1
2
3
4
5
6
7
8#include <linux/mm.h>
9#include <linux/module.h>
10#include <linux/sysctl.h>
11#include <linux/igmp.h>
12#include <linux/inetdevice.h>
13#include <linux/seqlock.h>
14#include <linux/init.h>
15#include <linux/slab.h>
16#include <linux/nsproxy.h>
17#include <linux/swap.h>
18#include <net/snmp.h>
19#include <net/icmp.h>
20#include <net/ip.h>
21#include <net/route.h>
22#include <net/tcp.h>
23#include <net/udp.h>
24#include <net/cipso_ipv4.h>
25#include <net/inet_frag.h>
26#include <net/ping.h>
27#include <net/tcp_memcontrol.h>
28
29static int zero;
30static int two = 2;
31static int tcp_retr1_max = 255;
32static int ip_local_port_range_min[] = { 1, 1 };
33static int ip_local_port_range_max[] = { 65535, 65535 };
34static int tcp_adv_win_scale_min = -31;
35static int tcp_adv_win_scale_max = 31;
36static int ip_ttl_min = 1;
37static int ip_ttl_max = 255;
38static int ip_ping_group_range_min[] = { 0, 0 };
39static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
40
41
42static void set_local_port_range(int range[2])
43{
44 write_seqlock(&sysctl_local_ports.lock);
45 sysctl_local_ports.range[0] = range[0];
46 sysctl_local_ports.range[1] = range[1];
47 write_sequnlock(&sysctl_local_ports.lock);
48}
49
50
51static int ipv4_local_port_range(ctl_table *table, int write,
52 void __user *buffer,
53 size_t *lenp, loff_t *ppos)
54{
55 int ret;
56 int range[2];
57 ctl_table tmp = {
58 .data = &range,
59 .maxlen = sizeof(range),
60 .mode = table->mode,
61 .extra1 = &ip_local_port_range_min,
62 .extra2 = &ip_local_port_range_max,
63 };
64
65 inet_get_local_port_range(range, range + 1);
66 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
67
68 if (write && ret == 0) {
69 if (range[1] < range[0])
70 ret = -EINVAL;
71 else
72 set_local_port_range(range);
73 }
74
75 return ret;
76}
77
78
79static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high)
80{
81 gid_t *data = table->data;
82 unsigned int seq;
83 do {
84 seq = read_seqbegin(&sysctl_local_ports.lock);
85
86 *low = data[0];
87 *high = data[1];
88 } while (read_seqretry(&sysctl_local_ports.lock, seq));
89}
90
91
92static void set_ping_group_range(struct ctl_table *table, gid_t range[2])
93{
94 gid_t *data = table->data;
95 write_seqlock(&sysctl_local_ports.lock);
96 data[0] = range[0];
97 data[1] = range[1];
98 write_sequnlock(&sysctl_local_ports.lock);
99}
100
101
102static int ipv4_ping_group_range(ctl_table *table, int write,
103 void __user *buffer,
104 size_t *lenp, loff_t *ppos)
105{
106 int ret;
107 gid_t range[2];
108 ctl_table tmp = {
109 .data = &range,
110 .maxlen = sizeof(range),
111 .mode = table->mode,
112 .extra1 = &ip_ping_group_range_min,
113 .extra2 = &ip_ping_group_range_max,
114 };
115
116 inet_get_ping_group_range_table(table, range, range + 1);
117 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
118
119 if (write && ret == 0)
120 set_ping_group_range(table, range);
121
122 return ret;
123}
124
125static int proc_tcp_congestion_control(ctl_table *ctl, int write,
126 void __user *buffer, size_t *lenp, loff_t *ppos)
127{
128 char val[TCP_CA_NAME_MAX];
129 ctl_table tbl = {
130 .data = val,
131 .maxlen = TCP_CA_NAME_MAX,
132 };
133 int ret;
134
135 tcp_get_default_congestion_control(val);
136
137 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
138 if (write && ret == 0)
139 ret = tcp_set_default_congestion_control(val);
140 return ret;
141}
142
143static int proc_tcp_available_congestion_control(ctl_table *ctl,
144 int write,
145 void __user *buffer, size_t *lenp,
146 loff_t *ppos)
147{
148 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
149 int ret;
150
151 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
152 if (!tbl.data)
153 return -ENOMEM;
154 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
155 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
156 kfree(tbl.data);
157 return ret;
158}
159
160static int proc_allowed_congestion_control(ctl_table *ctl,
161 int write,
162 void __user *buffer, size_t *lenp,
163 loff_t *ppos)
164{
165 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
166 int ret;
167
168 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
169 if (!tbl.data)
170 return -ENOMEM;
171
172 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
173 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
174 if (write && ret == 0)
175 ret = tcp_set_allowed_congestion_control(tbl.data);
176 kfree(tbl.data);
177 return ret;
178}
179
180static int ipv4_tcp_mem(ctl_table *ctl, int write,
181 void __user *buffer, size_t *lenp,
182 loff_t *ppos)
183{
184 int ret;
185 unsigned long vec[3];
186 struct net *net = current->nsproxy->net_ns;
187#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
188 struct mem_cgroup *memcg;
189#endif
190
191 ctl_table tmp = {
192 .data = &vec,
193 .maxlen = sizeof(vec),
194 .mode = ctl->mode,
195 };
196
197 if (!write) {
198 ctl->data = &net->ipv4.sysctl_tcp_mem;
199 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
200 }
201
202 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
203 if (ret)
204 return ret;
205
206#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
207 rcu_read_lock();
208 memcg = mem_cgroup_from_task(current);
209
210 tcp_prot_mem(memcg, vec[0], 0);
211 tcp_prot_mem(memcg, vec[1], 1);
212 tcp_prot_mem(memcg, vec[2], 2);
213 rcu_read_unlock();
214#endif
215
216 net->ipv4.sysctl_tcp_mem[0] = vec[0];
217 net->ipv4.sysctl_tcp_mem[1] = vec[1];
218 net->ipv4.sysctl_tcp_mem[2] = vec[2];
219
220 return 0;
221}
222
223static struct ctl_table ipv4_table[] = {
224 {
225 .procname = "tcp_timestamps",
226 .data = &sysctl_tcp_timestamps,
227 .maxlen = sizeof(int),
228 .mode = 0644,
229 .proc_handler = proc_dointvec
230 },
231 {
232 .procname = "tcp_window_scaling",
233 .data = &sysctl_tcp_window_scaling,
234 .maxlen = sizeof(int),
235 .mode = 0644,
236 .proc_handler = proc_dointvec
237 },
238 {
239 .procname = "tcp_sack",
240 .data = &sysctl_tcp_sack,
241 .maxlen = sizeof(int),
242 .mode = 0644,
243 .proc_handler = proc_dointvec
244 },
245 {
246 .procname = "tcp_retrans_collapse",
247 .data = &sysctl_tcp_retrans_collapse,
248 .maxlen = sizeof(int),
249 .mode = 0644,
250 .proc_handler = proc_dointvec
251 },
252 {
253 .procname = "ip_default_ttl",
254 .data = &sysctl_ip_default_ttl,
255 .maxlen = sizeof(int),
256 .mode = 0644,
257 .proc_handler = proc_dointvec_minmax,
258 .extra1 = &ip_ttl_min,
259 .extra2 = &ip_ttl_max,
260 },
261 {
262 .procname = "ip_no_pmtu_disc",
263 .data = &ipv4_config.no_pmtu_disc,
264 .maxlen = sizeof(int),
265 .mode = 0644,
266 .proc_handler = proc_dointvec
267 },
268 {
269 .procname = "ip_nonlocal_bind",
270 .data = &sysctl_ip_nonlocal_bind,
271 .maxlen = sizeof(int),
272 .mode = 0644,
273 .proc_handler = proc_dointvec
274 },
275 {
276 .procname = "tcp_syn_retries",
277 .data = &sysctl_tcp_syn_retries,
278 .maxlen = sizeof(int),
279 .mode = 0644,
280 .proc_handler = proc_dointvec
281 },
282 {
283 .procname = "tcp_synack_retries",
284 .data = &sysctl_tcp_synack_retries,
285 .maxlen = sizeof(int),
286 .mode = 0644,
287 .proc_handler = proc_dointvec
288 },
289 {
290 .procname = "tcp_max_orphans",
291 .data = &sysctl_tcp_max_orphans,
292 .maxlen = sizeof(int),
293 .mode = 0644,
294 .proc_handler = proc_dointvec
295 },
296 {
297 .procname = "tcp_max_tw_buckets",
298 .data = &tcp_death_row.sysctl_max_tw_buckets,
299 .maxlen = sizeof(int),
300 .mode = 0644,
301 .proc_handler = proc_dointvec
302 },
303 {
304 .procname = "ip_dynaddr",
305 .data = &sysctl_ip_dynaddr,
306 .maxlen = sizeof(int),
307 .mode = 0644,
308 .proc_handler = proc_dointvec
309 },
310 {
311 .procname = "tcp_keepalive_time",
312 .data = &sysctl_tcp_keepalive_time,
313 .maxlen = sizeof(int),
314 .mode = 0644,
315 .proc_handler = proc_dointvec_jiffies,
316 },
317 {
318 .procname = "tcp_keepalive_probes",
319 .data = &sysctl_tcp_keepalive_probes,
320 .maxlen = sizeof(int),
321 .mode = 0644,
322 .proc_handler = proc_dointvec
323 },
324 {
325 .procname = "tcp_keepalive_intvl",
326 .data = &sysctl_tcp_keepalive_intvl,
327 .maxlen = sizeof(int),
328 .mode = 0644,
329 .proc_handler = proc_dointvec_jiffies,
330 },
331 {
332 .procname = "tcp_retries1",
333 .data = &sysctl_tcp_retries1,
334 .maxlen = sizeof(int),
335 .mode = 0644,
336 .proc_handler = proc_dointvec_minmax,
337 .extra2 = &tcp_retr1_max
338 },
339 {
340 .procname = "tcp_retries2",
341 .data = &sysctl_tcp_retries2,
342 .maxlen = sizeof(int),
343 .mode = 0644,
344 .proc_handler = proc_dointvec
345 },
346 {
347 .procname = "tcp_fin_timeout",
348 .data = &sysctl_tcp_fin_timeout,
349 .maxlen = sizeof(int),
350 .mode = 0644,
351 .proc_handler = proc_dointvec_jiffies,
352 },
353#ifdef CONFIG_SYN_COOKIES
354 {
355 .procname = "tcp_syncookies",
356 .data = &sysctl_tcp_syncookies,
357 .maxlen = sizeof(int),
358 .mode = 0644,
359 .proc_handler = proc_dointvec
360 },
361#endif
362 {
363 .procname = "tcp_tw_recycle",
364 .data = &tcp_death_row.sysctl_tw_recycle,
365 .maxlen = sizeof(int),
366 .mode = 0644,
367 .proc_handler = proc_dointvec
368 },
369 {
370 .procname = "tcp_abort_on_overflow",
371 .data = &sysctl_tcp_abort_on_overflow,
372 .maxlen = sizeof(int),
373 .mode = 0644,
374 .proc_handler = proc_dointvec
375 },
376 {
377 .procname = "tcp_stdurg",
378 .data = &sysctl_tcp_stdurg,
379 .maxlen = sizeof(int),
380 .mode = 0644,
381 .proc_handler = proc_dointvec
382 },
383 {
384 .procname = "tcp_rfc1337",
385 .data = &sysctl_tcp_rfc1337,
386 .maxlen = sizeof(int),
387 .mode = 0644,
388 .proc_handler = proc_dointvec
389 },
390 {
391 .procname = "tcp_max_syn_backlog",
392 .data = &sysctl_max_syn_backlog,
393 .maxlen = sizeof(int),
394 .mode = 0644,
395 .proc_handler = proc_dointvec
396 },
397 {
398 .procname = "ip_local_port_range",
399 .data = &sysctl_local_ports.range,
400 .maxlen = sizeof(sysctl_local_ports.range),
401 .mode = 0644,
402 .proc_handler = ipv4_local_port_range,
403 },
404 {
405 .procname = "ip_local_reserved_ports",
406 .data = NULL,
407 .maxlen = 65536,
408 .mode = 0644,
409 .proc_handler = proc_do_large_bitmap,
410 },
411 {
412 .procname = "igmp_max_memberships",
413 .data = &sysctl_igmp_max_memberships,
414 .maxlen = sizeof(int),
415 .mode = 0644,
416 .proc_handler = proc_dointvec
417 },
418 {
419 .procname = "igmp_max_msf",
420 .data = &sysctl_igmp_max_msf,
421 .maxlen = sizeof(int),
422 .mode = 0644,
423 .proc_handler = proc_dointvec
424 },
425 {
426 .procname = "inet_peer_threshold",
427 .data = &inet_peer_threshold,
428 .maxlen = sizeof(int),
429 .mode = 0644,
430 .proc_handler = proc_dointvec
431 },
432 {
433 .procname = "inet_peer_minttl",
434 .data = &inet_peer_minttl,
435 .maxlen = sizeof(int),
436 .mode = 0644,
437 .proc_handler = proc_dointvec_jiffies,
438 },
439 {
440 .procname = "inet_peer_maxttl",
441 .data = &inet_peer_maxttl,
442 .maxlen = sizeof(int),
443 .mode = 0644,
444 .proc_handler = proc_dointvec_jiffies,
445 },
446 {
447 .procname = "tcp_orphan_retries",
448 .data = &sysctl_tcp_orphan_retries,
449 .maxlen = sizeof(int),
450 .mode = 0644,
451 .proc_handler = proc_dointvec
452 },
453 {
454 .procname = "tcp_fack",
455 .data = &sysctl_tcp_fack,
456 .maxlen = sizeof(int),
457 .mode = 0644,
458 .proc_handler = proc_dointvec
459 },
460 {
461 .procname = "tcp_reordering",
462 .data = &sysctl_tcp_reordering,
463 .maxlen = sizeof(int),
464 .mode = 0644,
465 .proc_handler = proc_dointvec
466 },
467 {
468 .procname = "tcp_ecn",
469 .data = &sysctl_tcp_ecn,
470 .maxlen = sizeof(int),
471 .mode = 0644,
472 .proc_handler = proc_dointvec
473 },
474 {
475 .procname = "tcp_dsack",
476 .data = &sysctl_tcp_dsack,
477 .maxlen = sizeof(int),
478 .mode = 0644,
479 .proc_handler = proc_dointvec
480 },
481 {
482 .procname = "tcp_wmem",
483 .data = &sysctl_tcp_wmem,
484 .maxlen = sizeof(sysctl_tcp_wmem),
485 .mode = 0644,
486 .proc_handler = proc_dointvec
487 },
488 {
489 .procname = "tcp_rmem",
490 .data = &sysctl_tcp_rmem,
491 .maxlen = sizeof(sysctl_tcp_rmem),
492 .mode = 0644,
493 .proc_handler = proc_dointvec
494 },
495 {
496 .procname = "tcp_app_win",
497 .data = &sysctl_tcp_app_win,
498 .maxlen = sizeof(int),
499 .mode = 0644,
500 .proc_handler = proc_dointvec
501 },
502 {
503 .procname = "tcp_adv_win_scale",
504 .data = &sysctl_tcp_adv_win_scale,
505 .maxlen = sizeof(int),
506 .mode = 0644,
507 .proc_handler = proc_dointvec_minmax,
508 .extra1 = &tcp_adv_win_scale_min,
509 .extra2 = &tcp_adv_win_scale_max,
510 },
511 {
512 .procname = "tcp_tw_reuse",
513 .data = &sysctl_tcp_tw_reuse,
514 .maxlen = sizeof(int),
515 .mode = 0644,
516 .proc_handler = proc_dointvec
517 },
518 {
519 .procname = "tcp_frto",
520 .data = &sysctl_tcp_frto,
521 .maxlen = sizeof(int),
522 .mode = 0644,
523 .proc_handler = proc_dointvec
524 },
525 {
526 .procname = "tcp_frto_response",
527 .data = &sysctl_tcp_frto_response,
528 .maxlen = sizeof(int),
529 .mode = 0644,
530 .proc_handler = proc_dointvec
531 },
532 {
533 .procname = "tcp_low_latency",
534 .data = &sysctl_tcp_low_latency,
535 .maxlen = sizeof(int),
536 .mode = 0644,
537 .proc_handler = proc_dointvec
538 },
539 {
540 .procname = "tcp_no_metrics_save",
541 .data = &sysctl_tcp_nometrics_save,
542 .maxlen = sizeof(int),
543 .mode = 0644,
544 .proc_handler = proc_dointvec,
545 },
546 {
547 .procname = "tcp_moderate_rcvbuf",
548 .data = &sysctl_tcp_moderate_rcvbuf,
549 .maxlen = sizeof(int),
550 .mode = 0644,
551 .proc_handler = proc_dointvec,
552 },
553 {
554 .procname = "tcp_tso_win_divisor",
555 .data = &sysctl_tcp_tso_win_divisor,
556 .maxlen = sizeof(int),
557 .mode = 0644,
558 .proc_handler = proc_dointvec,
559 },
560 {
561 .procname = "tcp_congestion_control",
562 .mode = 0644,
563 .maxlen = TCP_CA_NAME_MAX,
564 .proc_handler = proc_tcp_congestion_control,
565 },
566 {
567 .procname = "tcp_abc",
568 .data = &sysctl_tcp_abc,
569 .maxlen = sizeof(int),
570 .mode = 0644,
571 .proc_handler = proc_dointvec,
572 },
573 {
574 .procname = "tcp_mtu_probing",
575 .data = &sysctl_tcp_mtu_probing,
576 .maxlen = sizeof(int),
577 .mode = 0644,
578 .proc_handler = proc_dointvec,
579 },
580 {
581 .procname = "tcp_base_mss",
582 .data = &sysctl_tcp_base_mss,
583 .maxlen = sizeof(int),
584 .mode = 0644,
585 .proc_handler = proc_dointvec,
586 },
587 {
588 .procname = "tcp_workaround_signed_windows",
589 .data = &sysctl_tcp_workaround_signed_windows,
590 .maxlen = sizeof(int),
591 .mode = 0644,
592 .proc_handler = proc_dointvec
593 },
594#ifdef CONFIG_NET_DMA
595 {
596 .procname = "tcp_dma_copybreak",
597 .data = &sysctl_tcp_dma_copybreak,
598 .maxlen = sizeof(int),
599 .mode = 0644,
600 .proc_handler = proc_dointvec
601 },
602#endif
603 {
604 .procname = "tcp_slow_start_after_idle",
605 .data = &sysctl_tcp_slow_start_after_idle,
606 .maxlen = sizeof(int),
607 .mode = 0644,
608 .proc_handler = proc_dointvec
609 },
610#ifdef CONFIG_NETLABEL
611 {
612 .procname = "cipso_cache_enable",
613 .data = &cipso_v4_cache_enabled,
614 .maxlen = sizeof(int),
615 .mode = 0644,
616 .proc_handler = proc_dointvec,
617 },
618 {
619 .procname = "cipso_cache_bucket_size",
620 .data = &cipso_v4_cache_bucketsize,
621 .maxlen = sizeof(int),
622 .mode = 0644,
623 .proc_handler = proc_dointvec,
624 },
625 {
626 .procname = "cipso_rbm_optfmt",
627 .data = &cipso_v4_rbm_optfmt,
628 .maxlen = sizeof(int),
629 .mode = 0644,
630 .proc_handler = proc_dointvec,
631 },
632 {
633 .procname = "cipso_rbm_strictvalid",
634 .data = &cipso_v4_rbm_strictvalid,
635 .maxlen = sizeof(int),
636 .mode = 0644,
637 .proc_handler = proc_dointvec,
638 },
639#endif
640 {
641 .procname = "tcp_available_congestion_control",
642 .maxlen = TCP_CA_BUF_MAX,
643 .mode = 0444,
644 .proc_handler = proc_tcp_available_congestion_control,
645 },
646 {
647 .procname = "tcp_allowed_congestion_control",
648 .maxlen = TCP_CA_BUF_MAX,
649 .mode = 0644,
650 .proc_handler = proc_allowed_congestion_control,
651 },
652 {
653 .procname = "tcp_max_ssthresh",
654 .data = &sysctl_tcp_max_ssthresh,
655 .maxlen = sizeof(int),
656 .mode = 0644,
657 .proc_handler = proc_dointvec,
658 },
659 {
660 .procname = "tcp_cookie_size",
661 .data = &sysctl_tcp_cookie_size,
662 .maxlen = sizeof(int),
663 .mode = 0644,
664 .proc_handler = proc_dointvec
665 },
666 {
667 .procname = "tcp_thin_linear_timeouts",
668 .data = &sysctl_tcp_thin_linear_timeouts,
669 .maxlen = sizeof(int),
670 .mode = 0644,
671 .proc_handler = proc_dointvec
672 },
673 {
674 .procname = "tcp_thin_dupack",
675 .data = &sysctl_tcp_thin_dupack,
676 .maxlen = sizeof(int),
677 .mode = 0644,
678 .proc_handler = proc_dointvec
679 },
680 {
681 .procname = "tcp_early_retrans",
682 .data = &sysctl_tcp_early_retrans,
683 .maxlen = sizeof(int),
684 .mode = 0644,
685 .proc_handler = proc_dointvec_minmax,
686 .extra1 = &zero,
687 .extra2 = &two,
688 },
689 {
690 .procname = "udp_mem",
691 .data = &sysctl_udp_mem,
692 .maxlen = sizeof(sysctl_udp_mem),
693 .mode = 0644,
694 .proc_handler = proc_doulongvec_minmax,
695 },
696 {
697 .procname = "udp_rmem_min",
698 .data = &sysctl_udp_rmem_min,
699 .maxlen = sizeof(sysctl_udp_rmem_min),
700 .mode = 0644,
701 .proc_handler = proc_dointvec_minmax,
702 .extra1 = &zero
703 },
704 {
705 .procname = "udp_wmem_min",
706 .data = &sysctl_udp_wmem_min,
707 .maxlen = sizeof(sysctl_udp_wmem_min),
708 .mode = 0644,
709 .proc_handler = proc_dointvec_minmax,
710 .extra1 = &zero
711 },
712 { }
713};
714
715static struct ctl_table ipv4_net_table[] = {
716 {
717 .procname = "icmp_echo_ignore_all",
718 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
719 .maxlen = sizeof(int),
720 .mode = 0644,
721 .proc_handler = proc_dointvec
722 },
723 {
724 .procname = "icmp_echo_ignore_broadcasts",
725 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
726 .maxlen = sizeof(int),
727 .mode = 0644,
728 .proc_handler = proc_dointvec
729 },
730 {
731 .procname = "icmp_ignore_bogus_error_responses",
732 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
733 .maxlen = sizeof(int),
734 .mode = 0644,
735 .proc_handler = proc_dointvec
736 },
737 {
738 .procname = "icmp_errors_use_inbound_ifaddr",
739 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
740 .maxlen = sizeof(int),
741 .mode = 0644,
742 .proc_handler = proc_dointvec
743 },
744 {
745 .procname = "icmp_ratelimit",
746 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
747 .maxlen = sizeof(int),
748 .mode = 0644,
749 .proc_handler = proc_dointvec_ms_jiffies,
750 },
751 {
752 .procname = "icmp_ratemask",
753 .data = &init_net.ipv4.sysctl_icmp_ratemask,
754 .maxlen = sizeof(int),
755 .mode = 0644,
756 .proc_handler = proc_dointvec
757 },
758 {
759 .procname = "rt_cache_rebuild_count",
760 .data = &init_net.ipv4.sysctl_rt_cache_rebuild_count,
761 .maxlen = sizeof(int),
762 .mode = 0644,
763 .proc_handler = proc_dointvec
764 },
765 {
766 .procname = "ping_group_range",
767 .data = &init_net.ipv4.sysctl_ping_group_range,
768 .maxlen = sizeof(init_net.ipv4.sysctl_ping_group_range),
769 .mode = 0644,
770 .proc_handler = ipv4_ping_group_range,
771 },
772 {
773 .procname = "tcp_mem",
774 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem),
775 .mode = 0644,
776 .proc_handler = ipv4_tcp_mem,
777 },
778 { }
779};
780
781static __net_init int ipv4_sysctl_init_net(struct net *net)
782{
783 struct ctl_table *table;
784
785 table = ipv4_net_table;
786 if (!net_eq(net, &init_net)) {
787 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
788 if (table == NULL)
789 goto err_alloc;
790
791 table[0].data =
792 &net->ipv4.sysctl_icmp_echo_ignore_all;
793 table[1].data =
794 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts;
795 table[2].data =
796 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses;
797 table[3].data =
798 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr;
799 table[4].data =
800 &net->ipv4.sysctl_icmp_ratelimit;
801 table[5].data =
802 &net->ipv4.sysctl_icmp_ratemask;
803 table[6].data =
804 &net->ipv4.sysctl_rt_cache_rebuild_count;
805 table[7].data =
806 &net->ipv4.sysctl_ping_group_range;
807
808 }
809
810
811
812
813
814 net->ipv4.sysctl_ping_group_range[0] = 1;
815 net->ipv4.sysctl_ping_group_range[1] = 0;
816
817 net->ipv4.sysctl_rt_cache_rebuild_count = 4;
818
819 tcp_init_mem(net);
820
821 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
822 if (net->ipv4.ipv4_hdr == NULL)
823 goto err_reg;
824
825 return 0;
826
827err_reg:
828 if (!net_eq(net, &init_net))
829 kfree(table);
830err_alloc:
831 return -ENOMEM;
832}
833
834static __net_exit void ipv4_sysctl_exit_net(struct net *net)
835{
836 struct ctl_table *table;
837
838 table = net->ipv4.ipv4_hdr->ctl_table_arg;
839 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
840 kfree(table);
841}
842
843static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
844 .init = ipv4_sysctl_init_net,
845 .exit = ipv4_sysctl_exit_net,
846};
847
848static __init int sysctl_ipv4_init(void)
849{
850 struct ctl_table_header *hdr;
851 struct ctl_table *i;
852
853 for (i = ipv4_table; i->procname; i++) {
854 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
855 i->data = sysctl_local_reserved_ports;
856 break;
857 }
858 }
859 if (!i->procname)
860 return -EINVAL;
861
862 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
863 if (hdr == NULL)
864 return -ENOMEM;
865
866 if (register_pernet_subsys(&ipv4_sysctl_ops)) {
867 unregister_net_sysctl_table(hdr);
868 return -ENOMEM;
869 }
870
871 return 0;
872}
873
874__initcall(sysctl_ipv4_init);
875
