lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 May 2014 15:36:24 +0530 From: Achal Verma <achalv18@...il.com> To: netdev@...r.kernel.org, Achal Verma <achalv18@...il.com> Subject: is there any kernel feature to disable IPsec processing even if policy and sa are present I know disable_xfrm and disable_policy can be used to avoid IPsec processing on packets hitting particular network interface. But is there any way so that I can disable ipsec processing on per policy/sa basis . scenario is like my same interface is acting as endpoint for both tunnel and transport modes but my requirement is to do ipsec processing only on tunneled packets and avoid that for transport mode. Our implementation is using these sysctl parameters(disable_policy and disable_xfrm) , so I expect they will not be deprecated and removed in near future releases. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists