lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Sep 2019 13:57:43 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: netdev@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: [PATCH ipsec-next v2 6/6] xfrm: add espintcp (RFC 8229) 2019-09-17, 13:26:49 +0200, Steffen Klassert wrote: > On Wed, Sep 11, 2019 at 04:13:07PM +0200, Sabrina Dubroca wrote: > ... > > diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig > > index 51bb6018f3bf..e67044527fb7 100644 > > --- a/net/xfrm/Kconfig > > +++ b/net/xfrm/Kconfig > > @@ -73,6 +73,16 @@ config XFRM_IPCOMP > > select CRYPTO > > select CRYPTO_DEFLATE > > > > +config XFRM_ESPINTCP > > + bool "ESP in TCP encapsulation (RFC 8229)" > > + depends on XFRM && INET_ESP > > + select STREAM_PARSER > > + select NET_SOCK_MSG > > + help > > + Support for RFC 8229 encapsulation of ESP and IKE over TCP sockets. > > + > > + If unsure, say N. > > + > > One nitpick: This is IPv4 only, so please move this below the ESP > section in net/ipv4/Kconfig and use the naming convention there. > I.e. bool "IP: ESP in TCP encapsulation (RFC 8229)" That's temporary, though, the next step will be to make it work for both IPv4 and IPv6. Do you prefer I move it to net/ipv4/Kconfig for now, and then back to net/xfrm/Kconfig when I add IPv6 support? > Everything else looks very good! Thanks! -- Sabrina
Powered by blists - more mailing lists