Friendly ping for review. If there are no concerns, I think this would
be useful especially in the logging/bugreport use cases.
On Mon, Jan 7, 2019 at 3:10 PM Benedict Wong wrote:
>
> (Accidentally sent previously as direct reply. Re-sending as reply-all)
>
> > ... would not it be better to not r
(Accidentally sent previously as direct reply. Re-sending as reply-all)
> ... would not it be better to not request the
> kernel not to dump the keys to begin with ...
I think it's still valid to have it in iproute2, since it does allow for
backward compatibility against older kernels. Adding it
On 1/7/19 1:31 PM, Benedict Wong wrote:
> ip xfrm state show currently dumps keys unconditionally. This limits its
> use in logging, as security information can be leaked.
>
> This patch adds a nokeys option to ip xfrm ( state show | monitor ), which
> prevents the printing of keys. This allows ip
ip xfrm state show currently dumps keys unconditionally. This limits its
use in logging, as security information can be leaked.
This patch adds a nokeys option to ip xfrm ( state show | monitor ), which
prevents the printing of keys. This allows ip xfrm state show to be used
in logging without exp
