write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/net/ipv4/sysctl_net_ipv4.c
..
..
@@ -28,12 +28,9 @@
28
28
 #include <net/protocol.h>
29
29
 #include <net/netevent.h>
30
30
 
31
-static int zero;
32
-static int one = 1;
33
31
 static int two = 2;
34
32
 static int four = 4;
35
33
 static int thousand = 1000;
36
-static int gso_max_segs = GSO_MAX_SEGS;
37
34
 static int tcp_retr1_max = 255;
38
35
 static int ip_local_port_range_min[] = { 1, 1 };
39
36
 static int ip_local_port_range_max[] = { 65535, 65535 };
..
..
@@ -73,8 +70,7 @@
73
70
 
74
71
 /* Validate changes from /proc interface. */
75
72
 static int ipv4_local_port_range(struct ctl_table *table, int write,
76
-				 void __user *buffer,
77
-				 size_t *lenp, loff_t *ppos)
73
+				 void *buffer, size_t *lenp, loff_t *ppos)
78
74
 {
79
75
 	struct net *net =
80
76
 		container_of(table->data, struct net, ipv4.ip_local_ports.range);
..
..
@@ -98,7 +94,7 @@
98
94
 		 * port limit.
99
95
 		 */
100
96
 		if ((range[1] < range[0]) ||
101
-		    (range[0] < net->ipv4.sysctl_ip_prot_sock))
97
+		    (range[0] < READ_ONCE(net->ipv4.sysctl_ip_prot_sock)))
102
98
 			ret = -EINVAL;
103
99
 		else
104
100
 			set_local_port_range(net, range);
..
..
@@ -109,7 +105,7 @@
109
105
 
110
106
 /* Validate changes from /proc interface. */
111
107
 static int ipv4_privileged_ports(struct ctl_table *table, int write,
112
-				void __user *buffer, size_t *lenp, loff_t *ppos)
108
+				void *buffer, size_t *lenp, loff_t *ppos)
113
109
 {
114
110
 	struct net *net = container_of(table->data, struct net,
115
111
 	    ipv4.sysctl_ip_prot_sock);
..
..
@@ -124,7 +120,7 @@
124
120
 		.extra2 = &ip_privileged_port_max,
125
121
 	};
126
122
 
127
-	pports = net->ipv4.sysctl_ip_prot_sock;
123
+	pports = READ_ONCE(net->ipv4.sysctl_ip_prot_sock);
128
124
 
129
125
 	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
130
126
 
..
..
@@ -136,7 +132,7 @@
136
132
 		if (range[0] < pports)
137
133
 			ret = -EINVAL;
138
134
 		else
139
-			net->ipv4.sysctl_ip_prot_sock = pports;
135
+			WRITE_ONCE(net->ipv4.sysctl_ip_prot_sock, pports);
140
136
 	}
141
137
 
142
138
 	return ret;
..
..
@@ -170,8 +166,7 @@
170
166
 
171
167
 /* Validate changes from /proc interface. */
172
168
 static int ipv4_ping_group_range(struct ctl_table *table, int write,
173
-				 void __user *buffer,
174
-				 size_t *lenp, loff_t *ppos)
169
+				 void *buffer, size_t *lenp, loff_t *ppos)
175
170
 {
176
171
 	struct user_namespace *user_ns = current_user_ns();
177
172
 	int ret;
..
..
@@ -206,8 +201,7 @@
206
201
 }
207
202
 
208
203
 static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
209
-				    void __user *buffer,
210
-				    size_t *lenp, loff_t *ppos)
204
+				    void *buffer, size_t *lenp, loff_t *ppos)
211
205
 {
212
206
 	struct net *net;
213
207
 	int ret;
..
..
@@ -223,7 +217,7 @@
223
217
 }
224
218
 
225
219
 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
226
-				       void __user *buffer, size_t *lenp, loff_t *ppos)
220
+				       void *buffer, size_t *lenp, loff_t *ppos)
227
221
 {
228
222
 	struct net *net = container_of(ctl->data, struct net,
229
223
 				       ipv4.tcp_congestion_control);
..
..
@@ -243,9 +237,8 @@
243
237
 }
244
238
 
245
239
 static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
246
-						 int write,
247
-						 void __user *buffer, size_t *lenp,
248
-						 loff_t *ppos)
240
+						 int write, void *buffer,
241
+						 size_t *lenp, loff_t *ppos)
249
242
 {
250
243
 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
251
244
 	int ret;
..
..
@@ -260,9 +253,8 @@
260
253
 }
261
254
 
262
255
 static int proc_allowed_congestion_control(struct ctl_table *ctl,
263
-					   int write,
264
-					   void __user *buffer, size_t *lenp,
265
-					   loff_t *ppos)
256
+					   int write, void *buffer,
257
+					   size_t *lenp, loff_t *ppos)
266
258
 {
267
259
 	struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
268
260
 	int ret;
..
..
@@ -279,117 +271,97 @@
279
271
 	return ret;
280
272
 }
281
273
 
274
+static int sscanf_key(char *buf, __le32 *key)
275
+{
276
+	u32 user_key[4];
277
+	int i, ret = 0;
278
+
279
+	if (sscanf(buf, "%x-%x-%x-%x", user_key, user_key + 1,
280
+		   user_key + 2, user_key + 3) != 4) {
281
+		ret = -EINVAL;
282
+	} else {
283
+		for (i = 0; i < ARRAY_SIZE(user_key); i++)
284
+			key[i] = cpu_to_le32(user_key[i]);
285
+	}
286
+	pr_debug("proc TFO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
287
+		 user_key[0], user_key[1], user_key[2], user_key[3], buf, ret);
288
+
289
+	return ret;
290
+}
291
+
282
292
 static int proc_tcp_fastopen_key(struct ctl_table *table, int write,
283
-				 void __user *buffer, size_t *lenp,
284
-				 loff_t *ppos)
293
+				 void *buffer, size_t *lenp, loff_t *ppos)
285
294
 {
286
295
 	struct net *net = container_of(table->data, struct net,
287
296
 	    ipv4.sysctl_tcp_fastopen);
288
-	struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
289
-	struct tcp_fastopen_context *ctxt;
290
-	u32  user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
291
-	__le32 key[4];
292
-	int ret, i;
297
+	/* maxlen to print the list of keys in hex (*2), with dashes
298
+	 * separating doublewords and a comma in between keys.
299
+	 */
300
+	struct ctl_table tbl = { .maxlen = ((TCP_FASTOPEN_KEY_LENGTH *
301
+					    2 * TCP_FASTOPEN_KEY_MAX) +
302
+					    (TCP_FASTOPEN_KEY_MAX * 5)) };
303
+	u32 user_key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u32)];
304
+	__le32 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(__le32)];
305
+	char *backup_data;
306
+	int ret, i = 0, off = 0, n_keys;
293
307
 
294
308
 	tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
295
309
 	if (!tbl.data)
296
310
 		return -ENOMEM;
297
311
 
298
-	rcu_read_lock();
299
-	ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx);
300
-	if (ctxt)
301
-		memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
302
-	else
303
-		memset(key, 0, sizeof(key));
304
-	rcu_read_unlock();
312
+	n_keys = tcp_fastopen_get_cipher(net, NULL, (u64 *)key);
313
+	if (!n_keys) {
314
+		memset(&key[0], 0, TCP_FASTOPEN_KEY_LENGTH);
315
+		n_keys = 1;
316
+	}
305
317
 
306
-	for (i = 0; i < ARRAY_SIZE(key); i++)
318
+	for (i = 0; i < n_keys * 4; i++)
307
319
 		user_key[i] = le32_to_cpu(key[i]);
308
320
 
309
-	snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
310
-		user_key[0], user_key[1], user_key[2], user_key[3]);
321
+	for (i = 0; i < n_keys; i++) {
322
+		off += snprintf(tbl.data + off, tbl.maxlen - off,
323
+				"%08x-%08x-%08x-%08x",
324
+				user_key[i * 4],
325
+				user_key[i * 4 + 1],
326
+				user_key[i * 4 + 2],
327
+				user_key[i * 4 + 3]);
328
+
329
+		if (WARN_ON_ONCE(off >= tbl.maxlen - 1))
330
+			break;
331
+
332
+		if (i + 1 < n_keys)
333
+			off += snprintf(tbl.data + off, tbl.maxlen - off, ",");
334
+	}
335
+
311
336
 	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
312
337
 
313
338
 	if (write && ret == 0) {
314
-		if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
315
-			   user_key + 2, user_key + 3) != 4) {
339
+		backup_data = strchr(tbl.data, ',');
340
+		if (backup_data) {
341
+			*backup_data = '\0';
342
+			backup_data++;
343
+		}
344
+		if (sscanf_key(tbl.data, key)) {
316
345
 			ret = -EINVAL;
317
346
 			goto bad_key;
318
347
 		}
319
-
320
-		for (i = 0; i < ARRAY_SIZE(user_key); i++)
321
-			key[i] = cpu_to_le32(user_key[i]);
322
-
348
+		if (backup_data) {
349
+			if (sscanf_key(backup_data, key + 4)) {
350
+				ret = -EINVAL;
351
+				goto bad_key;
352
+			}
353
+		}
323
354
 		tcp_fastopen_reset_cipher(net, NULL, key,
324
-					  TCP_FASTOPEN_KEY_LENGTH);
355
+					  backup_data ? key + 4 : NULL);
325
356
 	}
326
357
 
327
358
 bad_key:
328
-	pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
329
-		user_key[0], user_key[1], user_key[2], user_key[3],
330
-	       (char *)tbl.data, ret);
331
359
 	kfree(tbl.data);
332
360
 	return ret;
333
361
 }
334
362
 
335
-static void proc_configure_early_demux(int enabled, int protocol)
336
-{
337
-	struct net_protocol *ipprot;
338
-#if IS_ENABLED(CONFIG_IPV6)
339
-	struct inet6_protocol *ip6prot;
340
-#endif
341
-
342
-	rcu_read_lock();
343
-
344
-	ipprot = rcu_dereference(inet_protos[protocol]);
345
-	if (ipprot)
346
-		ipprot->early_demux = enabled ? ipprot->early_demux_handler :
347
-						NULL;
348
-
349
-#if IS_ENABLED(CONFIG_IPV6)
350
-	ip6prot = rcu_dereference(inet6_protos[protocol]);
351
-	if (ip6prot)
352
-		ip6prot->early_demux = enabled ? ip6prot->early_demux_handler :
353
-						 NULL;
354
-#endif
355
-	rcu_read_unlock();
356
-}
357
-
358
-static int proc_tcp_early_demux(struct ctl_table *table, int write,
359
-				void __user *buffer, size_t *lenp, loff_t *ppos)
360
-{
361
-	int ret = 0;
362
-
363
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
364
-
365
-	if (write && !ret) {
366
-		int enabled = init_net.ipv4.sysctl_tcp_early_demux;
367
-
368
-		proc_configure_early_demux(enabled, IPPROTO_TCP);
369
-	}
370
-
371
-	return ret;
372
-}
373
-
374
-static int proc_udp_early_demux(struct ctl_table *table, int write,
375
-				void __user *buffer, size_t *lenp, loff_t *ppos)
376
-{
377
-	int ret = 0;
378
-
379
-	ret = proc_dointvec(table, write, buffer, lenp, ppos);
380
-
381
-	if (write && !ret) {
382
-		int enabled = init_net.ipv4.sysctl_udp_early_demux;
383
-
384
-		proc_configure_early_demux(enabled, IPPROTO_UDP);
385
-	}
386
-
387
-	return ret;
388
-}
389
-
390
363
 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table,
391
-					     int write,
392
-					     void __user *buffer,
364
+					     int write, void *buffer,
393
365
 					     size_t *lenp, loff_t *ppos)
394
366
 {
395
367
 	struct net *net = container_of(table->data, struct net,
..
..
@@ -404,8 +376,7 @@
404
376
 }
405
377
 
406
378
 static int proc_tcp_available_ulp(struct ctl_table *ctl,
407
-				  int write,
408
-				  void __user *buffer, size_t *lenp,
379
+				  int write, void *buffer, size_t *lenp,
409
380
 				  loff_t *ppos)
410
381
 {
411
382
 	struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, };
..
..
@@ -423,7 +394,7 @@
423
394
 
424
395
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
425
396
 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
426
-					  void __user *buffer, size_t *lenp,
397
+					  void *buffer, size_t *lenp,
427
398
 					  loff_t *ppos)
428
399
 {
429
400
 	struct net *net = container_of(table->data, struct net,
..
..
@@ -512,18 +483,6 @@
512
483
 	},
513
484
 #endif /* CONFIG_NETLABEL */
514
485
 	{
515
-		.procname	= "tcp_available_congestion_control",
516
-		.maxlen		= TCP_CA_BUF_MAX,
517
-		.mode		= 0444,
518
-		.proc_handler   = proc_tcp_available_congestion_control,
519
-	},
520
-	{
521
-		.procname	= "tcp_allowed_congestion_control",
522
-		.maxlen		= TCP_CA_BUF_MAX,
523
-		.mode		= 0644,
524
-		.proc_handler   = proc_allowed_congestion_control,
525
-	},
526
-	{
527
486
 		.procname	= "tcp_available_ulp",
528
487
 		.maxlen		= TCP_ULP_BUF_MAX,
529
488
 		.mode		= 0444,
..
..
@@ -535,7 +494,7 @@
535
494
 		.maxlen		= sizeof(int),
536
495
 		.mode		= 0644,
537
496
 		.proc_handler	= proc_dointvec_minmax,
538
-		.extra1		= &zero,
497
+		.extra1		= SYSCTL_ZERO,
539
498
 	},
540
499
 	{
541
500
 		.procname	= "icmp_msgs_burst",
..
..
@@ -543,7 +502,7 @@
543
502
 		.maxlen		= sizeof(int),
544
503
 		.mode		= 0644,
545
504
 		.proc_handler	= proc_dointvec_minmax,
546
-		.extra1		= &zero,
505
+		.extra1		= SYSCTL_ZERO,
547
506
 	},
548
507
 	{
549
508
 		.procname	= "udp_mem",
..
..
@@ -551,6 +510,27 @@
551
510
 		.maxlen		= sizeof(sysctl_udp_mem),
552
511
 		.mode		= 0644,
553
512
 		.proc_handler	= proc_doulongvec_minmax,
513
+	},
514
+	{
515
+		.procname	= "fib_sync_mem",
516
+		.data		= &sysctl_fib_sync_mem,
517
+		.maxlen		= sizeof(sysctl_fib_sync_mem),
518
+		.mode		= 0644,
519
+		.proc_handler	= proc_douintvec_minmax,
520
+		.extra1		= &sysctl_fib_sync_mem_min,
521
+		.extra2		= &sysctl_fib_sync_mem_max,
522
+	},
523
+	{
524
+		.procname	= "tcp_rx_skb_cache",
525
+		.data		= &tcp_rx_skb_cache_key.key,
526
+		.mode		= 0644,
527
+		.proc_handler	= proc_do_static_key,
528
+	},
529
+	{
530
+		.procname	= "tcp_tx_skb_cache",
531
+		.data		= &tcp_tx_skb_cache_key.key,
532
+		.mode		= 0644,
533
+		.proc_handler	= proc_do_static_key,
554
534
 	},
555
535
 	{ }
556
536
 };
..
..
@@ -605,6 +585,17 @@
605
585
 		.mode		= 0644,
606
586
 		.proc_handler	= ipv4_ping_group_range,
607
587
 	},
588
+#ifdef CONFIG_NET_L3_MASTER_DEV
589
+	{
590
+		.procname	= "raw_l3mdev_accept",
591
+		.data		= &init_net.ipv4.sysctl_raw_l3mdev_accept,
592
+		.maxlen		= sizeof(int),
593
+		.mode		= 0644,
594
+		.proc_handler	= proc_dointvec_minmax,
595
+		.extra1		= SYSCTL_ZERO,
596
+		.extra2		= SYSCTL_ONE,
597
+	},
598
+#endif
608
599
 	{
609
600
 		.procname	= "tcp_ecn",
610
601
 		.data		= &init_net.ipv4.sysctl_tcp_ecn,
..
..
@@ -638,14 +629,23 @@
638
629
 		.data           = &init_net.ipv4.sysctl_udp_early_demux,
639
630
 		.maxlen         = sizeof(int),
640
631
 		.mode           = 0644,
641
-		.proc_handler   = proc_udp_early_demux
632
+		.proc_handler   = proc_douintvec_minmax,
642
633
 	},
643
634
 	{
644
635
 		.procname       = "tcp_early_demux",
645
636
 		.data           = &init_net.ipv4.sysctl_tcp_early_demux,
646
637
 		.maxlen         = sizeof(int),
647
638
 		.mode           = 0644,
648
-		.proc_handler   = proc_tcp_early_demux
639
+		.proc_handler   = proc_douintvec_minmax,
640
+	},
641
+	{
642
+		.procname       = "nexthop_compat_mode",
643
+		.data           = &init_net.ipv4.sysctl_nexthop_compat_mode,
644
+		.maxlen         = sizeof(int),
645
+		.mode           = 0644,
646
+		.proc_handler   = proc_dointvec_minmax,
647
+		.extra1		= SYSCTL_ZERO,
648
+		.extra2		= SYSCTL_ONE,
649
649
 	},
650
650
 	{
651
651
 		.procname	= "ip_default_ttl",
..
..
@@ -671,6 +671,13 @@
671
671
 		.proc_handler	= proc_do_large_bitmap,
672
672
 	},
673
673
 	{
674
+		.procname	= "ip_local_unbindable_ports",
675
+		.data		= &init_net.ipv4.sysctl_local_unbindable_ports,
676
+		.maxlen		= 65536,
677
+		.mode		= 0644,
678
+		.proc_handler	= proc_do_large_bitmap,
679
+	},
680
+	{
674
681
 		.procname	= "ip_no_pmtu_disc",
675
682
 		.data		= &init_net.ipv4.sysctl_ip_no_pmtu_disc,
676
683
 		.maxlen		= sizeof(int),
..
..
@@ -690,8 +697,8 @@
690
697
 		.maxlen		= sizeof(int),
691
698
 		.mode		= 0644,
692
699
 		.proc_handler   = ipv4_fwd_update_priority,
693
-		.extra1		= &zero,
694
-		.extra2		= &one,
700
+		.extra1		= SYSCTL_ZERO,
701
+		.extra2		= SYSCTL_ONE,
695
702
 	},
696
703
 	{
697
704
 		.procname	= "ip_nonlocal_bind",
..
..
@@ -699,6 +706,15 @@
699
706
 		.maxlen		= sizeof(int),
700
707
 		.mode		= 0644,
701
708
 		.proc_handler	= proc_dointvec
709
+	},
710
+	{
711
+		.procname	= "ip_autobind_reuse",
712
+		.data		= &init_net.ipv4.sysctl_ip_autobind_reuse,
713
+		.maxlen		= sizeof(int),
714
+		.mode		= 0644,
715
+		.proc_handler	= proc_dointvec_minmax,
716
+		.extra1         = SYSCTL_ZERO,
717
+		.extra2         = SYSCTL_ONE,
702
718
 	},
703
719
 	{
704
720
 		.procname	= "fwmark_reflect",
..
..
@@ -721,8 +737,8 @@
721
737
 		.maxlen		= sizeof(int),
722
738
 		.mode		= 0644,
723
739
 		.proc_handler	= proc_dointvec_minmax,
724
-		.extra1		= &zero,
725
-		.extra2		= &one,
740
+		.extra1		= SYSCTL_ZERO,
741
+		.extra2		= SYSCTL_ONE,
726
742
 	},
727
743
 #endif
728
744
 	{
..
..
@@ -742,6 +758,15 @@
742
758
 	{
743
759
 		.procname	= "tcp_min_snd_mss",
744
760
 		.data		= &init_net.ipv4.sysctl_tcp_min_snd_mss,
761
+		.maxlen		= sizeof(int),
762
+		.mode		= 0644,
763
+		.proc_handler	= proc_dointvec_minmax,
764
+		.extra1		= &tcp_min_snd_mss_min,
765
+		.extra2		= &tcp_min_snd_mss_max,
766
+	},
767
+	{
768
+		.procname	= "tcp_mtu_probe_floor",
769
+		.data		= &init_net.ipv4.sysctl_tcp_mtu_probe_floor,
745
770
 		.maxlen		= sizeof(int),
746
771
 		.mode		= 0644,
747
772
 		.proc_handler	= proc_dointvec_minmax,
..
..
@@ -791,7 +816,7 @@
791
816
 		.maxlen		= sizeof(int),
792
817
 		.mode		= 0644,
793
818
 		.proc_handler	= proc_dointvec_minmax,
794
-		.extra1		= &one
819
+		.extra1		= SYSCTL_ONE
795
820
 	},
796
821
 #endif
797
822
 	{
..
..
@@ -800,6 +825,18 @@
800
825
 		.mode		= 0644,
801
826
 		.maxlen		= TCP_CA_NAME_MAX,
802
827
 		.proc_handler	= proc_tcp_congestion_control,
828
+	},
829
+	{
830
+		.procname	= "tcp_available_congestion_control",
831
+		.maxlen		= TCP_CA_BUF_MAX,
832
+		.mode		= 0444,
833
+		.proc_handler   = proc_tcp_available_congestion_control,
834
+	},
835
+	{
836
+		.procname	= "tcp_allowed_congestion_control",
837
+		.maxlen		= TCP_CA_BUF_MAX,
838
+		.mode		= 0644,
839
+		.proc_handler   = proc_allowed_congestion_control,
803
840
 	},
804
841
 	{
805
842
 		.procname	= "tcp_keepalive_time",
..
..
@@ -896,7 +933,7 @@
896
933
 		.maxlen		= sizeof(int),
897
934
 		.mode		= 0644,
898
935
 		.proc_handler	= proc_dointvec_minmax,
899
-		.extra1		= &zero,
936
+		.extra1		= SYSCTL_ZERO,
900
937
 		.extra2		= &two,
901
938
 	},
902
939
 	{
..
..
@@ -924,7 +961,12 @@
924
961
 		.procname	= "tcp_fastopen_key",
925
962
 		.mode		= 0600,
926
963
 		.data		= &init_net.ipv4.sysctl_tcp_fastopen,
927
-		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
964
+		/* maxlen to print the list of keys in hex (*2), with dashes
965
+		 * separating doublewords and a comma in between keys.
966
+		 */
967
+		.maxlen		= ((TCP_FASTOPEN_KEY_LENGTH *
968
+				   2 * TCP_FASTOPEN_KEY_MAX) +
969
+				   (TCP_FASTOPEN_KEY_MAX * 5)),
928
970
 		.proc_handler	= proc_tcp_fastopen_key,
929
971
 	},
930
972
 	{
..
..
@@ -933,7 +975,7 @@
933
975
 		.maxlen		= sizeof(int),
934
976
 		.mode		= 0644,
935
977
 		.proc_handler	= proc_tfo_blackhole_detect_timeout,
936
-		.extra1		= &zero,
978
+		.extra1		= SYSCTL_ZERO,
937
979
 	},
938
980
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
939
981
 	{
..
..
@@ -942,8 +984,8 @@
942
984
 		.maxlen		= sizeof(int),
943
985
 		.mode		= 0644,
944
986
 		.proc_handler	= proc_dointvec_minmax,
945
-		.extra1		= &zero,
946
-		.extra2		= &one,
987
+		.extra1		= SYSCTL_ZERO,
988
+		.extra2		= SYSCTL_ONE,
947
989
 	},
948
990
 	{
949
991
 		.procname	= "fib_multipath_hash_policy",
..
..
@@ -951,8 +993,8 @@
951
993
 		.maxlen		= sizeof(int),
952
994
 		.mode		= 0644,
953
995
 		.proc_handler	= proc_fib_multipath_hash_policy,
954
-		.extra1		= &zero,
955
-		.extra2		= &one,
996
+		.extra1		= SYSCTL_ZERO,
997
+		.extra2		= &two,
956
998
 	},
957
999
 #endif
958
1000
 	{
..
..
@@ -969,8 +1011,8 @@
969
1011
 		.maxlen		= sizeof(int),
970
1012
 		.mode		= 0644,
971
1013
 		.proc_handler	= proc_dointvec_minmax,
972
-		.extra1		= &zero,
973
-		.extra2		= &one,
1014
+		.extra1		= SYSCTL_ZERO,
1015
+		.extra2		= SYSCTL_ONE,
974
1016
 	},
975
1017
 #endif
976
1018
 	{
..
..
@@ -1000,7 +1042,7 @@
1000
1042
 		.maxlen		= sizeof(int),
1001
1043
 		.mode		= 0644,
1002
1044
 		.proc_handler	= proc_dointvec_minmax,
1003
-		.extra1		= &zero,
1045
+		.extra1		= SYSCTL_ZERO,
1004
1046
 		.extra2		= &four,
1005
1047
 	},
1006
1048
 	{
..
..
@@ -1104,6 +1146,15 @@
1104
1146
 		.proc_handler	= proc_dointvec,
1105
1147
 	},
1106
1148
 	{
1149
+		.procname	= "tcp_no_ssthresh_metrics_save",
1150
+		.data		= &init_net.ipv4.sysctl_tcp_no_ssthresh_metrics_save,
1151
+		.maxlen		= sizeof(int),
1152
+		.mode		= 0644,
1153
+		.proc_handler	= proc_dointvec_minmax,
1154
+		.extra1		= SYSCTL_ZERO,
1155
+		.extra2		= SYSCTL_ONE,
1156
+	},
1157
+	{
1107
1158
 		.procname	= "tcp_moderate_rcvbuf",
1108
1159
 		.data		= &init_net.ipv4.sysctl_tcp_moderate_rcvbuf,
1109
1160
 		.maxlen		= sizeof(int),
..
..
@@ -1144,8 +1195,7 @@
1144
1195
 		.maxlen		= sizeof(int),
1145
1196
 		.mode		= 0644,
1146
1197
 		.proc_handler	= proc_dointvec_minmax,
1147
-		.extra1		= &one,
1148
-		.extra2		= &gso_max_segs,
1198
+		.extra1		= SYSCTL_ONE,
1149
1199
 	},
1150
1200
 	{
1151
1201
 		.procname	= "tcp_min_rtt_wlen",
..
..
@@ -1153,7 +1203,7 @@
1153
1203
 		.maxlen		= sizeof(int),
1154
1204
 		.mode		= 0644,
1155
1205
 		.proc_handler	= proc_dointvec_minmax,
1156
-		.extra1		= &zero,
1206
+		.extra1		= SYSCTL_ZERO,
1157
1207
 		.extra2		= &one_day_secs
1158
1208
 	},
1159
1209
 	{
..
..
@@ -1162,8 +1212,8 @@
1162
1212
 		.maxlen		= sizeof(int),
1163
1213
 		.mode		= 0644,
1164
1214
 		.proc_handler	= proc_dointvec_minmax,
1165
-		.extra1		= &zero,
1166
-		.extra2		= &one,
1215
+		.extra1		= SYSCTL_ZERO,
1216
+		.extra2		= SYSCTL_ONE,
1167
1217
 	},
1168
1218
 	{
1169
1219
 		.procname	= "tcp_invalid_ratelimit",
..
..
@@ -1178,7 +1228,7 @@
1178
1228
 		.maxlen		= sizeof(int),
1179
1229
 		.mode		= 0644,
1180
1230
 		.proc_handler	= proc_dointvec_minmax,
1181
-		.extra1		= &zero,
1231
+		.extra1		= SYSCTL_ZERO,
1182
1232
 		.extra2		= &thousand,
1183
1233
 	},
1184
1234
 	{
..
..
@@ -1187,7 +1237,7 @@
1187
1237
 		.maxlen		= sizeof(int),
1188
1238
 		.mode		= 0644,
1189
1239
 		.proc_handler	= proc_dointvec_minmax,
1190
-		.extra1		= &zero,
1240
+		.extra1		= SYSCTL_ZERO,
1191
1241
 		.extra2		= &thousand,
1192
1242
 	},
1193
1243
 	{
..
..
@@ -1196,7 +1246,7 @@
1196
1246
 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_wmem),
1197
1247
 		.mode		= 0644,
1198
1248
 		.proc_handler	= proc_dointvec_minmax,
1199
-		.extra1		= &one,
1249
+		.extra1		= SYSCTL_ONE,
1200
1250
 	},
1201
1251
 	{
1202
1252
 		.procname	= "tcp_rmem",
..
..
@@ -1204,11 +1254,18 @@
1204
1254
 		.maxlen		= sizeof(init_net.ipv4.sysctl_tcp_rmem),
1205
1255
 		.mode		= 0644,
1206
1256
 		.proc_handler	= proc_dointvec_minmax,
1207
-		.extra1		= &one,
1257
+		.extra1		= SYSCTL_ONE,
1208
1258
 	},
1209
1259
 	{
1210
1260
 		.procname	= "tcp_comp_sack_delay_ns",
1211
1261
 		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_delay_ns,
1262
+		.maxlen		= sizeof(unsigned long),
1263
+		.mode		= 0644,
1264
+		.proc_handler	= proc_doulongvec_minmax,
1265
+	},
1266
+	{
1267
+		.procname	= "tcp_comp_sack_slack_ns",
1268
+		.data		= &init_net.ipv4.sysctl_tcp_comp_sack_slack_ns,
1212
1269
 		.maxlen		= sizeof(unsigned long),
1213
1270
 		.mode		= 0644,
1214
1271
 		.proc_handler	= proc_doulongvec_minmax,
..
..
@@ -1219,8 +1276,17 @@
1219
1276
 		.maxlen		= sizeof(int),
1220
1277
 		.mode		= 0644,
1221
1278
 		.proc_handler	= proc_dointvec_minmax,
1222
-		.extra1		= &zero,
1279
+		.extra1		= SYSCTL_ZERO,
1223
1280
 		.extra2		= &comp_sack_nr_max,
1281
+	},
1282
+	{
1283
+		.procname       = "tcp_reflect_tos",
1284
+		.data           = &init_net.ipv4.sysctl_tcp_reflect_tos,
1285
+		.maxlen         = sizeof(int),
1286
+		.mode           = 0644,
1287
+		.proc_handler   = proc_dointvec_minmax,
1288
+		.extra1         = SYSCTL_ZERO,
1289
+		.extra2         = SYSCTL_ONE,
1224
1290
 	},
1225
1291
 	{
1226
1292
 		.procname	= "udp_rmem_min",
..
..
@@ -1228,7 +1294,7 @@
1228
1294
 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_rmem_min),
1229
1295
 		.mode		= 0644,
1230
1296
 		.proc_handler	= proc_dointvec_minmax,
1231
-		.extra1		= &one
1297
+		.extra1		= SYSCTL_ONE
1232
1298
 	},
1233
1299
 	{
1234
1300
 		.procname	= "udp_wmem_min",
..
..
@@ -1236,7 +1302,7 @@
1236
1302
 		.maxlen		= sizeof(init_net.ipv4.sysctl_udp_wmem_min),
1237
1303
 		.mode		= 0644,
1238
1304
 		.proc_handler	= proc_dointvec_minmax,
1239
-		.extra1		= &one
1305
+		.extra1		= SYSCTL_ONE
1240
1306
 	},
1241
1307
 	{ }
1242
1308
 };
..
..
@@ -1253,9 +1319,19 @@
1253
1319
 		if (!table)
1254
1320
 			goto err_alloc;
1255
1321
 
1256
-		/* Update the variables to point into the current struct net */
1257
-		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++)
1258
-			table[i].data += (void *)net - (void *)&init_net;
1322
+		for (i = 0; i < ARRAY_SIZE(ipv4_net_table) - 1; i++) {
1323
+			if (table[i].data) {
1324
+				/* Update the variables to point into
1325
+				 * the current struct net
1326
+				 */
1327
+				table[i].data += (void *)net - (void *)&init_net;
1328
+			} else {
1329
+				/* Entries without data pointer are global;
1330
+				 * Make them read-only in non-init_net ns
1331
+				 */
1332
+				table[i].mode &= ~0222;
1333
+			}
1334
+		}
1259
1335
 	}
1260
1336
 
1261
1337
 	net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
..
..
@@ -1264,11 +1340,17 @@
1264
1340
 
1265
1341
 	net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
1266
1342
 	if (!net->ipv4.sysctl_local_reserved_ports)
1267
-		goto err_ports;
1343
+		goto err_reserved_ports;
1344
+
1345
+	net->ipv4.sysctl_local_unbindable_ports = kzalloc(65536 / 8, GFP_KERNEL);
1346
+	if (!net->ipv4.sysctl_local_unbindable_ports)
1347
+		goto err_unbindable_ports;
1268
1348
 
1269
1349
 	return 0;
1270
1350
 
1271
-err_ports:
1351
+err_unbindable_ports:
1352
+	kfree(net->ipv4.sysctl_local_reserved_ports);
1353
+err_reserved_ports:
1272
1354
 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
1273
1355
 err_reg:
1274
1356
 	if (!net_eq(net, &init_net))
..
..
@@ -1281,6 +1363,7 @@
1281
1363
 {
1282
1364
 	struct ctl_table *table;
1283
1365
 
1366
+	kfree(net->ipv4.sysctl_local_unbindable_ports);
1284
1367
 	kfree(net->ipv4.sysctl_local_reserved_ports);
1285
1368
 	table = net->ipv4.ipv4_hdr->ctl_table_arg;
1286
1369
 	unregister_net_sysctl_table(net->ipv4.ipv4_hdr);