| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jun 2012 18:12:54 -0700 (PDT) From: Saurabh Mohan <saurabh.mohan@...tta.com> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: netdev@...r.kernel.org Subject: Re: [net-next PATCH 02/02] net/ipv4: VTI support new module for ip_vti. ----- Original Message ----- > On Thu, Jun 14, 2012 at 07:43:59PM -0700, Saurabh Mohan wrote: > > > + > > > + iph->version = 4; > > > + iph->protocol = IPPROTO_ESP; > > > > Why IPPROTO_ESP? What's with the other IPsec protocols? > > Shouldn't this be IPPROTO_IPIP? > > > > @SM: VTI will work only with ESP not with AH (at least I have never > > heard of any one using it with AH). Plus I wanted to keep this > > module separate from IPIP (ip-in-ip tunnels). > > > > VTI should be independent of the IPsec protocol. > Our IPsec implementation supports AH (and IPCOMP) > so VTI should support these protocols too. > > That is not the intent of this feature. It is only meant to support ESP-tunnel mode. I don't know what your implementation is. There are many ways to skin a cat. This is just one way and that is why this feature has been implemented as a module. Thus making it optional for use. If your objection is that I called it VTI, then I can call it "ip_esp" or something similar. A few ppl have expressed interest in this implementation and have asked for more details and enhancements. Clearly they and our customers find it useful. I'll resubmit with the code fixes you had mentioned. -Saurabh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists