1
2
3
4
5
6
7
8#include <linux/mm.h>
9#include <linux/module.h>
10#include <linux/sysctl.h>
11#include <linux/igmp.h>
12#include <linux/inetdevice.h>
13#include <linux/seqlock.h>
14#include <linux/init.h>
15#include <linux/slab.h>
16#include <linux/nsproxy.h>
17#include <linux/swap.h>
18#include <net/snmp.h>
19#include <net/icmp.h>
20#include <net/ip.h>
21#include <net/route.h>
22#include <net/tcp.h>
23#include <net/udp.h>
24#include <net/cipso_ipv4.h>
25#include <net/inet_frag.h>
26#include <net/ping.h>
27#include <net/tcp_memcontrol.h>
28#include <net/netevent.h>
29
30static int zero;
31static int one = 1;
32static int four = 4;
33static int gso_max_segs = GSO_MAX_SEGS;
34static int tcp_retr1_max = 255;
35static int ip_local_port_range_min[] = { 1, 1 };
36static int ip_local_port_range_max[] = { 65535, 65535 };
37static int tcp_adv_win_scale_min = -31;
38static int tcp_adv_win_scale_max = 31;
39static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS;
40static int tcp_min_snd_mss_max = 65535;
41static int ip_ttl_min = 1;
42static int ip_ttl_max = 255;
43static int tcp_syn_retries_min = 1;
44static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
45static int ip_ping_group_range_min[] = { 0, 0 };
46static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
47
48static int rhel_unused_sysctl __read_mostly;
49
50
51static void set_local_port_range(struct net *net, int range[2])
52{
53 bool same_parity = !((range[0] ^ range[1]) & 1);
54
55 write_seqlock(&net->ipv4_sysctl_local_ports.lock);
56 if (same_parity && !net->ip_local_ports_warned) {
57 net->ip_local_ports_warned = true;
58 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
59 }
60 net->ipv4_sysctl_local_ports.range[0] = range[0];
61 net->ipv4_sysctl_local_ports.range[1] = range[1];
62 write_sequnlock(&net->ipv4_sysctl_local_ports.lock);
63}
64
65
66static int ipv4_local_port_range(struct ctl_table *table, int write,
67 void __user *buffer,
68 size_t *lenp, loff_t *ppos)
69{
70 struct net *net =
71 container_of(table->data, struct net, ipv4_sysctl_local_ports.range);
72 int ret;
73 int range[2];
74 struct ctl_table tmp = {
75 .data = &range,
76 .maxlen = sizeof(range),
77 .mode = table->mode,
78 .extra1 = &ip_local_port_range_min,
79 .extra2 = &ip_local_port_range_max,
80 };
81
82 inet_get_local_port_range(net, &range[0], &range[1]);
83
84 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
85
86 if (write && ret == 0) {
87 if (range[1] < range[0])
88 ret = -EINVAL;
89 else
90 set_local_port_range(net, range);
91 }
92
93 return ret;
94}
95
96
97static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
98{
99 kgid_t *data = table->data;
100 struct net *net =
101 container_of(table->data, struct net, ipv4.sysctl_ping_group_range);
102 unsigned int seq;
103 do {
104 seq = read_seqbegin(&net->ipv4_sysctl_local_ports.lock);
105
106 *low = data[0];
107 *high = data[1];
108 } while (read_seqretry(&net->ipv4_sysctl_local_ports.lock, seq));
109}
110
111
112static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
113{
114 kgid_t *data = table->data;
115 struct net *net =
116 container_of(table->data, struct net, ipv4.sysctl_ping_group_range);
117 write_seqlock(&net->ipv4_sysctl_local_ports.lock);
118 data[0] = low;
119 data[1] = high;
120 write_sequnlock(&net->ipv4_sysctl_local_ports.lock);
121}
122
123
124static int ipv4_ping_group_range(struct ctl_table *table, int write,
125 void __user *buffer,
126 size_t *lenp, loff_t *ppos)
127{
128 struct user_namespace *user_ns = current_user_ns();
129 int ret;
130 gid_t urange[2];
131 kgid_t low, high;
132 struct ctl_table tmp = {
133 .data = &urange,
134 .maxlen = sizeof(urange),
135 .mode = table->mode,
136 .extra1 = &ip_ping_group_range_min,
137 .extra2 = &ip_ping_group_range_max,
138 };
139
140 inet_get_ping_group_range_table(table, &low, &high);
141 urange[0] = from_kgid_munged(user_ns, low);
142 urange[1] = from_kgid_munged(user_ns, high);
143 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
144
145 if (write && ret == 0) {
146 low = make_kgid(user_ns, urange[0]);
147 high = make_kgid(user_ns, urange[1]);
148 if (!gid_valid(low) || !gid_valid(high) ||
149 (urange[1] < urange[0]) || gid_lt(high, low)) {
150 low = make_kgid(&init_user_ns, 1);
151 high = make_kgid(&init_user_ns, 0);
152 }
153 set_ping_group_range(table, low, high);
154 }
155
156 return ret;
157}
158
159static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
160 void __user *buffer, size_t *lenp, loff_t *ppos)
161{
162 char val[TCP_CA_NAME_MAX];
163 struct ctl_table tbl = {
164 .data = val,
165 .maxlen = TCP_CA_NAME_MAX,
166 };
167 int ret;
168
169 tcp_get_default_congestion_control(val);
170
171 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
172 if (write && ret == 0)
173 ret = tcp_set_default_congestion_control(val);
174 return ret;
175}
176
177static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
178 int write,
179 void __user *buffer, size_t *lenp,
180 loff_t *ppos)
181{
182 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
183 int ret;
184
185 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
186 if (!tbl.data)
187 return -ENOMEM;
188 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
189 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
190 kfree(tbl.data);
191 return ret;
192}
193
194static int proc_allowed_congestion_control(struct ctl_table *ctl,
195 int write,
196 void __user *buffer, size_t *lenp,
197 loff_t *ppos)
198{
199 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
200 int ret;
201
202 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
203 if (!tbl.data)
204 return -ENOMEM;
205
206 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
207 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
208 if (write && ret == 0)
209 ret = tcp_set_allowed_congestion_control(tbl.data);
210 kfree(tbl.data);
211 return ret;
212}
213
214static int ipv4_tcp_mem(struct ctl_table *ctl, int write,
215 void __user *buffer, size_t *lenp,
216 loff_t *ppos)
217{
218 int ret;
219 unsigned long vec[3];
220 struct net *net = current->nsproxy->net_ns;
221#ifdef CONFIG_MEMCG_KMEM
222 struct mem_cgroup *memcg;
223#endif
224
225 struct ctl_table tmp = {
226 .data = &vec,
227 .maxlen = sizeof(vec),
228 .mode = ctl->mode,
229 };
230
231 if (!write) {
232 ctl->data = &net->ipv4.sysctl_tcp_mem;
233 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
234 }
235
236 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
237 if (ret)
238 return ret;
239
240#ifdef CONFIG_MEMCG_KMEM
241 rcu_read_lock();
242 memcg = mem_cgroup_from_task(current);
243
244 tcp_prot_mem(memcg, vec[0], 0);
245 tcp_prot_mem(memcg, vec[1], 1);
246 tcp_prot_mem(memcg, vec[2], 2);
247 rcu_read_unlock();
248#endif
249
250 net->ipv4.sysctl_tcp_mem[0] = vec[0];
251 net->ipv4.sysctl_tcp_mem[1] = vec[1];
252 net->ipv4.sysctl_tcp_mem[2] = vec[2];
253
254 return 0;
255}
256
257static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write,
258 void __user *buffer, size_t *lenp,
259 loff_t *ppos)
260{
261 struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
262 struct tcp_fastopen_context *ctxt;
263 int ret;
264 u32 user_key[4];
265
266 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
267 if (!tbl.data)
268 return -ENOMEM;
269
270 rcu_read_lock();
271 ctxt = rcu_dereference(tcp_fastopen_ctx);
272 if (ctxt)
273 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
274 else
275 memset(user_key, 0, sizeof(user_key));
276 rcu_read_unlock();
277
278 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
279 user_key[0], user_key[1], user_key[2], user_key[3]);
280 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
281
282 if (write && ret == 0) {
283 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
284 user_key + 2, user_key + 3) != 4) {
285 ret = -EINVAL;
286 goto bad_key;
287 }
288
289
290
291
292 tcp_fastopen_init_key_once(false);
293 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH);
294 }
295
296bad_key:
297 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
298 user_key[0], user_key[1], user_key[2], user_key[3],
299 (char *)tbl.data, ret);
300 kfree(tbl.data);
301 return ret;
302}
303
304#ifdef CONFIG_IP_ROUTE_MULTIPATH
305static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
306 void __user *buffer, size_t *lenp,
307 loff_t *ppos)
308{
309 struct net *net = container_of(table->data, struct net,
310 ipv4_sysctl_fib_multipath_hash_policy);
311 int ret;
312
313 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
314 if (write && ret == 0)
315 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
316
317 return ret;
318}
319#endif
320
321static struct ctl_table ipv4_table[] = {
322 {
323 .procname = "tcp_timestamps",
324 .data = &sysctl_tcp_timestamps,
325 .maxlen = sizeof(int),
326 .mode = 0644,
327 .proc_handler = proc_dointvec
328 },
329 {
330 .procname = "tcp_window_scaling",
331 .data = &sysctl_tcp_window_scaling,
332 .maxlen = sizeof(int),
333 .mode = 0644,
334 .proc_handler = proc_dointvec
335 },
336 {
337 .procname = "tcp_sack",
338 .data = &sysctl_tcp_sack,
339 .maxlen = sizeof(int),
340 .mode = 0644,
341 .proc_handler = proc_dointvec
342 },
343 {
344 .procname = "tcp_retrans_collapse",
345 .data = &sysctl_tcp_retrans_collapse,
346 .maxlen = sizeof(int),
347 .mode = 0644,
348 .proc_handler = proc_dointvec
349 },
350 {
351 .procname = "tcp_syn_retries",
352 .data = &sysctl_tcp_syn_retries,
353 .maxlen = sizeof(int),
354 .mode = 0644,
355 .proc_handler = proc_dointvec_minmax,
356 .extra1 = &tcp_syn_retries_min,
357 .extra2 = &tcp_syn_retries_max
358 },
359 {
360 .procname = "tcp_synack_retries",
361 .data = &sysctl_tcp_synack_retries,
362 .maxlen = sizeof(int),
363 .mode = 0644,
364 .proc_handler = proc_dointvec
365 },
366 {
367 .procname = "tcp_max_orphans",
368 .data = &sysctl_tcp_max_orphans,
369 .maxlen = sizeof(int),
370 .mode = 0644,
371 .proc_handler = proc_dointvec
372 },
373 {
374 .procname = "tcp_max_tw_buckets",
375 .data = &tcp_death_row.sysctl_max_tw_buckets,
376 .maxlen = sizeof(int),
377 .mode = 0644,
378 .proc_handler = proc_dointvec
379 },
380 {
381 .procname = "ip_early_demux",
382 .data = &sysctl_ip_early_demux,
383 .maxlen = sizeof(int),
384 .mode = 0644,
385 .proc_handler = proc_dointvec
386 },
387 {
388 .procname = "ip_dynaddr",
389 .data = &sysctl_ip_dynaddr,
390 .maxlen = sizeof(int),
391 .mode = 0644,
392 .proc_handler = proc_dointvec
393 },
394 {
395 .procname = "tcp_retries1",
396 .data = &sysctl_tcp_retries1,
397 .maxlen = sizeof(int),
398 .mode = 0644,
399 .proc_handler = proc_dointvec_minmax,
400 .extra2 = &tcp_retr1_max
401 },
402 {
403 .procname = "tcp_retries2",
404 .data = &sysctl_tcp_retries2,
405 .maxlen = sizeof(int),
406 .mode = 0644,
407 .proc_handler = proc_dointvec
408 },
409 {
410 .procname = "tcp_fin_timeout",
411 .data = &sysctl_tcp_fin_timeout,
412 .maxlen = sizeof(int),
413 .mode = 0644,
414 .proc_handler = proc_dointvec_jiffies,
415 },
416#ifdef CONFIG_SYN_COOKIES
417 {
418 .procname = "tcp_syncookies",
419 .data = &sysctl_tcp_syncookies,
420 .maxlen = sizeof(int),
421 .mode = 0644,
422 .proc_handler = proc_dointvec
423 },
424#endif
425 {
426 .procname = "tcp_fastopen",
427 .data = &sysctl_tcp_fastopen,
428 .maxlen = sizeof(int),
429 .mode = 0644,
430 .proc_handler = proc_dointvec,
431 },
432 {
433 .procname = "tcp_fastopen_key",
434 .mode = 0600,
435 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
436 .proc_handler = proc_tcp_fastopen_key,
437 },
438 {
439 .procname = "tcp_tw_recycle",
440 .data = &tcp_death_row.sysctl_tw_recycle,
441 .maxlen = sizeof(int),
442 .mode = 0644,
443 .proc_handler = proc_dointvec
444 },
445 {
446 .procname = "tcp_abort_on_overflow",
447 .data = &sysctl_tcp_abort_on_overflow,
448 .maxlen = sizeof(int),
449 .mode = 0644,
450 .proc_handler = proc_dointvec
451 },
452 {
453 .procname = "tcp_stdurg",
454 .data = &sysctl_tcp_stdurg,
455 .maxlen = sizeof(int),
456 .mode = 0644,
457 .proc_handler = proc_dointvec
458 },
459 {
460 .procname = "tcp_rfc1337",
461 .data = &sysctl_tcp_rfc1337,
462 .maxlen = sizeof(int),
463 .mode = 0644,
464 .proc_handler = proc_dointvec
465 },
466 {
467 .procname = "tcp_max_syn_backlog",
468 .data = &sysctl_max_syn_backlog,
469 .maxlen = sizeof(int),
470 .mode = 0644,
471 .proc_handler = proc_dointvec
472 },
473 {
474 .procname = "ip_local_reserved_ports",
475 .data = NULL,
476 .maxlen = 65536,
477 .mode = 0644,
478 .proc_handler = proc_do_large_bitmap,
479 },
480 {
481 .procname = "igmp_max_memberships",
482 .data = &sysctl_igmp_max_memberships,
483 .maxlen = sizeof(int),
484 .mode = 0644,
485 .proc_handler = proc_dointvec
486 },
487 {
488 .procname = "igmp_max_msf",
489 .data = &sysctl_igmp_max_msf,
490 .maxlen = sizeof(int),
491 .mode = 0644,
492 .proc_handler = proc_dointvec
493 },
494#ifdef CONFIG_IP_MULTICAST
495 {
496 .procname = "igmp_qrv",
497 .data = &sysctl_igmp_qrv,
498 .maxlen = sizeof(int),
499 .mode = 0644,
500 .proc_handler = proc_dointvec_minmax,
501 .extra1 = &one
502 },
503 {
504 .procname = "fib_multipath_hash_policy",
505 .data = &init_net.ipv4_sysctl_fib_multipath_hash_policy,
506 .maxlen = sizeof(int),
507 .mode = 0644,
508 .proc_handler = proc_fib_multipath_hash_policy,
509 .extra1 = &zero,
510 .extra2 = &one,
511 },
512#endif
513 {
514 .procname = "inet_peer_threshold",
515 .data = &inet_peer_threshold,
516 .maxlen = sizeof(int),
517 .mode = 0644,
518 .proc_handler = proc_dointvec
519 },
520 {
521 .procname = "inet_peer_minttl",
522 .data = &inet_peer_minttl,
523 .maxlen = sizeof(int),
524 .mode = 0644,
525 .proc_handler = proc_dointvec_jiffies,
526 },
527 {
528 .procname = "inet_peer_maxttl",
529 .data = &inet_peer_maxttl,
530 .maxlen = sizeof(int),
531 .mode = 0644,
532 .proc_handler = proc_dointvec_jiffies,
533 },
534 {
535 .procname = "tcp_orphan_retries",
536 .data = &sysctl_tcp_orphan_retries,
537 .maxlen = sizeof(int),
538 .mode = 0644,
539 .proc_handler = proc_dointvec
540 },
541 {
542 .procname = "tcp_fack",
543 .data = &sysctl_tcp_fack,
544 .maxlen = sizeof(int),
545 .mode = 0644,
546 .proc_handler = proc_dointvec
547 },
548 {
549 .procname = "tcp_reordering",
550 .data = &sysctl_tcp_reordering,
551 .maxlen = sizeof(int),
552 .mode = 0644,
553 .proc_handler = proc_dointvec
554 },
555 {
556 .procname = "tcp_dsack",
557 .data = &sysctl_tcp_dsack,
558 .maxlen = sizeof(int),
559 .mode = 0644,
560 .proc_handler = proc_dointvec
561 },
562 {
563 .procname = "tcp_wmem",
564 .data = &sysctl_tcp_wmem,
565 .maxlen = sizeof(sysctl_tcp_wmem),
566 .mode = 0644,
567 .proc_handler = proc_dointvec_minmax,
568 .extra1 = &one,
569 },
570 {
571 .procname = "tcp_notsent_lowat",
572 .data = &sysctl_tcp_notsent_lowat,
573 .maxlen = sizeof(sysctl_tcp_notsent_lowat),
574 .mode = 0644,
575 .proc_handler = proc_dointvec,
576 },
577 {
578 .procname = "tcp_rmem",
579 .data = &sysctl_tcp_rmem,
580 .maxlen = sizeof(sysctl_tcp_rmem),
581 .mode = 0644,
582 .proc_handler = proc_dointvec_minmax,
583 .extra1 = &one,
584 },
585 {
586 .procname = "tcp_app_win",
587 .data = &sysctl_tcp_app_win,
588 .maxlen = sizeof(int),
589 .mode = 0644,
590 .proc_handler = proc_dointvec
591 },
592 {
593 .procname = "tcp_adv_win_scale",
594 .data = &sysctl_tcp_adv_win_scale,
595 .maxlen = sizeof(int),
596 .mode = 0644,
597 .proc_handler = proc_dointvec_minmax,
598 .extra1 = &tcp_adv_win_scale_min,
599 .extra2 = &tcp_adv_win_scale_max,
600 },
601 {
602 .procname = "tcp_tw_reuse",
603 .data = &sysctl_tcp_tw_reuse,
604 .maxlen = sizeof(int),
605 .mode = 0644,
606 .proc_handler = proc_dointvec
607 },
608 {
609 .procname = "tcp_frto",
610 .data = &sysctl_tcp_frto,
611 .maxlen = sizeof(int),
612 .mode = 0644,
613 .proc_handler = proc_dointvec
614 },
615 {
616 .procname = "tcp_low_latency",
617 .data = &sysctl_tcp_low_latency,
618 .maxlen = sizeof(int),
619 .mode = 0644,
620 .proc_handler = proc_dointvec
621 },
622 {
623 .procname = "tcp_no_metrics_save",
624 .data = &sysctl_tcp_nometrics_save,
625 .maxlen = sizeof(int),
626 .mode = 0644,
627 .proc_handler = proc_dointvec,
628 },
629 {
630 .procname = "tcp_moderate_rcvbuf",
631 .data = &sysctl_tcp_moderate_rcvbuf,
632 .maxlen = sizeof(int),
633 .mode = 0644,
634 .proc_handler = proc_dointvec,
635 },
636 {
637 .procname = "tcp_tso_win_divisor",
638 .data = &sysctl_tcp_tso_win_divisor,
639 .maxlen = sizeof(int),
640 .mode = 0644,
641 .proc_handler = proc_dointvec,
642 },
643 {
644 .procname = "tcp_congestion_control",
645 .mode = 0644,
646 .maxlen = TCP_CA_NAME_MAX,
647 .proc_handler = proc_tcp_congestion_control,
648 },
649 {
650 .procname = "tcp_mtu_probing",
651 .data = &sysctl_tcp_mtu_probing,
652 .maxlen = sizeof(int),
653 .mode = 0644,
654 .proc_handler = proc_dointvec,
655 },
656 {
657 .procname = "tcp_base_mss",
658 .data = &sysctl_tcp_base_mss,
659 .maxlen = sizeof(int),
660 .mode = 0644,
661 .proc_handler = proc_dointvec,
662 },
663 {
664 .procname = "tcp_workaround_signed_windows",
665 .data = &sysctl_tcp_workaround_signed_windows,
666 .maxlen = sizeof(int),
667 .mode = 0644,
668 .proc_handler = proc_dointvec
669 },
670 {
671 .procname = "tcp_limit_output_bytes",
672 .data = &sysctl_tcp_limit_output_bytes,
673 .maxlen = sizeof(int),
674 .mode = 0644,
675 .proc_handler = proc_dointvec
676 },
677 {
678 .procname = "tcp_challenge_ack_limit",
679 .data = &sysctl_tcp_challenge_ack_limit,
680 .maxlen = sizeof(int),
681 .mode = 0644,
682 .proc_handler = proc_dointvec
683 },
684 {
685 .procname = "tcp_slow_start_after_idle",
686 .data = &sysctl_tcp_slow_start_after_idle,
687 .maxlen = sizeof(int),
688 .mode = 0644,
689 .proc_handler = proc_dointvec
690 },
691#ifdef CONFIG_NETLABEL
692 {
693 .procname = "cipso_cache_enable",
694 .data = &cipso_v4_cache_enabled,
695 .maxlen = sizeof(int),
696 .mode = 0644,
697 .proc_handler = proc_dointvec,
698 },
699 {
700 .procname = "cipso_cache_bucket_size",
701 .data = &cipso_v4_cache_bucketsize,
702 .maxlen = sizeof(int),
703 .mode = 0644,
704 .proc_handler = proc_dointvec,
705 },
706 {
707 .procname = "cipso_rbm_optfmt",
708 .data = &cipso_v4_rbm_optfmt,
709 .maxlen = sizeof(int),
710 .mode = 0644,
711 .proc_handler = proc_dointvec,
712 },
713 {
714 .procname = "cipso_rbm_strictvalid",
715 .data = &cipso_v4_rbm_strictvalid,
716 .maxlen = sizeof(int),
717 .mode = 0644,
718 .proc_handler = proc_dointvec,
719 },
720#endif
721 {
722 .procname = "tcp_available_congestion_control",
723 .maxlen = TCP_CA_BUF_MAX,
724 .mode = 0444,
725 .proc_handler = proc_tcp_available_congestion_control,
726 },
727 {
728 .procname = "tcp_allowed_congestion_control",
729 .maxlen = TCP_CA_BUF_MAX,
730 .mode = 0644,
731 .proc_handler = proc_allowed_congestion_control,
732 },
733 {
734 .procname = "tcp_max_ssthresh",
735 .data = &rhel_unused_sysctl,
736 .maxlen = sizeof(int),
737 .mode = 0644,
738 .proc_handler = proc_dointvec,
739 },
740 {
741 .procname = "tcp_thin_linear_timeouts",
742 .data = &sysctl_tcp_thin_linear_timeouts,
743 .maxlen = sizeof(int),
744 .mode = 0644,
745 .proc_handler = proc_dointvec
746 },
747 {
748 .procname = "tcp_thin_dupack",
749 .data = &sysctl_tcp_thin_dupack,
750 .maxlen = sizeof(int),
751 .mode = 0644,
752 .proc_handler = proc_dointvec
753 },
754 {
755 .procname = "tcp_early_retrans",
756 .data = &sysctl_tcp_early_retrans,
757 .maxlen = sizeof(int),
758 .mode = 0644,
759 .proc_handler = proc_dointvec_minmax,
760 .extra1 = &zero,
761 .extra2 = &four,
762 },
763 {
764 .procname = "tcp_min_tso_segs",
765 .data = &sysctl_tcp_min_tso_segs,
766 .maxlen = sizeof(int),
767 .mode = 0644,
768 .proc_handler = proc_dointvec_minmax,
769 .extra1 = &zero,
770 .extra2 = &gso_max_segs,
771 },
772 {
773 .procname = "tcp_autocorking",
774 .data = &sysctl_tcp_autocorking,
775 .maxlen = sizeof(int),
776 .mode = 0644,
777 .proc_handler = proc_dointvec_minmax,
778 .extra1 = &zero,
779 .extra2 = &one,
780 },
781 {
782 .procname = "tcp_invalid_ratelimit",
783 .data = &sysctl_tcp_invalid_ratelimit,
784 .maxlen = sizeof(int),
785 .mode = 0644,
786 .proc_handler = proc_dointvec_ms_jiffies,
787 },
788 {
789 .procname = "icmp_msgs_per_sec",
790 .data = &sysctl_icmp_msgs_per_sec,
791 .maxlen = sizeof(int),
792 .mode = 0644,
793 .proc_handler = proc_dointvec_minmax,
794 .extra1 = &zero,
795 },
796 {
797 .procname = "icmp_msgs_burst",
798 .data = &sysctl_icmp_msgs_burst,
799 .maxlen = sizeof(int),
800 .mode = 0644,
801 .proc_handler = proc_dointvec_minmax,
802 .extra1 = &zero,
803 },
804 {
805 .procname = "udp_mem",
806 .data = &sysctl_udp_mem,
807 .maxlen = sizeof(sysctl_udp_mem),
808 .mode = 0644,
809 .proc_handler = proc_doulongvec_minmax,
810 },
811 {
812 .procname = "udp_rmem_min",
813 .data = &sysctl_udp_rmem_min,
814 .maxlen = sizeof(sysctl_udp_rmem_min),
815 .mode = 0644,
816 .proc_handler = proc_dointvec_minmax,
817 .extra1 = &one
818 },
819 {
820 .procname = "udp_wmem_min",
821 .data = &sysctl_udp_wmem_min,
822 .maxlen = sizeof(sysctl_udp_wmem_min),
823 .mode = 0644,
824 .proc_handler = proc_dointvec_minmax,
825 .extra1 = &one
826 },
827 { }
828};
829
830static struct ctl_table ipv4_net_table[] = {
831 {
832 .procname = "icmp_echo_ignore_all",
833 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
834 .maxlen = sizeof(int),
835 .mode = 0644,
836 .proc_handler = proc_dointvec
837 },
838 {
839 .procname = "icmp_echo_ignore_broadcasts",
840 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
841 .maxlen = sizeof(int),
842 .mode = 0644,
843 .proc_handler = proc_dointvec
844 },
845 {
846 .procname = "icmp_ignore_bogus_error_responses",
847 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
848 .maxlen = sizeof(int),
849 .mode = 0644,
850 .proc_handler = proc_dointvec
851 },
852 {
853 .procname = "icmp_errors_use_inbound_ifaddr",
854 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
855 .maxlen = sizeof(int),
856 .mode = 0644,
857 .proc_handler = proc_dointvec
858 },
859 {
860 .procname = "icmp_ratelimit",
861 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
862 .maxlen = sizeof(int),
863 .mode = 0644,
864 .proc_handler = proc_dointvec_ms_jiffies,
865 },
866 {
867 .procname = "icmp_ratemask",
868 .data = &init_net.ipv4.sysctl_icmp_ratemask,
869 .maxlen = sizeof(int),
870 .mode = 0644,
871 .proc_handler = proc_dointvec
872 },
873 {
874 .procname = "ping_group_range",
875 .data = &init_net.ipv4.sysctl_ping_group_range,
876 .maxlen = sizeof(gid_t)*2,
877 .mode = 0644,
878 .proc_handler = ipv4_ping_group_range,
879 },
880 {
881 .procname = "tcp_ecn",
882 .data = &init_net.ipv4.sysctl_tcp_ecn,
883 .maxlen = sizeof(int),
884 .mode = 0644,
885 .proc_handler = proc_dointvec
886 },
887 {
888 .procname = "ip_default_ttl",
889 .data = &init_net.ipv4_sysctl_ip_default_ttl,
890 .maxlen = sizeof(int),
891 .mode = 0644,
892 .proc_handler = proc_dointvec_minmax,
893 .extra1 = &ip_ttl_min,
894 .extra2 = &ip_ttl_max,
895 },
896 {
897 .procname = "ip_local_port_range",
898 .maxlen = sizeof(init_net.ipv4_sysctl_local_ports.range),
899 .data = &init_net.ipv4_sysctl_local_ports.range,
900 .mode = 0644,
901 .proc_handler = ipv4_local_port_range,
902 },
903 {
904 .procname = "tcp_mem",
905 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem),
906 .mode = 0644,
907 .proc_handler = ipv4_tcp_mem,
908 },
909 {
910 .procname = "ip_no_pmtu_disc",
911 .data = &init_net.sysctl_ip_no_pmtu_disc,
912 .maxlen = sizeof(int),
913 .mode = 0644,
914 .proc_handler = proc_dointvec
915 },
916 {
917 .procname = "ip_forward_use_pmtu",
918 .data = &init_net.sysctl_ip_fwd_use_pmtu,
919 .maxlen = sizeof(int),
920 .mode = 0644,
921 .proc_handler = proc_dointvec,
922 },
923 {
924 .procname = "ip_nonlocal_bind",
925 .data = &init_net.ipv4_sysctl_ip_nonlocal_bind,
926 .maxlen = sizeof(int),
927 .mode = 0644,
928 .proc_handler = proc_dointvec
929 },
930 {
931 .procname = "fwmark_reflect",
932 .data = &init_net.ipv4_sysctl_fwmark_reflect,
933 .maxlen = sizeof(int),
934 .mode = 0644,
935 .proc_handler = proc_dointvec,
936 },
937 {
938 .procname = "tcp_keepalive_time",
939 .data = &init_net.ipv4_sysctl_tcp_keepalive_time,
940 .maxlen = sizeof(int),
941 .mode = 0644,
942 .proc_handler = proc_dointvec_jiffies,
943 },
944 {
945 .procname = "tcp_keepalive_probes",
946 .data = &init_net.ipv4_sysctl_tcp_keepalive_probes,
947 .maxlen = sizeof(int),
948 .mode = 0644,
949 .proc_handler = proc_dointvec
950 },
951 {
952 .procname = "tcp_keepalive_intvl",
953 .data = &init_net.ipv4_sysctl_tcp_keepalive_intvl,
954 .maxlen = sizeof(int),
955 .mode = 0644,
956 .proc_handler = proc_dointvec_jiffies,
957 },
958 {
959 .procname = "tcp_min_snd_mss",
960 .data = &init_net.ipv4_sysctl_tcp_min_snd_mss,
961 .maxlen = sizeof(int),
962 .mode = 0644,
963 .proc_handler = proc_dointvec_minmax,
964 .extra1 = &tcp_min_snd_mss_min,
965 .extra2 = &tcp_min_snd_mss_max,
966 },
967 { }
968};
969
970static __net_init int ipv4_sysctl_init_net(struct net *net)
971{
972 struct ctl_table *table;
973
974 table = ipv4_net_table;
975 if (!net_eq(net, &init_net)) {
976 int i;
977
978 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
979 if (table == NULL)
980 goto err_alloc;
981
982
983 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
984 table[i].data += (void *)net - (void *)&init_net;
985 }
986
987
988
989
990
991 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1);
992 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0);
993
994
995
996
997 seqlock_init(&net->ipv4_sysctl_local_ports.lock);
998 net->ipv4_sysctl_local_ports.range[0] = 32768;
999 net->ipv4_sysctl_local_ports.range[1] = 60999;
1000
1001 tcp_init_mem(net);
1002
1003 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1004 if (net->ipv4.ipv4_hdr == NULL)
1005 goto err_reg;
1006
1007 net->ipv4_sysctl_ip_default_ttl = IPDEFTTL;
1008
1009 return 0;
1010
1011err_reg:
1012 if (!net_eq(net, &init_net))
1013 kfree(table);
1014err_alloc:
1015 return -ENOMEM;
1016}
1017
1018static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1019{
1020 struct ctl_table *table;
1021
1022 table = net->ipv4.ipv4_hdr->ctl_table_arg;
1023 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1024 kfree(table);
1025}
1026
1027static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1028 .init = ipv4_sysctl_init_net,
1029 .exit = ipv4_sysctl_exit_net,
1030};
1031
1032static __init int sysctl_ipv4_init(void)
1033{
1034 struct ctl_table_header *hdr;
1035 struct ctl_table *i;
1036
1037 for (i = ipv4_table; i->procname; i++) {
1038 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
1039 i->data = sysctl_local_reserved_ports;
1040 break;
1041 }
1042 }
1043 if (!i->procname)
1044 return -EINVAL;
1045
1046 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1047 if (hdr == NULL)
1048 return -ENOMEM;
1049
1050 if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1051 unregister_net_sysctl_table(hdr);
1052 return -ENOMEM;
1053 }
1054
1055 return 0;
1056}
1057
1058__initcall(sysctl_ipv4_init);
1059
