[clearview-dev] Code review request for 6791375
Thirumalai Srinivasan
thirumalai.srinivasan at sun.com
Tue Feb 10 19:21:25 PST 2009
Peter Memishian wrote:
> > ok. Please take a look at the new webrev and let me know.
> >
> > http://npt.sfbay/net/infotech/export/stk-fix/webrev/
>
> Looks good. Not related to your changes, but I guess there's a reason we
> don't need to check tcp_kssl_ent on peer_tcp.
>
> --
> meem
>
Right. I took a quick look, and from what I can recall, the KSSL stuff
applies to the listener and to the incoming connections. It does not
apply to outgoing connections.
Initially the admin sets up the kssl translation table. (listener's
clear port, ssl port, and the IP address). Then when the listener does a
listen(), the sockfs does the port translation in the T_BIND_REQ. The
listener retains a pointer to the tcp_kssl_ent that describes the SSL
structure. Incoming conns (eagers) inherit this information from the
listener. We also call strsetrwputdatahooks() to setup the hooks for
SSL processing. On output the SSL processing happens at the streamhead
through the sd_wputdatafunc hook. For input it happens when TCP calls
tcp_kssl_input().
Since tcp fusion is being initiated by the passive end point (or the
eager) we only check for our own tcp_kssl_ent.
Thirumalai
More information about the clearview-dev
mailing list