RFC: merging nfs-over-tls changes into head/sys
Rick Macklem
rmacklem at uoguelph.ca
Thu May 21 21:02:00 UTC 2020
Hi,
I have now completed changes to the code in projects/nfs-over-tls, which
implements TLS encryption of NFS RPC messages. (This roughly conforms
to the internet draft "Towards Remote Procedure Call Encryption By Default",
which should soon become an RFC. For now, TLS1.2 is used instead of TLS1.3,
since FreeBSD's KERN_TLS does not yet implement TLS1.3.)
I'd like to start merging some of the kernel changes into head/sys.
The first of these would be creation of the syscall used by the daemons.
(The code in projects/nfs-over-tls cheats and uses the syscall for the gssd,
but it needs to have its own syscall so that the gssd daemon can run concurrently
with it. I didn't want testers to need to build userland just to get a syscall stub
in libc.)
After this, there are a bunch of changes to the NFS code to add support for
ext_pgs mbufs (these are significant patches, but should not affect the
non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPGS).
Does this sound ok to do?
Please let me know if you see problems with me doing this?
Thanks, rick
More information about the freebsd-current
mailing list