RFC: merging nfs-over-tls changes into head/sys

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Thu, 21 May 2020 21:01:48 +0000
Hi,

I have now completed changes to the code in projects/nfs-over-tls, which
implements TLS encryption of NFS RPC messages. (This roughly conforms
to the internet draft "Towards Remote Procedure Call Encryption By Default",
which should soon become an RFC. For now, TLS1.2 is used instead of TLS1.3,
since FreeBSD's KERN_TLS does not yet implement TLS1.3.)

I'd like to start merging some of the kernel changes into head/sys.

The first of these would be creation of the syscall used by the daemons.
(The code in projects/nfs-over-tls cheats and uses the syscall for the gssd,
 but it needs to have its own syscall so that the gssd daemon can run concurrently
 with it. I didn't want testers to need to build userland just to get a syscall stub
 in libc.)

After this, there are a bunch of changes to the NFS code to add support for
ext_pgs mbufs (these are significant patches, but should not affect the
non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPGS).

Does this sound ok to do?

Please let me know if you see problems with me doing this?

Thanks, rick

Received on Thu May 21 2020 - 19:02:00 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:24 UTC