sctp: Make sysctl tunables per net

	/* Lock that protects the local_addr_list writers */

	spinlock_t local_addr_lock;

	/* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values

	 *

	 * The following protocol parameters are RECOMMENDED:

	 *

	 * RTO.Initial		    - 3	 seconds

	 * RTO.Min		    - 1	 second

	 * RTO.Max		   -  60 seconds

	 * RTO.Alpha		    - 1/8  (3 when converted to right shifts.)

	 * RTO.Beta		    - 1/4  (2 when converted to right shifts.)

	 */

	unsigned int rto_initial;

	unsigned int rto_min;

	unsigned int rto_max;

	/* Note: rto_alpha and rto_beta are really defined as inverse

	 * powers of two to facilitate integer operations.

	 */

	int rto_alpha;

	int rto_beta;

	/* Max.Burst		    - 4 */

	int max_burst;

	/* Whether Cookie Preservative is enabled(1) or not(0) */

	int cookie_preserve_enable;

	/* Valid.Cookie.Life	    - 60  seconds  */

	unsigned int valid_cookie_life;

	/* Delayed SACK timeout  200ms default*/

	unsigned int sack_timeout;

	/* HB.interval		    - 30 seconds  */

	unsigned int hb_interval;

	/* Association.Max.Retrans  - 10 attempts

	 * Path.Max.Retrans	    - 5	 attempts (per destination address)

	 * Max.Init.Retransmits	    - 8	 attempts

	 */

	int max_retrans_association;

	int max_retrans_path;

	int max_retrans_init;

	/* Potentially-Failed.Max.Retrans sysctl value

	 * taken from:

	 * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05

	 */

	int pf_retrans;

	/*

	 * Policy for preforming sctp/socket accounting

	 * 0   - do socket level accounting, all assocs share sk_sndbuf

	 * 1   - do sctp accounting, each asoc may use sk_sndbuf bytes

	 */

	int sndbuf_policy;

	/*

	 * Policy for preforming sctp/socket accounting

	 * 0   - do socket level accounting, all assocs share sk_rcvbuf

	 * 1   - do sctp accounting, each asoc may use sk_rcvbuf bytes

	 */

	int rcvbuf_policy;

	int default_auto_asconf;

	/* Flag to indicate if addip is enabled. */

	int addip_enable;

	int addip_noauth;

	/* Flag to indicate if PR-SCTP is enabled. */

	int prsctp_enable;

	/* Flag to idicate if SCTP-AUTH is enabled */

	int auth_enable;

	/*

	 * Policy to control SCTP IPv4 address scoping

	 * 0   - Disable IPv4 address scoping

	 * 1   - Enable IPv4 address scoping

	 * 2   - Selectively allow only IPv4 private addresses

	 * 3   - Selectively allow only IPv4 link local address

	 */

	int scope_policy;

	/* Threshold for rwnd update SACKS.  Receive buffer shifted this many

	 * bits is an indicator of when to send and window update SACK.

	 */

	int rwnd_upd_shift;

	/* Threshold for autoclose timeout, in seconds. */

	unsigned long max_autoclose;

};

#endif /* __NETNS_SCTP_H__ */

/* The SCTP globals structure. */

extern struct sctp_globals {

	/* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values

	 *

	 * The following protocol parameters are RECOMMENDED:

	 *

	 * RTO.Initial		    - 3	 seconds

	 * RTO.Min		    - 1	 second

	 * RTO.Max		   -  60 seconds

	 * RTO.Alpha		    - 1/8  (3 when converted to right shifts.)

	 * RTO.Beta		    - 1/4  (2 when converted to right shifts.)

	 */

	unsigned int rto_initial;

	unsigned int rto_min;

	unsigned int rto_max;

	/* Note: rto_alpha and rto_beta are really defined as inverse

	 * powers of two to facilitate integer operations.

	 */

	int rto_alpha;

	int rto_beta;

	/* Max.Burst		    - 4 */

	int max_burst;

	/* Whether Cookie Preservative is enabled(1) or not(0) */

	int cookie_preserve_enable;

	/* Valid.Cookie.Life	    - 60  seconds  */

	unsigned int valid_cookie_life;

	/* Delayed SACK timeout  200ms default*/

	unsigned int sack_timeout;

	/* HB.interval		    - 30 seconds  */

	unsigned int hb_interval;

	/* Association.Max.Retrans  - 10 attempts

	 * Path.Max.Retrans	    - 5	 attempts (per destination address)

	 * Max.Init.Retransmits	    - 8	 attempts

	 */

	int max_retrans_association;

	int max_retrans_path;

	int max_retrans_init;

	/* Potentially-Failed.Max.Retrans sysctl value

	 * taken from:

	 * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05

	 */

	int pf_retrans;

	/*

	 * Policy for preforming sctp/socket accounting

	 * 0   - do socket level accounting, all assocs share sk_sndbuf

	 * 1   - do sctp accounting, each asoc may use sk_sndbuf bytes

	 */

	int sndbuf_policy;

	/*

	 * Policy for preforming sctp/socket accounting

	 * 0   - do socket level accounting, all assocs share sk_rcvbuf

	 * 1   - do sctp accounting, each asoc may use sk_rcvbuf bytes

	 */

	int rcvbuf_policy;

	/* The following variables are implementation specific.	 */

	/* Default initialization values to be applied to new associations. */

	int port_hashsize;

	struct sctp_bind_hashbucket *port_hashtable;

	int default_auto_asconf;

	/* Flag to indicate if addip is enabled. */

	int addip_enable;

	int addip_noauth_enable;

	/* Flag to indicate if PR-SCTP is enabled. */

	int prsctp_enable;

	/* Flag to idicate if SCTP-AUTH is enabled */

	int auth_enable;

	/*

	 * Policy to control SCTP IPv4 address scoping

	 * 0   - Disable IPv4 address scoping

	 * 1   - Enable IPv4 address scoping

	 * 2   - Selectively allow only IPv4 private addresses

	 * 3   - Selectively allow only IPv4 link local address

	 */

	int ipv4_scope_policy;

	/* Flag to indicate whether computing and verifying checksum

	 * is disabled. */

        bool checksum_disable;

	/* Threshold for rwnd update SACKS.  Receive buffer shifted this many

	 * bits is an indicator of when to send and window update SACK.

	 */

	int rwnd_update_shift;

	/* Threshold for autoclose timeout, in seconds. */

	unsigned long max_autoclose;

} sctp_globals;

#define sctp_rto_initial		(sctp_globals.rto_initial)

#define sctp_rto_min			(sctp_globals.rto_min)

#define sctp_rto_max			(sctp_globals.rto_max)

#define sctp_rto_alpha			(sctp_globals.rto_alpha)

#define sctp_rto_beta			(sctp_globals.rto_beta)

#define sctp_max_burst			(sctp_globals.max_burst)

#define sctp_valid_cookie_life		(sctp_globals.valid_cookie_life)

#define sctp_cookie_preserve_enable	(sctp_globals.cookie_preserve_enable)

#define sctp_max_retrans_association	(sctp_globals.max_retrans_association)

#define sctp_sndbuf_policy	 	(sctp_globals.sndbuf_policy)

#define sctp_rcvbuf_policy	 	(sctp_globals.rcvbuf_policy)

#define sctp_max_retrans_path		(sctp_globals.max_retrans_path)

#define sctp_pf_retrans			(sctp_globals.pf_retrans)

#define sctp_max_retrans_init		(sctp_globals.max_retrans_init)

#define sctp_sack_timeout		(sctp_globals.sack_timeout)

#define sctp_hb_interval		(sctp_globals.hb_interval)

#define sctp_max_instreams		(sctp_globals.max_instreams)

#define sctp_max_outstreams		(sctp_globals.max_outstreams)

#define sctp_address_families		(sctp_globals.address_families)

#define sctp_assoc_hashtable		(sctp_globals.assoc_hashtable)

#define sctp_port_hashsize		(sctp_globals.port_hashsize)

#define sctp_port_hashtable		(sctp_globals.port_hashtable)

#define sctp_default_auto_asconf	(sctp_globals.default_auto_asconf)

#define sctp_scope_policy		(sctp_globals.ipv4_scope_policy)

#define sctp_addip_enable		(sctp_globals.addip_enable)

#define sctp_addip_noauth		(sctp_globals.addip_noauth_enable)

#define sctp_prsctp_enable		(sctp_globals.prsctp_enable)

#define sctp_auth_enable		(sctp_globals.auth_enable)

#define sctp_checksum_disable		(sctp_globals.checksum_disable)

#define sctp_rwnd_upd_shift		(sctp_globals.rwnd_update_shift)

#define sctp_max_autoclose		(sctp_globals.max_autoclose)

/* SCTP Socket type: UDP or TCP style. */

typedef enum {

					  sctp_scope_t scope,

					  gfp_t gfp)

{

	struct net *net = sock_net(sk);

	struct sctp_sock *sp;

	int i;

	sctp_paramhdr_t *p;

	 * socket values.

	 */

	asoc->max_retrans = sp->assocparams.sasoc_asocmaxrxt;

	asoc->pf_retrans  = sctp_pf_retrans;

	asoc->pf_retrans  = net->sctp.pf_retrans;

	asoc->rto_initial = msecs_to_jiffies(sp->rtoinfo.srto_initial);

	asoc->rto_max = msecs_to_jiffies(sp->rtoinfo.srto_max);

	asoc->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] = 0;

	asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay;

	asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] =

		min_t(unsigned long, sp->autoclose, sctp_max_autoclose) * HZ;

		min_t(unsigned long, sp->autoclose, net->sctp.max_autoclose) * HZ;

	/* Initializes the timers */

	for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i)

	 * and will revert old behavior.

	 */

	asoc->peer.asconf_capable = 0;

	if (sctp_addip_noauth)

	if (net->sctp.addip_noauth)

		asoc->peer.asconf_capable = 1;

	asoc->asconf_addr_del_pending = NULL;

	asoc->src_out_of_asoc_ok = 0;

/* Should we send a SACK to update our peer? */

static inline int sctp_peer_needs_update(struct sctp_association *asoc)

{

	struct net *net = sock_net(asoc->base.sk);

	switch (asoc->state) {

	case SCTP_STATE_ESTABLISHED:

	case SCTP_STATE_SHUTDOWN_PENDING:

	case SCTP_STATE_SHUTDOWN_SENT:

		if ((asoc->rwnd > asoc->a_rwnd) &&

		    ((asoc->rwnd - asoc->a_rwnd) >= max_t(__u32,

			   (asoc->base.sk->sk_rcvbuf >> sctp_rwnd_upd_shift),

			   (asoc->base.sk->sk_rcvbuf >> net->sctp.rwnd_upd_shift),

			   asoc->pathmtu)))

			return 1;

		break;

 */

int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp)

{

	struct net *net = sock_net(asoc->base.sk);

	struct sctp_auth_bytes	*secret;

	struct sctp_shared_key *ep_key;

	/* If we don't support AUTH, or peer is not capable

	 * we don't need to do anything.

	 */

	if (!sctp_auth_enable || !asoc->peer.auth_capable)

	if (!net->sctp.auth_enable || !asoc->peer.auth_capable)

		return 0;

	/* If the key_id is non-zero and we couldn't find an

 */

int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)

{

	struct net *net = sock_net(ep->base.sk);

	struct crypto_hash *tfm = NULL;

	__u16   id;

	/* if the transforms are already allocted, we are done */

	if (!sctp_auth_enable) {

	if (!net->sctp.auth_enable) {

		ep->auth_hmacs = NULL;

		return 0;

	}

/* Check if peer requested that this chunk is authenticated */

int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc)

{

	if (!sctp_auth_enable || !asoc || !asoc->peer.auth_capable)

	struct net  *net;

	if (!asoc)

		return 0;

	net = sock_net(asoc->base.sk);

	if (!net->sctp.auth_enable || !asoc->peer.auth_capable)

		return 0;

	return __sctp_auth_cid(chunk, asoc->peer.peer_chunks);

/* Check if we requested that peer authenticate this chunk. */

int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc)

{

	if (!sctp_auth_enable || !asoc)

	struct net *net;

	if (!asoc)

		return 0;

	net = sock_net(asoc->base.sk);

	if (!net->sctp.auth_enable);

		return 0;

	return __sctp_auth_cid(chunk,

	 * Address scoping can be selectively controlled via sysctl

	 * option

	 */

	switch (sctp_scope_policy) {

	switch (net->sctp.scope_policy) {

	case SCTP_SCOPE_POLICY_DISABLE:

		return 1;

	case SCTP_SCOPE_POLICY_ENABLE: