| Message ID | 168485183242.6613.7025123558596119858.stgit@oracle-102.nfsv4bat.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | client-side RPC-with-TLS | expand |
On Tue, 2023-05-23 at 10:29 -0400, Chuck Lever wrote: > Let's have a look at what is needed to support NFS in-transit > confidentiality in the Linux NFS client. These apply to net-next > but previously they've been tested at multiple NFS bake-a-thon > events. > Why net-next? Aren't the necessary non-NFS/RPC bits now in mainline at this point? What's missing? > This series is also available in the topic-rpc-with-tls-upcall > branch at > > https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git > > Changes since RFC: > - Add an rpc_authops method to send TLS probes > > --- > > Chuck Lever (11): > NFS: Improvements for fs_context-related tracepoints > SUNRPC: Plumb an API for setting transport layer security > SUNRPC: Trace the rpc_create_args > SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor > SUNRPC: Ignore data_ready callbacks during TLS handshakes > SUNRPC: Capture CMSG metadata on client-side receive > SUNRPC: Add a connect worker function for TLS > SUNRPC: Add RPC-with-TLS support to xprtsock.c > SUNRPC: Add RPC-with-TLS tracepoints > NFS: Have struct nfs_client carry a TLS policy field > NFS: Add an "xprtsec=" NFS mount option > > > fs/nfs/client.c | 7 + > fs/nfs/fs_context.c | 55 +++++ > fs/nfs/internal.h | 2 + > fs/nfs/nfs3client.c | 1 + > fs/nfs/nfs4client.c | 18 +- > fs/nfs/super.c | 12 ++ > include/linux/nfs_fs_sb.h | 3 +- > include/linux/sunrpc/auth.h | 2 + > include/linux/sunrpc/clnt.h | 2 + > include/linux/sunrpc/xprt.h | 17 ++ > include/linux/sunrpc/xprtsock.h | 3 + > include/trace/events/sunrpc.h | 96 ++++++++- > net/sunrpc/Makefile | 2 +- > net/sunrpc/auth.c | 2 +- > net/sunrpc/auth_tls.c | 175 ++++++++++++++++ > net/sunrpc/clnt.c | 9 +- > net/sunrpc/xprtsock.c | 343 +++++++++++++++++++++++++++++++- > 17 files changed, 727 insertions(+), 22 deletions(-) > create mode 100644 net/sunrpc/auth_tls.c > > -- > Chuck Lever >
> On May 24, 2023, at 3:30 PM, Jeff Layton <jlayton@kernel.org> wrote: > > On Tue, 2023-05-23 at 10:29 -0400, Chuck Lever wrote: >> Let's have a look at what is needed to support NFS in-transit >> confidentiality in the Linux NFS client. These apply to net-next >> but previously they've been tested at multiple NFS bake-a-thon >> events. > > Why net-next? Aren't the necessary non-NFS/RPC bits now in mainline at > this point? What's missing? https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/net/handshake?id=eefca7ec514262aef08d0ef261552f2f604bd851 That fix has been in net-next for 12 days and is still not merged. This series does not apply cleanly unless that fix has also been applied. I did not expect it to take so long to get that fix into upstream. >> This series is also available in the topic-rpc-with-tls-upcall >> branch at >> >> https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git >> >> Changes since RFC: >> - Add an rpc_authops method to send TLS probes >> >> --- >> >> Chuck Lever (11): >> NFS: Improvements for fs_context-related tracepoints >> SUNRPC: Plumb an API for setting transport layer security >> SUNRPC: Trace the rpc_create_args >> SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor >> SUNRPC: Ignore data_ready callbacks during TLS handshakes >> SUNRPC: Capture CMSG metadata on client-side receive >> SUNRPC: Add a connect worker function for TLS >> SUNRPC: Add RPC-with-TLS support to xprtsock.c >> SUNRPC: Add RPC-with-TLS tracepoints >> NFS: Have struct nfs_client carry a TLS policy field >> NFS: Add an "xprtsec=" NFS mount option >> >> >> fs/nfs/client.c | 7 + >> fs/nfs/fs_context.c | 55 +++++ >> fs/nfs/internal.h | 2 + >> fs/nfs/nfs3client.c | 1 + >> fs/nfs/nfs4client.c | 18 +- >> fs/nfs/super.c | 12 ++ >> include/linux/nfs_fs_sb.h | 3 +- >> include/linux/sunrpc/auth.h | 2 + >> include/linux/sunrpc/clnt.h | 2 + >> include/linux/sunrpc/xprt.h | 17 ++ >> include/linux/sunrpc/xprtsock.h | 3 + >> include/trace/events/sunrpc.h | 96 ++++++++- >> net/sunrpc/Makefile | 2 +- >> net/sunrpc/auth.c | 2 +- >> net/sunrpc/auth_tls.c | 175 ++++++++++++++++ >> net/sunrpc/clnt.c | 9 +- >> net/sunrpc/xprtsock.c | 343 +++++++++++++++++++++++++++++++- >> 17 files changed, 727 insertions(+), 22 deletions(-) >> create mode 100644 net/sunrpc/auth_tls.c >> >> -- >> Chuck Lever >> > > -- > Jeff Layton <jlayton@kernel.org> -- Chuck Lever
Let's have a look at what is needed to support NFS in-transit confidentiality in the Linux NFS client. These apply to net-next but previously they've been tested at multiple NFS bake-a-thon events. This series is also available in the topic-rpc-with-tls-upcall branch at https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git Changes since RFC: - Add an rpc_authops method to send TLS probes --- Chuck Lever (11): NFS: Improvements for fs_context-related tracepoints SUNRPC: Plumb an API for setting transport layer security SUNRPC: Trace the rpc_create_args SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor SUNRPC: Ignore data_ready callbacks during TLS handshakes SUNRPC: Capture CMSG metadata on client-side receive SUNRPC: Add a connect worker function for TLS SUNRPC: Add RPC-with-TLS support to xprtsock.c SUNRPC: Add RPC-with-TLS tracepoints NFS: Have struct nfs_client carry a TLS policy field NFS: Add an "xprtsec=" NFS mount option fs/nfs/client.c | 7 + fs/nfs/fs_context.c | 55 +++++ fs/nfs/internal.h | 2 + fs/nfs/nfs3client.c | 1 + fs/nfs/nfs4client.c | 18 +- fs/nfs/super.c | 12 ++ include/linux/nfs_fs_sb.h | 3 +- include/linux/sunrpc/auth.h | 2 + include/linux/sunrpc/clnt.h | 2 + include/linux/sunrpc/xprt.h | 17 ++ include/linux/sunrpc/xprtsock.h | 3 + include/trace/events/sunrpc.h | 96 ++++++++- net/sunrpc/Makefile | 2 +- net/sunrpc/auth.c | 2 +- net/sunrpc/auth_tls.c | 175 ++++++++++++++++ net/sunrpc/clnt.c | 9 +- net/sunrpc/xprtsock.c | 343 +++++++++++++++++++++++++++++++- 17 files changed, 727 insertions(+), 22 deletions(-) create mode 100644 net/sunrpc/auth_tls.c -- Chuck Lever