diff options
| author | Stephen Hemminger <shemminger@osdl.org> | 2006-11-09 19:35:15 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:21:49 -0500 |
| commit | ce7bc3bf15cbf5dc5a5587ccb6b04c5b4dde4336 (patch) | |
| tree | 20ccf7f98ac5d1aabbc706fa876e8f361219db97 /net/ipv4/sysctl_net_ipv4.c | |
| parent | 3ff825b28d3345ef381eceae22bf9d92231f23dc (diff) | |
[TCP]: Restrict congestion control choices.
Allow normal users to only choose among a restricted set of congestion
control choices. The default is reno and what ever has been configured
as default. But the policy can be changed by administrator at any time.
For example, to allow any choice:
cp /proc/sys/net/ipv4/tcp_available_congestion_control \
/proc/sys/net/ipv4/tcp_allowed_congestion_control
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/sysctl_net_ipv4.c')
| -rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 2e770f45d829..dfcf47f10f88 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
| @@ -146,6 +146,50 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, | |||
| 146 | return ret; | 146 | return ret; |
| 147 | } | 147 | } |
| 148 | 148 | ||
| 149 | static int proc_allowed_congestion_control(ctl_table *ctl, | ||
| 150 | int write, struct file * filp, | ||
| 151 | void __user *buffer, size_t *lenp, | ||
| 152 | loff_t *ppos) | ||
| 153 | { | ||
| 154 | ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; | ||
| 155 | int ret; | ||
| 156 | |||
| 157 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); | ||
| 158 | if (!tbl.data) | ||
| 159 | return -ENOMEM; | ||
| 160 | |||
| 161 | tcp_get_allowed_congestion_control(tbl.data, tbl.maxlen); | ||
| 162 | ret = proc_dostring(&tbl, write, filp, buffer, lenp, ppos); | ||
| 163 | if (write && ret == 0) | ||
| 164 | ret = tcp_set_allowed_congestion_control(tbl.data); | ||
| 165 | kfree(tbl.data); | ||
| 166 | return ret; | ||
| 167 | } | ||
| 168 | |||
| 169 | static int strategy_allowed_congestion_control(ctl_table *table, int __user *name, | ||
| 170 | int nlen, void __user *oldval, | ||
| 171 | size_t __user *oldlenp, | ||
| 172 | void __user *newval, size_t newlen, | ||
| 173 | void **context) | ||
| 174 | { | ||
| 175 | ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; | ||
| 176 | int ret; | ||
| 177 | |||
| 178 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); | ||
| 179 | if (!tbl.data) | ||
| 180 | return -ENOMEM; | ||
| 181 | |||
| 182 | tcp_get_available_congestion_control(tbl.data, tbl.maxlen); | ||
| 183 | ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen, | ||
| 184 | context); | ||
| 185 | if (ret == 0 && newval && newlen) | ||
| 186 | ret = tcp_set_allowed_congestion_control(tbl.data); | ||
| 187 | kfree(tbl.data); | ||
| 188 | |||
| 189 | return ret; | ||
| 190 | |||
| 191 | } | ||
| 192 | |||
| 149 | ctl_table ipv4_table[] = { | 193 | ctl_table ipv4_table[] = { |
| 150 | { | 194 | { |
| 151 | .ctl_name = NET_IPV4_TCP_TIMESTAMPS, | 195 | .ctl_name = NET_IPV4_TCP_TIMESTAMPS, |
| @@ -755,6 +799,14 @@ ctl_table ipv4_table[] = { | |||
| 755 | .mode = 0444, | 799 | .mode = 0444, |
| 756 | .proc_handler = &proc_tcp_available_congestion_control, | 800 | .proc_handler = &proc_tcp_available_congestion_control, |
| 757 | }, | 801 | }, |
| 802 | { | ||
| 803 | .ctl_name = NET_TCP_ALLOWED_CONG_CONTROL, | ||
| 804 | .procname = "tcp_allowed_congestion_control", | ||
| 805 | .maxlen = TCP_CA_BUF_MAX, | ||
| 806 | .mode = 0644, | ||
| 807 | .proc_handler = &proc_allowed_congestion_control, | ||
| 808 | .strategy = &strategy_allowed_congestion_control, | ||
| 809 | }, | ||
| 758 | { .ctl_name = 0 } | 810 | { .ctl_name = 0 } |
| 759 | }; | 811 | }; |
| 760 | 812 | ||