Date: Thu, 21 May 2020 21:01:48 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org> Subject: RFC: merging nfs-over-tls changes into head/sys Message-ID: <QB1PR01MB36494A667E54EC90C07F97DBDDB70@QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Hi,=0A= =0A= I have now completed changes to the code in projects/nfs-over-tls, which=0A= implements TLS encryption of NFS RPC messages. (This roughly conforms=0A= to the internet draft "Towards Remote Procedure Call Encryption By Default"= ,=0A= which should soon become an RFC. For now, TLS1.2 is used instead of TLS1.3,= =0A= since FreeBSD's KERN_TLS does not yet implement TLS1.3.)=0A= =0A= I'd like to start merging some of the kernel changes into head/sys.=0A= =0A= The first of these would be creation of the syscall used by the daemons.=0A= (The code in projects/nfs-over-tls cheats and uses the syscall for the gssd= ,=0A= but it needs to have its own syscall so that the gssd daemon can run concu= rrently=0A= with it. I didn't want testers to need to build userland just to get a sys= call stub=0A= in libc.)=0A= =0A= After this, there are a bunch of changes to the NFS code to add support for= =0A= ext_pgs mbufs (these are significant patches, but should not affect the=0A= non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPGS).= =0A= =0A= Does this sound ok to do?=0A= =0A= Please let me know if you see problems with me doing this?=0A= =0A= Thanks, rick=0A=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?QB1PR01MB36494A667E54EC90C07F97DBDDB70>