Re: [RFCv2 1/9] tcp: authopt: Initial support and key management

[RFCv2 0/9] tcp: Initial support for RFC5925 auth option · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 1/9] tcp: authopt: Initial support and key management · Leonard Crestez <hidden> · 2021-08-09
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Dmitry Safonov <hidden> · 2021-08-10
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Leonard Crestez <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · David Ahern <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Leonard Crestez <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Dmitry Safonov <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · David Ahern <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Dmitry Safonov <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · David Ahern <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Dmitry Safonov <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · David Ahern <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Leonard Crestez <hidden> · 2021-08-11
Re: [RFCv2 1/9] tcp: authopt: Initial support and key management · Leonard Crestez <hidden> · 2021-08-12
[RFCv2 2/9] docs: Add user documentation for tcp_authopt · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 4/9] tcp: authopt: Compute packet signatures · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 3/9] tcp: authopt: Add crypto initialization · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 5/9] tcp: authopt: Hook into tcp core · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 7/9] tcp: authopt: Add snmp counters · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 6/9] tcp: authopt: Add key selection controls · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 8/9] selftests: Initial TCP-AO support for nettest · Leonard Crestez <hidden> · 2021-08-09
[RFCv2 9/9] selftests: Initial TCP-AO support for fcnal-test · Leonard Crestez <hidden> · 2021-08-09
Re: [RFCv2 9/9] selftests: Initial TCP-AO support for fcnal-test · David Ahern <hidden> · 2021-08-11
Re: [RFCv2 9/9] selftests: Initial TCP-AO support for fcnal-test · Leonard Crestez <hidden> · 2021-08-11

From: Dmitry Safonov <hidden>
Date: 2021-08-11 20:26:17
Also in: lkml, netdev

On 8/11/21 8:11 PM, Leonard Crestez wrote:

On 11.08.2021 16:42, David Ahern wrote:

[..]

quoted

any proposed simplification needs to be well explained and how it
relates to the RFC spec.

The local_id only exists between userspace and kernel so it's not really
covered by the RFC.

There are objections to this and it seems to be unhelpful for userspace
zo I will replace it with match by binding.

BTW: another somewhat dubious simplification is that I offloaded the RFC
requirement to never add overlapping keys to userspace. So if userspace
adds keys with same recvid that match the same TCP 4-tuple then
connections will just start failing.

It's arguably fine to allow userspace misconfiguration to cause failures.

I think it's fine. But worth documenting. Also, keep in mind that
someone in userspace with his funny ideas might start relying on such
behavior in future.

Thanks,
        Dmitry

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help