Trying to play with in kernel TLS on kernel 5.3 version (Fedora 30 and 31) but stuck even on enabling ULP:
// tls.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/tls.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
int main() {
int sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == -1) {
perror("socket creation");
exit (EXIT_FAILURE);
}
if (setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) == -1 ) {
perror("tls init");
exit (EXIT_FAILURE);
}
close (sock);
return EXIT_SUCCESS;
}
[user@localhost ~]$ cat /proc/sys/net/ipv4/tcp_available_ulp
tls
[user@localhost ~]$ gcc tls.c -O0 -g
[user@localhost ~]$ lsmod | grep tls
[user@localhost ~]$ ./a.out
tls init: No such file or directory
[user@localhost ~]$ lsmod | grep tls
[user@localhost ~]$ sudo ./a.out
tls init: Unknown error 524
[user@localhost ~]$ lsmod | grep tls
tls 57344 0
[user@localhost ~]$ ./a.out
tls init: Unknown error 524
[user@localhost ~]$
I don't know where I am wrong. It looks so simple in kernel network docs:
User interface
Creating a TLS connection
First create a new TCP socket and set the TLS ULP.
sock = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));
Setting the TLS ULP allows us to set/get TLS socket options.
I don't understand how I can enable in kernel TLS and what I'am doing wrong.