Subject: Re: vnd, VOP_ and encrypted fs.
To: Jorgen Lundman <lundman@lundman.net>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-kern
Date: 10/29/2001 19:46:11
Date: Mon, 29 Oct 2001 11:28:06 +0000
From: Jorgen Lundman <lundman@lundman.net>
Message-ID: <3BDD3D46.BD7B4A91@lundman.net>
| The basic idea of what I want to do is to create a simple crypted
| filesystem, by passing all block to be written to encode first, and
| passing all blocks read to decode.
The thing you most need to be aware of, is that you're not allowed to
(permanently) modify the data in the buffers - when you're done, the
data has to be the same as it was when you started (because the data is
in the buffer cache still, and will be used again, without your driver
getting a look in).
| Onset: After reading the vnd sources it initially looked like it would
| be a piece of cake, all reads and writes appeared to come from vndread()
| and vndwrite().
Those are character (raw) i/o interfaces only - used when something
reads/writes /dev/rvndNx - they'll never be touched by norml filesystem
accesses. They just use the strategy routine anyway, so modifying that
is the right way.
| But I am unsure as to how I know a packet is to be READ off disk, and
| which are to be WRITTEN to disk?
Flags & B_READ is the right way to test that.
| So I currently only
| encode and decode buffers with a blkno > 0x270 to skip the disklabel,
Once you get things working properly, that hack should no longer be needed.
That it is at all, is just a symptom of other stuff not working.
| Partial Success: In desperation (and wondering what would happen) I
| changed the decode if to be just if (1) and I had alot more success.
That's because when you write, you mangle the data ("encrypt" it), then
when that's done, you need to put it back as it was again, and the "if (1)"
is causing that to happen. Just as it does if you actually fetched a
block from the underlying "device".
| I can't see the filename in the raw file? Should I?
Yes, but it might not be very obvious. You'll probably need to sync
to cause it to actually get written (or umount the vnd device).
In any case, just beware of the buffer cache, that's most likely the
biggest hurdle to overcome.
kre