system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-23 21:07:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Michael Smith 990078afbf Disable rp_filter for IPsec packets 
The reverse path filter interferes with IPsec subnet-to-subnet tunnels,
especially when the link to the IPsec peer is on an interface other than
the one hosting the default route.

With dynamic routing, where the peer might be reachable through eth0
today and eth1 tomorrow, it's difficult to keep rp_filter enabled unless
fake routes to the remote subnets are configured on the interface
currently used to reach the peer.

IPsec provides a much stronger anti-spoofing policy than rp_filter, so
this patch disables the rp_filter for packets with a security path.

Signed-off-by: Michael Smith <msmith@cbnco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-10 18:50:59 -07:00
..
9p net/9p: Implement syncfs 9P operation 2011-03-15 09:57:38 -05:00
bluetooth Bluetooth: Fix HCI_RESET command synchronization 2011-03-24 17:04:44 -03:00
caif include/net/caif/cfctrl.h: Remove unnecessary semicolons 2010-11-15 11:07:16 -08:00
irda tty: now phase out the ioctl file pointer for good 2011-02-17 11:59:56 -08:00
iucv include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netfilter Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-19 19:17:35 -08:00
netns ipv4: Invalidate nexthop cache nh_saddr more correctly. 2011-03-24 17:42:21 -07:00
phonet Phonet: allocate sock from accept syscall rather than soft IRQ 2011-03-09 11:59:32 -08:00
sctp sctp: fix auth_hmacs field's length of struct sctp_cookie 2011-04-01 21:45:50 -07:00
tc_act net/sched: add ACT_CSUM action to update packets checksums 2010-08-20 01:42:59 -07:00
act_api.h pkt_sched: gen_kill_estimator() rcu fixes 2010-06-11 18:37:08 -07:00
addrconf.h net: kill unused macros from head file 2010-12-02 13:27:33 -08:00
af_ieee802154.h
af_rxrpc.h
af_unix.h af_unix: limit recursion level 2010-11-29 09:45:15 -08:00
ah.h ipsec: update MAX_AH_AUTH_LEN to support sha512 2011-01-13 21:48:25 -08:00
arp.h arp: allow to invalidate specific ARP entries 2011-01-10 16:10:37 -08:00
atmclip.h
ax25.h include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ax88796.h
cfg80211.h wireless: fix 80211 kernel-doc warnings 2011-03-21 15:19:48 -04:00
checksum.h
cipso_ipv4.h
cls_cgroup.h Merge commit 'v2.6.36-rc7' into core/rcu 2010-10-07 09:43:45 +02:00
compat.h
datalink.h
dcbevent.h net_dcb: add application notifiers 2010-12-31 10:47:46 -08:00
dcbnl.h dcbnl: add support for retrieving peer configuration - cee 2011-03-02 21:58:55 -08:00
dn.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dn_dev.h decnet: RCU conversion and get rid of dev_base_lock 2010-11-08 13:50:08 -08:00
dn_fib.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dn_neigh.h
dn_nsp.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
dn_route.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dsa.h
dsfield.h
dst.h dst: Clone child entry in skb_dst_pop 2011-03-27 17:55:01 -07:00
dst_ops.h net: Implement read-only protection and COW'ing of metrics. 2011-01-26 20:51:05 -08:00
esp.h
ethoc.h
fib_rules.h fib_rules: __rcu annotates ctarget 2010-10-27 11:37:32 -07:00
flow.h net: Order ports in same order as addresses in flow objects. 2011-03-31 18:03:35 -07:00
garp.h net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
gen_stats.h
genetlink.h include/net/genetlink.h: Allow genlmsg_cancel to accept a NULL argument 2011-02-03 20:47:08 -08:00
gre.h PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol) 2010-08-21 23:05:39 -07:00
icmp.h inetpeer: Move ICMP rate limiting state into inet_peer entries. 2011-02-04 15:59:53 -08:00
ieee80211_radiotap.h mac80211: add MCS information to radiotap 2011-01-28 15:44:29 -05:00
ieee802154.h
ieee802154_netdev.h
if_inet6.h net: gre: provide multicast mappings for ipv4 and ipv6 2011-03-30 00:10:47 -07:00
inet6_connection_sock.h ipv6: Create inet6_csk_route_req(). 2010-12-02 10:59:22 -08:00
inet6_hashtables.h
inet_common.h inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage() 2010-07-12 20:21:46 -07:00
inet_connection_sock.h net: kill unused macros 2010-12-19 21:59:35 -08:00
inet_ecn.h net: return operator cleanup 2010-09-23 14:33:39 -07:00
inet_frag.h fragment: add fast path for in-order fragments 2010-06-30 13:44:29 -07:00
inet_hashtables.h tproxy: fix hash locking issue when using port redirection in __inet_inherit_port() 2010-10-21 13:06:43 +02:00
inet_sock.h inet: Remove explicit write references to sk/inet in ip_append_data 2011-03-01 12:35:02 -08:00
inet_timewait_sock.h net: optimize INET input path further 2010-12-09 20:05:58 -08:00
inetpeer.h inetpeer: Add redirect and PMTU discovery cached info. 2011-02-10 13:29:30 -08:00
ip.h net: gre: provide multicast mappings for ipv4 and ipv6 2011-03-30 00:10:47 -07:00
ip6_checksum.h
ip6_fib.h ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
ip6_route.h ipv6: ip6_route_output does not modify sk parameter, so make it const 2011-03-22 19:17:36 -07:00
ip6_tunnel.h tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
ip_fib.h fib_validate_source(): pass sk_buff instead of mark 2011-04-10 18:50:59 -07:00
ip_vs.h IPVS: fix NULL ptr dereference in ip_vs_ctl.c ip_vs_genl_dump_daemons() 2011-04-04 15:25:18 +02:00
ipcomp.h
ipconfig.h
ipip.h tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
ipv6.h ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
ipx.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
iw_handler.h include/net/iw_handler.h: Use SIOCIWFIRST not SIOCSIWCOMMIT in comment 2010-03-31 14:49:12 -04:00
lapb.h
lib80211.h lib80211: remove unused host_build_iv option 2010-07-26 15:09:04 -04:00
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
mac80211.h mac80211: fix comment regarding aggregation buf_size 2011-04-04 15:22:11 -04:00
mip6.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
mld.h ipv6 mcast: Introduce include/net/mld.h for MLD definitions. 2010-04-23 13:35:55 +09:00
ndisc.h net: kill unused macros from head file 2010-12-02 13:27:33 -08:00
neighbour.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-11-19 13:13:47 -08:00
net_namespace.h ipvs: move struct netns_ipvs 2011-03-15 09:36:50 +09:00
netdma.h
netevent.h net: Kill NETEVENT_PMTU_UPDATE. 2011-02-08 16:17:55 -08:00
netlabel.h include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netlink.h netfilter: NFNL_SUBSYS_IPSET id and NLA_PUT_NET* macros 2011-02-01 15:20:14 +01:00
netrom.h include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nexthop.h
nl802154.h
p8022.h
pkt_cls.h net: Fix range checks in tcf_valid_offset(). 2010-12-21 12:43:16 -08:00
pkt_sched.h net: Define accessors to manipulate QDISC_STATE_RUNNING 2010-06-02 03:23:51 -07:00
protocol.h net: change netdev->features to u32 2011-01-24 15:32:47 -08:00
psnap.h
raw.h include/net/raw.h: Convert raw_seq_private macro to inline 2010-09-08 13:42:22 -07:00
rawv6.h
red.h sched: remove unused backlog in RED stats 2011-01-12 19:00:39 -08:00
regulatory.h cfg80211: Fix regulatory bug with multiple cards and delays 2010-11-22 15:48:51 -05:00
request_sock.h
rose.h rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
route.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-04-07 14:05:23 -07:00
rtnetlink.h rtnl: make link af-specific updates atomic 2010-11-27 22:56:08 -08:00
sch_generic.h net_sched: fix THROTTLED/RUNNING race 2011-03-24 00:13:14 -07:00
scm.h scm: lower SCM_MAX_FD 2010-11-24 11:16:43 -08:00
slhc_vj.h
snmp.h snmp: SNMP_UPD_PO_STATS_BH() always called from softirq 2011-03-21 18:12:54 -07:00
sock.h net: fix skb_add_data_nocache() to calc csum correctly 2011-04-06 23:05:01 -07:00
stp.h
tcp.h tcp: Remove debug macro of TCP_CHECK_TIMER 2011-02-20 11:10:14 -08:00
tcp_states.h
timewait_sock.h timewait_sock: Create and use getpeer op. 2010-12-01 18:09:13 -08:00
transp_v6.h ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
udp.h udp: Switch to ip_finish_skb 2011-03-01 12:35:03 -08:00
udplite.h udp: Switch to ip_finish_skb 2011-03-01 12:35:03 -08:00
wext.h
wimax.h
wpan-phy.h
x25.h X25 remove bkl in subscription ioctls 2010-11-28 11:12:20 -08:00
x25device.h X25: Add if_x25.h and x25 to device identifiers 2010-04-22 16:12:36 -07:00
xfrm.h Disable rp_filter for IPsec packets 2011-04-10 18:50:59 -07:00