linux/net/ipv4/sysctl_net_ipv4.c
<<
>>
Prefs
   1/*
   2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
   3 *
   4 * Begun April 1, 1996, Mike Shaver.
   5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
   6 */
   7
   8#include <linux/mm.h>
   9#include <linux/module.h>
  10#include <linux/sysctl.h>
  11#include <linux/igmp.h>
  12#include <linux/inetdevice.h>
  13#include <linux/seqlock.h>
  14#include <linux/init.h>
  15#include <linux/slab.h>
  16#include <linux/nsproxy.h>
  17#include <linux/swap.h>
  18#include <net/snmp.h>
  19#include <net/icmp.h>
  20#include <net/ip.h>
  21#include <net/route.h>
  22#include <net/tcp.h>
  23#include <net/udp.h>
  24#include <net/cipso_ipv4.h>
  25#include <net/inet_frag.h>
  26#include <net/ping.h>
  27#include <net/tcp_memcontrol.h>
  28
  29static int zero;
  30static int two = 2;
  31static int tcp_retr1_max = 255;
  32static int ip_local_port_range_min[] = { 1, 1 };
  33static int ip_local_port_range_max[] = { 65535, 65535 };
  34static int tcp_adv_win_scale_min = -31;
  35static int tcp_adv_win_scale_max = 31;
  36static int ip_ttl_min = 1;
  37static int ip_ttl_max = 255;
  38static int ip_ping_group_range_min[] = { 0, 0 };
  39static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
  40
  41/* Update system visible IP port range */
  42static void set_local_port_range(int range[2])
  43{
  44        write_seqlock(&sysctl_local_ports.lock);
  45        sysctl_local_ports.range[0] = range[0];
  46        sysctl_local_ports.range[1] = range[1];
  47        write_sequnlock(&sysctl_local_ports.lock);
  48}
  49
  50/* Validate changes from /proc interface. */
  51static int ipv4_local_port_range(ctl_table *table, int write,
  52                                 void __user *buffer,
  53                                 size_t *lenp, loff_t *ppos)
  54{
  55        int ret;
  56        int range[2];
  57        ctl_table tmp = {
  58                .data = &range,
  59                .maxlen = sizeof(range),
  60                .mode = table->mode,
  61                .extra1 = &ip_local_port_range_min,
  62                .extra2 = &ip_local_port_range_max,
  63        };
  64
  65        inet_get_local_port_range(range, range + 1);
  66        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
  67
  68        if (write && ret == 0) {
  69                if (range[1] < range[0])
  70                        ret = -EINVAL;
  71                else
  72                        set_local_port_range(range);
  73        }
  74
  75        return ret;
  76}
  77
  78
  79static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high)
  80{
  81        gid_t *data = table->data;
  82        unsigned int seq;
  83        do {
  84                seq = read_seqbegin(&sysctl_local_ports.lock);
  85
  86                *low = data[0];
  87                *high = data[1];
  88        } while (read_seqretry(&sysctl_local_ports.lock, seq));
  89}
  90
  91/* Update system visible IP port range */
  92static void set_ping_group_range(struct ctl_table *table, gid_t range[2])
  93{
  94        gid_t *data = table->data;
  95        write_seqlock(&sysctl_local_ports.lock);
  96        data[0] = range[0];
  97        data[1] = range[1];
  98        write_sequnlock(&sysctl_local_ports.lock);
  99}
 100
 101/* Validate changes from /proc interface. */
 102static int ipv4_ping_group_range(ctl_table *table, int write,
 103                                 void __user *buffer,
 104                                 size_t *lenp, loff_t *ppos)
 105{
 106        int ret;
 107        gid_t range[2];
 108        ctl_table tmp = {
 109                .data = &range,
 110                .maxlen = sizeof(range),
 111                .mode = table->mode,
 112                .extra1 = &ip_ping_group_range_min,
 113                .extra2 = &ip_ping_group_range_max,
 114        };
 115
 116        inet_get_ping_group_range_table(table, range, range + 1);
 117        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
 118
 119        if (write && ret == 0)
 120                set_ping_group_range(table, range);
 121
 122        return ret;
 123}
 124
 125static int proc_tcp_congestion_control(ctl_table *ctl, int write,
 126                                       void __user *buffer, size_t *lenp, loff_t *ppos)
 127{
 128        char val[TCP_CA_NAME_MAX];
 129        ctl_table tbl = {
 130                .data = val,
 131                .maxlen = TCP_CA_NAME_MAX,
 132        };
 133        int ret;
 134
 135        tcp_get_default_congestion_control(val);
 136
 137        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 138        if (write && ret == 0)
 139                ret = tcp_set_default_congestion_control(val);
 140        return ret;
 141}
 142
 143static int proc_tcp_available_congestion_control(ctl_table *ctl,
 144                                                 int write,
 145                                                 void __user *buffer, size_t *lenp,
 146                                                 loff_t *ppos)
 147{
 148        ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
 149        int ret;
 150
 151        tbl.data = kmalloc(tbl.maxlen, GFP_USER);
 152        if (!tbl.data)
 153                return -ENOMEM;
 154        tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
 155        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 156        kfree(tbl.data);
 157        return ret;
 158}
 159
 160static int proc_allowed_congestion_control(ctl_table *ctl,
 161                                           int write,
 162                                           void __user *buffer, size_t *lenp,
 163                                           loff_t *ppos)
 164{
 165        ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
 166        int ret;
 167
 168        tbl.data = kmalloc(tbl.maxlen, GFP_USER);
 169        if (!tbl.data)
 170                return -ENOMEM;
 171
 172        tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
 173        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 174        if (write && ret == 0)
 175                ret = tcp_set_allowed_congestion_control(tbl.data);
 176        kfree(tbl.data);
 177        return ret;
 178}
 179
 180static int ipv4_tcp_mem(ctl_table *ctl, int write,
 181                           void __user *buffer, size_t *lenp,
 182                           loff_t *ppos)
 183{
 184        int ret;
 185        unsigned long vec[3];
 186        struct net *net = current->nsproxy->net_ns;
 187#ifdef CONFIG_MEMCG_KMEM
 188        struct mem_cgroup *memcg;
 189#endif
 190
 191        ctl_table tmp = {
 192                .data = &vec,
 193                .maxlen = sizeof(vec),
 194                .mode = ctl->mode,
 195        };
 196
 197        if (!write) {
 198                ctl->data = &net->ipv4.sysctl_tcp_mem;
 199                return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
 200        }
 201
 202        ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
 203        if (ret)
 204                return ret;
 205
 206#ifdef CONFIG_MEMCG_KMEM
 207        rcu_read_lock();
 208        memcg = mem_cgroup_from_task(current);
 209
 210        tcp_prot_mem(memcg, vec[0], 0);
 211        tcp_prot_mem(memcg, vec[1], 1);
 212        tcp_prot_mem(memcg, vec[2], 2);
 213        rcu_read_unlock();
 214#endif
 215
 216        net->ipv4.sysctl_tcp_mem[0] = vec[0];
 217        net->ipv4.sysctl_tcp_mem[1] = vec[1];
 218        net->ipv4.sysctl_tcp_mem[2] = vec[2];
 219
 220        return 0;
 221}
 222
 223static struct ctl_table ipv4_table[] = {
 224        {
 225                .procname       = "tcp_timestamps",
 226                .data           = &sysctl_tcp_timestamps,
 227                .maxlen         = sizeof(int),
 228                .mode           = 0644,
 229                .proc_handler   = proc_dointvec
 230        },
 231        {
 232                .procname       = "tcp_window_scaling",
 233                .data           = &sysctl_tcp_window_scaling,
 234                .maxlen         = sizeof(int),
 235                .mode           = 0644,
 236                .proc_handler   = proc_dointvec
 237        },
 238        {
 239                .procname       = "tcp_sack",
 240                .data           = &sysctl_tcp_sack,
 241                .maxlen         = sizeof(int),
 242                .mode           = 0644,
 243                .proc_handler   = proc_dointvec
 244        },
 245        {
 246                .procname       = "tcp_retrans_collapse",
 247                .data           = &sysctl_tcp_retrans_collapse,
 248                .maxlen         = sizeof(int),
 249                .mode           = 0644,
 250                .proc_handler   = proc_dointvec
 251        },
 252        {
 253                .procname       = "ip_default_ttl",
 254                .data           = &sysctl_ip_default_ttl,
 255                .maxlen         = sizeof(int),
 256                .mode           = 0644,
 257                .proc_handler   = proc_dointvec_minmax,
 258                .extra1         = &ip_ttl_min,
 259                .extra2         = &ip_ttl_max,
 260        },
 261        {
 262                .procname       = "ip_no_pmtu_disc",
 263                .data           = &ipv4_config.no_pmtu_disc,
 264                .maxlen         = sizeof(int),
 265                .mode           = 0644,
 266                .proc_handler   = proc_dointvec
 267        },
 268        {
 269                .procname       = "ip_nonlocal_bind",
 270                .data           = &sysctl_ip_nonlocal_bind,
 271                .maxlen         = sizeof(int),
 272                .mode           = 0644,
 273                .proc_handler   = proc_dointvec
 274        },
 275        {
 276                .procname       = "tcp_syn_retries",
 277                .data           = &sysctl_tcp_syn_retries,
 278                .maxlen         = sizeof(int),
 279                .mode           = 0644,
 280                .proc_handler   = proc_dointvec
 281        },
 282        {
 283                .procname       = "tcp_synack_retries",
 284                .data           = &sysctl_tcp_synack_retries,
 285                .maxlen         = sizeof(int),
 286                .mode           = 0644,
 287                .proc_handler   = proc_dointvec
 288        },
 289        {
 290                .procname       = "tcp_max_orphans",
 291                .data           = &sysctl_tcp_max_orphans,
 292                .maxlen         = sizeof(int),
 293                .mode           = 0644,
 294                .proc_handler   = proc_dointvec
 295        },
 296        {
 297                .procname       = "tcp_max_tw_buckets",
 298                .data           = &tcp_death_row.sysctl_max_tw_buckets,
 299                .maxlen         = sizeof(int),
 300                .mode           = 0644,
 301                .proc_handler   = proc_dointvec
 302        },
 303        {
 304                .procname       = "ip_early_demux",
 305                .data           = &sysctl_ip_early_demux,
 306                .maxlen         = sizeof(int),
 307                .mode           = 0644,
 308                .proc_handler   = proc_dointvec
 309        },
 310        {
 311                .procname       = "ip_dynaddr",
 312                .data           = &sysctl_ip_dynaddr,
 313                .maxlen         = sizeof(int),
 314                .mode           = 0644,
 315                .proc_handler   = proc_dointvec
 316        },
 317        {
 318                .procname       = "tcp_keepalive_time",
 319                .data           = &sysctl_tcp_keepalive_time,
 320                .maxlen         = sizeof(int),
 321                .mode           = 0644,
 322                .proc_handler   = proc_dointvec_jiffies,
 323        },
 324        {
 325                .procname       = "tcp_keepalive_probes",
 326                .data           = &sysctl_tcp_keepalive_probes,
 327                .maxlen         = sizeof(int),
 328                .mode           = 0644,
 329                .proc_handler   = proc_dointvec
 330        },
 331        {
 332                .procname       = "tcp_keepalive_intvl",
 333                .data           = &sysctl_tcp_keepalive_intvl,
 334                .maxlen         = sizeof(int),
 335                .mode           = 0644,
 336                .proc_handler   = proc_dointvec_jiffies,
 337        },
 338        {
 339                .procname       = "tcp_retries1",
 340                .data           = &sysctl_tcp_retries1,
 341                .maxlen         = sizeof(int),
 342                .mode           = 0644,
 343                .proc_handler   = proc_dointvec_minmax,
 344                .extra2         = &tcp_retr1_max
 345        },
 346        {
 347                .procname       = "tcp_retries2",
 348                .data           = &sysctl_tcp_retries2,
 349                .maxlen         = sizeof(int),
 350                .mode           = 0644,
 351                .proc_handler   = proc_dointvec
 352        },
 353        {
 354                .procname       = "tcp_fin_timeout",
 355                .data           = &sysctl_tcp_fin_timeout,
 356                .maxlen         = sizeof(int),
 357                .mode           = 0644,
 358                .proc_handler   = proc_dointvec_jiffies,
 359        },
 360#ifdef CONFIG_SYN_COOKIES
 361        {
 362                .procname       = "tcp_syncookies",
 363                .data           = &sysctl_tcp_syncookies,
 364                .maxlen         = sizeof(int),
 365                .mode           = 0644,
 366                .proc_handler   = proc_dointvec
 367        },
 368#endif
 369        {
 370                .procname       = "tcp_fastopen",
 371                .data           = &sysctl_tcp_fastopen,
 372                .maxlen         = sizeof(int),
 373                .mode           = 0644,
 374                .proc_handler   = proc_dointvec,
 375        },
 376        {
 377                .procname       = "tcp_tw_recycle",
 378                .data           = &tcp_death_row.sysctl_tw_recycle,
 379                .maxlen         = sizeof(int),
 380                .mode           = 0644,
 381                .proc_handler   = proc_dointvec
 382        },
 383        {
 384                .procname       = "tcp_abort_on_overflow",
 385                .data           = &sysctl_tcp_abort_on_overflow,
 386                .maxlen         = sizeof(int),
 387                .mode           = 0644,
 388                .proc_handler   = proc_dointvec
 389        },
 390        {
 391                .procname       = "tcp_stdurg",
 392                .data           = &sysctl_tcp_stdurg,
 393                .maxlen         = sizeof(int),
 394                .mode           = 0644,
 395                .proc_handler   = proc_dointvec
 396        },
 397        {
 398                .procname       = "tcp_rfc1337",
 399                .data           = &sysctl_tcp_rfc1337,
 400                .maxlen         = sizeof(int),
 401                .mode           = 0644,
 402                .proc_handler   = proc_dointvec
 403        },
 404        {
 405                .procname       = "tcp_max_syn_backlog",
 406                .data           = &sysctl_max_syn_backlog,
 407                .maxlen         = sizeof(int),
 408                .mode           = 0644,
 409                .proc_handler   = proc_dointvec
 410        },
 411        {
 412                .procname       = "ip_local_port_range",
 413                .data           = &sysctl_local_ports.range,
 414                .maxlen         = sizeof(sysctl_local_ports.range),
 415                .mode           = 0644,
 416                .proc_handler   = ipv4_local_port_range,
 417        },
 418        {
 419                .procname       = "ip_local_reserved_ports",
 420                .data           = NULL, /* initialized in sysctl_ipv4_init */
 421                .maxlen         = 65536,
 422                .mode           = 0644,
 423                .proc_handler   = proc_do_large_bitmap,
 424        },
 425        {
 426                .procname       = "igmp_max_memberships",
 427                .data           = &sysctl_igmp_max_memberships,
 428                .maxlen         = sizeof(int),
 429                .mode           = 0644,
 430                .proc_handler   = proc_dointvec
 431        },
 432        {
 433                .procname       = "igmp_max_msf",
 434                .data           = &sysctl_igmp_max_msf,
 435                .maxlen         = sizeof(int),
 436                .mode           = 0644,
 437                .proc_handler   = proc_dointvec
 438        },
 439        {
 440                .procname       = "inet_peer_threshold",
 441                .data           = &inet_peer_threshold,
 442                .maxlen         = sizeof(int),
 443                .mode           = 0644,
 444                .proc_handler   = proc_dointvec
 445        },
 446        {
 447                .procname       = "inet_peer_minttl",
 448                .data           = &inet_peer_minttl,
 449                .maxlen         = sizeof(int),
 450                .mode           = 0644,
 451                .proc_handler   = proc_dointvec_jiffies,
 452        },
 453        {
 454                .procname       = "inet_peer_maxttl",
 455                .data           = &inet_peer_maxttl,
 456                .maxlen         = sizeof(int),
 457                .mode           = 0644,
 458                .proc_handler   = proc_dointvec_jiffies,
 459        },
 460        {
 461                .procname       = "tcp_orphan_retries",
 462                .data           = &sysctl_tcp_orphan_retries,
 463                .maxlen         = sizeof(int),
 464                .mode           = 0644,
 465                .proc_handler   = proc_dointvec
 466        },
 467        {
 468                .procname       = "tcp_fack",
 469                .data           = &sysctl_tcp_fack,
 470                .maxlen         = sizeof(int),
 471                .mode           = 0644,
 472                .proc_handler   = proc_dointvec
 473        },
 474        {
 475                .procname       = "tcp_reordering",
 476                .data           = &sysctl_tcp_reordering,
 477                .maxlen         = sizeof(int),
 478                .mode           = 0644,
 479                .proc_handler   = proc_dointvec
 480        },
 481        {
 482                .procname       = "tcp_ecn",
 483                .data           = &sysctl_tcp_ecn,
 484                .maxlen         = sizeof(int),
 485                .mode           = 0644,
 486                .proc_handler   = proc_dointvec
 487        },
 488        {
 489                .procname       = "tcp_dsack",
 490                .data           = &sysctl_tcp_dsack,
 491                .maxlen         = sizeof(int),
 492                .mode           = 0644,
 493                .proc_handler   = proc_dointvec
 494        },
 495        {
 496                .procname       = "tcp_wmem",
 497                .data           = &sysctl_tcp_wmem,
 498                .maxlen         = sizeof(sysctl_tcp_wmem),
 499                .mode           = 0644,
 500                .proc_handler   = proc_dointvec
 501        },
 502        {
 503                .procname       = "tcp_rmem",
 504                .data           = &sysctl_tcp_rmem,
 505                .maxlen         = sizeof(sysctl_tcp_rmem),
 506                .mode           = 0644,
 507                .proc_handler   = proc_dointvec
 508        },
 509        {
 510                .procname       = "tcp_app_win",
 511                .data           = &sysctl_tcp_app_win,
 512                .maxlen         = sizeof(int),
 513                .mode           = 0644,
 514                .proc_handler   = proc_dointvec
 515        },
 516        {
 517                .procname       = "tcp_adv_win_scale",
 518                .data           = &sysctl_tcp_adv_win_scale,
 519                .maxlen         = sizeof(int),
 520                .mode           = 0644,
 521                .proc_handler   = proc_dointvec_minmax,
 522                .extra1         = &tcp_adv_win_scale_min,
 523                .extra2         = &tcp_adv_win_scale_max,
 524        },
 525        {
 526                .procname       = "tcp_tw_reuse",
 527                .data           = &sysctl_tcp_tw_reuse,
 528                .maxlen         = sizeof(int),
 529                .mode           = 0644,
 530                .proc_handler   = proc_dointvec
 531        },
 532        {
 533                .procname       = "tcp_frto",
 534                .data           = &sysctl_tcp_frto,
 535                .maxlen         = sizeof(int),
 536                .mode           = 0644,
 537                .proc_handler   = proc_dointvec
 538        },
 539        {
 540                .procname       = "tcp_frto_response",
 541                .data           = &sysctl_tcp_frto_response,
 542                .maxlen         = sizeof(int),
 543                .mode           = 0644,
 544                .proc_handler   = proc_dointvec
 545        },
 546        {
 547                .procname       = "tcp_low_latency",
 548                .data           = &sysctl_tcp_low_latency,
 549                .maxlen         = sizeof(int),
 550                .mode           = 0644,
 551                .proc_handler   = proc_dointvec
 552        },
 553        {
 554                .procname       = "tcp_no_metrics_save",
 555                .data           = &sysctl_tcp_nometrics_save,
 556                .maxlen         = sizeof(int),
 557                .mode           = 0644,
 558                .proc_handler   = proc_dointvec,
 559        },
 560        {
 561                .procname       = "tcp_moderate_rcvbuf",
 562                .data           = &sysctl_tcp_moderate_rcvbuf,
 563                .maxlen         = sizeof(int),
 564                .mode           = 0644,
 565                .proc_handler   = proc_dointvec,
 566        },
 567        {
 568                .procname       = "tcp_tso_win_divisor",
 569                .data           = &sysctl_tcp_tso_win_divisor,
 570                .maxlen         = sizeof(int),
 571                .mode           = 0644,
 572                .proc_handler   = proc_dointvec,
 573        },
 574        {
 575                .procname       = "tcp_congestion_control",
 576                .mode           = 0644,
 577                .maxlen         = TCP_CA_NAME_MAX,
 578                .proc_handler   = proc_tcp_congestion_control,
 579        },
 580        {
 581                .procname       = "tcp_abc",
 582                .data           = &sysctl_tcp_abc,
 583                .maxlen         = sizeof(int),
 584                .mode           = 0644,
 585                .proc_handler   = proc_dointvec,
 586        },
 587        {
 588                .procname       = "tcp_mtu_probing",
 589                .data           = &sysctl_tcp_mtu_probing,
 590                .maxlen         = sizeof(int),
 591                .mode           = 0644,
 592                .proc_handler   = proc_dointvec,
 593        },
 594        {
 595                .procname       = "tcp_base_mss",
 596                .data           = &sysctl_tcp_base_mss,
 597                .maxlen         = sizeof(int),
 598                .mode           = 0644,
 599                .proc_handler   = proc_dointvec,
 600        },
 601        {
 602                .procname       = "tcp_workaround_signed_windows",
 603                .data           = &sysctl_tcp_workaround_signed_windows,
 604                .maxlen         = sizeof(int),
 605                .mode           = 0644,
 606                .proc_handler   = proc_dointvec
 607        },
 608        {
 609                .procname       = "tcp_limit_output_bytes",
 610                .data           = &sysctl_tcp_limit_output_bytes,
 611                .maxlen         = sizeof(int),
 612                .mode           = 0644,
 613                .proc_handler   = proc_dointvec
 614        },
 615        {
 616                .procname       = "tcp_challenge_ack_limit",
 617                .data           = &sysctl_tcp_challenge_ack_limit,
 618                .maxlen         = sizeof(int),
 619                .mode           = 0644,
 620                .proc_handler   = proc_dointvec
 621        },
 622#ifdef CONFIG_NET_DMA
 623        {
 624                .procname       = "tcp_dma_copybreak",
 625                .data           = &sysctl_tcp_dma_copybreak,
 626                .maxlen         = sizeof(int),
 627                .mode           = 0644,
 628                .proc_handler   = proc_dointvec
 629        },
 630#endif
 631        {
 632                .procname       = "tcp_slow_start_after_idle",
 633                .data           = &sysctl_tcp_slow_start_after_idle,
 634                .maxlen         = sizeof(int),
 635                .mode           = 0644,
 636                .proc_handler   = proc_dointvec
 637        },
 638#ifdef CONFIG_NETLABEL
 639        {
 640                .procname       = "cipso_cache_enable",
 641                .data           = &cipso_v4_cache_enabled,
 642                .maxlen         = sizeof(int),
 643                .mode           = 0644,
 644                .proc_handler   = proc_dointvec,
 645        },
 646        {
 647                .procname       = "cipso_cache_bucket_size",
 648                .data           = &cipso_v4_cache_bucketsize,
 649                .maxlen         = sizeof(int),
 650                .mode           = 0644,
 651                .proc_handler   = proc_dointvec,
 652        },
 653        {
 654                .procname       = "cipso_rbm_optfmt",
 655                .data           = &cipso_v4_rbm_optfmt,
 656                .maxlen         = sizeof(int),
 657                .mode           = 0644,
 658                .proc_handler   = proc_dointvec,
 659        },
 660        {
 661                .procname       = "cipso_rbm_strictvalid",
 662                .data           = &cipso_v4_rbm_strictvalid,
 663                .maxlen         = sizeof(int),
 664                .mode           = 0644,
 665                .proc_handler   = proc_dointvec,
 666        },
 667#endif /* CONFIG_NETLABEL */
 668        {
 669                .procname       = "tcp_available_congestion_control",
 670                .maxlen         = TCP_CA_BUF_MAX,
 671                .mode           = 0444,
 672                .proc_handler   = proc_tcp_available_congestion_control,
 673        },
 674        {
 675                .procname       = "tcp_allowed_congestion_control",
 676                .maxlen         = TCP_CA_BUF_MAX,
 677                .mode           = 0644,
 678                .proc_handler   = proc_allowed_congestion_control,
 679        },
 680        {
 681                .procname       = "tcp_max_ssthresh",
 682                .data           = &sysctl_tcp_max_ssthresh,
 683                .maxlen         = sizeof(int),
 684                .mode           = 0644,
 685                .proc_handler   = proc_dointvec,
 686        },
 687        {
 688                .procname       = "tcp_cookie_size",
 689                .data           = &sysctl_tcp_cookie_size,
 690                .maxlen         = sizeof(int),
 691                .mode           = 0644,
 692                .proc_handler   = proc_dointvec
 693        },
 694        {
 695                .procname       = "tcp_thin_linear_timeouts",
 696                .data           = &sysctl_tcp_thin_linear_timeouts,
 697                .maxlen         = sizeof(int),
 698                .mode           = 0644,
 699                .proc_handler   = proc_dointvec
 700        },
 701        {
 702                .procname       = "tcp_thin_dupack",
 703                .data           = &sysctl_tcp_thin_dupack,
 704                .maxlen         = sizeof(int),
 705                .mode           = 0644,
 706                .proc_handler   = proc_dointvec
 707        },
 708        {
 709                .procname       = "tcp_early_retrans",
 710                .data           = &sysctl_tcp_early_retrans,
 711                .maxlen         = sizeof(int),
 712                .mode           = 0644,
 713                .proc_handler   = proc_dointvec_minmax,
 714                .extra1         = &zero,
 715                .extra2         = &two,
 716        },
 717        {
 718                .procname       = "udp_mem",
 719                .data           = &sysctl_udp_mem,
 720                .maxlen         = sizeof(sysctl_udp_mem),
 721                .mode           = 0644,
 722                .proc_handler   = proc_doulongvec_minmax,
 723        },
 724        {
 725                .procname       = "udp_rmem_min",
 726                .data           = &sysctl_udp_rmem_min,
 727                .maxlen         = sizeof(sysctl_udp_rmem_min),
 728                .mode           = 0644,
 729                .proc_handler   = proc_dointvec_minmax,
 730                .extra1         = &zero
 731        },
 732        {
 733                .procname       = "udp_wmem_min",
 734                .data           = &sysctl_udp_wmem_min,
 735                .maxlen         = sizeof(sysctl_udp_wmem_min),
 736                .mode           = 0644,
 737                .proc_handler   = proc_dointvec_minmax,
 738                .extra1         = &zero
 739        },
 740        { }
 741};
 742
 743static struct ctl_table ipv4_net_table[] = {
 744        {
 745                .procname       = "icmp_echo_ignore_all",
 746                .data           = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
 747                .maxlen         = sizeof(int),
 748                .mode           = 0644,
 749                .proc_handler   = proc_dointvec
 750        },
 751        {
 752                .procname       = "icmp_echo_ignore_broadcasts",
 753                .data           = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
 754                .maxlen         = sizeof(int),
 755                .mode           = 0644,
 756                .proc_handler   = proc_dointvec
 757        },
 758        {
 759                .procname       = "icmp_ignore_bogus_error_responses",
 760                .data           = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
 761                .maxlen         = sizeof(int),
 762                .mode           = 0644,
 763                .proc_handler   = proc_dointvec
 764        },
 765        {
 766                .procname       = "icmp_errors_use_inbound_ifaddr",
 767                .data           = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
 768                .maxlen         = sizeof(int),
 769                .mode           = 0644,
 770                .proc_handler   = proc_dointvec
 771        },
 772        {
 773                .procname       = "icmp_ratelimit",
 774                .data           = &init_net.ipv4.sysctl_icmp_ratelimit,
 775                .maxlen         = sizeof(int),
 776                .mode           = 0644,
 777                .proc_handler   = proc_dointvec_ms_jiffies,
 778        },
 779        {
 780                .procname       = "icmp_ratemask",
 781                .data           = &init_net.ipv4.sysctl_icmp_ratemask,
 782                .maxlen         = sizeof(int),
 783                .mode           = 0644,
 784                .proc_handler   = proc_dointvec
 785        },
 786        {
 787                .procname       = "ping_group_range",
 788                .data           = &init_net.ipv4.sysctl_ping_group_range,
 789                .maxlen         = sizeof(init_net.ipv4.sysctl_ping_group_range),
 790                .mode           = 0644,
 791                .proc_handler   = ipv4_ping_group_range,
 792        },
 793        {
 794                .procname       = "tcp_mem",
 795                .maxlen         = sizeof(init_net.ipv4.sysctl_tcp_mem),
 796                .mode           = 0644,
 797                .proc_handler   = ipv4_tcp_mem,
 798        },
 799        { }
 800};
 801
 802static __net_init int ipv4_sysctl_init_net(struct net *net)
 803{
 804        struct ctl_table *table;
 805
 806        table = ipv4_net_table;
 807        if (!net_eq(net, &init_net)) {
 808                table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
 809                if (table == NULL)
 810                        goto err_alloc;
 811
 812                table[0].data =
 813                        &net->ipv4.sysctl_icmp_echo_ignore_all;
 814                table[1].data =
 815                        &net->ipv4.sysctl_icmp_echo_ignore_broadcasts;
 816                table[2].data =
 817                        &net->ipv4.sysctl_icmp_ignore_bogus_error_responses;
 818                table[3].data =
 819                        &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr;
 820                table[4].data =
 821                        &net->ipv4.sysctl_icmp_ratelimit;
 822                table[5].data =
 823                        &net->ipv4.sysctl_icmp_ratemask;
 824                table[6].data =
 825                        &net->ipv4.sysctl_ping_group_range;
 826
 827        }
 828
 829        /*
 830         * Sane defaults - nobody may create ping sockets.
 831         * Boot scripts should set this to distro-specific group.
 832         */
 833        net->ipv4.sysctl_ping_group_range[0] = 1;
 834        net->ipv4.sysctl_ping_group_range[1] = 0;
 835
 836        tcp_init_mem(net);
 837
 838        net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
 839        if (net->ipv4.ipv4_hdr == NULL)
 840                goto err_reg;
 841
 842        return 0;
 843
 844err_reg:
 845        if (!net_eq(net, &init_net))
 846                kfree(table);
 847err_alloc:
 848        return -ENOMEM;
 849}
 850
 851static __net_exit void ipv4_sysctl_exit_net(struct net *net)
 852{
 853        struct ctl_table *table;
 854
 855        table = net->ipv4.ipv4_hdr->ctl_table_arg;
 856        unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
 857        kfree(table);
 858}
 859
 860static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
 861        .init = ipv4_sysctl_init_net,
 862        .exit = ipv4_sysctl_exit_net,
 863};
 864
 865static __init int sysctl_ipv4_init(void)
 866{
 867        struct ctl_table_header *hdr;
 868        struct ctl_table *i;
 869
 870        for (i = ipv4_table; i->procname; i++) {
 871                if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
 872                        i->data = sysctl_local_reserved_ports;
 873                        break;
 874                }
 875        }
 876        if (!i->procname)
 877                return -EINVAL;
 878
 879        hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
 880        if (hdr == NULL)
 881                return -ENOMEM;
 882
 883        if (register_pernet_subsys(&ipv4_sysctl_ops)) {
 884                unregister_net_sysctl_table(hdr);
 885                return -ENOMEM;
 886        }
 887
 888        return 0;
 889}
 890
 891__initcall(sysctl_ipv4_init);
 892
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.