2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 12:43:55 +08:00
linux-next/net/ipv6
Nicolas Dichtel a947b0a93e xfrm: allow to avoid copying DSCP during encapsulation
By default, DSCP is copying during encapsulation.
Copying the DSCP in IPsec tunneling may be a bit dangerous because packets with
different DSCP may get reordered relative to each other in the network and then
dropped by the remote IPsec GW if the reordering becomes too big compared to the
replay window.

It is possible to avoid this copy with netfilter rules, but it's very convenient
to be able to configure it for each SA directly.

This patch adds a toogle for this purpose. By default, it's not set to maintain
backward compatibility.

Field flags in struct xfrm_usersa_info is full, hence I add a new attribute.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2013-03-06 07:02:45 +01:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2013-02-18 23:42:09 -05:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrconf.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
addrlabel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
af_inet6.c ipv6: Use FIELD_SIZEOF() in inet6_init(). 2013-01-09 23:38:23 -08:00
ah6.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
esp6.c ah6/esp6: set transport header correctly for IPsec tunnel mode. 2013-01-08 12:41:30 +01:00
exthdrs_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6: Store Router Alert option in IP6CB directly. 2013-01-13 20:17:14 -05:00
fib6_rules.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
icmp.c ipv6: Add an error handler for icmp6 2013-01-18 14:19:42 -05:00
inet6_connection_sock.c tcp: ipv6: bind() use stronger condition for bind_conflict 2013-03-05 23:40:00 -05:00
inet6_hashtables.c soreuseport: TCP/IPv6 implementation 2013-01-23 13:44:01 -05:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ip6_flowlabel.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-08 18:02:14 -05:00
ip6_input.c ipv[4|6]: correct dropwatch false positive in local_deliver_finish 2013-03-01 15:56:29 -05:00
ip6_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: don't let node/interface scoped multicast traffic escape on the wire 2013-02-11 14:00:54 -05:00
ip6_tunnel.c ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel. 2013-01-13 20:17:13 -05:00
ip6mr.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c ipv6: rename datagram_send_ctl and datagram_recv_ctl 2013-01-31 13:53:08 -05:00
Kconfig Merge branch 'akpm' (incoming from Andrew) 2013-02-21 17:38:49 -08:00
Makefile ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
mcast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ndisc: Use compound literals to build redirect message. 2013-01-21 13:33:18 -05:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
output_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
reassembly.c ipv6: fix a sparse warning 2013-02-18 15:28:00 -05:00
route.c net: ipv6: Don't purge default router if accept_ra=2 2013-03-04 14:12:07 -05:00
sit.c ipv6: add anti-spoofing checks for 6to4 and 6rd 2013-01-29 15:22:03 -05:00
syncookies.c tcp: make sysctl_tcp_ecn namespace aware 2013-01-06 21:09:56 -08:00
sysctl_net_ipv6.c net: Enable some sysctls that are safe for the userns root 2012-11-18 20:33:00 -05:00
tcp_ipv6.c tcp: send packets with a socket timestamp 2013-02-13 13:22:16 -05:00
tcpv6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm: allow to avoid copying DSCP during encapsulation 2013-03-06 07:02:45 +01:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c xfrm: release neighbor upon dst destruction 2013-02-18 14:57:29 -05:00
xfrm6_state.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_tunnel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00