linux/include/net
David S. Miller 14e50e57ae [XFRM]: Allow packet drops during larval state resolution.
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24 18:17:54 -07:00
..
bluetooth [Bluetooth] Fix L2CAP configuration parameter handling 2007-05-24 14:27:19 +02:00
irda include files: convert "include" subdirectory to UTF-8 2007-05-09 08:58:21 +02:00
iucv [AF_IUCV]: Implementation of a skb backlog queue 2007-05-04 12:22:07 -07:00
netfilter [NETFILTER]: nf_conntrack: Removes unused destroy operation of l3proto 2007-05-10 23:47:46 -07:00
sctp [SCTP]: Set assoc_id correctly during INIT collision. 2007-05-04 13:55:27 -07:00
tc_act
tipc
act_api.h
addrconf.h [IPV6] ADDRCONF: Optimistic Duplicate Address Detection (RFC 4429) Support. 2007-04-25 22:23:43 -07:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h
ah.h
arp.h
atmclip.h
ax25.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
cfg80211.h [WIRELESS] cfg80211: Update comment for locking. 2007-04-25 22:29:48 -07:00
checksum.h
cipso_ipv4.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
compat.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
datalink.h
dn_dev.h
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h
dn_nsp.h
dn_route.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn.h
dsfield.h
dst.h [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
esp.h [NET]: Move generic skbuff stuff from XFRM code to generic code 2007-04-25 22:28:33 -07:00
fib_rules.h [NET] fib_rules: Flush route cache after rule modifications 2007-04-25 22:28:18 -07:00
flow.h [XFRM]: Restrict upper layer information by bundle. 2007-04-30 00:58:09 -07:00
gen_stats.h
genetlink.h [GENETLINK]: Add cmd dump completion. 2006-12-02 21:32:09 -08:00
icmp.h
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h [PATCH] Remove comment about IEEE80211_RADIOTAP_FCS 2007-04-28 11:01:03 -04:00
ieee80211.h [PATCH] ieee80211: add ieee80211_channel_to_freq 2007-05-08 11:51:59 -04:00
ieee80211softmac_wx.h
ieee80211softmac.h
if_inet6.h
inet6_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_common.h
inet_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet_ecn.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
inet_hashtables.h [NET]: change layout of ehash table 2007-02-08 14:16:46 -08:00
inet_sock.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_timewait_sock.h [INET]: twcal_jiffie should be unsigned long, not int 2007-03-05 13:32:48 -08:00
inetpeer.h
ip6_checksum.h [IPV6]: Dumb typo in generic csum_ipv6_magic() 2006-12-22 11:12:07 -08:00
ip6_fib.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_route.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_tunnel.h
ip_fib.h [IPv4]: Use rtnl registration interface 2007-04-25 22:27:08 -07:00
ip_mp_alg.h
ip_vs.h
ip.h [IPV4]: Consolidate common SNMP code 2007-04-25 22:29:51 -07:00
ipcomp.h
ipconfig.h
ipip.h
ipv6.h [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h [WEXT]: Clean up how wext is called. 2007-04-26 20:43:56 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h [MAC80211]: Add mac80211 wireless stack. 2007-05-05 11:45:53 -07:00
mip6.h
ndisc.h
neighbour.h [NEIGH]: Use rtnl registration interface 2007-04-25 22:27:06 -07:00
netdma.h
netevent.h
netlabel.h NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
netlink.h [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h
p8022.h
pkt_cls.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
pkt_sched.h [NET_SCHED]: Eliminate qdisc_tree_lock 2007-04-25 22:29:07 -07:00
protocol.h [INET]: Change protocol field in struct inet_protosw to u16 2006-12-02 21:30:55 -08:00
psnap.h
raw.h
rawv6.h
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
rose.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
route.h [IPV4]: Convert ipv4 route to use the new dst_entry 'next' pointer 2007-02-10 23:20:38 -08:00
rtnetlink.h [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
sch_generic.h [NET_SCHED]: Unline tcf_destroy 2007-04-25 22:27:56 -07:00
scm.h
slhc_vj.h
snmp.h
sock.h cleanup compat ioctl handling 2007-05-08 11:15:09 -07:00
syncppp.h
tcp_ecn.h [TCP]: Sed magic converts func(sk, tp, ...) -> func(sk, ...) 2007-04-25 22:29:34 -07:00
tcp_states.h
tcp.h [TCP]: Use S+L catcher only with SACK for now 2007-05-03 03:30:34 -07:00
timewait_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
transp_v6.h
udp.h [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
udplite.h [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
wext.h [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
wireless.h [WIRELESS] cfg80211: New wireless config infrastructure. 2007-04-25 22:29:41 -07:00
x25.h [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. 2007-02-08 13:34:36 -08:00
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h [XFRM] SPD info TLV aggregation 2007-05-04 12:55:39 -07:00