| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 04 Aug 2019 20:43:49 -0700
From: John Fastabend <john.fastabend@...il.com>
To: Shridhar Venkatraman <shridhar@...mtree.com>,
netdev@...r.kernel.org
Subject: Re: BPF: ETLS: RECV FLOW
Shridhar Venkatraman wrote:
> Hi,
>
> The eTLS work has BPF integration which is great.
> However there is one spot where access to the clear text is not available.
Guessing eTLS is a typo for KTLS.
>
> From kernel 4.20 - receiver BPF support added for KTLS.
>
> a. receiver BPF is applied on encrypted message
> b. after applying BPF, message is decrypted
> c. BPF run logic on the decrypted plain message - can we add this support ?
> d. then copy the decrypted message back to userspace.
>
> code flow reference: tls receive message call flow:
> --------------------------------------------------------------
>
> tls_sw_recvmsg
> __tcp_bpf_recvmsg [ bpf exec function called on encrypted message ]
> decrypt_skb_update
> decrypt_internal
> BPF_PROG_RUN on decrypted plain message - can we add this support ?
> skb_copy_datagram_msg [ decrypted message copied back to userspace ]
Yes I'm aware of this I'll push patches this release cycle. At least that
is the plan. I have some internal patches I've been running for some time
but need to clean up an edge case. Hopefully should get to it this week
after fixing up a couple bugs first.
>
> Thanks
> ps: I sent this to the bpf list as I don't know which one it should go to
sending to bpf list and CC netdev would work or just BPF list.
.John
Powered by blists - more mailing lists