Tuong, Ying I am ok with a kernel option, as long as it is enabled by default. I can imagine smaller embedded systems where the deployer want a small module, and encryption anyway is managed differently, or not at all.
///jon > -----Original Message----- > From: Tuong Lien Tong <tuong.t.l...@dektech.com.au> > Sent: 4-Nov-19 06:30 > To: 'Xue, Ying' <ying....@windriver.com>; > tipc-discussion@lists.sourceforge.net; Jon Maloy > <jon.ma...@ericsson.com>; ma...@donjonn.com > Subject: RE: [PATCH RFC 0/5] TIPC encryption > > Hi Ying, > > Thanks a lot for reviewing the series! > Your idea of a new kernel option is fine, but I'm not sure what its goal is. > The new code is already "disabled" > by default unless there's a key set by user, so it's generally still under > user's control... The advantage I can > see is the module's size but it is not that much (compared to the whole > kernel). On the other hand, we will > need to custom the kernel to get the feature on and some additional code for > the "ifdef...else..." > instructions. Do we really need the option? > > @Jon: What is your opinion about this? > > BR/Tuong > > -----Original Message----- > From: Xue, Ying <ying....@windriver.com> > Sent: Friday, November 1, 2019 9:20 PM > To: Tuong Lien <tuong.t.l...@dektech.com.au>; > tipc-discussion@lists.sourceforge.net; > jon.ma...@ericsson.com; ma...@donjonn.com > Subject: RE: [PATCH RFC 0/5] TIPC encryption > > Good job. > > This is a big and complex feature. Particularly for most of users who might > not consider to use this feature, > please consider to give them a choice to completely disable it by adding a > new kernel option like > TIPC_CRYPTO. > > Thanks, > Ying > > -----Original Message----- > From: Tuong Lien [mailto:tuong.t.l...@dektech.com.au] > Sent: Monday, October 14, 2019 7:07 PM > To: tipc-discussion@lists.sourceforge.net; jon.ma...@ericsson.com; > ma...@donjonn.com; Xue, Ying > Subject: [PATCH RFC 0/5] TIPC encryption > > This series provides TIPC encryption feature, kernel part. There will be > another one in the 'iproute2/tipc' for user space to set key. > > Tuong Lien (5): > tipc: add reference counter to bearer > tipc: enable creating a "preliminary" node > tipc: add new AEAD key structure for user API > tipc: introduce TIPC encryption & authentication > tipc: add support for AEAD key setting via netlink > > include/uapi/linux/tipc.h | 21 + > include/uapi/linux/tipc_netlink.h | 4 + > net/tipc/Makefile | 2 +- > net/tipc/bcast.c | 2 +- > net/tipc/bearer.c | 52 +- > net/tipc/bearer.h | 6 +- > net/tipc/core.c | 10 + > net/tipc/core.h | 4 + > net/tipc/crypto.c | 1986 > +++++++++++++++++++++++++++++++++++++ > net/tipc/crypto.h | 166 ++++ > net/tipc/link.c | 16 +- > net/tipc/link.h | 1 + > net/tipc/msg.c | 24 +- > net/tipc/msg.h | 44 +- > net/tipc/netlink.c | 16 +- > net/tipc/node.c | 314 +++++- > net/tipc/node.h | 10 + > net/tipc/sysctl.c | 9 + > net/tipc/udp_media.c | 1 + > 19 files changed, 2604 insertions(+), 84 deletions(-) > create mode 100644 net/tipc/crypto.c > create mode 100644 net/tipc/crypto.h > > -- > 2.13.7 > _______________________________________________ tipc-discussion mailing list tipc-discussion@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tipc-discussion
