From: Sabrina Dubroca <sd@queasysnail.net>
To: Antony Antony <antony@phenome.org>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>,
Antony Antony <antony.antony@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
netdev@vger.kernel.org, devel@linux-ipsec.org,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [devel-ipsec] [PATCH ipsec-next v6] xfrm: Add Direction to the SA in or out
Date: Thu, 11 Apr 2024 22:14:28 +0200 [thread overview]
Message-ID: <ZhhEpNPyKPDohQoH@hog> (raw)
In-Reply-To: <Zhe9LB97ik37hM3q@Antony2201.local>
2024-04-11, 12:36:28 +0200, Antony Antony wrote:
> On Thu, Apr 11, 2024 at 11:24:06AM +0200, Sabrina Dubroca wrote:
> > 2024-04-10, 18:59:00 +0200, Antony Antony wrote:
> > > On Wed, Apr 10, 2024 at 10:56:34AM +0200, Sabrina Dubroca wrote:
> > > > 2024-04-09, 19:23:04 +0200, Antony Antony wrote:
> > > > > > xfrma_policy is convenient but not all attributes are valid for all
> > > > > > requests. Old attributes can't be changed, but we should try to be
> > > > > > more strict when we introduce new attributes.
> > > > >
> > > > > To clarify your feedback, are you suggesting the API should not permit
> > > > > XFRMA_SA_DIR for methods like XFRM_MSG_DELSA, and only allow it for
> > > > > XFRM_MSG_NEWSA and XFRM_MSG_UPDSA? I added XFRM_MSG_UPDSA, as it's used
> > > > > equivalently to XFRM_MSG_NEWSA by *swan.
> > > >
> > > > Not just DELSA, also all the *POLICY, ALLOCSPI, FLUSHSA, etc. NEWSA
> > > > and UPDSA should accept it, but I'm thinking none of the other
> > > > operations should. It's a property of SAs, not of other xfrm objects.
> > >
> > > For instance, there isn't a validation for unused XFRMA_SA_EXTRA_FLAGS in
> > > DELSA; if set, it's simply ignored. Similarly, if XFRMA_SA_DIR were set in
> > > DELSA, it would also be disregarded. Attempting to introduce validations for
> > > DELSA and other methods seems like an extensive cleanup task. Do we consider
> > > this level of validation within the scope of our current patch? It feels
> > > like we are going too far.
> >
> > No, I wouldn't introduce validation of other attributes. It doesn't
> > belong in this patch(set), and I'm not sure we can add it now as it
> > might break userspace (I don't see why userspace would pass
> > XFRMA_ALG_AEAD etc on a DELSA request, but if we never rejected it,
> > they could).
> >
> > But rejecting this new attribute from messages that don't handle it
> > would be good, and should be done in this patch/series.
>
> Definitely see the value in such feature in general, but it seems ambitious
> for this patch set.
I'm only talking about the new attribute here. Introducing validation
for all other attributes, yes, that's a completely separate thing (and
we can't do that immediately, we need to work toward it, see Paul's
suggestion).
> Currently, only NEWSA, UPDSA, and ALLOCSPI need
> XFRMA_SA_DIR. I am wondering how to reject this atrribute in remaining 20-22
> messages. Is there a precedent or example in xfrm_user.c for this kind of
> validation, or maybe a Netlink feature that lets us restrict NL attributes
> for a specific messages like DELSA.
I don't think there is, xfrm_user doesn't do that kind of validation yet.
There's an example in rtnl_valid_dump_net_req and
rtnl_net_valid_getid_req, where some attributes are rejected.
--
Sabrina
next prev parent reply other threads:[~2024-04-11 20:14 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-05 12:40 [PATCH ipsec-next v6] xfrm: Add Direction to the SA in or out Antony Antony
2024-04-05 13:31 ` Nicolas Dichtel
2024-04-05 21:56 ` Sabrina Dubroca
2024-04-06 12:36 ` [devel-ipsec] " Christian Hopps
2024-04-07 8:23 ` Antony Antony
2024-04-08 13:02 ` Sabrina Dubroca
2024-04-09 17:23 ` Antony Antony
2024-04-10 8:56 ` Sabrina Dubroca
2024-04-10 16:59 ` Antony Antony
2024-04-10 21:41 ` Christian Hopps
2024-04-11 0:58 ` Paul Wouters
2024-04-11 9:23 ` Sabrina Dubroca
2024-04-11 11:03 ` Steffen Klassert
2024-04-11 9:24 ` Sabrina Dubroca
2024-04-11 10:36 ` Antony Antony
2024-04-11 20:14 ` Sabrina Dubroca [this message]
2024-04-11 10:57 ` Steffen Klassert
2024-04-10 6:27 ` Nicolas Dichtel
2024-04-10 7:26 ` Sabrina Dubroca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZhhEpNPyKPDohQoH@hog \
--to=sd@queasysnail.net \
--cc=antony.antony@secunet.com \
--cc=antony@phenome.org \
--cc=davem@davemloft.net \
--cc=devel@linux-ipsec.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.