lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200710231608.34661.nakam@linux-ipv6.org>
Date:	Tue, 23 Oct 2007 16:08:34 +0900
From:	Masahide NAKAMURA <nakam@...ux-ipv6.org>
To:	hadi@...erus.ca
Cc:	Herbert Xu <herbert@...dor.apana.org.au>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC][PATCH 0/3][XFRM]: Support packet processing error statistics.

Monday 22 October 2007 21:28, jamal wrote:
> On Mon, 2007-22-10 at 15:11 +0900, Masahide NAKAMURA wrote:
> > This patch introduces statistics about transformation error (or almost error)
> > factor at packet processing for developer.
> > It is not a SNMP/MIB specification from IPsec/MIPv6 but a counter
> > designed from current transformation source code.
> > 
> > Comment please.
> 
> very nice - these stats make IPSEC a lot more usable (I will go look and
> see if theres anything that i have used for debug before that you dont
> have and send you mail). Two comments:

Thanks. I would like you to find too much item at my patch
for the statistics, too.

> 1) Since these are not MIB stats, it sounds like a good idea not to use
> _MIB_ extender in the naming. Maybe something like _NOTMIB_ ;-> or
> totaly leave it out. One other approach is to push these to be a MIB at
> IETF since they are sensible to have.

This point is one of what I want to hear comment.
My patch uses "XFRM_MIB_XXX" because I found "LINUX_MIB_XXX" definition at
include/linux/snmp.h for TCP extended statistics at /proc/net/netstat and
it does not seem to be defined by any RFC specification. Then I feel it is not so bad to
use _MIB_ for them. Maybe we have another idea to merge them into LINUX_MIB.

Now we have the following candidates:

(1) my patch		XFRM_MIB_INHDRERROR
(2) some extender	XFRM_XXX_INHDRERROR	(XXX is requested)
(3) not-mib extender	XFRM_NOTMIB_INHDRERROR
(4) no extender		XFRM_INHDRERROR
(5) merge linux-mib	LINUX_MIB_XFRMINHDRERROR

Comments?


> 2) Why /proc? Are you going to make these available also via netlink? 

Because /proc is easy to see it without any modified application.
If you want the netlink interface, I can do it as the next step. Do you want it?

-- 
Masahide NAKAMURA
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ