| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZVHNI7NaK/KtABIL@gauss3.secunet.de> Date: Mon, 13 Nov 2023 08:15:47 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: Christian Hopps <chopps@...pps.org> CC: <devel@...ux-ipsec.org>, <netdev@...r.kernel.org>, Christian Hopps <chopps@...n.net> Subject: Re: [RFC ipsec-next v2 0/8] Add IP-TFS mode to xfrm On Sun, Nov 12, 2023 at 10:52:11PM -0500, Christian Hopps wrote: > From: Christian Hopps <chopps@...n.net> > > This patchset adds a new xfrm mode implementing on-demand IP-TFS. IP-TFS > (AggFrag encapsulation) has been standardized in RFC9347. > > Link: https://www.rfc-editor.org/rfc/rfc9347.txt > > This feature supports demand driven (i.e., non-constant send rate) IP-TFS to > take advantage of the AGGFRAG ESP payload encapsulation. This payload type > supports aggregation and fragmentation of the inner IP packet stream which in > turn yields higher small-packet bandwidth as well as reducing MTU/PMTU issues. > Congestion control is unimplementated as the send rate is demand driven rather > than constant. > > In order to allow loading this fucntionality as a module a set of callbacks > xfrm_mode_cbs has been added to xfrm as well. I did a multiple days peer review with Chris on this pachset. So my concerns are already addressed. Further reviews are welcome! This is a bigger change and it would be nice if more people could look at it. Thanks!
Powered by blists - more mailing lists