From owner-svn-src-projects@freebsd.org Tue May 12 02:52:05 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 567EA2E066C for ; Tue, 12 May 2020 02:52:05 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660044.outbound.protection.outlook.com [40.107.66.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Lj5004m6z4bK8; Tue, 12 May 2020 02:52:03 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ms4U9yQBqPZ0CFEk/QJB7IkjVQT7GL+vMEVBSExfNj1ihAq4ktF3YSYnoIg732ycUy+bMJ2nQ0T7W6GKpKA+WsFOag3aJ0EZB6p1qYv4hAjPlXVPcPoWxlWQ5K60dggS41Dn2JPBlob3JIRKxXcAdOXHFgo4L5SLiSQW0Rsv2zGIpWaaHDnX03f+U1EHDPOCHdsr9Yva4pqlibbALL44LA2VGbPsvZvJPqewJlj6cTqFf2Xecfmajn87TKtZTl6c0uFiT38VS3m3DD8w5iMRHcCb092pyE5PzGHZ6RVZ5zFgdY/aztsaAOERCZoOfmCdezZZLhcugNCcPJBlXDAM2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=STZXZS+l9i9Kmn2PlDSUVYmwkMrzrlzmFDmum9kTFAk=; b=ZaiIzy/ctqwS9aLy4mkIRvq+9wk2ghJstfFELWO1nh2/nVXYoLphSqKjOD4JKz9H+5bEudpQ9So4u6qH9YNF6fe6nZH8PX8zdUGLUbeaxYbkqnyKrHq8mnSCEraQCNGLcEGgYkERP3T0KaEe+uEnjlFLO6sBSPWszfFBdgy56j5PvpdYbnpY8+hydYykpP2B2CtJG2qVkMeYgWzNMZeZVZI9XRXHxuSXnSojsrSAnKfaLXGlIOlc++bcFStCW2VX0B43JKe65B1hqaOcaphqJ7mthwfa9kU3w0MXFWr8YoCeXTsBhdk05f9wnBVJT/rGRLkfd6gGHybwOTed5luQYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM (52.132.86.26) by QB1PR01MB4003.CANPRD01.PROD.OUTLOOK.COM (52.132.89.80) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28; Tue, 12 May 2020 02:52:01 +0000 Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2]) by QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020 02:52:01 +0000 From: Rick Macklem To: John Baldwin , Rick Macklem , "src-committers@freebsd.org" , "svn-src-projects@freebsd.org" Subject: Re: svn commit: r360859 - projects/nfs-over-tls/sys/rpc Thread-Topic: svn commit: r360859 - projects/nfs-over-tls/sys/rpc Thread-Index: AQHWJ9HZ1BQ89BXo/ki0EXCO1Y+2cKijtTOsgAAIx/8= Date: Tue, 12 May 2020 02:52:01 +0000 Message-ID: References: <202005100017.04A0Hd7I058863@repo.freebsd.org>, <6739df0b-e621-2ca5-8f92-821822733772@FreeBSD.org>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f83a53f9-378d-4e62-2920-08d7f61f7263 x-ms-traffictypediagnostic: QB1PR01MB4003: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0401647B7F x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: N9rPKbEx5+sdkggQmEfO0tdjjqTOYzIDraCJszbmC9eTZKOTYukX6Kjj6ViWdWlOPBiiOdUAHp8AIsRUpddHgEwq08ofXYZWAi5oNYyhGoxyn8yLvpTsy47NG128+pIY4029ibThYjNlx3/FG2hLXjgyegfnxxugrq1N5s6qC3a0pIxlhjvAeHECyCsmwsPSWB8qwHEGrpV36DzcNIvi8nbR0h+a8qS1HSQMD4TDE5XpX0C+zO1QCuF0Iq2xCpQdMPC/jjEmkIWbBxyN1Dv9yvlm2VqBw29uuc12F0owbQfqAcmCh0ATxBNzZxQ9NN7lMTPOCGhxLzPO4/zKaQWGl6+xXNEcPdcGYn8FibxytUkyttVb+WttI7lIO7GmO13bs2LekBuzcBgMXAa5z+L5mRPqopLnNkVc9FNKt/+m5AOkozThXbSq7bfy5Ig+mXn2cVNinmfWkog0D38T5P72XDpq7SjGBAKVeUgk6INadI1RVvCE8ntKSDEOcw8sr/tqKvdycOIjbPZZmd78C3mkB98oaMZaLt1ajvFJX9Y1Gkxa3C+g29Pcn/NeYt3oyU5vSMIYGmRoHkcoe7wMkJ4yq0Lw6pNKeDfd4JNNFY8OpTY= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(366004)(39860400002)(376002)(346002)(136003)(396003)(33430700001)(52536014)(66556008)(450100002)(2940100002)(86362001)(66446008)(786003)(110136005)(316002)(66476007)(64756008)(7696005)(33440700001)(66946007)(55016002)(966005)(76116006)(2906002)(8936002)(8676002)(6506007)(478600001)(5660300002)(71200400001)(186003)(33656002)(9686003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: J4zovoQR8TqDcwXCUT93ku2Vrb5h1GV7xQF3BsZV4UuQwNKVv6JQX7nt1pDjHSlkd5X7YCuq2IBGshaTi3d1UEZ8C23ifg89/eslZcCSP65KTgt8TrkfcKR5yeXZ/SdbNAqZnkxG+4FF9AATU7L/HoUxvntC00i5/MXlPWRN051cgTVCOFvTaxdL7BWwb+yiJBFlGw3w4CvBXzpu1AzrGLqSzcjdOCnnCCzF8CmExbQeksFbtmwYdysgyawrvQEGpk53XxcEFTt4qPSyW39LVlEg/+L/N0CLqTinHkH1jrlI4P8lGH+j3JOxCzDz6vIfL/vLPOk9KHrQduFV67rUncF83J3FYMCCjcBpeSTJ5Xr6ba+kBfovyiK7JAW8P8Dk7dfrEZFdO8z7mdfMSG+gLOodSz+CpRRK5NR/1wkx2kwouUq9F679iL3je8t2KRtOuuzr5cb7BXBG+d9/OeaBHR0+re/ai2ljKVGNAfGxUCybmAh51rNpu3zC5ijYK7A0mgqQCmb3vP2npuHhGKvDygEaMrZuA++D+qGu8/toN2F2uvtabg3rdiVcA43dgF03 x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-Network-Message-Id: f83a53f9-378d-4e62-2920-08d7f61f7263 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2020 02:52:01.9195 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nGnAuiNR1zkCye70Kns9BSd1+HbQtLTOze/78x9WFq+nUgW7zDRd0rdC69OqrcCtfNhyM6ODQEuS+j4dPYgLCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB4003 X-Rspamd-Queue-Id: 49Lj5004m6z4bK8 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.66.44 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-4.70 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[uoguelph.ca]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[44.66.107.40.list.dnswl.org : 127.0.3.0]; IP_SCORE(-1.40)[ipnet: 40.64.0.0/10(-3.73), asn: 8075(-3.24), country: US(-0.05)]; RWL_MAILSPIKE_POSSIBLE(0.00)[44.66.107.40.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; ARC_ALLOW(-1.00)[i=1]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 02:52:05 -0000 Rick Macklem wrote:=0A= >John Baldwin wrote:=0A= >>On 5/9/20 5:17 PM, Rick Macklem wrote:=0A= >>> Author: rmacklem=0A= >>> Date: Sun May 10 00:17:39 2020=0A= >>> New Revision: 360859=0A= >>> URL: https://svnweb.freebsd.org/changeset/base/360859=0A= >>>=0A= >>> Log:=0A= >>> Add some very basic handling of TLS_GET_RECORD control mbufs.=0A= >>>=0A= >>> For now, it just throws away any that are non-application data.=0A= >>> In the future, this will need to change, but not until TLS1.3, I thin= k?=0A= >>=0A= >>Ideally you'd keep an nfsd thread in userland that you could pass=0A= >>these records onto. One possible option is the thread just keeps=0A= >>calling SSL_read() but you do create a new flag on the socket buffer=0A= >>that causes soreceive() to only pass non-application data datagrams=0A= >>to userland reads() and have the in-kernel read requests block if they=0A= >>see a non-application data record as the next record until the user=0A= >>thread wakes up and reads it (or EAGAIN or whatever you need it to=0A= >>do).=0A= >Well, I currently have daemons (rpctlssd and rpctlscd) that just wait for= =0A= >upcalls from the kernel and do the SSL stuff (mainly the handshake right n= ow).=0A= >(You can guess from the names which one is RPC client vs server.;-)=0A= >I can easily do an upcall for a non-application data record if/when I need= to do so.=0A= >(The upcalls are done via Sun RPC using an AF_LOCAL socket, similar to wha= t=0A= > the gssd does.)=0A= >=0A= >For me, the mystery is what to do with it once the daemon gets it.=0A= >From what you said, I'll need to "trick" SSL_read into reading it.=0A= >Maybe I can push it back on the socket buffer receive queue in the kernel= =0A= >and then the daemon can do a SSL_read() to read it off the socket and hand= le=0A= >it?=0A= Oh, and one more little challenge...=0A= When I played around with the daemons using TLS1.3 (before there was a ktls= =0A= rx I could use), I would run into early data that would be handled by SSL_r= ead()=0A= done in userland by the daemon.=0A= However, I couldn't find a way to tell it to not wait to read any applicati= on data.=0A= I recall trying an SSL_read() for 0 bytes and it didn't like it.=0A= I might be stuck having the daemon do an SSL_read() for one application dat= a=0A= record and then it can pass that data back down into the kernel to be prepe= nded=0A= on the queue of received application data.=0A= =0A= >(I wouldn't want to MSG_PEEK for every record, since these will be rare.)= =0A= >I also do already have code that blocks kernel reception when the upcall= =0A= >to do the handshake is done, so the same could be used in this case.=0A= >=0A= >There is the slight trick that the client krpc code is in a socket upcall = that can't sleep,=0A= >so I'll have to hand it off to some other thread that can sleep when I nee= d to do it.=0A= >=0A= >Thanks for the hints, rick=0A= rick=0A= --=0A= John Baldwin=0A=