sysctl_net_ipv4.c (37802B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 7 */ 8 9#include <linux/sysctl.h> 10#include <linux/seqlock.h> 11#include <linux/init.h> 12#include <linux/slab.h> 13#include <net/icmp.h> 14#include <net/ip.h> 15#include <net/ip_fib.h> 16#include <net/tcp.h> 17#include <net/udp.h> 18#include <net/cipso_ipv4.h> 19#include <net/ping.h> 20#include <net/protocol.h> 21#include <net/netevent.h> 22 23static int tcp_retr1_max = 255; 24static int ip_local_port_range_min[] = { 1, 1 }; 25static int ip_local_port_range_max[] = { 65535, 65535 }; 26static int tcp_adv_win_scale_min = -31; 27static int tcp_adv_win_scale_max = 31; 28static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS; 29static int tcp_min_snd_mss_max = 65535; 30static int ip_privileged_port_min; 31static int ip_privileged_port_max = 65535; 32static int ip_ttl_min = 1; 33static int ip_ttl_max = 255; 34static int tcp_syn_retries_min = 1; 35static int tcp_syn_retries_max = MAX_TCP_SYNCNT; 36static int ip_ping_group_range_min[] = { 0, 0 }; 37static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 38static u32 u32_max_div_HZ = UINT_MAX / HZ; 39static int one_day_secs = 24 * 3600; 40static u32 fib_multipath_hash_fields_all_mask __maybe_unused = 41 FIB_MULTIPATH_HASH_FIELD_ALL_MASK; 42 43/* obsolete */ 44static int sysctl_tcp_low_latency __read_mostly; 45 46/* Update system visible IP port range */ 47static void set_local_port_range(struct net *net, int range[2]) 48{ 49 bool same_parity = !((range[0] ^ range[1]) & 1); 50 51 write_seqlock_bh(&net->ipv4.ip_local_ports.lock); 52 if (same_parity && !net->ipv4.ip_local_ports.warned) { 53 net->ipv4.ip_local_ports.warned = true; 54 pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n"); 55 } 56 net->ipv4.ip_local_ports.range[0] = range[0]; 57 net->ipv4.ip_local_ports.range[1] = range[1]; 58 write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); 59} 60 61/* Validate changes from /proc interface. */ 62static int ipv4_local_port_range(struct ctl_table *table, int write, 63 void *buffer, size_t *lenp, loff_t *ppos) 64{ 65 struct net *net = 66 container_of(table->data, struct net, ipv4.ip_local_ports.range); 67 int ret; 68 int range[2]; 69 struct ctl_table tmp = { 70 .data = &range, 71 .maxlen = sizeof(range), 72 .mode = table->mode, 73 .extra1 = &ip_local_port_range_min, 74 .extra2 = &ip_local_port_range_max, 75 }; 76 77 inet_get_local_port_range(net, &range[0], &range[1]); 78 79 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 80 81 if (write && ret == 0) { 82 /* Ensure that the upper limit is not smaller than the lower, 83 * and that the lower does not encroach upon the privileged 84 * port limit. 85 */ 86 if ((range[1] < range[0]) || 87 (range[0] < net->ipv4.sysctl_ip_prot_sock)) 88 ret = -EINVAL; 89 else 90 set_local_port_range(net, range); 91 } 92 93 return ret; 94} 95 96/* Validate changes from /proc interface. */ 97static int ipv4_privileged_ports(struct ctl_table *table, int write, 98 void *buffer, size_t *lenp, loff_t *ppos) 99{ 100 struct net *net = container_of(table->data, struct net, 101 ipv4.sysctl_ip_prot_sock); 102 int ret; 103 int pports; 104 int range[2]; 105 struct ctl_table tmp = { 106 .data = &pports, 107 .maxlen = sizeof(pports), 108 .mode = table->mode, 109 .extra1 = &ip_privileged_port_min, 110 .extra2 = &ip_privileged_port_max, 111 }; 112 113 pports = net->ipv4.sysctl_ip_prot_sock; 114 115 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 116 117 if (write && ret == 0) { 118 inet_get_local_port_range(net, &range[0], &range[1]); 119 /* Ensure that the local port range doesn't overlap with the 120 * privileged port range. 121 */ 122 if (range[0] < pports) 123 ret = -EINVAL; 124 else 125 net->ipv4.sysctl_ip_prot_sock = pports; 126 } 127 128 return ret; 129} 130 131static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) 132{ 133 kgid_t *data = table->data; 134 struct net *net = 135 container_of(table->data, struct net, ipv4.ping_group_range.range); 136 unsigned int seq; 137 do { 138 seq = read_seqbegin(&net->ipv4.ping_group_range.lock); 139 140 *low = data[0]; 141 *high = data[1]; 142 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq)); 143} 144 145/* Update system visible IP port range */ 146static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) 147{ 148 kgid_t *data = table->data; 149 struct net *net = 150 container_of(table->data, struct net, ipv4.ping_group_range.range); 151 write_seqlock(&net->ipv4.ping_group_range.lock); 152 data[0] = low; 153 data[1] = high; 154 write_sequnlock(&net->ipv4.ping_group_range.lock); 155} 156 157/* Validate changes from /proc interface. */ 158static int ipv4_ping_group_range(struct ctl_table *table, int write, 159 void *buffer, size_t *lenp, loff_t *ppos) 160{ 161 struct user_namespace *user_ns = current_user_ns(); 162 int ret; 163 gid_t urange[2]; 164 kgid_t low, high; 165 struct ctl_table tmp = { 166 .data = &urange, 167 .maxlen = sizeof(urange), 168 .mode = table->mode, 169 .extra1 = &ip_ping_group_range_min, 170 .extra2 = &ip_ping_group_range_max, 171 }; 172 173 inet_get_ping_group_range_table(table, &low, &high); 174 urange[0] = from_kgid_munged(user_ns, low); 175 urange[1] = from_kgid_munged(user_ns, high); 176 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 177 178 if (write && ret == 0) { 179 low = make_kgid(user_ns, urange[0]); 180 high = make_kgid(user_ns, urange[1]); 181 if (!gid_valid(low) || !gid_valid(high)) 182 return -EINVAL; 183 if (urange[1] < urange[0] || gid_lt(high, low)) { 184 low = make_kgid(&init_user_ns, 1); 185 high = make_kgid(&init_user_ns, 0); 186 } 187 set_ping_group_range(table, low, high); 188 } 189 190 return ret; 191} 192 193static int ipv4_fwd_update_priority(struct ctl_table *table, int write, 194 void *buffer, size_t *lenp, loff_t *ppos) 195{ 196 struct net *net; 197 int ret; 198 199 net = container_of(table->data, struct net, 200 ipv4.sysctl_ip_fwd_update_priority); 201 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 202 if (write && ret == 0) 203 call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE, 204 net); 205 206 return ret; 207} 208 209static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 210 void *buffer, size_t *lenp, loff_t *ppos) 211{ 212 struct net *net = container_of(ctl->data, struct net, 213 ipv4.tcp_congestion_control); 214 char val[TCP_CA_NAME_MAX]; 215 struct ctl_table tbl = { 216 .data = val, 217 .maxlen = TCP_CA_NAME_MAX, 218 }; 219 int ret; 220 221 tcp_get_default_congestion_control(net, val); 222 223 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 224 if (write && ret == 0) 225 ret = tcp_set_default_congestion_control(net, val); 226 return ret; 227} 228 229static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 230 int write, void *buffer, 231 size_t *lenp, loff_t *ppos) 232{ 233 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 234 int ret; 235 236 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 237 if (!tbl.data) 238 return -ENOMEM; 239 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX); 240 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 241 kfree(tbl.data); 242 return ret; 243} 244 245static int proc_allowed_congestion_control(struct ctl_table *ctl, 246 int write, void *buffer, 247 size_t *lenp, loff_t *ppos) 248{ 249 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 250 int ret; 251 252 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 253 if (!tbl.data) 254 return -ENOMEM; 255 256 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); 257 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 258 if (write && ret == 0) 259 ret = tcp_set_allowed_congestion_control(tbl.data); 260 kfree(tbl.data); 261 return ret; 262} 263 264static int sscanf_key(char *buf, __le32 *key) 265{ 266 u32 user_key[4]; 267 int i, ret = 0; 268 269 if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1, 270 user_key + 2, user_key + 3) != 4) { 271 ret = -EINVAL; 272 } else { 273 for (i = 0; i < ARRAY_SIZE(user_key); i++) 274 key[i] = cpu_to_le32(user_key[i]); 275 } 276 pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n", 277 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret); 278 279 return ret; 280} 281 282static int proc_tcp_fastopen_key(struct ctl_table *table, int write, 283 void *buffer, size_t *lenp, loff_t *ppos) 284{ 285 struct net *net = container_of(table->data, struct net, 286 ipv4.sysctl_tcp_fastopen); 287 /* maxlen to print the list of keys in hex (*2), with dashes 288 * separating doublewords and a comma in between keys. 289 */ 290 struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 291 2 * TCP_FASTOPEN_KEY_MAX) + 292 (TCP_FASTOPEN_KEY_MAX * 5)) }; 293 u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)]; 294 __le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)]; 295 char *backup_data; 296 int ret, i = 0, off = 0, n_keys; 297 298 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); 299 if (!tbl.data) 300 return -ENOMEM; 301 302 n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key); 303 if (!n_keys) { 304 memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH); 305 n_keys = 1; 306 } 307 308 for (i = 0; i < n_keys * 4; i++) 309 user_key[i] = le32_to_cpu(key[i]); 310 311 for (i = 0; i < n_keys; i++) { 312 off += snprintf(tbl.data + off, tbl.maxlen - off, 313 "%08x-%08x-%08x-%08x", 314 user_key[i * 4], 315 user_key[i * 4 + 1], 316 user_key[i * 4 + 2], 317 user_key[i * 4 + 3]); 318 319 if (WARN_ON_ONCE(off >= tbl.maxlen - 1)) 320 break; 321 322 if (i + 1 < n_keys) 323 off += snprintf(tbl.data + off, tbl.maxlen - off, ","); 324 } 325 326 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 327 328 if (write && ret == 0) { 329 backup_data = strchr(tbl.data, ','); 330 if (backup_data) { 331 *backup_data = '\0'; 332 backup_data++; 333 } 334 if (sscanf_key(tbl.data, key)) { 335 ret = -EINVAL; 336 goto bad_key; 337 } 338 if (backup_data) { 339 if (sscanf_key(backup_data, key + 4)) { 340 ret = -EINVAL; 341 goto bad_key; 342 } 343 } 344 tcp_fastopen_reset_cipher(net, NULL, key, 345 backup_data ? key + 4 : NULL); 346 } 347 348bad_key: 349 kfree(tbl.data); 350 return ret; 351} 352 353static void proc_configure_early_demux(int enabled, int protocol) 354{ 355 struct net_protocol *ipprot; 356#if IS_ENABLED(CONFIG_IPV6) 357 struct inet6_protocol *ip6prot; 358#endif 359 360 rcu_read_lock(); 361 362 ipprot = rcu_dereference(inet_protos[protocol]); 363 if (ipprot) 364 ipprot->early_demux = enabled ? ipprot->early_demux_handler : 365 NULL; 366 367#if IS_ENABLED(CONFIG_IPV6) 368 ip6prot = rcu_dereference(inet6_protos[protocol]); 369 if (ip6prot) 370 ip6prot->early_demux = enabled ? ip6prot->early_demux_handler : 371 NULL; 372#endif 373 rcu_read_unlock(); 374} 375 376static int proc_tcp_early_demux(struct ctl_table *table, int write, 377 void *buffer, size_t *lenp, loff_t *ppos) 378{ 379 int ret = 0; 380 381 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 382 383 if (write && !ret) { 384 int enabled = init_net.ipv4.sysctl_tcp_early_demux; 385 386 proc_configure_early_demux(enabled, IPPROTO_TCP); 387 } 388 389 return ret; 390} 391 392static int proc_udp_early_demux(struct ctl_table *table, int write, 393 void *buffer, size_t *lenp, loff_t *ppos) 394{ 395 int ret = 0; 396 397 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 398 399 if (write && !ret) { 400 int enabled = init_net.ipv4.sysctl_udp_early_demux; 401 402 proc_configure_early_demux(enabled, IPPROTO_UDP); 403 } 404 405 return ret; 406} 407 408static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table, 409 int write, void *buffer, 410 size_t *lenp, loff_t *ppos) 411{ 412 struct net *net = container_of(table->data, struct net, 413 ipv4.sysctl_tcp_fastopen_blackhole_timeout); 414 int ret; 415 416 ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 417 if (write && ret == 0) 418 atomic_set(&net->ipv4.tfo_active_disable_times, 0); 419 420 return ret; 421} 422 423static int proc_tcp_available_ulp(struct ctl_table *ctl, 424 int write, void *buffer, size_t *lenp, 425 loff_t *ppos) 426{ 427 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; 428 int ret; 429 430 tbl.data = kmalloc(tbl.maxlen, GFP_USER); 431 if (!tbl.data) 432 return -ENOMEM; 433 tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX); 434 ret = proc_dostring(&tbl, write, buffer, lenp, ppos); 435 kfree(tbl.data); 436 437 return ret; 438} 439 440#ifdef CONFIG_IP_ROUTE_MULTIPATH 441static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write, 442 void *buffer, size_t *lenp, 443 loff_t *ppos) 444{ 445 struct net *net = container_of(table->data, struct net, 446 ipv4.sysctl_fib_multipath_hash_policy); 447 int ret; 448 449 ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos); 450 if (write && ret == 0) 451 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 452 453 return ret; 454} 455 456static int proc_fib_multipath_hash_fields(struct ctl_table *table, int write, 457 void *buffer, size_t *lenp, 458 loff_t *ppos) 459{ 460 struct net *net; 461 int ret; 462 463 net = container_of(table->data, struct net, 464 ipv4.sysctl_fib_multipath_hash_fields); 465 ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos); 466 if (write && ret == 0) 467 call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net); 468 469 return ret; 470} 471#endif 472 473static struct ctl_table ipv4_table[] = { 474 { 475 .procname = "tcp_max_orphans", 476 .data = &sysctl_tcp_max_orphans, 477 .maxlen = sizeof(int), 478 .mode = 0644, 479 .proc_handler = proc_dointvec 480 }, 481 { 482 .procname = "inet_peer_threshold", 483 .data = &inet_peer_threshold, 484 .maxlen = sizeof(int), 485 .mode = 0644, 486 .proc_handler = proc_dointvec 487 }, 488 { 489 .procname = "inet_peer_minttl", 490 .data = &inet_peer_minttl, 491 .maxlen = sizeof(int), 492 .mode = 0644, 493 .proc_handler = proc_dointvec_jiffies, 494 }, 495 { 496 .procname = "inet_peer_maxttl", 497 .data = &inet_peer_maxttl, 498 .maxlen = sizeof(int), 499 .mode = 0644, 500 .proc_handler = proc_dointvec_jiffies, 501 }, 502 { 503 .procname = "tcp_mem", 504 .maxlen = sizeof(sysctl_tcp_mem), 505 .data = &sysctl_tcp_mem, 506 .mode = 0644, 507 .proc_handler = proc_doulongvec_minmax, 508 }, 509 { 510 .procname = "tcp_low_latency", 511 .data = &sysctl_tcp_low_latency, 512 .maxlen = sizeof(int), 513 .mode = 0644, 514 .proc_handler = proc_dointvec 515 }, 516#ifdef CONFIG_NETLABEL 517 { 518 .procname = "cipso_cache_enable", 519 .data = &cipso_v4_cache_enabled, 520 .maxlen = sizeof(int), 521 .mode = 0644, 522 .proc_handler = proc_dointvec, 523 }, 524 { 525 .procname = "cipso_cache_bucket_size", 526 .data = &cipso_v4_cache_bucketsize, 527 .maxlen = sizeof(int), 528 .mode = 0644, 529 .proc_handler = proc_dointvec, 530 }, 531 { 532 .procname = "cipso_rbm_optfmt", 533 .data = &cipso_v4_rbm_optfmt, 534 .maxlen = sizeof(int), 535 .mode = 0644, 536 .proc_handler = proc_dointvec, 537 }, 538 { 539 .procname = "cipso_rbm_strictvalid", 540 .data = &cipso_v4_rbm_strictvalid, 541 .maxlen = sizeof(int), 542 .mode = 0644, 543 .proc_handler = proc_dointvec, 544 }, 545#endif /* CONFIG_NETLABEL */ 546 { 547 .procname = "tcp_available_ulp", 548 .maxlen = TCP_ULP_BUF_MAX, 549 .mode = 0444, 550 .proc_handler = proc_tcp_available_ulp, 551 }, 552 { 553 .procname = "icmp_msgs_per_sec", 554 .data = &sysctl_icmp_msgs_per_sec, 555 .maxlen = sizeof(int), 556 .mode = 0644, 557 .proc_handler = proc_dointvec_minmax, 558 .extra1 = SYSCTL_ZERO, 559 }, 560 { 561 .procname = "icmp_msgs_burst", 562 .data = &sysctl_icmp_msgs_burst, 563 .maxlen = sizeof(int), 564 .mode = 0644, 565 .proc_handler = proc_dointvec_minmax, 566 .extra1 = SYSCTL_ZERO, 567 }, 568 { 569 .procname = "udp_mem", 570 .data = &sysctl_udp_mem, 571 .maxlen = sizeof(sysctl_udp_mem), 572 .mode = 0644, 573 .proc_handler = proc_doulongvec_minmax, 574 }, 575 { 576 .procname = "fib_sync_mem", 577 .data = &sysctl_fib_sync_mem, 578 .maxlen = sizeof(sysctl_fib_sync_mem), 579 .mode = 0644, 580 .proc_handler = proc_douintvec_minmax, 581 .extra1 = &sysctl_fib_sync_mem_min, 582 .extra2 = &sysctl_fib_sync_mem_max, 583 }, 584 { } 585}; 586 587static struct ctl_table ipv4_net_table[] = { 588 /* tcp_max_tw_buckets must be first in this table. */ 589 { 590 .procname = "tcp_max_tw_buckets", 591/* .data = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets, */ 592 .maxlen = sizeof(int), 593 .mode = 0644, 594 .proc_handler = proc_dointvec 595 }, 596 { 597 .procname = "icmp_echo_ignore_all", 598 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, 599 .maxlen = sizeof(u8), 600 .mode = 0644, 601 .proc_handler = proc_dou8vec_minmax, 602 }, 603 { 604 .procname = "icmp_echo_enable_probe", 605 .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe, 606 .maxlen = sizeof(u8), 607 .mode = 0644, 608 .proc_handler = proc_dou8vec_minmax, 609 .extra1 = SYSCTL_ZERO, 610 .extra2 = SYSCTL_ONE 611 }, 612 { 613 .procname = "icmp_echo_ignore_broadcasts", 614 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, 615 .maxlen = sizeof(u8), 616 .mode = 0644, 617 .proc_handler = proc_dou8vec_minmax, 618 }, 619 { 620 .procname = "icmp_ignore_bogus_error_responses", 621 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, 622 .maxlen = sizeof(u8), 623 .mode = 0644, 624 .proc_handler = proc_dou8vec_minmax, 625 }, 626 { 627 .procname = "icmp_errors_use_inbound_ifaddr", 628 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, 629 .maxlen = sizeof(u8), 630 .mode = 0644, 631 .proc_handler = proc_dou8vec_minmax, 632 }, 633 { 634 .procname = "icmp_ratelimit", 635 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 636 .maxlen = sizeof(int), 637 .mode = 0644, 638 .proc_handler = proc_dointvec_ms_jiffies, 639 }, 640 { 641 .procname = "icmp_ratemask", 642 .data = &init_net.ipv4.sysctl_icmp_ratemask, 643 .maxlen = sizeof(int), 644 .mode = 0644, 645 .proc_handler = proc_dointvec 646 }, 647 { 648 .procname = "ping_group_range", 649 .data = &init_net.ipv4.ping_group_range.range, 650 .maxlen = sizeof(gid_t)*2, 651 .mode = 0644, 652 .proc_handler = ipv4_ping_group_range, 653 }, 654#ifdef CONFIG_NET_L3_MASTER_DEV 655 { 656 .procname = "raw_l3mdev_accept", 657 .data = &init_net.ipv4.sysctl_raw_l3mdev_accept, 658 .maxlen = sizeof(u8), 659 .mode = 0644, 660 .proc_handler = proc_dou8vec_minmax, 661 .extra1 = SYSCTL_ZERO, 662 .extra2 = SYSCTL_ONE, 663 }, 664#endif 665 { 666 .procname = "tcp_ecn", 667 .data = &init_net.ipv4.sysctl_tcp_ecn, 668 .maxlen = sizeof(u8), 669 .mode = 0644, 670 .proc_handler = proc_dou8vec_minmax, 671 }, 672 { 673 .procname = "tcp_ecn_fallback", 674 .data = &init_net.ipv4.sysctl_tcp_ecn_fallback, 675 .maxlen = sizeof(u8), 676 .mode = 0644, 677 .proc_handler = proc_dou8vec_minmax, 678 }, 679 { 680 .procname = "ip_dynaddr", 681 .data = &init_net.ipv4.sysctl_ip_dynaddr, 682 .maxlen = sizeof(u8), 683 .mode = 0644, 684 .proc_handler = proc_dou8vec_minmax, 685 }, 686 { 687 .procname = "ip_early_demux", 688 .data = &init_net.ipv4.sysctl_ip_early_demux, 689 .maxlen = sizeof(u8), 690 .mode = 0644, 691 .proc_handler = proc_dou8vec_minmax, 692 }, 693 { 694 .procname = "udp_early_demux", 695 .data = &init_net.ipv4.sysctl_udp_early_demux, 696 .maxlen = sizeof(u8), 697 .mode = 0644, 698 .proc_handler = proc_udp_early_demux 699 }, 700 { 701 .procname = "tcp_early_demux", 702 .data = &init_net.ipv4.sysctl_tcp_early_demux, 703 .maxlen = sizeof(u8), 704 .mode = 0644, 705 .proc_handler = proc_tcp_early_demux 706 }, 707 { 708 .procname = "nexthop_compat_mode", 709 .data = &init_net.ipv4.sysctl_nexthop_compat_mode, 710 .maxlen = sizeof(u8), 711 .mode = 0644, 712 .proc_handler = proc_dou8vec_minmax, 713 .extra1 = SYSCTL_ZERO, 714 .extra2 = SYSCTL_ONE, 715 }, 716 { 717 .procname = "ip_default_ttl", 718 .data = &init_net.ipv4.sysctl_ip_default_ttl, 719 .maxlen = sizeof(u8), 720 .mode = 0644, 721 .proc_handler = proc_dou8vec_minmax, 722 .extra1 = &ip_ttl_min, 723 .extra2 = &ip_ttl_max, 724 }, 725 { 726 .procname = "ip_local_port_range", 727 .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), 728 .data = &init_net.ipv4.ip_local_ports.range, 729 .mode = 0644, 730 .proc_handler = ipv4_local_port_range, 731 }, 732 { 733 .procname = "ip_local_reserved_ports", 734 .data = &init_net.ipv4.sysctl_local_reserved_ports, 735 .maxlen = 65536, 736 .mode = 0644, 737 .proc_handler = proc_do_large_bitmap, 738 }, 739 { 740 .procname = "ip_no_pmtu_disc", 741 .data = &init_net.ipv4.sysctl_ip_no_pmtu_disc, 742 .maxlen = sizeof(u8), 743 .mode = 0644, 744 .proc_handler = proc_dou8vec_minmax, 745 }, 746 { 747 .procname = "ip_forward_use_pmtu", 748 .data = &init_net.ipv4.sysctl_ip_fwd_use_pmtu, 749 .maxlen = sizeof(u8), 750 .mode = 0644, 751 .proc_handler = proc_dou8vec_minmax, 752 }, 753 { 754 .procname = "ip_forward_update_priority", 755 .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, 756 .maxlen = sizeof(u8), 757 .mode = 0644, 758 .proc_handler = ipv4_fwd_update_priority, 759 .extra1 = SYSCTL_ZERO, 760 .extra2 = SYSCTL_ONE, 761 }, 762 { 763 .procname = "ip_nonlocal_bind", 764 .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, 765 .maxlen = sizeof(u8), 766 .mode = 0644, 767 .proc_handler = proc_dou8vec_minmax, 768 }, 769 { 770 .procname = "ip_autobind_reuse", 771 .data = &init_net.ipv4.sysctl_ip_autobind_reuse, 772 .maxlen = sizeof(u8), 773 .mode = 0644, 774 .proc_handler = proc_dou8vec_minmax, 775 .extra1 = SYSCTL_ZERO, 776 .extra2 = SYSCTL_ONE, 777 }, 778 { 779 .procname = "fwmark_reflect", 780 .data = &init_net.ipv4.sysctl_fwmark_reflect, 781 .maxlen = sizeof(u8), 782 .mode = 0644, 783 .proc_handler = proc_dou8vec_minmax, 784 }, 785 { 786 .procname = "tcp_fwmark_accept", 787 .data = &init_net.ipv4.sysctl_tcp_fwmark_accept, 788 .maxlen = sizeof(u8), 789 .mode = 0644, 790 .proc_handler = proc_dou8vec_minmax, 791 }, 792#ifdef CONFIG_NET_L3_MASTER_DEV 793 { 794 .procname = "tcp_l3mdev_accept", 795 .data = &init_net.ipv4.sysctl_tcp_l3mdev_accept, 796 .maxlen = sizeof(u8), 797 .mode = 0644, 798 .proc_handler = proc_dou8vec_minmax, 799 .extra1 = SYSCTL_ZERO, 800 .extra2 = SYSCTL_ONE, 801 }, 802#endif 803 { 804 .procname = "tcp_mtu_probing", 805 .data = &init_net.ipv4.sysctl_tcp_mtu_probing, 806 .maxlen = sizeof(u8), 807 .mode = 0644, 808 .proc_handler = proc_dou8vec_minmax, 809 }, 810 { 811 .procname = "tcp_base_mss", 812 .data = &init_net.ipv4.sysctl_tcp_base_mss, 813 .maxlen = sizeof(int), 814 .mode = 0644, 815 .proc_handler = proc_dointvec, 816 }, 817 { 818 .procname = "tcp_min_snd_mss", 819 .data = &init_net.ipv4.sysctl_tcp_min_snd_mss, 820 .maxlen = sizeof(int), 821 .mode = 0644, 822 .proc_handler = proc_dointvec_minmax, 823 .extra1 = &tcp_min_snd_mss_min, 824 .extra2 = &tcp_min_snd_mss_max, 825 }, 826 { 827 .procname = "tcp_mtu_probe_floor", 828 .data = &init_net.ipv4.sysctl_tcp_mtu_probe_floor, 829 .maxlen = sizeof(int), 830 .mode = 0644, 831 .proc_handler = proc_dointvec_minmax, 832 .extra1 = &tcp_min_snd_mss_min, 833 .extra2 = &tcp_min_snd_mss_max, 834 }, 835 { 836 .procname = "tcp_probe_threshold", 837 .data = &init_net.ipv4.sysctl_tcp_probe_threshold, 838 .maxlen = sizeof(int), 839 .mode = 0644, 840 .proc_handler = proc_dointvec, 841 }, 842 { 843 .procname = "tcp_probe_interval", 844 .data = &init_net.ipv4.sysctl_tcp_probe_interval, 845 .maxlen = sizeof(u32), 846 .mode = 0644, 847 .proc_handler = proc_douintvec_minmax, 848 .extra2 = &u32_max_div_HZ, 849 }, 850 { 851 .procname = "igmp_link_local_mcast_reports", 852 .data = &init_net.ipv4.sysctl_igmp_llm_reports, 853 .maxlen = sizeof(u8), 854 .mode = 0644, 855 .proc_handler = proc_dou8vec_minmax, 856 }, 857 { 858 .procname = "igmp_max_memberships", 859 .data = &init_net.ipv4.sysctl_igmp_max_memberships, 860 .maxlen = sizeof(int), 861 .mode = 0644, 862 .proc_handler = proc_dointvec 863 }, 864 { 865 .procname = "igmp_max_msf", 866 .data = &init_net.ipv4.sysctl_igmp_max_msf, 867 .maxlen = sizeof(int), 868 .mode = 0644, 869 .proc_handler = proc_dointvec 870 }, 871#ifdef CONFIG_IP_MULTICAST 872 { 873 .procname = "igmp_qrv", 874 .data = &init_net.ipv4.sysctl_igmp_qrv, 875 .maxlen = sizeof(int), 876 .mode = 0644, 877 .proc_handler = proc_dointvec_minmax, 878 .extra1 = SYSCTL_ONE 879 }, 880#endif 881 { 882 .procname = "tcp_congestion_control", 883 .data = &init_net.ipv4.tcp_congestion_control, 884 .mode = 0644, 885 .maxlen = TCP_CA_NAME_MAX, 886 .proc_handler = proc_tcp_congestion_control, 887 }, 888 { 889 .procname = "tcp_available_congestion_control", 890 .maxlen = TCP_CA_BUF_MAX, 891 .mode = 0444, 892 .proc_handler = proc_tcp_available_congestion_control, 893 }, 894 { 895 .procname = "tcp_allowed_congestion_control", 896 .maxlen = TCP_CA_BUF_MAX, 897 .mode = 0644, 898 .proc_handler = proc_allowed_congestion_control, 899 }, 900 { 901 .procname = "tcp_keepalive_time", 902 .data = &init_net.ipv4.sysctl_tcp_keepalive_time, 903 .maxlen = sizeof(int), 904 .mode = 0644, 905 .proc_handler = proc_dointvec_jiffies, 906 }, 907 { 908 .procname = "tcp_keepalive_probes", 909 .data = &init_net.ipv4.sysctl_tcp_keepalive_probes, 910 .maxlen = sizeof(u8), 911 .mode = 0644, 912 .proc_handler = proc_dou8vec_minmax, 913 }, 914 { 915 .procname = "tcp_keepalive_intvl", 916 .data = &init_net.ipv4.sysctl_tcp_keepalive_intvl, 917 .maxlen = sizeof(int), 918 .mode = 0644, 919 .proc_handler = proc_dointvec_jiffies, 920 }, 921 { 922 .procname = "tcp_syn_retries", 923 .data = &init_net.ipv4.sysctl_tcp_syn_retries, 924 .maxlen = sizeof(u8), 925 .mode = 0644, 926 .proc_handler = proc_dou8vec_minmax, 927 .extra1 = &tcp_syn_retries_min, 928 .extra2 = &tcp_syn_retries_max 929 }, 930 { 931 .procname = "tcp_synack_retries", 932 .data = &init_net.ipv4.sysctl_tcp_synack_retries, 933 .maxlen = sizeof(u8), 934 .mode = 0644, 935 .proc_handler = proc_dou8vec_minmax, 936 }, 937#ifdef CONFIG_SYN_COOKIES 938 { 939 .procname = "tcp_syncookies", 940 .data = &init_net.ipv4.sysctl_tcp_syncookies, 941 .maxlen = sizeof(u8), 942 .mode = 0644, 943 .proc_handler = proc_dou8vec_minmax, 944 }, 945#endif 946 { 947 .procname = "tcp_migrate_req", 948 .data = &init_net.ipv4.sysctl_tcp_migrate_req, 949 .maxlen = sizeof(u8), 950 .mode = 0644, 951 .proc_handler = proc_dou8vec_minmax, 952 .extra1 = SYSCTL_ZERO, 953 .extra2 = SYSCTL_ONE 954 }, 955 { 956 .procname = "tcp_reordering", 957 .data = &init_net.ipv4.sysctl_tcp_reordering, 958 .maxlen = sizeof(int), 959 .mode = 0644, 960 .proc_handler = proc_dointvec 961 }, 962 { 963 .procname = "tcp_retries1", 964 .data = &init_net.ipv4.sysctl_tcp_retries1, 965 .maxlen = sizeof(u8), 966 .mode = 0644, 967 .proc_handler = proc_dou8vec_minmax, 968 .extra2 = &tcp_retr1_max 969 }, 970 { 971 .procname = "tcp_retries2", 972 .data = &init_net.ipv4.sysctl_tcp_retries2, 973 .maxlen = sizeof(u8), 974 .mode = 0644, 975 .proc_handler = proc_dou8vec_minmax, 976 }, 977 { 978 .procname = "tcp_orphan_retries", 979 .data = &init_net.ipv4.sysctl_tcp_orphan_retries, 980 .maxlen = sizeof(u8), 981 .mode = 0644, 982 .proc_handler = proc_dou8vec_minmax, 983 }, 984 { 985 .procname = "tcp_fin_timeout", 986 .data = &init_net.ipv4.sysctl_tcp_fin_timeout, 987 .maxlen = sizeof(int), 988 .mode = 0644, 989 .proc_handler = proc_dointvec_jiffies, 990 }, 991 { 992 .procname = "tcp_notsent_lowat", 993 .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, 994 .maxlen = sizeof(unsigned int), 995 .mode = 0644, 996 .proc_handler = proc_douintvec, 997 }, 998 { 999 .procname = "tcp_tw_reuse", 1000 .data = &init_net.ipv4.sysctl_tcp_tw_reuse, 1001 .maxlen = sizeof(u8), 1002 .mode = 0644, 1003 .proc_handler = proc_dou8vec_minmax, 1004 .extra1 = SYSCTL_ZERO, 1005 .extra2 = SYSCTL_TWO, 1006 }, 1007 { 1008 .procname = "tcp_max_syn_backlog", 1009 .data = &init_net.ipv4.sysctl_max_syn_backlog, 1010 .maxlen = sizeof(int), 1011 .mode = 0644, 1012 .proc_handler = proc_dointvec 1013 }, 1014 { 1015 .procname = "tcp_fastopen", 1016 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1017 .maxlen = sizeof(int), 1018 .mode = 0644, 1019 .proc_handler = proc_dointvec, 1020 }, 1021 { 1022 .procname = "tcp_fastopen_key", 1023 .mode = 0600, 1024 .data = &init_net.ipv4.sysctl_tcp_fastopen, 1025 /* maxlen to print the list of keys in hex (*2), with dashes 1026 * separating doublewords and a comma in between keys. 1027 */ 1028 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 1029 2 * TCP_FASTOPEN_KEY_MAX) + 1030 (TCP_FASTOPEN_KEY_MAX * 5)), 1031 .proc_handler = proc_tcp_fastopen_key, 1032 }, 1033 { 1034 .procname = "tcp_fastopen_blackhole_timeout_sec", 1035 .data = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout, 1036 .maxlen = sizeof(int), 1037 .mode = 0644, 1038 .proc_handler = proc_tfo_blackhole_detect_timeout, 1039 .extra1 = SYSCTL_ZERO, 1040 }, 1041#ifdef CONFIG_IP_ROUTE_MULTIPATH 1042 { 1043 .procname = "fib_multipath_use_neigh", 1044 .data = &init_net.ipv4.sysctl_fib_multipath_use_neigh, 1045 .maxlen = sizeof(u8), 1046 .mode = 0644, 1047 .proc_handler = proc_dou8vec_minmax, 1048 .extra1 = SYSCTL_ZERO, 1049 .extra2 = SYSCTL_ONE, 1050 }, 1051 { 1052 .procname = "fib_multipath_hash_policy", 1053 .data = &init_net.ipv4.sysctl_fib_multipath_hash_policy, 1054 .maxlen = sizeof(u8), 1055 .mode = 0644, 1056 .proc_handler = proc_fib_multipath_hash_policy, 1057 .extra1 = SYSCTL_ZERO, 1058 .extra2 = SYSCTL_THREE, 1059 }, 1060 { 1061 .procname = "fib_multipath_hash_fields", 1062 .data = &init_net.ipv4.sysctl_fib_multipath_hash_fields, 1063 .maxlen = sizeof(u32), 1064 .mode = 0644, 1065 .proc_handler = proc_fib_multipath_hash_fields, 1066 .extra1 = SYSCTL_ONE, 1067 .extra2 = &fib_multipath_hash_fields_all_mask, 1068 }, 1069#endif 1070 { 1071 .procname = "ip_unprivileged_port_start", 1072 .maxlen = sizeof(int), 1073 .data = &init_net.ipv4.sysctl_ip_prot_sock, 1074 .mode = 0644, 1075 .proc_handler = ipv4_privileged_ports, 1076 }, 1077#ifdef CONFIG_NET_L3_MASTER_DEV 1078 { 1079 .procname = "udp_l3mdev_accept", 1080 .data = &init_net.ipv4.sysctl_udp_l3mdev_accept, 1081 .maxlen = sizeof(u8), 1082 .mode = 0644, 1083 .proc_handler = proc_dou8vec_minmax, 1084 .extra1 = SYSCTL_ZERO, 1085 .extra2 = SYSCTL_ONE, 1086 }, 1087#endif 1088 { 1089 .procname = "tcp_sack", 1090 .data = &init_net.ipv4.sysctl_tcp_sack, 1091 .maxlen = sizeof(u8), 1092 .mode = 0644, 1093 .proc_handler = proc_dou8vec_minmax, 1094 }, 1095 { 1096 .procname = "tcp_window_scaling", 1097 .data = &init_net.ipv4.sysctl_tcp_window_scaling, 1098 .maxlen = sizeof(u8), 1099 .mode = 0644, 1100 .proc_handler = proc_dou8vec_minmax, 1101 }, 1102 { 1103 .procname = "tcp_timestamps", 1104 .data = &init_net.ipv4.sysctl_tcp_timestamps, 1105 .maxlen = sizeof(u8), 1106 .mode = 0644, 1107 .proc_handler = proc_dou8vec_minmax, 1108 }, 1109 { 1110 .procname = "tcp_early_retrans", 1111 .data = &init_net.ipv4.sysctl_tcp_early_retrans, 1112 .maxlen = sizeof(u8), 1113 .mode = 0644, 1114 .proc_handler = proc_dou8vec_minmax, 1115 .extra1 = SYSCTL_ZERO, 1116 .extra2 = SYSCTL_FOUR, 1117 }, 1118 { 1119 .procname = "tcp_recovery", 1120 .data = &init_net.ipv4.sysctl_tcp_recovery, 1121 .maxlen = sizeof(u8), 1122 .mode = 0644, 1123 .proc_handler = proc_dou8vec_minmax, 1124 }, 1125 { 1126 .procname = "tcp_thin_linear_timeouts", 1127 .data = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts, 1128 .maxlen = sizeof(u8), 1129 .mode = 0644, 1130 .proc_handler = proc_dou8vec_minmax, 1131 }, 1132 { 1133 .procname = "tcp_slow_start_after_idle", 1134 .data = &init_net.ipv4.sysctl_tcp_slow_start_after_idle, 1135 .maxlen = sizeof(u8), 1136 .mode = 0644, 1137 .proc_handler = proc_dou8vec_minmax, 1138 }, 1139 { 1140 .procname = "tcp_retrans_collapse", 1141 .data = &init_net.ipv4.sysctl_tcp_retrans_collapse, 1142 .maxlen = sizeof(u8), 1143 .mode = 0644, 1144 .proc_handler = proc_dou8vec_minmax, 1145 }, 1146 { 1147 .procname = "tcp_stdurg", 1148 .data = &init_net.ipv4.sysctl_tcp_stdurg, 1149 .maxlen = sizeof(u8), 1150 .mode = 0644, 1151 .proc_handler = proc_dou8vec_minmax, 1152 }, 1153 { 1154 .procname = "tcp_rfc1337", 1155 .data = &init_net.ipv4.sysctl_tcp_rfc1337, 1156 .maxlen = sizeof(u8), 1157 .mode = 0644, 1158 .proc_handler = proc_dou8vec_minmax, 1159 }, 1160 { 1161 .procname = "tcp_abort_on_overflow", 1162 .data = &init_net.ipv4.sysctl_tcp_abort_on_overflow, 1163 .maxlen = sizeof(u8), 1164 .mode = 0644, 1165 .proc_handler = proc_dou8vec_minmax, 1166 }, 1167 { 1168 .procname = "tcp_fack", 1169 .data = &init_net.ipv4.sysctl_tcp_fack, 1170 .maxlen = sizeof(u8), 1171 .mode = 0644, 1172 .proc_handler = proc_dou8vec_minmax, 1173 }, 1174 { 1175 .procname = "tcp_max_reordering", 1176 .data = &init_net.ipv4.sysctl_tcp_max_reordering, 1177 .maxlen = sizeof(int), 1178 .mode = 0644, 1179 .proc_handler = proc_dointvec 1180 }, 1181 { 1182 .procname = "tcp_dsack", 1183 .data = &init_net.ipv4.sysctl_tcp_dsack, 1184 .maxlen = sizeof(u8), 1185 .mode = 0644, 1186 .proc_handler = proc_dou8vec_minmax, 1187 }, 1188 { 1189 .procname = "tcp_app_win", 1190 .data = &init_net.ipv4.sysctl_tcp_app_win, 1191 .maxlen = sizeof(u8), 1192 .mode = 0644, 1193 .proc_handler = proc_dou8vec_minmax, 1194 }, 1195 { 1196 .procname = "tcp_adv_win_scale", 1197 .data = &init_net.ipv4.sysctl_tcp_adv_win_scale, 1198 .maxlen = sizeof(int), 1199 .mode = 0644, 1200 .proc_handler = proc_dointvec_minmax, 1201 .extra1 = &tcp_adv_win_scale_min, 1202 .extra2 = &tcp_adv_win_scale_max, 1203 }, 1204 { 1205 .procname = "tcp_frto", 1206 .data = &init_net.ipv4.sysctl_tcp_frto, 1207 .maxlen = sizeof(u8), 1208 .mode = 0644, 1209 .proc_handler = proc_dou8vec_minmax, 1210 }, 1211 { 1212 .procname = "tcp_no_metrics_save", 1213 .data = &init_net.ipv4.sysctl_tcp_nometrics_save, 1214 .maxlen = sizeof(u8), 1215 .mode = 0644, 1216 .proc_handler = proc_dou8vec_minmax, 1217 }, 1218 { 1219 .procname = "tcp_no_ssthresh_metrics_save", 1220 .data = &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save, 1221 .maxlen = sizeof(u8), 1222 .mode = 0644, 1223 .proc_handler = proc_dou8vec_minmax, 1224 .extra1 = SYSCTL_ZERO, 1225 .extra2 = SYSCTL_ONE, 1226 }, 1227 { 1228 .procname = "tcp_moderate_rcvbuf", 1229 .data = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf, 1230 .maxlen = sizeof(u8), 1231 .mode = 0644, 1232 .proc_handler = proc_dou8vec_minmax, 1233 }, 1234 { 1235 .procname = "tcp_tso_win_divisor", 1236 .data = &init_net.ipv4.sysctl_tcp_tso_win_divisor, 1237 .maxlen = sizeof(u8), 1238 .mode = 0644, 1239 .proc_handler = proc_dou8vec_minmax, 1240 }, 1241 { 1242 .procname = "tcp_workaround_signed_windows", 1243 .data = &init_net.ipv4.sysctl_tcp_workaround_signed_windows, 1244 .maxlen = sizeof(u8), 1245 .mode = 0644, 1246 .proc_handler = proc_dou8vec_minmax, 1247 }, 1248 { 1249 .procname = "tcp_limit_output_bytes", 1250 .data = &init_net.ipv4.sysctl_tcp_limit_output_bytes, 1251 .maxlen = sizeof(int), 1252 .mode = 0644, 1253 .proc_handler = proc_dointvec 1254 }, 1255 { 1256 .procname = "tcp_challenge_ack_limit", 1257 .data = &init_net.ipv4.sysctl_tcp_challenge_ack_limit, 1258 .maxlen = sizeof(int), 1259 .mode = 0644, 1260 .proc_handler = proc_dointvec 1261 }, 1262 { 1263 .procname = "tcp_min_tso_segs", 1264 .data = &init_net.ipv4.sysctl_tcp_min_tso_segs, 1265 .maxlen = sizeof(u8), 1266 .mode = 0644, 1267 .proc_handler = proc_dou8vec_minmax, 1268 .extra1 = SYSCTL_ONE, 1269 }, 1270 { 1271 .procname = "tcp_tso_rtt_log", 1272 .data = &init_net.ipv4.sysctl_tcp_tso_rtt_log, 1273 .maxlen = sizeof(u8), 1274 .mode = 0644, 1275 .proc_handler = proc_dou8vec_minmax, 1276 }, 1277 { 1278 .procname = "tcp_min_rtt_wlen", 1279 .data = &init_net.ipv4.sysctl_tcp_min_rtt_wlen, 1280 .maxlen = sizeof(int), 1281 .mode = 0644, 1282 .proc_handler = proc_dointvec_minmax, 1283 .extra1 = SYSCTL_ZERO, 1284 .extra2 = &one_day_secs 1285 }, 1286 { 1287 .procname = "tcp_autocorking", 1288 .data = &init_net.ipv4.sysctl_tcp_autocorking, 1289 .maxlen = sizeof(u8), 1290 .mode = 0644, 1291 .proc_handler = proc_dou8vec_minmax, 1292 .extra1 = SYSCTL_ZERO, 1293 .extra2 = SYSCTL_ONE, 1294 }, 1295 { 1296 .procname = "tcp_invalid_ratelimit", 1297 .data = &init_net.ipv4.sysctl_tcp_invalid_ratelimit, 1298 .maxlen = sizeof(int), 1299 .mode = 0644, 1300 .proc_handler = proc_dointvec_ms_jiffies, 1301 }, 1302 { 1303 .procname = "tcp_pacing_ss_ratio", 1304 .data = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio, 1305 .maxlen = sizeof(int), 1306 .mode = 0644, 1307 .proc_handler = proc_dointvec_minmax, 1308 .extra1 = SYSCTL_ZERO, 1309 .extra2 = SYSCTL_ONE_THOUSAND, 1310 }, 1311 { 1312 .procname = "tcp_pacing_ca_ratio", 1313 .data = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio, 1314 .maxlen = sizeof(int), 1315 .mode = 0644, 1316 .proc_handler = proc_dointvec_minmax, 1317 .extra1 = SYSCTL_ZERO, 1318 .extra2 = SYSCTL_ONE_THOUSAND, 1319 }, 1320 { 1321 .procname = "tcp_wmem", 1322 .data = &init_net.ipv4.sysctl_tcp_wmem, 1323 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_wmem), 1324 .mode = 0644, 1325 .proc_handler = proc_dointvec_minmax, 1326 .extra1 = SYSCTL_ONE, 1327 }, 1328 { 1329 .procname = "tcp_rmem", 1330 .data = &init_net.ipv4.sysctl_tcp_rmem, 1331 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_rmem), 1332 .mode = 0644, 1333 .proc_handler = proc_dointvec_minmax, 1334 .extra1 = SYSCTL_ONE, 1335 }, 1336 { 1337 .procname = "tcp_comp_sack_delay_ns", 1338 .data = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns, 1339 .maxlen = sizeof(unsigned long), 1340 .mode = 0644, 1341 .proc_handler = proc_doulongvec_minmax, 1342 }, 1343 { 1344 .procname = "tcp_comp_sack_slack_ns", 1345 .data = &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns, 1346 .maxlen = sizeof(unsigned long), 1347 .mode = 0644, 1348 .proc_handler = proc_doulongvec_minmax, 1349 }, 1350 { 1351 .procname = "tcp_comp_sack_nr", 1352 .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr, 1353 .maxlen = sizeof(u8), 1354 .mode = 0644, 1355 .proc_handler = proc_dou8vec_minmax, 1356 .extra1 = SYSCTL_ZERO, 1357 }, 1358 { 1359 .procname = "tcp_reflect_tos", 1360 .data = &init_net.ipv4.sysctl_tcp_reflect_tos, 1361 .maxlen = sizeof(u8), 1362 .mode = 0644, 1363 .proc_handler = proc_dou8vec_minmax, 1364 .extra1 = SYSCTL_ZERO, 1365 .extra2 = SYSCTL_ONE, 1366 }, 1367 { 1368 .procname = "udp_rmem_min", 1369 .data = &init_net.ipv4.sysctl_udp_rmem_min, 1370 .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min), 1371 .mode = 0644, 1372 .proc_handler = proc_dointvec_minmax, 1373 .extra1 = SYSCTL_ONE 1374 }, 1375 { 1376 .procname = "udp_wmem_min", 1377 .data = &init_net.ipv4.sysctl_udp_wmem_min, 1378 .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min), 1379 .mode = 0644, 1380 .proc_handler = proc_dointvec_minmax, 1381 .extra1 = SYSCTL_ONE 1382 }, 1383 { 1384 .procname = "fib_notify_on_flag_change", 1385 .data = &init_net.ipv4.sysctl_fib_notify_on_flag_change, 1386 .maxlen = sizeof(u8), 1387 .mode = 0644, 1388 .proc_handler = proc_dou8vec_minmax, 1389 .extra1 = SYSCTL_ZERO, 1390 .extra2 = SYSCTL_TWO, 1391 }, 1392 { } 1393}; 1394 1395static __net_init int ipv4_sysctl_init_net(struct net *net) 1396{ 1397 struct ctl_table *table; 1398 1399 table = ipv4_net_table; 1400 if (!net_eq(net, &init_net)) { 1401 int i; 1402 1403 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); 1404 if (!table) 1405 goto err_alloc; 1406 1407 /* skip first entry (sysctl_max_tw_buckets) */ 1408 for (i = 1; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) { 1409 if (table[i].data) { 1410 /* Update the variables to point into 1411 * the current struct net 1412 */ 1413 table[i].data += (void *)net - (void *)&init_net; 1414 } else { 1415 /* Entries without data pointer are global; 1416 * Make them read-only in non-init_net ns 1417 */ 1418 table[i].mode &= ~0222; 1419 } 1420 } 1421 } 1422 1423 table[0].data = &net->ipv4.tcp_death_row->sysctl_max_tw_buckets; 1424 1425 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); 1426 if (!net->ipv4.ipv4_hdr) 1427 goto err_reg; 1428 1429 net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); 1430 if (!net->ipv4.sysctl_local_reserved_ports) 1431 goto err_ports; 1432 1433 return 0; 1434 1435err_ports: 1436 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1437err_reg: 1438 if (!net_eq(net, &init_net)) 1439 kfree(table); 1440err_alloc: 1441 return -ENOMEM; 1442} 1443 1444static __net_exit void ipv4_sysctl_exit_net(struct net *net) 1445{ 1446 struct ctl_table *table; 1447 1448 kfree(net->ipv4.sysctl_local_reserved_ports); 1449 table = net->ipv4.ipv4_hdr->ctl_table_arg; 1450 unregister_net_sysctl_table(net->ipv4.ipv4_hdr); 1451 kfree(table); 1452} 1453 1454static __net_initdata struct pernet_operations ipv4_sysctl_ops = { 1455 .init = ipv4_sysctl_init_net, 1456 .exit = ipv4_sysctl_exit_net, 1457}; 1458 1459static __init int sysctl_ipv4_init(void) 1460{ 1461 struct ctl_table_header *hdr; 1462 1463 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); 1464 if (!hdr) 1465 return -ENOMEM; 1466 1467 if (register_pernet_subsys(&ipv4_sysctl_ops)) { 1468 unregister_net_sysctl_table(hdr); 1469 return -ENOMEM; 1470 } 1471 1472 return 0; 1473} 1474 1475__initcall(sysctl_ipv4_init);