aha/net/ipv6
David S. Miller 14e50e57ae [XFRM]: Allow packet drops during larval state resolution.
The current IPSEC rule resolution behavior we have does not work for a
lot of people, even though technically it's an improvement from the
-EAGAIN buisness we had before.

Right now we'll block until the key manager resolves the route.  That
works for simple cases, but many folks would rather packets get
silently dropped until the key manager resolves the IPSEC rules.

We can't tell these folks to "set the socket non-blocking" because
they don't have control over the non-block setting of things like the
sockets used to resolve DNS deep inside of the resolver libraries in
libc.

With that in mind I coded up the patch below with some help from
Herbert Xu which provides packet-drop behavior during larval state
resolution, controllable via sysctl and off by default.

This lays the framework to either:

1) Make this default at some point or...

2) Move this logic into xfrm{4,6}_policy.c and implement the
   ARP-like resolution queue we've all been dreaming of.
   The idea would be to queue packets to the policy, then
   once the larval state is resolved by the key manager we
   re-resolve the route and push the packets out.  The
   packets would timeout if the rule didn't get resolved
   in a certain amount of time.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24 18:17:54 -07:00
..
netfilter [NETFILTER]: Clean up table initialization 2007-05-10 23:47:43 -07:00
addrconf.c [IPV6]: Ignore ipv6 events on non-IPV6 capable devices. 2007-05-24 16:36:44 -07:00
addrconf_core.c [IPV6]: Fix __ipv6_addr_type() export in correct place. 2007-02-26 11:42:57 -08:00
af_inet6.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
ah6.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
anycast.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
datagram.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
esp6.c [XFRM]: Optimize MTU calculation 2007-04-25 22:28:38 -07:00
exthdrs.c [IPV6]: Do no rely on skb->dst before it is assigned. 2007-05-10 23:45:58 -07:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
fib6_rules.c [IPV6] FIB6RULE: Find source address during looking up route. 2007-04-25 22:28:35 -07:00
icmp.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
inet6_connection_sock.c [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.c [IPV6] HASHTABLES: Use appropriate seed for caluculating ehash index. 2007-02-12 20:26:39 -08:00
ip6_fib.c [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_flowlabel.c [PATCH] mark struct file_operations const 7 2007-02-12 09:48:46 -08:00
ip6_input.c [IPV6]: Reverse sense of promisc tests in ip6_mc_input 2007-05-14 03:00:27 -07:00
ip6_output.c [IPV6]: Send ICMPv6 error on scope violations. 2007-05-10 23:45:32 -07:00
ip6_tunnel.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
ipcomp6.c [SK_BUFF]: Introduce skb_copy_to_linear_data{_offset} 2007-04-25 22:28:29 -07:00
ipv6_sockglue.c [INET]: Add IP(V6)_PMTUDISC_RPOBE 2007-04-25 22:29:10 -07:00
Kconfig [IPV6] ADDRCONF: Optimistic Duplicate Address Detection (RFC 4429) Support. 2007-04-25 22:23:43 -07:00
Makefile [IPV6]: Fix Makefile thinko. 2007-04-25 22:29:53 -07:00
mcast.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
mip6.c [NET]: SPIN_LOCK_UNLOCKED cleanup in drivers/atm, net 2007-04-26 01:37:44 -07:00
ndisc.c [IPV6] NDISC: Unify main process of sending ND messages. 2007-04-25 22:29:59 -07:00
netfilter.c [SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h 2007-04-25 22:25:14 -07:00
proc.c [IPV6]: Track device renames in snmp6. 2007-04-28 21:16:39 -07:00
protocol.c [IPV6]: Decentralize EXPORT_SYMBOLs. 2007-04-25 22:23:36 -07:00
raw.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
reassembly.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
route.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
sit.c [IPV6] SIT: Unify code path to get hash array index. 2007-04-25 22:29:54 -07:00
sysctl_net_ipv6.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
tcp_ipv6.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
tunnel6.c [IPSEC]: changing API of xfrm6_tunnel_register 2007-02-13 12:55:55 -08:00
udp.c [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
udp_impl.h [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
udplite.c [UDP]: Fix AF-specific references in AF-agnostic code. 2007-05-10 23:47:22 -07:00
xfrm6_input.c [IPV6] XFRM: Use ip6addr_any where applicable. 2007-04-25 22:29:58 -07:00
xfrm6_mode_beet.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm6_mode_ro.c [SK_BUFF]: Some more layer header conversions 2007-04-25 22:26:03 -07:00
xfrm6_mode_transport.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm6_mode_tunnel.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm6_output.c [SK_BUFF]: Introduce skb_reset_network_header(skb) 2007-04-25 22:24:46 -07:00
xfrm6_policy.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
xfrm6_state.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
xfrm6_tunnel.c [IPV6]: Fix slab corruption running ip6sic 2007-04-28 21:26:23 -07:00