lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190917120413.GF2879@gauss3.secunet.de>
Date:   Tue, 17 Sep 2019 14:04:13 +0200
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     Sabrina Dubroca <sd@...asysnail.net>
CC:     <netdev@...r.kernel.org>, Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: [PATCH ipsec-next v2 6/6] xfrm: add espintcp (RFC 8229)

On Tue, Sep 17, 2019 at 01:57:43PM +0200, Sabrina Dubroca wrote:
> 2019-09-17, 13:26:49 +0200, Steffen Klassert wrote:
> > On Wed, Sep 11, 2019 at 04:13:07PM +0200, Sabrina Dubroca wrote:
> > ...
> > > diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
> > > index 51bb6018f3bf..e67044527fb7 100644
> > > --- a/net/xfrm/Kconfig
> > > +++ b/net/xfrm/Kconfig
> > > @@ -73,6 +73,16 @@ config XFRM_IPCOMP
> > >  	select CRYPTO
> > >  	select CRYPTO_DEFLATE
> > >  
> > > +config XFRM_ESPINTCP
> > > +	bool "ESP in TCP encapsulation (RFC 8229)"
> > > +	depends on XFRM && INET_ESP
> > > +	select STREAM_PARSER
> > > +	select NET_SOCK_MSG
> > > +	help
> > > +	  Support for RFC 8229 encapsulation of ESP and IKE over TCP sockets.
> > > +
> > > +	  If unsure, say N.
> > > +
> > 
> > One nitpick: This is IPv4 only, so please move this below the ESP
> > section in net/ipv4/Kconfig and use the naming convention there.
> > I.e. bool "IP: ESP in TCP encapsulation (RFC 8229)"
> 
> That's temporary, though, the next step will be to make it work for
> both IPv4 and IPv6. Do you prefer I move it to net/ipv4/Kconfig for
> now, and then back to net/xfrm/Kconfig when I add IPv6 support?

We have separate config options for ESP4 and ESP6, so we should
also have separate config options for 'ESP in TCP' for IPv4 and IPv6.
So this should go to net/ipv4/Kconfig. When you add IPv6 support
place it in net/ipv6/Kconfig.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ