Hi, I have now completed changes to the code in projects/nfs-over-tls, which implements TLS encryption of NFS RPC messages. (This roughly conforms to the internet draft "Towards Remote Procedure Call Encryption By Default", which should soon become an RFC. For now, TLS1.2 is used instead of TLS1.3, since FreeBSD's KERN_TLS does not yet implement TLS1.3.)
I'd like to start merging some of the kernel changes into head/sys. The first of these would be creation of the syscall used by the daemons. (The code in projects/nfs-over-tls cheats and uses the syscall for the gssd, but it needs to have its own syscall so that the gssd daemon can run concurrently with it. I didn't want testers to need to build userland just to get a syscall stub in libc.) After this, there are a bunch of changes to the NFS code to add support for ext_pgs mbufs (these are significant patches, but should not affect the non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPGS). Does this sound ok to do? Please let me know if you see problems with me doing this? Thanks, rick _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
