[gnutls-devel] GnuTLS | ktls: basic implementation of SW mode (!1451)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 21 10:48:00 CEST 2021




Daniel P_ Berrangé commented on a discussion on lib/includes/gnutls/socket.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_682833280

>  #endif
>  /* *INDENT-ON* */
>  
> +
> +
>  void gnutls_transport_set_fastopen(gnutls_session_t session,
>                                     int fd,
>                                     struct sockaddr *connect_addr,
>                                     socklen_t connect_addrlen,
>                                     unsigned int flags);
>  
> +int gnutls_transport_set_ktls(gnutls_session_t session,
> +		int sockin, int sockout);

If the user has called 'gnutls_transport_set_{push,pull}_function', then just refuse to enable KTLS, on the basis that this requires access to the FDs directly and so we can't let the user replace the push/pull functions.

If the user has not called 'gnutls_transport_set_{push,pull}_function', then the pull_func/vec_push_func must be 'system_read' / 'system_writev', and those functions expect a socket FD to be set via gnutls_transport_set_int2 / gnutls_transport_set_ptr2. IOW, if pull_func/vec_push_func are on their defaults, you can safely assume you have FDs and not need to ask for more FDs to enable KTLS.

The alternative is to avoid directly using FDs at all in this code, and introduce yet another push function variant that allows you to pass the control data too:

 * ssize_t (*gnutls_msg_push_func) (gnutls_transport_ptr_t, const giovec_t * iov, int iovcnt, const void *control, int *controllen);

which the impl can pack into a 'struct msghdr' and call sendmsg on themselves. You'd also need a callback for purpose of enabling socket options.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1451#note_682833280
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210921/9197351f/attachment-0001.html>


More information about the Gnutls-devel mailing list