linux/net/ipv4
David S. Miller 14e50e57ae [XFRM]: Allow packet drops during larval state resolution.
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24 18:17:54 -07:00
..
ipvs [IPVS]: Use menuconfig objects. 2007-05-24 16:36:47 -07:00
netfilter [NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook 2007-05-24 16:44:40 -07:00
af_inet.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
ah4.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
arp.c [SK_BUFF]: Introduce arp_hdr(), remove skb->nh.arph 2007-04-25 22:25:12 -07:00
cipso_ipv4.c Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
datagram.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
devinet.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
esp4.c [XFRM]: beet: fix worst case header_len calculation 2007-04-25 22:28:39 -07:00
fib_frontend.c [IPV4] nl_fib_lookup: Initialise res.r before fib_res_put(&res) 2007-04-27 02:17:19 -07:00
fib_hash.c [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_lookup.h [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_rules.c [NET] fib_rules: delay route cache flush by ip_rt_min_delay 2007-04-25 22:28:24 -07:00
fib_semantics.c [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_trie.c [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
icmp.c [IPV4]: icmp: fix crash with sysctl_icmp_errors_use_inbound_ifaddr 2007-05-19 14:44:15 -07:00
igmp.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
inet_connection_sock.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
inet_diag.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
inet_hashtables.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
inet_timewait_sock.c [NET]: change layout of ehash table 2007-02-08 14:16:46 -08:00
inetpeer.c [IPV4]: Optimize inet_getpeer() 2007-04-25 22:23:49 -07:00
ip_forward.c [NET]: Allow forwarding of ip_summed except CHECKSUM_COMPLETE 2007-04-25 22:28:16 -07:00
ip_fragment.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ip_gre.c [IPV4] IP_GRE: Unify code path to get hash array index. 2007-04-25 22:29:56 -07:00
ip_input.c [IPV4] SNMP: Support InMcastPkts and InBcastPkts 2007-04-30 00:58:29 -07:00
ip_options.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ip_output.c [IPV4] SNMP: Support OutMcastPkts and OutBcastPkts 2007-04-30 00:58:32 -07:00
ip_sockglue.c [INET]: Add IP(V6)_PMTUDISC_RPOBE 2007-04-25 22:29:10 -07:00
ipcomp.c [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset} 2007-04-25 22:28:29 -07:00
ipconfig.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
ipip.c [IPV4] IPIP: Unify code path to get hash array index. 2007-04-25 22:29:55 -07:00
ipmr.c [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset} 2007-04-25 22:28:29 -07:00
Kconfig [IPV4]: Correct rp_filter help text. 2007-05-17 15:02:21 -07:00
Makefile [IPV4]: Consolidate common SNMP code 2007-04-25 22:29:51 -07:00
multipath_drr.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
multipath_random.c [IPV4]: Use random32() in net/ipv4/multipath 2007-02-26 11:43:00 -08:00
multipath_rr.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
multipath_wrandom.c [IPV4]: Use random32() in net/ipv4/multipath 2007-02-26 11:43:00 -08:00
multipath.c
netfilter.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
proc.c [IPV4] SNMP: Display new statistics at /proc/net/netstat 2007-05-14 03:07:30 -07:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
route.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
syncookies.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
sysctl_net_ipv4.c [TCP]: Add two new spurious RTO responses to FRTO 2007-04-25 22:23:23 -07:00
tcp_bic.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_cong.c [TCP] slow start: Make comments and code logic clearer. 2007-05-17 14:20:31 -07:00
tcp_cubic.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_diag.c
tcp_highspeed.c [TCP] Highspeed: Limited slow-start is nowadays in tcp_slow_start 2007-05-03 13:28:35 -07:00
tcp_htcp.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_hybla.c [TCP]: whitespace cleanup 2007-04-25 22:24:13 -07:00
tcp_illinois.c [TCP]: Fix linkage errors on i386. 2007-04-25 22:29:49 -07:00
tcp_input.c [TCP] FRTO: Prevent state inconsistency in corner cases 2007-05-19 13:56:57 -07:00
tcp_ipv4.c [NET]: Treat CHECKSUM_PARTIAL as CHECKSUM_UNNECESSARY 2007-04-25 22:28:43 -07:00
tcp_lp.c [TCP]: Fix linkage errors on i386. 2007-04-25 22:29:49 -07:00
tcp_minisocks.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
tcp_output.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
tcp_probe.c [TCP] tcp_probe: improvements for net-2.6.22 2007-04-25 22:28:10 -07:00
tcp_scalable.c
tcp_timer.c [TCP]: Abstract out all write queue operations. 2007-04-25 22:24:02 -07:00
tcp_vegas.c [TCP]: Fix linkage errors on i386. 2007-04-25 22:29:49 -07:00
tcp_vegas.h [TCP] TCP YEAH: Use vegas dont copy it. 2007-04-25 22:29:46 -07:00
tcp_veno.c [TCP]: Fix linkage errors on i386. 2007-04-25 22:29:49 -07:00
tcp_westwood.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_yeah.c [TCP] TCP YEAH: Use vegas dont copy it. 2007-04-25 22:29:46 -07:00
tcp.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
tunnel4.c [IPSEC]: Changing API of xfrm4_tunnel_register. 2007-02-13 12:54:47 -08:00
udp_impl.h [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
udp.c [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
udplite.c [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
xfrm4_input.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
xfrm4_mode_beet.c [XFRM]: beet: fix worst case header_len calculation 2007-04-25 22:28:39 -07:00
xfrm4_mode_transport.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm4_mode_tunnel.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm4_output.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
xfrm4_policy.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
xfrm4_state.c [IPSEC]: exporting xfrm_state_afinfo 2007-02-08 12:39:00 -08:00
xfrm4_tunnel.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00