| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Sep 2021 11:55:51 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: antony.antony@...unet.com
Cc: steffen.klassert@...unet.com, davem@...emloft.net, kuba@...nel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH ipsec v3 0/2] xfrm: fix uapi for the default policy
Le 15/09/2021 à 11:19, Antony Antony a écrit :
> Hi Nicolas,
>
> On Tue, Sep 14, 2021 at 16:46:32 +0200, Nicolas Dichtel wrote:
>> This feature has just been merged after the last release, thus it's still
>> time to fix the uapi.
>> As stated in the thread, the uapi is based on some magic values (from the
>> userland POV).
>
> I like your proposal to make uapi 3 different variables, instead of flags.
>
> This fix leave kernel internal representation as a flags in
> struct netns_xfrm
> u8 policy_default;
>
> I have a concern. If your patch is applied, the uapi and xfrm internal representations would be inconsistant. I think they should be the same in this case.
I agree.
> It would easier to follow the code path.
> On the other hand we should apply this uapi change ASAP, in 5.15 release cycle, to avoid ABI change.
I also agree.
>
> Could you also change xfrm policy_default to three variables?
Yes, I propose to send a follow up on ipsec-next once this series is applied.
The internal representation could be changed later, I prefer to keep this change
minimal for the ipsec tree.
Thank you,
Nicolas
Powered by blists - more mailing lists