1
2
3
4
5
6
7
8
9#include <linux/mm.h>
10#include <linux/module.h>
11#include <linux/sysctl.h>
12#include <linux/igmp.h>
13#include <linux/inetdevice.h>
14#include <linux/seqlock.h>
15#include <linux/init.h>
16#include <linux/slab.h>
17#include <linux/nsproxy.h>
18#include <linux/swap.h>
19#include <net/snmp.h>
20#include <net/icmp.h>
21#include <net/ip.h>
22#include <net/route.h>
23#include <net/tcp.h>
24#include <net/udp.h>
25#include <net/cipso_ipv4.h>
26#include <net/inet_frag.h>
27#include <net/ping.h>
28#include <net/protocol.h>
29#include <net/netevent.h>
30
31static int two = 2;
32static int four = 4;
33static int thousand = 1000;
34static int gso_max_segs = GSO_MAX_SEGS;
35static int tcp_retr1_max = 255;
36static int ip_local_port_range_min[] = { 1, 1 };
37static int ip_local_port_range_max[] = { 65535, 65535 };
38static int tcp_adv_win_scale_min = -31;
39static int tcp_adv_win_scale_max = 31;
40static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS;
41static int tcp_min_snd_mss_max = 65535;
42static int ip_privileged_port_min;
43static int ip_privileged_port_max = 65535;
44static int ip_ttl_min = 1;
45static int ip_ttl_max = 255;
46static int tcp_syn_retries_min = 1;
47static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
48static int ip_ping_group_range_min[] = { 0, 0 };
49static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
50static int comp_sack_nr_max = 255;
51static u32 u32_max_div_HZ = UINT_MAX / HZ;
52static int one_day_secs = 24 * 3600;
53
54
55static int sysctl_tcp_low_latency __read_mostly;
56
57
58static void set_local_port_range(struct net *net, int range[2])
59{
60 bool same_parity = !((range[0] ^ range[1]) & 1);
61
62 write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
63 if (same_parity && !net->ipv4.ip_local_ports.warned) {
64 net->ipv4.ip_local_ports.warned = true;
65 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
66 }
67 net->ipv4.ip_local_ports.range[0] = range[0];
68 net->ipv4.ip_local_ports.range[1] = range[1];
69 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
70}
71
72
73static int ipv4_local_port_range(struct ctl_table *table, int write,
74 void __user *buffer,
75 size_t *lenp, loff_t *ppos)
76{
77 struct net *net =
78 container_of(table->data, struct net, ipv4.ip_local_ports.range);
79 int ret;
80 int range[2];
81 struct ctl_table tmp = {
82 .data = &range,
83 .maxlen = sizeof(range),
84 .mode = table->mode,
85 .extra1 = &ip_local_port_range_min,
86 .extra2 = &ip_local_port_range_max,
87 };
88
89 inet_get_local_port_range(net, &range[0], &range[1]);
90
91 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
92
93 if (write && ret == 0) {
94
95
96
97
98 if ((range[1] < range[0]) ||
99 (range[0] < net->ipv4.sysctl_ip_prot_sock))
100 ret = -EINVAL;
101 else
102 set_local_port_range(net, range);
103 }
104
105 return ret;
106}
107
108
109static int ipv4_privileged_ports(struct ctl_table *table, int write,
110 void __user *buffer, size_t *lenp, loff_t *ppos)
111{
112 struct net *net = container_of(table->data, struct net,
113 ipv4.sysctl_ip_prot_sock);
114 int ret;
115 int pports;
116 int range[2];
117 struct ctl_table tmp = {
118 .data = &pports,
119 .maxlen = sizeof(pports),
120 .mode = table->mode,
121 .extra1 = &ip_privileged_port_min,
122 .extra2 = &ip_privileged_port_max,
123 };
124
125 pports = net->ipv4.sysctl_ip_prot_sock;
126
127 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
128
129 if (write && ret == 0) {
130 inet_get_local_port_range(net, &range[0], &range[1]);
131
132
133
134 if (range[0] < pports)
135 ret = -EINVAL;
136 else
137 net->ipv4.sysctl_ip_prot_sock = pports;
138 }
139
140 return ret;
141}
142
143static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
144{
145 kgid_t *data = table->data;
146 struct net *net =
147 container_of(table->data, struct net, ipv4.ping_group_range.range);
148 unsigned int seq;
149 do {
150 seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
151
152 *low = data[0];
153 *high = data[1];
154 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
155}
156
157
158static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
159{
160 kgid_t *data = table->data;
161 struct net *net =
162 container_of(table->data, struct net, ipv4.ping_group_range.range);
163 write_seqlock(&net->ipv4.ping_group_range.lock);
164 data[0] = low;
165 data[1] = high;
166 write_sequnlock(&net->ipv4.ping_group_range.lock);
167}
168
169
170static int ipv4_ping_group_range(struct ctl_table *table, int write,
171 void __user *buffer,
172 size_t *lenp, loff_t *ppos)
173{
174 struct user_namespace *user_ns = current_user_ns();
175 int ret;
176 gid_t urange[2];
177 kgid_t low, high;
178 struct ctl_table tmp = {
179 .data = &urange,
180 .maxlen = sizeof(urange),
181 .mode = table->mode,
182 .extra1 = &ip_ping_group_range_min,
183 .extra2 = &ip_ping_group_range_max,
184 };
185
186 inet_get_ping_group_range_table(table, &low, &high);
187 urange[0] = from_kgid_munged(user_ns, low);
188 urange[1] = from_kgid_munged(user_ns, high);
189 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
190
191 if (write && ret == 0) {
192 low = make_kgid(user_ns, urange[0]);
193 high = make_kgid(user_ns, urange[1]);
194 if (!gid_valid(low) || !gid_valid(high))
195 return -EINVAL;
196 if (urange[1] < urange[0] || gid_lt(high, low)) {
197 low = make_kgid(&init_user_ns, 1);
198 high = make_kgid(&init_user_ns, 0);
199 }
200 set_ping_group_range(table, low, high);
201 }
202
203 return ret;
204}
205
206static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
207 void __user *buffer,
208 size_t *lenp, loff_t *ppos)
209{
210 struct net *net;
211 int ret;
212
213 net = container_of(table->data, struct net,
214 ipv4.sysctl_ip_fwd_update_priority);
215 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
216 if (write && ret == 0)
217 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
218 net);
219
220 return ret;
221}
222
223static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
224 void __user *buffer, size_t *lenp, loff_t *ppos)
225{
226 struct net *net = container_of(ctl->data, struct net,
227 ipv4.tcp_congestion_control);
228 char val[TCP_CA_NAME_MAX];
229 struct ctl_table tbl = {
230 .data = val,
231 .maxlen = TCP_CA_NAME_MAX,
232 };
233 int ret;
234
235 tcp_get_default_congestion_control(net, val);
236
237 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
238 if (write && ret == 0)
239 ret = tcp_set_default_congestion_control(net, val);
240 return ret;
241}
242
243static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
244 int write,
245 void __user *buffer, size_t *lenp,
246 loff_t *ppos)
247{
248 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
249 int ret;
250
251 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
252 if (!tbl.data)
253 return -ENOMEM;
254 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
255 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
256 kfree(tbl.data);
257 return ret;
258}
259
260static int proc_allowed_congestion_control(struct ctl_table *ctl,
261 int write,
262 void __user *buffer, size_t *lenp,
263 loff_t *ppos)
264{
265 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
266 int ret;
267
268 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
269 if (!tbl.data)
270 return -ENOMEM;
271
272 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
273 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
274 if (write && ret == 0)
275 ret = tcp_set_allowed_congestion_control(tbl.data);
276 kfree(tbl.data);
277 return ret;
278}
279
280static int sscanf_key(char *buf, __le32 *key)
281{
282 u32 user_key[4];
283 int i, ret = 0;
284
285 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
286 user_key + 2, user_key + 3) != 4) {
287 ret = -EINVAL;
288 } else {
289 for (i = 0; i < ARRAY_SIZE(user_key); i++)
290 key[i] = cpu_to_le32(user_key[i]);
291 }
292 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
293 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
294
295 return ret;
296}
297
298static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
299 void __user *buffer, size_t *lenp,
300 loff_t *ppos)
301{
302 struct net *net = container_of(table->data, struct net,
303 ipv4.sysctl_tcp_fastopen);
304
305
306
307 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
308 2 * TCP_FASTOPEN_KEY_MAX) +
309 (TCP_FASTOPEN_KEY_MAX * 5)) };
310 struct tcp_fastopen_context *ctx;
311 u32 user_key[TCP_FASTOPEN_KEY_MAX * 4];
312 __le32 key[TCP_FASTOPEN_KEY_MAX * 4];
313 char *backup_data;
314 int ret, i = 0, off = 0, n_keys = 0;
315
316 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
317 if (!tbl.data)
318 return -ENOMEM;
319
320 rcu_read_lock();
321 ctx = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
322 if (ctx) {
323 n_keys = tcp_fastopen_context_len(ctx);
324 memcpy(&key[0], &ctx->key[0], TCP_FASTOPEN_KEY_LENGTH * n_keys);
325 }
326 rcu_read_unlock();
327
328 if (!n_keys) {
329 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
330 n_keys = 1;
331 }
332
333 for (i = 0; i < n_keys * 4; i++)
334 user_key[i] = le32_to_cpu(key[i]);
335
336 for (i = 0; i < n_keys; i++) {
337 off += snprintf(tbl.data + off, tbl.maxlen - off,
338 "%08x-%08x-%08x-%08x",
339 user_key[i * 4],
340 user_key[i * 4 + 1],
341 user_key[i * 4 + 2],
342 user_key[i * 4 + 3]);
343 if (i + 1 < n_keys)
344 off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
345 }
346
347 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
348
349 if (write && ret == 0) {
350 backup_data = strchr(tbl.data, ',');
351 if (backup_data) {
352 *backup_data = '\0';
353 backup_data++;
354 }
355 if (sscanf_key(tbl.data, key)) {
356 ret = -EINVAL;
357 goto bad_key;
358 }
359 if (backup_data) {
360 if (sscanf_key(backup_data, key + 4)) {
361 ret = -EINVAL;
362 goto bad_key;
363 }
364 }
365 tcp_fastopen_reset_cipher(net, NULL, key,
366 backup_data ? key + 4 : NULL);
367 }
368
369bad_key:
370 kfree(tbl.data);
371 return ret;
372}
373
374static void proc_configure_early_demux(int enabled, int protocol)
375{
376 struct net_protocol *ipprot;
377#if IS_ENABLED(CONFIG_IPV6)
378 struct inet6_protocol *ip6prot;
379#endif
380
381 rcu_read_lock();
382
383 ipprot = rcu_dereference(inet_protos[protocol]);
384 if (ipprot)
385 ipprot->early_demux = enabled ? ipprot->early_demux_handler :
386 NULL;
387
388#if IS_ENABLED(CONFIG_IPV6)
389 ip6prot = rcu_dereference(inet6_protos[protocol]);
390 if (ip6prot)
391 ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
392 NULL;
393#endif
394 rcu_read_unlock();
395}
396
397static int proc_tcp_early_demux(struct ctl_table *table, int write,
398 void __user *buffer, size_t *lenp, loff_t *ppos)
399{
400 int ret = 0;
401
402 ret = proc_dointvec(table, write, buffer, lenp, ppos);
403
404 if (write && !ret) {
405 int enabled = init_net.ipv4.sysctl_tcp_early_demux;
406
407 proc_configure_early_demux(enabled, IPPROTO_TCP);
408 }
409
410 return ret;
411}
412
413static int proc_udp_early_demux(struct ctl_table *table, int write,
414 void __user *buffer, size_t *lenp, loff_t *ppos)
415{
416 int ret = 0;
417
418 ret = proc_dointvec(table, write, buffer, lenp, ppos);
419
420 if (write && !ret) {
421 int enabled = init_net.ipv4.sysctl_udp_early_demux;
422
423 proc_configure_early_demux(enabled, IPPROTO_UDP);
424 }
425
426 return ret;
427}
428
429static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
430 int write,
431 void __user *buffer,
432 size_t *lenp, loff_t *ppos)
433{
434 struct net *net = container_of(table->data, struct net,
435 ipv4.sysctl_tcp_fastopen_blackhole_timeout);
436 int ret;
437
438 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
439 if (write && ret == 0)
440 atomic_set(&net->ipv4.tfo_active_disable_times, 0);
441
442 return ret;
443}
444
445static int proc_tcp_available_ulp(struct ctl_table *ctl,
446 int write,
447 void __user *buffer, size_t *lenp,
448 loff_t *ppos)
449{
450 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
451 int ret;
452
453 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
454 if (!tbl.data)
455 return -ENOMEM;
456 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
457 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
458 kfree(tbl.data);
459
460 return ret;
461}
462
463#ifdef CONFIG_IP_ROUTE_MULTIPATH
464static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
465 void __user *buffer, size_t *lenp,
466 loff_t *ppos)
467{
468 struct net *net = container_of(table->data, struct net,
469 ipv4.sysctl_fib_multipath_hash_policy);
470 int ret;
471
472 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
473 if (write && ret == 0)
474 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
475
476 return ret;
477}
478#endif
479
480static struct ctl_table ipv4_table[] = {
481 {
482 .procname = "tcp_max_orphans",
483 .data = &sysctl_tcp_max_orphans,
484 .maxlen = sizeof(int),
485 .mode = 0644,
486 .proc_handler = proc_dointvec
487 },
488 {
489 .procname = "inet_peer_threshold",
490 .data = &inet_peer_threshold,
491 .maxlen = sizeof(int),
492 .mode = 0644,
493 .proc_handler = proc_dointvec
494 },
495 {
496 .procname = "inet_peer_minttl",
497 .data = &inet_peer_minttl,
498 .maxlen = sizeof(int),
499 .mode = 0644,
500 .proc_handler = proc_dointvec_jiffies,
501 },
502 {
503 .procname = "inet_peer_maxttl",
504 .data = &inet_peer_maxttl,
505 .maxlen = sizeof(int),
506 .mode = 0644,
507 .proc_handler = proc_dointvec_jiffies,
508 },
509 {
510 .procname = "tcp_mem",
511 .maxlen = sizeof(sysctl_tcp_mem),
512 .data = &sysctl_tcp_mem,
513 .mode = 0644,
514 .proc_handler = proc_doulongvec_minmax,
515 },
516 {
517 .procname = "tcp_low_latency",
518 .data = &sysctl_tcp_low_latency,
519 .maxlen = sizeof(int),
520 .mode = 0644,
521 .proc_handler = proc_dointvec
522 },
523#ifdef CONFIG_NETLABEL
524 {
525 .procname = "cipso_cache_enable",
526 .data = &cipso_v4_cache_enabled,
527 .maxlen = sizeof(int),
528 .mode = 0644,
529 .proc_handler = proc_dointvec,
530 },
531 {
532 .procname = "cipso_cache_bucket_size",
533 .data = &cipso_v4_cache_bucketsize,
534 .maxlen = sizeof(int),
535 .mode = 0644,
536 .proc_handler = proc_dointvec,
537 },
538 {
539 .procname = "cipso_rbm_optfmt",
540 .data = &cipso_v4_rbm_optfmt,
541 .maxlen = sizeof(int),
542 .mode = 0644,
543 .proc_handler = proc_dointvec,
544 },
545 {
546 .procname = "cipso_rbm_strictvalid",
547 .data = &cipso_v4_rbm_strictvalid,
548 .maxlen = sizeof(int),
549 .mode = 0644,
550 .proc_handler = proc_dointvec,
551 },
552#endif
553 {
554 .procname = "tcp_available_congestion_control",
555 .maxlen = TCP_CA_BUF_MAX,
556 .mode = 0444,
557 .proc_handler = proc_tcp_available_congestion_control,
558 },
559 {
560 .procname = "tcp_allowed_congestion_control",
561 .maxlen = TCP_CA_BUF_MAX,
562 .mode = 0644,
563 .proc_handler = proc_allowed_congestion_control,
564 },
565 {
566 .procname = "tcp_available_ulp",
567 .maxlen = TCP_ULP_BUF_MAX,
568 .mode = 0444,
569 .proc_handler = proc_tcp_available_ulp,
570 },
571 {
572 .procname = "icmp_msgs_per_sec",
573 .data = &sysctl_icmp_msgs_per_sec,
574 .maxlen = sizeof(int),
575 .mode = 0644,
576 .proc_handler = proc_dointvec_minmax,
577 .extra1 = SYSCTL_ZERO,
578 },
579 {
580 .procname = "icmp_msgs_burst",
581 .data = &sysctl_icmp_msgs_burst,
582 .maxlen = sizeof(int),
583 .mode = 0644,
584 .proc_handler = proc_dointvec_minmax,
585 .extra1 = SYSCTL_ZERO,
586 },
587 {
588 .procname = "udp_mem",
589 .data = &sysctl_udp_mem,
590 .maxlen = sizeof(sysctl_udp_mem),
591 .mode = 0644,
592 .proc_handler = proc_doulongvec_minmax,
593 },
594 {
595 .procname = "fib_sync_mem",
596 .data = &sysctl_fib_sync_mem,
597 .maxlen = sizeof(sysctl_fib_sync_mem),
598 .mode = 0644,
599 .proc_handler = proc_douintvec_minmax,
600 .extra1 = &sysctl_fib_sync_mem_min,
601 .extra2 = &sysctl_fib_sync_mem_max,
602 },
603 {
604 .procname = "tcp_rx_skb_cache",
605 .data = &tcp_rx_skb_cache_key.key,
606 .mode = 0644,
607 .proc_handler = proc_do_static_key,
608 },
609 {
610 .procname = "tcp_tx_skb_cache",
611 .data = &tcp_tx_skb_cache_key.key,
612 .mode = 0644,
613 .proc_handler = proc_do_static_key,
614 },
615 { }
616};
617
618static struct ctl_table ipv4_net_table[] = {
619 {
620 .procname = "icmp_echo_ignore_all",
621 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
622 .maxlen = sizeof(int),
623 .mode = 0644,
624 .proc_handler = proc_dointvec
625 },
626 {
627 .procname = "icmp_echo_ignore_broadcasts",
628 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
629 .maxlen = sizeof(int),
630 .mode = 0644,
631 .proc_handler = proc_dointvec
632 },
633 {
634 .procname = "icmp_ignore_bogus_error_responses",
635 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
636 .maxlen = sizeof(int),
637 .mode = 0644,
638 .proc_handler = proc_dointvec
639 },
640 {
641 .procname = "icmp_errors_use_inbound_ifaddr",
642 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
643 .maxlen = sizeof(int),
644 .mode = 0644,
645 .proc_handler = proc_dointvec
646 },
647 {
648 .procname = "icmp_ratelimit",
649 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
650 .maxlen = sizeof(int),
651 .mode = 0644,
652 .proc_handler = proc_dointvec_ms_jiffies,
653 },
654 {
655 .procname = "icmp_ratemask",
656 .data = &init_net.ipv4.sysctl_icmp_ratemask,
657 .maxlen = sizeof(int),
658 .mode = 0644,
659 .proc_handler = proc_dointvec
660 },
661 {
662 .procname = "ping_group_range",
663 .data = &init_net.ipv4.ping_group_range.range,
664 .maxlen = sizeof(gid_t)*2,
665 .mode = 0644,
666 .proc_handler = ipv4_ping_group_range,
667 },
668#ifdef CONFIG_NET_L3_MASTER_DEV
669 {
670 .procname = "raw_l3mdev_accept",
671 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept,
672 .maxlen = sizeof(int),
673 .mode = 0644,
674 .proc_handler = proc_dointvec_minmax,
675 .extra1 = SYSCTL_ZERO,
676 .extra2 = SYSCTL_ONE,
677 },
678#endif
679 {
680 .procname = "tcp_ecn",
681 .data = &init_net.ipv4.sysctl_tcp_ecn,
682 .maxlen = sizeof(int),
683 .mode = 0644,
684 .proc_handler = proc_dointvec
685 },
686 {
687 .procname = "tcp_ecn_fallback",
688 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback,
689 .maxlen = sizeof(int),
690 .mode = 0644,
691 .proc_handler = proc_dointvec
692 },
693 {
694 .procname = "ip_dynaddr",
695 .data = &init_net.ipv4.sysctl_ip_dynaddr,
696 .maxlen = sizeof(int),
697 .mode = 0644,
698 .proc_handler = proc_dointvec
699 },
700 {
701 .procname = "ip_early_demux",
702 .data = &init_net.ipv4.sysctl_ip_early_demux,
703 .maxlen = sizeof(int),
704 .mode = 0644,
705 .proc_handler = proc_dointvec
706 },
707 {
708 .procname = "udp_early_demux",
709 .data = &init_net.ipv4.sysctl_udp_early_demux,
710 .maxlen = sizeof(int),
711 .mode = 0644,
712 .proc_handler = proc_udp_early_demux
713 },
714 {
715 .procname = "tcp_early_demux",
716 .data = &init_net.ipv4.sysctl_tcp_early_demux,
717 .maxlen = sizeof(int),
718 .mode = 0644,
719 .proc_handler = proc_tcp_early_demux
720 },
721 {
722 .procname = "ip_default_ttl",
723 .data = &init_net.ipv4.sysctl_ip_default_ttl,
724 .maxlen = sizeof(int),
725 .mode = 0644,
726 .proc_handler = proc_dointvec_minmax,
727 .extra1 = &ip_ttl_min,
728 .extra2 = &ip_ttl_max,
729 },
730 {
731 .procname = "ip_local_port_range",
732 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range),
733 .data = &init_net.ipv4.ip_local_ports.range,
734 .mode = 0644,
735 .proc_handler = ipv4_local_port_range,
736 },
737 {
738 .procname = "ip_local_reserved_ports",
739 .data = &init_net.ipv4.sysctl_local_reserved_ports,
740 .maxlen = 65536,
741 .mode = 0644,
742 .proc_handler = proc_do_large_bitmap,
743 },
744 {
745 .procname = "ip_no_pmtu_disc",
746 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
747 .maxlen = sizeof(int),
748 .mode = 0644,
749 .proc_handler = proc_dointvec
750 },
751 {
752 .procname = "ip_forward_use_pmtu",
753 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
754 .maxlen = sizeof(int),
755 .mode = 0644,
756 .proc_handler = proc_dointvec,
757 },
758 {
759 .procname = "ip_forward_update_priority",
760 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority,
761 .maxlen = sizeof(int),
762 .mode = 0644,
763 .proc_handler = ipv4_fwd_update_priority,
764 .extra1 = SYSCTL_ZERO,
765 .extra2 = SYSCTL_ONE,
766 },
767 {
768 .procname = "ip_nonlocal_bind",
769 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind,
770 .maxlen = sizeof(int),
771 .mode = 0644,
772 .proc_handler = proc_dointvec
773 },
774 {
775 .procname = "fwmark_reflect",
776 .data = &init_net.ipv4.sysctl_fwmark_reflect,
777 .maxlen = sizeof(int),
778 .mode = 0644,
779 .proc_handler = proc_dointvec,
780 },
781 {
782 .procname = "tcp_fwmark_accept",
783 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept,
784 .maxlen = sizeof(int),
785 .mode = 0644,
786 .proc_handler = proc_dointvec,
787 },
788#ifdef CONFIG_NET_L3_MASTER_DEV
789 {
790 .procname = "tcp_l3mdev_accept",
791 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept,
792 .maxlen = sizeof(int),
793 .mode = 0644,
794 .proc_handler = proc_dointvec_minmax,
795 .extra1 = SYSCTL_ZERO,
796 .extra2 = SYSCTL_ONE,
797 },
798#endif
799 {
800 .procname = "tcp_mtu_probing",
801 .data = &init_net.ipv4.sysctl_tcp_mtu_probing,
802 .maxlen = sizeof(int),
803 .mode = 0644,
804 .proc_handler = proc_dointvec,
805 },
806 {
807 .procname = "tcp_base_mss",
808 .data = &init_net.ipv4.sysctl_tcp_base_mss,
809 .maxlen = sizeof(int),
810 .mode = 0644,
811 .proc_handler = proc_dointvec,
812 },
813 {
814 .procname = "tcp_min_snd_mss",
815 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss,
816 .maxlen = sizeof(int),
817 .mode = 0644,
818 .proc_handler = proc_dointvec_minmax,
819 .extra1 = &tcp_min_snd_mss_min,
820 .extra2 = &tcp_min_snd_mss_max,
821 },
822 {
823 .procname = "tcp_mtu_probe_floor",
824 .data = &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
825 .maxlen = sizeof(int),
826 .mode = 0644,
827 .proc_handler = proc_dointvec_minmax,
828 .extra1 = &tcp_min_snd_mss_min,
829 .extra2 = &tcp_min_snd_mss_max,
830 },
831 {
832 .procname = "tcp_probe_threshold",
833 .data = &init_net.ipv4.sysctl_tcp_probe_threshold,
834 .maxlen = sizeof(int),
835 .mode = 0644,
836 .proc_handler = proc_dointvec,
837 },
838 {
839 .procname = "tcp_probe_interval",
840 .data = &init_net.ipv4.sysctl_tcp_probe_interval,
841 .maxlen = sizeof(u32),
842 .mode = 0644,
843 .proc_handler = proc_douintvec_minmax,
844 .extra2 = &u32_max_div_HZ,
845 },
846 {
847 .procname = "igmp_link_local_mcast_reports",
848 .data = &init_net.ipv4.sysctl_igmp_llm_reports,
849 .maxlen = sizeof(int),
850 .mode = 0644,
851 .proc_handler = proc_dointvec
852 },
853 {
854 .procname = "igmp_max_memberships",
855 .data = &init_net.ipv4.sysctl_igmp_max_memberships,
856 .maxlen = sizeof(int),
857 .mode = 0644,
858 .proc_handler = proc_dointvec
859 },
860 {
861 .procname = "igmp_max_msf",
862 .data = &init_net.ipv4.sysctl_igmp_max_msf,
863 .maxlen = sizeof(int),
864 .mode = 0644,
865 .proc_handler = proc_dointvec
866 },
867#ifdef CONFIG_IP_MULTICAST
868 {
869 .procname = "igmp_qrv",
870 .data = &init_net.ipv4.sysctl_igmp_qrv,
871 .maxlen = sizeof(int),
872 .mode = 0644,
873 .proc_handler = proc_dointvec_minmax,
874 .extra1 = SYSCTL_ONE
875 },
876#endif
877 {
878 .procname = "tcp_congestion_control",
879 .data = &init_net.ipv4.tcp_congestion_control,
880 .mode = 0644,
881 .maxlen = TCP_CA_NAME_MAX,
882 .proc_handler = proc_tcp_congestion_control,
883 },
884 {
885 .procname = "tcp_keepalive_time",
886 .data = &init_net.ipv4.sysctl_tcp_keepalive_time,
887 .maxlen = sizeof(int),
888 .mode = 0644,
889 .proc_handler = proc_dointvec_jiffies,
890 },
891 {
892 .procname = "tcp_keepalive_probes",
893 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes,
894 .maxlen = sizeof(int),
895 .mode = 0644,
896 .proc_handler = proc_dointvec
897 },
898 {
899 .procname = "tcp_keepalive_intvl",
900 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl,
901 .maxlen = sizeof(int),
902 .mode = 0644,
903 .proc_handler = proc_dointvec_jiffies,
904 },
905 {
906 .procname = "tcp_syn_retries",
907 .data = &init_net.ipv4.sysctl_tcp_syn_retries,
908 .maxlen = sizeof(int),
909 .mode = 0644,
910 .proc_handler = proc_dointvec_minmax,
911 .extra1 = &tcp_syn_retries_min,
912 .extra2 = &tcp_syn_retries_max
913 },
914 {
915 .procname = "tcp_synack_retries",
916 .data = &init_net.ipv4.sysctl_tcp_synack_retries,
917 .maxlen = sizeof(int),
918 .mode = 0644,
919 .proc_handler = proc_dointvec
920 },
921#ifdef CONFIG_SYN_COOKIES
922 {
923 .procname = "tcp_syncookies",
924 .data = &init_net.ipv4.sysctl_tcp_syncookies,
925 .maxlen = sizeof(int),
926 .mode = 0644,
927 .proc_handler = proc_dointvec
928 },
929#endif
930 {
931 .procname = "tcp_reordering",
932 .data = &init_net.ipv4.sysctl_tcp_reordering,
933 .maxlen = sizeof(int),
934 .mode = 0644,
935 .proc_handler = proc_dointvec
936 },
937 {
938 .procname = "tcp_retries1",
939 .data = &init_net.ipv4.sysctl_tcp_retries1,
940 .maxlen = sizeof(int),
941 .mode = 0644,
942 .proc_handler = proc_dointvec_minmax,
943 .extra2 = &tcp_retr1_max
944 },
945 {
946 .procname = "tcp_retries2",
947 .data = &init_net.ipv4.sysctl_tcp_retries2,
948 .maxlen = sizeof(int),
949 .mode = 0644,
950 .proc_handler = proc_dointvec
951 },
952 {
953 .procname = "tcp_orphan_retries",
954 .data = &init_net.ipv4.sysctl_tcp_orphan_retries,
955 .maxlen = sizeof(int),
956 .mode = 0644,
957 .proc_handler = proc_dointvec
958 },
959 {
960 .procname = "tcp_fin_timeout",
961 .data = &init_net.ipv4.sysctl_tcp_fin_timeout,
962 .maxlen = sizeof(int),
963 .mode = 0644,
964 .proc_handler = proc_dointvec_jiffies,
965 },
966 {
967 .procname = "tcp_notsent_lowat",
968 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat,
969 .maxlen = sizeof(unsigned int),
970 .mode = 0644,
971 .proc_handler = proc_douintvec,
972 },
973 {
974 .procname = "tcp_tw_reuse",
975 .data = &init_net.ipv4.sysctl_tcp_tw_reuse,
976 .maxlen = sizeof(int),
977 .mode = 0644,
978 .proc_handler = proc_dointvec_minmax,
979 .extra1 = SYSCTL_ZERO,
980 .extra2 = &two,
981 },
982 {
983 .procname = "tcp_max_tw_buckets",
984 .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets,
985 .maxlen = sizeof(int),
986 .mode = 0644,
987 .proc_handler = proc_dointvec
988 },
989 {
990 .procname = "tcp_max_syn_backlog",
991 .data = &init_net.ipv4.sysctl_max_syn_backlog,
992 .maxlen = sizeof(int),
993 .mode = 0644,
994 .proc_handler = proc_dointvec
995 },
996 {
997 .procname = "tcp_fastopen",
998 .data = &init_net.ipv4.sysctl_tcp_fastopen,
999 .maxlen = sizeof(int),
1000 .mode = 0644,
1001 .proc_handler = proc_dointvec,
1002 },
1003 {
1004 .procname = "tcp_fastopen_key",
1005 .mode = 0600,
1006 .data = &init_net.ipv4.sysctl_tcp_fastopen,
1007
1008
1009
1010 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
1011 2 * TCP_FASTOPEN_KEY_MAX) +
1012 (TCP_FASTOPEN_KEY_MAX * 5)),
1013 .proc_handler = proc_tcp_fastopen_key,
1014 },
1015 {
1016 .procname = "tcp_fastopen_blackhole_timeout_sec",
1017 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
1018 .maxlen = sizeof(int),
1019 .mode = 0644,
1020 .proc_handler = proc_tfo_blackhole_detect_timeout,
1021 .extra1 = SYSCTL_ZERO,
1022 },
1023#ifdef CONFIG_IP_ROUTE_MULTIPATH
1024 {
1025 .procname = "fib_multipath_use_neigh",
1026 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh,
1027 .maxlen = sizeof(int),
1028 .mode = 0644,
1029 .proc_handler = proc_dointvec_minmax,
1030 .extra1 = SYSCTL_ZERO,
1031 .extra2 = SYSCTL_ONE,
1032 },
1033 {
1034 .procname = "fib_multipath_hash_policy",
1035 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy,
1036 .maxlen = sizeof(int),
1037 .mode = 0644,
1038 .proc_handler = proc_fib_multipath_hash_policy,
1039 .extra1 = SYSCTL_ZERO,
1040 .extra2 = &two,
1041 },
1042#endif
1043 {
1044 .procname = "ip_unprivileged_port_start",
1045 .maxlen = sizeof(int),
1046 .data = &init_net.ipv4.sysctl_ip_prot_sock,
1047 .mode = 0644,
1048 .proc_handler = ipv4_privileged_ports,
1049 },
1050#ifdef CONFIG_NET_L3_MASTER_DEV
1051 {
1052 .procname = "udp_l3mdev_accept",
1053 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept,
1054 .maxlen = sizeof(int),
1055 .mode = 0644,
1056 .proc_handler = proc_dointvec_minmax,
1057 .extra1 = SYSCTL_ZERO,
1058 .extra2 = SYSCTL_ONE,
1059 },
1060#endif
1061 {
1062 .procname = "tcp_sack",
1063 .data = &init_net.ipv4.sysctl_tcp_sack,
1064 .maxlen = sizeof(int),
1065 .mode = 0644,
1066 .proc_handler = proc_dointvec
1067 },
1068 {
1069 .procname = "tcp_window_scaling",
1070 .data = &init_net.ipv4.sysctl_tcp_window_scaling,
1071 .maxlen = sizeof(int),
1072 .mode = 0644,
1073 .proc_handler = proc_dointvec
1074 },
1075 {
1076 .procname = "tcp_timestamps",
1077 .data = &init_net.ipv4.sysctl_tcp_timestamps,
1078 .maxlen = sizeof(int),
1079 .mode = 0644,
1080 .proc_handler = proc_dointvec
1081 },
1082 {
1083 .procname = "tcp_early_retrans",
1084 .data = &init_net.ipv4.sysctl_tcp_early_retrans,
1085 .maxlen = sizeof(int),
1086 .mode = 0644,
1087 .proc_handler = proc_dointvec_minmax,
1088 .extra1 = SYSCTL_ZERO,
1089 .extra2 = &four,
1090 },
1091 {
1092 .procname = "tcp_recovery",
1093 .data = &init_net.ipv4.sysctl_tcp_recovery,
1094 .maxlen = sizeof(int),
1095 .mode = 0644,
1096 .proc_handler = proc_dointvec,
1097 },
1098 {
1099 .procname = "tcp_thin_linear_timeouts",
1100 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1101 .maxlen = sizeof(int),
1102 .mode = 0644,
1103 .proc_handler = proc_dointvec
1104 },
1105 {
1106 .procname = "tcp_slow_start_after_idle",
1107 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1108 .maxlen = sizeof(int),
1109 .mode = 0644,
1110 .proc_handler = proc_dointvec
1111 },
1112 {
1113 .procname = "tcp_retrans_collapse",
1114 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse,
1115 .maxlen = sizeof(int),
1116 .mode = 0644,
1117 .proc_handler = proc_dointvec
1118 },
1119 {
1120 .procname = "tcp_stdurg",
1121 .data = &init_net.ipv4.sysctl_tcp_stdurg,
1122 .maxlen = sizeof(int),
1123 .mode = 0644,
1124 .proc_handler = proc_dointvec
1125 },
1126 {
1127 .procname = "tcp_rfc1337",
1128 .data = &init_net.ipv4.sysctl_tcp_rfc1337,
1129 .maxlen = sizeof(int),
1130 .mode = 0644,
1131 .proc_handler = proc_dointvec
1132 },
1133 {
1134 .procname = "tcp_abort_on_overflow",
1135 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1136 .maxlen = sizeof(int),
1137 .mode = 0644,
1138 .proc_handler = proc_dointvec
1139 },
1140 {
1141 .procname = "tcp_fack",
1142 .data = &init_net.ipv4.sysctl_tcp_fack,
1143 .maxlen = sizeof(int),
1144 .mode = 0644,
1145 .proc_handler = proc_dointvec
1146 },
1147 {
1148 .procname = "tcp_max_reordering",
1149 .data = &init_net.ipv4.sysctl_tcp_max_reordering,
1150 .maxlen = sizeof(int),
1151 .mode = 0644,
1152 .proc_handler = proc_dointvec
1153 },
1154 {
1155 .procname = "tcp_dsack",
1156 .data = &init_net.ipv4.sysctl_tcp_dsack,
1157 .maxlen = sizeof(int),
1158 .mode = 0644,
1159 .proc_handler = proc_dointvec
1160 },
1161 {
1162 .procname = "tcp_app_win",
1163 .data = &init_net.ipv4.sysctl_tcp_app_win,
1164 .maxlen = sizeof(int),
1165 .mode = 0644,
1166 .proc_handler = proc_dointvec
1167 },
1168 {
1169 .procname = "tcp_adv_win_scale",
1170 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale,
1171 .maxlen = sizeof(int),
1172 .mode = 0644,
1173 .proc_handler = proc_dointvec_minmax,
1174 .extra1 = &tcp_adv_win_scale_min,
1175 .extra2 = &tcp_adv_win_scale_max,
1176 },
1177 {
1178 .procname = "tcp_frto",
1179 .data = &init_net.ipv4.sysctl_tcp_frto,
1180 .maxlen = sizeof(int),
1181 .mode = 0644,
1182 .proc_handler = proc_dointvec
1183 },
1184 {
1185 .procname = "tcp_no_metrics_save",
1186 .data = &init_net.ipv4.sysctl_tcp_nometrics_save,
1187 .maxlen = sizeof(int),
1188 .mode = 0644,
1189 .proc_handler = proc_dointvec,
1190 },
1191 {
1192 .procname = "tcp_moderate_rcvbuf",
1193 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1194 .maxlen = sizeof(int),
1195 .mode = 0644,
1196 .proc_handler = proc_dointvec,
1197 },
1198 {
1199 .procname = "tcp_tso_win_divisor",
1200 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1201 .maxlen = sizeof(int),
1202 .mode = 0644,
1203 .proc_handler = proc_dointvec,
1204 },
1205 {
1206 .procname = "tcp_workaround_signed_windows",
1207 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1208 .maxlen = sizeof(int),
1209 .mode = 0644,
1210 .proc_handler = proc_dointvec
1211 },
1212 {
1213 .procname = "tcp_limit_output_bytes",
1214 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1215 .maxlen = sizeof(int),
1216 .mode = 0644,
1217 .proc_handler = proc_dointvec
1218 },
1219 {
1220 .procname = "tcp_challenge_ack_limit",
1221 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1222 .maxlen = sizeof(int),
1223 .mode = 0644,
1224 .proc_handler = proc_dointvec
1225 },
1226 {
1227 .procname = "tcp_min_tso_segs",
1228 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs,
1229 .maxlen = sizeof(int),
1230 .mode = 0644,
1231 .proc_handler = proc_dointvec_minmax,
1232 .extra1 = SYSCTL_ONE,
1233 .extra2 = &gso_max_segs,
1234 },
1235 {
1236 .procname = "tcp_min_rtt_wlen",
1237 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1238 .maxlen = sizeof(int),
1239 .mode = 0644,
1240 .proc_handler = proc_dointvec_minmax,
1241 .extra1 = SYSCTL_ZERO,
1242 .extra2 = &one_day_secs
1243 },
1244 {
1245 .procname = "tcp_autocorking",
1246 .data = &init_net.ipv4.sysctl_tcp_autocorking,
1247 .maxlen = sizeof(int),
1248 .mode = 0644,
1249 .proc_handler = proc_dointvec_minmax,
1250 .extra1 = SYSCTL_ZERO,
1251 .extra2 = SYSCTL_ONE,
1252 },
1253 {
1254 .procname = "tcp_invalid_ratelimit",
1255 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1256 .maxlen = sizeof(int),
1257 .mode = 0644,
1258 .proc_handler = proc_dointvec_ms_jiffies,
1259 },
1260 {
1261 .procname = "tcp_pacing_ss_ratio",
1262 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1263 .maxlen = sizeof(int),
1264 .mode = 0644,
1265 .proc_handler = proc_dointvec_minmax,
1266 .extra1 = SYSCTL_ZERO,
1267 .extra2 = &thousand,
1268 },
1269 {
1270 .procname = "tcp_pacing_ca_ratio",
1271 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1272 .maxlen = sizeof(int),
1273 .mode = 0644,
1274 .proc_handler = proc_dointvec_minmax,
1275 .extra1 = SYSCTL_ZERO,
1276 .extra2 = &thousand,
1277 },
1278 {
1279 .procname = "tcp_wmem",
1280 .data = &init_net.ipv4.sysctl_tcp_wmem,
1281 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem),
1282 .mode = 0644,
1283 .proc_handler = proc_dointvec_minmax,
1284 .extra1 = SYSCTL_ONE,
1285 },
1286 {
1287 .procname = "tcp_rmem",
1288 .data = &init_net.ipv4.sysctl_tcp_rmem,
1289 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem),
1290 .mode = 0644,
1291 .proc_handler = proc_dointvec_minmax,
1292 .extra1 = SYSCTL_ONE,
1293 },
1294 {
1295 .procname = "tcp_comp_sack_delay_ns",
1296 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1297 .maxlen = sizeof(unsigned long),
1298 .mode = 0644,
1299 .proc_handler = proc_doulongvec_minmax,
1300 },
1301 {
1302 .procname = "tcp_comp_sack_nr",
1303 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1304 .maxlen = sizeof(int),
1305 .mode = 0644,
1306 .proc_handler = proc_dointvec_minmax,
1307 .extra1 = SYSCTL_ZERO,
1308 .extra2 = &comp_sack_nr_max,
1309 },
1310 {
1311 .procname = "udp_rmem_min",
1312 .data = &init_net.ipv4.sysctl_udp_rmem_min,
1313 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1314 .mode = 0644,
1315 .proc_handler = proc_dointvec_minmax,
1316 .extra1 = SYSCTL_ONE
1317 },
1318 {
1319 .procname = "udp_wmem_min",
1320 .data = &init_net.ipv4.sysctl_udp_wmem_min,
1321 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1322 .mode = 0644,
1323 .proc_handler = proc_dointvec_minmax,
1324 .extra1 = SYSCTL_ONE
1325 },
1326 { }
1327};
1328
1329static __net_init int ipv4_sysctl_init_net(struct net *net)
1330{
1331 struct ctl_table *table;
1332
1333 table = ipv4_net_table;
1334 if (!net_eq(net, &init_net)) {
1335 int i;
1336
1337 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1338 if (!table)
1339 goto err_alloc;
1340
1341
1342 for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
1343 table[i].data += (void *)net - (void *)&init_net;
1344 }
1345
1346 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1347 if (!net->ipv4.ipv4_hdr)
1348 goto err_reg;
1349
1350 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1351 if (!net->ipv4.sysctl_local_reserved_ports)
1352 goto err_ports;
1353
1354 return 0;
1355
1356err_ports:
1357 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1358err_reg:
1359 if (!net_eq(net, &init_net))
1360 kfree(table);
1361err_alloc:
1362 return -ENOMEM;
1363}
1364
1365static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1366{
1367 struct ctl_table *table;
1368
1369 kfree(net->ipv4.sysctl_local_reserved_ports);
1370 table = net->ipv4.ipv4_hdr->ctl_table_arg;
1371 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1372 kfree(table);
1373}
1374
1375static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1376 .init = ipv4_sysctl_init_net,
1377 .exit = ipv4_sysctl_exit_net,
1378};
1379
1380static __init int sysctl_ipv4_init(void)
1381{
1382 struct ctl_table_header *hdr;
1383
1384 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1385 if (!hdr)
1386 return -ENOMEM;
1387
1388 if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1389 unregister_net_sysctl_table(hdr);
1390 return -ENOMEM;
1391 }
1392
1393 return 0;
1394}
1395
1396__initcall(sysctl_ipv4_init);
1397
