_range(int range[2]) 43 { 44 write_seqlock(&sysctl_local_ports.lock); 45 sysctl_local_ports.range[0] = range[0]; 46 sysctl_local_ports.range[1] = range[1]; 47 write_sequnlock(&sysctl_local_ports.lock); 48 } 49 50 /* Validate changes from /proc interface. */ 51 static int ipv4_local_port_range(ctl_table *table, int write, 52 void __user *buffer, 53 size_t *lenp, loff_t *ppos) 54 { 55 int ret; 56 int range[2]; 57 ctl_table tmp = { 58 .data = &range, 59 .maxlen = sizeof(range), 60 .mode = table->mode, 61 .extra1 = &ip_local_port_range_min, 62 .extra2 = &ip_local_port_range_max, 63 }; 64 65 inet_get_local_port_range(range, range + 1); 66 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 67 68 if (write && ret == 0) { 69 if (range[1] < range[0]) 70 ret = -EINVAL; 71 else 72 set_local_port_range(range); 73 } 74 75 return ret; 76 } 77 78 79 static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high) 80 { 81 gid_t *data = table->data; 82 unsigned int seq; 83 do { 84 seq = read_seqbegin(&sysctl_local_ports.lock); 85 86 *low = data[0]; 87 *high = data[1]; 88 } while (read_seqretry(&sysctl_local_ports.lock, seq)); 89 } 90 91 /* Update system visible IP port range */ 92 static void set_ping_group_range(struct ctl_table *table, gid_t range[2]) 93 { 94 gid_t *data = table->data; 95 write_seqlock(&sysctl_local_ports.lock); 96 data[0] = range[0]; 97 data[1] = range[1]; 98 write_sequnlock(&sysctl_local_ports.lock); 99 } 100 101 /* Validate changes from /proc interface. */ 102 static int ipv4_ping_group_range(ctl_table *table, int write, 103 void __user *buffer, 104 size_t *lenp, loff_t *ppos) 105 { 106 int ret; 107 gid_t range[2]; 108 ctl_table tmp = { 109 .data = &range, 110 .maxlen = sizeof(range), 111 .mode = table->mode, 112 .extra1 = &ip_ping_group_range_min, 113 .extra2 = &ip_ping_group_range_max, 114 }; 115 116 inet_get_ping_group_range_table(table, range, range + 1); 117 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 118 119 if (write && ret == 0) 120 set_ping_group_range(table, range); 121 122 return ret; 123 } 124 125 static int proc_tcp_congestion_control(ctl_table *ctl, int write, 126 void __user *buffer, size_t *lenp, loff_t *ppos) 127 { 128 char val[TCP_CA_NAME_MAX]; 129 ctl_table tbl = { 130 .data = val, 131 .maxlen = TCP_CA_NAME_MAX, 132 }; 133 int ret; 134 135 tcp_get_default_congestion_control(val); 136 137 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 138 if (write && ret == 0) 139 ret = tcp_set_default_congestion_control(val); 140 return ret; 141 } 142 143 static int proc_tcp_available_congestion_control(ctl_table *ctl, 144 int write, 145 void __user *buffer, size_t *lenp, 146 loff_t *ppos) 147 { 148 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 149 int ret; 150 151 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 152 if (!tbl.data) 153 return -ENOMEM; 154 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 155 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 156 kfree(tbl.data); 157 return ret; 158 } 159 160 static int proc_allowed_congestion_control(ctl_table *ctl, 161 int write, 162 void __user *buffer, size_t *lenp, 163 loff_t *ppos) 164 { 165 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 166 int ret; 167 168 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 169 if (!tbl.data) 170 return -ENOMEM; 171 172 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 173 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 174 if (write && ret == 0) 175 ret = tcp_set_allowed_congestion_control(tbl.data); 176 kfree(tbl.data); 177 return ret; 178 } 179 180 static int ipv4_tcp_mem(ctl_table *ctl, int write, 181 void __user *buffer, size_t *lenp, 182 loff_t *ppos) 183 { 184 int ret; 185 unsigned long vec[3]; 186 struct net *net = current->nsproxy->net_ns; 187 #ifdef CONFIG_MEMCG_KMEM 188 struct mem_cgroup *memcg; 189 #endif 190 191 ctl_table tmp = { 192 .data = &vec, 193 .maxlen = sizeof(vec), 194 .mode = ctl->mode, 195 }; 196 197 if (!write) { 198 ctl->data = &net->ipv4.sysctl_tcp_mem; 199 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos); 200 } 201 202 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); 203 if (ret) 204 return ret; 205 206 #ifdef CONFIG_MEMCG_KMEM 207 rcu_read_lock(); 208 memcg = mem_cgroup_from_task(current); 209 210 tcp_prot_mem(memcg, vec[0], 0); 211 tcp_prot_mem(memcg, vec[1], 1); 212 tcp_prot_mem(memcg, vec[2], 2); 213 rcu_read_unlock(); 214 #endif 215 216 net->ipv4.sysctl_tcp_mem[0] = vec[0]; 217 net->ipv4.sysctl_tcp_mem[1] = vec[1]; 218 net->ipv4.sysctl_tcp_mem[2] = vec[2]; 219 220 return 0; 221 } 222 223 static struct ctl_table ipv4_table[] = { 224 { 225 .procname = "tcp_timestamps", 226 .data = &sysctl_tcp_timestamps, 227 .maxlen = sizeof(int), 228 .mode = 0644, 229 .proc_handler = proc_dointvec 230 }, 231 { 232 .procname = "tcp_window_scaling", 233 .data = &sysctl_tcp_window_scaling, 234 .maxlen = sizeof(int), 235 .mode = 0644, 236 .proc_handler = proc_dointvec 237 }, 238 { 239 .procname = "tcp_sack", 240 .data = &sysctl_tcp_sack, 241 .maxlen = sizeof(int), 242 .mode = 0644, 243 .proc_handler = proc_dointvec 244 }, 245 { 246 .procname = "tcp_retrans_collapse", 247 .data = &sysctl_tcp_retrans_collapse, 248 .maxlen = sizeof(int), 249 .mode = 0644, 250 .proc_handler = proc_dointvec 251 }, 252 { 253 .procname = "ip_default_ttl", 254 .data = &sysctl_ip_default_ttl, 255 .maxlen = sizeof(int), 256 .mode = 0644, 257 .proc_handler = proc_dointvec_minmax, 258 .extra1 = &ip_ttl_min, 259 .extra2 = &ip_ttl_max, 260 }, 261 { 262 .procname = "ip_no_pmtu_disc", 263 .data = &ipv4_config.no_pmtu_disc, 264 .maxlen = sizeof(int), 265 .mode = 0644, 266 .proc_handler = proc_dointvec 267 }, 268 { 269 .procname = "ip_nonlocal_bind", 270 .data = &sysctl_ip_nonlocal_bind, 271 .maxlen = sizeof(int), 272 .mode = 0644, 273 .proc_handler = proc_dointvec 274 }, 275 { 276 .procname = "tcp_syn_retries", 277 .data = &sysctl_tcp_syn_retries, 278 .maxlen = sizeof(int), 279 .mode = 0644, 280 .proc_handler = proc_dointvec 281 }, 282 { 283 .procname = "tcp_synack_retries", 284 .data = &sysctl_tcp_synack_retries, 285 .maxlen = sizeof(int), 286 .mode = 0644, 287 .proc_handler = proc_dointvec 288 }, 289 { 290 .procname = "tcp_max_orphans", 291 .data = &sysctl_tcp_max_orphans, 292 .maxlen = sizeof(int), 293 .mode = 0644, 294 .proc_handler = proc_dointvec 295 }, 296 { 297 .procname = "tcp_max_tw_buckets", 298 .data = &tcp_death_row.sysctl_max_tw_buckets, 299 .maxlen = sizeof(int), 300 .mode = 0644, 301 .proc_handler = proc_dointvec 302 }, 303 { 304 .procname = "ip_early_demux", 305 .data = &sysctl_ip_early_demux, 306 .maxlen = sizeof(int), 307 .mode = 0644, 308 .proc_handler = proc_dointvec 309 }, 310 { 311 .procname = "ip_dynaddr", 312 .data = &sysctl_ip_dynaddr, 313 .maxlen = sizeof(int), 314 .mode = 0644, 315 .proc_handler = proc_dointvec 316 }, 317 { 318 .procname = "tcp_keepalive_time", 319 .data = &sysctl_tcp_keepalive_time, 320 .maxlen = sizeof(int), 321 .mode = 0644, 322 .proc_handler = proc_dointvec_jiffies, 323 }, 324 { 325 .procname = "tcp_keepalive_probes", 326 .data = &sysctl_tcp_keepalive_probes, 327 .maxlen = sizeof(int), 328 .mode = 0644, 329 .proc_handler = proc_dointvec 330 }, 331 { 332 .procname = "tcp_keepalive_intvl", 333 .data = &sysctl_tcp_keepalive_intvl, 334 .maxlen = sizeof(int), 335 .mode = 0644, 336 .proc_handler = proc_dointvec_jiffies, 337 }, 338 { 339 .procname = "tcp_retries1", 340 .data = &sysctl_tcp_retries1, 341 .maxlen = sizeof(int), 342 .mode = 0644, 343 .proc_handler = proc_dointvec_minmax, 344 .extra2 = &tcp_retr1_max 345 }, 346 { 347 .procname = "tcp_retries2", 348 .data = &sysctl_tcp_retries2, 349 .maxlen = sizeof(int), 350 .mode = 0644, 351 .proc_handler = proc_dointvec 352 }, 353 { 354 .procname = "tcp_fin_timeout", 355 .data = &sysctl_tcp_fin_timeout, 356 .maxlen = sizeof(int), 357 .mode = 0644, 358 .proc_handler = proc_dointvec_jiffies, 359 }, 360 #ifdef CONFIG_SYN_COOKIES 361 { 362 .procname = "tcp_syncookies", 363 .data = &sysctl_tcp_syncookies, 364 .maxlen = sizeof(int), 365 .mode = 0644, 366 .proc_handler = proc_dointvec 367 }, 368 #endif 369 { 370 .procname = "tcp_fastopen", 371 .data = &sysctl_tcp_fastopen, 372 .maxlen = sizeof(int), 373 .mode = 0644, 374 .proc_handler = proc_dointvec, 375 }, 376 { 377 .procname = "tcp_tw_recycle", 378 .data = &tcp_death_row.sysctl_tw_recycle, 379 .maxlen = sizeof(int), 380 .mode = 0644, 381 .proc_handler = proc_dointvec 382 }, 383 { 384 .procname = "tcp_abort_on_overflow", 385 .data = &sysctl_tcp_abort_on_overflow, 386 .maxlen = sizeof(int), 387 .mode = 0644, 388 .proc_handler = proc_dointvec 389 }, 390 { 391 .procname = "tcp_stdurg", 392 .data = &sysctl_tcp_stdurg, 393 .maxlen = sizeof(int), 394 .mode = 0644, 395 .proc_handler = proc_dointvec 396 }, 397 { 398 .procname = "tcp_rfc1337", 399 .data = &sysctl_tcp_rfc1337, 400 .maxlen = sizeof(int), 401 .mode = 0644, 402 .proc_handler = proc_dointvec 403 }, 404 { 405 .procname = "tcp_max_syn_backlog", 406 .data = &sysctl_max_syn_backlog, 407 .maxlen = sizeof(int), 408 .mode = 0644, 409 .proc_handler = proc_dointvec 410 }, 411 { 412 .procname = "ip_local_port_range", 413 .data = &sysctl_local_ports.range, 414 .maxlen = sizeof(sysctl_local_ports.range), 415 .mode = 0644, 416 .proc_handler = ipv4_local_port_range, 417 }, 418 { 419 .procname = "ip_local_reserved_ports", 420 .data = NULL, /* initialized in sysctl_ipv4_init */ 421 .maxlen = 65536, 422 .mode = 0644, 423 .proc_handler = proc_do_large_bitmap, 424 }, 425 { 426 .procname = "igmp_max_memberships", 427 .data = &sysctl_igmp_max_memberships, 428 .maxlen = sizeof(int), 429 .mode = 0644, 430 .proc_handler = proc_dointvec 431 }, 432 { 433 .procname = "igmp_max_msf", 434 .data = &sysctl_igmp_max_msf, 435 .maxlen = sizeof(int), 436 .mode = 0644, 437 .proc_handler = proc_dointvec 438 }, 439 { 440 .procname = "inet_peer_threshold", 441 .data = &inet_peer_threshold, 442 .maxlen = sizeof(int), 443 .mode = 0644, 444 .proc_handler = proc_dointvec 445 }, 446 { 447 .procname = "inet_peer_minttl", 448 .data = &inet_peer_minttl, 449 .maxlen = sizeof(int), 450 .mode = 0644, 451 .proc_handler = proc_dointvec_jiffies, 452 }, 453 { 454 .procname = "inet_peer_maxttl", 455 .data = &inet_peer_maxttl, 456 .maxlen = sizeof(int), 457 .mode = 0644, 458 .proc_handler = proc_dointvec_jiffies, 459 }, 460 { 461 .procname = "tcp_orphan_retries", 462 .data = &sysctl_tcp_orphan_retries, 463 .maxlen = sizeof(int), 464 .mode = 0644, 465 .proc_handler = proc_dointvec 466 }, 467 { 468 .procname = "tcp_fack", 469 .data = &sysctl_tcp_fack, 470 .maxlen = sizeof(int), 471 .mode = 0644, 472 .proc_handler = proc_dointvec 473 }, 474 { 475 .procname = "tcp_reordering", 476 .data = &sysctl_tcp_reordering, 477 .maxlen = sizeof(int), 478 .mode = 0644, 479 .proc_handler = proc_dointvec 480 }, 481 { 482 .procname = "tcp_ecn", 483 .data = &sysctl_tcp_ecn, 484 .maxlen = sizeof(int), 485 .mode = 0644, 486 .proc_handler = proc_dointvec 487 }, 488 { 489 .procname = "tcp_dsack", 490 .data = &sysctl_tcp_dsack, 491 .maxlen = sizeof(int), 492 .mode = 0644, 493 .proc_handler = proc_dointvec 494 }, 495 { 496 .procname = "tcp_wmem", 497 .data = &sysctl_tcp_wmem, 498 .maxlen = sizeof(sysctl_tcp_wmem), 499 .mode = 0644, 500 .proc_handler = proc_dointvec 501 }, 502 { 503 .procname = "tcp_rmem", 504 .data = &sysctl_tcp_rmem, 505 .maxlen = sizeof(sysctl_tcp_rmem), 506 .mode = 0644, 507 .proc_handler = proc_dointvec 508 }, 509 { 510 .procname = "tcp_app_win", 511 .data = &sysctl_tcp_app_win, 512 .maxlen = sizeof(int), 513 .mode = 0644, 514 .proc_handler = proc_dointvec 515 }, 516 { 517 .procname = "tcp_adv_win_scale", 518 .data = &sysctl_tcp_adv_win_scale, 519 .maxlen = sizeof(int), 520 .mode = 0644, 521 .proc_handler = proc_dointvec_minmax, 522 .extra1 = &tcp_adv_win_scale_min, 523 .extra2 = &tcp_adv_win_scale_max, 524 }, 525 { 526 .procname = "tcp_tw_reuse", 527 .data = &sysctl_tcp_tw_reuse, 528 .maxlen = sizeof(int), 529 .mode = 0644, 530 .proc_handler = proc_dointvec 531 }, 532 { 533 .procname = "tcp_frto", 534 .data = &sysctl_tcp_frto, 535 .maxlen = sizeof(int), 536 .mode = 0644, 537 .proc_handler = proc_dointvec 538 }, 539 { 540 .procname = "tcp_frto_response", 541 .data = &sysctl_tcp_frto_response, 542 .maxlen = sizeof(int), 543 .mode = 0644, 544 .proc_handler = proc_dointvec 545 }, 546 { 547 .procname = "tcp_low_latency", 548 .data = &sysctl_tcp_low_latency, 549 .maxlen = sizeof(int), 550 .mode = 0644, 551 .proc_handler = proc_dointvec 552 }, 553 { 554 .procname = "tcp_no_metrics_save", 555 .data = &sysctl_tcp_nometrics_save, 556 .maxlen = sizeof(int), 557 .mode = 0644, 558 .proc_handler = proc_dointvec, 559 }, 560 { 561 .procname = "tcp_moderate_rcvbuf", 562 .data = &sysctl_tcp_moderate_rcvbuf, 563 .maxlen = sizeof(int), 564 .mode = 0644, 565 .proc_handler = proc_dointvec, 566 }, 567 { 568 .procname = "tcp_tso_win_divisor", 569 .data = &sysctl_tcp_tso_win_divisor, 570 .maxlen = sizeof(int), 571 .mode = 0644, 572 .proc_handler = proc_dointvec, 573 }, 574 { 575 .procname = "tcp_congestion_control", 576 .mode = 0644, 577 .maxlen = TCP_CA_NAME_MAX, 578 .proc_handler = proc_tcp_congestion_control, 579 }, 580 { 581 .procname = "tcp_abc", 582 .data = &sysctl_tcp_abc, 583 .maxlen = sizeof(int), 584 .mode = 0644, 585 .proc_handler = proc_dointvec, 586 }, 587 { 588 .procname = "tcp_mtu_probing", 589 .data = &sysctl_tcp_mtu_probing, 590 .maxlen = sizeof(int), 591 .mode = 0644, 592 .proc_handler = proc_dointvec, 593 }, 594 { 595 .procname = "tcp_base_mss", 596 .data = &sysctl_tcp_base_mss, 597 .maxlen = sizeof(int), 598 .mode = 0644, 599 .proc_handler = proc_dointvec, 600 }, 601 { 602 .procname = "tcp_workaround_signed_windows", 603 .data = &sysctl_tcp_workaround_signed_windows, 604 .maxlen = sizeof(int), 605 .mode = 0644, 606 .proc_handler = proc_dointvec 607 }, 608 { 609 .procname = "tcp_limit_output_bytes", 610 .data = &sysctl_tcp_limit_output_bytes, 611 .maxlen = sizeof(int), 612 .mode = 0644, 613 .proc_handler = proc_dointvec 614 }, 615 { 616 .procname = "tcp_challenge_ack_limit", 617 .data = &sysctl_tcp_challenge_ack_limit, 618 .maxlen = sizeof(int), 619 .mode = 0644, 620 .proc_handler = proc_dointvec 621 }, 622 #ifdef CONFIG_NET_DMA 623 { 624 .procname = "tcp_dma_copybreak", 625 .data = &sysctl_tcp_dma_copybreak, 626 .maxlen = sizeof(int), 627 .mode = 0644, 628 .proc_handler = proc_dointvec 629 }, 630 #endif 631 { 632 .procname = "tcp_slow_start_after_idle", 633 .data = &sysctl_tcp_slow_start_after_idle, 634 .maxlen = sizeof(int), 635 .mode = 0644, 636 .proc_handler = proc_dointvec 637 }, 638 #ifdef CONFIG_NETLABEL 639 { 640 .procname = "cipso_cache_enable", 641 .data = &cipso_v4_cache_enabled, 642 .maxlen = sizeof(int), 643 .mode = 0644, 644 .proc_handler = proc_dointvec, 645 }, 646 { 647 .procname = "cipso_cache_bucket_size", 648 .data = &cipso_v4_cache_bucketsize, 649 .maxlen = sizeof(int), 650 .mode = 0644, 651 .proc_handler = proc_dointvec, 652 }, 653 { 654 .procname = "cipso_rbm_optfmt", 655 .data = &cipso_v4_rbm_optfmt, 656 .maxlen = sizeof(int), 657 .mode = 0644, 658 .proc_handler = proc_dointvec, 659 }, 660 { 661 .procname = "cipso_rbm_strictvalid", 662 .data = &cipso_v4_rbm_strictvalid, 663 .maxlen = sizeof(int), 664 .mode = 0644, 665 .proc_handler = proc_dointvec, 666 }, 667 #endif /* CONFIG_NETLABEL */ 668 { 669 .procname = "tcp_available_congestion_control", 670 .maxlen = TCP_CA_BUF_MAX, 671 .mode = 0444, 672 .proc_handler = proc_tcp_available_congestion_control, 673 }, 674 { 675 .procname = "tcp_allowed_congestion_control", 676 .maxlen = TCP_CA_BUF_MAX, 677 .mode = 0644, 678 .proc_handler = proc_allowed_congestion_control, 679 }, 680 { 681 .procname = "tcp_max_ssthresh", 682 .data = &sysctl_tcp_max_ssthresh, 683 .maxlen = sizeof(int), 684 .mode = 0644, 685 .proc_handler = proc_dointvec, 686 }, 687 { 688 .procname = "tcp_cookie_size", 689 .data = &sysctl_tcp_cookie_size, 690 .maxlen = sizeof(int), 691 .mode = 0644, 692 .proc_handler = proc_dointvec 693 }, 694 { 695 .procname = "tcp_thin_linear_timeouts", 696 .data = &sysctl_tcp_thin_linear_timeouts, 697 .maxlen = sizeof(int), 698 .mode = 0644, 699 .proc_handler = proc_dointvec 700 }, 701 { 702 .procname = "tcp_thin_dupack", 703 .data = &sysctl_tcp_thin_dupack, 704 .maxlen = sizeof(int), 705 .mode = 0644, 706 .proc_handler = proc_dointvec 707 }, 708 { 709 .procname = "tcp_early_retrans", 710 .data = &sysctl_tcp_early_retrans, 711 .maxlen = sizeof(int), 712 .mode = 0644, 713 .proc_handler = proc_dointvec_minmax, 714 .extra1 = &zero, 715 .extra2 = &two, 716 }, 717 { 718 .procname = "udp_mem", 719 .data = &sysctl_udp_mem, 720 .maxlen = sizeof(sysctl_udp_mem), 721 .mode = 0644, 722 .proc_handler = proc_doulongvec_minmax, 723 }, 724 { 725 .procname = "udp_rmem_min", 726 .data = &sysctl_udp_rmem_min, 727 .maxlen = sizeof(sysctl_udp_rmem_min), 728 .mode = 0644, 729 .proc_handler = proc_dointvec_minmax, 730 .extra1 = &zero 731 }, 732 { 733 .procname = "udp_wmem_min", 734 .data = &sysctl_udp_wmem_min, 735 .maxlen = sizeof(sysctl_udp_wmem_min), 736 .mode = 0644, 737 .proc_handler = proc_dointvec_minmax, 738 .extra1 = &zero 739 }, 740 { } 741 }; 742 743 static struct ctl_table ipv4_net_table[] = { 744 { 745 .procname = "icmp_echo_ignore_all", 746 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 747 .maxlen = sizeof(int), 748 .mode = 0644, 749 .proc_handler = proc_dointvec 750 }, 751 { 752 .procname = "icmp_echo_ignore_broadcasts", 753 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 754 .maxlen = sizeof(int), 755 .mode = 0644, 756 .proc_handler = proc_dointvec 757 }, 758 { 759 .procname = "icmp_ignore_bogus_error_responses", 760 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 761 .maxlen = sizeof(int), 762 .mode = 0644, 763 .proc_handler = proc_dointvec 764 }, 765 { 766 .procname = "icmp_errors_use_inbound_ifaddr", 767 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 768 .maxlen = sizeof(int), 769 .mode = 0644, 770 .proc_handler = proc_dointvec 771 }, 772 { 773 .procname = "icmp_ratelimit", 774 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 775 .maxlen = sizeof(int), 776 .mode = 0644, 777 .proc_handler = proc_dointvec_ms_jiffies, 778 }, 779 { 780 .procname = "icmp_ratemask", 781 .data = &init_net.ipv4.sysctl_icmp_ratemask, 782 .maxlen = sizeof(int), 783 .mode = 0644, 784 .proc_handler = proc_dointvec 785 }, 786 { 787 .procname = "ping_group_range", 788 .data = &init_net.ipv4.sysctl_ping_group_range, 789 .maxlen = sizeof(init_net.ipv4.sysctl_ping_group_range), 790 .mode = 0644, 791 .proc_handler = ipv4_ping_group_range, 792 }, 793 { 794 .procname = "tcp_mem", 795 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem), 796 .mode = 0644, 797 .proc_handler = ipv4_tcp_mem, 798 }, 799 { } 800 }; 801 802 static __net_init int ipv4_sysctl_init_net(struct net *net) 803 { 804 struct ctl_table *table; 805 806 table = ipv4_net_table; 807 if (!net_eq(net, &init_net)) { 808 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 809 if (table == NULL) 810 goto err_alloc; 811 812 table[0].data = 813 &net->ipv4.sysctl_icmp_echo_ignore_all; 814 table[1].data = 815 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; 816 table[2].data = 817 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; 818 table[3].data = 819 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; 820 table[4].data = 821 &net->ipv4.sysctl_icmp_ratelimit; 822 table[5].data = 823 &net->ipv4.sysctl_icmp_ratemask; 824 table[6].data = 825 &net->ipv4.sysctl_ping_group_range; 826 827 } 828 829 /* 830 * Sane defaults - nobody may create ping sockets. 831 * Boot scripts should set this to distro-specific group. 832 */ 833 net->ipv4.sysctl_ping_group_range[0] = 1; 834 net->ipv4.sysctl_ping_group_range[1] = 0; 835 836 tcp_init_mem(net); 837 838 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 839 if (net->ipv4.ipv4_hdr == NULL) 840 goto err_reg; 841 842 return 0; 843 844 err_reg: 845 if (!net_eq(net, &init_net)) 846 kfree(table); 847 err_alloc: 848 return -ENOMEM; 849 } 850 851 static __net_exit void ipv4_sysctl_exit_net(struct net *net) 852 { 853 struct ctl_table *table; 854 855 table = net->ipv4.ipv4_hdr->ctl_table_arg; 856 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 857 kfree(table); 858 } 859 860 static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 861 .init = ipv4_sysctl_init_net, 862 .exit = ipv4_sysctl_exit_net, 863 }; 864 865 static __init int sysctl_ipv4_init(void) 866 { 867 struct ctl_table_header *hdr; 868 struct ctl_table *i; 869 870 for (i = ipv4_table; i->procname; i++) { 871 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { 872 i->data = sysctl_local_reserved_ports; 873 break; 874 } 875 } 876 if (!i->procname) 877 return -EINVAL; 878 879 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 880 if (hdr == NULL) 881 return -ENOMEM; 882 883 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 884 unregister_net_sysctl_table(hdr); 885 return -ENOMEM; 886 } 887 888 return 0; 889 } 890 891 __initcall(sysctl_ipv4_init); 892