TLS sandboxing
Nils Goroll
slink at schokola.de
Wed Sep 4 06:50:04 UTC 2019
That is an interesting exercise, thank you, Dridi.
For TLS on TCP, I would hope that passing the session key and file descriptor
would work. Have you checked already to which extend this is supported by
existing library code?
Yet with the H3/QUIC madness on the horizon, I am not sure if connect()ing the
SOCK_DGRAM and passing the fd would work. The way I read the QUIC draft,
connections are primarily identified by their ID and migrations need to be
supported. I have made no coding attempt on my own, but my impression was that
the natural implementation the authors had in mind was a recvfrom(2) loop
matching packets based on their connection ID with spoof detection.
So, Dridi, have you had a closer look yet if/how your idea could work with QUIC?
Somehow related: How about having the process owning the private keys also
handle all receives into multiple ringbuffers, somehow similar to vsm, but with
overrun protection?
Nils
More information about the varnish-dev
mailing list