linux_dsm_epyc7002/net
Michael Smith 990078afbf Disable rp_filter for IPsec packets
The reverse path filter interferes with IPsec subnet-to-subnet tunnels,
especially when the link to the IPsec peer is on an interface other than
the one hosting the default route.

With dynamic routing, where the peer might be reachable through eth0
today and eth1 tomorrow, it's difficult to keep rp_filter enabled unless
fake routes to the remote subnets are configured on the interface
currently used to reach the peer.

IPsec provides a much stronger anti-spoofing policy than rp_filter, so
this patch disables the rp_filter for packets with a security path.

Signed-off-by: Michael Smith <msmith@cbnco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-10 18:50:59 -07:00
..
9p [net/9p]: Introduce basic flow-control for VirtIO transport. 2011-03-22 16:32:50 -05:00
802
8021q vlan: convert VLAN devices to use ndo_fix_features() 2011-04-02 22:49:12 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm atm/solos-pci: Don't flap VCs when carrier state changes 2011-03-30 16:53:38 -07:00
ax25 net: ax25: fix information leak to userland harder 2011-01-12 00:34:49 -08:00
batman-adv Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge 2011-03-07 00:37:13 -08:00
bluetooth Bluetooth: Fix warning with hci_cmd_timer 2011-03-24 17:04:44 -03:00
bridge bridge: range check STP parameters 2011-04-04 17:22:29 -07:00
caif Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-08 17:19:01 -08:00
can can: convert protocol handling to RCU 2011-04-06 12:35:51 -07:00
ceph libceph: add lingering request and watch/notify event framework 2011-03-22 11:33:55 -07:00
core Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-next-2.6 2011-04-06 12:27:34 -07:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
decnet decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dns_resolver DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] 2011-03-04 09:56:19 +11:00
dsa dsa/mv88e6131: add support for mv88e6085 switch 2011-04-06 13:32:53 -07:00
econet econet: 4 byte infoleak to the network 2011-03-18 15:12:15 -07:00
ethernet eth: fix new kernel-doc warning 2011-01-12 19:00:40 -08:00
ieee802154 net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
ipv4 Disable rp_filter for IPsec packets 2011-04-10 18:50:59 -07:00
ipv6 ipv6: Enable RFS sk_rxhash tracking for ipv6 sockets (v2) 2011-04-06 13:07:09 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: validate peer name and attribute lengths 2011-03-27 17:59:02 -07:00
iucv [S390] irq: have detailed statistics for interrupt types 2011-01-05 12:47:25 +01:00
key pfkey: fix warning 2011-03-01 22:51:52 -08:00
l2tp l2tp: fix possible oops on l2tp_eth module unload 2011-03-21 18:10:25 -07:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc llc: avoid skb_clone() if there is only one handler 2011-02-28 12:28:50 -08:00
mac80211 mac80211: Fix duplicate frames on cooked monitor 2011-04-04 15:22:11 -04:00
netfilter netfilter: xt_conntrack: fix inverted conntrack direction test 2011-04-04 17:06:21 +02:00
netlabel netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
netlink Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
netrom
packet af_packet: struct socket declared/assigned but unused 2011-03-07 15:51:13 -08:00
phonet Phonet: fix aligned-mode pipe socket buffer header reserve 2011-03-15 14:55:49 -07:00
rds rds: use little-endian bitops 2011-03-23 19:46:16 -07:00
rfkill kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
rose rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
sched pkt_sched: QFQ - quick fair queue scheduler 2011-04-04 11:10:24 -07:00
sctp sctp: malloc enough room for asconf-ack chunk 2011-04-01 21:45:51 -07:00
sunrpc NFS: Ensure that rpc_release_resources_task() can be called twice. 2011-03-27 17:55:36 +02:00
tipc tipc: delete extra semicolon blocking node deletion 2011-03-14 12:21:12 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
wanrouter net: cleanup unused macros in net directory 2011-01-19 23:20:04 -08:00
wimax
wireless cfg80211: fix BSS double-unlinking (continued) 2011-03-28 15:42:02 -04:00
x25 x25: remove the BKL 2011-03-05 10:55:45 +01:00
xfrm xfrm: Restrict extended sequence numbers to esp 2011-03-28 23:34:53 -07:00
compat.c
Kconfig net: RPS: Enable hardware acceleration of RFS 2011-01-24 14:53:01 -08:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c ethtool: Compat handling for struct ethtool_rxnfc 2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE