lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZtXDFWpPVdlNE8NP@Antony2201.local>
Date: Mon, 2 Sep 2024 15:52:21 +0200
From: Antony Antony <antony@...nome.org>
To: Eyal Birger <eyal.birger@...il.com>
Cc: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
	davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
	dsahern@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
	devel@...ux-ipsec.org
Subject: Re: [devel-ipsec] [PATCH ipsec, v2 0/2] xfrm: respect ip proto rules
 criteria in xfrm dst lookups

On Mon, Sep 02, 2024 at 04:07:17AM -0700, Eyal Birger via Devel wrote:
> This series fixes the route lookup when done for xfrm to regard
> L4 criteria specified in ip rules.

Hi Eyal,
This isn't a review of the patch set, instead curiosity about use cases.
This sounds interesting. Would you like to elaborate on the use cases 
supported in this patch? From what I understand so far, it seems related to 
'ip rule', but I'm wondering about possible use cases: inner packet routing 
rule of tunnel? May be you could explain it at the IPsec coffee hour or 
share some use case or test script.

Is this only for route based IPsec, i.e. with xfrmi interface, or also for a 
policy based without route use cases. In the later case there were 
discussions why do we need a route for the inner packet.

-antony

> 
> The first patch is a minor refactor to allow passing more parameters
> to dst lookup functions.
> The second patch actually passes L4 information to these lookup functions.
> 
> Signed-off-by: Eyal Birger <eyal.birger@...il.com>
> 
> ---
> 
> v2: fix first patch based on reviews from Steffen Klassert and
>     Simon Horman
> 
> Eyal Birger (2):
>   xfrm: extract dst lookup parameters into a struct
>   xfrm: respect ip protocols rules criteria when performing dst lookups
> 
>  include/net/xfrm.h      | 28 ++++++++++++-----------
>  net/ipv4/xfrm4_policy.c | 40 +++++++++++++++------------------
>  net/ipv6/xfrm6_policy.c | 31 +++++++++++++-------------
>  net/xfrm/xfrm_device.c  | 11 ++++++---
>  net/xfrm/xfrm_policy.c  | 49 +++++++++++++++++++++++++++++++----------
>  5 files changed, 94 insertions(+), 65 deletions(-)
> 
> -- 
> 2.34.1
> 
> -- 
> Devel mailing list
> Devel@...ux-ipsec.org
> https://linux-ipsec.org/mailman/listinfo/devel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ