FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F13.3 2023-08-23T17:43:27Z 2023-08-23T17:43:27Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:56Z urn:sha1:5510f79042fbd543de55807d0da7f8a2b8be2f89 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in current: (cherry picked from commit 031beb4e239b) 2021-11-25T01:09:21Z Konstantin Belousov kib@FreeBSD.org 2021-11-07T08:42:24Z urn:sha1:83271c68c4f4697ba15d49cc3f31912a5d04ff4b (cherry picked from commit 5bb3134a8c21cb87b30e135ef168483f0333dabb) 2020-08-22T03:57:55Z Rick Macklem rmacklem@FreeBSD.org 2020-08-22T03:57:55Z urn:sha1:ab0c29af0512df1e40c30f1b361da7803594336e An internet draft titled "Towards Remote Procedure Call Encryption By Default" describes how TLS is to be used for Sun RPC, with NFS as an intended use case. This patch adds client and server support for this to the kernel RPC, using KERN_TLS and upcalls to daemons for the handshake, peer reset and other non-application data record cases. The upcalls to the daemons use three fields to uniquely identify the TCP connection. They are the time.tv_sec, time.tv_usec of the connection establshment, plus a 64bit sequence number. The time fields avoid problems with re-use of the sequence number after a daemon restart. For the server side, once a Null RPC with AUTH_TLS is received, kernel reception on the socket is blocked and an upcall to the rpctlssd(8) daemon is done to perform the TLS handshake. Upon completion, the completion status of the handshake is stored in xp_tls as flag bits and the reply to the Null RPC is sent. For the client, if CLSET_TLS has been set, a new TCP connection will send the Null RPC with AUTH_TLS to initiate the handshake. The client kernel RPC code will then block kernel I/O on the socket and do an upcall to the rpctlscd(8) daemon to perform the handshake. If the upcall is successful, ct_rcvstate will be maintained to indicate if/when an upcall is being done. If non-application data records are received, the code does an upcall to the appropriate daemon, which will do a SSL_read() of 0 length to handle the record(s). When the socket is being shut down, upcalls are done to the daemons, so that they can perform SSL_shutdown() calls to perform the "peer reset". The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the openssl library and, as such, will not be committed to head at this time. Although the changes done by this patch are fairly numerous, there should be no semantics change to the kernel RPC at this time. A future commit to the NFS code will optionally enable use of TLS for NFS. 2020-04-17T06:04:20Z Gleb Smirnoff glebius@FreeBSD.org 2020-04-17T06:04:20Z urn:sha1:732a02b4e77866604a120a275c082bb6221bd2ff Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D24408 2017-03-04T10:10:17Z Enji Cooper ngie@FreeBSD.org 2017-03-04T10:10:17Z urn:sha1:193d9e768ba63fcfb187cfd17f461f7d41345048 This simplifies make output/logic Tested with: `cd sys/modules; make ALL_MODULES=` on amd64 MFC after: 1 month Sponsored by: Dell EMC Isilon 2014-08-04T22:37:02Z Warner Losh imp@FreeBSD.org 2014-08-04T22:37:02Z urn:sha1:aeaed508982227551b2748339033bb2483382b4d opt_inet6.h into kmod.mk by forcing almost everybody to eat the same dogfood. While at it, consolidate the opt_bpf.h and opt_mroute.h targets here too. 2014-07-01T20:47:16Z Rick Macklem rmacklem@FreeBSD.org 2014-07-01T20:47:16Z urn:sha1:c59e4cc34daadb47669f445532acabaa83ba7f8a into head. The code is not believed to have any effect on the semantics of non-NFSv4.1 server behaviour. It is a rather large merge, but I am hoping that there will not be any regressions for the NFS server. MFC after: 1 month 2010-09-24T15:01:45Z Attilio Rao attilio@FreeBSD.org 2010-09-24T15:01:45Z urn:sha1:109c1de8bad542e1ce21e866a36b2b86dbe8d49d in the kernel (just as inet_ntoa() and inet_aton()) are and sync their prototype accordingly with already mentioned functions. Sponsored by: Sandvine Incorporated Reviewed by: emaste, rstone Approved by: dfr MFC after: 2 weeks 2008-11-06T10:53:35Z Dag-Erling Smørgrav des@FreeBSD.org 2008-11-06T10:53:35Z urn:sha1:19aa71e559572acef61056ee77a24a95bb1fee02 Pointy hat to: dfr 2008-03-27T11:55:03Z Doug Rabson dfr@FreeBSD.org 2008-03-27T11:55:03Z urn:sha1:6b0d16d374627cfcb0c39328097ffa6b4fa3d0df