Peter Memishian wrote: > > ok. Please take a look at the new webrev and let me know. > > > > http://npt.sfbay/net/infotech/export/stk-fix/webrev/ > > Looks good. Not related to your changes, but I guess there's a reason we > don't need to check tcp_kssl_ent on peer_tcp. > > -- > meem > Right. I took a quick look, and from what I can recall, the KSSL stuff applies to the listener and to the incoming connections. It does not apply to outgoing connections.
Initially the admin sets up the kssl translation table. (listener's clear port, ssl port, and the IP address). Then when the listener does a listen(), the sockfs does the port translation in the T_BIND_REQ. The listener retains a pointer to the tcp_kssl_ent that describes the SSL structure. Incoming conns (eagers) inherit this information from the listener. We also call strsetrwputdatahooks() to setup the hooks for SSL processing. On output the SSL processing happens at the streamhead through the sd_wputdatafunc hook. For input it happens when TCP calls tcp_kssl_input(). Since tcp fusion is being initiated by the passive end point (or the eager) we only check for our own tcp_kssl_ent. Thirumalai
