lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 17 Dec 2013 08:41:22 -0500
From:	jamal <j.hadi123@...il.com>
To:	Fan Du <fan.du@...driver.com>, Jamal Hadi Salim <jhs@...atatu.com>
CC:	davem@...emloft.net, steffen.klassert@...unet.com, hadi@...erus.ca,
	netdev@...r.kernel.org
Subject: Re: [PATCHv3 net-next 0/7] pktgen IPsec support

On 12/16/13 21:22, Fan Du wrote:
>
>
> I thought we have reach the consensus on this part in previous discussion
> (http://www.spinics.net/lists/netdev/msg261411.html), This enhancement
> patch didn't change original behavior, nor does remove original 
> implementation.
>

right - thats the agreement. i.e nothing changes by default unless
some pktgen parameter is set.
If someone wants to send using original scheme it should work
as long as they dont set this extra parameter.

> This enhancement expects good encapsulation format for the receiver to
> de-encapsulation.
>

Maybe i missed something - receiver wasnt affected in the discussion.
It was only the sender.

> This is snippets of doc updates I could come up with. Please check if 
> it's ok
> for you.
>
> @@ -108,7 +108,9 @@ Examples:
>                                MPLS_RND, VID_RND, SVID_RND
>                                QUEUE_MAP_RND # queue map random
>                                QUEUE_MAP_CPU # queue map mirrors 
> smp_processor_id()
> +                              IPSEC # Make IPsec encapsulation for 
> packet
>
> + pgset spi SPI_VALUE     Set specific SA used to transform packet.
>
>   pgset "udp_src_min 9"   set UDP source port min, If < udp_src_max, then
>                           cycle through the port range.
> @@ -177,6 +179,18 @@ Note when adding devices to a specific CPU there 
> good idea to also assign
>  /proc/irq/XX/smp_affinity so the TX-interrupts gets bound to the same 
> CPU.
>  as this reduces cache bouncing when freeing skb's.
>
> +Enable IPsec
> +============
> +Default IPsec transformation with ESP encapsulation plus Transport mode
> +could be enabled by simply setting:
> +
> +pgset "flag IPSEC"
> +pgset "flows 1"
> +
> +To avoid breaking existing testbed scripts for using AH type and 
> tunnel mode,
> +user could use "pgset spi SPI_VALUE" to specify which formal of 
> transformation
> +to employ.
> +
>

Thanks. Thats a good starting point. I just realized there's nothing at 
all on
ipsec ;-> Maybe you can add even more extensive info to describe all modes?

cheers,
jamal
>  Current commands and configuration options
>  ==========================================
> @@ -225,6 +239,7 @@ flag
>    UDPDST_RND
>    MACSRC_RND
>    MACDST_RND
> +  IPSEC
>
>  dst_min
>
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ