| Solaris |
|
|
KSSL configuration
Configuration of KSSL instance
ksslcfg(1M) is used to configure kssl proxy. while ksslcfg is mainly a SMF wrapper
(it creates new instance of kssl service) /usr/lib/kssladm is used for sending
commands to kssl module in kernel and receiving answers. This is done via
cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.c:kssl~_send~_command() which is called
e.g. from src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm~_create.c:do_create()
when new instance of kssl proxy is created.
The communication with kssl kernel module is done via /dev/kssl and ioctl().
When new instance of kssl proxy is created an entry is added to table
kssl~_entry~_tab. This array is defined as global variable in
src/uts/common/inet/kssl/ksslioctl.c. The kernel counterpart for the ioctl()
interface is in src/uts/common/inet/kssl/ksslioctl.c. So when creating new
instance via ksslcfg create it goes like this:
kssladm create
kssl~_send~_command()
ioctl() // /dev/kssl
(kernel)
src/uts/common/inet/kssl/kssl.c:kssl~_ioctl()
src/uts/common/inet/kssl/ksslioctl.c:kssl~_add~_entry()
create~_kssl~_entry()
kssl kernel module extracts all data provided by userland (certificate,
private key, etc.) via src/uts/common/inet/kssl/ksslioctl.c:extract_certificate(),
extract_private_key etc. and grows the kssl_entry_tab table in kssl~_add~_entry()
if needed. (yes, the table has static size)
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.