2024-12-03, 19:51:29 -0800, Jakub Kicinski wrote:
> On Thu, 14 Nov 2024 16:50:51 +0100 Sabrina Dubroca wrote:
> > +To prevent attempting to decrypt incoming records using the wrong key,
> > +decryption will be paused when a KeyUpdate message is received by the
> > +kernel, until the new key has been provided using the TLS_RX socket
> > +option. Any read occurring after the KeyUpdate has been read and
> > +before the new key is provided will fail with EKEYEXPIRED. Poll()'ing
> > +the socket will also sleep until the new key is provided. There is no
> > +pausing on the transmit side.
>
> Thanks for the doc update, very useful. I'm not a socket expert so dunno
> if suppressing POLLIN is the right thing to do.
Not an expert either. I picked that because there's no data to be
read, which is what POLLIN should mean.
man 2 poll:
POLLIN There is data to read.
man 3 poll:
POLLIN Data other than high-priority data may be read
without blocking.
Based on this, reporting POLLIN seems wrong to me.
> But a nit on the
> phrasing - I'd say "poll() will not report any events from the socket
> until.." ? Could be just me but sleep is a second order effect.
Agree, thanks for the suggestion. Maybe actually "will not report read
events"? Other events are unaffected by a pending rekey.
--
Sabrina
