[libbsd 2/7] Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS data records.
sebastian.huber at embedded-brains.de
Thu Jul 7 12:02:43 UTC 2022
From: Rick Macklem <rmacklem at FreeBSD.org>
The kernel RPC cannot process non-application data records when
using TLS. It must to an upcall to a userspace daemon that will
call SSL_read() to process them.
This patch adds a new flag called MSG_TLSAPPDATA that the kernel
RPC can use to tell sorecieve() to return ENXIO instead of a non-application
data record, when that is what is at the top of the receive queue.
I put the code in #ifdef KERN_TLS/#endif, although it will build without
that, so that it is recognized as only useful when KERN_TLS is enabled.
The alternative to doing this is to have the kernel RPC re-queue the
non-application data message after receiving it, but that seems more
complicated and might introduce message ordering issues when there
are multiple non-application data records one after another.
I do not know what, if any, changes will be required to support TLS1.3.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D25923
rtemsbsd/include/machine/_kernel_socket.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/rtemsbsd/include/machine/_kernel_socket.h b/rtemsbsd/include/machine/_kernel_socket.h
index e9acc744..dba4694f 100644
@@ -46,6 +46,7 @@
#define MSG_SOCALLBCK 0x00010000 /* for use by socket callbacks - soreceive (TCP) */
#define MSG_MORETOCOME 0x00100000 /* additional data pending */
+#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. data (TLS) */
#define CMSG_ALIGN(n) _ALIGN(n)
More information about the devel