enable docker ppp

hc

2023-12-09 95099d4622f8cb224d94e314c7a8e0df60b13f87

 kernel/net/ipv4/sysctl_net_ipv4.c
..
..
@@ -28,8 +28,6 @@
28
28
 #include <net/protocol.h>
29
29
 #include <net/netevent.h>
30
30
 
31
-static int zero;
32
-static int one = 1;
33
31
 static int two = 2;
34
32
 static int four = 4;
35
33
 static int thousand = 1000;
..
..
@@ -73,8 +71,7 @@
73
71
 
74
72
 /* Validate changes from /proc interface. */
75
73
 static int ipv4_local_port_range(struct ctl_table *table, int write,
76
-				 void __user *buffer,
77
-				 size_t *lenp, loff_t *ppos)
74
+				 void *buffer, size_t *lenp, loff_t *ppos)
78
75
 {
79
76
 	struct net *net =
80
77
 		container_of(table->data, struct net, ipv4.ip_local_ports.range);
..
..
@@ -98,7 +95,7 @@
98
95
 		 * port limit.
99
96
 		 */
100
97
 		if ((range[1] < range[0]) ||
101
-		    (range[0] < net->ipv4.sysctl_ip_prot_sock))
98
+		    (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))
102
99
 			ret = -EINVAL;
103
100
 		else
104
101
 			set_local_port_range(net, range);
..
..
@@ -109,7 +106,7 @@
109
106
 
110
107
 /* Validate changes from /proc interface. */
111
108
 static int ipv4_privileged_ports(struct ctl_table *table, int write,
112
-				void __user *buffer, size_t *lenp, loff_t *ppos)
109
+				void *buffer, size_t *lenp, loff_t *ppos)
113
110
 {
114
111
 	struct net *net = container_of(table->data, struct net,
115
112
 	    ipv4.sysctl_ip_prot_sock);
..
..
@@ -124,7 +121,7 @@
124
121
 		.extra2 = &ip_privileged_port_max,
125
122
 	};
126
123
 
127
-	pports = net->ipv4.sysctl_ip_prot_sock;
124
+	pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);
128
125
 
129
126
 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
130
127
 
..
..
@@ -136,7 +133,7 @@
136
133
 		if (range[0] < pports)
137
134
 			ret = -EINVAL;
138
135
 		else
139
-			net->ipv4.sysctl_ip_prot_sock = pports;
136
+			WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);
140
137
 	}
141
138
 
142
139
 	return ret;
..
..
@@ -170,8 +167,7 @@
170
167
 
171
168
 /* Validate changes from /proc interface. */
172
169
 static int ipv4_ping_group_range(struct ctl_table *table, int write,
173
-				 void __user *buffer,
174
-				 size_t *lenp, loff_t *ppos)
170
+				 void *buffer, size_t *lenp, loff_t *ppos)
175
171
 {
176
172
 	struct user_namespace *user_ns = current_user_ns();
177
173
 	int ret;
..
..
@@ -206,8 +202,7 @@
206
202
 }
207
203
 
208
204
 static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
209
-				    void __user *buffer,
210
-				    size_t *lenp, loff_t *ppos)
205
+				    void *buffer, size_t *lenp, loff_t *ppos)
211
206
 {
212
207
 	struct net *net;
213
208
 	int ret;
..
..
@@ -223,7 +218,7 @@
223
218
 }
224
219
 
225
220
 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
226
-				       void __user *buffer, size_t *lenp, loff_t *ppos)
221
+				       void *buffer, size_t *lenp, loff_t *ppos)
227
222
 {
228
223
 	struct net *net = container_of(ctl->data, struct net,
229
224
 				       ipv4.tcp_congestion_control);
..
..
@@ -243,9 +238,8 @@
243
238
 }
244
239
 
245
240
 static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
246
-						 int write,
247
-						 void __user *buffer, size_t *lenp,
248
-						 loff_t *ppos)
241
+						 int write, void *buffer,
242
+						 size_t *lenp, loff_t *ppos)
249
243
 {
250
244
 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
251
245
 	int ret;
..
..
@@ -260,9 +254,8 @@
260
254
 }
261
255
 
262
256
 static int proc_allowed_congestion_control(struct ctl_table *ctl,
263
-					   int write,
264
-					   void __user *buffer, size_t *lenp,
265
-					   loff_t *ppos)
257
+					   int write, void *buffer,
258
+					   size_t *lenp, loff_t *ppos)
266
259
 {
267
260
 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
268
261
 	int ret;
..
..
@@ -279,117 +272,97 @@
279
272
 	return ret;
280
273
 }
281
274
 
275
+static int sscanf_key(char *buf, __le32 *key)
276
+{
277
+	u32 user_key[4];
278
+	int i, ret = 0;
279
+
280
+	if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
281
+		   user_key + 2, user_key + 3) != 4) {
282
+		ret = -EINVAL;
283
+	} else {
284
+		for (i = 0; i < ARRAY_SIZE(user_key); i++)
285
+			key[i] = cpu_to_le32(user_key[i]);
286
+	}
287
+	pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
288
+		 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
289
+
290
+	return ret;
291
+}
292
+
282
293
 static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
283
-				 void __user *buffer, size_t *lenp,
284
-				 loff_t *ppos)
294
+				 void *buffer, size_t *lenp, loff_t *ppos)
285
295
 {
286
296
 	struct net *net = container_of(table->data, struct net,
287
297
 	    ipv4.sysctl_tcp_fastopen);
288
-	struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
289
-	struct tcp_fastopen_context *ctxt;
290
-	u32  user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
291
-	__le32 key[4];
292
-	int ret, i;
298
+	/* maxlen to print the list of keys in hex (*2), with dashes
299
+	 * separating doublewords and a comma in between keys.
300
+	 */
301
+	struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
302
+					    2 * TCP_FASTOPEN_KEY_MAX) +
303
+					    (TCP_FASTOPEN_KEY_MAX * 5)) };
304
+	u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
305
+	__le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
306
+	char *backup_data;
307
+	int ret, i = 0, off = 0, n_keys;
293
308
 
294
309
 	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
295
310
 	if (!tbl.data)
296
311
 		return -ENOMEM;
297
312
 
298
-	rcu_read_lock();
299
-	ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
300
-	if (ctxt)
301
-		memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
302
-	else
303
-		memset(key, 0, sizeof(key));
304
-	rcu_read_unlock();
313
+	n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
314
+	if (!n_keys) {
315
+		memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
316
+		n_keys = 1;
317
+	}
305
318
 
306
-	for (i = 0; i < ARRAY_SIZE(key); i++)
319
+	for (i = 0; i < n_keys * 4; i++)
307
320
 		user_key[i] = le32_to_cpu(key[i]);
308
321
 
309
-	snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
310
-		user_key[0], user_key[1], user_key[2], user_key[3]);
322
+	for (i = 0; i < n_keys; i++) {
323
+		off += snprintf(tbl.data + off, tbl.maxlen - off,
324
+				"%08x-%08x-%08x-%08x",
325
+				user_key[i * 4],
326
+				user_key[i * 4 + 1],
327
+				user_key[i * 4 + 2],
328
+				user_key[i * 4 + 3]);
329
+
330
+		if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
331
+			break;
332
+
333
+		if (i + 1 < n_keys)
334
+			off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
335
+	}
336
+
311
337
 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
312
338
 
313
339
 	if (write && ret == 0) {
314
-		if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
315
-			   user_key + 2, user_key + 3) != 4) {
340
+		backup_data = strchr(tbl.data, ',');
341
+		if (backup_data) {
342
+			*backup_data = '\0';
343
+			backup_data++;
344
+		}
345
+		if (sscanf_key(tbl.data, key)) {
316
346
 			ret = -EINVAL;
317
347
 			goto bad_key;
318
348
 		}
319
-
320
-		for (i = 0; i < ARRAY_SIZE(user_key); i++)
321
-			key[i] = cpu_to_le32(user_key[i]);
322
-
349
+		if (backup_data) {
350
+			if (sscanf_key(backup_data, key + 4)) {
351
+				ret = -EINVAL;
352
+				goto bad_key;
353
+			}
354
+		}
323
355
 		tcp_fastopen_reset_cipher(net, NULL, key,
324
-					  TCP_FASTOPEN_KEY_LENGTH);
356
+					  backup_data ? key + 4 : NULL);
325
357
 	}
326
358
 
327
359
 bad_key:
328
-	pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
329
-		user_key[0], user_key[1], user_key[2], user_key[3],
330
-	       (char *)tbl.data, ret);
331
360
 	kfree(tbl.data);
332
361
 	return ret;
333
362
 }
334
363
 
335
-static void proc_configure_early_demux(int enabled, int protocol)
336
-{
337
-	struct net_protocol *ipprot;
338
-#if IS_ENABLED(CONFIG_IPV6)
339
-	struct inet6_protocol *ip6prot;
340
-#endif
341
-
342
-	rcu_read_lock();
343
-
344
-	ipprot = rcu_dereference(inet_protos[protocol]);
345
-	if (ipprot)
346
-		ipprot->early_demux = enabled ? ipprot->early_demux_handler :
347
-						NULL;
348
-
349
-#if IS_ENABLED(CONFIG_IPV6)
350
-	ip6prot = rcu_dereference(inet6_protos[protocol]);
351
-	if (ip6prot)
352
-		ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
353
-						 NULL;
354
-#endif
355
-	rcu_read_unlock();
356
-}
357
-
358
-static int proc_tcp_early_demux(struct ctl_table *table, int write,
359
-				void __user *buffer, size_t *lenp, loff_t *ppos)
360
-{
361
-	int ret = 0;
362
-
363
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
364
-
365
-	if (write && !ret) {
366
-		int enabled = init_net.ipv4.sysctl_tcp_early_demux;
367
-
368
-		proc_configure_early_demux(enabled, IPPROTO_TCP);
369
-	}
370
-
371
-	return ret;
372
-}
373
-
374
-static int proc_udp_early_demux(struct ctl_table *table, int write,
375
-				void __user *buffer, size_t *lenp, loff_t *ppos)
376
-{
377
-	int ret = 0;
378
-
379
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
380
-
381
-	if (write && !ret) {
382
-		int enabled = init_net.ipv4.sysctl_udp_early_demux;
383
-
384
-		proc_configure_early_demux(enabled, IPPROTO_UDP);
385
-	}
386
-
387
-	return ret;
388
-}
389
-
390
364
 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
391
-					     int write,
392
-					     void __user *buffer,
365
+					     int write, void *buffer,
393
366
 					     size_t *lenp, loff_t *ppos)
394
367
 {
395
368
 	struct net *net = container_of(table->data, struct net,
..
..
@@ -404,8 +377,7 @@
404
377
 }
405
378
 
406
379
 static int proc_tcp_available_ulp(struct ctl_table *ctl,
407
-				  int write,
408
-				  void __user *buffer, size_t *lenp,
380
+				  int write, void *buffer, size_t *lenp,
409
381
 				  loff_t *ppos)
410
382
 {
411
383
 	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
..
..
@@ -423,7 +395,7 @@
423
395
 
424
396
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
425
397
 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
426
-					  void __user *buffer, size_t *lenp,
398
+					  void *buffer, size_t *lenp,
427
399
 					  loff_t *ppos)
428
400
 {
429
401
 	struct net *net = container_of(table->data, struct net,
..
..
@@ -512,18 +484,6 @@
512
484
 	},
513
485
 #endif /* CONFIG_NETLABEL */
514
486
 	{
515
-		.procname	= "tcp_available_congestion_control",
516
-		.maxlen		= TCP_CA_BUF_MAX,
517
-		.mode		= 0444,
518
-		.proc_handler   = proc_tcp_available_congestion_control,
519
-	},
520
-	{
521
-		.procname	= "tcp_allowed_congestion_control",
522
-		.maxlen		= TCP_CA_BUF_MAX,
523
-		.mode		= 0644,
524
-		.proc_handler   = proc_allowed_congestion_control,
525
-	},
526
-	{
527
487
 		.procname	= "tcp_available_ulp",
528
488
 		.maxlen		= TCP_ULP_BUF_MAX,
529
489
 		.mode		= 0444,
..
..
@@ -535,7 +495,7 @@
535
495
 		.maxlen		= sizeof(int),
536
496
 		.mode		= 0644,
537
497
 		.proc_handler	= proc_dointvec_minmax,
538
-		.extra1		= &zero,
498
+		.extra1		= SYSCTL_ZERO,
539
499
 	},
540
500
 	{
541
501
 		.procname	= "icmp_msgs_burst",
..
..
@@ -543,7 +503,7 @@
543
503
 		.maxlen		= sizeof(int),
544
504
 		.mode		= 0644,
545
505
 		.proc_handler	= proc_dointvec_minmax,
546
-		.extra1		= &zero,
506
+		.extra1		= SYSCTL_ZERO,
547
507
 	},
548
508
 	{
549
509
 		.procname	= "udp_mem",
..
..
@@ -551,6 +511,27 @@
551
511
 		.maxlen		= sizeof(sysctl_udp_mem),
552
512
 		.mode		= 0644,
553
513
 		.proc_handler	= proc_doulongvec_minmax,
514
+	},
515
+	{
516
+		.procname	= "fib_sync_mem",
517
+		.data		= &sysctl_fib_sync_mem,
518
+		.maxlen		= sizeof(sysctl_fib_sync_mem),
519
+		.mode		= 0644,
520
+		.proc_handler	= proc_douintvec_minmax,
521
+		.extra1		= &sysctl_fib_sync_mem_min,
522
+		.extra2		= &sysctl_fib_sync_mem_max,
523
+	},
524
+	{
525
+		.procname	= "tcp_rx_skb_cache",
526
+		.data		= &tcp_rx_skb_cache_key.key,
527
+		.mode		= 0644,
528
+		.proc_handler	= proc_do_static_key,
529
+	},
530
+	{
531
+		.procname	= "tcp_tx_skb_cache",
532
+		.data		= &tcp_tx_skb_cache_key.key,
533
+		.mode		= 0644,
534
+		.proc_handler	= proc_do_static_key,
554
535
 	},
555
536
 	{ }
556
537
 };
..
..
@@ -605,6 +586,17 @@
605
586
 		.mode		= 0644,
606
587
 		.proc_handler	= ipv4_ping_group_range,
607
588
 	},
589
+#ifdef CONFIG_NET_L3_MASTER_DEV
590
+	{
591
+		.procname	= "raw_l3mdev_accept",
592
+		.data		= &init_net.ipv4.sysctl_raw_l3mdev_accept,
593
+		.maxlen		= sizeof(int),
594
+		.mode		= 0644,
595
+		.proc_handler	= proc_dointvec_minmax,
596
+		.extra1		= SYSCTL_ZERO,
597
+		.extra2		= SYSCTL_ONE,
598
+	},
599
+#endif
608
600
 	{
609
601
 		.procname	= "tcp_ecn",
610
602
 		.data		= &init_net.ipv4.sysctl_tcp_ecn,
..
..
@@ -638,14 +630,23 @@
638
630
 		.data           = &init_net.ipv4.sysctl_udp_early_demux,
639
631
 		.maxlen         = sizeof(int),
640
632
 		.mode           = 0644,
641
-		.proc_handler   = proc_udp_early_demux
633
+		.proc_handler   = proc_douintvec_minmax,
642
634
 	},
643
635
 	{
644
636
 		.procname       = "tcp_early_demux",
645
637
 		.data           = &init_net.ipv4.sysctl_tcp_early_demux,
646
638
 		.maxlen         = sizeof(int),
647
639
 		.mode           = 0644,
648
-		.proc_handler   = proc_tcp_early_demux
640
+		.proc_handler   = proc_douintvec_minmax,
641
+	},
642
+	{
643
+		.procname       = "nexthop_compat_mode",
644
+		.data           = &init_net.ipv4.sysctl_nexthop_compat_mode,
645
+		.maxlen         = sizeof(int),
646
+		.mode           = 0644,
647
+		.proc_handler   = proc_dointvec_minmax,
648
+		.extra1		= SYSCTL_ZERO,
649
+		.extra2		= SYSCTL_ONE,
649
650
 	},
650
651
 	{
651
652
 		.procname	= "ip_default_ttl",
..
..
@@ -671,6 +672,13 @@
671
672
 		.proc_handler	= proc_do_large_bitmap,
672
673
 	},
673
674
 	{
675
+		.procname	= "ip_local_unbindable_ports",
676
+		.data		= &init_net.ipv4.sysctl_local_unbindable_ports,
677
+		.maxlen		= 65536,
678
+		.mode		= 0644,
679
+		.proc_handler	= proc_do_large_bitmap,
680
+	},
681
+	{
674
682
 		.procname	= "ip_no_pmtu_disc",
675
683
 		.data		= &init_net.ipv4.sysctl_ip_no_pmtu_disc,
676
684
 		.maxlen		= sizeof(int),
..
..
@@ -690,8 +698,8 @@
690
698
 		.maxlen		= sizeof(int),
691
699
 		.mode		= 0644,
692
700
 		.proc_handler   = ipv4_fwd_update_priority,
693
-		.extra1		= &zero,
694
-		.extra2		= &one,
701
+		.extra1		= SYSCTL_ZERO,
702
+		.extra2		= SYSCTL_ONE,
695
703
 	},
696
704
 	{
697
705
 		.procname	= "ip_nonlocal_bind",
..
..
@@ -699,6 +707,15 @@
699
707
 		.maxlen		= sizeof(int),
700
708
 		.mode		= 0644,
701
709
 		.proc_handler	= proc_dointvec
710
+	},
711
+	{
712
+		.procname	= "ip_autobind_reuse",
713
+		.data		= &init_net.ipv4.sysctl_ip_autobind_reuse,
714
+		.maxlen		= sizeof(int),
715
+		.mode		= 0644,
716
+		.proc_handler	= proc_dointvec_minmax,
717
+		.extra1         = SYSCTL_ZERO,
718
+		.extra2         = SYSCTL_ONE,
702
719
 	},
703
720
 	{
704
721
 		.procname	= "fwmark_reflect",
..
..
@@ -721,8 +738,8 @@
721
738
 		.maxlen		= sizeof(int),
722
739
 		.mode		= 0644,
723
740
 		.proc_handler	= proc_dointvec_minmax,
724
-		.extra1		= &zero,
725
-		.extra2		= &one,
741
+		.extra1		= SYSCTL_ZERO,
742
+		.extra2		= SYSCTL_ONE,
726
743
 	},
727
744
 #endif
728
745
 	{
..
..
@@ -742,6 +759,15 @@
742
759
 	{
743
760
 		.procname	= "tcp_min_snd_mss",
744
761
 		.data		= &init_net.ipv4.sysctl_tcp_min_snd_mss,
762
+		.maxlen		= sizeof(int),
763
+		.mode		= 0644,
764
+		.proc_handler	= proc_dointvec_minmax,
765
+		.extra1		= &tcp_min_snd_mss_min,
766
+		.extra2		= &tcp_min_snd_mss_max,
767
+	},
768
+	{
769
+		.procname	= "tcp_mtu_probe_floor",
770
+		.data		= &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
745
771
 		.maxlen		= sizeof(int),
746
772
 		.mode		= 0644,
747
773
 		.proc_handler	= proc_dointvec_minmax,
..
..
@@ -791,7 +817,7 @@
791
817
 		.maxlen		= sizeof(int),
792
818
 		.mode		= 0644,
793
819
 		.proc_handler	= proc_dointvec_minmax,
794
-		.extra1		= &one
820
+		.extra1		= SYSCTL_ONE
795
821
 	},
796
822
 #endif
797
823
 	{
..
..
@@ -800,6 +826,18 @@
800
826
 		.mode		= 0644,
801
827
 		.maxlen		= TCP_CA_NAME_MAX,
802
828
 		.proc_handler	= proc_tcp_congestion_control,
829
+	},
830
+	{
831
+		.procname	= "tcp_available_congestion_control",
832
+		.maxlen		= TCP_CA_BUF_MAX,
833
+		.mode		= 0444,
834
+		.proc_handler   = proc_tcp_available_congestion_control,
835
+	},
836
+	{
837
+		.procname	= "tcp_allowed_congestion_control",
838
+		.maxlen		= TCP_CA_BUF_MAX,
839
+		.mode		= 0644,
840
+		.proc_handler   = proc_allowed_congestion_control,
803
841
 	},
804
842
 	{
805
843
 		.procname	= "tcp_keepalive_time",
..
..
@@ -896,7 +934,7 @@
896
934
 		.maxlen		= sizeof(int),
897
935
 		.mode		= 0644,
898
936
 		.proc_handler	= proc_dointvec_minmax,
899
-		.extra1		= &zero,
937
+		.extra1		= SYSCTL_ZERO,
900
938
 		.extra2		= &two,
901
939
 	},
902
940
 	{
..
..
@@ -924,7 +962,12 @@
924
962
 		.procname	= "tcp_fastopen_key",
925
963
 		.mode		= 0600,
926
964
 		.data		= &init_net.ipv4.sysctl_tcp_fastopen,
927
-		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
965
+		/* maxlen to print the list of keys in hex (*2), with dashes
966
+		 * separating doublewords and a comma in between keys.
967
+		 */
968
+		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH *
969
+				   2 * TCP_FASTOPEN_KEY_MAX) +
970
+				   (TCP_FASTOPEN_KEY_MAX * 5)),
928
971
 		.proc_handler	= proc_tcp_fastopen_key,
929
972
 	},
930
973
 	{
..
..
@@ -933,7 +976,7 @@
933
976
 		.maxlen		= sizeof(int),
934
977
 		.mode		= 0644,
935
978
 		.proc_handler	= proc_tfo_blackhole_detect_timeout,
936
-		.extra1		= &zero,
979
+		.extra1		= SYSCTL_ZERO,
937
980
 	},
938
981
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
939
982
 	{
..
..
@@ -942,8 +985,8 @@
942
985
 		.maxlen		= sizeof(int),
943
986
 		.mode		= 0644,
944
987
 		.proc_handler	= proc_dointvec_minmax,
945
-		.extra1		= &zero,
946
-		.extra2		= &one,
988
+		.extra1		= SYSCTL_ZERO,
989
+		.extra2		= SYSCTL_ONE,
947
990
 	},
948
991
 	{
949
992
 		.procname	= "fib_multipath_hash_policy",
..
..
@@ -951,8 +994,8 @@
951
994
 		.maxlen		= sizeof(int),
952
995
 		.mode		= 0644,
953
996
 		.proc_handler	= proc_fib_multipath_hash_policy,
954
-		.extra1		= &zero,
955
-		.extra2		= &one,
997
+		.extra1		= SYSCTL_ZERO,
998
+		.extra2		= &two,
956
999
 	},
957
1000
 #endif
958
1001
 	{
..
..
@@ -969,8 +1012,8 @@
969
1012
 		.maxlen		= sizeof(int),
970
1013
 		.mode		= 0644,
971
1014
 		.proc_handler	= proc_dointvec_minmax,
972
-		.extra1		= &zero,
973
-		.extra2		= &one,
1015
+		.extra1		= SYSCTL_ZERO,
1016
+		.extra2		= SYSCTL_ONE,
974
1017
 	},
975
1018
 #endif
976
1019
 	{
..
..
@@ -1000,7 +1043,7 @@
1000
1043
 		.maxlen		= sizeof(int),
1001
1044
 		.mode		= 0644,
1002
1045
 		.proc_handler	= proc_dointvec_minmax,
1003
-		.extra1		= &zero,
1046
+		.extra1		= SYSCTL_ZERO,
1004
1047
 		.extra2		= &four,
1005
1048
 	},
1006
1049
 	{
..
..
@@ -1104,6 +1147,15 @@
1104
1147
 		.proc_handler	= proc_dointvec,
1105
1148
 	},
1106
1149
 	{
1150
+		.procname	= "tcp_no_ssthresh_metrics_save",
1151
+		.data		= &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1152
+		.maxlen		= sizeof(int),
1153
+		.mode		= 0644,
1154
+		.proc_handler	= proc_dointvec_minmax,
1155
+		.extra1		= SYSCTL_ZERO,
1156
+		.extra2		= SYSCTL_ONE,
1157
+	},
1158
+	{
1107
1159
 		.procname	= "tcp_moderate_rcvbuf",
1108
1160
 		.data		= &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1109
1161
 		.maxlen		= sizeof(int),
..
..
@@ -1144,7 +1196,7 @@
1144
1196
 		.maxlen		= sizeof(int),
1145
1197
 		.mode		= 0644,
1146
1198
 		.proc_handler	= proc_dointvec_minmax,
1147
-		.extra1		= &one,
1199
+		.extra1		= SYSCTL_ONE,
1148
1200
 		.extra2		= &gso_max_segs,
1149
1201
 	},
1150
1202
 	{
..
..
@@ -1153,7 +1205,7 @@
1153
1205
 		.maxlen		= sizeof(int),
1154
1206
 		.mode		= 0644,
1155
1207
 		.proc_handler	= proc_dointvec_minmax,
1156
-		.extra1		= &zero,
1208
+		.extra1		= SYSCTL_ZERO,
1157
1209
 		.extra2		= &one_day_secs
1158
1210
 	},
1159
1211
 	{
..
..
@@ -1162,8 +1214,8 @@
1162
1214
 		.maxlen		= sizeof(int),
1163
1215
 		.mode		= 0644,
1164
1216
 		.proc_handler	= proc_dointvec_minmax,
1165
-		.extra1		= &zero,
1166
-		.extra2		= &one,
1217
+		.extra1		= SYSCTL_ZERO,
1218
+		.extra2		= SYSCTL_ONE,
1167
1219
 	},
1168
1220
 	{
1169
1221
 		.procname	= "tcp_invalid_ratelimit",
..
..
@@ -1178,7 +1230,7 @@
1178
1230
 		.maxlen		= sizeof(int),
1179
1231
 		.mode		= 0644,
1180
1232
 		.proc_handler	= proc_dointvec_minmax,
1181
-		.extra1		= &zero,
1233
+		.extra1		= SYSCTL_ZERO,
1182
1234
 		.extra2		= &thousand,
1183
1235
 	},
1184
1236
 	{
..
..
@@ -1187,7 +1239,7 @@
1187
1239
 		.maxlen		= sizeof(int),
1188
1240
 		.mode		= 0644,
1189
1241
 		.proc_handler	= proc_dointvec_minmax,
1190
-		.extra1		= &zero,
1242
+		.extra1		= SYSCTL_ZERO,
1191
1243
 		.extra2		= &thousand,
1192
1244
 	},
1193
1245
 	{
..
..
@@ -1196,7 +1248,7 @@
1196
1248
 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_wmem),
1197
1249
 		.mode		= 0644,
1198
1250
 		.proc_handler	= proc_dointvec_minmax,
1199
-		.extra1		= &one,
1251
+		.extra1		= SYSCTL_ONE,
1200
1252
 	},
1201
1253
 	{
1202
1254
 		.procname	= "tcp_rmem",
..
..
@@ -1204,11 +1256,18 @@
1204
1256
 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_rmem),
1205
1257
 		.mode		= 0644,
1206
1258
 		.proc_handler	= proc_dointvec_minmax,
1207
-		.extra1		= &one,
1259
+		.extra1		= SYSCTL_ONE,
1208
1260
 	},
1209
1261
 	{
1210
1262
 		.procname	= "tcp_comp_sack_delay_ns",
1211
1263
 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1264
+		.maxlen		= sizeof(unsigned long),
1265
+		.mode		= 0644,
1266
+		.proc_handler	= proc_doulongvec_minmax,
1267
+	},
1268
+	{
1269
+		.procname	= "tcp_comp_sack_slack_ns",
1270
+		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
1212
1271
 		.maxlen		= sizeof(unsigned long),
1213
1272
 		.mode		= 0644,
1214
1273
 		.proc_handler	= proc_doulongvec_minmax,
..
..
@@ -1219,8 +1278,17 @@
1219
1278
 		.maxlen		= sizeof(int),
1220
1279
 		.mode		= 0644,
1221
1280
 		.proc_handler	= proc_dointvec_minmax,
1222
-		.extra1		= &zero,
1281
+		.extra1		= SYSCTL_ZERO,
1223
1282
 		.extra2		= &comp_sack_nr_max,
1283
+	},
1284
+	{
1285
+		.procname       = "tcp_reflect_tos",
1286
+		.data           = &init_net.ipv4.sysctl_tcp_reflect_tos,
1287
+		.maxlen         = sizeof(int),
1288
+		.mode           = 0644,
1289
+		.proc_handler   = proc_dointvec_minmax,
1290
+		.extra1         = SYSCTL_ZERO,
1291
+		.extra2         = SYSCTL_ONE,
1224
1292
 	},
1225
1293
 	{
1226
1294
 		.procname	= "udp_rmem_min",
..
..
@@ -1228,7 +1296,7 @@
1228
1296
 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1229
1297
 		.mode		= 0644,
1230
1298
 		.proc_handler	= proc_dointvec_minmax,
1231
-		.extra1		= &one
1299
+		.extra1		= SYSCTL_ONE
1232
1300
 	},
1233
1301
 	{
1234
1302
 		.procname	= "udp_wmem_min",
..
..
@@ -1236,7 +1304,7 @@
1236
1304
 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1237
1305
 		.mode		= 0644,
1238
1306
 		.proc_handler	= proc_dointvec_minmax,
1239
-		.extra1		= &one
1307
+		.extra1		= SYSCTL_ONE
1240
1308
 	},
1241
1309
 	{ }
1242
1310
 };
..
..
@@ -1253,9 +1321,19 @@
1253
1321
 		if (!table)
1254
1322
 			goto err_alloc;
1255
1323
 
1256
-		/* Update the variables to point into the current struct net */
1257
-		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
1258
-			table[i].data += (void *)net - (void *)&init_net;
1324
+		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1325
+			if (table[i].data) {
1326
+				/* Update the variables to point into
1327
+				 * the current struct net
1328
+				 */
1329
+				table[i].data += (void *)net - (void *)&init_net;
1330
+			} else {
1331
+				/* Entries without data pointer are global;
1332
+				 * Make them read-only in non-init_net ns
1333
+				 */
1334
+				table[i].mode &= ~0222;
1335
+			}
1336
+		}
1259
1337
 	}
1260
1338
 
1261
1339
 	net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
..
..
@@ -1264,11 +1342,17 @@
1264
1342
 
1265
1343
 	net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1266
1344
 	if (!net->ipv4.sysctl_local_reserved_ports)
1267
-		goto err_ports;
1345
+		goto err_reserved_ports;
1346
+
1347
+	net->ipv4.sysctl_local_unbindable_ports = kzalloc(65536 / 8, GFP_KERNEL);
1348
+	if (!net->ipv4.sysctl_local_unbindable_ports)
1349
+		goto err_unbindable_ports;
1268
1350
 
1269
1351
 	return 0;
1270
1352
 
1271
-err_ports:
1353
+err_unbindable_ports:
1354
+	kfree(net->ipv4.sysctl_local_reserved_ports);
1355
+err_reserved_ports:
1272
1356
 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1273
1357
 err_reg:
1274
1358
 	if (!net_eq(net, &init_net))
..
..
@@ -1281,6 +1365,7 @@
1281
1365
 {
1282
1366
 	struct ctl_table *table;
1283
1367
 
1368
+	kfree(net->ipv4.sysctl_local_unbindable_ports);
1284
1369
 	kfree(net->ipv4.sysctl_local_reserved_ports);
1285
1370
 	table = net->ipv4.ipv4_hdr->ctl_table_arg;
1286
1371
 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);