* IPSec questions and comments
@ 2021-07-24 1:01 Corey Minyard
2021-07-24 2:40 ` Eyal Birger
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Corey Minyard @ 2021-07-24 1:01 UTC (permalink / raw)
To: Steffen Klassert, Herbert Xu, David S. Miller; +Cc: linux-kernel, netdev
<herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Bcc:
Subject: IPSec questions
Reply-To: minyard@acm.org
I've been going through the XFRM code trying to understand it. I've
been documenting things in the code as I go.
I have a specific usage question, then a general question:
1) In struct xfrm_dst, what is the difference between the route and path
fields? From what I can tell, in the first element of a bundle they
will both point the route the packet will take after it has been
transformed. In the other elements of a bundle, route is the same as in
the first element and path will be NULL. Is this really the intent?
Can path just be eliminated?
2) This code is really hard to understand. Nobody should have to go
through what I'm going through. If I can convince my employer to allow
me to submit the comments I'm adding, would that be something acceptable?
It would obviously take a lot of time to review. If nobody's going to
have the time to review it, I don't need to put forth the extra effort
to make it submittable.
Thanks,
-corey
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: IPSec questions and comments
2021-07-24 1:01 IPSec questions and comments Corey Minyard
@ 2021-07-24 2:40 ` Eyal Birger
[not found] ` <91bce7da-163d-dee3-5309-ebcf27de1abb@gmail.com>
2021-07-26 8:13 ` IPSec questions and comments Steffen Klassert
2 siblings, 0 replies; 5+ messages in thread
From: Eyal Birger @ 2021-07-24 2:40 UTC (permalink / raw)
To: Corey Minyard
Cc: Steffen Klassert, Herbert Xu, David S. Miller, linux-kernel,
Linux Kernel Network Developers
Ho Corey,
On Sat, Jul 24, 2021 at 4:02 AM Corey Minyard <minyard@acm.org> wrote:
> 1) In struct xfrm_dst, what is the difference between the route and path
> fields? From what I can tell, in the first element of a bundle they
> will both point the route the packet will take after it has been
> transformed. In the other elements of a bundle, route is the same as in
> the first element and path will be NULL. Is this really the intent?
> Can path just be eliminated?
For non-transport modes - such as tunnel - 'route' and 'path' won't be the
same in the first element (xdst0): 'route' will be the original dst and
'path' will be the route the transformed packet will take. the dst is
overridden in the xfrm_dst_lookup() call within xfrm_bundle_create(), after
xdst->route had been set.
AFAICT, the intent for the 'path' member is described in commit
0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst") - essentially
'path' contains the reference to the underlay route from the topmost bundle
member avoiding a walk through the child chain when needed.
Hope this helps.
Eyal.
^ permalink raw reply [flat|nested] 5+ messages in thread
* question about configuring multiple interfaces on a host within the same ipv6 sub-net
[not found] ` <91bce7da-163d-dee3-5309-ebcf27de1abb@gmail.com>
@ 2021-07-24 6:15 ` hui wang
2021-07-25 2:32 ` hui wang
0 siblings, 1 reply; 5+ messages in thread
From: hui wang @ 2021-07-24 6:15 UTC (permalink / raw)
To: netdev
Hi All
I have an host (running centos8), it has multiple interfaces connecting
to the same IPv6 sub-net. Different IPv6 addresses are statically
assigned to these interfaces. All these interfaces are assigned with the
same gateway address.
I'd like to config the routing policy so that:
All packets with source IP address specified goes out via the
interface where the source IP address was assigned to.
When source IP address is not specified by application. (ex. TCP
sync packet), different interfaces' IP address is picked (as source IP
address) randomly (if the destination IP address is different).
How do I config routing policy to achieve these in such an environment.
Please let me know if there are more appropriate mail lists for my question.
Thanks,
Hui
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: question about configuring multiple interfaces on a host within the same ipv6 sub-net
2021-07-24 6:15 ` question about configuring multiple interfaces on a host within the same ipv6 sub-net hui wang
@ 2021-07-25 2:32 ` hui wang
0 siblings, 0 replies; 5+ messages in thread
From: hui wang @ 2021-07-25 2:32 UTC (permalink / raw)
To: netdev
On 7/23/21 11:15 PM, hui wang wrote:
> Hi All
>
> I have an host (running centos8), it has multiple interfaces
> connecting to the same IPv6 sub-net. Different IPv6 addresses are
> statically assigned to these interfaces. All these interfaces are
> assigned with the same gateway address.
>
> I'd like to config the routing policy so that:
>
> All packets with source IP address specified goes out via the
> interface where the source IP address was assigned to.
> When source IP address is not specified by application. (ex. TCP
> sync packet)
when connect() called without binding to an ip address
> , different interfaces' IP address is picked (as source IP address)
> randomly (if the destination IP address is different).
>
> How do I config routing policy to achieve these in such an environment.
>
> Please let me know if there are more appropriate mail lists for my
> question.
>
> Thanks,
>
> Hui
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: IPSec questions and comments
2021-07-24 1:01 IPSec questions and comments Corey Minyard
2021-07-24 2:40 ` Eyal Birger
[not found] ` <91bce7da-163d-dee3-5309-ebcf27de1abb@gmail.com>
@ 2021-07-26 8:13 ` Steffen Klassert
2 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2021-07-26 8:13 UTC (permalink / raw)
To: Corey Minyard; +Cc: Herbert Xu, David S. Miller, linux-kernel, netdev
On Fri, Jul 23, 2021 at 08:01:17PM -0500, Corey Minyard wrote:
> <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>
> Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
> Bcc:
> Subject: IPSec questions
> Reply-To: minyard@acm.org
>
> I've been going through the XFRM code trying to understand it. I've
> been documenting things in the code as I go.
>
> I have a specific usage question, then a general question:
>
> 1) In struct xfrm_dst, what is the difference between the route and path
> fields? From what I can tell, in the first element of a bundle they
> will both point the route the packet will take after it has been
> transformed. In the other elements of a bundle, route is the same as in
> the first element and path will be NULL. Is this really the intent?
> Can path just be eliminated?
Eyal gave a good explanation of this.
>
> 2) This code is really hard to understand. Nobody should have to go
> through what I'm going through. If I can convince my employer to allow
> me to submit the comments I'm adding, would that be something acceptable?
> It would obviously take a lot of time to review. If nobody's going to
> have the time to review it, I don't need to put forth the extra effort
> to make it submittable.
Documentation is always welcome. If you submit your documentation
in small reviewable patches, then it should be accepted and merged
over time.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-07-26 8:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-24 1:01 IPSec questions and comments Corey Minyard
2021-07-24 2:40 ` Eyal Birger
[not found] ` <91bce7da-163d-dee3-5309-ebcf27de1abb@gmail.com>
2021-07-24 6:15 ` question about configuring multiple interfaces on a host within the same ipv6 sub-net hui wang
2021-07-25 2:32 ` hui wang
2021-07-26 8:13 ` IPSec questions and comments Steffen Klassert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.