Shridhar Venkatraman wrote: > Hi, > > The eTLS work has BPF integration which is great. > However there is one spot where access to the clear text is not available.
Guessing eTLS is a typo for KTLS. > > From kernel 4.20 - receiver BPF support added for KTLS. > > a. receiver BPF is applied on encrypted message > b. after applying BPF, message is decrypted > c. BPF run logic on the decrypted plain message - can we add this support ? > d. then copy the decrypted message back to userspace. > > code flow reference: tls receive message call flow: > -------------------------------------------------------------- > > tls_sw_recvmsg > __tcp_bpf_recvmsg [ bpf exec function called on encrypted message ] > decrypt_skb_update > decrypt_internal > BPF_PROG_RUN on decrypted plain message - can we add this support ? > skb_copy_datagram_msg [ decrypted message copied back to userspace ] Yes I'm aware of this I'll push patches this release cycle. At least that is the plan. I have some internal patches I've been running for some time but need to clean up an edge case. Hopefully should get to it this week after fixing up a couple bugs first. > > Thanks > ps: I sent this to the bpf list as I don't know which one it should go to sending to bpf list and CC netdev would work or just BPF list. .John
