Re: [PATCH RFC net-next] net: WireGuard secure network tunnel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Jason A. Donenfeld" <Jason@xxxxxxxxx> writes:

> RFC Note:
>   This is a RFC for folks who want to play with this early, because
>   Herbert's cryptodev-2.6 tree hasn't yet made it into net-next. I'll
>   repost this as a v1 (possibly with feedback incorporated) once the
>   various trees are in the right place. This compiles on top of the
>   Frankenzinc patchset from Ard, though it hasn't yet received suitable
>   testing there for me to call it v1 just yet. Preliminary testing with
>   the usual netns.sh test suite on x86 indicates it's at least mostly
>   functional, but I'll be giving things further scrutiny in the days to
>   come.

Hi Jason

Great to see this! Just a few small comments for now:

> +/*
> + * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@xxxxxxxxx>. All Rights Reserved.
> + */

Could you please get rid of the "All Rights Reserved" (here, and
everywhere else)? All rights are *not* reserved: this is licensed under
the GPL. Besides, that phrase is in general dubious at best:
https://en.wikipedia.org/wiki/All_rights_reserved

> +	MAX_QUEUED_INCOMING_HANDSHAKES = 4096, /* TODO: replace this with DQL */
> +	MAX_STAGED_PACKETS = 128,
> +	MAX_QUEUED_PACKETS = 1024 /* TODO: replace this with DQL */

Yes, please (on the TODO) :)

FWIW, since you're using pointer rings I think the way to do this is
probably to just keep the limits in place as a maximum size, and then
use DQL (or CoDel) to throttle enqueue to those pointer rings instead of
just letting them fill.

Happy to work with you on this (as I believe I've already promised), but
we might as well do that after the initial version is merged...

-Toke





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux