diff options
Diffstat (limited to 'net/ipv4/sysctl_net_ipv4.c')
| -rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 42 |
1 files changed, 14 insertions, 28 deletions
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 44eba052b43d..5cde8f263d40 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
| @@ -45,10 +45,10 @@ static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; | |||
| 45 | /* Update system visible IP port range */ | 45 | /* Update system visible IP port range */ |
| 46 | static void set_local_port_range(struct net *net, int range[2]) | 46 | static void set_local_port_range(struct net *net, int range[2]) |
| 47 | { | 47 | { |
| 48 | write_seqlock(&net->ipv4.sysctl_local_ports.lock); | 48 | write_seqlock(&net->ipv4.ip_local_ports.lock); |
| 49 | net->ipv4.sysctl_local_ports.range[0] = range[0]; | 49 | net->ipv4.ip_local_ports.range[0] = range[0]; |
| 50 | net->ipv4.sysctl_local_ports.range[1] = range[1]; | 50 | net->ipv4.ip_local_ports.range[1] = range[1]; |
| 51 | write_sequnlock(&net->ipv4.sysctl_local_ports.lock); | 51 | write_sequnlock(&net->ipv4.ip_local_ports.lock); |
| 52 | } | 52 | } |
| 53 | 53 | ||
| 54 | /* Validate changes from /proc interface. */ | 54 | /* Validate changes from /proc interface. */ |
| @@ -57,7 +57,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, | |||
| 57 | size_t *lenp, loff_t *ppos) | 57 | size_t *lenp, loff_t *ppos) |
| 58 | { | 58 | { |
| 59 | struct net *net = | 59 | struct net *net = |
| 60 | container_of(table->data, struct net, ipv4.sysctl_local_ports.range); | 60 | container_of(table->data, struct net, ipv4.ip_local_ports.range); |
| 61 | int ret; | 61 | int ret; |
| 62 | int range[2]; | 62 | int range[2]; |
| 63 | struct ctl_table tmp = { | 63 | struct ctl_table tmp = { |
| @@ -87,14 +87,14 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low | |||
| 87 | { | 87 | { |
| 88 | kgid_t *data = table->data; | 88 | kgid_t *data = table->data; |
| 89 | struct net *net = | 89 | struct net *net = |
| 90 | container_of(table->data, struct net, ipv4.sysctl_ping_group_range); | 90 | container_of(table->data, struct net, ipv4.ping_group_range.range); |
| 91 | unsigned int seq; | 91 | unsigned int seq; |
| 92 | do { | 92 | do { |
| 93 | seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock); | 93 | seq = read_seqbegin(&net->ipv4.ip_local_ports.lock); |
| 94 | 94 | ||
| 95 | *low = data[0]; | 95 | *low = data[0]; |
| 96 | *high = data[1]; | 96 | *high = data[1]; |
| 97 | } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq)); | 97 | } while (read_seqretry(&net->ipv4.ip_local_ports.lock, seq)); |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | /* Update system visible IP port range */ | 100 | /* Update system visible IP port range */ |
| @@ -102,11 +102,11 @@ static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t hig | |||
| 102 | { | 102 | { |
| 103 | kgid_t *data = table->data; | 103 | kgid_t *data = table->data; |
| 104 | struct net *net = | 104 | struct net *net = |
| 105 | container_of(table->data, struct net, ipv4.sysctl_ping_group_range); | 105 | container_of(table->data, struct net, ipv4.ping_group_range.range); |
| 106 | write_seqlock(&net->ipv4.sysctl_local_ports.lock); | 106 | write_seqlock(&net->ipv4.ip_local_ports.lock); |
| 107 | data[0] = low; | 107 | data[0] = low; |
| 108 | data[1] = high; | 108 | data[1] = high; |
| 109 | write_sequnlock(&net->ipv4.sysctl_local_ports.lock); | 109 | write_sequnlock(&net->ipv4.ip_local_ports.lock); |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | /* Validate changes from /proc interface. */ | 112 | /* Validate changes from /proc interface. */ |
| @@ -805,7 +805,7 @@ static struct ctl_table ipv4_net_table[] = { | |||
| 805 | }, | 805 | }, |
| 806 | { | 806 | { |
| 807 | .procname = "ping_group_range", | 807 | .procname = "ping_group_range", |
| 808 | .data = &init_net.ipv4.sysctl_ping_group_range, | 808 | .data = &init_net.ipv4.ping_group_range.range, |
| 809 | .maxlen = sizeof(gid_t)*2, | 809 | .maxlen = sizeof(gid_t)*2, |
| 810 | .mode = 0644, | 810 | .mode = 0644, |
| 811 | .proc_handler = ipv4_ping_group_range, | 811 | .proc_handler = ipv4_ping_group_range, |
| @@ -819,8 +819,8 @@ static struct ctl_table ipv4_net_table[] = { | |||
| 819 | }, | 819 | }, |
| 820 | { | 820 | { |
| 821 | .procname = "ip_local_port_range", | 821 | .procname = "ip_local_port_range", |
| 822 | .maxlen = sizeof(init_net.ipv4.sysctl_local_ports.range), | 822 | .maxlen = sizeof(init_net.ipv4.ip_local_ports.range), |
| 823 | .data = &init_net.ipv4.sysctl_local_ports.range, | 823 | .data = &init_net.ipv4.ip_local_ports.range, |
| 824 | .mode = 0644, | 824 | .mode = 0644, |
| 825 | .proc_handler = ipv4_local_port_range, | 825 | .proc_handler = ipv4_local_port_range, |
| 826 | }, | 826 | }, |
| @@ -858,20 +858,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) | |||
| 858 | table[i].data += (void *)net - (void *)&init_net; | 858 | table[i].data += (void *)net - (void *)&init_net; |
| 859 | } | 859 | } |
| 860 | 860 | ||
| 861 | /* | ||
| 862 | * Sane defaults - nobody may create ping sockets. | ||
| 863 | * Boot scripts should set this to distro-specific group. | ||
| 864 | */ | ||
| 865 | net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1); | ||
| 866 | net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0); | ||
| 867 | |||
| 868 | /* | ||
| 869 | * Set defaults for local port range | ||
| 870 | */ | ||
| 871 | seqlock_init(&net->ipv4.sysctl_local_ports.lock); | ||
| 872 | net->ipv4.sysctl_local_ports.range[0] = 32768; | ||
| 873 | net->ipv4.sysctl_local_ports.range[1] = 61000; | ||
| 874 | |||
| 875 | net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); | 861 | net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); |
| 876 | if (net->ipv4.ipv4_hdr == NULL) | 862 | if (net->ipv4.ipv4_hdr == NULL) |
| 877 | goto err_reg; | 863 | goto err_reg; |