| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180604.085822.1374283424905473397.davem@davemloft.net>
Date: Mon, 04 Jun 2018 08:58:22 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: steffen.klassert@...unet.com
Cc: netdev@...r.kernel.org, eyal.birger@...il.com, antony@...nome.org,
benedictwong@...gle.com, lorenzo@...gle.com,
shannon.nelson@...cle.com
Subject: Re: [PATCH RFC ipsec-next 0/3] Virtual xfrm interfaces
From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Mon, 4 Jun 2018 08:09:07 +0200
> This patchset introduces new virtual xfrm interfaces.
> The design of virtual xfrm interfaces interfaces was
> discussed at the Linux IPsec workshop 2018. This patchset
> implements these interfaces as the IPsec userspace and
> kernel developers agreed. The purpose of these interfaces
> is to overcome the design limitations that the existing
> VTI devices have.
>
> We had two presentations about xfrm interfaces at
> the workshop. Slides with further informations
> can be found at the workshop homepage:
>
> https://workshop.linux-ipsec.org/2018/
First off, you will have to describe in detail what the VTI
limitations are and how these new devices overcome them in this commit
message.
You can't just say "we discussed this over there, go take a look".
The place people "take a look" is your text here.
Second, since you didn't explain things, I have to ask. Why is a new
special ID even necessary? It makes the flowi bigger, and adds all of
this new logic.
All netdevs have an ifindex and you should be able to find a way to
use the ifindex of these new devices in the key somehow.
Thanks.
Powered by blists - more mailing lists