Re: [Nfs-ganesha-devel] ntirpc GSS over TCP checksum

Thu, 15 Jun 2017 07:47:25 -0700 

Bill, sorry for the delay. Some in our team do test krb5 authentication but
I am not familiar with this code other than some context hashing. If you
need some testing, feel free to give me a link. I can build and give the
bits to folks who test it.

Regards, malahal.

On Wed, Jun 7, 2017 at 9:41 PM, William Allen Simpson <
william.allen.simp...@gmail.com> wrote:

> Malahal, I'm told you know this GSS code best, or at least test it.
> And Marcus might have written it.
>
> In svc_auth_gss.c, svcauth_gss_accept_sec_context(), it calls
> svc_getargs() -- same as standard tirpc.
>
> On the UDP side, that calls SVCAUTH_UNWRAP() and possibly
> svc_dg_freeargs() on failure.  No checksum is done here, it is in
> svc_dg_recv() over the raw data.
>
> On the TCP side, that calls SVCAUTH_UNWRAP() and possibly
> svc_dg_freeargs() on failure.  But on success, it does the
> checksum over the authenticated/decrypted data.
>
> Also, for UDP I'm changing to match the TCP code, so that we don't
> have the checksum expense for non-cached error returns.
>
> This means that for GSS, the checksum is done twice?
>
> Standard tirpc has no checksum.
>
> (RDMA doesn't do the checksum at all.)
>
> Would it be OK to remove the GSS call to svc_getargs() and call
> SVCAUTH_UNWRAP() directly?
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Nfs-ganesha-devel mailing list
> Nfs-ganesha-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to