Hi, These patchs add a transport encryption mechanism and two transport encryption translators. It is hooked in the core transport code, and need some modification of transports (socket, ipverb) to conserve the data structure. This may be cleaned later. There also some modification in protocol to add crypto xlator private data (crytpo type + private data in fact). For example the way NaCl work make us add the nonce and some data in gf_hdr_common_t (inside gf_ndr_nacl_t) A "transport.crypto.type" option is added in protocol/client and protocol/server to choose the crypto xlator. The nacl transport have been used in production, and can be considered as stable. nacl adds an "transport.crypto.passphrase" option to setup the passphrase wich is shared between each servers and clients. NaCl Here is a small howto to install and build nacl so it can be linked to a shared library: Before building the glusterfs package, you need to install nacl correctly. wget http://hyperelliptic.org/nacl/nacl-20090405.tar.bz2 bunzip2 < nacl-20090405.tar.bz2 | tar -xf - cd nacl-20090405 * On x86: emacs okcompilers/c gcc -m32 -O2 -fPIC -march=i686 * On amd64: emacs okcompilers/c gcc -m64 -O2 -fPIC mv crypto_onetimeauth/poly1305/amd64/constants.s crypto_onetimeauth/poly1305/amd64/constants.s.bak mv crypto_onetimeauth/poly1305/amd64/auth.s crypto_onetimeauth/poly1305/amd64/auth.s.bak cat crypto_onetimeauth/poly1305/amd64/constants.s.bak | grep -v globl > crypto_onetimeauth/poly1305/amd64/auth.s cat crypto_onetimeauth/poly1305/amd64/auth.s.bak >> crypto_onetimeauth/poly1305/amd64/auth.s Then ./do sudo cp -r build/localhost/lib/* /usr/lib/ sudo cp -r build/localhost/include/* /usr/include/ Now, ./configure should detect nacl and enable it. You can still explicitly disable it using --disable-nacl Corentin Chary (10): transport/encryption: add infrastructure transport/encryption: add directory and base Makefile.am transport/encryption: add rot-13 demo transport/encryption: keep xlator reference transport/encryption: pass transport_crypto_t instead of transport_t libglusterfs: add iov_load function transport/encryption: add NaCl encryptor transport/ib-verbs: add missing buflen_p parameter libglusterfs: add iov_link transport/encryption: fix encryption when used with afr configure.ac | 69 ++++++- libglusterfs/src/Makefile.am | 2 +- libglusterfs/src/common-utils.h | 24 ++- libglusterfs/src/protocol.h | 10 + libglusterfs/src/transport.c | 293 +++++++++++++++++++------ libglusterfs/src/transport.h | 25 ++- transport/Makefile.am | 4 +- transport/encryption/Makefile.am | 3 + transport/encryption/nacl/Makefile.am | 1 + transport/encryption/nacl/src/Makefile.am | 16 ++ transport/encryption/nacl/src/nacl.c | 275 +++++++++++++++++++++++ transport/encryption/nacl/src/nacl.h | 39 ++++ transport/encryption/rot-13c/Makefile.am | 1 + transport/encryption/rot-13c/src/Makefile.am | 14 ++ transport/encryption/rot-13c/src/rot-13c.c | 106 +++++++++ transport/encryption/rot-13c/src/rot-13c.h | 30 +++ transport/ib-verbs/src/ib-verbs.c | 5 +- transport/socket/src/socket.c | 6 +- xlators/protocol/client/src/client-protocol.c | 3 + xlators/protocol/server/src/server-protocol.c | 3 + 20 files changed, 849 insertions(+), 80 deletions(-) create mode 100644 transport/encryption/Makefile.am create mode 100644 transport/encryption/nacl/Makefile.am create mode 100644 transport/encryption/nacl/src/Makefile.am create mode 100644 transport/encryption/nacl/src/nacl.c create mode 100644 transport/encryption/nacl/src/nacl.h create mode 100644 transport/encryption/rot-13c/Makefile.am create mode 100644 transport/encryption/rot-13c/src/Makefile.am create mode 100644 transport/encryption/rot-13c/src/rot-13c.c create mode 100644 transport/encryption/rot-13c/src/rot-13c.h