Hi,

I have now completed changes to the code in projects/nfs-over-tls, which
implements TLS encryption of NFS RPC messages. (This roughly conforms
to the internet draft "Towards Remote Procedure Call Encryption By Default",
which should soon become an RFC. For now, TLS1.2 is used instead of TLS1.3,
since FreeBSD's KERN_TLS does not yet implement TLS1.3.)

I'd like to start merging some of the kernel changes into head/sys.

The first of these would be creation of the syscall used by the daemons.
(The code in projects/nfs-over-tls cheats and uses the syscall for the gssd,
 but it needs to have its own syscall so that the gssd daemon can run 
concurrently
 with it. I didn't want testers to need to build userland just to get a syscall 
stub
 in libc.)

After this, there are a bunch of changes to the NFS code to add support for
ext_pgs mbufs (these are significant patches, but should not affect the
non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPGS).

Does this sound ok to do?

Please let me know if you see problems with me doing this?

Thanks, rick
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to