lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Apr 2021 18:41:18 +0800
From:   Hongren Zheng <i@...ithal.me>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] iptoken: Add doc on the conditions of iptoken

On Wed, Mar 31, 2021 at 03:26:02PM -0700, Stephen Hemminger wrote:
> It would be better if kernel provided the error messages through external ack
> of the netlink message,

Agreed.

> rather than providing potentially out of date
> recommendations on the man page.

I still think conditions for ip-token to be accepted and take
effect should be documented on the man page.

Errors in kernel extack only give hints to users in case they 
forget to configure some flags. For new users, a complete 
condition reference should be documented for them to
evaluate the use case of ip-token.
Also the autoconf flag would not prompt errors when the user
forgets to turn it on, this is unexpected when the user does
intend to use ip-token.

Even /proc/sys interface may be out of date, these conditions
may remain unchanged or only be altered slightly, hence
documenting them does not hurt.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ