
Playing with Kernel TLS in Linux 4.13 and Go - FiloSottile
https://blog.filippo.io/playing-with-kernel-tls-in-linux-4-13-and-go/
======
topspin
That kernel patch sets off some alarms. Dozens of goto statements and many of
them are not the common C exit/cleanup idiom; backwards jumps are frequent and
following some of these functions is difficult. tls_sw_sendmsg and
tls_sw_sendpage have 8 and 5 goto labels respectively.

Ew.

Might all be brilliant and flawless, but it's not obvious.

~~~
Thaxll
Linux kernel has a lot of goto in its code.

~~~
yahna
Other than jump to exit stuff?

~~~
cesarb
Yeah, the "goto retry" (jump back to the beginning of the function or the
loop) is also common.

~~~
yahna
Still pretty structured usage.

------
blinkingled
Solaris had kssl doing much more of this 7-8 years ago. In their case SPARC
T1+ CPUs had hardware support to accelerate crypto ops but iirc kssl did not
depend on it.

It also did not require applications to support/know about SSL/TLS. So after
moving to Solaris 10 we were able to make some legacy apps use SSL/TLS without
adding any code at all! Pretty cool stuff.

They did have a few vulnerabilities causing kernel panic that Snorcle had to
fix - so in terms of adding more complexity to the kernel it's a risky
approach but in our case it was totally worth it and it helped that the
SSL/TLS traffic was all internal - nothing public facing.

~~~
ekiwi
> we were able to make some legacy apps use SSL/TLS without adding any code at
> all

How did you deal with certificate validation?

~~~
Mister_Snuggles
This[0] seems to answer your questions.

TL;DR: The kernel does it all and passes the unencrypted traffic to the local
port specified. There's a command to configure it with the appropriate keys,
etc.

[0] [http://www.c0t0d0s0.org/archives/5575-Less-known-Solaris-
Fea...](http://www.c0t0d0s0.org/archives/5575-Less-known-Solaris-Features-
kssl.html)

~~~
sannee
Sounds like nginx streams -
[http://nginx.org/en/docs/stream/ngx_stream_core_module.html](http://nginx.org/en/docs/stream/ngx_stream_core_module.html)
. Really useful if you need TLS but the author of whatever you are running
couldn't be bothered by adding support (includes being able to do client
certificate auth!).

------
jsjohnst
So the question is, what's the result? Is it actually more performant? If not,
have you identified where further work is needed to make it more performant?

~~~
mirekrusin
He hasn't managed to make it work - it kernel panics for him.

He mentions that fb noticed significant performance improvement [1].

You should see improvements in some cases, ie. when you can do zero-copy
transfers (avoiding kernel->user and then user->kernel data copying), in other
words when you pipe data from one socket/file to the other socket/file.

[1]
[https://netdevconf.org/1.2/papers/ktls.pdf](https://netdevconf.org/1.2/papers/ktls.pdf)

~~~
lambda
No, he said:

> I ran a simple HTTPS web server with net/http, loaded a page on Chrome, and
> instead of causing a kernel panic...

Followed by demonstrating it working.

However, the point remains that he only got it working up to doing a toy hello
world. The part that would be important for performance would be what he
mentioned isn't finished, which is allowing it to be used with sendfile so
that web servers can just sendfile over a TLS connection and let the kernel
handle all of the IO.

