Re: 2.4 and Strong Cryptography...

From: Richard Guy Briggs (rgb@conscoop.ottawa.on.ca)
Date: Fri Jan 14 2000 - 14:13:45 EST


On Fri, Jan 14, 2000 at 06:50:25PM +0100, Marc Mutz wrote:
> Richard Guy Briggs wrote:
> <snip>
> > > All those "crypto goodies" like CIPE, ppdd and IPSec (FreeS/WAN) are
> > > a mixture of a (usually small) kernel module and a userspace daemon
> > > (or setup tools). So you need to download the package anyway,
> > > because userspace and kernel are so closely coupled. Look at ISDN,
> > > look at pcmcia support and how long it took to include it into the
> > > mainstream kernel. Still the most part of the users download the
> > > external packages.
> >
> > So what you are saying is that IPv4 should not be included because
> > there are userspace tools that need to be downloaded to be able to use
> > those features such as ifconfig(8), route(8), arp(8), ip(8),
> > ipfwadm(8), ipportfw(8), ipautofw(8), ipchains(8), etc... Taking it
> > to the sublime -- lets not include the kernel because you would need
> > to download bash(1)! There may be other issues, but I don't think
> > this one is particularly compelling.
> >
> <snip>
>
> Needing userspace is not the point. Userspace being so closely coupled
> that I frequently need to re-compile the userspace part when I upgrade
> the kernel part within a series (say 2.2) is the problem. It was the
> reason, why raid-0.90 didn't make it into 2.2.12. It is possibly (one of
> the) reason why pcmcia took so long as 2.4 to be included in the kernel
> proper and why up to 2.2.1[23] all the users of ISDN ignored the isdn
> drivers in the kernel and went for the cvs version.

Now I understand your objection! Yes, I would agree that it does need
settling a bit. In particular, we are getting ready to ditch the
netlink I/F in favour of PF_KEYv2 sockets instead, which are portable,
whereas netlink sockets only exist on Linux, IIRC. We are at the
point where all keying information is using the new I/F, but policy
information is still using netlink. I hope to have this complete in
the next two weeks. After that, only the debug switches need to be
converted and I am still uncertain whether to use sysctl or
non-standard PF_KEYv2 extensions. The fact that sysctl is being
streamlined like /proc has recently been makes it more attractive, but
then, they are not portable, but neither are non-standard PF_KEYv2
extensions either...

> Have you recompiled util-linux since 2.2.1? IMO the kernel<->userspce
> interface needs settling before anything can make it into a stable
> kernel. But that's only my opinion, YMMV.

No, I haven't, because it is stable, but that is *supposed* to be the
nature of 2.[0246].xx kernels. The 2.[1357] kernels are supposed to
be development kernels, so that type of thing would be appropriate
there.

> Marc

        slainte mhath, RGB

-- 
Richard Guy Briggs -- PGP key available            Auto-Free Ottawa! Canada
<www.conscoop.ottawa.on.ca/rgb/>                       <www.flora.org/afo/>
Prevent Internet Wiretapping!        --        FreeS/WAN:<www.freeswan.org>
Thanks for voting Green! -- <green.ca>      Marillion:<www.marillion.co.uk>


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:25 EST