| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jun 2018 12:14:53 +0900
From: Lorenzo Colitti <lorenzo@...gle.com>
To: Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>
Cc: netdev@...r.kernel.org,
Stephen Hemminger <stephen@...workplumber.org>,
David Ahern <dsahern@...il.com>,
Steffen Klassert <steffen.klassert@...unet.com>
Subject: Re: [PATCH iproute2-next v2] ip-xfrm: Add support for OUTPUT_MARK
On Wed, Jun 13, 2018 at 3:48 AM Subash Abhinov Kasiviswanathan
<subashab@...eaurora.org> wrote:
>
> src 192.168.1.1 dst 192.168.1.2
> proto esp spi 0x00004321 reqid 0 mode tunnel
> replay-window 0 flag af-unspec
> mark 0x10000/0x3ffff
> output-mark 0x20000
Nit: I don't know what guarantees we provide (if any) that the output
format of "ip xfrm state" does not change except to add new lines at
the end. Personally, I feel that an app or script that depends on
"auth-trunc" (or anything else, really) being on the line immediately
after "mark" is brittle and should be fixed. This is particularly true
since in general between the mark and the encryption there might be an
auth-trunc line, or an auth line, or neither. As such, adding this
line here seems OK to me.
> @@ -61,6 +61,7 @@ static void usage(void)
> fprintf(stderr, " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n");
> fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
> fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n");
> + fprintf(stderr, " [ output-mark OUTPUT-MARK]\n");
Nit: I think you want a space between OUTPUT-MARK and ].
Other than that,
Acked-by: Lorenzo Colitti <lorenzo@...gle.com>
Powered by blists - more mailing lists