AAScratch: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 30: | Line 30: | ||
* NAT support ??? | * NAT support ??? | ||
* What if the interface is a bridge? can libreswan/strongswan configure SA correctly? [https://wiki.strongswan.org/issues/3454 bridge] | * What if the interface is a bridge? can libreswan/strongswan configure SA correctly? [https://wiki.strongswan.org/issues/3454 bridge] | ||
* what if the packets arrive on different interface would that get decrypted correctly? | * what if the packets arrive on different interface would that get decrypted correctly? | ||
* XFRM and XDP | * XFRM and XDP | ||
* idea presentation [http://vger.kernel.org/netconf2019_files/xfrm_xdp.pdf Steffen Klassert] Linux Netconf, Boston, June, 2019 | * idea presentation [http://vger.kernel.org/netconf2019_files/xfrm_xdp.pdf Steffen Klassert] Linux Netconf, Boston, June, 2019 | ||
== VPP + DPDK IPsec (Userspace stack) == | == VPP + DPDK IPsec (Userspace stack) == | ||
* https://wiki.fd.io/view/VPP/IPSec_and_IKEv2 | * https://wiki.fd.io/view/VPP/IPSec_and_IKEv2 | ||
* [https://archive.fosdem.org/2019/schedule/event/userspace_network_stacks User-space Network Stacks (DPDK and friends)] 2019 | * [https://archive.fosdem.org/2019/schedule/event/userspace_network_stacks User-space Network Stacks (DPDK and friends)] 2019 | ||
== iptable rule to drop IKEv2 message id X == | == iptable rule to drop IKEv2 message id X == | ||
https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type | https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type | ||
Revision as of 13:53, 7 June 2020
Antony's unsorted pages I want access quickly, related to libreswan, when think I know this page exist where is it. Someone moved it renamed ..
- XFRM pCPU
- XFRMi Development Notes 2018-2019
- Namespace Magic, 2019
- IKEv2 State names proposal 2016 - 2019
- Cloud Opportunistic Encryption(OE)
- Linux Kernel Support related to libreswan
virtiofs replace 9pfs: libvirt 6.2, qemu 5.0, kernel 5.4
- libvirt 6.2 Fedora 33? Did not make to Fedora 32. F33?
- RH BZ libvirtd merge tracking the request
- QEMU 5.0 added support for virtiofsd. F33??
- virtio-fs Mainline kernel 5.4
- virtiofs RFC patches
KVM/QEMU + vsock to replace 9pfs
KVM support for vsock and nfs support could have a better performance than 9pfs. This work could be interesting to libreswan KVM testing. It started in 2015. Slowly picking up, as 2018 it seems AWS and firecracker is pushing it. We are almost there.
- 2015 LWN virtio
Linux Kernel space developments
- XFRM Offload : starting 4.14
* NAT support ??? * What if the interface is a bridge? can libreswan/strongswan configure SA correctly? bridge * what if the packets arrive on different interface would that get decrypted correctly?
- XFRM and XDP
* idea presentation Steffen Klassert Linux Netconf, Boston, June, 2019
VPP + DPDK IPsec (Userspace stack)
iptable rule to drop IKEv2 message id X
https://unix.stackexchange.com/questions/321252/drop-a-packet-depending-on-its-options-or-type