Hi Miloslav,
first, thanks a lot for working on the userspace API, we have long missed this
API and I've asked some times in the past about the status and proposals have
been stalled some times, so it is really fun to see that something is happening!
We recognize that since Redhat is providing ha
- "Neil Horman" wrote:
> Ok, well, I suppose we're just not going to agree on this. I don't know how
> else to argue my case, you seem to be bent on re-inventing the wheel instead
> of
> using what we have. Good luck.
Well, I basically spent yesterday learning about netlink and looking how
On Tuesday, August 10, 2010 03:17:57 pm Neil Horman wrote:
> > There really is no comparison between what can be recorded synchronously
> > vs async.
>
> Ok, so the $64 dollar question then: Do FIPS or Common Criteria require
> that you log more than whats in the netlink packet?
The TSF shall be
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 03:10:12PM -0400, Steve Grubb wrote:
> > > Can you ennumerate here what FIPS and Common Criteria mandate be presented
> > > in the audit logs?
> >
> > Who did what to whom at what time and what was the outcome. In the case of
> > configuration
On Tue, Aug 10, 2010 at 02:58:01PM -0400, Miloslav Trmac wrote:
> - "Neil Horman" wrote:
> > On Tue, Aug 10, 2010 at 11:36:16AM -0400, Miloslav Trmac wrote:
> > > I think it would be useful to separate thinking about the data
> > format and about the transmission mechanism. ioctl() can quite
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 02:19:59PM -0400, Miloslav Trmac wrote:
> > - "Neil Horman" wrote:
> > It _doesn't matter_ that I don't receive a response. I have caused
> an operation in the kernel and the requested audit record is
> incorrect. The audit subsystem need
On Tue, Aug 10, 2010 at 03:10:12PM -0400, Steve Grubb wrote:
> On Tuesday, August 10, 2010 02:45:44 pm Neil Horman wrote:
> > On Tue, Aug 10, 2010 at 02:14:24PM -0400, Steve Grubb wrote:
> > > On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
> > > > > > I'm not so sure I follow. how can
- "Miloslav Trmac" wrote:
> - "Neil Horman" wrote:
> > Likewise, matching requests and responses in a multi-threaded program is
> > also an
> > already solved issue in multiple ways. The use of multiple sockets, in a 1
> > per
> > thread fashion is the most obvious.
> That would give e
On Tue, Aug 10, 2010 at 02:19:59PM -0400, Miloslav Trmac wrote:
> - "Neil Horman" wrote:
> > On Tue, Aug 10, 2010 at 12:57:43PM -0400, Miloslav Trmac wrote:
> > >
> > > - "Neil Horman" wrote:
> > >
> > > > On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
> > > > > - "
On Tuesday, August 10, 2010 02:45:44 pm Neil Horman wrote:
> On Tue, Aug 10, 2010 at 02:14:24PM -0400, Steve Grubb wrote:
> > On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
> > > > > I'm not so sure I follow. how can you receive messages on a socket
> > > > > in response to requests th
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 11:36:16AM -0400, Miloslav Trmac wrote:
> > I think it would be useful to separate thinking about the data
> format and about the transmission mechanism. ioctl() can quite well
> be used to carry "netlink-like" packets - blobs of data with spec
On Tue, Aug 10, 2010 at 02:14:24PM -0400, Steve Grubb wrote:
> On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
> > > > I'm not so sure I follow. how can you receive messages on a socket in
> > > > response to requests that were sent from a different socket. In the
> > > > netlink multi
> 1. This CrytoDev (user space) interface needs to support multiple
> operations at once
I think this would be naturally solved by providing the async interface.
[Loc Ho]
Async only support a single operation at a time. HW are quite fast. The ability
to submit multiple payload for a single OS ca
- "Herbert Xu" wrote:
> On Tue, Aug 10, 2010 at 02:19:59PM -0400, Miloslav Trmac wrote:
> >
> > 2) simplicity and reliability: you are downplaying the overhead and
> synchronization necessary (potentially among multiple processes!) to
> simply receive a response, but it is still enormous compa
Hello,
- "Loc Ho" wrote:
> I had read or glance over the patch from "
> http://people.redhat.com/mitr/cryptodev-ncr/0002";. We have post a
> version of the CryptoDev over a year ago. Unfortunately, we did not
> got a chance to pick up again. In that process, Herbert Xu provides a
> number of c
On Tue, Aug 10, 2010 at 02:19:59PM -0400, Miloslav Trmac wrote:
>
> 2) simplicity and reliability: you are downplaying the overhead and
> synchronization necessary (potentially among multiple processes!) to simply
> receive a response, but it is still enormous compared to the single syscall
> ca
Hi Miloslav,
I had read or glance over the patch from "
http://people.redhat.com/mitr/cryptodev-ncr/0002";. We have post a version of
the CryptoDev over a year ago. Unfortunately, we did not got a chance to pick
up again. In that process, Herbert Xu provides a number of comments. You can
searc
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 12:57:43PM -0400, Miloslav Trmac wrote:
> >
> > - "Neil Horman" wrote:
> >
> > > On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
> > > > - "Neil Horman" wrote:
> > > > > On Tue, Aug 10, 2010 at 10:47:14AM -0400, Milos
On Tuesday, August 10, 2010 01:57:40 pm Neil Horman wrote:
> > > I'm not so sure I follow. how can you receive messages on a socket in
> > > response to requests that were sent from a different socket. In the
> > > netlink multicast and broadcast case, sure, but theres no need to use
> > > those.
On Tue, Aug 10, 2010 at 12:57:43PM -0400, Miloslav Trmac wrote:
>
> - "Neil Horman" wrote:
>
> > On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
> > > - "Neil Horman" wrote:
> > > > On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
> > > > > - "Neil Hor
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
> > - "Neil Horman" wrote:
> > > On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
> > > > - "Neil Horman" wrote:
> > > > > On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb w
On Tue, Aug 10, 2010 at 11:40:00AM -0400, Miloslav Trmac wrote:
> - "Neil Horman" wrote:
> > On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
> > > - "Neil Horman" wrote:
> > > > On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
> > > > > The problem with the net
On Tue, Aug 10, 2010 at 11:36:16AM -0400, Miloslav Trmac wrote:
>
> - "Neil Horman" wrote:
> > On Mon, Aug 09, 2010 at 08:00:55PM -0400, Miloslav Trmac wrote:
> > > Is the proposed interface acceptable in the general approach (enums
> > for algorithms/operations, unions for parameters, sessio
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
> > - "Neil Horman" wrote:
> > > On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
> > > > The problem with the netlink approach is that auditing is not as good
> > > > because
> > > > ne
- "Neil Horman" wrote:
> On Mon, Aug 09, 2010 at 08:00:55PM -0400, Miloslav Trmac wrote:
> > Is the proposed interface acceptable in the general approach (enums
> for algorithms/operations, unions for parameters, session
> init/update/finalize)? With respect to flexibility, do you have
> spe
On Tue, Aug 10, 2010 at 10:47:14AM -0400, Miloslav Trmac wrote:
>
> - "Neil Horman" wrote:
> > On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
> > > > Thats why I had suggested the use of a netlink protocol to manage this
> > > > kind
> > > > of interface. There are other issue
- "Neil Horman" wrote:
> On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
> > > Thats why I had suggested the use of a netlink protocol to manage this
> > > kind
> > > of interface. There are other issue to manage there, but they're really
> > > not that big a deal, comparativel
On Tue, Aug 10, 2010 at 09:24:31AM -0400, Steve Grubb wrote:
> On Tuesday, August 10, 2010 08:46:28 am Neil Horman wrote:
> > Specifically, my concerns are twofold:
> >
> > 1) struct format. By passing down a structure as your doing through an
> > ioctl call, theres no way to extend/modify that
On Tuesday, August 10, 2010 08:46:28 am Neil Horman wrote:
> Specifically, my concerns are twofold:
>
> 1) struct format. By passing down a structure as your doing through an
> ioctl call, theres no way to extend/modify that structure easily for
> future use. For instance the integration of aea
On Mon, Aug 09, 2010 at 08:00:55PM -0400, Miloslav Trmac wrote:
> - "Herbert Xu" wrote:
>
> > On Thu, Aug 05, 2010 at 10:17:53PM +0200, Miloslav Trmač wrote:
> > > Hello,
> > > following is a patchset providing an user-space interface to the kernel
> > > crypto
> > > API. It is based on the
30 matches
Mail list logo
