Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote: > Another question that is relevant for most networked filesystems > (including AFS, I believe), is how will you deal with encryption of the > data you are transmitting? Encrypting and decrypting in-place directly > in the page cache or in a userspace O_DIRECT mapped buffer might not be > the best and most secure option, so won't you find yourself wanting to > copy the data anyway? For kAFS, the interface between kAFS and AF_RXRPC takes an iterator. Currently, encryption is done in place on the sk_buffs inside AF_RXRPC, but the goal I have in mind is to use the crypto operation to replace the copy between sk_buff and buffer. This is tricky, however, as the encrypted payload contains metadata as well as data and on reception I have to read the metadata to find out how much data there actually is. David
