Hi, The eTLS work has BPF integration which is great. However there is one spot where access to the clear text is not available.
>From kernel 4.20 - receiver BPF support added for KTLS. a. receiver BPF is applied on encrypted message b. after applying BPF, message is decrypted c. BPF run logic on the decrypted plain message - can we add this support ? d. then copy the decrypted message back to userspace. code flow reference: tls receive message call flow: -------------------------------------------------------------- tls_sw_recvmsg __tcp_bpf_recvmsg [ bpf exec function called on encrypted message ] decrypt_skb_update decrypt_internal BPF_PROG_RUN on decrypted plain message - can we add this support ? skb_copy_datagram_msg [ decrypted message copied back to userspace ] Thanks ps: I sent this to the bpf list as I don't know which one it should go to
