]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1430b26) | patch
xfrm: Add a state resolution packet queue
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 5 Feb 2013 11:52:55 +0000 (12:52 +0100)
committerSteffen Klassert <steffen.klassert@secunet.com>
Wed, 6 Feb 2013 07:31:10 +0000 (08:31 +0100)
commit2e30dbbfeb924ec05cbafdf578c6a9a4dd216803
tree1f30d5f9415a90c5662376fd3e4c0420a431b9f1tree | snapshot
parent1430b26ce0e933fe84ea99ad659f622445be3a29commit | diff
xfrm: Add a state resolution packet queue

As the default, we blackhole packets until the key manager resolves
the states. This patch implements a packet queue where IPsec packets
are queued until the states are resolved. We generate a dummy xfrm
bundle, the output routine of the returned route enqueues the packet
to a per policy queue and arms a timer that checks for state resolution
when dst_output() is called. Once the states are resolved, the packets
are sent out of the queue. If the states are not resolved after some
time, the queue is flushed.

This patch keeps the defaut behaviour to blackhole packets as long
as we have no states. To enable the packet queue the sysctl
xfrm_larval_drop must be switched off.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
include/net/dst.h diff | blob | history
include/net/xfrm.h diff | blob | history
net/xfrm/xfrm_policy.c diff | blob | history
Linux Kernel Source Tree.