0001
0002
0003
0004
0005
0006
0007
0008
0009 #include <linux/sysctl.h>
0010 #include <linux/seqlock.h>
0011 #include <linux/init.h>
0012 #include <linux/slab.h>
0013 #include <net/icmp.h>
0014 #include <net/ip.h>
0015 #include <net/ip_fib.h>
0016 #include <net/tcp.h>
0017 #include <net/udp.h>
0018 #include <net/cipso_ipv4.h>
0019 #include <net/ping.h>
0020 #include <net/protocol.h>
0021 #include <net/netevent.h>
0022
0023 static int tcp_retr1_max = 255;
0024 static int ip_local_port_range_min[] = { 1, 1 };
0025 static int ip_local_port_range_max[] = { 65535, 65535 };
0026 static int tcp_adv_win_scale_min = -31;
0027 static int tcp_adv_win_scale_max = 31;
0028 static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS;
0029 static int tcp_min_snd_mss_max = 65535;
0030 static int ip_privileged_port_min;
0031 static int ip_privileged_port_max = 65535;
0032 static int ip_ttl_min = 1;
0033 static int ip_ttl_max = 255;
0034 static int tcp_syn_retries_min = 1;
0035 static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
0036 static int ip_ping_group_range_min[] = { 0, 0 };
0037 static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
0038 static u32 u32_max_div_HZ = UINT_MAX / HZ;
0039 static int one_day_secs = 24 * 3600;
0040 static u32 fib_multipath_hash_fields_all_mask __maybe_unused =
0041 FIB_MULTIPATH_HASH_FIELD_ALL_MASK;
0042
0043
0044 static int sysctl_tcp_low_latency __read_mostly;
0045
0046
0047 static void set_local_port_range(struct net *net, int range[2])
0048 {
0049 bool same_parity = !((range[0] ^ range[1]) & 1);
0050
0051 write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
0052 if (same_parity && !net->ipv4.ip_local_ports.warned) {
0053 net->ipv4.ip_local_ports.warned = true;
0054 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
0055 }
0056 net->ipv4.ip_local_ports.range[0] = range[0];
0057 net->ipv4.ip_local_ports.range[1] = range[1];
0058 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
0059 }
0060
0061
0062 static int ipv4_local_port_range(struct ctl_table *table, int write,
0063 void *buffer, size_t *lenp, loff_t *ppos)
0064 {
0065 struct net *net =
0066 container_of(table->data, struct net, ipv4.ip_local_ports.range);
0067 int ret;
0068 int range[2];
0069 struct ctl_table tmp = {
0070 .data = &range,
0071 .maxlen = sizeof(range),
0072 .mode = table->mode,
0073 .extra1 = &ip_local_port_range_min,
0074 .extra2 = &ip_local_port_range_max,
0075 };
0076
0077 inet_get_local_port_range(net, &range[0], &range[1]);
0078
0079 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
0080
0081 if (write && ret == 0) {
0082
0083
0084
0085
0086 if ((range[1] < range[0]) ||
0087 (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))
0088 ret = -EINVAL;
0089 else
0090 set_local_port_range(net, range);
0091 }
0092
0093 return ret;
0094 }
0095
0096
0097 static int ipv4_privileged_ports(struct ctl_table *table, int write,
0098 void *buffer, size_t *lenp, loff_t *ppos)
0099 {
0100 struct net *net = container_of(table->data, struct net,
0101 ipv4.sysctl_ip_prot_sock);
0102 int ret;
0103 int pports;
0104 int range[2];
0105 struct ctl_table tmp = {
0106 .data = &pports,
0107 .maxlen = sizeof(pports),
0108 .mode = table->mode,
0109 .extra1 = &ip_privileged_port_min,
0110 .extra2 = &ip_privileged_port_max,
0111 };
0112
0113 pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);
0114
0115 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
0116
0117 if (write && ret == 0) {
0118 inet_get_local_port_range(net, &range[0], &range[1]);
0119
0120
0121
0122 if (range[0] < pports)
0123 ret = -EINVAL;
0124 else
0125 WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);
0126 }
0127
0128 return ret;
0129 }
0130
0131 static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
0132 {
0133 kgid_t *data = table->data;
0134 struct net *net =
0135 container_of(table->data, struct net, ipv4.ping_group_range.range);
0136 unsigned int seq;
0137 do {
0138 seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
0139
0140 *low = data[0];
0141 *high = data[1];
0142 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
0143 }
0144
0145
0146 static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
0147 {
0148 kgid_t *data = table->data;
0149 struct net *net =
0150 container_of(table->data, struct net, ipv4.ping_group_range.range);
0151 write_seqlock(&net->ipv4.ping_group_range.lock);
0152 data[0] = low;
0153 data[1] = high;
0154 write_sequnlock(&net->ipv4.ping_group_range.lock);
0155 }
0156
0157
0158 static int ipv4_ping_group_range(struct ctl_table *table, int write,
0159 void *buffer, size_t *lenp, loff_t *ppos)
0160 {
0161 struct user_namespace *user_ns = current_user_ns();
0162 int ret;
0163 gid_t urange[2];
0164 kgid_t low, high;
0165 struct ctl_table tmp = {
0166 .data = &urange,
0167 .maxlen = sizeof(urange),
0168 .mode = table->mode,
0169 .extra1 = &ip_ping_group_range_min,
0170 .extra2 = &ip_ping_group_range_max,
0171 };
0172
0173 inet_get_ping_group_range_table(table, &low, &high);
0174 urange[0] = from_kgid_munged(user_ns, low);
0175 urange[1] = from_kgid_munged(user_ns, high);
0176 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
0177
0178 if (write && ret == 0) {
0179 low = make_kgid(user_ns, urange[0]);
0180 high = make_kgid(user_ns, urange[1]);
0181 if (!gid_valid(low) || !gid_valid(high))
0182 return -EINVAL;
0183 if (urange[1] < urange[0] || gid_lt(high, low)) {
0184 low = make_kgid(&init_user_ns, 1);
0185 high = make_kgid(&init_user_ns, 0);
0186 }
0187 set_ping_group_range(table, low, high);
0188 }
0189
0190 return ret;
0191 }
0192
0193 static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
0194 void *buffer, size_t *lenp, loff_t *ppos)
0195 {
0196 struct net *net;
0197 int ret;
0198
0199 net = container_of(table->data, struct net,
0200 ipv4.sysctl_ip_fwd_update_priority);
0201 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
0202 if (write && ret == 0)
0203 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
0204 net);
0205
0206 return ret;
0207 }
0208
0209 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
0210 void *buffer, size_t *lenp, loff_t *ppos)
0211 {
0212 struct net *net = container_of(ctl->data, struct net,
0213 ipv4.tcp_congestion_control);
0214 char val[TCP_CA_NAME_MAX];
0215 struct ctl_table tbl = {
0216 .data = val,
0217 .maxlen = TCP_CA_NAME_MAX,
0218 };
0219 int ret;
0220
0221 tcp_get_default_congestion_control(net, val);
0222
0223 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
0224 if (write && ret == 0)
0225 ret = tcp_set_default_congestion_control(net, val);
0226 return ret;
0227 }
0228
0229 static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
0230 int write, void *buffer,
0231 size_t *lenp, loff_t *ppos)
0232 {
0233 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
0234 int ret;
0235
0236 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
0237 if (!tbl.data)
0238 return -ENOMEM;
0239 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
0240 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
0241 kfree(tbl.data);
0242 return ret;
0243 }
0244
0245 static int proc_allowed_congestion_control(struct ctl_table *ctl,
0246 int write, void *buffer,
0247 size_t *lenp, loff_t *ppos)
0248 {
0249 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
0250 int ret;
0251
0252 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
0253 if (!tbl.data)
0254 return -ENOMEM;
0255
0256 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
0257 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
0258 if (write && ret == 0)
0259 ret = tcp_set_allowed_congestion_control(tbl.data);
0260 kfree(tbl.data);
0261 return ret;
0262 }
0263
0264 static int sscanf_key(char *buf, __le32 *key)
0265 {
0266 u32 user_key[4];
0267 int i, ret = 0;
0268
0269 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
0270 user_key + 2, user_key + 3) != 4) {
0271 ret = -EINVAL;
0272 } else {
0273 for (i = 0; i < ARRAY_SIZE(user_key); i++)
0274 key[i] = cpu_to_le32(user_key[i]);
0275 }
0276 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
0277 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
0278
0279 return ret;
0280 }
0281
0282 static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
0283 void *buffer, size_t *lenp, loff_t *ppos)
0284 {
0285 struct net *net = container_of(table->data, struct net,
0286 ipv4.sysctl_tcp_fastopen);
0287
0288
0289
0290 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
0291 2 * TCP_FASTOPEN_KEY_MAX) +
0292 (TCP_FASTOPEN_KEY_MAX * 5)) };
0293 u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
0294 __le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
0295 char *backup_data;
0296 int ret, i = 0, off = 0, n_keys;
0297
0298 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
0299 if (!tbl.data)
0300 return -ENOMEM;
0301
0302 n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
0303 if (!n_keys) {
0304 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
0305 n_keys = 1;
0306 }
0307
0308 for (i = 0; i < n_keys * 4; i++)
0309 user_key[i] = le32_to_cpu(key[i]);
0310
0311 for (i = 0; i < n_keys; i++) {
0312 off += snprintf(tbl.data + off, tbl.maxlen - off,
0313 "%08x-%08x-%08x-%08x",
0314 user_key[i * 4],
0315 user_key[i * 4 + 1],
0316 user_key[i * 4 + 2],
0317 user_key[i * 4 + 3]);
0318
0319 if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
0320 break;
0321
0322 if (i + 1 < n_keys)
0323 off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
0324 }
0325
0326 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
0327
0328 if (write && ret == 0) {
0329 backup_data = strchr(tbl.data, ',');
0330 if (backup_data) {
0331 *backup_data = '\0';
0332 backup_data++;
0333 }
0334 if (sscanf_key(tbl.data, key)) {
0335 ret = -EINVAL;
0336 goto bad_key;
0337 }
0338 if (backup_data) {
0339 if (sscanf_key(backup_data, key + 4)) {
0340 ret = -EINVAL;
0341 goto bad_key;
0342 }
0343 }
0344 tcp_fastopen_reset_cipher(net, NULL, key,
0345 backup_data ? key + 4 : NULL);
0346 }
0347
0348 bad_key:
0349 kfree(tbl.data);
0350 return ret;
0351 }
0352
0353 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
0354 int write, void *buffer,
0355 size_t *lenp, loff_t *ppos)
0356 {
0357 struct net *net = container_of(table->data, struct net,
0358 ipv4.sysctl_tcp_fastopen_blackhole_timeout);
0359 int ret;
0360
0361 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
0362 if (write && ret == 0)
0363 atomic_set(&net->ipv4.tfo_active_disable_times, 0);
0364
0365 return ret;
0366 }
0367
0368 static int proc_tcp_available_ulp(struct ctl_table *ctl,
0369 int write, void *buffer, size_t *lenp,
0370 loff_t *ppos)
0371 {
0372 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
0373 int ret;
0374
0375 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
0376 if (!tbl.data)
0377 return -ENOMEM;
0378 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
0379 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
0380 kfree(tbl.data);
0381
0382 return ret;
0383 }
0384
0385 #ifdef CONFIG_IP_ROUTE_MULTIPATH
0386 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
0387 void *buffer, size_t *lenp,
0388 loff_t *ppos)
0389 {
0390 struct net *net = container_of(table->data, struct net,
0391 ipv4.sysctl_fib_multipath_hash_policy);
0392 int ret;
0393
0394 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
0395 if (write && ret == 0)
0396 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
0397
0398 return ret;
0399 }
0400
0401 static int proc_fib_multipath_hash_fields(struct ctl_table *table, int write,
0402 void *buffer, size_t *lenp,
0403 loff_t *ppos)
0404 {
0405 struct net *net;
0406 int ret;
0407
0408 net = container_of(table->data, struct net,
0409 ipv4.sysctl_fib_multipath_hash_fields);
0410 ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos);
0411 if (write && ret == 0)
0412 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
0413
0414 return ret;
0415 }
0416 #endif
0417
0418 static struct ctl_table ipv4_table[] = {
0419 {
0420 .procname = "tcp_max_orphans",
0421 .data = &sysctl_tcp_max_orphans,
0422 .maxlen = sizeof(int),
0423 .mode = 0644,
0424 .proc_handler = proc_dointvec
0425 },
0426 {
0427 .procname = "inet_peer_threshold",
0428 .data = &inet_peer_threshold,
0429 .maxlen = sizeof(int),
0430 .mode = 0644,
0431 .proc_handler = proc_dointvec
0432 },
0433 {
0434 .procname = "inet_peer_minttl",
0435 .data = &inet_peer_minttl,
0436 .maxlen = sizeof(int),
0437 .mode = 0644,
0438 .proc_handler = proc_dointvec_jiffies,
0439 },
0440 {
0441 .procname = "inet_peer_maxttl",
0442 .data = &inet_peer_maxttl,
0443 .maxlen = sizeof(int),
0444 .mode = 0644,
0445 .proc_handler = proc_dointvec_jiffies,
0446 },
0447 {
0448 .procname = "tcp_mem",
0449 .maxlen = sizeof(sysctl_tcp_mem),
0450 .data = &sysctl_tcp_mem,
0451 .mode = 0644,
0452 .proc_handler = proc_doulongvec_minmax,
0453 },
0454 {
0455 .procname = "tcp_low_latency",
0456 .data = &sysctl_tcp_low_latency,
0457 .maxlen = sizeof(int),
0458 .mode = 0644,
0459 .proc_handler = proc_dointvec
0460 },
0461 #ifdef CONFIG_NETLABEL
0462 {
0463 .procname = "cipso_cache_enable",
0464 .data = &cipso_v4_cache_enabled,
0465 .maxlen = sizeof(int),
0466 .mode = 0644,
0467 .proc_handler = proc_dointvec,
0468 },
0469 {
0470 .procname = "cipso_cache_bucket_size",
0471 .data = &cipso_v4_cache_bucketsize,
0472 .maxlen = sizeof(int),
0473 .mode = 0644,
0474 .proc_handler = proc_dointvec,
0475 },
0476 {
0477 .procname = "cipso_rbm_optfmt",
0478 .data = &cipso_v4_rbm_optfmt,
0479 .maxlen = sizeof(int),
0480 .mode = 0644,
0481 .proc_handler = proc_dointvec,
0482 },
0483 {
0484 .procname = "cipso_rbm_strictvalid",
0485 .data = &cipso_v4_rbm_strictvalid,
0486 .maxlen = sizeof(int),
0487 .mode = 0644,
0488 .proc_handler = proc_dointvec,
0489 },
0490 #endif
0491 {
0492 .procname = "tcp_available_ulp",
0493 .maxlen = TCP_ULP_BUF_MAX,
0494 .mode = 0444,
0495 .proc_handler = proc_tcp_available_ulp,
0496 },
0497 {
0498 .procname = "icmp_msgs_per_sec",
0499 .data = &sysctl_icmp_msgs_per_sec,
0500 .maxlen = sizeof(int),
0501 .mode = 0644,
0502 .proc_handler = proc_dointvec_minmax,
0503 .extra1 = SYSCTL_ZERO,
0504 },
0505 {
0506 .procname = "icmp_msgs_burst",
0507 .data = &sysctl_icmp_msgs_burst,
0508 .maxlen = sizeof(int),
0509 .mode = 0644,
0510 .proc_handler = proc_dointvec_minmax,
0511 .extra1 = SYSCTL_ZERO,
0512 },
0513 {
0514 .procname = "udp_mem",
0515 .data = &sysctl_udp_mem,
0516 .maxlen = sizeof(sysctl_udp_mem),
0517 .mode = 0644,
0518 .proc_handler = proc_doulongvec_minmax,
0519 },
0520 {
0521 .procname = "fib_sync_mem",
0522 .data = &sysctl_fib_sync_mem,
0523 .maxlen = sizeof(sysctl_fib_sync_mem),
0524 .mode = 0644,
0525 .proc_handler = proc_douintvec_minmax,
0526 .extra1 = &sysctl_fib_sync_mem_min,
0527 .extra2 = &sysctl_fib_sync_mem_max,
0528 },
0529 { }
0530 };
0531
0532 static struct ctl_table ipv4_net_table[] = {
0533
0534 {
0535 .procname = "tcp_max_tw_buckets",
0536
0537 .maxlen = sizeof(int),
0538 .mode = 0644,
0539 .proc_handler = proc_dointvec
0540 },
0541 {
0542 .procname = "icmp_echo_ignore_all",
0543 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
0544 .maxlen = sizeof(u8),
0545 .mode = 0644,
0546 .proc_handler = proc_dou8vec_minmax,
0547 .extra1 = SYSCTL_ZERO,
0548 .extra2 = SYSCTL_ONE
0549 },
0550 {
0551 .procname = "icmp_echo_enable_probe",
0552 .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe,
0553 .maxlen = sizeof(u8),
0554 .mode = 0644,
0555 .proc_handler = proc_dou8vec_minmax,
0556 .extra1 = SYSCTL_ZERO,
0557 .extra2 = SYSCTL_ONE
0558 },
0559 {
0560 .procname = "icmp_echo_ignore_broadcasts",
0561 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
0562 .maxlen = sizeof(u8),
0563 .mode = 0644,
0564 .proc_handler = proc_dou8vec_minmax,
0565 .extra1 = SYSCTL_ZERO,
0566 .extra2 = SYSCTL_ONE
0567 },
0568 {
0569 .procname = "icmp_ignore_bogus_error_responses",
0570 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
0571 .maxlen = sizeof(u8),
0572 .mode = 0644,
0573 .proc_handler = proc_dou8vec_minmax,
0574 .extra1 = SYSCTL_ZERO,
0575 .extra2 = SYSCTL_ONE
0576 },
0577 {
0578 .procname = "icmp_errors_use_inbound_ifaddr",
0579 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
0580 .maxlen = sizeof(u8),
0581 .mode = 0644,
0582 .proc_handler = proc_dou8vec_minmax,
0583 .extra1 = SYSCTL_ZERO,
0584 .extra2 = SYSCTL_ONE
0585 },
0586 {
0587 .procname = "icmp_ratelimit",
0588 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
0589 .maxlen = sizeof(int),
0590 .mode = 0644,
0591 .proc_handler = proc_dointvec_ms_jiffies,
0592 },
0593 {
0594 .procname = "icmp_ratemask",
0595 .data = &init_net.ipv4.sysctl_icmp_ratemask,
0596 .maxlen = sizeof(int),
0597 .mode = 0644,
0598 .proc_handler = proc_dointvec
0599 },
0600 {
0601 .procname = "ping_group_range",
0602 .data = &init_net.ipv4.ping_group_range.range,
0603 .maxlen = sizeof(gid_t)*2,
0604 .mode = 0644,
0605 .proc_handler = ipv4_ping_group_range,
0606 },
0607 #ifdef CONFIG_NET_L3_MASTER_DEV
0608 {
0609 .procname = "raw_l3mdev_accept",
0610 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept,
0611 .maxlen = sizeof(u8),
0612 .mode = 0644,
0613 .proc_handler = proc_dou8vec_minmax,
0614 .extra1 = SYSCTL_ZERO,
0615 .extra2 = SYSCTL_ONE,
0616 },
0617 #endif
0618 {
0619 .procname = "tcp_ecn",
0620 .data = &init_net.ipv4.sysctl_tcp_ecn,
0621 .maxlen = sizeof(u8),
0622 .mode = 0644,
0623 .proc_handler = proc_dou8vec_minmax,
0624 .extra1 = SYSCTL_ZERO,
0625 .extra2 = SYSCTL_TWO,
0626 },
0627 {
0628 .procname = "tcp_ecn_fallback",
0629 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback,
0630 .maxlen = sizeof(u8),
0631 .mode = 0644,
0632 .proc_handler = proc_dou8vec_minmax,
0633 .extra1 = SYSCTL_ZERO,
0634 .extra2 = SYSCTL_ONE,
0635 },
0636 {
0637 .procname = "ip_dynaddr",
0638 .data = &init_net.ipv4.sysctl_ip_dynaddr,
0639 .maxlen = sizeof(u8),
0640 .mode = 0644,
0641 .proc_handler = proc_dou8vec_minmax,
0642 },
0643 {
0644 .procname = "ip_early_demux",
0645 .data = &init_net.ipv4.sysctl_ip_early_demux,
0646 .maxlen = sizeof(u8),
0647 .mode = 0644,
0648 .proc_handler = proc_dou8vec_minmax,
0649 },
0650 {
0651 .procname = "udp_early_demux",
0652 .data = &init_net.ipv4.sysctl_udp_early_demux,
0653 .maxlen = sizeof(u8),
0654 .mode = 0644,
0655 .proc_handler = proc_dou8vec_minmax,
0656 },
0657 {
0658 .procname = "tcp_early_demux",
0659 .data = &init_net.ipv4.sysctl_tcp_early_demux,
0660 .maxlen = sizeof(u8),
0661 .mode = 0644,
0662 .proc_handler = proc_dou8vec_minmax,
0663 },
0664 {
0665 .procname = "nexthop_compat_mode",
0666 .data = &init_net.ipv4.sysctl_nexthop_compat_mode,
0667 .maxlen = sizeof(u8),
0668 .mode = 0644,
0669 .proc_handler = proc_dou8vec_minmax,
0670 .extra1 = SYSCTL_ZERO,
0671 .extra2 = SYSCTL_ONE,
0672 },
0673 {
0674 .procname = "ip_default_ttl",
0675 .data = &init_net.ipv4.sysctl_ip_default_ttl,
0676 .maxlen = sizeof(u8),
0677 .mode = 0644,
0678 .proc_handler = proc_dou8vec_minmax,
0679 .extra1 = &ip_ttl_min,
0680 .extra2 = &ip_ttl_max,
0681 },
0682 {
0683 .procname = "ip_local_port_range",
0684 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range),
0685 .data = &init_net.ipv4.ip_local_ports.range,
0686 .mode = 0644,
0687 .proc_handler = ipv4_local_port_range,
0688 },
0689 {
0690 .procname = "ip_local_reserved_ports",
0691 .data = &init_net.ipv4.sysctl_local_reserved_ports,
0692 .maxlen = 65536,
0693 .mode = 0644,
0694 .proc_handler = proc_do_large_bitmap,
0695 },
0696 {
0697 .procname = "ip_no_pmtu_disc",
0698 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
0699 .maxlen = sizeof(u8),
0700 .mode = 0644,
0701 .proc_handler = proc_dou8vec_minmax,
0702 },
0703 {
0704 .procname = "ip_forward_use_pmtu",
0705 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
0706 .maxlen = sizeof(u8),
0707 .mode = 0644,
0708 .proc_handler = proc_dou8vec_minmax,
0709 },
0710 {
0711 .procname = "ip_forward_update_priority",
0712 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority,
0713 .maxlen = sizeof(u8),
0714 .mode = 0644,
0715 .proc_handler = ipv4_fwd_update_priority,
0716 .extra1 = SYSCTL_ZERO,
0717 .extra2 = SYSCTL_ONE,
0718 },
0719 {
0720 .procname = "ip_nonlocal_bind",
0721 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind,
0722 .maxlen = sizeof(u8),
0723 .mode = 0644,
0724 .proc_handler = proc_dou8vec_minmax,
0725 },
0726 {
0727 .procname = "ip_autobind_reuse",
0728 .data = &init_net.ipv4.sysctl_ip_autobind_reuse,
0729 .maxlen = sizeof(u8),
0730 .mode = 0644,
0731 .proc_handler = proc_dou8vec_minmax,
0732 .extra1 = SYSCTL_ZERO,
0733 .extra2 = SYSCTL_ONE,
0734 },
0735 {
0736 .procname = "fwmark_reflect",
0737 .data = &init_net.ipv4.sysctl_fwmark_reflect,
0738 .maxlen = sizeof(u8),
0739 .mode = 0644,
0740 .proc_handler = proc_dou8vec_minmax,
0741 },
0742 {
0743 .procname = "tcp_fwmark_accept",
0744 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept,
0745 .maxlen = sizeof(u8),
0746 .mode = 0644,
0747 .proc_handler = proc_dou8vec_minmax,
0748 },
0749 #ifdef CONFIG_NET_L3_MASTER_DEV
0750 {
0751 .procname = "tcp_l3mdev_accept",
0752 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept,
0753 .maxlen = sizeof(u8),
0754 .mode = 0644,
0755 .proc_handler = proc_dou8vec_minmax,
0756 .extra1 = SYSCTL_ZERO,
0757 .extra2 = SYSCTL_ONE,
0758 },
0759 #endif
0760 {
0761 .procname = "tcp_mtu_probing",
0762 .data = &init_net.ipv4.sysctl_tcp_mtu_probing,
0763 .maxlen = sizeof(u8),
0764 .mode = 0644,
0765 .proc_handler = proc_dou8vec_minmax,
0766 },
0767 {
0768 .procname = "tcp_base_mss",
0769 .data = &init_net.ipv4.sysctl_tcp_base_mss,
0770 .maxlen = sizeof(int),
0771 .mode = 0644,
0772 .proc_handler = proc_dointvec,
0773 },
0774 {
0775 .procname = "tcp_min_snd_mss",
0776 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss,
0777 .maxlen = sizeof(int),
0778 .mode = 0644,
0779 .proc_handler = proc_dointvec_minmax,
0780 .extra1 = &tcp_min_snd_mss_min,
0781 .extra2 = &tcp_min_snd_mss_max,
0782 },
0783 {
0784 .procname = "tcp_mtu_probe_floor",
0785 .data = &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
0786 .maxlen = sizeof(int),
0787 .mode = 0644,
0788 .proc_handler = proc_dointvec_minmax,
0789 .extra1 = &tcp_min_snd_mss_min,
0790 .extra2 = &tcp_min_snd_mss_max,
0791 },
0792 {
0793 .procname = "tcp_probe_threshold",
0794 .data = &init_net.ipv4.sysctl_tcp_probe_threshold,
0795 .maxlen = sizeof(int),
0796 .mode = 0644,
0797 .proc_handler = proc_dointvec,
0798 },
0799 {
0800 .procname = "tcp_probe_interval",
0801 .data = &init_net.ipv4.sysctl_tcp_probe_interval,
0802 .maxlen = sizeof(u32),
0803 .mode = 0644,
0804 .proc_handler = proc_douintvec_minmax,
0805 .extra2 = &u32_max_div_HZ,
0806 },
0807 {
0808 .procname = "igmp_link_local_mcast_reports",
0809 .data = &init_net.ipv4.sysctl_igmp_llm_reports,
0810 .maxlen = sizeof(u8),
0811 .mode = 0644,
0812 .proc_handler = proc_dou8vec_minmax,
0813 },
0814 {
0815 .procname = "igmp_max_memberships",
0816 .data = &init_net.ipv4.sysctl_igmp_max_memberships,
0817 .maxlen = sizeof(int),
0818 .mode = 0644,
0819 .proc_handler = proc_dointvec
0820 },
0821 {
0822 .procname = "igmp_max_msf",
0823 .data = &init_net.ipv4.sysctl_igmp_max_msf,
0824 .maxlen = sizeof(int),
0825 .mode = 0644,
0826 .proc_handler = proc_dointvec
0827 },
0828 #ifdef CONFIG_IP_MULTICAST
0829 {
0830 .procname = "igmp_qrv",
0831 .data = &init_net.ipv4.sysctl_igmp_qrv,
0832 .maxlen = sizeof(int),
0833 .mode = 0644,
0834 .proc_handler = proc_dointvec_minmax,
0835 .extra1 = SYSCTL_ONE
0836 },
0837 #endif
0838 {
0839 .procname = "tcp_congestion_control",
0840 .data = &init_net.ipv4.tcp_congestion_control,
0841 .mode = 0644,
0842 .maxlen = TCP_CA_NAME_MAX,
0843 .proc_handler = proc_tcp_congestion_control,
0844 },
0845 {
0846 .procname = "tcp_available_congestion_control",
0847 .maxlen = TCP_CA_BUF_MAX,
0848 .mode = 0444,
0849 .proc_handler = proc_tcp_available_congestion_control,
0850 },
0851 {
0852 .procname = "tcp_allowed_congestion_control",
0853 .maxlen = TCP_CA_BUF_MAX,
0854 .mode = 0644,
0855 .proc_handler = proc_allowed_congestion_control,
0856 },
0857 {
0858 .procname = "tcp_keepalive_time",
0859 .data = &init_net.ipv4.sysctl_tcp_keepalive_time,
0860 .maxlen = sizeof(int),
0861 .mode = 0644,
0862 .proc_handler = proc_dointvec_jiffies,
0863 },
0864 {
0865 .procname = "tcp_keepalive_probes",
0866 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes,
0867 .maxlen = sizeof(u8),
0868 .mode = 0644,
0869 .proc_handler = proc_dou8vec_minmax,
0870 },
0871 {
0872 .procname = "tcp_keepalive_intvl",
0873 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl,
0874 .maxlen = sizeof(int),
0875 .mode = 0644,
0876 .proc_handler = proc_dointvec_jiffies,
0877 },
0878 {
0879 .procname = "tcp_syn_retries",
0880 .data = &init_net.ipv4.sysctl_tcp_syn_retries,
0881 .maxlen = sizeof(u8),
0882 .mode = 0644,
0883 .proc_handler = proc_dou8vec_minmax,
0884 .extra1 = &tcp_syn_retries_min,
0885 .extra2 = &tcp_syn_retries_max
0886 },
0887 {
0888 .procname = "tcp_synack_retries",
0889 .data = &init_net.ipv4.sysctl_tcp_synack_retries,
0890 .maxlen = sizeof(u8),
0891 .mode = 0644,
0892 .proc_handler = proc_dou8vec_minmax,
0893 },
0894 #ifdef CONFIG_SYN_COOKIES
0895 {
0896 .procname = "tcp_syncookies",
0897 .data = &init_net.ipv4.sysctl_tcp_syncookies,
0898 .maxlen = sizeof(u8),
0899 .mode = 0644,
0900 .proc_handler = proc_dou8vec_minmax,
0901 },
0902 #endif
0903 {
0904 .procname = "tcp_migrate_req",
0905 .data = &init_net.ipv4.sysctl_tcp_migrate_req,
0906 .maxlen = sizeof(u8),
0907 .mode = 0644,
0908 .proc_handler = proc_dou8vec_minmax,
0909 .extra1 = SYSCTL_ZERO,
0910 .extra2 = SYSCTL_ONE
0911 },
0912 {
0913 .procname = "tcp_reordering",
0914 .data = &init_net.ipv4.sysctl_tcp_reordering,
0915 .maxlen = sizeof(int),
0916 .mode = 0644,
0917 .proc_handler = proc_dointvec
0918 },
0919 {
0920 .procname = "tcp_retries1",
0921 .data = &init_net.ipv4.sysctl_tcp_retries1,
0922 .maxlen = sizeof(u8),
0923 .mode = 0644,
0924 .proc_handler = proc_dou8vec_minmax,
0925 .extra2 = &tcp_retr1_max
0926 },
0927 {
0928 .procname = "tcp_retries2",
0929 .data = &init_net.ipv4.sysctl_tcp_retries2,
0930 .maxlen = sizeof(u8),
0931 .mode = 0644,
0932 .proc_handler = proc_dou8vec_minmax,
0933 },
0934 {
0935 .procname = "tcp_orphan_retries",
0936 .data = &init_net.ipv4.sysctl_tcp_orphan_retries,
0937 .maxlen = sizeof(u8),
0938 .mode = 0644,
0939 .proc_handler = proc_dou8vec_minmax,
0940 },
0941 {
0942 .procname = "tcp_fin_timeout",
0943 .data = &init_net.ipv4.sysctl_tcp_fin_timeout,
0944 .maxlen = sizeof(int),
0945 .mode = 0644,
0946 .proc_handler = proc_dointvec_jiffies,
0947 },
0948 {
0949 .procname = "tcp_notsent_lowat",
0950 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat,
0951 .maxlen = sizeof(unsigned int),
0952 .mode = 0644,
0953 .proc_handler = proc_douintvec,
0954 },
0955 {
0956 .procname = "tcp_tw_reuse",
0957 .data = &init_net.ipv4.sysctl_tcp_tw_reuse,
0958 .maxlen = sizeof(u8),
0959 .mode = 0644,
0960 .proc_handler = proc_dou8vec_minmax,
0961 .extra1 = SYSCTL_ZERO,
0962 .extra2 = SYSCTL_TWO,
0963 },
0964 {
0965 .procname = "tcp_max_syn_backlog",
0966 .data = &init_net.ipv4.sysctl_max_syn_backlog,
0967 .maxlen = sizeof(int),
0968 .mode = 0644,
0969 .proc_handler = proc_dointvec
0970 },
0971 {
0972 .procname = "tcp_fastopen",
0973 .data = &init_net.ipv4.sysctl_tcp_fastopen,
0974 .maxlen = sizeof(int),
0975 .mode = 0644,
0976 .proc_handler = proc_dointvec,
0977 },
0978 {
0979 .procname = "tcp_fastopen_key",
0980 .mode = 0600,
0981 .data = &init_net.ipv4.sysctl_tcp_fastopen,
0982
0983
0984
0985 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
0986 2 * TCP_FASTOPEN_KEY_MAX) +
0987 (TCP_FASTOPEN_KEY_MAX * 5)),
0988 .proc_handler = proc_tcp_fastopen_key,
0989 },
0990 {
0991 .procname = "tcp_fastopen_blackhole_timeout_sec",
0992 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
0993 .maxlen = sizeof(int),
0994 .mode = 0644,
0995 .proc_handler = proc_tfo_blackhole_detect_timeout,
0996 .extra1 = SYSCTL_ZERO,
0997 },
0998 #ifdef CONFIG_IP_ROUTE_MULTIPATH
0999 {
1000 .procname = "fib_multipath_use_neigh",
1001 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh,
1002 .maxlen = sizeof(u8),
1003 .mode = 0644,
1004 .proc_handler = proc_dou8vec_minmax,
1005 .extra1 = SYSCTL_ZERO,
1006 .extra2 = SYSCTL_ONE,
1007 },
1008 {
1009 .procname = "fib_multipath_hash_policy",
1010 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy,
1011 .maxlen = sizeof(u8),
1012 .mode = 0644,
1013 .proc_handler = proc_fib_multipath_hash_policy,
1014 .extra1 = SYSCTL_ZERO,
1015 .extra2 = SYSCTL_THREE,
1016 },
1017 {
1018 .procname = "fib_multipath_hash_fields",
1019 .data = &init_net.ipv4.sysctl_fib_multipath_hash_fields,
1020 .maxlen = sizeof(u32),
1021 .mode = 0644,
1022 .proc_handler = proc_fib_multipath_hash_fields,
1023 .extra1 = SYSCTL_ONE,
1024 .extra2 = &fib_multipath_hash_fields_all_mask,
1025 },
1026 #endif
1027 {
1028 .procname = "ip_unprivileged_port_start",
1029 .maxlen = sizeof(int),
1030 .data = &init_net.ipv4.sysctl_ip_prot_sock,
1031 .mode = 0644,
1032 .proc_handler = ipv4_privileged_ports,
1033 },
1034 #ifdef CONFIG_NET_L3_MASTER_DEV
1035 {
1036 .procname = "udp_l3mdev_accept",
1037 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept,
1038 .maxlen = sizeof(u8),
1039 .mode = 0644,
1040 .proc_handler = proc_dou8vec_minmax,
1041 .extra1 = SYSCTL_ZERO,
1042 .extra2 = SYSCTL_ONE,
1043 },
1044 #endif
1045 {
1046 .procname = "tcp_sack",
1047 .data = &init_net.ipv4.sysctl_tcp_sack,
1048 .maxlen = sizeof(u8),
1049 .mode = 0644,
1050 .proc_handler = proc_dou8vec_minmax,
1051 },
1052 {
1053 .procname = "tcp_window_scaling",
1054 .data = &init_net.ipv4.sysctl_tcp_window_scaling,
1055 .maxlen = sizeof(u8),
1056 .mode = 0644,
1057 .proc_handler = proc_dou8vec_minmax,
1058 },
1059 {
1060 .procname = "tcp_timestamps",
1061 .data = &init_net.ipv4.sysctl_tcp_timestamps,
1062 .maxlen = sizeof(u8),
1063 .mode = 0644,
1064 .proc_handler = proc_dou8vec_minmax,
1065 },
1066 {
1067 .procname = "tcp_early_retrans",
1068 .data = &init_net.ipv4.sysctl_tcp_early_retrans,
1069 .maxlen = sizeof(u8),
1070 .mode = 0644,
1071 .proc_handler = proc_dou8vec_minmax,
1072 .extra1 = SYSCTL_ZERO,
1073 .extra2 = SYSCTL_FOUR,
1074 },
1075 {
1076 .procname = "tcp_recovery",
1077 .data = &init_net.ipv4.sysctl_tcp_recovery,
1078 .maxlen = sizeof(u8),
1079 .mode = 0644,
1080 .proc_handler = proc_dou8vec_minmax,
1081 },
1082 {
1083 .procname = "tcp_thin_linear_timeouts",
1084 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1085 .maxlen = sizeof(u8),
1086 .mode = 0644,
1087 .proc_handler = proc_dou8vec_minmax,
1088 },
1089 {
1090 .procname = "tcp_slow_start_after_idle",
1091 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1092 .maxlen = sizeof(u8),
1093 .mode = 0644,
1094 .proc_handler = proc_dou8vec_minmax,
1095 },
1096 {
1097 .procname = "tcp_retrans_collapse",
1098 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse,
1099 .maxlen = sizeof(u8),
1100 .mode = 0644,
1101 .proc_handler = proc_dou8vec_minmax,
1102 },
1103 {
1104 .procname = "tcp_stdurg",
1105 .data = &init_net.ipv4.sysctl_tcp_stdurg,
1106 .maxlen = sizeof(u8),
1107 .mode = 0644,
1108 .proc_handler = proc_dou8vec_minmax,
1109 },
1110 {
1111 .procname = "tcp_rfc1337",
1112 .data = &init_net.ipv4.sysctl_tcp_rfc1337,
1113 .maxlen = sizeof(u8),
1114 .mode = 0644,
1115 .proc_handler = proc_dou8vec_minmax,
1116 },
1117 {
1118 .procname = "tcp_abort_on_overflow",
1119 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1120 .maxlen = sizeof(u8),
1121 .mode = 0644,
1122 .proc_handler = proc_dou8vec_minmax,
1123 },
1124 {
1125 .procname = "tcp_fack",
1126 .data = &init_net.ipv4.sysctl_tcp_fack,
1127 .maxlen = sizeof(u8),
1128 .mode = 0644,
1129 .proc_handler = proc_dou8vec_minmax,
1130 },
1131 {
1132 .procname = "tcp_max_reordering",
1133 .data = &init_net.ipv4.sysctl_tcp_max_reordering,
1134 .maxlen = sizeof(int),
1135 .mode = 0644,
1136 .proc_handler = proc_dointvec
1137 },
1138 {
1139 .procname = "tcp_dsack",
1140 .data = &init_net.ipv4.sysctl_tcp_dsack,
1141 .maxlen = sizeof(u8),
1142 .mode = 0644,
1143 .proc_handler = proc_dou8vec_minmax,
1144 },
1145 {
1146 .procname = "tcp_app_win",
1147 .data = &init_net.ipv4.sysctl_tcp_app_win,
1148 .maxlen = sizeof(u8),
1149 .mode = 0644,
1150 .proc_handler = proc_dou8vec_minmax,
1151 },
1152 {
1153 .procname = "tcp_adv_win_scale",
1154 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale,
1155 .maxlen = sizeof(int),
1156 .mode = 0644,
1157 .proc_handler = proc_dointvec_minmax,
1158 .extra1 = &tcp_adv_win_scale_min,
1159 .extra2 = &tcp_adv_win_scale_max,
1160 },
1161 {
1162 .procname = "tcp_frto",
1163 .data = &init_net.ipv4.sysctl_tcp_frto,
1164 .maxlen = sizeof(u8),
1165 .mode = 0644,
1166 .proc_handler = proc_dou8vec_minmax,
1167 },
1168 {
1169 .procname = "tcp_no_metrics_save",
1170 .data = &init_net.ipv4.sysctl_tcp_nometrics_save,
1171 .maxlen = sizeof(u8),
1172 .mode = 0644,
1173 .proc_handler = proc_dou8vec_minmax,
1174 },
1175 {
1176 .procname = "tcp_no_ssthresh_metrics_save",
1177 .data = &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1178 .maxlen = sizeof(u8),
1179 .mode = 0644,
1180 .proc_handler = proc_dou8vec_minmax,
1181 .extra1 = SYSCTL_ZERO,
1182 .extra2 = SYSCTL_ONE,
1183 },
1184 {
1185 .procname = "tcp_moderate_rcvbuf",
1186 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1187 .maxlen = sizeof(u8),
1188 .mode = 0644,
1189 .proc_handler = proc_dou8vec_minmax,
1190 },
1191 {
1192 .procname = "tcp_tso_win_divisor",
1193 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1194 .maxlen = sizeof(u8),
1195 .mode = 0644,
1196 .proc_handler = proc_dou8vec_minmax,
1197 },
1198 {
1199 .procname = "tcp_workaround_signed_windows",
1200 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1201 .maxlen = sizeof(u8),
1202 .mode = 0644,
1203 .proc_handler = proc_dou8vec_minmax,
1204 },
1205 {
1206 .procname = "tcp_limit_output_bytes",
1207 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1208 .maxlen = sizeof(int),
1209 .mode = 0644,
1210 .proc_handler = proc_dointvec
1211 },
1212 {
1213 .procname = "tcp_challenge_ack_limit",
1214 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1215 .maxlen = sizeof(int),
1216 .mode = 0644,
1217 .proc_handler = proc_dointvec
1218 },
1219 {
1220 .procname = "tcp_min_tso_segs",
1221 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs,
1222 .maxlen = sizeof(u8),
1223 .mode = 0644,
1224 .proc_handler = proc_dou8vec_minmax,
1225 .extra1 = SYSCTL_ONE,
1226 },
1227 {
1228 .procname = "tcp_tso_rtt_log",
1229 .data = &init_net.ipv4.sysctl_tcp_tso_rtt_log,
1230 .maxlen = sizeof(u8),
1231 .mode = 0644,
1232 .proc_handler = proc_dou8vec_minmax,
1233 },
1234 {
1235 .procname = "tcp_min_rtt_wlen",
1236 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1237 .maxlen = sizeof(int),
1238 .mode = 0644,
1239 .proc_handler = proc_dointvec_minmax,
1240 .extra1 = SYSCTL_ZERO,
1241 .extra2 = &one_day_secs
1242 },
1243 {
1244 .procname = "tcp_autocorking",
1245 .data = &init_net.ipv4.sysctl_tcp_autocorking,
1246 .maxlen = sizeof(u8),
1247 .mode = 0644,
1248 .proc_handler = proc_dou8vec_minmax,
1249 .extra1 = SYSCTL_ZERO,
1250 .extra2 = SYSCTL_ONE,
1251 },
1252 {
1253 .procname = "tcp_invalid_ratelimit",
1254 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1255 .maxlen = sizeof(int),
1256 .mode = 0644,
1257 .proc_handler = proc_dointvec_ms_jiffies,
1258 },
1259 {
1260 .procname = "tcp_pacing_ss_ratio",
1261 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1262 .maxlen = sizeof(int),
1263 .mode = 0644,
1264 .proc_handler = proc_dointvec_minmax,
1265 .extra1 = SYSCTL_ZERO,
1266 .extra2 = SYSCTL_ONE_THOUSAND,
1267 },
1268 {
1269 .procname = "tcp_pacing_ca_ratio",
1270 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1271 .maxlen = sizeof(int),
1272 .mode = 0644,
1273 .proc_handler = proc_dointvec_minmax,
1274 .extra1 = SYSCTL_ZERO,
1275 .extra2 = SYSCTL_ONE_THOUSAND,
1276 },
1277 {
1278 .procname = "tcp_wmem",
1279 .data = &init_net.ipv4.sysctl_tcp_wmem,
1280 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem),
1281 .mode = 0644,
1282 .proc_handler = proc_dointvec_minmax,
1283 .extra1 = SYSCTL_ONE,
1284 },
1285 {
1286 .procname = "tcp_rmem",
1287 .data = &init_net.ipv4.sysctl_tcp_rmem,
1288 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem),
1289 .mode = 0644,
1290 .proc_handler = proc_dointvec_minmax,
1291 .extra1 = SYSCTL_ONE,
1292 },
1293 {
1294 .procname = "tcp_comp_sack_delay_ns",
1295 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1296 .maxlen = sizeof(unsigned long),
1297 .mode = 0644,
1298 .proc_handler = proc_doulongvec_minmax,
1299 },
1300 {
1301 .procname = "tcp_comp_sack_slack_ns",
1302 .data = &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
1303 .maxlen = sizeof(unsigned long),
1304 .mode = 0644,
1305 .proc_handler = proc_doulongvec_minmax,
1306 },
1307 {
1308 .procname = "tcp_comp_sack_nr",
1309 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1310 .maxlen = sizeof(u8),
1311 .mode = 0644,
1312 .proc_handler = proc_dou8vec_minmax,
1313 .extra1 = SYSCTL_ZERO,
1314 },
1315 {
1316 .procname = "tcp_reflect_tos",
1317 .data = &init_net.ipv4.sysctl_tcp_reflect_tos,
1318 .maxlen = sizeof(u8),
1319 .mode = 0644,
1320 .proc_handler = proc_dou8vec_minmax,
1321 .extra1 = SYSCTL_ZERO,
1322 .extra2 = SYSCTL_ONE,
1323 },
1324 {
1325 .procname = "udp_rmem_min",
1326 .data = &init_net.ipv4.sysctl_udp_rmem_min,
1327 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1328 .mode = 0644,
1329 .proc_handler = proc_dointvec_minmax,
1330 .extra1 = SYSCTL_ONE
1331 },
1332 {
1333 .procname = "udp_wmem_min",
1334 .data = &init_net.ipv4.sysctl_udp_wmem_min,
1335 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1336 .mode = 0644,
1337 .proc_handler = proc_dointvec_minmax,
1338 .extra1 = SYSCTL_ONE
1339 },
1340 {
1341 .procname = "fib_notify_on_flag_change",
1342 .data = &init_net.ipv4.sysctl_fib_notify_on_flag_change,
1343 .maxlen = sizeof(u8),
1344 .mode = 0644,
1345 .proc_handler = proc_dou8vec_minmax,
1346 .extra1 = SYSCTL_ZERO,
1347 .extra2 = SYSCTL_TWO,
1348 },
1349 { }
1350 };
1351
1352 static __net_init int ipv4_sysctl_init_net(struct net *net)
1353 {
1354 struct ctl_table *table;
1355
1356 table = ipv4_net_table;
1357 if (!net_eq(net, &init_net)) {
1358 int i;
1359
1360 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1361 if (!table)
1362 goto err_alloc;
1363
1364
1365 for (i = 1; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1366 if (table[i].data) {
1367
1368
1369
1370 table[i].data += (void *)net - (void *)&init_net;
1371 } else {
1372
1373
1374
1375 table[i].mode &= ~0222;
1376 }
1377 }
1378 }
1379
1380 table[0].data = &net->ipv4.tcp_death_row->sysctl_max_tw_buckets;
1381
1382 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1383 if (!net->ipv4.ipv4_hdr)
1384 goto err_reg;
1385
1386 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1387 if (!net->ipv4.sysctl_local_reserved_ports)
1388 goto err_ports;
1389
1390 return 0;
1391
1392 err_ports:
1393 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1394 err_reg:
1395 if (!net_eq(net, &init_net))
1396 kfree(table);
1397 err_alloc:
1398 return -ENOMEM;
1399 }
1400
1401 static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1402 {
1403 struct ctl_table *table;
1404
1405 kfree(net->ipv4.sysctl_local_reserved_ports);
1406 table = net->ipv4.ipv4_hdr->ctl_table_arg;
1407 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1408 kfree(table);
1409 }
1410
1411 static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1412 .init = ipv4_sysctl_init_net,
1413 .exit = ipv4_sysctl_exit_net,
1414 };
1415
1416 static __init int sysctl_ipv4_init(void)
1417 {
1418 struct ctl_table_header *hdr;
1419
1420 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1421 if (!hdr)
1422 return -ENOMEM;
1423
1424 if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1425 unregister_net_sysctl_table(hdr);
1426 return -ENOMEM;
1427 }
1428
1429 return 0;
1430 }
1431
1432 __initcall(sysctl_ipv4_init);
