| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 May 2014 10:30:13 +0200 From: Christophe Gouault <christophe.gouault@...nd.com> To: David Laight <David.Laight@...LAB.COM>, 'Steffen Klassert' <steffen.klassert@...unet.com> CC: "David S. Miller" <davem@...emloft.net>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: [PATCH ipsec-next 2/2] xfrm: configure policy hash table thresholds by /proc On 05/22/2014 12:15 PM, David Laight wrote: > From: Klassert > ... >>> Exporting a userland API (here by /proc) enables a user or a daemon to >>> choose a strategy according to information the kernel does not >>> necessarily have, and enables to implement various (possibly complex) >>> policies. >>> >> >> If we add a user API for the current lookup mechanism, we will stick >> with this because we can't change it anymore without breaking userspace. >> So I don't want to add one before we finally decided on a long term >> lookup mechanism for IPsec. > > You could have a user API call to find the list of available mechanisms > as well as one that returns/sets the current one. > Then there is no actual requirement to continue to support any specific one. > > David Hi David, It sounds like a brilliant idea, since we will probably need to support several types of mechanisms. If nobody objects, I can start working on such API. Any preference on the type of API? (/proc, netlink, ioctl?...) Christophe -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists