linux/net/ipv4/sysctl_net_ipv4.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
   4 *
   5 * Begun April 1, 1996, Mike Shaver.
   6 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
   7 */
   8
   9#include <linux/mm.h>
  10#include <linux/module.h>
  11#include <linux/sysctl.h>
  12#include <linux/igmp.h>
  13#include <linux/inetdevice.h>
  14#include <linux/seqlock.h>
  15#include <linux/init.h>
  16#include <linux/slab.h>
  17#include <linux/nsproxy.h>
  18#include <linux/swap.h>
  19#include <net/snmp.h>
  20#include <net/icmp.h>
  21#include <net/ip.h>
  22#include <net/ip_fib.h>
  23#include <net/route.h>
  24#include <net/tcp.h>
  25#include <net/udp.h>
  26#include <net/cipso_ipv4.h>
  27#include <net/inet_frag.h>
  28#include <net/ping.h>
  29#include <net/protocol.h>
  30#include <net/netevent.h>
  31
  32static int two = 2;
  33static int three __maybe_unused = 3;
  34static int four = 4;
  35static int thousand = 1000;
  36static int tcp_retr1_max = 255;
  37static int ip_local_port_range_min[] = { 1, 1 };
  38static int ip_local_port_range_max[] = { 65535, 65535 };
  39static int tcp_adv_win_scale_min = -31;
  40static int tcp_adv_win_scale_max = 31;
  41static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS;
  42static int tcp_min_snd_mss_max = 65535;
  43static int ip_privileged_port_min;
  44static int ip_privileged_port_max = 65535;
  45static int ip_ttl_min = 1;
  46static int ip_ttl_max = 255;
  47static int tcp_syn_retries_min = 1;
  48static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
  49static int ip_ping_group_range_min[] = { 0, 0 };
  50static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
  51static u32 u32_max_div_HZ = UINT_MAX / HZ;
  52static int one_day_secs = 24 * 3600;
  53static u32 fib_multipath_hash_fields_all_mask __maybe_unused =
  54        FIB_MULTIPATH_HASH_FIELD_ALL_MASK;
  55
  56/* obsolete */
  57static int sysctl_tcp_low_latency __read_mostly;
  58
  59/* Update system visible IP port range */
  60static void set_local_port_range(struct net *net, int range[2])
  61{
  62        bool same_parity = !((range[0] ^ range[1]) & 1);
  63
  64        write_seqlock_bh(&net->ipv4.ip_local_ports.lock);
  65        if (same_parity && !net->ipv4.ip_local_ports.warned) {
  66                net->ipv4.ip_local_ports.warned = true;
  67                pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n");
  68        }
  69        net->ipv4.ip_local_ports.range[0] = range[0];
  70        net->ipv4.ip_local_ports.range[1] = range[1];
  71        write_sequnlock_bh(&net->ipv4.ip_local_ports.lock);
  72}
  73
  74/* Validate changes from /proc interface. */
  75static int ipv4_local_port_range(struct ctl_table *table, int write,
  76                                 void *buffer, size_t *lenp, loff_t *ppos)
  77{
  78        struct net *net =
  79                container_of(table->data, struct net, ipv4.ip_local_ports.range);
  80        int ret;
  81        int range[2];
  82        struct ctl_table tmp = {
  83                .data = &range,
  84                .maxlen = sizeof(range),
  85                .mode = table->mode,
  86                .extra1 = &ip_local_port_range_min,
  87                .extra2 = &ip_local_port_range_max,
  88        };
  89
  90        inet_get_local_port_range(net, &range[0], &range[1]);
  91
  92        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
  93
  94        if (write && ret == 0) {
  95                /* Ensure that the upper limit is not smaller than the lower,
  96                 * and that the lower does not encroach upon the privileged
  97                 * port limit.
  98                 */
  99                if ((range[1] < range[0]) ||
 100                    (range[0] < net->ipv4.sysctl_ip_prot_sock))
 101                        ret = -EINVAL;
 102                else
 103                        set_local_port_range(net, range);
 104        }
 105
 106        return ret;
 107}
 108
 109/* Validate changes from /proc interface. */
 110static int ipv4_privileged_ports(struct ctl_table *table, int write,
 111                                void *buffer, size_t *lenp, loff_t *ppos)
 112{
 113        struct net *net = container_of(table->data, struct net,
 114            ipv4.sysctl_ip_prot_sock);
 115        int ret;
 116        int pports;
 117        int range[2];
 118        struct ctl_table tmp = {
 119                .data = &pports,
 120                .maxlen = sizeof(pports),
 121                .mode = table->mode,
 122                .extra1 = &ip_privileged_port_min,
 123                .extra2 = &ip_privileged_port_max,
 124        };
 125
 126        pports = net->ipv4.sysctl_ip_prot_sock;
 127
 128        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
 129
 130        if (write && ret == 0) {
 131                inet_get_local_port_range(net, &range[0], &range[1]);
 132                /* Ensure that the local port range doesn't overlap with the
 133                 * privileged port range.
 134                 */
 135                if (range[0] < pports)
 136                        ret = -EINVAL;
 137                else
 138                        net->ipv4.sysctl_ip_prot_sock = pports;
 139        }
 140
 141        return ret;
 142}
 143
 144static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
 145{
 146        kgid_t *data = table->data;
 147        struct net *net =
 148                container_of(table->data, struct net, ipv4.ping_group_range.range);
 149        unsigned int seq;
 150        do {
 151                seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
 152
 153                *low = data[0];
 154                *high = data[1];
 155        } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
 156}
 157
 158/* Update system visible IP port range */
 159static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
 160{
 161        kgid_t *data = table->data;
 162        struct net *net =
 163                container_of(table->data, struct net, ipv4.ping_group_range.range);
 164        write_seqlock(&net->ipv4.ping_group_range.lock);
 165        data[0] = low;
 166        data[1] = high;
 167        write_sequnlock(&net->ipv4.ping_group_range.lock);
 168}
 169
 170/* Validate changes from /proc interface. */
 171static int ipv4_ping_group_range(struct ctl_table *table, int write,
 172                                 void *buffer, size_t *lenp, loff_t *ppos)
 173{
 174        struct user_namespace *user_ns = current_user_ns();
 175        int ret;
 176        gid_t urange[2];
 177        kgid_t low, high;
 178        struct ctl_table tmp = {
 179                .data = &urange,
 180                .maxlen = sizeof(urange),
 181                .mode = table->mode,
 182                .extra1 = &ip_ping_group_range_min,
 183                .extra2 = &ip_ping_group_range_max,
 184        };
 185
 186        inet_get_ping_group_range_table(table, &low, &high);
 187        urange[0] = from_kgid_munged(user_ns, low);
 188        urange[1] = from_kgid_munged(user_ns, high);
 189        ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
 190
 191        if (write && ret == 0) {
 192                low = make_kgid(user_ns, urange[0]);
 193                high = make_kgid(user_ns, urange[1]);
 194                if (!gid_valid(low) || !gid_valid(high))
 195                        return -EINVAL;
 196                if (urange[1] < urange[0] || gid_lt(high, low)) {
 197                        low = make_kgid(&init_user_ns, 1);
 198                        high = make_kgid(&init_user_ns, 0);
 199                }
 200                set_ping_group_range(table, low, high);
 201        }
 202
 203        return ret;
 204}
 205
 206static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
 207                                    void *buffer, size_t *lenp, loff_t *ppos)
 208{
 209        struct net *net;
 210        int ret;
 211
 212        net = container_of(table->data, struct net,
 213                           ipv4.sysctl_ip_fwd_update_priority);
 214        ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
 215        if (write && ret == 0)
 216                call_netevent_notifiers(NETEVENT_IPV4_FWD_UPDATE_PRIORITY_UPDATE,
 217                                        net);
 218
 219        return ret;
 220}
 221
 222static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
 223                                       void *buffer, size_t *lenp, loff_t *ppos)
 224{
 225        struct net *net = container_of(ctl->data, struct net,
 226                                       ipv4.tcp_congestion_control);
 227        char val[TCP_CA_NAME_MAX];
 228        struct ctl_table tbl = {
 229                .data = val,
 230                .maxlen = TCP_CA_NAME_MAX,
 231        };
 232        int ret;
 233
 234        tcp_get_default_congestion_control(net, val);
 235
 236        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 237        if (write && ret == 0)
 238                ret = tcp_set_default_congestion_control(net, val);
 239        return ret;
 240}
 241
 242static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
 243                                                 int write, void *buffer,
 244                                                 size_t *lenp, loff_t *ppos)
 245{
 246        struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
 247        int ret;
 248
 249        tbl.data = kmalloc(tbl.maxlen, GFP_USER);
 250        if (!tbl.data)
 251                return -ENOMEM;
 252        tcp_get_available_congestion_control(tbl.data, TCP_CA_BUF_MAX);
 253        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 254        kfree(tbl.data);
 255        return ret;
 256}
 257
 258static int proc_allowed_congestion_control(struct ctl_table *ctl,
 259                                           int write, void *buffer,
 260                                           size_t *lenp, loff_t *ppos)
 261{
 262        struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
 263        int ret;
 264
 265        tbl.data = kmalloc(tbl.maxlen, GFP_USER);
 266        if (!tbl.data)
 267                return -ENOMEM;
 268
 269        tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen);
 270        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 271        if (write && ret == 0)
 272                ret = tcp_set_allowed_congestion_control(tbl.data);
 273        kfree(tbl.data);
 274        return ret;
 275}
 276
 277static int sscanf_key(char *buf, __le32 *key)
 278{
 279        u32 user_key[4];
 280        int i, ret = 0;
 281
 282        if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
 283                   user_key + 2, user_key + 3) != 4) {
 284                ret = -EINVAL;
 285        } else {
 286                for (i = 0; i < ARRAY_SIZE(user_key); i++)
 287                        key[i] = cpu_to_le32(user_key[i]);
 288        }
 289        pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
 290                 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
 291
 292        return ret;
 293}
 294
 295static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
 296                                 void *buffer, size_t *lenp, loff_t *ppos)
 297{
 298        struct net *net = container_of(table->data, struct net,
 299            ipv4.sysctl_tcp_fastopen);
 300        /* maxlen to print the list of keys in hex (*2), with dashes
 301         * separating doublewords and a comma in between keys.
 302         */
 303        struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
 304                                            2 * TCP_FASTOPEN_KEY_MAX) +
 305                                            (TCP_FASTOPEN_KEY_MAX * 5)) };
 306        u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
 307        __le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
 308        char *backup_data;
 309        int ret, i = 0, off = 0, n_keys;
 310
 311        tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
 312        if (!tbl.data)
 313                return -ENOMEM;
 314
 315        n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
 316        if (!n_keys) {
 317                memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
 318                n_keys = 1;
 319        }
 320
 321        for (i = 0; i < n_keys * 4; i++)
 322                user_key[i] = le32_to_cpu(key[i]);
 323
 324        for (i = 0; i < n_keys; i++) {
 325                off += snprintf(tbl.data + off, tbl.maxlen - off,
 326                                "%08x-%08x-%08x-%08x",
 327                                user_key[i * 4],
 328                                user_key[i * 4 + 1],
 329                                user_key[i * 4 + 2],
 330                                user_key[i * 4 + 3]);
 331
 332                if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
 333                        break;
 334
 335                if (i + 1 < n_keys)
 336                        off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
 337        }
 338
 339        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 340
 341        if (write && ret == 0) {
 342                backup_data = strchr(tbl.data, ',');
 343                if (backup_data) {
 344                        *backup_data = '\0';
 345                        backup_data++;
 346                }
 347                if (sscanf_key(tbl.data, key)) {
 348                        ret = -EINVAL;
 349                        goto bad_key;
 350                }
 351                if (backup_data) {
 352                        if (sscanf_key(backup_data, key + 4)) {
 353                                ret = -EINVAL;
 354                                goto bad_key;
 355                        }
 356                }
 357                tcp_fastopen_reset_cipher(net, NULL, key,
 358                                          backup_data ? key + 4 : NULL);
 359        }
 360
 361bad_key:
 362        kfree(tbl.data);
 363        return ret;
 364}
 365
 366static void proc_configure_early_demux(int enabled, int protocol)
 367{
 368        struct net_protocol *ipprot;
 369#if IS_ENABLED(CONFIG_IPV6)
 370        struct inet6_protocol *ip6prot;
 371#endif
 372
 373        rcu_read_lock();
 374
 375        ipprot = rcu_dereference(inet_protos[protocol]);
 376        if (ipprot)
 377                ipprot->early_demux = enabled ? ipprot->early_demux_handler :
 378                                                NULL;
 379
 380#if IS_ENABLED(CONFIG_IPV6)
 381        ip6prot = rcu_dereference(inet6_protos[protocol]);
 382        if (ip6prot)
 383                ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
 384                                                 NULL;
 385#endif
 386        rcu_read_unlock();
 387}
 388
 389static int proc_tcp_early_demux(struct ctl_table *table, int write,
 390                                void *buffer, size_t *lenp, loff_t *ppos)
 391{
 392        int ret = 0;
 393
 394        ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
 395
 396        if (write && !ret) {
 397                int enabled = init_net.ipv4.sysctl_tcp_early_demux;
 398
 399                proc_configure_early_demux(enabled, IPPROTO_TCP);
 400        }
 401
 402        return ret;
 403}
 404
 405static int proc_udp_early_demux(struct ctl_table *table, int write,
 406                                void *buffer, size_t *lenp, loff_t *ppos)
 407{
 408        int ret = 0;
 409
 410        ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
 411
 412        if (write && !ret) {
 413                int enabled = init_net.ipv4.sysctl_udp_early_demux;
 414
 415                proc_configure_early_demux(enabled, IPPROTO_UDP);
 416        }
 417
 418        return ret;
 419}
 420
 421static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
 422                                             int write, void *buffer,
 423                                             size_t *lenp, loff_t *ppos)
 424{
 425        struct net *net = container_of(table->data, struct net,
 426            ipv4.sysctl_tcp_fastopen_blackhole_timeout);
 427        int ret;
 428
 429        ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
 430        if (write && ret == 0)
 431                atomic_set(&net->ipv4.tfo_active_disable_times, 0);
 432
 433        return ret;
 434}
 435
 436static int proc_tcp_available_ulp(struct ctl_table *ctl,
 437                                  int write, void *buffer, size_t *lenp,
 438                                  loff_t *ppos)
 439{
 440        struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
 441        int ret;
 442
 443        tbl.data = kmalloc(tbl.maxlen, GFP_USER);
 444        if (!tbl.data)
 445                return -ENOMEM;
 446        tcp_get_available_ulp(tbl.data, TCP_ULP_BUF_MAX);
 447        ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
 448        kfree(tbl.data);
 449
 450        return ret;
 451}
 452
 453#ifdef CONFIG_IP_ROUTE_MULTIPATH
 454static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
 455                                          void *buffer, size_t *lenp,
 456                                          loff_t *ppos)
 457{
 458        struct net *net = container_of(table->data, struct net,
 459            ipv4.sysctl_fib_multipath_hash_policy);
 460        int ret;
 461
 462        ret = proc_dou8vec_minmax(table, write, buffer, lenp, ppos);
 463        if (write && ret == 0)
 464                call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
 465
 466        return ret;
 467}
 468
 469static int proc_fib_multipath_hash_fields(struct ctl_table *table, int write,
 470                                          void *buffer, size_t *lenp,
 471                                          loff_t *ppos)
 472{
 473        struct net *net;
 474        int ret;
 475
 476        net = container_of(table->data, struct net,
 477                           ipv4.sysctl_fib_multipath_hash_fields);
 478        ret = proc_douintvec_minmax(table, write, buffer, lenp, ppos);
 479        if (write && ret == 0)
 480                call_netevent_notifiers(NETEVENT_IPV4_MPATH_HASH_UPDATE, net);
 481
 482        return ret;
 483}
 484#endif
 485
 486static struct ctl_table ipv4_table[] = {
 487        {
 488                .procname       = "tcp_max_orphans",
 489                .data           = &sysctl_tcp_max_orphans,
 490                .maxlen         = sizeof(int),
 491                .mode           = 0644,
 492                .proc_handler   = proc_dointvec
 493        },
 494        {
 495                .procname       = "inet_peer_threshold",
 496                .data           = &inet_peer_threshold,
 497                .maxlen         = sizeof(int),
 498                .mode           = 0644,
 499                .proc_handler   = proc_dointvec
 500        },
 501        {
 502                .procname       = "inet_peer_minttl",
 503                .data           = &inet_peer_minttl,
 504                .maxlen         = sizeof(int),
 505                .mode           = 0644,
 506                .proc_handler   = proc_dointvec_jiffies,
 507        },
 508        {
 509                .procname       = "inet_peer_maxttl",
 510                .data           = &inet_peer_maxttl,
 511                .maxlen         = sizeof(int),
 512                .mode           = 0644,
 513                .proc_handler   = proc_dointvec_jiffies,
 514        },
 515        {
 516                .procname       = "tcp_mem",
 517                .maxlen         = sizeof(sysctl_tcp_mem),
 518                .data           = &sysctl_tcp_mem,
 519                .mode           = 0644,
 520                .proc_handler   = proc_doulongvec_minmax,
 521        },
 522        {
 523                .procname       = "tcp_low_latency",
 524                .data           = &sysctl_tcp_low_latency,
 525                .maxlen         = sizeof(int),
 526                .mode           = 0644,
 527                .proc_handler   = proc_dointvec
 528        },
 529#ifdef CONFIG_NETLABEL
 530        {
 531                .procname       = "cipso_cache_enable",
 532                .data           = &cipso_v4_cache_enabled,
 533                .maxlen         = sizeof(int),
 534                .mode           = 0644,
 535                .proc_handler   = proc_dointvec,
 536        },
 537        {
 538                .procname       = "cipso_cache_bucket_size",
 539                .data           = &cipso_v4_cache_bucketsize,
 540                .maxlen         = sizeof(int),
 541                .mode           = 0644,
 542                .proc_handler   = proc_dointvec,
 543        },
 544        {
 545                .procname       = "cipso_rbm_optfmt",
 546                .data           = &cipso_v4_rbm_optfmt,
 547                .maxlen         = sizeof(int),
 548                .mode           = 0644,
 549                .proc_handler   = proc_dointvec,
 550        },
 551        {
 552                .procname       = "cipso_rbm_strictvalid",
 553                .data           = &cipso_v4_rbm_strictvalid,
 554                .maxlen         = sizeof(int),
 555                .mode           = 0644,
 556                .proc_handler   = proc_dointvec,
 557        },
 558#endif /* CONFIG_NETLABEL */
 559        {
 560                .procname       = "tcp_available_ulp",
 561                .maxlen         = TCP_ULP_BUF_MAX,
 562                .mode           = 0444,
 563                .proc_handler   = proc_tcp_available_ulp,
 564        },
 565        {
 566                .procname       = "icmp_msgs_per_sec",
 567                .data           = &sysctl_icmp_msgs_per_sec,
 568                .maxlen         = sizeof(int),
 569                .mode           = 0644,
 570                .proc_handler   = proc_dointvec_minmax,
 571                .extra1         = SYSCTL_ZERO,
 572        },
 573        {
 574                .procname       = "icmp_msgs_burst",
 575                .data           = &sysctl_icmp_msgs_burst,
 576                .maxlen         = sizeof(int),
 577                .mode           = 0644,
 578                .proc_handler   = proc_dointvec_minmax,
 579                .extra1         = SYSCTL_ZERO,
 580        },
 581        {
 582                .procname       = "udp_mem",
 583                .data           = &sysctl_udp_mem,
 584                .maxlen         = sizeof(sysctl_udp_mem),
 585                .mode           = 0644,
 586                .proc_handler   = proc_doulongvec_minmax,
 587        },
 588        {
 589                .procname       = "fib_sync_mem",
 590                .data           = &sysctl_fib_sync_mem,
 591                .maxlen         = sizeof(sysctl_fib_sync_mem),
 592                .mode           = 0644,
 593                .proc_handler   = proc_douintvec_minmax,
 594                .extra1         = &sysctl_fib_sync_mem_min,
 595                .extra2         = &sysctl_fib_sync_mem_max,
 596        },
 597        {
 598                .procname       = "tcp_rx_skb_cache",
 599                .data           = &tcp_rx_skb_cache_key.key,
 600                .mode           = 0644,
 601                .proc_handler   = proc_do_static_key,
 602        },
 603        {
 604                .procname       = "tcp_tx_skb_cache",
 605                .data           = &tcp_tx_skb_cache_key.key,
 606                .mode           = 0644,
 607                .proc_handler   = proc_do_static_key,
 608        },
 609        { }
 610};
 611
 612static struct ctl_table ipv4_net_table[] = {
 613        {
 614                .procname       = "icmp_echo_ignore_all",
 615                .data           = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
 616                .maxlen         = sizeof(u8),
 617                .mode           = 0644,
 618                .proc_handler   = proc_dou8vec_minmax,
 619        },
 620        {
 621                .procname       = "icmp_echo_enable_probe",
 622                .data           = &init_net.ipv4.sysctl_icmp_echo_enable_probe,
 623                .maxlen         = sizeof(u8),
 624                .mode           = 0644,
 625                .proc_handler   = proc_dou8vec_minmax,
 626                .extra1         = SYSCTL_ZERO,
 627                .extra2         = SYSCTL_ONE
 628        },
 629        {
 630                .procname       = "icmp_echo_ignore_broadcasts",
 631                .data           = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
 632                .maxlen         = sizeof(u8),
 633                .mode           = 0644,
 634                .proc_handler   = proc_dou8vec_minmax,
 635        },
 636        {
 637                .procname       = "icmp_ignore_bogus_error_responses",
 638                .data           = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
 639                .maxlen         = sizeof(u8),
 640                .mode           = 0644,
 641                .proc_handler   = proc_dou8vec_minmax,
 642        },
 643        {
 644                .procname       = "icmp_errors_use_inbound_ifaddr",
 645                .data           = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
 646                .maxlen         = sizeof(u8),
 647                .mode           = 0644,
 648                .proc_handler   = proc_dou8vec_minmax,
 649        },
 650        {
 651                .procname       = "icmp_ratelimit",
 652                .data           = &init_net.ipv4.sysctl_icmp_ratelimit,
 653                .maxlen         = sizeof(int),
 654                .mode           = 0644,
 655                .proc_handler   = proc_dointvec_ms_jiffies,
 656        },
 657        {
 658                .procname       = "icmp_ratemask",
 659                .data           = &init_net.ipv4.sysctl_icmp_ratemask,
 660                .maxlen         = sizeof(int),
 661                .mode           = 0644,
 662                .proc_handler   = proc_dointvec
 663        },
 664        {
 665                .procname       = "ping_group_range",
 666                .data           = &init_net.ipv4.ping_group_range.range,
 667                .maxlen         = sizeof(gid_t)*2,
 668                .mode           = 0644,
 669                .proc_handler   = ipv4_ping_group_range,
 670        },
 671#ifdef CONFIG_NET_L3_MASTER_DEV
 672        {
 673                .procname       = "raw_l3mdev_accept",
 674                .data           = &init_net.ipv4.sysctl_raw_l3mdev_accept,
 675                .maxlen         = sizeof(u8),
 676                .mode           = 0644,
 677                .proc_handler   = proc_dou8vec_minmax,
 678                .extra1         = SYSCTL_ZERO,
 679                .extra2         = SYSCTL_ONE,
 680        },
 681#endif
 682        {
 683                .procname       = "tcp_ecn",
 684                .data           = &init_net.ipv4.sysctl_tcp_ecn,
 685                .maxlen         = sizeof(u8),
 686                .mode           = 0644,
 687                .proc_handler   = proc_dou8vec_minmax,
 688        },
 689        {
 690                .procname       = "tcp_ecn_fallback",
 691                .data           = &init_net.ipv4.sysctl_tcp_ecn_fallback,
 692                .maxlen         = sizeof(u8),
 693                .mode           = 0644,
 694                .proc_handler   = proc_dou8vec_minmax,
 695        },
 696        {
 697                .procname       = "ip_dynaddr",
 698                .data           = &init_net.ipv4.sysctl_ip_dynaddr,
 699                .maxlen         = sizeof(u8),
 700                .mode           = 0644,
 701                .proc_handler   = proc_dou8vec_minmax,
 702        },
 703        {
 704                .procname       = "ip_early_demux",
 705                .data           = &init_net.ipv4.sysctl_ip_early_demux,
 706                .maxlen         = sizeof(u8),
 707                .mode           = 0644,
 708                .proc_handler   = proc_dou8vec_minmax,
 709        },
 710        {
 711                .procname       = "udp_early_demux",
 712                .data           = &init_net.ipv4.sysctl_udp_early_demux,
 713                .maxlen         = sizeof(u8),
 714                .mode           = 0644,
 715                .proc_handler   = proc_udp_early_demux
 716        },
 717        {
 718                .procname       = "tcp_early_demux",
 719                .data           = &init_net.ipv4.sysctl_tcp_early_demux,
 720                .maxlen         = sizeof(u8),
 721                .mode           = 0644,
 722                .proc_handler   = proc_tcp_early_demux
 723        },
 724        {
 725                .procname       = "nexthop_compat_mode",
 726                .data           = &init_net.ipv4.sysctl_nexthop_compat_mode,
 727                .maxlen         = sizeof(u8),
 728                .mode           = 0644,
 729                .proc_handler   = proc_dou8vec_minmax,
 730                .extra1         = SYSCTL_ZERO,
 731                .extra2         = SYSCTL_ONE,
 732        },
 733        {
 734                .procname       = "ip_default_ttl",
 735                .data           = &init_net.ipv4.sysctl_ip_default_ttl,
 736                .maxlen         = sizeof(u8),
 737                .mode           = 0644,
 738                .proc_handler   = proc_dou8vec_minmax,
 739                .extra1         = &ip_ttl_min,
 740                .extra2         = &ip_ttl_max,
 741        },
 742        {
 743                .procname       = "ip_local_port_range",
 744                .maxlen         = sizeof(init_net.ipv4.ip_local_ports.range),
 745                .data           = &init_net.ipv4.ip_local_ports.range,
 746                .mode           = 0644,
 747                .proc_handler   = ipv4_local_port_range,
 748        },
 749        {
 750                .procname       = "ip_local_reserved_ports",
 751                .data           = &init_net.ipv4.sysctl_local_reserved_ports,
 752                .maxlen         = 65536,
 753                .mode           = 0644,
 754                .proc_handler   = proc_do_large_bitmap,
 755        },
 756        {
 757                .procname       = "ip_no_pmtu_disc",
 758                .data           = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
 759                .maxlen         = sizeof(u8),
 760                .mode           = 0644,
 761                .proc_handler   = proc_dou8vec_minmax,
 762        },
 763        {
 764                .procname       = "ip_forward_use_pmtu",
 765                .data           = &init_net.ipv4.sysctl_ip_fwd_use_pmtu,
 766                .maxlen         = sizeof(u8),
 767                .mode           = 0644,
 768                .proc_handler   = proc_dou8vec_minmax,
 769        },
 770        {
 771                .procname       = "ip_forward_update_priority",
 772                .data           = &init_net.ipv4.sysctl_ip_fwd_update_priority,
 773                .maxlen         = sizeof(u8),
 774                .mode           = 0644,
 775                .proc_handler   = ipv4_fwd_update_priority,
 776                .extra1         = SYSCTL_ZERO,
 777                .extra2         = SYSCTL_ONE,
 778        },
 779        {
 780                .procname       = "ip_nonlocal_bind",
 781                .data           = &init_net.ipv4.sysctl_ip_nonlocal_bind,
 782                .maxlen         = sizeof(u8),
 783                .mode           = 0644,
 784                .proc_handler   = proc_dou8vec_minmax,
 785        },
 786        {
 787                .procname       = "ip_autobind_reuse",
 788                .data           = &init_net.ipv4.sysctl_ip_autobind_reuse,
 789                .maxlen         = sizeof(u8),
 790                .mode           = 0644,
 791                .proc_handler   = proc_dou8vec_minmax,
 792                .extra1         = SYSCTL_ZERO,
 793                .extra2         = SYSCTL_ONE,
 794        },
 795        {
 796                .procname       = "fwmark_reflect",
 797                .data           = &init_net.ipv4.sysctl_fwmark_reflect,
 798                .maxlen         = sizeof(u8),
 799                .mode           = 0644,
 800                .proc_handler   = proc_dou8vec_minmax,
 801        },
 802        {
 803                .procname       = "tcp_fwmark_accept",
 804                .data           = &init_net.ipv4.sysctl_tcp_fwmark_accept,
 805                .maxlen         = sizeof(u8),
 806                .mode           = 0644,
 807                .proc_handler   = proc_dou8vec_minmax,
 808        },
 809#ifdef CONFIG_NET_L3_MASTER_DEV
 810        {
 811                .procname       = "tcp_l3mdev_accept",
 812                .data           = &init_net.ipv4.sysctl_tcp_l3mdev_accept,
 813                .maxlen         = sizeof(u8),
 814                .mode           = 0644,
 815                .proc_handler   = proc_dou8vec_minmax,
 816                .extra1         = SYSCTL_ZERO,
 817                .extra2         = SYSCTL_ONE,
 818        },
 819#endif
 820        {
 821                .procname       = "tcp_mtu_probing",
 822                .data           = &init_net.ipv4.sysctl_tcp_mtu_probing,
 823                .maxlen         = sizeof(u8),
 824                .mode           = 0644,
 825                .proc_handler   = proc_dou8vec_minmax,
 826        },
 827        {
 828                .procname       = "tcp_base_mss",
 829                .data           = &init_net.ipv4.sysctl_tcp_base_mss,
 830                .maxlen         = sizeof(int),
 831                .mode           = 0644,
 832                .proc_handler   = proc_dointvec,
 833        },
 834        {
 835                .procname       = "tcp_min_snd_mss",
 836                .data           = &init_net.ipv4.sysctl_tcp_min_snd_mss,
 837                .maxlen         = sizeof(int),
 838                .mode           = 0644,
 839                .proc_handler   = proc_dointvec_minmax,
 840                .extra1         = &tcp_min_snd_mss_min,
 841                .extra2         = &tcp_min_snd_mss_max,
 842        },
 843        {
 844                .procname       = "tcp_mtu_probe_floor",
 845                .data           = &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
 846                .maxlen         = sizeof(int),
 847                .mode           = 0644,
 848                .proc_handler   = proc_dointvec_minmax,
 849                .extra1         = &tcp_min_snd_mss_min,
 850                .extra2         = &tcp_min_snd_mss_max,
 851        },
 852        {
 853                .procname       = "tcp_probe_threshold",
 854                .data           = &init_net.ipv4.sysctl_tcp_probe_threshold,
 855                .maxlen         = sizeof(int),
 856                .mode           = 0644,
 857                .proc_handler   = proc_dointvec,
 858        },
 859        {
 860                .procname       = "tcp_probe_interval",
 861                .data           = &init_net.ipv4.sysctl_tcp_probe_interval,
 862                .maxlen         = sizeof(u32),
 863                .mode           = 0644,
 864                .proc_handler   = proc_douintvec_minmax,
 865                .extra2         = &u32_max_div_HZ,
 866        },
 867        {
 868                .procname       = "igmp_link_local_mcast_reports",
 869                .data           = &init_net.ipv4.sysctl_igmp_llm_reports,
 870                .maxlen         = sizeof(u8),
 871                .mode           = 0644,
 872                .proc_handler   = proc_dou8vec_minmax,
 873        },
 874        {
 875                .procname       = "igmp_max_memberships",
 876                .data           = &init_net.ipv4.sysctl_igmp_max_memberships,
 877                .maxlen         = sizeof(int),
 878                .mode           = 0644,
 879                .proc_handler   = proc_dointvec
 880        },
 881        {
 882                .procname       = "igmp_max_msf",
 883                .data           = &init_net.ipv4.sysctl_igmp_max_msf,
 884                .maxlen         = sizeof(int),
 885                .mode           = 0644,
 886                .proc_handler   = proc_dointvec
 887        },
 888#ifdef CONFIG_IP_MULTICAST
 889        {
 890                .procname       = "igmp_qrv",
 891                .data           = &init_net.ipv4.sysctl_igmp_qrv,
 892                .maxlen         = sizeof(int),
 893                .mode           = 0644,
 894                .proc_handler   = proc_dointvec_minmax,
 895                .extra1         = SYSCTL_ONE
 896        },
 897#endif
 898        {
 899                .procname       = "tcp_congestion_control",
 900                .data           = &init_net.ipv4.tcp_congestion_control,
 901                .mode           = 0644,
 902                .maxlen         = TCP_CA_NAME_MAX,
 903                .proc_handler   = proc_tcp_congestion_control,
 904        },
 905        {
 906                .procname       = "tcp_available_congestion_control",
 907                .maxlen         = TCP_CA_BUF_MAX,
 908                .mode           = 0444,
 909                .proc_handler   = proc_tcp_available_congestion_control,
 910        },
 911        {
 912                .procname       = "tcp_allowed_congestion_control",
 913                .maxlen         = TCP_CA_BUF_MAX,
 914                .mode           = 0644,
 915                .proc_handler   = proc_allowed_congestion_control,
 916        },
 917        {
 918                .procname       = "tcp_keepalive_time",
 919                .data           = &init_net.ipv4.sysctl_tcp_keepalive_time,
 920                .maxlen         = sizeof(int),
 921                .mode           = 0644,
 922                .proc_handler   = proc_dointvec_jiffies,
 923        },
 924        {
 925                .procname       = "tcp_keepalive_probes",
 926                .data           = &init_net.ipv4.sysctl_tcp_keepalive_probes,
 927                .maxlen         = sizeof(u8),
 928                .mode           = 0644,
 929                .proc_handler   = proc_dou8vec_minmax,
 930        },
 931        {
 932                .procname       = "tcp_keepalive_intvl",
 933                .data           = &init_net.ipv4.sysctl_tcp_keepalive_intvl,
 934                .maxlen         = sizeof(int),
 935                .mode           = 0644,
 936                .proc_handler   = proc_dointvec_jiffies,
 937        },
 938        {
 939                .procname       = "tcp_syn_retries",
 940                .data           = &init_net.ipv4.sysctl_tcp_syn_retries,
 941                .maxlen         = sizeof(u8),
 942                .mode           = 0644,
 943                .proc_handler   = proc_dou8vec_minmax,
 944                .extra1         = &tcp_syn_retries_min,
 945                .extra2         = &tcp_syn_retries_max
 946        },
 947        {
 948                .procname       = "tcp_synack_retries",
 949                .data           = &init_net.ipv4.sysctl_tcp_synack_retries,
 950                .maxlen         = sizeof(u8),
 951                .mode           = 0644,
 952                .proc_handler   = proc_dou8vec_minmax,
 953        },
 954#ifdef CONFIG_SYN_COOKIES
 955        {
 956                .procname       = "tcp_syncookies",
 957                .data           = &init_net.ipv4.sysctl_tcp_syncookies,
 958                .maxlen         = sizeof(u8),
 959                .mode           = 0644,
 960                .proc_handler   = proc_dou8vec_minmax,
 961        },
 962#endif
 963        {
 964                .procname       = "tcp_migrate_req",
 965                .data           = &init_net.ipv4.sysctl_tcp_migrate_req,
 966                .maxlen         = sizeof(u8),
 967                .mode           = 0644,
 968                .proc_handler   = proc_dou8vec_minmax,
 969                .extra1         = SYSCTL_ZERO,
 970                .extra2         = SYSCTL_ONE
 971        },
 972        {
 973                .procname       = "tcp_reordering",
 974                .data           = &init_net.ipv4.sysctl_tcp_reordering,
 975                .maxlen         = sizeof(int),
 976                .mode           = 0644,
 977                .proc_handler   = proc_dointvec
 978        },
 979        {
 980                .procname       = "tcp_retries1",
 981                .data           = &init_net.ipv4.sysctl_tcp_retries1,
 982                .maxlen         = sizeof(u8),
 983                .mode           = 0644,
 984                .proc_handler   = proc_dou8vec_minmax,
 985                .extra2         = &tcp_retr1_max
 986        },
 987        {
 988                .procname       = "tcp_retries2",
 989                .data           = &init_net.ipv4.sysctl_tcp_retries2,
 990                .maxlen         = sizeof(u8),
 991                .mode           = 0644,
 992                .proc_handler   = proc_dou8vec_minmax,
 993        },
 994        {
 995                .procname       = "tcp_orphan_retries",
 996                .data           = &init_net.ipv4.sysctl_tcp_orphan_retries,
 997                .maxlen         = sizeof(u8),
 998                .mode           = 0644,
 999                .proc_handler   = proc_dou8vec_minmax,
1000        },
1001        {
1002                .procname       = "tcp_fin_timeout",
1003                .data           = &init_net.ipv4.sysctl_tcp_fin_timeout,
1004                .maxlen         = sizeof(int),
1005                .mode           = 0644,
1006                .proc_handler   = proc_dointvec_jiffies,
1007        },
1008        {
1009                .procname       = "tcp_notsent_lowat",
1010                .data           = &init_net.ipv4.sysctl_tcp_notsent_lowat,
1011                .maxlen         = sizeof(unsigned int),
1012                .mode           = 0644,
1013                .proc_handler   = proc_douintvec,
1014        },
1015        {
1016                .procname       = "tcp_tw_reuse",
1017                .data           = &init_net.ipv4.sysctl_tcp_tw_reuse,
1018                .maxlen         = sizeof(u8),
1019                .mode           = 0644,
1020                .proc_handler   = proc_dou8vec_minmax,
1021                .extra1         = SYSCTL_ZERO,
1022                .extra2         = &two,
1023        },
1024        {
1025                .procname       = "tcp_max_tw_buckets",
1026                .data           = &init_net.ipv4.tcp_death_row.sysctl_max_tw_buckets,
1027                .maxlen         = sizeof(int),
1028                .mode           = 0644,
1029                .proc_handler   = proc_dointvec
1030        },
1031        {
1032                .procname       = "tcp_max_syn_backlog",
1033                .data           = &init_net.ipv4.sysctl_max_syn_backlog,
1034                .maxlen         = sizeof(int),
1035                .mode           = 0644,
1036                .proc_handler   = proc_dointvec
1037        },
1038        {
1039                .procname       = "tcp_fastopen",
1040                .data           = &init_net.ipv4.sysctl_tcp_fastopen,
1041                .maxlen         = sizeof(int),
1042                .mode           = 0644,
1043                .proc_handler   = proc_dointvec,
1044        },
1045        {
1046                .procname       = "tcp_fastopen_key",
1047                .mode           = 0600,
1048                .data           = &init_net.ipv4.sysctl_tcp_fastopen,
1049                /* maxlen to print the list of keys in hex (*2), with dashes
1050                 * separating doublewords and a comma in between keys.
1051                 */
1052                .maxlen         = ((TCP_FASTOPEN_KEY_LENGTH *
1053                                   2 * TCP_FASTOPEN_KEY_MAX) +
1054                                   (TCP_FASTOPEN_KEY_MAX * 5)),
1055                .proc_handler   = proc_tcp_fastopen_key,
1056        },
1057        {
1058                .procname       = "tcp_fastopen_blackhole_timeout_sec",
1059                .data           = &init_net.ipv4.sysctl_tcp_fastopen_blackhole_timeout,
1060                .maxlen         = sizeof(int),
1061                .mode           = 0644,
1062                .proc_handler   = proc_tfo_blackhole_detect_timeout,
1063                .extra1         = SYSCTL_ZERO,
1064        },
1065#ifdef CONFIG_IP_ROUTE_MULTIPATH
1066        {
1067                .procname       = "fib_multipath_use_neigh",
1068                .data           = &init_net.ipv4.sysctl_fib_multipath_use_neigh,
1069                .maxlen         = sizeof(u8),
1070                .mode           = 0644,
1071                .proc_handler   = proc_dou8vec_minmax,
1072                .extra1         = SYSCTL_ZERO,
1073                .extra2         = SYSCTL_ONE,
1074        },
1075        {
1076                .procname       = "fib_multipath_hash_policy",
1077                .data           = &init_net.ipv4.sysctl_fib_multipath_hash_policy,
1078                .maxlen         = sizeof(u8),
1079                .mode           = 0644,
1080                .proc_handler   = proc_fib_multipath_hash_policy,
1081                .extra1         = SYSCTL_ZERO,
1082                .extra2         = &three,
1083        },
1084        {
1085                .procname       = "fib_multipath_hash_fields",
1086                .data           = &init_net.ipv4.sysctl_fib_multipath_hash_fields,
1087                .maxlen         = sizeof(u32),
1088                .mode           = 0644,
1089                .proc_handler   = proc_fib_multipath_hash_fields,
1090                .extra1         = SYSCTL_ONE,
1091                .extra2         = &fib_multipath_hash_fields_all_mask,
1092        },
1093#endif
1094        {
1095                .procname       = "ip_unprivileged_port_start",
1096                .maxlen         = sizeof(int),
1097                .data           = &init_net.ipv4.sysctl_ip_prot_sock,
1098                .mode           = 0644,
1099                .proc_handler   = ipv4_privileged_ports,
1100        },
1101#ifdef CONFIG_NET_L3_MASTER_DEV
1102        {
1103                .procname       = "udp_l3mdev_accept",
1104                .data           = &init_net.ipv4.sysctl_udp_l3mdev_accept,
1105                .maxlen         = sizeof(u8),
1106                .mode           = 0644,
1107                .proc_handler   = proc_dou8vec_minmax,
1108                .extra1         = SYSCTL_ZERO,
1109                .extra2         = SYSCTL_ONE,
1110        },
1111#endif
1112        {
1113                .procname       = "tcp_sack",
1114                .data           = &init_net.ipv4.sysctl_tcp_sack,
1115                .maxlen         = sizeof(u8),
1116                .mode           = 0644,
1117                .proc_handler   = proc_dou8vec_minmax,
1118        },
1119        {
1120                .procname       = "tcp_window_scaling",
1121                .data           = &init_net.ipv4.sysctl_tcp_window_scaling,
1122                .maxlen         = sizeof(u8),
1123                .mode           = 0644,
1124                .proc_handler   = proc_dou8vec_minmax,
1125        },
1126        {
1127                .procname       = "tcp_timestamps",
1128                .data           = &init_net.ipv4.sysctl_tcp_timestamps,
1129                .maxlen         = sizeof(u8),
1130                .mode           = 0644,
1131                .proc_handler   = proc_dou8vec_minmax,
1132        },
1133        {
1134                .procname       = "tcp_early_retrans",
1135                .data           = &init_net.ipv4.sysctl_tcp_early_retrans,
1136                .maxlen         = sizeof(u8),
1137                .mode           = 0644,
1138                .proc_handler   = proc_dou8vec_minmax,
1139                .extra1         = SYSCTL_ZERO,
1140                .extra2         = &four,
1141        },
1142        {
1143                .procname       = "tcp_recovery",
1144                .data           = &init_net.ipv4.sysctl_tcp_recovery,
1145                .maxlen         = sizeof(u8),
1146                .mode           = 0644,
1147                .proc_handler   = proc_dou8vec_minmax,
1148        },
1149        {
1150                .procname       = "tcp_thin_linear_timeouts",
1151                .data           = &init_net.ipv4.sysctl_tcp_thin_linear_timeouts,
1152                .maxlen         = sizeof(u8),
1153                .mode           = 0644,
1154                .proc_handler   = proc_dou8vec_minmax,
1155        },
1156        {
1157                .procname       = "tcp_slow_start_after_idle",
1158                .data           = &init_net.ipv4.sysctl_tcp_slow_start_after_idle,
1159                .maxlen         = sizeof(u8),
1160                .mode           = 0644,
1161                .proc_handler   = proc_dou8vec_minmax,
1162        },
1163        {
1164                .procname       = "tcp_retrans_collapse",
1165                .data           = &init_net.ipv4.sysctl_tcp_retrans_collapse,
1166                .maxlen         = sizeof(u8),
1167                .mode           = 0644,
1168                .proc_handler   = proc_dou8vec_minmax,
1169        },
1170        {
1171                .procname       = "tcp_stdurg",
1172                .data           = &init_net.ipv4.sysctl_tcp_stdurg,
1173                .maxlen         = sizeof(u8),
1174                .mode           = 0644,
1175                .proc_handler   = proc_dou8vec_minmax,
1176        },
1177        {
1178                .procname       = "tcp_rfc1337",
1179                .data           = &init_net.ipv4.sysctl_tcp_rfc1337,
1180                .maxlen         = sizeof(u8),
1181                .mode           = 0644,
1182                .proc_handler   = proc_dou8vec_minmax,
1183        },
1184        {
1185                .procname       = "tcp_abort_on_overflow",
1186                .data           = &init_net.ipv4.sysctl_tcp_abort_on_overflow,
1187                .maxlen         = sizeof(u8),
1188                .mode           = 0644,
1189                .proc_handler   = proc_dou8vec_minmax,
1190        },
1191        {
1192                .procname       = "tcp_fack",
1193                .data           = &init_net.ipv4.sysctl_tcp_fack,
1194                .maxlen         = sizeof(u8),
1195                .mode           = 0644,
1196                .proc_handler   = proc_dou8vec_minmax,
1197        },
1198        {
1199                .procname       = "tcp_max_reordering",
1200                .data           = &init_net.ipv4.sysctl_tcp_max_reordering,
1201                .maxlen         = sizeof(int),
1202                .mode           = 0644,
1203                .proc_handler   = proc_dointvec
1204        },
1205        {
1206                .procname       = "tcp_dsack",
1207                .data           = &init_net.ipv4.sysctl_tcp_dsack,
1208                .maxlen         = sizeof(u8),
1209                .mode           = 0644,
1210                .proc_handler   = proc_dou8vec_minmax,
1211        },
1212        {
1213                .procname       = "tcp_app_win",
1214                .data           = &init_net.ipv4.sysctl_tcp_app_win,
1215                .maxlen         = sizeof(u8),
1216                .mode           = 0644,
1217                .proc_handler   = proc_dou8vec_minmax,
1218        },
1219        {
1220                .procname       = "tcp_adv_win_scale",
1221                .data           = &init_net.ipv4.sysctl_tcp_adv_win_scale,
1222                .maxlen         = sizeof(int),
1223                .mode           = 0644,
1224                .proc_handler   = proc_dointvec_minmax,
1225                .extra1         = &tcp_adv_win_scale_min,
1226                .extra2         = &tcp_adv_win_scale_max,
1227        },
1228        {
1229                .procname       = "tcp_frto",
1230                .data           = &init_net.ipv4.sysctl_tcp_frto,
1231                .maxlen         = sizeof(u8),
1232                .mode           = 0644,
1233                .proc_handler   = proc_dou8vec_minmax,
1234        },
1235        {
1236                .procname       = "tcp_no_metrics_save",
1237                .data           = &init_net.ipv4.sysctl_tcp_nometrics_save,
1238                .maxlen         = sizeof(u8),
1239                .mode           = 0644,
1240                .proc_handler   = proc_dou8vec_minmax,
1241        },
1242        {
1243                .procname       = "tcp_no_ssthresh_metrics_save",
1244                .data           = &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1245                .maxlen         = sizeof(u8),
1246                .mode           = 0644,
1247                .proc_handler   = proc_dou8vec_minmax,
1248                .extra1         = SYSCTL_ZERO,
1249                .extra2         = SYSCTL_ONE,
1250        },
1251        {
1252                .procname       = "tcp_moderate_rcvbuf",
1253                .data           = &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1254                .maxlen         = sizeof(u8),
1255                .mode           = 0644,
1256                .proc_handler   = proc_dou8vec_minmax,
1257        },
1258        {
1259                .procname       = "tcp_tso_win_divisor",
1260                .data           = &init_net.ipv4.sysctl_tcp_tso_win_divisor,
1261                .maxlen         = sizeof(u8),
1262                .mode           = 0644,
1263                .proc_handler   = proc_dou8vec_minmax,
1264        },
1265        {
1266                .procname       = "tcp_workaround_signed_windows",
1267                .data           = &init_net.ipv4.sysctl_tcp_workaround_signed_windows,
1268                .maxlen         = sizeof(u8),
1269                .mode           = 0644,
1270                .proc_handler   = proc_dou8vec_minmax,
1271        },
1272        {
1273                .procname       = "tcp_limit_output_bytes",
1274                .data           = &init_net.ipv4.sysctl_tcp_limit_output_bytes,
1275                .maxlen         = sizeof(int),
1276                .mode           = 0644,
1277                .proc_handler   = proc_dointvec
1278        },
1279        {
1280                .procname       = "tcp_challenge_ack_limit",
1281                .data           = &init_net.ipv4.sysctl_tcp_challenge_ack_limit,
1282                .maxlen         = sizeof(int),
1283                .mode           = 0644,
1284                .proc_handler   = proc_dointvec
1285        },
1286        {
1287                .procname       = "tcp_min_tso_segs",
1288                .data           = &init_net.ipv4.sysctl_tcp_min_tso_segs,
1289                .maxlen         = sizeof(u8),
1290                .mode           = 0644,
1291                .proc_handler   = proc_dou8vec_minmax,
1292                .extra1         = SYSCTL_ONE,
1293        },
1294        {
1295                .procname       = "tcp_min_rtt_wlen",
1296                .data           = &init_net.ipv4.sysctl_tcp_min_rtt_wlen,
1297                .maxlen         = sizeof(int),
1298                .mode           = 0644,
1299                .proc_handler   = proc_dointvec_minmax,
1300                .extra1         = SYSCTL_ZERO,
1301                .extra2         = &one_day_secs
1302        },
1303        {
1304                .procname       = "tcp_autocorking",
1305                .data           = &init_net.ipv4.sysctl_tcp_autocorking,
1306                .maxlen         = sizeof(u8),
1307                .mode           = 0644,
1308                .proc_handler   = proc_dou8vec_minmax,
1309                .extra1         = SYSCTL_ZERO,
1310                .extra2         = SYSCTL_ONE,
1311        },
1312        {
1313                .procname       = "tcp_invalid_ratelimit",
1314                .data           = &init_net.ipv4.sysctl_tcp_invalid_ratelimit,
1315                .maxlen         = sizeof(int),
1316                .mode           = 0644,
1317                .proc_handler   = proc_dointvec_ms_jiffies,
1318        },
1319        {
1320                .procname       = "tcp_pacing_ss_ratio",
1321                .data           = &init_net.ipv4.sysctl_tcp_pacing_ss_ratio,
1322                .maxlen         = sizeof(int),
1323                .mode           = 0644,
1324                .proc_handler   = proc_dointvec_minmax,
1325                .extra1         = SYSCTL_ZERO,
1326                .extra2         = &thousand,
1327        },
1328        {
1329                .procname       = "tcp_pacing_ca_ratio",
1330                .data           = &init_net.ipv4.sysctl_tcp_pacing_ca_ratio,
1331                .maxlen         = sizeof(int),
1332                .mode           = 0644,
1333                .proc_handler   = proc_dointvec_minmax,
1334                .extra1         = SYSCTL_ZERO,
1335                .extra2         = &thousand,
1336        },
1337        {
1338                .procname       = "tcp_wmem",
1339                .data           = &init_net.ipv4.sysctl_tcp_wmem,
1340                .maxlen         = sizeof(init_net.ipv4.sysctl_tcp_wmem),
1341                .mode           = 0644,
1342                .proc_handler   = proc_dointvec_minmax,
1343                .extra1         = SYSCTL_ONE,
1344        },
1345        {
1346                .procname       = "tcp_rmem",
1347                .data           = &init_net.ipv4.sysctl_tcp_rmem,
1348                .maxlen         = sizeof(init_net.ipv4.sysctl_tcp_rmem),
1349                .mode           = 0644,
1350                .proc_handler   = proc_dointvec_minmax,
1351                .extra1         = SYSCTL_ONE,
1352        },
1353        {
1354                .procname       = "tcp_comp_sack_delay_ns",
1355                .data           = &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1356                .maxlen         = sizeof(unsigned long),
1357                .mode           = 0644,
1358                .proc_handler   = proc_doulongvec_minmax,
1359        },
1360        {
1361                .procname       = "tcp_comp_sack_slack_ns",
1362                .data           = &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
1363                .maxlen         = sizeof(unsigned long),
1364                .mode           = 0644,
1365                .proc_handler   = proc_doulongvec_minmax,
1366        },
1367        {
1368                .procname       = "tcp_comp_sack_nr",
1369                .data           = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
1370                .maxlen         = sizeof(u8),
1371                .mode           = 0644,
1372                .proc_handler   = proc_dou8vec_minmax,
1373                .extra1         = SYSCTL_ZERO,
1374        },
1375        {
1376                .procname       = "tcp_reflect_tos",
1377                .data           = &init_net.ipv4.sysctl_tcp_reflect_tos,
1378                .maxlen         = sizeof(u8),
1379                .mode           = 0644,
1380                .proc_handler   = proc_dou8vec_minmax,
1381                .extra1         = SYSCTL_ZERO,
1382                .extra2         = SYSCTL_ONE,
1383        },
1384        {
1385                .procname       = "udp_rmem_min",
1386                .data           = &init_net.ipv4.sysctl_udp_rmem_min,
1387                .maxlen         = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1388                .mode           = 0644,
1389                .proc_handler   = proc_dointvec_minmax,
1390                .extra1         = SYSCTL_ONE
1391        },
1392        {
1393                .procname       = "udp_wmem_min",
1394                .data           = &init_net.ipv4.sysctl_udp_wmem_min,
1395                .maxlen         = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1396                .mode           = 0644,
1397                .proc_handler   = proc_dointvec_minmax,
1398                .extra1         = SYSCTL_ONE
1399        },
1400        {
1401                .procname       = "fib_notify_on_flag_change",
1402                .data           = &init_net.ipv4.sysctl_fib_notify_on_flag_change,
1403                .maxlen         = sizeof(u8),
1404                .mode           = 0644,
1405                .proc_handler   = proc_dou8vec_minmax,
1406                .extra1         = SYSCTL_ZERO,
1407                .extra2         = &two,
1408        },
1409        { }
1410};
1411
1412static __net_init int ipv4_sysctl_init_net(struct net *net)
1413{
1414        struct ctl_table *table;
1415
1416        table = ipv4_net_table;
1417        if (!net_eq(net, &init_net)) {
1418                int i;
1419
1420                table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
1421                if (!table)
1422                        goto err_alloc;
1423
1424                for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1425                        if (table[i].data) {
1426                                /* Update the variables to point into
1427                                 * the current struct net
1428                                 */
1429                                table[i].data += (void *)net - (void *)&init_net;
1430                        } else {
1431                                /* Entries without data pointer are global;
1432                                 * Make them read-only in non-init_net ns
1433                                 */
1434                                table[i].mode &= ~0222;
1435                        }
1436                }
1437        }
1438
1439        net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
1440        if (!net->ipv4.ipv4_hdr)
1441                goto err_reg;
1442
1443        net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1444        if (!net->ipv4.sysctl_local_reserved_ports)
1445                goto err_ports;
1446
1447        return 0;
1448
1449err_ports:
1450        unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1451err_reg:
1452        if (!net_eq(net, &init_net))
1453                kfree(table);
1454err_alloc:
1455        return -ENOMEM;
1456}
1457
1458static __net_exit void ipv4_sysctl_exit_net(struct net *net)
1459{
1460        struct ctl_table *table;
1461
1462        kfree(net->ipv4.sysctl_local_reserved_ports);
1463        table = net->ipv4.ipv4_hdr->ctl_table_arg;
1464        unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1465        kfree(table);
1466}
1467
1468static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1469        .init = ipv4_sysctl_init_net,
1470        .exit = ipv4_sysctl_exit_net,
1471};
1472
1473static __init int sysctl_ipv4_init(void)
1474{
1475        struct ctl_table_header *hdr;
1476
1477        hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1478        if (!hdr)
1479                return -ENOMEM;
1480
1481        if (register_pernet_subsys(&ipv4_sysctl_ops)) {
1482                unregister_net_sysctl_table(hdr);
1483                return -ENOMEM;
1484        }
1485
1486        return 0;
1487}
1488
1489__initcall(sysctl_ipv4_init);
1490