qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,167,572 Commits 5 Branches 2,211 Tags 2.6 GiB
Commit Graph

2 Commits

Author SHA1 Message Date
Jeffrey Layton 2bb9fd18f1 net/handshake: Trace events for TLS Alert helpers 
JIRA: https://issues.redhat.com/browse/RHEL-7936

commit b470985c76df6d53a9454670fb7551e1197f55e2
Author: Chuck Lever <chuck.lever@oracle.com>
Date:   Thu Jul 27 13:38:04 2023 -0400

    net/handshake: Trace events for TLS Alert helpers

    Add observability for the new TLS Alert infrastructure.

    Reviewed-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
    Link: https://lore.kernel.org/r/169047947409.5241.14548832149596892717.stgit@oracle-102.nfsv4bat.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Signed-off-by: Jeffrey Layton <jlayton@redhat.com>
 2023-12-02 05:12:25 -05:00
Jeffrey Layton 77f6e76aae net/handshake: Create a NETLINK service for handling handshake requests 
JIRA: https://issues.redhat.com/browse/RHEL-7936
Omitted-fix: e36a93e1723e (net/handshake: handshake_genl_notify() shouldn't ignore @flags)
Omitted-fix: 7301034026d0 (net/handshake: Fix uninitialized local variable)
Omitted-fix: 2200c1a87074 (net/handshake: Fix handshake_dup() ref counting)
Omitted-fix: b16d76fe9a27 (net/handshake: Remove unneeded check from handshake_dup())

commit 3b3009ea8abb713b022d94fba95ec270cf6e7eae
Author: Chuck Lever <chuck.lever@oracle.com>
Date:   Mon Apr 17 10:32:26 2023 -0400

    net/handshake: Create a NETLINK service for handling handshake requests

    When a kernel consumer needs a transport layer security session, it
    first needs a handshake to negotiate and establish a session. This
    negotiation can be done in user space via one of the several
    existing library implementations, or it can be done in the kernel.

    No in-kernel handshake implementations yet exist. In their absence,
    we add a netlink service that can:

    a. Notify a user space daemon that a handshake is needed.

    b. Once notified, the daemon calls the kernel back via this
       netlink service to get the handshake parameters, including an
       open socket on which to establish the session.

    c. Once the handshake is complete, the daemon reports the
       session status and other information via a second netlink
       operation. This operation marks that it is safe for the
       kernel to use the open socket and the security session
       established there.

    The notification service uses a multicast group. Each handshake
    mechanism (eg, tlshd) adopts its own group number so that the
    handshake services are completely independent of one another. The
    kernel can then tell via netlink_has_listeners() whether a handshake
    service is active and prepared to handle a handshake request.

    A new netlink operation, ACCEPT, acts like accept(2) in that it
    instantiates a file descriptor in the user space daemon's fd table.
    If this operation is successful, the reply carries the fd number,
    which can be treated as an open and ready file descriptor.

    While user space is performing the handshake, the kernel keeps its
    muddy paws off the open socket. A second new netlink operation,
    DONE, indicates that the user space daemon is finished with the
    socket and it is safe for the kernel to use again. The operation
    also indicates whether a session was established successfully.

    Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Signed-off-by: Jeffrey Layton <jlayton@redhat.com>
 2023-12-02 05:11:51 -05:00