1
2
3
4
5
6
7
8
9#include <linux/mm.h>
10#include <linux/sysctl.h>
11#include <linux/in6.h>
12#include <linux/ipv6.h>
13#include <linux/slab.h>
14#include <linux/export.h>
15#include <net/ndisc.h>
16#include <net/ipv6.h>
17#include <net/addrconf.h>
18#include <net/inet_frag.h>
19#include <net/netevent.h>
20#ifdef CONFIG_NETLABEL
21#include <net/calipso.h>
22#endif
23
24static int zero;
25static int one = 1;
26static int auto_flowlabels_min;
27static int auto_flowlabels_max = IP6_AUTO_FLOW_LABEL_MAX;
28
29static int proc_rt6_multipath_hash_policy(struct ctl_table *table, int write,
30 void __user *buffer, size_t *lenp,
31 loff_t *ppos)
32{
33 struct net *net;
34 int ret;
35
36 net = container_of(table->data, struct net,
37 ipv6.sysctl.multipath_hash_policy);
38 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
39 if (write && ret == 0)
40 call_netevent_notifiers(NETEVENT_IPV6_MPATH_HASH_UPDATE, net);
41
42 return ret;
43}
44
45static struct ctl_table ipv6_table_template[] = {
46 {
47 .procname = "bindv6only",
48 .data = &init_net.ipv6.sysctl.bindv6only,
49 .maxlen = sizeof(int),
50 .mode = 0644,
51 .proc_handler = proc_dointvec
52 },
53 {
54 .procname = "anycast_src_echo_reply",
55 .data = &init_net.ipv6.sysctl.anycast_src_echo_reply,
56 .maxlen = sizeof(int),
57 .mode = 0644,
58 .proc_handler = proc_dointvec
59 },
60 {
61 .procname = "flowlabel_consistency",
62 .data = &init_net.ipv6.sysctl.flowlabel_consistency,
63 .maxlen = sizeof(int),
64 .mode = 0644,
65 .proc_handler = proc_dointvec
66 },
67 {
68 .procname = "auto_flowlabels",
69 .data = &init_net.ipv6.sysctl.auto_flowlabels,
70 .maxlen = sizeof(int),
71 .mode = 0644,
72 .proc_handler = proc_dointvec_minmax,
73 .extra1 = &auto_flowlabels_min,
74 .extra2 = &auto_flowlabels_max
75 },
76 {
77 .procname = "fwmark_reflect",
78 .data = &init_net.ipv6.sysctl.fwmark_reflect,
79 .maxlen = sizeof(int),
80 .mode = 0644,
81 .proc_handler = proc_dointvec
82 },
83 {
84 .procname = "idgen_retries",
85 .data = &init_net.ipv6.sysctl.idgen_retries,
86 .maxlen = sizeof(int),
87 .mode = 0644,
88 .proc_handler = proc_dointvec,
89 },
90 {
91 .procname = "idgen_delay",
92 .data = &init_net.ipv6.sysctl.idgen_delay,
93 .maxlen = sizeof(int),
94 .mode = 0644,
95 .proc_handler = proc_dointvec_jiffies,
96 },
97 {
98 .procname = "flowlabel_state_ranges",
99 .data = &init_net.ipv6.sysctl.flowlabel_state_ranges,
100 .maxlen = sizeof(int),
101 .mode = 0644,
102 .proc_handler = proc_dointvec
103 },
104 {
105 .procname = "ip_nonlocal_bind",
106 .data = &init_net.ipv6.sysctl.ip_nonlocal_bind,
107 .maxlen = sizeof(int),
108 .mode = 0644,
109 .proc_handler = proc_dointvec
110 },
111 {
112 .procname = "flowlabel_reflect",
113 .data = &init_net.ipv6.sysctl.flowlabel_reflect,
114 .maxlen = sizeof(int),
115 .mode = 0644,
116 .proc_handler = proc_dointvec,
117 },
118 {
119 .procname = "max_dst_opts_number",
120 .data = &init_net.ipv6.sysctl.max_dst_opts_cnt,
121 .maxlen = sizeof(int),
122 .mode = 0644,
123 .proc_handler = proc_dointvec
124 },
125 {
126 .procname = "max_hbh_opts_number",
127 .data = &init_net.ipv6.sysctl.max_hbh_opts_cnt,
128 .maxlen = sizeof(int),
129 .mode = 0644,
130 .proc_handler = proc_dointvec
131 },
132 {
133 .procname = "max_dst_opts_length",
134 .data = &init_net.ipv6.sysctl.max_dst_opts_len,
135 .maxlen = sizeof(int),
136 .mode = 0644,
137 .proc_handler = proc_dointvec
138 },
139 {
140 .procname = "max_hbh_length",
141 .data = &init_net.ipv6.sysctl.max_hbh_opts_len,
142 .maxlen = sizeof(int),
143 .mode = 0644,
144 .proc_handler = proc_dointvec
145 },
146 {
147 .procname = "fib_multipath_hash_policy",
148 .data = &init_net.ipv6.sysctl.multipath_hash_policy,
149 .maxlen = sizeof(int),
150 .mode = 0644,
151 .proc_handler = proc_rt6_multipath_hash_policy,
152 .extra1 = &zero,
153 .extra2 = &one,
154 },
155 {
156 .procname = "seg6_flowlabel",
157 .data = &init_net.ipv6.sysctl.seg6_flowlabel,
158 .maxlen = sizeof(int),
159 .mode = 0644,
160 .proc_handler = proc_dointvec
161 },
162 { }
163};
164
165static struct ctl_table ipv6_rotable[] = {
166 {
167 .procname = "mld_max_msf",
168 .data = &sysctl_mld_max_msf,
169 .maxlen = sizeof(int),
170 .mode = 0644,
171 .proc_handler = proc_dointvec
172 },
173 {
174 .procname = "mld_qrv",
175 .data = &sysctl_mld_qrv,
176 .maxlen = sizeof(int),
177 .mode = 0644,
178 .proc_handler = proc_dointvec_minmax,
179 .extra1 = &one
180 },
181#ifdef CONFIG_NETLABEL
182 {
183 .procname = "calipso_cache_enable",
184 .data = &calipso_cache_enabled,
185 .maxlen = sizeof(int),
186 .mode = 0644,
187 .proc_handler = proc_dointvec,
188 },
189 {
190 .procname = "calipso_cache_bucket_size",
191 .data = &calipso_cache_bucketsize,
192 .maxlen = sizeof(int),
193 .mode = 0644,
194 .proc_handler = proc_dointvec,
195 },
196#endif
197 { }
198};
199
200static int __net_init ipv6_sysctl_net_init(struct net *net)
201{
202 struct ctl_table *ipv6_table;
203 struct ctl_table *ipv6_route_table;
204 struct ctl_table *ipv6_icmp_table;
205 int err;
206
207 err = -ENOMEM;
208 ipv6_table = kmemdup(ipv6_table_template, sizeof(ipv6_table_template),
209 GFP_KERNEL);
210 if (!ipv6_table)
211 goto out;
212 ipv6_table[0].data = &net->ipv6.sysctl.bindv6only;
213 ipv6_table[1].data = &net->ipv6.sysctl.anycast_src_echo_reply;
214 ipv6_table[2].data = &net->ipv6.sysctl.flowlabel_consistency;
215 ipv6_table[3].data = &net->ipv6.sysctl.auto_flowlabels;
216 ipv6_table[4].data = &net->ipv6.sysctl.fwmark_reflect;
217 ipv6_table[5].data = &net->ipv6.sysctl.idgen_retries;
218 ipv6_table[6].data = &net->ipv6.sysctl.idgen_delay;
219 ipv6_table[7].data = &net->ipv6.sysctl.flowlabel_state_ranges;
220 ipv6_table[8].data = &net->ipv6.sysctl.ip_nonlocal_bind;
221 ipv6_table[9].data = &net->ipv6.sysctl.flowlabel_reflect;
222 ipv6_table[10].data = &net->ipv6.sysctl.max_dst_opts_cnt;
223 ipv6_table[11].data = &net->ipv6.sysctl.max_hbh_opts_cnt;
224 ipv6_table[12].data = &net->ipv6.sysctl.max_dst_opts_len;
225 ipv6_table[13].data = &net->ipv6.sysctl.max_hbh_opts_len;
226 ipv6_table[14].data = &net->ipv6.sysctl.multipath_hash_policy,
227 ipv6_table[15].data = &net->ipv6.sysctl.seg6_flowlabel;
228
229 ipv6_route_table = ipv6_route_sysctl_init(net);
230 if (!ipv6_route_table)
231 goto out_ipv6_table;
232
233 ipv6_icmp_table = ipv6_icmp_sysctl_init(net);
234 if (!ipv6_icmp_table)
235 goto out_ipv6_route_table;
236
237 net->ipv6.sysctl.hdr = register_net_sysctl(net, "net/ipv6", ipv6_table);
238 if (!net->ipv6.sysctl.hdr)
239 goto out_ipv6_icmp_table;
240
241 net->ipv6.sysctl.route_hdr =
242 register_net_sysctl(net, "net/ipv6/route", ipv6_route_table);
243 if (!net->ipv6.sysctl.route_hdr)
244 goto out_unregister_ipv6_table;
245
246 net->ipv6.sysctl.icmp_hdr =
247 register_net_sysctl(net, "net/ipv6/icmp", ipv6_icmp_table);
248 if (!net->ipv6.sysctl.icmp_hdr)
249 goto out_unregister_route_table;
250
251 err = 0;
252out:
253 return err;
254out_unregister_route_table:
255 unregister_net_sysctl_table(net->ipv6.sysctl.route_hdr);
256out_unregister_ipv6_table:
257 unregister_net_sysctl_table(net->ipv6.sysctl.hdr);
258out_ipv6_icmp_table:
259 kfree(ipv6_icmp_table);
260out_ipv6_route_table:
261 kfree(ipv6_route_table);
262out_ipv6_table:
263 kfree(ipv6_table);
264 goto out;
265}
266
267static void __net_exit ipv6_sysctl_net_exit(struct net *net)
268{
269 struct ctl_table *ipv6_table;
270 struct ctl_table *ipv6_route_table;
271 struct ctl_table *ipv6_icmp_table;
272
273 ipv6_table = net->ipv6.sysctl.hdr->ctl_table_arg;
274 ipv6_route_table = net->ipv6.sysctl.route_hdr->ctl_table_arg;
275 ipv6_icmp_table = net->ipv6.sysctl.icmp_hdr->ctl_table_arg;
276
277 unregister_net_sysctl_table(net->ipv6.sysctl.icmp_hdr);
278 unregister_net_sysctl_table(net->ipv6.sysctl.route_hdr);
279 unregister_net_sysctl_table(net->ipv6.sysctl.hdr);
280
281 kfree(ipv6_table);
282 kfree(ipv6_route_table);
283 kfree(ipv6_icmp_table);
284}
285
286static struct pernet_operations ipv6_sysctl_net_ops = {
287 .init = ipv6_sysctl_net_init,
288 .exit = ipv6_sysctl_net_exit,
289};
290
291static struct ctl_table_header *ip6_header;
292
293int ipv6_sysctl_register(void)
294{
295 int err = -ENOMEM;
296
297 ip6_header = register_net_sysctl(&init_net, "net/ipv6", ipv6_rotable);
298 if (!ip6_header)
299 goto out;
300
301 err = register_pernet_subsys(&ipv6_sysctl_net_ops);
302 if (err)
303 goto err_pernet;
304out:
305 return err;
306
307err_pernet:
308 unregister_net_sysctl_table(ip6_header);
309 goto out;
310}
311
312void ipv6_sysctl_unregister(void)
313{
314 unregister_net_sysctl_table(ip6_header);
315 unregister_pernet_subsys(&ipv6_sysctl_net_ops);
316}
317
