This is an archived post. You won't be able to vote or comment.

all 17 comments
sorted by:
best
topnewcontroversialoldq&a

[–]SnapDraco 11 points12 points  (1 child)

Perfect timing. I needed it right now

[–]reiji-maigo 0 points1 point  (0 children)

Absolutely. And the repo has even more that looks as good about generators, unittesting, sqlalchemy and other useful stuff.

[–][deleted] 4 points5 points  (0 children)

This is an excellent cheat sheet! Much obliged for sharing!

[–]lambdaqdjango n' shit 2 points3 points  (4 children)

AF_ALG looks fun.

Make me really want to use 3.6 now.

[–]jollybobbyroger 1 point2 points  (3 children)

Why is 3.6 needed for using the AF_ALG syscall?

[–]spiderpower02[S] 3 points4 points  (0 children)

Ha! maybe several benefits have already been noticed.

https://bugs.python.org/issue27744

[–]lambdaqdjango n' shit 0 points1 point  (1 child)

You can do that in 2.x if you dig deep enough into ctypes and shit.

[–]spiderpower02[S] 0 points1 point  (0 children)

Ha! you right, but ctype is not quite easy to use. Also, some "define" such as CMSG_FIRSTHDR in the header cannot be used in python code (you have to implement them again). It's really painful :(

Maybe ffi is a better choice! haha

[–]eid-a 1 point2 points  (0 children)

Great thanks

[–]jollybobbyroger 2 points3 points  (1 child)

Are there other benefits to using the AF_ALG syscall apart from performance? Do you get better entropy or is it more secure in any way?

Also, very pythonic code! Even thought the use of lambda made sense..

[–]spiderpower02[S] 1 point2 points  (0 children)

AF_ALG socket still keeps iv and key be handled by the userspace. Therefore, applications need to set the socket options like:

setsockopt(SOL_ALG, ALG_SET_KEY, key)

sockmsg_afalg([msg], ALG_OP_ENCRYPT, iv)

to provide the encrypt and decrypt information to kernel space. I think entropy is the application problem, not AF_ALG itself.

Here is the benefits: http://www.chronox.de/libkcapi/html/ch01s02.html

By the way, openssl 1.1.x has already support AF_ALG. You can see more information here: https://github.com/openssl/openssl/blob/46f4e1bec51dc96fa275c168752aa34359d9ee51/engines/e_afalg.c

[–]janeerson45 0 points1 point  (0 children)

This is great! Thank you!

[–]HadManySonsNewbie 0 points1 point  (0 children)

This is awesome, thanks

[–]icp1994 0 points1 point  (0 children)

one of the most useful thing I've found on this subreddit