svn commit: r360859 - projects/nfs-over-tls/sys/rpc

[Rick Macklem]

Author: rmacklem
Date: Sun May 10 00:17:39 2020
New Revision: 360859
URL: https://svnweb.freebsd.org/changeset/base/360859

Log:
  Add some very basic handling of TLS_GET_RECORD control mbufs.
  
  For now, it just throws away any that are non-application data.
  In the future, this will need to change, but not until TLS1.3, I think?

Modified:
  projects/nfs-over-tls/sys/rpc/svc_vc.c

Modified: projects/nfs-over-tls/sys/rpc/svc_vc.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/svc_vc.c	Sat May  9 23:56:13 2020	(r360858)
+++ projects/nfs-over-tls/sys/rpc/svc_vc.c	Sun May 10 00:17:39 2020	(r360859)
@@ -698,11 +698,13 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg,
 {
 	struct cf_conn *cd = (struct cf_conn *) xprt->xp_p1;
 	struct uio uio;
-	struct mbuf *m;
+	struct mbuf *m, *ctrl;
 	struct socket* so = xprt->xp_socket;
 	XDR xdrs;
 	int error, rcvflag;
 	uint32_t xid_plus_direction[3], junk;
+	struct cmsghdr *cmsg;
+	struct tls_get_record tgr;
 
 	/*
 	 * Serialise access to the socket and our own record parsing
@@ -782,6 +784,7 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg,
 		 * If receiving is disabled so that a TLS handshake can be
 		 * done by the rpctlssd daemon, return FALSE here.
 		 */
+tryagain:
 		if (xprt->xp_dontrcv) {
 			sx_xunlock(&xprt->xp_lock);
 			return (FALSE);
@@ -797,9 +800,9 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg,
 		 */
 		uio.uio_resid = 1000000000;
 		uio.uio_td = curthread;
-		m = NULL;
+		ctrl = m = NULL;
 		rcvflag = MSG_DONTWAIT;
-		error = soreceive(so, NULL, &uio, &m, NULL, &rcvflag);
+		error = soreceive(so, NULL, &uio, &m, &ctrl, &rcvflag);
 
 		if (error == EWOULDBLOCK) {
 			/*
@@ -838,6 +841,29 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg,
 			cd->strm_stat = XPRT_DIED;
 			sx_xunlock(&xprt->xp_lock);
 			return (FALSE);
+		}
+
+		/* Process any record header(s). */
+		if (ctrl != NULL) {
+if (ctrl->m_next != NULL) printf("EEK! svc list of controls\n");
+			cmsg = mtod(ctrl, struct cmsghdr *);
+			if (cmsg->cmsg_type == TLS_GET_RECORD &&
+			    cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
+				memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
+				/*
+				 * For now, just toss non-application
+				 * data records.
+				 * In the future, there may need to be
+				 * an upcall done to the daemon.
+				 */
+				if (tgr.tls_type != TLS_RLTYPE_APP) {
+printf("Got weird type=%d\n", tgr.tls_type);
+					m_freem(m);
+					m_free(ctrl);
+					goto tryagain;
+				}
+			}
+			m_free(ctrl);
 		}
 
 		if (cd->mpending)