Steffen Klassert a0073fe18e xfrm: Add a state resolution packet queue ... As the default, we blackhole packets until the key manager resolves the states. This patch implements a packet queue where IPsec packets are queued until the states are resolved. We generate a dummy xfrm bundle, the output routine of the returned route enqueues the packet to a per policy queue and arms a timer that checks for state resolution when dst_output() is called. Once the states are resolved, the packets are sent out of the queue. If the states are not resolved after some time, the queue is flushed. This patch keeps the defaut behaviour to blackhole packets as long as we have no states. To enable the packet queue the sysctl xfrm_larval_drop must be switched off. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>		2013-02-06 08:31:10 +01:00
..
Kconfig	xfrm: make xfrm_algo.c a module	2012-05-15 13:13:34 -04:00
Makefile	xfrm: make xfrm_algo.c a module	2012-05-15 13:13:34 -04:00
xfrm_algo.c	pf_key/xfrm_algo: prepare pf_key and xfrm_algo for new algorithms without pfkey support	2013-02-01 10:13:43 +01:00
xfrm_hash.c
xfrm_hash.h	net: cleanup unsigned to unsigned int	2012-04-15 12:44:40 -04:00
xfrm_input.c	xfrm: Workaround incompatibility of ESN and async crypto	2012-09-04 14:09:45 -04:00
xfrm_ipcomp.c	net: xfrm: use __this_cpu_read per-cpu helper	2012-11-13 14:38:52 +01:00
xfrm_output.c	xfrm: fix a unbalanced lock	2013-02-01 10:33:40 +01:00
xfrm_policy.c	xfrm: Add a state resolution packet queue	2013-02-06 08:31:10 +01:00
xfrm_proc.c	xfrm: removes a superfluous check and add a statistic	2013-01-07 11:18:58 +01:00
xfrm_replay.c	xfrm: remove redundant replay_esn check	2012-11-08 12:42:49 +01:00
xfrm_state.c	xfrm: use separated locks to protect pointers of struct xfrm_state_afinfo	2013-01-17 10:03:57 +01:00
xfrm_sysctl.c	net: Don't export sysctls to unprivileged users	2012-11-18 20:30:55 -05:00
xfrm_user.c	net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm	2012-11-18 20:32:45 -05:00