Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
SUNRPC: Plumb an API for setting transport layer security
Add an initial set of policies along with fields for upper layers to
pass the requested policy down to the transport layer.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
authored by
Chuck Lever
and committed by
Trond Myklebust
50005319
9e8ab85a
+23
+2
include/linux/sunrpc/clnt.h
+2
include/linux/sunrpc/clnt.h
···
58
58
cl_noretranstimeo: 1,/* No retransmit timeouts */
59
59
cl_autobind : 1,/* use getport() */
60
60
cl_chatty : 1;/* be verbose */
61
+
struct xprtsec_parms cl_xprtsec; /* transport security policy */
61
62
62
63
struct rpc_rtt * cl_rtt; /* RTO estimator data */
63
64
const struct rpc_timeout *cl_timeout; /* Timeout strategy */
···
140
139
struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */
141
140
const struct cred *cred;
142
141
unsigned int max_connect;
142
+
struct xprtsec_parms xprtsec;
143
143
};
144
144
145
145
struct rpc_add_xprt_test {
+17
include/linux/sunrpc/xprt.h
+17
include/linux/sunrpc/xprt.h
···
129
129
#define rq_svec rq_snd_buf.head
130
130
#define rq_slen rq_snd_buf.len
131
131
132
+
/* RPC transport layer security policies */
133
+
enum xprtsec_policies {
134
+
RPC_XPRTSEC_NONE = 0,
135
+
RPC_XPRTSEC_TLS_ANON,
136
+
RPC_XPRTSEC_TLS_X509,
137
+
};
138
+
139
+
struct xprtsec_parms {
140
+
enum xprtsec_policies policy;
141
+
142
+
/* authentication material */
143
+
key_serial_t cert_serial;
144
+
key_serial_t privkey_serial;
145
+
};
146
+
132
147
struct rpc_xprt_ops {
133
148
void (*set_buffer_size)(struct rpc_xprt *xprt, size_t sndsize, size_t rcvsize);
134
149
int (*reserve_xprt)(struct rpc_xprt *xprt, struct rpc_task *task);
···
244
229
*/
245
230
unsigned long bind_timeout,
246
231
reestablish_timeout;
232
+
struct xprtsec_parms xprtsec;
247
233
unsigned int connect_cookie; /* A cookie that gets bumped
248
234
every time the transport
249
235
is reconnected */
···
349
333
struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */
350
334
struct rpc_xprt_switch *bc_xps;
351
335
unsigned int flags;
336
+
struct xprtsec_parms xprtsec;
352
337
};
353
338
354
339
struct xprt_class {
+4
net/sunrpc/clnt.c
+4
net/sunrpc/clnt.c
···
385
385
if (!clnt)
386
386
goto out_err;
387
387
clnt->cl_parent = parent ? : clnt;
388
+
clnt->cl_xprtsec = args->xprtsec;
388
389
389
390
err = rpc_alloc_clid(clnt);
390
391
if (err)
···
533
532
.addrlen = args->addrsize,
534
533
.servername = args->servername,
535
534
.bc_xprt = args->bc_xprt,
535
+
.xprtsec = args->xprtsec,
536
536
};
537
537
char servername[48];
538
538
struct rpc_clnt *clnt;
···
733
731
struct rpc_clnt *parent;
734
732
int err;
735
733
734
+
args->xprtsec = clnt->cl_xprtsec;
736
735
xprt = xprt_create_transport(args);
737
736
if (IS_ERR(xprt))
738
737
return PTR_ERR(xprt);
···
3053
3050
3054
3051
if (!xprtargs->ident)
3055
3052
xprtargs->ident = ident;
3053
+
xprtargs->xprtsec = clnt->cl_xprtsec;
3056
3054
xprt = xprt_create_transport(xprtargs);
3057
3055
if (IS_ERR(xprt)) {
3058
3056
ret = PTR_ERR(xprt);