lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <m234o0w2ue.fsf@dhcp-9273.meeting.ietf.org>
Date: Mon, 22 Jul 2024 07:29:02 -0700
From: Christian Hopps <chopps@...pps.org>
To: Michael Richardson <mcr@...delman.ca>
Cc: Christian Hopps <chopps@...pps.org>, netdev@...r.kernel.org,
 chopps@...n.net, devel@...ux-ipsec.org
Subject: Re: [devel-ipsec] xfrm/ipsec/iptfs and some new sysctls


After talking this over some more with Steffen, we've decided to just remove the new sysctl's for now.

Thanks,
Chris.

Michael Richardson <mcr@...delman.ca> writes:

> [[PGP Signed Part:Signature made by expired key 954CE156FDFC4290 Michael Richardson (Low Security Key) <mcr+travel@...delman.ca>]]
>
> I think that:
> xfrm_iptfs_reorder_window
> and
> xfrm_iptfs_drop_time
> are parameters about receiving.
>
> While
> xfrm_iptfs_init_delay
> and
> xfrm_iptfs_max_qsize
>
> are parameters about sender stuff.. I think the names should include that
> indication.   "xfrm_iptfs_sender_init_delay" maybe.
> 1M byte default for max_qsize feels big, it's 1000 x 1K packets.
> I realize that isn't a lot at 10Gb/s+.   I dunno.
>
> How do you plan to get feedback on whether the defaults are working?


Download attachment "signature.asc" of type "application/pgp-signature" (858 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ