Add net.ipv4.netns_inherit_tcp_sysctls to control whether a newly created
netns inherits selected IPv4 TCP sysctl state from old_net.

Default is 0, preserving current behavior.
When set to 1 in old_net, child netns receives parent TCP sysctl policy
during netns creation.
---
 include/net/netns/ipv4.h   | 1 +
 net/ipv4/sysctl_net_ipv4.c | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 53b180cc7a94..184498d4d541 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -60,6 +60,7 @@ struct netns_ipv4 {
 
 	/* TX readonly hotpath cache lines */
 	__cacheline_group_begin(netns_ipv4_read_tx);
+	u8 sysctl_netns_inherit_tcp_sysctls;
 	u8 sysctl_tcp_early_retrans;
 	u8 sysctl_tcp_tso_win_divisor;
 	u8 sysctl_tcp_tso_rtt_log;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index a1a50a5c80dc..58a310c029d9 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -1641,6 +1641,15 @@ static struct ctl_table ipv4_net_table[] = {
 		.extra1		= SYSCTL_ONE_THOUSAND,
 		.extra2		= &tcp_rto_max_max,
 	},
+	{
+		.procname	= "netns_inherit_tcp_sysctls",
+		.data		= &init_net.ipv4.sysctl_netns_inherit_tcp_sysctls,
+		.maxlen		= sizeof(u8),
+		.mode		= 0644,
+		.proc_handler	= proc_dou8vec_minmax,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_ONE,
+	},
 };
 
 static __net_init int ipv4_sysctl_init_net(struct net *net)
-- 
2.47.3