Page MenuHomeFreeBSD

add a MSG_TLSAPPDATA flag that tells sorecieve() to return ENXIO for TLS non-application data records
ClosedPublic

Authored by rmacklem on Aug 2 2020, 10:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Mar 22, 8:30 PM
Unknown Object (File)
Jan 31 2024, 6:34 PM
Unknown Object (File)
Dec 23 2023, 3:39 AM
Unknown Object (File)
Nov 21 2023, 11:04 AM
Unknown Object (File)
Nov 21 2023, 11:04 AM
Unknown Object (File)
Nov 21 2023, 11:03 AM
Unknown Object (File)
Nov 21 2023, 11:02 AM
Unknown Object (File)
Oct 17 2023, 11:02 PM
Subscribers

Details

Summary

The kernel RPC cannot process non-application data records when
using TLS. It must to an upcall to a userspace daemon that will
call SSL_read() to process them.

This patch adds a new flag called MSG_TLSAPPDATA that the kernel
RPC can use to tell sorecieve() to return ENXIO instead of a non-application
data record, when that is what is at the top of the receive queue.

The code could use any error return that is not normally returned by
soreceive(). If some other errno is preferred, that can easily be changed.

I also put the code in #ifdef KERN_TLS/#endif, although it will build without
that, so that it is recognized as only useful when KERN_TLS is enabled.

The alternative to doing this is to have the kernel RPC re-queue the
non-application data message after receiving it, but that seems more
complicated and might introduce message ordering issues when there
are multiple non-application data records one after another.

I do not know what, if any, changes will be required to support TLS1.3.

Test Plan

Has been tested using the nfs-over-tls implementation in
head/projects/nfs-over-tls. (Really RPC-over-TLS, but since
NFS is the only anticipated consumer, I called it nfs-over-tls.)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable