Re: [RFC TLS Offload Support 05/15] tcp: Add TLS socket options for TCP sockets

2017-03-28 Thread Tom Herbert 
On Tue, Mar 28, 2017 at 6:26 AM, Aviad Yehezkel  wrote:
> This patch adds TLS_TX and TLS_RX TCP socket options.
>
> Setting these socket options will change the sk->sk_prot
> operations of the TCP socket. The user is responsible to
> prevent races between calls to the previous operations
> and the new operations. After successful return, data
> sent on this socket will be encapsulated in TLS.
>
> Signed-off-by: Aviad Yehezkel 
> Signed-off-by: Boris Pismenny 
> Signed-off-by: Ilya Lesokhin 
> ---
>  include/uapi/linux/tcp.h |  2 ++
>  net/ipv4/tcp.c   | 32 
>  2 files changed, 34 insertions(+)
>
> diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h
> index c53de26..f9f0e29 100644
> --- a/include/uapi/linux/tcp.h
> +++ b/include/uapi/linux/tcp.h
> @@ -116,6 +116,8 @@ enum {
>  #define TCP_SAVE_SYN   27  /* Record SYN headers for new 
> connections */
>  #define TCP_SAVED_SYN  28  /* Get SYN headers recorded for 
> connection */
>  #define TCP_REPAIR_WINDOW  29  /* Get/set window parameters */
> +#define TCP_TLS_TX 30
> +#define TCP_TLS_RX 31
>
>  struct tcp_repair_opt {
> __u32   opt_code;
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 302fee9..2d190e3 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -273,6 +273,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -2676,6 +2677,21 @@ static int do_tcp_setsockopt(struct sock *sk, int 
> level,
> tp->notsent_lowat = val;
> sk->sk_write_space(sk);
> break;
> +   case TCP_TLS_TX:
> +   case TCP_TLS_RX: {
> +   int (*fn)(struct sock *sk, int optname,
> + char __user *optval, unsigned int optlen);
> +
> +   fn = symbol_get(tls_sk_attach);
> +   if (!fn) {
> +   err = -EINVAL;
> +   break;
> +   }
> +
> +   err = fn(sk, optname, optval, optlen);
> +   symbol_put(tls_sk_attach);
> +   break;
> +   }
> default:
> err = -ENOPROTOOPT;
> break;
> @@ -3064,6 +3080,22 @@ static int do_tcp_getsockopt(struct sock *sk, int 
> level,
> }
> return 0;
> }
> +   case TCP_TLS_TX:
> +   case TCP_TLS_RX: {
> +   int err;
> +   int (*fn)(struct sock *sk, int optname,
> + char __user *optval, int __user *optlen);
> +
> +   fn = symbol_get(tls_sk_query);
> +   if (!fn) {
> +   err = -EINVAL;
> +   break;
> +   }
> +
> +   err = fn(sk, optname, optval, optlen);
> +   symbol_put(tls_sk_query);
> +   return err;
> +   }

This mechanism should be generalized. If we can do this with TLS then
there will likely be other ULPs that we might want to set on a TCP
socket. Maybe something like TCP_ULP_PUSH, TCP_ULP_POP (borrowing from
STREAMS ever so slightly :-) ). I'd also suggest that the ULPs are
indicated by a text string in the socket option argument, then have
each ULP perform a registration for their service.


> default:
> return -ENOPROTOOPT;
> }
> --
> 2.7.4
>

[RFC TLS Offload Support 05/15] tcp: Add TLS socket options for TCP sockets

2017-03-28 Thread Aviad Yehezkel 
This patch adds TLS_TX and TLS_RX TCP socket options.

Setting these socket options will change the sk->sk_prot
operations of the TCP socket. The user is responsible to
prevent races between calls to the previous operations
and the new operations. After successful return, data
sent on this socket will be encapsulated in TLS.

Signed-off-by: Aviad Yehezkel 
Signed-off-by: Boris Pismenny 
Signed-off-by: Ilya Lesokhin 
---
 include/uapi/linux/tcp.h |  2 ++
 net/ipv4/tcp.c   | 32 
 2 files changed, 34 insertions(+)

diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h
index c53de26..f9f0e29 100644
--- a/include/uapi/linux/tcp.h
+++ b/include/uapi/linux/tcp.h
@@ -116,6 +116,8 @@ enum {
 #define TCP_SAVE_SYN   27  /* Record SYN headers for new 
connections */
 #define TCP_SAVED_SYN  28  /* Get SYN headers recorded for 
connection */
 #define TCP_REPAIR_WINDOW  29  /* Get/set window parameters */
+#define TCP_TLS_TX 30
+#define TCP_TLS_RX 31
 
 struct tcp_repair_opt {
__u32   opt_code;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 302fee9..2d190e3 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -273,6 +273,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -2676,6 +2677,21 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
tp->notsent_lowat = val;
sk->sk_write_space(sk);
break;
+   case TCP_TLS_TX:
+   case TCP_TLS_RX: {
+   int (*fn)(struct sock *sk, int optname,
+ char __user *optval, unsigned int optlen);
+
+   fn = symbol_get(tls_sk_attach);
+   if (!fn) {
+   err = -EINVAL;
+   break;
+   }
+
+   err = fn(sk, optname, optval, optlen);
+   symbol_put(tls_sk_attach);
+   break;
+   }
default:
err = -ENOPROTOOPT;
break;
@@ -3064,6 +3080,22 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
}
return 0;
}
+   case TCP_TLS_TX:
+   case TCP_TLS_RX: {
+   int err;
+   int (*fn)(struct sock *sk, int optname,
+ char __user *optval, int __user *optlen);
+
+   fn = symbol_get(tls_sk_query);
+   if (!fn) {
+   err = -EINVAL;
+   break;
+   }
+
+   err = fn(sk, optname, optval, optlen);
+   symbol_put(tls_sk_query);
+   return err;
+   }
default:
return -ENOPROTOOPT;
}
-- 
2.7.4