From owner-svn-src-projects@freebsd.org  Tue May 12 02:31:41 2020
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DA2AB2E0053
 for <svn-src-projects@mailman.nyi.freebsd.org>;
 Tue, 12 May 2020 02:31:41 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com
 (mail-eopbgr670053.outbound.protection.outlook.com [40.107.67.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49LhdT4WKXz4ZSY;
 Tue, 12 May 2020 02:31:41 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Bvecpvbnl4oxB556f15alwkYDezKUnpnpFkD7KosCKVF+TOKEmfw+Co1a9oIZpkR2btcP5UQ8N4lrR9sYMLmSuQtdElRsHpYp/bWMDpEd0rV/udmXzypayyh7UIGyA1f2N1Tt51jaOrUGrMJ/wdZiq0CkSwrogkGs1ZictBJNABEfDfmFgTcqgDjHH7utawcET4f39/N4/2b0HGVgeggQtvJ2OiIwt8+BjGavd85k4GAYdBmvuC4WPY9ElanGdO3GUSXFZ0Amyiyrsfkq1IemV4kFyfLAgrTfYEYLPafbVnRDKo8Gb6ShGyAB33XdCSLLC16YXlItXCVdZs4fSpKTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J4o5drjSMmYGnapNYPV9BN+a37GtLeIRz//QU0h8MyU=;
 b=fMiOiJdrvT70Zw/w3Lt3r95x3qCb6pFYTihbm5VXoc/zo8EIpXpit50cJPJqYQBVeyDXK2gG/+b6a0jebTmav96DqBFy3Z26O4BaPGD5FskkRWmXIunXYOWbT95keewT3721nIe9Rnf2v0UDTMQUm2tSy9rhL9+quNfEj92iZic8QYa1QMOGbOQijdHYVEakOoTA1mNuSbSXdav/xzFtj4UG4LbV+8I122Yuc3jawErdW8l6ad/4pA4oJiBGIQA0y/HEle8eRUDi8eARmGE4j5N1uFrptHkRickCQh4mPA3uZcbe2Sy4unMHt2DtGhZZK2cNCin5oA8f6HSsGaWDQQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca;
 dkim=pass header.d=uoguelph.ca; arc=none
Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM (52.132.86.26) by
 QB1PR01MB3505.CANPRD01.PROD.OUTLOOK.COM (52.132.85.213) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2979.35; Tue, 12 May 2020 02:31:39 +0000
Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::dd96:945c:b6ee:ffa2]) by QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::dd96:945c:b6ee:ffa2%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020
 02:31:39 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: John Baldwin <jhb@FreeBSD.org>, Rick Macklem <rmacklem@FreeBSD.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-projects@freebsd.org" <svn-src-projects@freebsd.org>
Subject: Re: svn commit: r360859 - projects/nfs-over-tls/sys/rpc
Thread-Topic: svn commit: r360859 - projects/nfs-over-tls/sys/rpc
Thread-Index: AQHWJ9HZ1BQ89BXo/ki0EXCO1Y+2cKijtTOs
Date: Tue, 12 May 2020 02:31:39 +0000
Message-ID: <QB1PR01MB3649E7E08BDFE39C4B8B70A4DDBE0@QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM>
References: <202005100017.04A0Hd7I058863@repo.freebsd.org>,
 <6739df0b-e621-2ca5-8f92-821822733772@FreeBSD.org>
In-Reply-To: <6739df0b-e621-2ca5-8f92-821822733772@FreeBSD.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6d2d51e2-de03-41d9-156a-08d7f61c99a0
x-ms-traffictypediagnostic: QB1PR01MB3505:
x-microsoft-antispam-prvs: <QB1PR01MB3505DB712F22FCA684AA5A05DDBE0@QB1PR01MB3505.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0401647B7F
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6Tt2lPRFuNpHv8sTzYdD1ApAOVKLxWoHonSYJd60zSK34khLysuVibpcvDEBPkrxE6pkVT4DSYlkoWIwgNXaMqPgx450LnGlusAPboguOBjulCAWOWnLYdI/gVZIvBjornL9o0Y2gTMww5yBPuIRaZmzugJQIZIcUcyma50XJ4v58gwMO8EK+jDEuxbBeoLo2+yln3gifIQtMvBWqOWRcalq6TI1nve04Bf/nSzNX58ebGKhbg+iSAQIRl80qf0lx6AD+p/QjrNnuLnlZS/J1Rnj3HaT1faj7We7ivl3dA/7h9jukWwtUjI2cxia2nw7Wcf3uLQL+iJ5mzLMr3cLML57EuV7qKfA7DrqjzTK6SQzoJKa+gV+XUMR12mJ6yCodMSp8WfvaTovQPVkjAm5eb2N6BKRHY0JQdijxwwo9pHfUuq/eusKE+5iL1ceN2HLliastiHffzKQ47vqNAwl96XhVgWtq5XcEtWJsfodcZ91RrNRBIaVjtXOKOqfTA6mt3NJlRcE4NhnQeeYWxYesO1OIQkVWCGMEY49XGBTkb1E60PVUnuWdR7QSut3Daccz/xINwajJaKdUD7Phf9TbECucxvHv+tpg65DBwcEqGc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFTY:;
 SFS:(366004)(346002)(396003)(39860400002)(376002)(136003)(33430700001)(8936002)(478600001)(5660300002)(186003)(33440700001)(110136005)(64756008)(66556008)(86362001)(52536014)(9686003)(66946007)(66446008)(6506007)(8676002)(76116006)(66476007)(55016002)(316002)(786003)(450100002)(33656002)(966005)(7696005)(71200400001)(2906002);
 DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata: PPSp/n8AVnuvrRiO+8MerV8FYFkX2Lt8w59EMB1gQZCTfIjGnh87YNCbDs71BVCB52GfvZM+sdgRIDWWr/1sR99dTqqc6R70YvG6MfMQF3s2FZRitml8BZGjI0ks6oC9sxYNDTc2Oh0tyHA/KEcJnukyOWNuNIoOl3H3NCuN72XzE01A2ulMqNMYeKziE79+o1YM0d02kat9uCBheFXDhwNqctMytLCSY0Sn3ouj8FghP8CwajUJJ3PbHDXvHzTV8otdQro+HsMPpVsOhAv7cb8t0A1hN2qnuuFDOIoiJFTSmEhkgXH91A6AIEy0sJyhU1IwxlrAbCp7VLuzseW6A9HKjhukl/IAjF5alEaqWGCPCa+dnM/oMTXZdljNLRRACIeKUJr0UrzLopgG8aTJViVWmsgqGG/6u0l9pXPoCPAy6vqI+gMN6edig04d8CGxHdFzL4f/KY6erexyjGaD25W2yo5q0lqTD7jpRJjPeNnfHnE58xCx3CeuMSyUkHULRDVxcwTn1KfN+U4aLMFAmsw8cyePdY+Eky8bGSGyZN3V9cxKzU1jrZ1gAjUE5i3n
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d2d51e2-de03-41d9-156a-08d7f61c99a0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2020 02:31:39.1827 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ypgr/X9i1t0OxoqXs3BMzuoHzcSzRhDvgGpe/0qW7XMcAwy0k1kcWiDgMXLsnkcQOF6J2b1CfREj5XKA4huLkQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB3505
X-Rspamd-Queue-Id: 49LhdT4WKXz4ZSY
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-6.00 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; REPLY(-4.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 02:31:41 -0000

John Baldwin wrote:=0A=
>On 5/9/20 5:17 PM, Rick Macklem wrote:=0A=
>> Author: rmacklem=0A=
>> Date: Sun May 10 00:17:39 2020=0A=
>> New Revision: 360859=0A=
>> URL: https://svnweb.freebsd.org/changeset/base/360859=0A=
>>=0A=
>> Log:=0A=
>>   Add some very basic handling of TLS_GET_RECORD control mbufs.=0A=
>>=0A=
>>   For now, it just throws away any that are non-application data.=0A=
>>   In the future, this will need to change, but not until TLS1.3, I think=
?=0A=
>=0A=
>Ideally you'd keep an nfsd thread in userland that you could pass=0A=
>these records onto.  One possible option is the thread just keeps=0A=
>calling SSL_read() but you do create a new flag on the socket buffer=0A=
>that causes soreceive() to only pass non-application data datagrams=0A=
>to userland reads() and have the in-kernel read requests block if they=0A=
>see a non-application data record as the next record until the user=0A=
>thread wakes up and reads it (or EAGAIN or whatever you need it to=0A=
>do).=0A=
Well, I currently have daemons (rpctlssd and rpctlscd) that just wait for=
=0A=
upcalls from the kernel and do the SSL stuff (mainly the handshake right no=
w).=0A=
(You can guess from the names which one is RPC client vs server.;-)=0A=
I can easily do an upcall for a non-application data record if/when I need =
to do so.=0A=
(The upcalls are done via Sun RPC using an AF_LOCAL socket, similar to what=
=0A=
 the gssd does.)=0A=
=0A=
For me, the mystery is what to do with it once the daemon gets it.=0A=
>From what you said, I'll need to "trick" SSL_read into reading it.=0A=
Maybe I can push it back on the socket buffer receive queue in the kernel=
=0A=
and then the daemon can do a SSL_read() to read it off the socket and handl=
e=0A=
it?=0A=
(I wouldn't want to MSG_PEEK for every record, since these will be rare.)=
=0A=
I also do already have code that blocks kernel reception when the upcall=0A=
to do the handshake is done, so the same could be used in this case.=0A=
=0A=
There is the slight trick that the client krpc code is in a socket upcall t=
hat can't sleep,=0A=
so I'll have to hand it off to some other thread that can sleep when I need=
 to do it.=0A=
=0A=
Thanks for the hints, rick=0A=
=0A=
--=0A=
John Baldwin=0A=