| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 May 2022 08:17:42 +0300
From: Leon Romanovsky <leon@...nel.org>
To: Steffen Klassert <steffen.klassert@...unet.com>
Cc: "David S . Miller" <davem@...emloft.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
netdev@...r.kernel.org, Raed Salem <raeds@...dia.com>,
ipsec-devel <devel@...ux-ipsec.org>
Subject: Re: [PATCH ipsec-next 6/6] xfrm: enforce separation between
priorities of HW/SW policies
On Fri, May 13, 2022 at 05:07:02PM +0200, Steffen Klassert wrote:
> On Tue, May 10, 2022 at 01:36:57PM +0300, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@...dia.com>
> >
> > Devices that implement IPsec full offload mode offload policies too.
> > In RX path, it causes to the situation that HW can't effectively handle
> > mixed SW and HW priorities unless users make sure that HW offloaded
> > policies have higher priorities.
> >
> > In order to make sure that users have coherent picture, let's require to
> > make sure that HW offloaded policies have always (both RX and TX) higher
> > priorities than SW ones.
>
> I'm still not sure whether splitting priorities in software and hardware
> is the right way to go. I fear we can get problems with corner cases we
> don't think about now. But OTOH I don't have a better idea. So maybe
> someone on the list has an opinion on that.
I see this patch as aid to catch wrong configurations of policy
priorities, at least for simple users. I didn't have a goal to
create full featured validator to don't add complexity where it
is not necessary.
Thanks
Powered by blists - more mailing lists