aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/sysctl_net_ipv4.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/sysctl_net_ipv4.c')
-rw-r--r--net/ipv4/sysctl_net_ipv4.c89
1 files changed, 80 insertions, 9 deletions
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index d96c1da4b17c..57d0752e239a 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -13,6 +13,7 @@
13#include <linux/seqlock.h> 13#include <linux/seqlock.h>
14#include <linux/init.h> 14#include <linux/init.h>
15#include <linux/slab.h> 15#include <linux/slab.h>
16#include <linux/nsproxy.h>
16#include <net/snmp.h> 17#include <net/snmp.h>
17#include <net/icmp.h> 18#include <net/icmp.h>
18#include <net/ip.h> 19#include <net/ip.h>
@@ -21,11 +22,18 @@
21#include <net/udp.h> 22#include <net/udp.h>
22#include <net/cipso_ipv4.h> 23#include <net/cipso_ipv4.h>
23#include <net/inet_frag.h> 24#include <net/inet_frag.h>
25#include <net/ping.h>
24 26
25static int zero; 27static int zero;
26static int tcp_retr1_max = 255; 28static int tcp_retr1_max = 255;
27static int ip_local_port_range_min[] = { 1, 1 }; 29static int ip_local_port_range_min[] = { 1, 1 };
28static int ip_local_port_range_max[] = { 65535, 65535 }; 30static int ip_local_port_range_max[] = { 65535, 65535 };
31static int tcp_adv_win_scale_min = -31;
32static int tcp_adv_win_scale_max = 31;
33static int ip_ttl_min = 1;
34static int ip_ttl_max = 255;
35static int ip_ping_group_range_min[] = { 0, 0 };
36static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
29 37
30/* Update system visible IP port range */ 38/* Update system visible IP port range */
31static void set_local_port_range(int range[2]) 39static void set_local_port_range(int range[2])
@@ -64,6 +72,53 @@ static int ipv4_local_port_range(ctl_table *table, int write,
64 return ret; 72 return ret;
65} 73}
66 74
75
76void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high)
77{
78 gid_t *data = table->data;
79 unsigned seq;
80 do {
81 seq = read_seqbegin(&sysctl_local_ports.lock);
82
83 *low = data[0];
84 *high = data[1];
85 } while (read_seqretry(&sysctl_local_ports.lock, seq));
86}
87
88/* Update system visible IP port range */
89static void set_ping_group_range(struct ctl_table *table, int range[2])
90{
91 gid_t *data = table->data;
92 write_seqlock(&sysctl_local_ports.lock);
93 data[0] = range[0];
94 data[1] = range[1];
95 write_sequnlock(&sysctl_local_ports.lock);
96}
97
98/* Validate changes from /proc interface. */
99static int ipv4_ping_group_range(ctl_table *table, int write,
100 void __user *buffer,
101 size_t *lenp, loff_t *ppos)
102{
103 int ret;
104 gid_t range[2];
105 ctl_table tmp = {
106 .data = &range,
107 .maxlen = sizeof(range),
108 .mode = table->mode,
109 .extra1 = &ip_ping_group_range_min,
110 .extra2 = &ip_ping_group_range_max,
111 };
112
113 inet_get_ping_group_range_table(table, range, range + 1);
114 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
115
116 if (write && ret == 0)
117 set_ping_group_range(table, range);
118
119 return ret;
120}
121
67static int proc_tcp_congestion_control(ctl_table *ctl, int write, 122static int proc_tcp_congestion_control(ctl_table *ctl, int write,
68 void __user *buffer, size_t *lenp, loff_t *ppos) 123 void __user *buffer, size_t *lenp, loff_t *ppos)
69{ 124{
@@ -153,8 +208,9 @@ static struct ctl_table ipv4_table[] = {
153 .data = &sysctl_ip_default_ttl, 208 .data = &sysctl_ip_default_ttl,
154 .maxlen = sizeof(int), 209 .maxlen = sizeof(int),
155 .mode = 0644, 210 .mode = 0644,
156 .proc_handler = ipv4_doint_and_flush, 211 .proc_handler = proc_dointvec_minmax,
157 .extra2 = &init_net, 212 .extra1 = &ip_ttl_min,
213 .extra2 = &ip_ttl_max,
158 }, 214 },
159 { 215 {
160 .procname = "ip_no_pmtu_disc", 216 .procname = "ip_no_pmtu_disc",
@@ -306,7 +362,6 @@ static struct ctl_table ipv4_table[] = {
306 .mode = 0644, 362 .mode = 0644,
307 .proc_handler = proc_do_large_bitmap, 363 .proc_handler = proc_do_large_bitmap,
308 }, 364 },
309#ifdef CONFIG_IP_MULTICAST
310 { 365 {
311 .procname = "igmp_max_memberships", 366 .procname = "igmp_max_memberships",
312 .data = &sysctl_igmp_max_memberships, 367 .data = &sysctl_igmp_max_memberships,
@@ -314,8 +369,6 @@ static struct ctl_table ipv4_table[] = {
314 .mode = 0644, 369 .mode = 0644,
315 .proc_handler = proc_dointvec 370 .proc_handler = proc_dointvec
316 }, 371 },
317
318#endif
319 { 372 {
320 .procname = "igmp_max_msf", 373 .procname = "igmp_max_msf",
321 .data = &sysctl_igmp_max_msf, 374 .data = &sysctl_igmp_max_msf,
@@ -398,7 +451,7 @@ static struct ctl_table ipv4_table[] = {
398 .data = &sysctl_tcp_mem, 451 .data = &sysctl_tcp_mem,
399 .maxlen = sizeof(sysctl_tcp_mem), 452 .maxlen = sizeof(sysctl_tcp_mem),
400 .mode = 0644, 453 .mode = 0644,
401 .proc_handler = proc_dointvec 454 .proc_handler = proc_doulongvec_minmax
402 }, 455 },
403 { 456 {
404 .procname = "tcp_wmem", 457 .procname = "tcp_wmem",
@@ -426,7 +479,9 @@ static struct ctl_table ipv4_table[] = {
426 .data = &sysctl_tcp_adv_win_scale, 479 .data = &sysctl_tcp_adv_win_scale,
427 .maxlen = sizeof(int), 480 .maxlen = sizeof(int),
428 .mode = 0644, 481 .mode = 0644,
429 .proc_handler = proc_dointvec 482 .proc_handler = proc_dointvec_minmax,
483 .extra1 = &tcp_adv_win_scale_min,
484 .extra2 = &tcp_adv_win_scale_max,
430 }, 485 },
431 { 486 {
432 .procname = "tcp_tw_reuse", 487 .procname = "tcp_tw_reuse",
@@ -602,8 +657,7 @@ static struct ctl_table ipv4_table[] = {
602 .data = &sysctl_udp_mem, 657 .data = &sysctl_udp_mem,
603 .maxlen = sizeof(sysctl_udp_mem), 658 .maxlen = sizeof(sysctl_udp_mem),
604 .mode = 0644, 659 .mode = 0644,
605 .proc_handler = proc_dointvec_minmax, 660 .proc_handler = proc_doulongvec_minmax,
606 .extra1 = &zero
607 }, 661 },
608 { 662 {
609 .procname = "udp_rmem_min", 663 .procname = "udp_rmem_min",
@@ -674,6 +728,13 @@ static struct ctl_table ipv4_net_table[] = {
674 .mode = 0644, 728 .mode = 0644,
675 .proc_handler = proc_dointvec 729 .proc_handler = proc_dointvec
676 }, 730 },
731 {
732 .procname = "ping_group_range",
733 .data = &init_net.ipv4.sysctl_ping_group_range,
734 .maxlen = sizeof(init_net.ipv4.sysctl_ping_group_range),
735 .mode = 0644,
736 .proc_handler = ipv4_ping_group_range,
737 },
677 { } 738 { }
678}; 739};
679 740
@@ -708,8 +769,18 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
708 &net->ipv4.sysctl_icmp_ratemask; 769 &net->ipv4.sysctl_icmp_ratemask;
709 table[6].data = 770 table[6].data =
710 &net->ipv4.sysctl_rt_cache_rebuild_count; 771 &net->ipv4.sysctl_rt_cache_rebuild_count;
772 table[7].data =
773 &net->ipv4.sysctl_ping_group_range;
774
711 } 775 }
712 776
777 /*
778 * Sane defaults - nobody may create ping sockets.
779 * Boot scripts should set this to distro-specific group.
780 */
781 net->ipv4.sysctl_ping_group_range[0] = 1;
782 net->ipv4.sysctl_ping_group_range[1] = 0;
783
713 net->ipv4.sysctl_rt_cache_rebuild_count = 4; 784 net->ipv4.sysctl_rt_cache_rebuild_count = 4;
714 785
715 net->ipv4.ipv4_hdr = register_net_sysctl_table(net, 786 net->ipv4.ipv4_hdr = register_net_sysctl_table(net,
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-13 02:14:50 -0400