iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4e01d2d1ca
linux/net
History
Michael Smith 990078afbf Disable rp_filter for IPsec packets 
The reverse path filter interferes with IPsec subnet-to-subnet tunnels,
especially when the link to the IPsec peer is on an interface other than
the one hosting the default route.

With dynamic routing, where the peer might be reachable through eth0
today and eth1 tomorrow, it's difficult to keep rp_filter enabled unless
fake routes to the remote subnets are configured on the interface
currently used to reach the peer.

IPsec provides a much stronger anti-spoofing policy than rp_filter, so
this patch disables the rp_filter for packets with a security path.

Signed-off-by: Michael Smith <msmith@cbnco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-10 18:50:59 -07:00
..
9p
[net/9p]: Introduce basic flow-control for VirtIO transport.
2011-03-22 16:32:50 -05:00
802
8021q
vlan: convert VLAN devices to use ndo_fix_features()
2011-04-02 22:49:12 -07:00
appletalk
appletalk: Fix OOPS in atalk_release().
2011-03-31 18:59:10 -07:00
atm
atm/solos-pci: Don't flap VCs when carrier state changes
2011-03-30 16:53:38 -07:00
ax25
net: ax25: fix information leak to userland harder
2011-01-12 00:34:49 -08:00
batman-adv
Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge
2011-03-07 00:37:13 -08:00
bluetooth
Bluetooth: Fix warning with hci_cmd_timer
2011-03-24 17:04:44 -03:00
bridge
bridge: range check STP parameters
2011-04-04 17:22:29 -07:00
caif
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-08 17:19:01 -08:00
can
can: convert protocol handling to RCU
2011-04-06 12:35:51 -07:00
ceph
libceph: add lingering request and watch/notify event framework
2011-03-22 11:33:55 -07:00
core
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-next-2.6
2011-04-06 12:27:34 -07:00
dcb
net: dcbnl: Update copyright dates
2011-03-14 17:02:42 -07:00
dccp
net: Put fl6_* macros to struct flowi6 and use them again.
2011-03-12 15:08:55 -08:00
decnet
decnet: Convert to use flowidn where applicable.
2011-03-12 15:08:55 -08:00
dns_resolver
DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076]
2011-03-04 09:56:19 +11:00
dsa
dsa/mv88e6131: add support for mv88e6085 switch
2011-04-06 13:32:53 -07:00
econet
econet: 4 byte infoleak to the network
2011-03-18 15:12:15 -07:00
ethernet
eth: fix new kernel-doc warning
2011-01-12 19:00:40 -08:00
ieee802154
net: RCU conversion of dev_getbyhwaddr() and arp_ioctl()
2010-12-08 10:07:24 -08:00
ipv4
Disable rp_filter for IPsec packets
2011-04-10 18:50:59 -07:00
ipv6
ipv6: Enable RFS sk_rxhash tracking for ipv6 sockets (v2)
2011-04-06 13:07:09 -07:00
ipx
ipx: fix ipx_release()
2011-03-21 18:16:39 -07:00
irda
irda: validate peer name and attribute lengths
2011-03-27 17:59:02 -07:00
iucv
[S390] irq: have detailed statistics for interrupt types
2011-01-05 12:47:25 +01:00
key
pfkey: fix warning
2011-03-01 22:51:52 -08:00
l2tp
l2tp: fix possible oops on l2tp_eth module unload
2011-03-21 18:10:25 -07:00
lapb
llc
llc: avoid skb_clone() if there is only one handler
2011-02-28 12:28:50 -08:00
mac80211
mac80211: Fix duplicate frames on cooked monitor
2011-04-04 15:22:11 -04:00
netfilter
netfilter: xt_conntrack: fix inverted conntrack direction test
2011-04-04 17:06:21 +02:00
netlabel
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
2011-03-03 10:55:40 -08:00
netlink
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-03-03 21:27:42 -08:00
netrom
packet
af_packet: struct socket declared/assigned but unused
2011-03-07 15:51:13 -08:00
phonet
Phonet: fix aligned-mode pipe socket buffer header reserve
2011-03-15 14:55:49 -07:00
rds
rds: use little-endian bitops
2011-03-23 19:46:16 -07:00
rfkill
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT
2011-01-20 17:02:05 -08:00
rose
rose: Add length checks to CALL_REQUEST parsing
2011-03-27 17:59:04 -07:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
sched
pkt_sched: QFQ - quick fair queue scheduler
2011-04-04 11:10:24 -07:00
sctp
sctp: malloc enough room for asconf-ack chunk
2011-04-01 21:45:51 -07:00
sunrpc
NFS: Ensure that rpc_release_resources_task() can be called twice.
2011-03-27 17:55:36 +02:00
tipc
tipc: delete extra semicolon blocking node deletion
2011-03-14 12:21:12 -04:00
unix
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-03-16 16:29:25 -07:00
wanrouter
net: cleanup unused macros in net directory
2011-01-19 23:20:04 -08:00
wimax
wireless
cfg80211: fix BSS double-unlinking (continued)
2011-03-28 15:42:02 -04:00
x25
x25: remove the BKL
2011-03-05 10:55:45 +01:00
xfrm
xfrm: Restrict extended sequence numbers to esp
2011-03-28 23:34:53 -07:00
compat.c
Kconfig
net: RPS: Enable hardware acceleration of RFS
2011-01-24 14:53:01 -08:00
Makefile
net: Enter net/ipv6/ even if CONFIG_IPV6=n
2011-03-07 12:50:52 -08:00
nonet.c
socket.c
ethtool: Compat handling for struct ethtool_rxnfc
2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE