2024-12-03, 19:51:29 -0800, Jakub Kicinski wrote:
On Thu, 14 Nov 2024 16:50:51 +0100 Sabrina Dubroca wrote:
+To prevent attempting to decrypt incoming records using the wrong key, +decryption will be paused when a KeyUpdate message is received by the +kernel, until the new key has been provided using the TLS_RX socket +option. Any read occurring after the KeyUpdate has been read and +before the new key is provided will fail with EKEYEXPIRED. Poll()'ing +the socket will also sleep until the new key is provided. There is no +pausing on the transmit side.
Thanks for the doc update, very useful. I'm not a socket expert so dunno if suppressing POLLIN is the right thing to do.
Not an expert either. I picked that because there's no data to be read, which is what POLLIN should mean.
man 2 poll: POLLIN There is data to read.
man 3 poll: POLLIN Data other than high-priority data may be read without blocking.
Based on this, reporting POLLIN seems wrong to me.
But a nit on the phrasing - I'd say "poll() will not report any events from the socket until.." ? Could be just me but sleep is a second order effect.
Agree, thanks for the suggestion. Maybe actually "will not report read events"? Other events are unaffected by a pending rekey.