1
linux/net
David S. Miller 14e50e57ae [XFRM]: Allow packet drops during larval state resolution.
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24 18:17:54 -07:00
..
802 [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
8021q [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
appletalk header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
atm [NET]: SPIN_LOCK_UNLOCKED cleanup in drivers/atm, net 2007-04-26 01:37:44 -07:00
ax25 [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
bluetooth [Bluetooth] Fix L2CAP configuration parameter handling 2007-05-24 14:27:19 +02:00
bridge header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
core [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
dccp [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
decnet Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
econet [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
ethernet [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
ieee80211 [PATCH] ieee80211: include frequency in scan results 2007-05-08 11:51:59 -04:00
ipv4 [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipv6 [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipx Fix incorrect prototype for ipxrtr_route_packet() 2007-05-17 05:25:49 -07:00
irda [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
iucv Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
key [IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all 2007-05-19 14:21:18 -07:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
mac80211 [MAC80211]: include <linux/delay.h> instead of <asm/delay.h> 2007-05-10 23:45:09 -07:00
netfilter [NETFILTER]: nf_conntrack_h323: add missing T.120 address in OLCA 2007-05-24 16:44:11 -07:00
netlabel SELinux: extract the NetLabel SELinux support from the security server 2007-04-26 01:35:48 -04:00
netlink header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
netrom [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
packet [AF_PACKET]: Add option to return orig_dev to userspace. 2007-04-25 22:29:14 -07:00
rfkill [RFKILL]: Fix check for correct rfkill allocation 2007-05-19 12:24:39 -07:00
rose [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
rxrpc [AF_RXRPC]: Make call state names available if CONFIG_PROC_FS=n 2007-05-22 16:14:24 -07:00
sched [NET_SCHED]: sch_htb: fix event cache time calculation 2007-05-24 16:36:56 -07:00
sctp [SCTP]: Use menuconfig objects. 2007-05-24 16:36:48 -07:00
sunrpc Merge branch 'master' of /home/trondmy/repositories/git/linux-2.6/ 2007-05-17 11:36:59 -04:00
tipc [TIPC]: Fixed erroneous introduction of for_each_netdev 2007-05-24 16:36:54 -07:00
unix header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
wanrouter [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset} 2007-04-25 22:28:29 -07:00
wireless [WIRELESS] cfg80211: Clarify locking comment. 2007-04-26 20:51:12 -07:00
x25 header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
xfrm [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
compat.c [NET]: Adding SO_TIMESTAMPNS / SCM_TIMESTAMPNS support 2007-04-25 22:24:21 -07:00
Kconfig [S390] Kconfig: no wireless on s390. 2007-05-10 15:46:08 +02:00
Makefile [NET]: rfkill: add support for input key to control wireless radio 2007-05-07 00:34:20 -07:00
nonet.c
socket.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
sysctl_net.c
TUNABLE