forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-05-16 8d2a02b24d66aa359e83eebc1ed3c0f85367a1cb 
 kernel/net/ipv4/sysctl_net_ipv4.c
....@@ -28,12 +28,9 @@
2828 #include <net/protocol.h>
2929 #include <net/netevent.h>
3030 
31
-static int zero;
32
-static int one = 1;
3331 static int two = 2;
3432 static int four = 4;
3533 static int thousand = 1000;
36
-static int gso_max_segs = GSO_MAX_SEGS;
3734 static int tcp_retr1_max = 255;
3835 static int ip_local_port_range_min[] = { 1, 1 };
3936 static int ip_local_port_range_max[] = { 65535, 65535 };
....@@ -73,8 +70,7 @@
7370 
7471 /* Validate changes from /proc interface. */
7572 static int ipv4_local_port_range(struct ctl_table *table, int write,
76
-				 void __user *buffer,
77
-				 size_t *lenp, loff_t *ppos)
73
+				 void *buffer, size_t *lenp, loff_t *ppos)
7874 {
7975 	struct net *net =
8076 		container_of(table->data, struct net, ipv4.ip_local_ports.range);
....@@ -98,7 +94,7 @@
9894 		 * port limit.
9995 		 */
10096 		if ((range[1] < range[0]) ||
101
-		    (range[0] < net->ipv4.sysctl_ip_prot_sock))
97
+		    (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))
10298 			ret = -EINVAL;
10399 		else
104100 			set_local_port_range(net, range);
....@@ -109,7 +105,7 @@
109105 
110106 /* Validate changes from /proc interface. */
111107 static int ipv4_privileged_ports(struct ctl_table *table, int write,
112
-				void __user *buffer, size_t *lenp, loff_t *ppos)
108
+				void *buffer, size_t *lenp, loff_t *ppos)
113109 {
114110 	struct net *net = container_of(table->data, struct net,
115111 	    ipv4.sysctl_ip_prot_sock);
....@@ -124,7 +120,7 @@
124120 		.extra2 = &ip_privileged_port_max,
125121 	};
126122 
127
-	pports = net->ipv4.sysctl_ip_prot_sock;
123
+	pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);
128124 
129125 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
130126 
....@@ -136,7 +132,7 @@
136132 		if (range[0] < pports)
137133 			ret = -EINVAL;
138134 		else
139
-			net->ipv4.sysctl_ip_prot_sock = pports;
135
+			WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);
140136 	}
141137 
142138 	return ret;
....@@ -170,8 +166,7 @@
170166 
171167 /* Validate changes from /proc interface. */
172168 static int ipv4_ping_group_range(struct ctl_table *table, int write,
173
-				 void __user *buffer,
174
-				 size_t *lenp, loff_t *ppos)
169
+				 void *buffer, size_t *lenp, loff_t *ppos)
175170 {
176171 	struct user_namespace *user_ns = current_user_ns();
177172 	int ret;
....@@ -206,8 +201,7 @@
206201 }
207202 
208203 static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
209
-				    void __user *buffer,
210
-				    size_t *lenp, loff_t *ppos)
204
+				    void *buffer, size_t *lenp, loff_t *ppos)
211205 {
212206 	struct net *net;
213207 	int ret;
....@@ -223,7 +217,7 @@
223217 }
224218 
225219 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
226
-				       void __user *buffer, size_t *lenp, loff_t *ppos)
220
+				       void *buffer, size_t *lenp, loff_t *ppos)
227221 {
228222 	struct net *net = container_of(ctl->data, struct net,
229223 				       ipv4.tcp_congestion_control);
....@@ -243,9 +237,8 @@
243237 }
244238 
245239 static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
246
-						 int write,
247
-						 void __user *buffer, size_t *lenp,
248
-						 loff_t *ppos)
240
+						 int write, void *buffer,
241
+						 size_t *lenp, loff_t *ppos)
249242 {
250243 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
251244 	int ret;
....@@ -260,9 +253,8 @@
260253 }
261254 
262255 static int proc_allowed_congestion_control(struct ctl_table *ctl,
263
-					   int write,
264
-					   void __user *buffer, size_t *lenp,
265
-					   loff_t *ppos)
256
+					   int write, void *buffer,
257
+					   size_t *lenp, loff_t *ppos)
266258 {
267259 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
268260 	int ret;
....@@ -279,117 +271,97 @@
279271 	return ret;
280272 }
281273 
274
+static int sscanf_key(char *buf, __le32 *key)
275
+{
276
+	u32 user_key[4];
277
+	int i, ret = 0;
278
+
279
+	if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
280
+		   user_key + 2, user_key + 3) != 4) {
281
+		ret = -EINVAL;
282
+	} else {
283
+		for (i = 0; i < ARRAY_SIZE(user_key); i++)
284
+			key[i] = cpu_to_le32(user_key[i]);
285
+	}
286
+	pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
287
+		 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
288
+
289
+	return ret;
290
+}
291
+
282292 static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
283
-				 void __user *buffer, size_t *lenp,
284
-				 loff_t *ppos)
293
+				 void *buffer, size_t *lenp, loff_t *ppos)
285294 {
286295 	struct net *net = container_of(table->data, struct net,
287296 	    ipv4.sysctl_tcp_fastopen);
288
-	struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
289
-	struct tcp_fastopen_context *ctxt;
290
-	u32  user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
291
-	__le32 key[4];
292
-	int ret, i;
297
+	/* maxlen to print the list of keys in hex (*2), with dashes
298
+	 * separating doublewords and a comma in between keys.
299
+	 */
300
+	struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
301
+					    2 * TCP_FASTOPEN_KEY_MAX) +
302
+					    (TCP_FASTOPEN_KEY_MAX * 5)) };
303
+	u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
304
+	__le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
305
+	char *backup_data;
306
+	int ret, i = 0, off = 0, n_keys;
293307 
294308 	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
295309 	if (!tbl.data)
296310 		return -ENOMEM;
297311 
298
-	rcu_read_lock();
299
-	ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
300
-	if (ctxt)
301
-		memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
302
-	else
303
-		memset(key, 0, sizeof(key));
304
-	rcu_read_unlock();
312
+	n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
313
+	if (!n_keys) {
314
+		memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
315
+		n_keys = 1;
316
+	}
305317 
306
-	for (i = 0; i < ARRAY_SIZE(key); i++)
318
+	for (i = 0; i < n_keys * 4; i++)
307319 		user_key[i] = le32_to_cpu(key[i]);
308320 
309
-	snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
310
-		user_key[0], user_key[1], user_key[2], user_key[3]);
321
+	for (i = 0; i < n_keys; i++) {
322
+		off += snprintf(tbl.data + off, tbl.maxlen - off,
323
+				"%08x-%08x-%08x-%08x",
324
+				user_key[i * 4],
325
+				user_key[i * 4 + 1],
326
+				user_key[i * 4 + 2],
327
+				user_key[i * 4 + 3]);
328
+
329
+		if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
330
+			break;
331
+
332
+		if (i + 1 < n_keys)
333
+			off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
334
+	}
335
+
311336 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
312337 
313338 	if (write && ret == 0) {
314
-		if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
315
-			   user_key + 2, user_key + 3) != 4) {
339
+		backup_data = strchr(tbl.data, ',');
340
+		if (backup_data) {
341
+			*backup_data = '\0';
342
+			backup_data++;
343
+		}
344
+		if (sscanf_key(tbl.data, key)) {
316345 			ret = -EINVAL;
317346 			goto bad_key;
318347 		}
319
-
320
-		for (i = 0; i < ARRAY_SIZE(user_key); i++)
321
-			key[i] = cpu_to_le32(user_key[i]);
322
-
348
+		if (backup_data) {
349
+			if (sscanf_key(backup_data, key + 4)) {
350
+				ret = -EINVAL;
351
+				goto bad_key;
352
+			}
353
+		}
323354 		tcp_fastopen_reset_cipher(net, NULL, key,
324
-					  TCP_FASTOPEN_KEY_LENGTH);
355
+					  backup_data ? key + 4 : NULL);
325356 	}
326357 
327358 bad_key:
328
-	pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
329
-		user_key[0], user_key[1], user_key[2], user_key[3],
330
-	       (char *)tbl.data, ret);
331359 	kfree(tbl.data);
332360 	return ret;
333361 }
334362 
335
-static void proc_configure_early_demux(int enabled, int protocol)
336
-{
337
-	struct net_protocol *ipprot;
338
-#if IS_ENABLED(CONFIG_IPV6)
339
-	struct inet6_protocol *ip6prot;
340
-#endif
341
-
342
-	rcu_read_lock();
343
-
344
-	ipprot = rcu_dereference(inet_protos[protocol]);
345
-	if (ipprot)
346
-		ipprot->early_demux = enabled ? ipprot->early_demux_handler :
347
-						NULL;
348
-
349
-#if IS_ENABLED(CONFIG_IPV6)
350
-	ip6prot = rcu_dereference(inet6_protos[protocol]);
351
-	if (ip6prot)
352
-		ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
353
-						 NULL;
354
-#endif
355
-	rcu_read_unlock();
356
-}
357
-
358
-static int proc_tcp_early_demux(struct ctl_table *table, int write,
359
-				void __user *buffer, size_t *lenp, loff_t *ppos)
360
-{
361
-	int ret = 0;
362
-
363
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
364
-
365
-	if (write && !ret) {
366
-		int enabled = init_net.ipv4.sysctl_tcp_early_demux;
367
-
368
-		proc_configure_early_demux(enabled, IPPROTO_TCP);
369
-	}
370
-
371
-	return ret;
372
-}
373
-
374
-static int proc_udp_early_demux(struct ctl_table *table, int write,
375
-				void __user *buffer, size_t *lenp, loff_t *ppos)
376
-{
377
-	int ret = 0;
378
-
379
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
380
-
381
-	if (write && !ret) {
382
-		int enabled = init_net.ipv4.sysctl_udp_early_demux;
383
-
384
-		proc_configure_early_demux(enabled, IPPROTO_UDP);
385
-	}
386
-
387
-	return ret;
388
-}
389
-
390363 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
391
-					     int write,
392
-					     void __user *buffer,
364
+					     int write, void *buffer,
393365 					     size_t *lenp, loff_t *ppos)
394366 {
395367 	struct net *net = container_of(table->data, struct net,
....@@ -404,8 +376,7 @@
404376 }
405377 
406378 static int proc_tcp_available_ulp(struct ctl_table *ctl,
407
-				  int write,
408
-				  void __user *buffer, size_t *lenp,
379
+				  int write, void *buffer, size_t *lenp,
409380 				  loff_t *ppos)
410381 {
411382 	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
....@@ -423,7 +394,7 @@
423394 
424395 #ifdef CONFIG_IP_ROUTE_MULTIPATH
425396 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
426
-					  void __user *buffer, size_t *lenp,
397
+					  void *buffer, size_t *lenp,
427398 					  loff_t *ppos)
428399 {
429400 	struct net *net = container_of(table->data, struct net,
....@@ -512,18 +483,6 @@
512483 	},
513484 #endif /* CONFIG_NETLABEL */
514485 	{
515
-		.procname	= "tcp_available_congestion_control",
516
-		.maxlen		= TCP_CA_BUF_MAX,
517
-		.mode		= 0444,
518
-		.proc_handler   = proc_tcp_available_congestion_control,
519
-	},
520
-	{
521
-		.procname	= "tcp_allowed_congestion_control",
522
-		.maxlen		= TCP_CA_BUF_MAX,
523
-		.mode		= 0644,
524
-		.proc_handler   = proc_allowed_congestion_control,
525
-	},
526
-	{
527486 		.procname	= "tcp_available_ulp",
528487 		.maxlen		= TCP_ULP_BUF_MAX,
529488 		.mode		= 0444,
....@@ -535,7 +494,7 @@
535494 		.maxlen		= sizeof(int),
536495 		.mode		= 0644,
537496 		.proc_handler	= proc_dointvec_minmax,
538
-		.extra1		= &zero,
497
+		.extra1		= SYSCTL_ZERO,
539498 	},
540499 	{
541500 		.procname	= "icmp_msgs_burst",
....@@ -543,7 +502,7 @@
543502 		.maxlen		= sizeof(int),
544503 		.mode		= 0644,
545504 		.proc_handler	= proc_dointvec_minmax,
546
-		.extra1		= &zero,
505
+		.extra1		= SYSCTL_ZERO,
547506 	},
548507 	{
549508 		.procname	= "udp_mem",
....@@ -551,6 +510,27 @@
551510 		.maxlen		= sizeof(sysctl_udp_mem),
552511 		.mode		= 0644,
553512 		.proc_handler	= proc_doulongvec_minmax,
513
+	},
514
+	{
515
+		.procname	= "fib_sync_mem",
516
+		.data		= &sysctl_fib_sync_mem,
517
+		.maxlen		= sizeof(sysctl_fib_sync_mem),
518
+		.mode		= 0644,
519
+		.proc_handler	= proc_douintvec_minmax,
520
+		.extra1		= &sysctl_fib_sync_mem_min,
521
+		.extra2		= &sysctl_fib_sync_mem_max,
522
+	},
523
+	{
524
+		.procname	= "tcp_rx_skb_cache",
525
+		.data		= &tcp_rx_skb_cache_key.key,
526
+		.mode		= 0644,
527
+		.proc_handler	= proc_do_static_key,
528
+	},
529
+	{
530
+		.procname	= "tcp_tx_skb_cache",
531
+		.data		= &tcp_tx_skb_cache_key.key,
532
+		.mode		= 0644,
533
+		.proc_handler	= proc_do_static_key,
554534 	},
555535 	{ }
556536 };
....@@ -605,6 +585,17 @@
605585 		.mode		= 0644,
606586 		.proc_handler	= ipv4_ping_group_range,
607587 	},
588
+#ifdef CONFIG_NET_L3_MASTER_DEV
589
+	{
590
+		.procname	= "raw_l3mdev_accept",
591
+		.data		= &init_net.ipv4.sysctl_raw_l3mdev_accept,
592
+		.maxlen		= sizeof(int),
593
+		.mode		= 0644,
594
+		.proc_handler	= proc_dointvec_minmax,
595
+		.extra1		= SYSCTL_ZERO,
596
+		.extra2		= SYSCTL_ONE,
597
+	},
598
+#endif
608599 	{
609600 		.procname	= "tcp_ecn",
610601 		.data		= &init_net.ipv4.sysctl_tcp_ecn,
....@@ -638,14 +629,23 @@
638629 		.data           = &init_net.ipv4.sysctl_udp_early_demux,
639630 		.maxlen         = sizeof(int),
640631 		.mode           = 0644,
641
-		.proc_handler   = proc_udp_early_demux
632
+		.proc_handler   = proc_douintvec_minmax,
642633 	},
643634 	{
644635 		.procname       = "tcp_early_demux",
645636 		.data           = &init_net.ipv4.sysctl_tcp_early_demux,
646637 		.maxlen         = sizeof(int),
647638 		.mode           = 0644,
648
-		.proc_handler   = proc_tcp_early_demux
639
+		.proc_handler   = proc_douintvec_minmax,
640
+	},
641
+	{
642
+		.procname       = "nexthop_compat_mode",
643
+		.data           = &init_net.ipv4.sysctl_nexthop_compat_mode,
644
+		.maxlen         = sizeof(int),
645
+		.mode           = 0644,
646
+		.proc_handler   = proc_dointvec_minmax,
647
+		.extra1		= SYSCTL_ZERO,
648
+		.extra2		= SYSCTL_ONE,
649649 	},
650650 	{
651651 		.procname	= "ip_default_ttl",
....@@ -671,6 +671,13 @@
671671 		.proc_handler	= proc_do_large_bitmap,
672672 	},
673673 	{
674
+		.procname	= "ip_local_unbindable_ports",
675
+		.data		= &init_net.ipv4.sysctl_local_unbindable_ports,
676
+		.maxlen		= 65536,
677
+		.mode		= 0644,
678
+		.proc_handler	= proc_do_large_bitmap,
679
+	},
680
+	{
674681 		.procname	= "ip_no_pmtu_disc",
675682 		.data		= &init_net.ipv4.sysctl_ip_no_pmtu_disc,
676683 		.maxlen		= sizeof(int),
....@@ -690,8 +697,8 @@
690697 		.maxlen		= sizeof(int),
691698 		.mode		= 0644,
692699 		.proc_handler   = ipv4_fwd_update_priority,
693
-		.extra1		= &zero,
694
-		.extra2		= &one,
700
+		.extra1		= SYSCTL_ZERO,
701
+		.extra2		= SYSCTL_ONE,
695702 	},
696703 	{
697704 		.procname	= "ip_nonlocal_bind",
....@@ -699,6 +706,15 @@
699706 		.maxlen		= sizeof(int),
700707 		.mode		= 0644,
701708 		.proc_handler	= proc_dointvec
709
+	},
710
+	{
711
+		.procname	= "ip_autobind_reuse",
712
+		.data		= &init_net.ipv4.sysctl_ip_autobind_reuse,
713
+		.maxlen		= sizeof(int),
714
+		.mode		= 0644,
715
+		.proc_handler	= proc_dointvec_minmax,
716
+		.extra1         = SYSCTL_ZERO,
717
+		.extra2         = SYSCTL_ONE,
702718 	},
703719 	{
704720 		.procname	= "fwmark_reflect",
....@@ -721,8 +737,8 @@
721737 		.maxlen		= sizeof(int),
722738 		.mode		= 0644,
723739 		.proc_handler	= proc_dointvec_minmax,
724
-		.extra1		= &zero,
725
-		.extra2		= &one,
740
+		.extra1		= SYSCTL_ZERO,
741
+		.extra2		= SYSCTL_ONE,
726742 	},
727743 #endif
728744 	{
....@@ -742,6 +758,15 @@
742758 	{
743759 		.procname	= "tcp_min_snd_mss",
744760 		.data		= &init_net.ipv4.sysctl_tcp_min_snd_mss,
761
+		.maxlen		= sizeof(int),
762
+		.mode		= 0644,
763
+		.proc_handler	= proc_dointvec_minmax,
764
+		.extra1		= &tcp_min_snd_mss_min,
765
+		.extra2		= &tcp_min_snd_mss_max,
766
+	},
767
+	{
768
+		.procname	= "tcp_mtu_probe_floor",
769
+		.data		= &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
745770 		.maxlen		= sizeof(int),
746771 		.mode		= 0644,
747772 		.proc_handler	= proc_dointvec_minmax,
....@@ -791,7 +816,7 @@
791816 		.maxlen		= sizeof(int),
792817 		.mode		= 0644,
793818 		.proc_handler	= proc_dointvec_minmax,
794
-		.extra1		= &one
819
+		.extra1		= SYSCTL_ONE
795820 	},
796821 #endif
797822 	{
....@@ -800,6 +825,18 @@
800825 		.mode		= 0644,
801826 		.maxlen		= TCP_CA_NAME_MAX,
802827 		.proc_handler	= proc_tcp_congestion_control,
828
+	},
829
+	{
830
+		.procname	= "tcp_available_congestion_control",
831
+		.maxlen		= TCP_CA_BUF_MAX,
832
+		.mode		= 0444,
833
+		.proc_handler   = proc_tcp_available_congestion_control,
834
+	},
835
+	{
836
+		.procname	= "tcp_allowed_congestion_control",
837
+		.maxlen		= TCP_CA_BUF_MAX,
838
+		.mode		= 0644,
839
+		.proc_handler   = proc_allowed_congestion_control,
803840 	},
804841 	{
805842 		.procname	= "tcp_keepalive_time",
....@@ -896,7 +933,7 @@
896933 		.maxlen		= sizeof(int),
897934 		.mode		= 0644,
898935 		.proc_handler	= proc_dointvec_minmax,
899
-		.extra1		= &zero,
936
+		.extra1		= SYSCTL_ZERO,
900937 		.extra2		= &two,
901938 	},
902939 	{
....@@ -924,7 +961,12 @@
924961 		.procname	= "tcp_fastopen_key",
925962 		.mode		= 0600,
926963 		.data		= &init_net.ipv4.sysctl_tcp_fastopen,
927
-		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
964
+		/* maxlen to print the list of keys in hex (*2), with dashes
965
+		 * separating doublewords and a comma in between keys.
966
+		 */
967
+		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH *
968
+				   2 * TCP_FASTOPEN_KEY_MAX) +
969
+				   (TCP_FASTOPEN_KEY_MAX * 5)),
928970 		.proc_handler	= proc_tcp_fastopen_key,
929971 	},
930972 	{
....@@ -933,7 +975,7 @@
933975 		.maxlen		= sizeof(int),
934976 		.mode		= 0644,
935977 		.proc_handler	= proc_tfo_blackhole_detect_timeout,
936
-		.extra1		= &zero,
978
+		.extra1		= SYSCTL_ZERO,
937979 	},
938980 #ifdef CONFIG_IP_ROUTE_MULTIPATH
939981 	{
....@@ -942,8 +984,8 @@
942984 		.maxlen		= sizeof(int),
943985 		.mode		= 0644,
944986 		.proc_handler	= proc_dointvec_minmax,
945
-		.extra1		= &zero,
946
-		.extra2		= &one,
987
+		.extra1		= SYSCTL_ZERO,
988
+		.extra2		= SYSCTL_ONE,
947989 	},
948990 	{
949991 		.procname	= "fib_multipath_hash_policy",
....@@ -951,8 +993,8 @@
951993 		.maxlen		= sizeof(int),
952994 		.mode		= 0644,
953995 		.proc_handler	= proc_fib_multipath_hash_policy,
954
-		.extra1		= &zero,
955
-		.extra2		= &one,
996
+		.extra1		= SYSCTL_ZERO,
997
+		.extra2		= &two,
956998 	},
957999 #endif
9581000 	{
....@@ -969,8 +1011,8 @@
9691011 		.maxlen		= sizeof(int),
9701012 		.mode		= 0644,
9711013 		.proc_handler	= proc_dointvec_minmax,
972
-		.extra1		= &zero,
973
-		.extra2		= &one,
1014
+		.extra1		= SYSCTL_ZERO,
1015
+		.extra2		= SYSCTL_ONE,
9741016 	},
9751017 #endif
9761018 	{
....@@ -1000,7 +1042,7 @@
10001042 		.maxlen		= sizeof(int),
10011043 		.mode		= 0644,
10021044 		.proc_handler	= proc_dointvec_minmax,
1003
-		.extra1		= &zero,
1045
+		.extra1		= SYSCTL_ZERO,
10041046 		.extra2		= &four,
10051047 	},
10061048 	{
....@@ -1104,6 +1146,15 @@
11041146 		.proc_handler	= proc_dointvec,
11051147 	},
11061148 	{
1149
+		.procname	= "tcp_no_ssthresh_metrics_save",
1150
+		.data		= &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1151
+		.maxlen		= sizeof(int),
1152
+		.mode		= 0644,
1153
+		.proc_handler	= proc_dointvec_minmax,
1154
+		.extra1		= SYSCTL_ZERO,
1155
+		.extra2		= SYSCTL_ONE,
1156
+	},
1157
+	{
11071158 		.procname	= "tcp_moderate_rcvbuf",
11081159 		.data		= &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
11091160 		.maxlen		= sizeof(int),
....@@ -1144,8 +1195,7 @@
11441195 		.maxlen		= sizeof(int),
11451196 		.mode		= 0644,
11461197 		.proc_handler	= proc_dointvec_minmax,
1147
-		.extra1		= &one,
1148
-		.extra2		= &gso_max_segs,
1198
+		.extra1		= SYSCTL_ONE,
11491199 	},
11501200 	{
11511201 		.procname	= "tcp_min_rtt_wlen",
....@@ -1153,7 +1203,7 @@
11531203 		.maxlen		= sizeof(int),
11541204 		.mode		= 0644,
11551205 		.proc_handler	= proc_dointvec_minmax,
1156
-		.extra1		= &zero,
1206
+		.extra1		= SYSCTL_ZERO,
11571207 		.extra2		= &one_day_secs
11581208 	},
11591209 	{
....@@ -1162,8 +1212,8 @@
11621212 		.maxlen		= sizeof(int),
11631213 		.mode		= 0644,
11641214 		.proc_handler	= proc_dointvec_minmax,
1165
-		.extra1		= &zero,
1166
-		.extra2		= &one,
1215
+		.extra1		= SYSCTL_ZERO,
1216
+		.extra2		= SYSCTL_ONE,
11671217 	},
11681218 	{
11691219 		.procname	= "tcp_invalid_ratelimit",
....@@ -1178,7 +1228,7 @@
11781228 		.maxlen		= sizeof(int),
11791229 		.mode		= 0644,
11801230 		.proc_handler	= proc_dointvec_minmax,
1181
-		.extra1		= &zero,
1231
+		.extra1		= SYSCTL_ZERO,
11821232 		.extra2		= &thousand,
11831233 	},
11841234 	{
....@@ -1187,7 +1237,7 @@
11871237 		.maxlen		= sizeof(int),
11881238 		.mode		= 0644,
11891239 		.proc_handler	= proc_dointvec_minmax,
1190
-		.extra1		= &zero,
1240
+		.extra1		= SYSCTL_ZERO,
11911241 		.extra2		= &thousand,
11921242 	},
11931243 	{
....@@ -1196,7 +1246,7 @@
11961246 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_wmem),
11971247 		.mode		= 0644,
11981248 		.proc_handler	= proc_dointvec_minmax,
1199
-		.extra1		= &one,
1249
+		.extra1		= SYSCTL_ONE,
12001250 	},
12011251 	{
12021252 		.procname	= "tcp_rmem",
....@@ -1204,11 +1254,18 @@
12041254 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_rmem),
12051255 		.mode		= 0644,
12061256 		.proc_handler	= proc_dointvec_minmax,
1207
-		.extra1		= &one,
1257
+		.extra1		= SYSCTL_ONE,
12081258 	},
12091259 	{
12101260 		.procname	= "tcp_comp_sack_delay_ns",
12111261 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1262
+		.maxlen		= sizeof(unsigned long),
1263
+		.mode		= 0644,
1264
+		.proc_handler	= proc_doulongvec_minmax,
1265
+	},
1266
+	{
1267
+		.procname	= "tcp_comp_sack_slack_ns",
1268
+		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
12121269 		.maxlen		= sizeof(unsigned long),
12131270 		.mode		= 0644,
12141271 		.proc_handler	= proc_doulongvec_minmax,
....@@ -1219,8 +1276,17 @@
12191276 		.maxlen		= sizeof(int),
12201277 		.mode		= 0644,
12211278 		.proc_handler	= proc_dointvec_minmax,
1222
-		.extra1		= &zero,
1279
+		.extra1		= SYSCTL_ZERO,
12231280 		.extra2		= &comp_sack_nr_max,
1281
+	},
1282
+	{
1283
+		.procname       = "tcp_reflect_tos",
1284
+		.data           = &init_net.ipv4.sysctl_tcp_reflect_tos,
1285
+		.maxlen         = sizeof(int),
1286
+		.mode           = 0644,
1287
+		.proc_handler   = proc_dointvec_minmax,
1288
+		.extra1         = SYSCTL_ZERO,
1289
+		.extra2         = SYSCTL_ONE,
12241290 	},
12251291 	{
12261292 		.procname	= "udp_rmem_min",
....@@ -1228,7 +1294,7 @@
12281294 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_rmem_min),
12291295 		.mode		= 0644,
12301296 		.proc_handler	= proc_dointvec_minmax,
1231
-		.extra1		= &one
1297
+		.extra1		= SYSCTL_ONE
12321298 	},
12331299 	{
12341300 		.procname	= "udp_wmem_min",
....@@ -1236,7 +1302,7 @@
12361302 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_wmem_min),
12371303 		.mode		= 0644,
12381304 		.proc_handler	= proc_dointvec_minmax,
1239
-		.extra1		= &one
1305
+		.extra1		= SYSCTL_ONE
12401306 	},
12411307 	{ }
12421308 };
....@@ -1253,9 +1319,19 @@
12531319 		if (!table)
12541320 			goto err_alloc;
12551321 
1256
-		/* Update the variables to point into the current struct net */
1257
-		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
1258
-			table[i].data += (void *)net - (void *)&init_net;
1322
+		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1323
+			if (table[i].data) {
1324
+				/* Update the variables to point into
1325
+				 * the current struct net
1326
+				 */
1327
+				table[i].data += (void *)net - (void *)&init_net;
1328
+			} else {
1329
+				/* Entries without data pointer are global;
1330
+				 * Make them read-only in non-init_net ns
1331
+				 */
1332
+				table[i].mode &= ~0222;
1333
+			}
1334
+		}
12591335 	}
12601336 
12611337 	net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
....@@ -1264,11 +1340,17 @@
12641340 
12651341 	net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
12661342 	if (!net->ipv4.sysctl_local_reserved_ports)
1267
-		goto err_ports;
1343
+		goto err_reserved_ports;
1344
+
1345
+	net->ipv4.sysctl_local_unbindable_ports = kzalloc(65536 / 8, GFP_KERNEL);
1346
+	if (!net->ipv4.sysctl_local_unbindable_ports)
1347
+		goto err_unbindable_ports;
12681348 
12691349 	return 0;
12701350 
1271
-err_ports:
1351
+err_unbindable_ports:
1352
+	kfree(net->ipv4.sysctl_local_reserved_ports);
1353
+err_reserved_ports:
12721354 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
12731355 err_reg:
12741356 	if (!net_eq(net, &init_net))
....@@ -1281,6 +1363,7 @@
12811363 {
12821364 	struct ctl_table *table;
12831365 
1366
+	kfree(net->ipv4.sysctl_local_unbindable_ports);
12841367 	kfree(net->ipv4.sysctl_local_reserved_ports);
12851368 	table = net->ipv4.ipv4_hdr->ctl_table_arg;
12861369 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);