AAScratch: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 36: | Line 36: | ||
* XFRM pCPU prototype [https://libreswan.org/wiki/XFRM_pCPU experimental] | * XFRM pCPU prototype [https://libreswan.org/wiki/XFRM_pCPU experimental] | ||
== Userspace Stacks VPP + DPDK IPsec (Userspace stack) == | == Userspace IPsec Stacks == | ||
Over last few years specialized user space IPSec(ESP) stacks and IKE implementations are becoming popular. | |||
=== VPP + DPDK IPsec (Userspace stack) === | |||
* https://wiki.fd.io/view/VPP/IPSec_and_IKEv2 | * https://wiki.fd.io/view/VPP/IPSec_and_IKEv2 | ||
* [https://archive.fosdem.org/2019/schedule/event/userspace_network_stacks User-space Network Stacks (DPDK and friends)] 2019 | * [https://archive.fosdem.org/2019/schedule/event/userspace_network_stacks User-space Network Stacks (DPDK and friends)] 2019 | ||
=== Snabb == | |||
[https://fosdem.org/2020/schedule/event/vita_high_speed_traffic_encryption_on_x86_64/ Snabb FOSDEM 2020] | |||
== iptable rule to drop IKEv2 message id X == | == iptable rule to drop IKEv2 message id X == | ||
https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type | https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type |
Revision as of 14:11, 7 June 2020
Antony's unsorted pages I want access quickly, related to libreswan, when think I know this page exist where is it. Someone moved it renamed ..
- XFRM pCPU
- XFRMi Development Notes 2018-2019
- Namespace Magic, 2019
- IKEv2 State names proposal 2016 - 2019
- Cloud Opportunistic Encryption(OE)
- Linux Kernel Support related to libreswan
virtiofs replace 9pfs: libvirt 6.2, qemu 5.0, kernel 5.4
- libvirt 6.2 Fedora 33? Did not make to Fedora 32. F33?
- RH BZ libvirtd merge tracking the request
- QEMU 5.0 added support for virtiofsd. F33??
- virtio-fs Mainline kernel 5.4
- virtiofs RFC patches
KVM/QEMU + vsock to replace 9pfs
KVM support for vsock and nfs support could have a better performance than 9pfs. This work could be interesting to libreswan KVM testing. It started in 2015. Slowly picking up, as 2018 it seems AWS and firecracker is pushing it. We are almost there.
- 2015 LWN virtio
IPsec and Linux Kernel developments
- XFRM Offload : starting 4.14
* NAT support ??? * What if the interface is a bridge? can libreswan/strongswan configure SA correctly? bridge * what if the packets arrive on different interface would that get decrypted correctly?
- XFRM and XDP
* idea presentation Steffen Klassert Linux Netconf, Boston, June, 2019
- XFRM pCPU prototype experimental
Userspace IPsec Stacks
Over last few years specialized user space IPSec(ESP) stacks and IKE implementations are becoming popular.
VPP + DPDK IPsec (Userspace stack)
= Snabb
iptable rule to drop IKEv2 message id X
https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type