From: Steffen Klassert <steffen.klassert@secunet.com>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Sabrina Dubroca <sd@queasysnail.net>, <antony.antony@secunet.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
<netdev@vger.kernel.org>, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
<devel@linux-ipsec.org>, Leon Romanovsky <leon@kernel.org>,
Eyal Birger <eyal.birger@gmail.com>
Subject: Re: [PATCH ipsec-next v9] xfrm: Add Direction to the SA in or out
Date: Thu, 11 Apr 2024 11:31:35 +0200 [thread overview]
Message-ID: <Zhet98MkJUQeAcFC@gauss3.secunet.de> (raw)
In-Reply-To: <4f23c994-5f1a-4b91-9af9-d9d577a6121a@6wind.com>
On Thu, Apr 11, 2024 at 11:05:02AM +0200, Nicolas Dichtel wrote:
> Le 11/04/2024 à 09:22, Steffen Klassert a écrit :
> > On Wed, Apr 10, 2024 at 10:37:27AM +0200, Nicolas Dichtel wrote:
> >> Le 10/04/2024 à 10:17, Sabrina Dubroca a écrit :
> >> [snip]
> >>>> Why isn't it possible to restrict the use of an input SA to the input path and
> >>>> output SA to xmit path?
> >>>
> >>> Because nobody has written a patch for it yet :)
> >>>
> >> For me, it should be done in this patch/series ;-)
> >
> > I tend to disagree here. Adding the direction as a lookup key
> > is IMO beyond the scope of this patch. That's complicated and
> > would defer this series by months. Given that the upcomming IPTFS
> > implementation has a lot of direction specific config options,
> > it makes sense to take that this patch now. Otherwise we have the
> > direction specific options in input and output states forever.
> I don't understand why the direction could not be mandatory and checked for new
> options only (offload, iptfs, etc.) and reject for legacy use cases.
Because every state has a direction and it should be marked explictly.
As said, IMO it should have been like that from the beginning.
next prev parent reply other threads:[~2024-04-11 9:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 17:56 [PATCH ipsec-next v9] xfrm: Add Direction to the SA in or out Antony Antony
2024-04-10 6:32 ` Nicolas Dichtel
2024-04-10 7:26 ` Sabrina Dubroca
2024-04-10 7:35 ` Nicolas Dichtel
2024-04-10 8:17 ` Sabrina Dubroca
2024-04-10 8:37 ` Nicolas Dichtel
2024-04-10 8:57 ` Sabrina Dubroca
2024-04-10 13:52 ` [devel-ipsec] " Paul Wouters
2024-04-11 7:23 ` Steffen Klassert
2024-04-11 7:22 ` Steffen Klassert
2024-04-11 9:05 ` Nicolas Dichtel
2024-04-11 9:31 ` Steffen Klassert [this message]
2024-04-11 7:14 ` Steffen Klassert
2024-04-11 9:01 ` Nicolas Dichtel
2024-04-11 9:04 ` Steffen Klassert
2024-04-11 9:36 ` Antony Antony
2024-04-11 9:35 ` Antony Antony
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zhet98MkJUQeAcFC@gauss3.secunet.de \
--to=steffen.klassert@secunet.com \
--cc=antony.antony@secunet.com \
--cc=davem@davemloft.net \
--cc=devel@linux-ipsec.org \
--cc=edumazet@google.com \
--cc=eyal.birger@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).