kernel_optimize_test/net/ipv4
Stephen Hemminger d218d11133 tcp: Generalized TTL Security Mechanism
This patch adds the kernel portions needed to implement
RFC 5082 Generalized TTL Security Mechanism (GTSM).
It is a lightweight security measure against forged
packets causing DoS attacks (for BGP). 

This is already implemented the same way in BSD kernels.
For the necessary Quagga patch 
  http://www.gossamer-threads.com/lists/quagga/dev/17389

Description from Cisco
  http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html

It does add one byte to each socket structure, but I did
a little rearrangement to reuse a hole (on 64 bit), but it
does grow the structure on 32 bit

This should be documented on ip(4) man page and the Glibc in.h
file also needs update.  IPV6_MINHOPLIMIT should also be added
(although BSD doesn't support that).  

Only TCP is supported, but could also be added to UDP, DCCP, SCTP
if desired.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-01-11 16:28:01 -08:00
..
netfilter netfilter: fix crashes in bridge netfilter caused by fragment jumps 2009-12-15 16:59:59 +01:00
af_inet.c net: check kern before calling security subsystem 2009-11-05 22:18:18 -08:00
ah4.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
arp.c net: RFC3069, private VLAN proxy arp support 2010-01-07 00:59:09 -08:00
cipso_ipv4.c ipv4: Define cipso_v4_delopt static 2009-10-07 14:45:58 -07:00
datagram.c inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
devinet.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-10 22:55:03 -08:00
esp4.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
fib_frontend.c net: restore ip source validation 2009-12-25 17:30:22 -08:00
fib_hash.c ipv4: fib table algorithm performance improvement 2009-10-05 00:21:56 -07:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: Allow fib_rule_unregister to batch 2009-12-03 12:22:55 -08:00
fib_semantics.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
fib_trie.c ipv4: fib table algorithm performance improvement 2009-10-05 00:21:56 -07:00
icmp.c icmp: icmp_send() can avoid a dev_put() 2009-11-01 23:55:10 -08:00
igmp.c net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
inet_connection_sock.c TCPCT part 1a: add request_values parameter for sending SYNACK 2009-12-02 22:07:23 -08:00
inet_diag.c inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
inet_fragment.c inet fragments: fix sparse warning: context imbalance 2009-02-26 23:13:35 -08:00
inet_hashtables.c tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
inet_lro.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
inet_timewait_sock.c [PATCH] tcp: documents timewait refcnt tricks 2009-12-08 20:19:53 -08:00
inetpeer.c inetpeer: Optimize inet_getid() 2009-11-13 20:46:58 -08:00
ip_forward.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_fragment.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip_gre.c net: Simplify ip_gre pernet operations. 2009-12-01 16:15:57 -08:00
ip_input.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ip_options.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_output.c ip: fix mc_loop checks for tunnels with multicast outer addresses 2010-01-06 20:37:01 -08:00
ip_sockglue.c tcp: Generalized TTL Security Mechanism 2010-01-11 16:28:01 -08:00
ipcomp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ipconfig.c Merge branch 'for-2.6.33' of git://linux-nfs.org/~bfields/linux 2009-12-16 10:43:34 -08:00
ipip.c net: Simplify ipip pernet operations. 2009-12-01 16:15:58 -08:00
ipmr.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-11-17 00:05:02 -08:00
Kconfig nfs: new subdir Documentation/filesystems/nfs 2009-10-27 19:34:04 -04:00
Makefile
netfilter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
raw.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-29 21:28:59 -07:00
route.c net: RFC3069, private VLAN proxy arp support 2010-01-07 00:59:09 -08:00
syncookies.c net: Add rtnetlink init_rcvwnd to set the TCP initial receive window 2009-12-23 14:13:30 -08:00
sysctl_net_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
tcp_bic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cong.c Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
tcp_cubic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c
tcp_htcp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_ipv4.c tcp: Generalized TTL Security Mechanism 2010-01-11 16:28:01 -08:00
tcp_lp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_minisocks.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_output.c net: Add rtnetlink init_rcvwnd to set the TCP initial receive window 2009-12-23 14:13:30 -08:00
tcp_probe.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_scalable.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_timer.c tcp: Stalling connections: Move timeout calculation routine 2009-12-08 20:56:11 -08:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_westwood.c
tcp_yeah.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp.c tcp: Slightly optimize tcp_sendmsg 2009-12-23 14:13:29 -08:00
tunnel4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c udp: udp_lib_get_port() fix 2009-12-13 19:32:39 -08:00
udplite.c net: drop capability from protocol definitions 2009-11-05 21:40:17 -08:00
xfrm4_input.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_policy.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
xfrm4_state.c
xfrm4_tunnel.c