Re: [RFCv2 1/9] tcp: authopt: Initial support and key management

From: Dmitry Safonov
Date: Wed Aug 11 2021 - 16:26:17 EST

Next message: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Previous message: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
In reply to: Leonard Crestez: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Next in thread: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/11/21 8:11 PM, Leonard Crestez wrote:
> On 11.08.2021 16:42, David Ahern wrote:
[..]
>>
>> any proposed simplification needs to be well explained and how it
>> relates to the RFC spec.
>
> The local_id only exists between userspace and kernel so it's not really
> covered by the RFC.
>
> There are objections to this and it seems to be unhelpful for userspace
> zo I will replace it with match by binding.
>
> BTW: another somewhat dubious simplification is that I offloaded the RFC
> requirement to never add overlapping keys to userspace. So if userspace
> adds keys with same recvid that match the same TCP 4-tuple then
> connections will just start failing.
>
> It's arguably fine to allow userspace misconfiguration to cause failures.

I think it's fine. But worth documenting. Also, keep in mind that
someone in userspace with his funny ideas might start relying on such
behavior in future.

Thanks,
Dmitry

Next message: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Previous message: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
In reply to: Leonard Crestez: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Next in thread: David Ahern: "Re: [RFCv2 1/9] tcp: authopt: Initial support and key management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]