projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sysctl: Pass useful parameters to sysctl permissions
[deliverable/linux.git] / net / ipv4 / sysctl_net_ipv4.c
CommitLineData
1da177e4
LT		 1/*
2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
3 *
1da177e4
LT		 4 * Begun April 1, 1996, Mike Shaver.
5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
6 */
7
8#include <linux/mm.h>
9#include <linux/module.h>
10#include <linux/sysctl.h>
20380731 11#include <linux/igmp.h>
14c85021 12#include <linux/inetdevice.h>
227b60f5 13#include <linux/seqlock.h>
3e37c3f9 14#include <linux/init.h>
5a0e3ad6 15#include <linux/slab.h>
c319b4d7 16#include <linux/nsproxy.h>
3dc43e3e 17#include <linux/swap.h>
1da177e4 18#include <net/snmp.h>
20380731 19#include <net/icmp.h>
1da177e4
LT		 20#include <net/ip.h>
21#include <net/route.h>
22#include <net/tcp.h>
95766fff 23#include <net/udp.h>
446fda4f 24#include <net/cipso_ipv4.h>
04128f23 25#include <net/inet_frag.h>
c319b4d7 26#include <net/ping.h>
3aaabe23 27#include <net/tcp_memcontrol.h>
1da177e4 28
89cee8b1 29static int zero;
eed530b6 30static int two = 2;
e905a9ed 31static int tcp_retr1_max = 255;
1da177e4
LT		 32static int ip_local_port_range_min[] = { 1, 1 };
33static int ip_local_port_range_max[] = { 65535, 65535 };
0147fc05
AD		 34static int tcp_adv_win_scale_min = -31;
35static int tcp_adv_win_scale_max = 31;
249fab77
ED		 36static int ip_ttl_min = 1;
37static int ip_ttl_max = 255;
c319b4d7
VK		 38static int ip_ping_group_range_min[] = { 0, 0 };
39static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
1da177e4 40
227b60f5
SH		 41/* Update system visible IP port range */
42static void set_local_port_range(int range[2])
43{
3c689b73
ED		 44 write_seqlock(&sysctl_local_ports.lock);
45 sysctl_local_ports.range[0] = range[0];
46 sysctl_local_ports.range[1] = range[1];
47 write_sequnlock(&sysctl_local_ports.lock);
227b60f5
SH		 48}
49
50/* Validate changes from /proc interface. */
8d65af78 51static int ipv4_local_port_range(ctl_table *table, int write,
227b60f5
SH		 52 void __user *buffer,
53 size_t *lenp, loff_t *ppos)
54{
55 int ret;
3c689b73 56 int range[2];
227b60f5
SH		 57 ctl_table tmp = {
58 .data = &range,
59 .maxlen = sizeof(range),
60 .mode = table->mode,
61 .extra1 = &ip_local_port_range_min,
62 .extra2 = &ip_local_port_range_max,
63 };
64
3c689b73 65 inet_get_local_port_range(range, range + 1);
8d65af78 66 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
227b60f5
SH		 67
68 if (write && ret == 0) {
a25de534 69 if (range[1] < range[0])
227b60f5
SH		 70 ret = -EINVAL;
71 else
72 set_local_port_range(range);
73 }
74
75 return ret;
76}
77
c319b4d7 78
7064d16e 79static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
c319b4d7 80{
7064d16e 81 kgid_t *data = table->data;
95c96174 82 unsigned int seq;
c319b4d7
VK		 83 do {
84 seq = read_seqbegin(&sysctl_local_ports.lock);
85
86 *low = data[0];
87 *high = data[1];
88 } while (read_seqretry(&sysctl_local_ports.lock, seq));
89}
90
91/* Update system visible IP port range */
7064d16e 92static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
c319b4d7 93{
7064d16e 94 kgid_t *data = table->data;
c319b4d7 95 write_seqlock(&sysctl_local_ports.lock);
7064d16e
EB		 96 data[0] = low;
97 data[1] = high;
c319b4d7
VK		 98 write_sequnlock(&sysctl_local_ports.lock);
99}
100
101/* Validate changes from /proc interface. */
102static int ipv4_ping_group_range(ctl_table *table, int write,
103 void __user *buffer,
104 size_t *lenp, loff_t *ppos)
105{
7064d16e 106 struct user_namespace *user_ns = current_user_ns();
c319b4d7 107 int ret;
7064d16e
EB		 108 gid_t urange[2];
109 kgid_t low, high;
c319b4d7 110 ctl_table tmp = {
7064d16e
EB		 111 .data = &urange,
112 .maxlen = sizeof(urange),
c319b4d7
VK		 113 .mode = table->mode,
114 .extra1 = &ip_ping_group_range_min,
115 .extra2 = &ip_ping_group_range_max,
116 };
117
7064d16e
EB		 118 inet_get_ping_group_range_table(table, &low, &high);
119 urange[0] = from_kgid_munged(user_ns, low);
120 urange[1] = from_kgid_munged(user_ns, high);
c319b4d7
VK		 121 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
122
7064d16e
EB		 123 if (write && ret == 0) {
124 low = make_kgid(user_ns, urange[0]);
125 high = make_kgid(user_ns, urange[1]);
126 if (!gid_valid(low) || !gid_valid(high) ||
127 (urange[1] < urange[0]) || gid_lt(high, low)) {
128 low = make_kgid(&init_user_ns, 1);
129 high = make_kgid(&init_user_ns, 0);
130 }
131 set_ping_group_range(table, low, high);
132 }
c319b4d7
VK		 133
134 return ret;
135}
136
8d65af78 137static int proc_tcp_congestion_control(ctl_table *ctl, int write,
317a76f9
SH		 138 void __user *buffer, size_t *lenp, loff_t *ppos)
139{
140 char val[TCP_CA_NAME_MAX];
141 ctl_table tbl = {
142 .data = val,
143 .maxlen = TCP_CA_NAME_MAX,
144 };
145 int ret;
146
147 tcp_get_default_congestion_control(val);
148
8d65af78 149 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
317a76f9
SH		 150 if (write && ret == 0)
151 ret = tcp_set_default_congestion_control(val);
152 return ret;
153}
154
3ff825b2 155static int proc_tcp_available_congestion_control(ctl_table *ctl,
8d65af78 156 int write,
3ff825b2
SH		 157 void __user *buffer, size_t *lenp,
158 loff_t *ppos)
159{
160 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
161 int ret;
162
163 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
164 if (!tbl.data)
165 return -ENOMEM;
166 tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
8d65af78 167 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
3ff825b2
SH		 168 kfree(tbl.data);
169 return ret;
170}
171
ce7bc3bf 172static int proc_allowed_congestion_control(ctl_table *ctl,
8d65af78 173 int write,
ce7bc3bf
SH		 174 void __user *buffer, size_t *lenp,
175 loff_t *ppos)
176{
177 ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
178 int ret;
179
180 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
181 if (!tbl.data)
182 return -ENOMEM;
183
184 tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
8d65af78 185 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
ce7bc3bf
SH		 186 if (write && ret == 0)
187 ret = tcp_set_allowed_congestion_control(tbl.data);
188 kfree(tbl.data);
189 return ret;
190}
191
3dc43e3e
GC		 192static int ipv4_tcp_mem(ctl_table *ctl, int write,
193 void __user *buffer, size_t *lenp,
194 loff_t *ppos)
195{
196 int ret;
197 unsigned long vec[3];
198 struct net *net = current->nsproxy->net_ns;
c255a458 199#ifdef CONFIG_MEMCG_KMEM
3aaabe23
GC		 200 struct mem_cgroup *memcg;
201#endif
3dc43e3e
GC		 202
203 ctl_table tmp = {
204 .data = &vec,
205 .maxlen = sizeof(vec),
206 .mode = ctl->mode,
207 };
208
209 if (!write) {
210 ctl->data = &net->ipv4.sysctl_tcp_mem;
211 return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
212 }
213
214 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
215 if (ret)
216 return ret;
217
c255a458 218#ifdef CONFIG_MEMCG_KMEM
3aaabe23
GC		 219 rcu_read_lock();
220 memcg = mem_cgroup_from_task(current);
221
222 tcp_prot_mem(memcg, vec[0], 0);
223 tcp_prot_mem(memcg, vec[1], 1);
224 tcp_prot_mem(memcg, vec[2], 2);
225 rcu_read_unlock();
226#endif
227
3dc43e3e
GC		 228 net->ipv4.sysctl_tcp_mem[0] = vec[0];
229 net->ipv4.sysctl_tcp_mem[1] = vec[1];
230 net->ipv4.sysctl_tcp_mem[2] = vec[2];
231
232 return 0;
233}
234
10467163
JC		 235int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
236 size_t *lenp, loff_t *ppos)
237{
238 ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
239 struct tcp_fastopen_context *ctxt;
240 int ret;
241 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
242
243 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
244 if (!tbl.data)
245 return -ENOMEM;
246
247 rcu_read_lock();
248 ctxt = rcu_dereference(tcp_fastopen_ctx);
249 if (ctxt)
250 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
0e24c4fc
AC		 251 else
252 memset(user_key, 0, sizeof(user_key));
10467163
JC		 253 rcu_read_unlock();
254
255 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
256 user_key[0], user_key[1], user_key[2], user_key[3]);
257 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
258
259 if (write && ret == 0) {
260 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
261 user_key + 2, user_key + 3) != 4) {
262 ret = -EINVAL;
263 goto bad_key;
264 }
265 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH);
266 }
267
268bad_key:
269 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
270 user_key[0], user_key[1], user_key[2], user_key[3],
271 (char *)tbl.data, ret);
272 kfree(tbl.data);
273 return ret;
274}
275
3e37c3f9 276static struct ctl_table ipv4_table[] = {
e905a9ed 277 {
1da177e4
LT		 278 .procname = "tcp_timestamps",
279 .data = &sysctl_tcp_timestamps,
280 .maxlen = sizeof(int),
281 .mode = 0644,
6d9f239a 282 .proc_handler = proc_dointvec
1da177e4 283 },
e905a9ed 284 {
1da177e4
LT		 285 .procname = "tcp_window_scaling",
286 .data = &sysctl_tcp_window_scaling,
287 .maxlen = sizeof(int),
288 .mode = 0644,
6d9f239a 289 .proc_handler = proc_dointvec
1da177e4 290 },
e905a9ed 291 {
1da177e4
LT		 292 .procname = "tcp_sack",
293 .data = &sysctl_tcp_sack,
294 .maxlen = sizeof(int),
295 .mode = 0644,
6d9f239a 296 .proc_handler = proc_dointvec
1da177e4 297 },
e905a9ed 298 {
1da177e4
LT		 299 .procname = "tcp_retrans_collapse",
300 .data = &sysctl_tcp_retrans_collapse,
301 .maxlen = sizeof(int),
302 .mode = 0644,
6d9f239a 303 .proc_handler = proc_dointvec
1da177e4 304 },
e905a9ed 305 {
1da177e4 306 .procname = "ip_default_ttl",
e905a9ed 307 .data = &sysctl_ip_default_ttl,
1da177e4
LT		 308 .maxlen = sizeof(int),
309 .mode = 0644,
249fab77
ED		 310 .proc_handler = proc_dointvec_minmax,
311 .extra1 = &ip_ttl_min,
312 .extra2 = &ip_ttl_max,
1da177e4 313 },
e905a9ed 314 {
1da177e4
LT		 315 .procname = "ip_no_pmtu_disc",
316 .data = &ipv4_config.no_pmtu_disc,
317 .maxlen = sizeof(int),
318 .mode = 0644,
6d9f239a 319 .proc_handler = proc_dointvec
1da177e4
LT		 320 },
321 {
1da177e4
LT		 322 .procname = "ip_nonlocal_bind",
323 .data = &sysctl_ip_nonlocal_bind,
324 .maxlen = sizeof(int),
325 .mode = 0644,
6d9f239a 326 .proc_handler = proc_dointvec
1da177e4
LT		 327 },
328 {
1da177e4
LT		 329 .procname = "tcp_syn_retries",
330 .data = &sysctl_tcp_syn_retries,
331 .maxlen = sizeof(int),
332 .mode = 0644,
6d9f239a 333 .proc_handler = proc_dointvec
1da177e4
LT		 334 },
335 {
1da177e4
LT		 336 .procname = "tcp_synack_retries",
337 .data = &sysctl_tcp_synack_retries,
338 .maxlen = sizeof(int),
339 .mode = 0644,
6d9f239a 340 .proc_handler = proc_dointvec
1da177e4
LT		 341 },
342 {
1da177e4
LT		 343 .procname = "tcp_max_orphans",
344 .data = &sysctl_tcp_max_orphans,
345 .maxlen = sizeof(int),
346 .mode = 0644,
6d9f239a 347 .proc_handler = proc_dointvec
1da177e4
LT		 348 },
349 {
1da177e4 350 .procname = "tcp_max_tw_buckets",
295ff7ed 351 .data = &tcp_death_row.sysctl_max_tw_buckets,
1da177e4
LT		 352 .maxlen = sizeof(int),
353 .mode = 0644,
6d9f239a 354 .proc_handler = proc_dointvec
1da177e4 355 },
6648bd7e
AD		 356 {
357 .procname = "ip_early_demux",
358 .data = &sysctl_ip_early_demux,
359 .maxlen = sizeof(int),
360 .mode = 0644,
361 .proc_handler = proc_dointvec
362 },
1da177e4 363 {
1da177e4
LT		 364 .procname = "ip_dynaddr",
365 .data = &sysctl_ip_dynaddr,
366 .maxlen = sizeof(int),
367 .mode = 0644,
6d9f239a 368 .proc_handler = proc_dointvec
1da177e4 369 },
1da177e4 370 {
1da177e4
LT		 371 .procname = "tcp_keepalive_time",
372 .data = &sysctl_tcp_keepalive_time,
373 .maxlen = sizeof(int),
374 .mode = 0644,
6d9f239a 375 .proc_handler = proc_dointvec_jiffies,
1da177e4
LT		 376 },
377 {
1da177e4
LT		 378 .procname = "tcp_keepalive_probes",
379 .data = &sysctl_tcp_keepalive_probes,
380 .maxlen = sizeof(int),
381 .mode = 0644,
6d9f239a 382 .proc_handler = proc_dointvec
1da177e4
LT		 383 },
384 {
1da177e4
LT		 385 .procname = "tcp_keepalive_intvl",
386 .data = &sysctl_tcp_keepalive_intvl,
387 .maxlen = sizeof(int),
388 .mode = 0644,
6d9f239a 389 .proc_handler = proc_dointvec_jiffies,
1da177e4
LT		 390 },
391 {
1da177e4
LT		 392 .procname = "tcp_retries1",
393 .data = &sysctl_tcp_retries1,
394 .maxlen = sizeof(int),
395 .mode = 0644,
6d9f239a 396 .proc_handler = proc_dointvec_minmax,
1da177e4
LT		 397 .extra2 = &tcp_retr1_max
398 },
399 {
1da177e4
LT		 400 .procname = "tcp_retries2",
401 .data = &sysctl_tcp_retries2,
402 .maxlen = sizeof(int),
403 .mode = 0644,
6d9f239a 404 .proc_handler = proc_dointvec
1da177e4
LT		 405 },
406 {
1da177e4
LT		 407 .procname = "tcp_fin_timeout",
408 .data = &sysctl_tcp_fin_timeout,
409 .maxlen = sizeof(int),
410 .mode = 0644,
6d9f239a 411 .proc_handler = proc_dointvec_jiffies,
1da177e4
LT		 412 },
413#ifdef CONFIG_SYN_COOKIES
414 {
1da177e4
LT		 415 .procname = "tcp_syncookies",
416 .data = &sysctl_tcp_syncookies,
417 .maxlen = sizeof(int),
418 .mode = 0644,
6d9f239a 419 .proc_handler = proc_dointvec
1da177e4
LT		 420 },
421#endif
2100c8d2
YC		 422 {
423 .procname = "tcp_fastopen",
424 .data = &sysctl_tcp_fastopen,
425 .maxlen = sizeof(int),
426 .mode = 0644,
427 .proc_handler = proc_dointvec,
428 },
10467163
JC		 429 {
430 .procname = "tcp_fastopen_key",
431 .mode = 0600,
432 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
433 .proc_handler = proc_tcp_fastopen_key,
434 },
1da177e4 435 {
1da177e4 436 .procname = "tcp_tw_recycle",
295ff7ed 437 .data = &tcp_death_row.sysctl_tw_recycle,
1da177e4
LT		 438 .maxlen = sizeof(int),
439 .mode = 0644,
6d9f239a 440 .proc_handler = proc_dointvec
1da177e4
LT		 441 },
442 {
1da177e4
LT		 443 .procname = "tcp_abort_on_overflow",
444 .data = &sysctl_tcp_abort_on_overflow,
445 .maxlen = sizeof(int),
446 .mode = 0644,
6d9f239a 447 .proc_handler = proc_dointvec
1da177e4
LT		 448 },
449 {
1da177e4
LT		 450 .procname = "tcp_stdurg",
451 .data = &sysctl_tcp_stdurg,
452 .maxlen = sizeof(int),
453 .mode = 0644,
6d9f239a 454 .proc_handler = proc_dointvec
1da177e4
LT		 455 },
456 {
1da177e4
LT		 457 .procname = "tcp_rfc1337",
458 .data = &sysctl_tcp_rfc1337,
459 .maxlen = sizeof(int),
460 .mode = 0644,
6d9f239a 461 .proc_handler = proc_dointvec
1da177e4
LT		 462 },
463 {
1da177e4
LT		 464 .procname = "tcp_max_syn_backlog",
465 .data = &sysctl_max_syn_backlog,
466 .maxlen = sizeof(int),
467 .mode = 0644,
6d9f239a 468 .proc_handler = proc_dointvec
1da177e4
LT		 469 },
470 {
1da177e4 471 .procname = "ip_local_port_range",
3c689b73
ED		 472 .data = &sysctl_local_ports.range,
473 .maxlen = sizeof(sysctl_local_ports.range),
1da177e4 474 .mode = 0644,
6d9f239a 475 .proc_handler = ipv4_local_port_range,
1da177e4 476 },
e3826f1e
AW		 477 {
478 .procname = "ip_local_reserved_ports",
479 .data = NULL, /* initialized in sysctl_ipv4_init */
480 .maxlen = 65536,
481 .mode = 0644,
482 .proc_handler = proc_do_large_bitmap,
483 },
1da177e4 484 {
1da177e4
LT		 485 .procname = "igmp_max_memberships",
486 .data = &sysctl_igmp_max_memberships,
487 .maxlen = sizeof(int),
488 .mode = 0644,
6d9f239a 489 .proc_handler = proc_dointvec
1da177e4 490 },
1da177e4 491 {
1da177e4
LT		 492 .procname = "igmp_max_msf",
493 .data = &sysctl_igmp_max_msf,
494 .maxlen = sizeof(int),
495 .mode = 0644,
6d9f239a 496 .proc_handler = proc_dointvec
1da177e4
LT		 497 },
498 {
1da177e4
LT		 499 .procname = "inet_peer_threshold",
500 .data = &inet_peer_threshold,
501 .maxlen = sizeof(int),
502 .mode = 0644,
6d9f239a 503 .proc_handler = proc_dointvec
1da177e4
LT		 504 },
505 {
1da177e4
LT		 506 .procname = "inet_peer_minttl",
507 .data = &inet_peer_minttl,
508 .maxlen = sizeof(int),
509 .mode = 0644,
6d9f239a 510 .proc_handler = proc_dointvec_jiffies,
1da177e4
LT		 511 },
512 {
1da177e4
LT		 513 .procname = "inet_peer_maxttl",
514 .data = &inet_peer_maxttl,
515 .maxlen = sizeof(int),
516 .mode = 0644,
6d9f239a 517 .proc_handler = proc_dointvec_jiffies,
1da177e4 518 },
1da177e4 519 {
1da177e4
LT		 520 .procname = "tcp_orphan_retries",
521 .data = &sysctl_tcp_orphan_retries,
522 .maxlen = sizeof(int),
523 .mode = 0644,
6d9f239a 524 .proc_handler = proc_dointvec
1da177e4
LT		 525 },
526 {
1da177e4
LT		 527 .procname = "tcp_fack",
528 .data = &sysctl_tcp_fack,
529 .maxlen = sizeof(int),
530 .mode = 0644,
6d9f239a 531 .proc_handler = proc_dointvec
1da177e4
LT		 532 },
533 {
1da177e4
LT		 534 .procname = "tcp_reordering",
535 .data = &sysctl_tcp_reordering,
536 .maxlen = sizeof(int),
537 .mode = 0644,
6d9f239a 538 .proc_handler = proc_dointvec
1da177e4
LT		 539 },
540 {
1da177e4
LT		 541 .procname = "tcp_ecn",
542 .data = &sysctl_tcp_ecn,
543 .maxlen = sizeof(int),
544 .mode = 0644,
6d9f239a 545 .proc_handler = proc_dointvec
1da177e4
LT		 546 },
547 {
1da177e4
LT		 548 .procname = "tcp_dsack",
549 .data = &sysctl_tcp_dsack,
550 .maxlen = sizeof(int),
551 .mode = 0644,
6d9f239a 552 .proc_handler = proc_dointvec
1da177e4 553 },
1da177e4 554 {
1da177e4
LT		 555 .procname = "tcp_wmem",
556 .data = &sysctl_tcp_wmem,
557 .maxlen = sizeof(sysctl_tcp_wmem),
558 .mode = 0644,
6d9f239a 559 .proc_handler = proc_dointvec
1da177e4
LT		 560 },
561 {
1da177e4
LT		 562 .procname = "tcp_rmem",
563 .data = &sysctl_tcp_rmem,
564 .maxlen = sizeof(sysctl_tcp_rmem),
565 .mode = 0644,
6d9f239a 566 .proc_handler = proc_dointvec
1da177e4
LT		 567 },
568 {
1da177e4
LT		 569 .procname = "tcp_app_win",
570 .data = &sysctl_tcp_app_win,
571 .maxlen = sizeof(int),
572 .mode = 0644,
6d9f239a 573 .proc_handler = proc_dointvec
1da177e4
LT		 574 },
575 {
1da177e4
LT		 576 .procname = "tcp_adv_win_scale",
577 .data = &sysctl_tcp_adv_win_scale,
578 .maxlen = sizeof(int),
579 .mode = 0644,
0147fc05
AD		 580 .proc_handler = proc_dointvec_minmax,
581 .extra1 = &tcp_adv_win_scale_min,
582 .extra2 = &tcp_adv_win_scale_max,
1da177e4 583 },
1da177e4 584 {
1da177e4
LT		 585 .procname = "tcp_tw_reuse",
586 .data = &sysctl_tcp_tw_reuse,
587 .maxlen = sizeof(int),
588 .mode = 0644,
6d9f239a 589 .proc_handler = proc_dointvec
1da177e4
LT		 590 },
591 {
1da177e4
LT		 592 .procname = "tcp_frto",
593 .data = &sysctl_tcp_frto,
594 .maxlen = sizeof(int),
595 .mode = 0644,
6d9f239a 596 .proc_handler = proc_dointvec
1da177e4 597 },
3cfe3baa 598 {
3cfe3baa
IJ		 599 .procname = "tcp_frto_response",
600 .data = &sysctl_tcp_frto_response,
601 .maxlen = sizeof(int),
602 .mode = 0644,
6d9f239a 603 .proc_handler = proc_dointvec
3cfe3baa 604 },
1da177e4 605 {
1da177e4
LT		 606 .procname = "tcp_low_latency",
607 .data = &sysctl_tcp_low_latency,
608 .maxlen = sizeof(int),
609 .mode = 0644,
6d9f239a 610 .proc_handler = proc_dointvec
1da177e4 611 },
1da177e4 612 {
1da177e4
LT		 613 .procname = "tcp_no_metrics_save",
614 .data = &sysctl_tcp_nometrics_save,
615 .maxlen = sizeof(int),
616 .mode = 0644,
6d9f239a 617 .proc_handler = proc_dointvec,
1da177e4 618 },
1da177e4 619 {
1da177e4
LT		 620 .procname = "tcp_moderate_rcvbuf",
621 .data = &sysctl_tcp_moderate_rcvbuf,
622 .maxlen = sizeof(int),
623 .mode = 0644,
6d9f239a 624 .proc_handler = proc_dointvec,
1da177e4
LT		 625 },
626 {
1da177e4
LT		 627 .procname = "tcp_tso_win_divisor",
628 .data = &sysctl_tcp_tso_win_divisor,
629 .maxlen = sizeof(int),
630 .mode = 0644,
6d9f239a 631 .proc_handler = proc_dointvec,
1da177e4
LT		 632 },
633 {
317a76f9 634 .procname = "tcp_congestion_control",
1da177e4 635 .mode = 0644,
317a76f9 636 .maxlen = TCP_CA_NAME_MAX,
6d9f239a 637 .proc_handler = proc_tcp_congestion_control,
1da177e4 638 },
9772efb9 639 {
9772efb9
SH		 640 .procname = "tcp_abc",
641 .data = &sysctl_tcp_abc,
642 .maxlen = sizeof(int),
643 .mode = 0644,
6d9f239a 644 .proc_handler = proc_dointvec,
9772efb9 645 },
5d424d5a 646 {
5d424d5a
JH		 647 .procname = "tcp_mtu_probing",
648 .data = &sysctl_tcp_mtu_probing,
649 .maxlen = sizeof(int),
650 .mode = 0644,
6d9f239a 651 .proc_handler = proc_dointvec,
5d424d5a
JH		 652 },
653 {
5d424d5a
JH		 654 .procname = "tcp_base_mss",
655 .data = &sysctl_tcp_base_mss,
656 .maxlen = sizeof(int),
657 .mode = 0644,
6d9f239a 658 .proc_handler = proc_dointvec,
5d424d5a 659 },
e905a9ed 660 {
15d99e02
RJ		 661 .procname = "tcp_workaround_signed_windows",
662 .data = &sysctl_tcp_workaround_signed_windows,
663 .maxlen = sizeof(int),
664 .mode = 0644,
6d9f239a 665 .proc_handler = proc_dointvec
15d99e02 666 },
46d3ceab
ED		 667 {
668 .procname = "tcp_limit_output_bytes",
669 .data = &sysctl_tcp_limit_output_bytes,
670 .maxlen = sizeof(int),
671 .mode = 0644,
672 .proc_handler = proc_dointvec
673 },
282f23c6
ED		 674 {
675 .procname = "tcp_challenge_ack_limit",
676 .data = &sysctl_tcp_challenge_ack_limit,
677 .maxlen = sizeof(int),
678 .mode = 0644,
679 .proc_handler = proc_dointvec
680 },
95937825
CL		 681#ifdef CONFIG_NET_DMA
682 {
95937825
CL		 683 .procname = "tcp_dma_copybreak",
684 .data = &sysctl_tcp_dma_copybreak,
685 .maxlen = sizeof(int),
686 .mode = 0644,
6d9f239a 687 .proc_handler = proc_dointvec
95937825
CL		 688 },
689#endif
35089bb2 690 {
35089bb2
DM		 691 .procname = "tcp_slow_start_after_idle",
692 .data = &sysctl_tcp_slow_start_after_idle,
693 .maxlen = sizeof(int),
694 .mode = 0644,
6d9f239a 695 .proc_handler = proc_dointvec
35089bb2 696 },
446fda4f
PM		 697#ifdef CONFIG_NETLABEL
698 {
446fda4f
PM		 699 .procname = "cipso_cache_enable",
700 .data = &cipso_v4_cache_enabled,
701 .maxlen = sizeof(int),
702 .mode = 0644,
6d9f239a 703 .proc_handler = proc_dointvec,
446fda4f
PM		 704 },
705 {
446fda4f
PM		 706 .procname = "cipso_cache_bucket_size",
707 .data = &cipso_v4_cache_bucketsize,
708 .maxlen = sizeof(int),
709 .mode = 0644,
6d9f239a 710 .proc_handler = proc_dointvec,
446fda4f
PM		 711 },
712 {
446fda4f
PM		 713 .procname = "cipso_rbm_optfmt",
714 .data = &cipso_v4_rbm_optfmt,
715 .maxlen = sizeof(int),
716 .mode = 0644,
6d9f239a 717 .proc_handler = proc_dointvec,
446fda4f
PM		 718 },
719 {
446fda4f
PM		 720 .procname = "cipso_rbm_strictvalid",
721 .data = &cipso_v4_rbm_strictvalid,
722 .maxlen = sizeof(int),
723 .mode = 0644,
6d9f239a 724 .proc_handler = proc_dointvec,
446fda4f
PM		 725 },
726#endif /* CONFIG_NETLABEL */
3ff825b2 727 {
3ff825b2
SH		 728 .procname = "tcp_available_congestion_control",
729 .maxlen = TCP_CA_BUF_MAX,
730 .mode = 0444,
6d9f239a 731 .proc_handler = proc_tcp_available_congestion_control,
3ff825b2 732 },
ce7bc3bf 733 {
ce7bc3bf
SH		 734 .procname = "tcp_allowed_congestion_control",
735 .maxlen = TCP_CA_BUF_MAX,
736 .mode = 0644,
6d9f239a 737 .proc_handler = proc_allowed_congestion_control,
ce7bc3bf 738 },
886236c1 739 {
886236c1
JH		 740 .procname = "tcp_max_ssthresh",
741 .data = &sysctl_tcp_max_ssthresh,
742 .maxlen = sizeof(int),
743 .mode = 0644,
6d9f239a 744 .proc_handler = proc_dointvec,
886236c1 745 },
519855c5 746 {
519855c5
WAS		 747 .procname = "tcp_cookie_size",
748 .data = &sysctl_tcp_cookie_size,
749 .maxlen = sizeof(int),
750 .mode = 0644,
751 .proc_handler = proc_dointvec
752 },
36e31b0a
AP		 753 {
754 .procname = "tcp_thin_linear_timeouts",
755 .data = &sysctl_tcp_thin_linear_timeouts,
756 .maxlen = sizeof(int),
757 .mode = 0644,
758 .proc_handler = proc_dointvec
759 },
7e380175
AP		 760 {
761 .procname = "tcp_thin_dupack",
762 .data = &sysctl_tcp_thin_dupack,
763 .maxlen = sizeof(int),
764 .mode = 0644,
765 .proc_handler = proc_dointvec
766 },
eed530b6
YC		 767 {
768 .procname = "tcp_early_retrans",
769 .data = &sysctl_tcp_early_retrans,
770 .maxlen = sizeof(int),
771 .mode = 0644,
772 .proc_handler = proc_dointvec_minmax,
773 .extra1 = &zero,
774 .extra2 = &two,
775 },
95766fff 776 {
95766fff
HA		 777 .procname = "udp_mem",
778 .data = &sysctl_udp_mem,
779 .maxlen = sizeof(sysctl_udp_mem),
780 .mode = 0644,
8d987e5c 781 .proc_handler = proc_doulongvec_minmax,
95766fff
HA		 782 },
783 {
95766fff
HA		 784 .procname = "udp_rmem_min",
785 .data = &sysctl_udp_rmem_min,
786 .maxlen = sizeof(sysctl_udp_rmem_min),
787 .mode = 0644,
6d9f239a 788 .proc_handler = proc_dointvec_minmax,
95766fff
HA		 789 .extra1 = &zero
790 },
791 {
95766fff
HA		 792 .procname = "udp_wmem_min",
793 .data = &sysctl_udp_wmem_min,
794 .maxlen = sizeof(sysctl_udp_wmem_min),
795 .mode = 0644,
6d9f239a 796 .proc_handler = proc_dointvec_minmax,
95766fff
HA		 797 .extra1 = &zero
798 },
f8572d8f 799 { }
1da177e4 800};
3e37c3f9 801
68528f09
PE		 802static struct ctl_table ipv4_net_table[] = {
803 {
68528f09
PE		 804 .procname = "icmp_echo_ignore_all",
805 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
806 .maxlen = sizeof(int),
807 .mode = 0644,
6d9f239a 808 .proc_handler = proc_dointvec
68528f09
PE		 809 },
810 {
68528f09
PE		 811 .procname = "icmp_echo_ignore_broadcasts",
812 .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
813 .maxlen = sizeof(int),
814 .mode = 0644,
6d9f239a 815 .proc_handler = proc_dointvec
68528f09
PE		 816 },
817 {
68528f09
PE		 818 .procname = "icmp_ignore_bogus_error_responses",
819 .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
820 .maxlen = sizeof(int),
821 .mode = 0644,
6d9f239a 822 .proc_handler = proc_dointvec
68528f09
PE		 823 },
824 {
68528f09
PE		 825 .procname = "icmp_errors_use_inbound_ifaddr",
826 .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
827 .maxlen = sizeof(int),
828 .mode = 0644,
6d9f239a 829 .proc_handler = proc_dointvec
68528f09
PE		 830 },
831 {
68528f09
PE		 832 .procname = "icmp_ratelimit",
833 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
834 .maxlen = sizeof(int),
835 .mode = 0644,
6d9f239a 836 .proc_handler = proc_dointvec_ms_jiffies,
68528f09
PE		 837 },
838 {
68528f09
PE		 839 .procname = "icmp_ratemask",
840 .data = &init_net.ipv4.sysctl_icmp_ratemask,
841 .maxlen = sizeof(int),
842 .mode = 0644,
6d9f239a 843 .proc_handler = proc_dointvec
68528f09 844 },
c319b4d7
VK		 845 {
846 .procname = "ping_group_range",
847 .data = &init_net.ipv4.sysctl_ping_group_range,
7064d16e 848 .maxlen = sizeof(gid_t)*2,
c319b4d7
VK		 849 .mode = 0644,
850 .proc_handler = ipv4_ping_group_range,
851 },
3dc43e3e
GC		 852 {
853 .procname = "tcp_mem",
854 .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem),
855 .mode = 0644,
856 .proc_handler = ipv4_tcp_mem,
857 },
68528f09
PE		 858 { }
859};
860
1577519d
PE		 861static __net_init int ipv4_sysctl_init_net(struct net *net)
862{
68528f09
PE		 863 struct ctl_table *table;
864
865 table = ipv4_net_table;
09ad9bc7 866 if (!net_eq(net, &init_net)) {
68528f09
PE		 867 table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
868 if (table == NULL)
869 goto err_alloc;
870
871 table[0].data =
872 &net->ipv4.sysctl_icmp_echo_ignore_all;
873 table[1].data =
874 &net->ipv4.sysctl_icmp_echo_ignore_broadcasts;
875 table[2].data =
876 &net->ipv4.sysctl_icmp_ignore_bogus_error_responses;
877 table[3].data =
878 &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr;
879 table[4].data =
880 &net->ipv4.sysctl_icmp_ratelimit;
881 table[5].data =
882 &net->ipv4.sysctl_icmp_ratemask;
1080d709 883 table[6].data =
c319b4d7
VK		 884 &net->ipv4.sysctl_ping_group_range;
885
68528f09
PE		 886 }
887
c319b4d7
VK		 888 /*
889 * Sane defaults - nobody may create ping sockets.
890 * Boot scripts should set this to distro-specific group.
891 */
7064d16e
EB		 892 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1);
893 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0);
c319b4d7 894
4acb4190 895 tcp_init_mem(net);
3dc43e3e 896
ec8f23ce 897 net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
68528f09
PE		 898 if (net->ipv4.ipv4_hdr == NULL)
899 goto err_reg;
900
1577519d 901 return 0;
68528f09
PE		 902
903err_reg:
09ad9bc7 904 if (!net_eq(net, &init_net))
68528f09
PE		 905 kfree(table);
906err_alloc:
907 return -ENOMEM;
1577519d
PE		 908}
909
910static __net_exit void ipv4_sysctl_exit_net(struct net *net)
911{
68528f09
PE		 912 struct ctl_table *table;
913
914 table = net->ipv4.ipv4_hdr->ctl_table_arg;
915 unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
916 kfree(table);
1577519d
PE		 917}
918
919static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
920 .init = ipv4_sysctl_init_net,
921 .exit = ipv4_sysctl_exit_net,
922};
923
3e37c3f9
PE		 924static __init int sysctl_ipv4_init(void)
925{
926 struct ctl_table_header *hdr;
e3826f1e
AW		 927 struct ctl_table *i;
928
929 for (i = ipv4_table; i->procname; i++) {
930 if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
931 i->data = sysctl_local_reserved_ports;
932 break;
933 }
934 }
935 if (!i->procname)
936 return -EINVAL;
3e37c3f9 937
ec8f23ce 938 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1577519d
PE		 939 if (hdr == NULL)
940 return -ENOMEM;
941
942 if (register_pernet_subsys(&ipv4_sysctl_ops)) {
5dd3df10 943 unregister_net_sysctl_table(hdr);
1577519d
PE		 944 return -ENOMEM;
945 }
946
947 return 0;
3e37c3f9
PE		 948}
949
950__initcall(sysctl_ipv4_init);
Linux kernel - Deliverables
This page took 1.66082 seconds and 5 git commands to generate.