提交 6d88207f 编写于 作者: I Ilya Lesokhin 提交者: David S. Miller

tls: Add function to update the TLS socket configuration

The tx configuration is now stored in ctx->tx_conf.
And sk->sk_prot is updated trough a function
This will simplify things when we add rx
and support for different possible
tx and rx cross configurations.
Signed-off-by: NIlya Lesokhin <ilyal@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 61ef6da6
...@@ -83,6 +83,8 @@ struct tls_context { ...@@ -83,6 +83,8 @@ struct tls_context {
void *priv_ctx; void *priv_ctx;
u8 tx_conf:2;
u16 prepend_size; u16 prepend_size;
u16 tag_size; u16 tag_size;
u16 overhead_size; u16 overhead_size;
......
...@@ -45,8 +45,18 @@ MODULE_AUTHOR("Mellanox Technologies"); ...@@ -45,8 +45,18 @@ MODULE_AUTHOR("Mellanox Technologies");
MODULE_DESCRIPTION("Transport Layer Security Support"); MODULE_DESCRIPTION("Transport Layer Security Support");
MODULE_LICENSE("Dual BSD/GPL"); MODULE_LICENSE("Dual BSD/GPL");
static struct proto tls_base_prot; enum {
static struct proto tls_sw_prot; TLS_BASE_TX,
TLS_SW_TX,
TLS_NUM_CONFIG,
};
static struct proto tls_prots[TLS_NUM_CONFIG];
static inline void update_sk_prot(struct sock *sk, struct tls_context *ctx)
{
sk->sk_prot = &tls_prots[ctx->tx_conf];
}
int wait_on_pending_writer(struct sock *sk, long *timeo) int wait_on_pending_writer(struct sock *sk, long *timeo)
{ {
...@@ -340,8 +350,8 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval, ...@@ -340,8 +350,8 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
{ {
struct tls_crypto_info *crypto_info, tmp_crypto_info; struct tls_crypto_info *crypto_info, tmp_crypto_info;
struct tls_context *ctx = tls_get_ctx(sk); struct tls_context *ctx = tls_get_ctx(sk);
struct proto *prot = NULL;
int rc = 0; int rc = 0;
int tx_conf;
if (!optval || (optlen < sizeof(*crypto_info))) { if (!optval || (optlen < sizeof(*crypto_info))) {
rc = -EINVAL; rc = -EINVAL;
...@@ -396,11 +406,12 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval, ...@@ -396,11 +406,12 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
/* currently SW is default, we will have ethtool in future */ /* currently SW is default, we will have ethtool in future */
rc = tls_set_sw_offload(sk, ctx); rc = tls_set_sw_offload(sk, ctx);
prot = &tls_sw_prot; tx_conf = TLS_SW_TX;
if (rc) if (rc)
goto err_crypto_info; goto err_crypto_info;
sk->sk_prot = prot; ctx->tx_conf = tx_conf;
update_sk_prot(sk, ctx);
goto out; goto out;
err_crypto_info: err_crypto_info:
...@@ -453,7 +464,9 @@ static int tls_init(struct sock *sk) ...@@ -453,7 +464,9 @@ static int tls_init(struct sock *sk)
icsk->icsk_ulp_data = ctx; icsk->icsk_ulp_data = ctx;
ctx->setsockopt = sk->sk_prot->setsockopt; ctx->setsockopt = sk->sk_prot->setsockopt;
ctx->getsockopt = sk->sk_prot->getsockopt; ctx->getsockopt = sk->sk_prot->getsockopt;
sk->sk_prot = &tls_base_prot;
ctx->tx_conf = TLS_BASE_TX;
update_sk_prot(sk, ctx);
out: out:
return rc; return rc;
} }
...@@ -464,16 +477,21 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { ...@@ -464,16 +477,21 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = {
.init = tls_init, .init = tls_init,
}; };
static void build_protos(struct proto *prot, struct proto *base)
{
prot[TLS_BASE_TX] = *base;
prot[TLS_BASE_TX].setsockopt = tls_setsockopt;
prot[TLS_BASE_TX].getsockopt = tls_getsockopt;
prot[TLS_SW_TX] = prot[TLS_BASE_TX];
prot[TLS_SW_TX].close = tls_sk_proto_close;
prot[TLS_SW_TX].sendmsg = tls_sw_sendmsg;
prot[TLS_SW_TX].sendpage = tls_sw_sendpage;
}
static int __init tls_register(void) static int __init tls_register(void)
{ {
tls_base_prot = tcp_prot; build_protos(tls_prots, &tcp_prot);
tls_base_prot.setsockopt = tls_setsockopt;
tls_base_prot.getsockopt = tls_getsockopt;
tls_sw_prot = tls_base_prot;
tls_sw_prot.sendmsg = tls_sw_sendmsg;
tls_sw_prot.sendpage = tls_sw_sendpage;
tls_sw_prot.close = tls_sk_proto_close;
tcp_register_ulp(&tcp_tls_ulp_ops); tcp_register_ulp(&tcp_tls_ulp_ops);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册