linux-hardened/net/dccp
David S. Miller 14e50e57ae [XFRM]: Allow packet drops during larval state resolution.
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24 18:17:54 -07:00
..
ccids [DCCP]: Fix build warning when debugging is disabled. 2007-05-24 16:36:55 -07:00
ackvec.c [DCCP]: 48-bit sequence number arithmetic 2007-04-25 22:26:42 -07:00
ackvec.h [DCCP] ackvec: infrastructure for sending more than one ackvec per packet 2006-12-02 21:30:32 -08:00
ccid.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ccid.h [DCCP] ccid: Deprecate ccid_hc_tx_insert_options 2006-12-11 14:34:49 -08:00
dccp.h [DCCP]: Provide function for RTT sampling 2007-04-25 22:27:00 -07:00
diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
feat.c [NET] DCCP: Fix whitespace errors. 2007-02-10 23:19:27 -08:00
feat.h [NET] DCCP: Fix whitespace errors. 2007-02-10 23:19:27 -08:00
input.c [DCCP]: Sample RTT from SYN exchange 2007-04-25 22:27:02 -07:00
ipv4.c [SK_BUFF]: Introduce icmp_hdr(), remove skb->h.icmph 2007-04-25 22:25:23 -07:00
ipv6.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipv6.h Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
Kconfig [DCCP]: Use menuconfig objects. 2007-05-24 16:36:46 -07:00
Makefile [DCCPv6]: Resolve conditional build problem 2006-12-02 21:22:28 -08:00
minisocks.c [NET]: SPIN_LOCK_UNLOCKED cleanup in drivers/atm, net 2007-04-26 01:37:44 -07:00
options.c [DCCP]: Debug statements for Elapsed Time option 2007-04-25 22:28:55 -07:00
output.c [DCCP]: More debug information for dccp_wait_for_ccid 2007-04-25 22:26:54 -07:00
probe.c [CCID3]: More to see in dccp_probe 2007-04-25 22:26:56 -07:00
proto.c [DCCP] getsockopt: Fix DCCP_SOCKOPT_[SEND,RECV]_CSCOV 2007-03-28 11:54:32 -07:00
sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
timer.c [DCCP]: make dccp_write_xmit_timer() static again 2007-03-25 18:48:10 -07:00