* [PATCH] Host Identity Protocol @ 2005-03-15 8:13 Andrei Gurtov 2005-03-15 8:36 ` Pekka Savola 2005-03-20 16:08 ` [Infrahip] " Miika Komu 0 siblings, 2 replies; 10+ messages in thread From: Andrei Gurtov @ 2005-03-15 8:13 UTC (permalink / raw) To: netdev; +Cc: infrahip Hi, Please have a look at Host Identity Protocol, a better solution for secure mobility and multihoming than Mobile IP. http://hipl.hiit.fi/hipl/release/kernel-patches/linux-2.6.10-hipl-0.1.patch Project info: http://infrahip.hiit.fi/ Specs: http://hip.piuha.net/drafts/ Andrei ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] Host Identity Protocol 2005-03-15 8:13 [PATCH] Host Identity Protocol Andrei Gurtov @ 2005-03-15 8:36 ` Pekka Savola 2005-03-15 9:04 ` [Infrahip] " Miika Komu 2005-03-15 12:56 ` Miika Komu 2005-03-20 16:08 ` [Infrahip] " Miika Komu 1 sibling, 2 replies; 10+ messages in thread From: Pekka Savola @ 2005-03-15 8:36 UTC (permalink / raw) To: Andrei Gurtov; +Cc: netdev, infrahip On Tue, 15 Mar 2005, Andrei Gurtov wrote: > Please have a look at Host Identity Protocol, a better solution for secure > mobility and multihoming than Mobile IP. > > http://hipl.hiit.fi/hipl/release/kernel-patches/linux-2.6.10-hipl-0.1.patch Please clean up the patch :). It has tons of changes which have nothing to do with HIP. Maybe it was diffed against the wrong tree? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] Re: [PATCH] Host Identity Protocol 2005-03-15 8:36 ` Pekka Savola @ 2005-03-15 9:04 ` Miika Komu 2005-03-15 12:56 ` Miika Komu 1 sibling, 0 replies; 10+ messages in thread From: Miika Komu @ 2005-03-15 9:04 UTC (permalink / raw) To: Pekka Savola; +Cc: Andrei Gurtov, netdev, infrahip On Tue, 15 Mar 2005, Pekka Savola wrote: > On Tue, 15 Mar 2005, Andrei Gurtov wrote: > > Please have a look at Host Identity Protocol, a better solution for secure > > mobility and multihoming than Mobile IP. > > > > http://hipl.hiit.fi/hipl/release/kernel-patches/linux-2.6.10-hipl-0.1.patch > > Please clean up the patch :). It has tons of changes which have > nothing to do with HIP. Maybe it was diffed against the wrong tree? My apologies, I'll clean the patch today. It was created against the correct tree, but we have a separate repository that has accumulated some deleted files from older kernel versions. -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] Re: [PATCH] Host Identity Protocol 2005-03-15 8:36 ` Pekka Savola 2005-03-15 9:04 ` [Infrahip] " Miika Komu @ 2005-03-15 12:56 ` Miika Komu 1 sibling, 0 replies; 10+ messages in thread From: Miika Komu @ 2005-03-15 12:56 UTC (permalink / raw) To: Pekka Savola; +Cc: Andrei Gurtov, netdev, infrahip On Tue, 15 Mar 2005, Pekka Savola wrote: > On Tue, 15 Mar 2005, Andrei Gurtov wrote: > > Please have a look at Host Identity Protocol, a better solution for secure > > mobility and multihoming than Mobile IP. > > > > http://hipl.hiit.fi/hipl/release/kernel-patches/linux-2.6.10-hipl-0.1.patch > > Please clean up the patch :). It has tons of changes which have > nothing to do with HIP. Maybe it was diffed against the wrong tree? Fixed. I replaced the old patch with a clean one. -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-15 8:13 [PATCH] Host Identity Protocol Andrei Gurtov 2005-03-15 8:36 ` Pekka Savola @ 2005-03-20 16:08 ` Miika Komu 2005-03-20 17:42 ` YOSHIFUJI Hideaki / 吉藤英明 1 sibling, 1 reply; 10+ messages in thread From: Miika Komu @ 2005-03-20 16:08 UTC (permalink / raw) To: Andrei Gurtov; +Cc: netdev, infrahip On Tue, 15 Mar 2005, Andrei Gurtov wrote: > Please have a look at Host Identity Protocol, a better solution for > secure mobility and multihoming than Mobile IP. > > http://hipl.hiit.fi/hipl/release/kernel-patches/linux-2.6.10-hipl-0.1.patch > > Project info: http://infrahip.hiit.fi/ I made the release directory structure more usable. The latest patch can be found from: http://infrahip.hiit.fi/hipl/release/0.1.2/linux-2.6.10-hipl-0.1.2.patch All feedback is welcome. -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-20 16:08 ` [Infrahip] " Miika Komu @ 2005-03-20 17:42 ` YOSHIFUJI Hideaki / 吉藤英明 2005-03-21 4:03 ` David S. Miller 0 siblings, 1 reply; 10+ messages in thread From: YOSHIFUJI Hideaki / 吉藤英明 @ 2005-03-20 17:42 UTC (permalink / raw) To: miika; +Cc: gurtov, netdev, infrahip, yoshfuji In article <Pine.GSO.4.58.0503201805240.1521@kekkonen.cs.hut.fi> (at Sun, 20 Mar 2005 18:08:30 +0200 (EET)), Miika Komu <miika@iki.fi> says: > On Tue, 15 Mar 2005, Andrei Gurtov wrote: > > > Please have a look at Host Identity Protocol, a better solution for > > secure mobility and multihoming than Mobile IP. : > I made the release directory structure more usable. The latest patch can > be found from: > > http://infrahip.hiit.fi/hipl/release/0.1.2/linux-2.6.10-hipl-0.1.2.patch I think you're doing great work. However, all signaling should be handled in userspace as we (will) do for MIP6. -- Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org> GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-20 17:42 ` YOSHIFUJI Hideaki / 吉藤英明 @ 2005-03-21 4:03 ` David S. Miller 2005-03-22 14:08 ` Miika Komu 0 siblings, 1 reply; 10+ messages in thread From: David S. Miller @ 2005-03-21 4:03 UTC (permalink / raw) To: yoshfuji; +Cc: miika, gurtov, netdev, infrahip On Mon, 21 Mar 2005 02:42:41 +0900 (JST) YOSHIFUJI Hideaki / ^[$B5HF#1QL@^[(B <yoshfuji@linux-ipv6.org> wrote: > However, all signaling should be handled in userspace as we (will) do for MIP6. Yes, I've been telling them similarly in a private email discussion. I'm very glad someone else says this too, so I don't appear as the only person who feels this way :-) ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-21 4:03 ` David S. Miller @ 2005-03-22 14:08 ` Miika Komu 2005-03-22 17:20 ` David S. Miller 2005-03-22 17:57 ` YOSHIFUJI Hideaki / 吉藤英明 0 siblings, 2 replies; 10+ messages in thread From: Miika Komu @ 2005-03-22 14:08 UTC (permalink / raw) To: David S. Miller; +Cc: yoshfuji, Andrei Gurtov, netdev, infrahip On Sun, 20 Mar 2005, David S. Miller wrote: > On Mon, 21 Mar 2005 02:42:41 +0900 (JST) > YOSHIFUJI Hideaki / µÈÆ£±ÑÌÀ <yoshfuji@linux-ipv6.org> wrote: > > > However, all signaling should be handled in userspace as we (will) do > > for MIP6. > > Yes, I've been telling them similarly in a private > email discussion. I'm very glad someone else says > this too, so I don't appear as the only person who > feels this way :-) Thank you, David and Yoshifugi, for your feedback. Please accept my apologies for my late response. I am having difficulties in digesting the counterarguments against the kernel based approach because of the lack of detailed reasoning and ambiguities. Yes, MIP6 and IKE signalling is handled in the userspace, but the same is not true for SCTP (lksctp). At the same time, Linux is a monolithic kernel instead of microkernel architecture. Finally, good engineering practise is to put everything in the userspace, unless there is good reason for putting it in to the kernelspace. We don't currently have concrete measurements (comparing userspace and kernelspace approaches) to justify our kernel oriented approach, so we will have to get back to you later with some figures. If the results show that an userspace implementation is superior to a kernel based approach in terms of security or performance, we may have rewrite the code to the userspace. In the mean time, do you happen to know any good references where any userspace network protocol implementation has been compared and measured against a kernelspace implementation? It would be a good starting point for us. I would like to mention that lksctp was implemented in the 2.6 kernel because of better performance and tighter integration to the socket API. We are dealing with similar issues with HIPL but seems like we need to justify the reasons by analyzing and measuring. In addition, security issues (DoS protection, user supplied public keys, etc) are taken pretty seriously in HIP and may benefit from a kernel oriented approach. -- Miika Komu miika@iki.fi http://www.iki.fi/miika/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-22 14:08 ` Miika Komu @ 2005-03-22 17:20 ` David S. Miller 2005-03-22 17:57 ` YOSHIFUJI Hideaki / 吉藤英明 1 sibling, 0 replies; 10+ messages in thread From: David S. Miller @ 2005-03-22 17:20 UTC (permalink / raw) To: Miika Komu; +Cc: yoshfuji, gurtov, netdev, infrahip On Tue, 22 Mar 2005 16:08:31 +0200 (EET) Miika Komu <miika@iki.fi> wrote: > Yes, MIP6 and IKE signalling is handled in the userspace, but > the same is not true for SCTP (lksctp). SCTP is a network protocol used for data transfer. HIP is a signalling mechanism used to setup configuration. > engineering practise is to put everything in the userspace, unless there > is good reason for putting it in to the kernelspace. > > We don't currently have concrete measurements (comparing userspace and > kernelspace approaches) to justify our kernel oriented approach, so we > will have to get back to you later with some figures. If the results show > that an userspace implementation is superior to a kernel based approach in > terms of security or performance, we may have rewrite the code to the > userspace. In the mean time, do you happen to know any good references > where any userspace network protocol implementation has been compared and > measured against a kernelspace implementation? It would be a good starting > point for us. > > I would like to mention that lksctp was implemented in the 2.6 kernel > because of better performance and tighter integration to the socket API. > We are dealing with similar issues with HIPL but seems like we need to > justify the reasons by analyzing and measuring. In addition, security > issues (DoS protection, user supplied public keys, etc) are taken pretty > seriously in HIP and may benefit from a kernel oriented approach. > > -- > Miika Komu miika@iki.fi http://www.iki.fi/miika/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Infrahip] [PATCH] Host Identity Protocol 2005-03-22 14:08 ` Miika Komu 2005-03-22 17:20 ` David S. Miller @ 2005-03-22 17:57 ` YOSHIFUJI Hideaki / 吉藤英明 1 sibling, 0 replies; 10+ messages in thread From: YOSHIFUJI Hideaki / 吉藤英明 @ 2005-03-22 17:57 UTC (permalink / raw) To: miika; +Cc: davem, gurtov, netdev, infrahip, yoshfuji In article <Pine.GSO.4.58.0503221531020.19531@kekkonen.cs.hut.fi> (at Tue, 22 Mar 2005 16:08:31 +0200 (EET)), Miika Komu <miika@iki.fi> says: > will have to get back to you later with some figures. If the results show > that an userspace implementation is superior to a kernel based approach in > terms of security or performance, we may have rewrite the code to the And, IMHO, the most important argument is, probably, in terms of simplicity and universality of kernel part. e.g. MIP6 uses XFRM / stackable destination architecture as its fundamental infrastructure. They (simplicity and universality) are unlikely measurable, though. > justify the reasons by analyzing and measuring. In addition, security > issues (DoS protection, user supplied public keys, etc) are taken pretty > seriously in HIP and may benefit from a kernel oriented approach. I belive that we can find solutions to solve these issues (if any). --yoshfuji ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-03-22 17:57 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-03-15 8:13 [PATCH] Host Identity Protocol Andrei Gurtov 2005-03-15 8:36 ` Pekka Savola 2005-03-15 9:04 ` [Infrahip] " Miika Komu 2005-03-15 12:56 ` Miika Komu 2005-03-20 16:08 ` [Infrahip] " Miika Komu 2005-03-20 17:42 ` YOSHIFUJI Hideaki / 吉藤英明 2005-03-21 4:03 ` David S. Miller 2005-03-22 14:08 ` Miika Komu 2005-03-22 17:20 ` David S. Miller 2005-03-22 17:57 ` YOSHIFUJI Hideaki / 吉藤英明
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).