[PATCH 00/16] AF_RXRPC socket family and AFS rewrite [try #3]

2007-04-25 Thread David Howells 

The first of these patches together provide secure client-side RxRPC
connectivity as a Linux kernel socket family.  Only the RxRPC transport/session
side is supplied - the presentation side (marshalling the data) is left to the
client.  Copies of the patches can be found here:

http://people.redhat.com/~dhowells/rxrpc/series
http://people.redhat.com/~dhowells/rxrpc/01-move-skb-generic.diff
http://people.redhat.com/~dhowells/rxrpc/02-cancel_delayed_work.diff
http://people.redhat.com/~dhowells/rxrpc/03-keys.diff
http://people.redhat.com/~dhowells/rxrpc/04-timer-exports.diff
http://people.redhat.com/~dhowells/rxrpc/05-af_rxrpc.diff

Further patches make the in-kernel AFS filesystem use AF_RXRPC and delete the
old RxRPC implementation:

http://people.redhat.com/~dhowells/rxrpc/06-afs-cleanup.diff
http://people.redhat.com/~dhowells/rxrpc/07-af_rxrpc-kernel.diff
http://people.redhat.com/~dhowells/rxrpc/08-af_rxrpc-afs.diff
http://people.redhat.com/~dhowells/rxrpc/09-af_rxrpc-delete-old.diff

And then the rest of the patches extend AFS to provide automatic unmounting of
automount trees, security support and directory-level write support (create,
mkdir, etc.):

http://people.redhat.com/~dhowells/rxrpc/10-afs-multimount.diff
http://people.redhat.com/~dhowells/rxrpc/11-afs-security.diff
http://people.redhat.com/~dhowells/rxrpc/12-afs-doc.diff

http://people.redhat.com/~dhowells/rxrpc/13-netlink-support-MSG_TRUNC.diff
http://people.redhat.com/~dhowells/rxrpc/14-afs-get-capabilities.diff
http://people.redhat.com/~dhowells/rxrpc/15-afs-initcallbackstate3.diff
http://people.redhat.com/~dhowells/rxrpc/16-afs-dir-write-support.diff

Note that file-level write support is not yet complete and so is not included
in this patch set.


The userspace access methods make use of the control data passed to/by
sendmsg() and recvmsg().  See the three simple test programs:

http://people.redhat.com/~dhowells/rxrpc/klog.c
http://people.redhat.com/~dhowells/rxrpc/rxrpc.c
http://people.redhat.com/~dhowells/rxrpc/listen.c

The klog program is provided to go and get a Kerberos IV key from the AFS
kaserver.  Currently it must be edited before compiling to note the right
server IP address and the appropriate credentials.

These programs can be compiled by:

make klog rxrpc listen CFLAGS=-Wall -g LDLIBS=-lcrypto -lcrypt 
-lkrb4 -lkeyutils

Then a ticket can be obtained by:

./klog

If a security key is acquired in this way, then all subsequent AFS operations -
including VL lookups and mounts - performed with that session keyring will be
authenticated using that key.  The key can be viewed like so:

[EMAIL PROTECTED] ~]# keyctl show
Session Keyring
   -3 --alswrv  0 0  keyring: _ses.3268
2 --alswrv  0 0   \_ keyring: _uid.0
111416553 --als--v  0 0   \_ rxrpc: [EMAIL PROTECTED]

TODO:

 (*) Make certain parameters (such as connection timeouts) userspace
 configurable.

 (*) Make userspace utilities use it; librxrpc.

 (*) Userspace documentation.

 (*) KerberosV security.

Changes:

 (*) SOCK_RPC has been removed.  SOCK_DGRAM is now used instead.

 (*) I've add a facility whereby calls can be made to destinations other than
 the connect() address of a client socket by making use of msg_name in the
 msghdr struct when using sendmsg() to send the first data packet of a
 call.  Indeed, a client socket need not be connected before being used
 so.

 (*) I've also added a facility whereby client calls may also be made on
 server sockets, again by using msg_name in the msghdr struct.  In such a
 case, the server's local transport endpoint is used.

 (*) I've made the write buffer space check available to various callers
 (sk_write_space) and implemented poll support.

 (*) Rewrote rxrpc_recvmsg().  It now concatenates adjacent data messages from
 the same call when delivering them.

 (*) Updated the documentation to include notes on recvmsg, cover control
 messages and cover SOL_RXRPC-level socket options.

 (*) Provided an in-kernel interface to give in-kernel utilities easier access
 to the facility.

 (*) Made fs/afs/ use it.

 (*) Deleted the old contents of net/rxrpc/.

 (*) Use the scatterlist interface to the crypto API for now.  The patch that
 added the direct access interface conflicts with patches Herbert Xu is
 producing, so I've dropped it for the moment.

 (*) Moved a bug fix to make secure connection reuse work from the
 af_rxrpc-kernel patch to the af_rxrpc main patch.

 (*) Make RxRPC use its own private work queues rather than keventd's to avoid
 deadlocks when AFS tries to use keventd too.  This also puts encryption
 in the private work queue rather than keventd's queue as that might take
 a relatively long time to

Re: [PATCH 00/16] AF_RXRPC socket family and AFS rewrite [try #3]

2007-04-25 Thread David Howells 
Andrew Morton [EMAIL PROTECTED] wrote:

 I'm ducking all feature and cleanup patches now, and probably shall
 continue to do so for some weeks.  The priority (which I believe to be
 increasingly urgent) is to fix the 2.6.21 regressions and to stabilise
 the things which we presently have queued for 2.6.22.  Not to
 mention the 1000ish unaddressed bug reports in bugzilla and elsewhere.

Fair enough.  I think the idea is for them (or at least some of them) to go
through one of DaveM's net git trees anyway.

David
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/16] AF_RXRPC socket family and AFS rewrite [try #3]

2007-04-25 Thread David Miller 
From: David Howells [EMAIL PROTECTED]
Date: Wed, 25 Apr 2007 14:38:32 +0100

 I think the idea is for them (or at least some of them) to go
 through one of DaveM's net git trees anyway.

Then please generate your patches against my net-2.6.21 GIT
tree.  Most of your initial patches in the series (the SKB
routine one for example) are already in my tree.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/16] AF_RXRPC socket family and AFS rewrite [try #3]

2007-04-25 Thread David Howells 
David Miller [EMAIL PROTECTED] wrote:

 Then please generate your patches against my net-2.6.21 GIT
 tree.  Most of your initial patches in the series (the SKB
 routine one for example) are already in my tree.

Do you mean your net-2.6.22 GIT tree?

Do you want me to make it available as a GIT tree for you to pull?  Or would
you prefer patches?

David
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/16] AF_RXRPC socket family and AFS rewrite [try #3]

2007-04-25 Thread David Miller 
From: David Howells [EMAIL PROTECTED]
Date: Wed, 25 Apr 2007 20:56:47 +0100

 David Miller [EMAIL PROTECTED] wrote:
 
  Then please generate your patches against my net-2.6.21 GIT
  tree.  Most of your initial patches in the series (the SKB
  routine one for example) are already in my tree.
 
 Do you mean your net-2.6.22 GIT tree?
 
 Do you want me to make it available as a GIT tree for you to pull?  Or would
 you prefer patches?

Just patches is perfectly fine.

Also, if it's easier to diff against -mm, that works too
since Andrew integrates my net-2.6.22 tree into -mm most
of the time.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html