lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aQn6UT13b4kfLcwy@krikkit>
Date: Tue, 4 Nov 2025 14:06:25 +0100
From: Sabrina Dubroca <sd@...asysnail.net>
To: David Ahern <dsahern@...nel.org>
Cc: Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org,
	Steffen Klassert <steffen.klassert@...unet.com>
Subject: Re: [PATCH iproute2-next] ip-xfrm: add pcpu-num support

2025-11-03, 09:36:28 -0700, David Ahern wrote:
> On 11/3/25 2:48 AM, Sabrina Dubroca wrote:
> > 2025-10-30, 19:32:10 -0600, David Ahern wrote:
> >> On 10/30/25 5:51 PM, Sabrina Dubroca wrote:
> >>> With the netlink specs project, it's also maybe less attractive?
> >>> (netlink spec for ipsec is also on my todo list and I've given
> >>> it a look, ipxfrm conversion is probably easier)
> >>>
> >>
> >> That is an interesting question. I guess it depends on the long term
> >> expectations for the tooling. There is a lot to like about the specs.
> >> Does Red Hat include the commands in recent RHEL releases? ie., do we
> >> know of it gaining traction in the more "popular" OS releases?
> > 
> > Yes, it's present in the latest RHEL release and recent Fedoras.
> > (no idea what Debian and Ubuntu do)
> > 
> 
> That's a start. From there we need to figure out adoption rate. The
> legacy arp and ifconfig tools are still widely used despite requests to
> move to ip meaning habits are to break.

Ugh :/

> I would give the netlink spec priority.

Ok. I may end up doing the ipxfrm json conversion alongside
anyway. For the macsec spec I've been working on (still WIP), I've
used the json output of iproute to create some tests that compare it
to the ynl output (with some massaging required because the json
objects end up with slightly different names), which pointed out some
mistakes in the spec.  So I'll likely do the same kind of testing for
xfrm specs when I get to that stage.

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ