Skip to content
This repository has been archived by the owner on Jan 7, 2023. It is now read-only.

crazyguitar/ktls.py

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Playing with Kernel TLS in Python

Build Status

ktls.py provides serveral tests and scripts to play linux kernel TLS in cpython. The idea was inspired from PLAYING WITH KERNEL TLS IN LINUX 4.13 AND GO.

Prerequisite

  1. Linux kernel 4.13 or above (option CONFIG_TLS=y or CONFIG_TLS=m)
  2. openssl 1.0.x
  3. The ktls patch of cpython

Install

Manual install cpython with supproting KTLS

# install cpython
$ git clone -b v3.6.3-ktls-patch https://github.com/crazyguitar/cpython
$ cd cpython
$ ./configure --prefix=/usr --enable-optimizations
$ make -j 9 && sudo make altinstall

# if CONFIG_TLS=m, run the following commands to check that tls.ko has been inserted.
$ lsmod | grep tls
$ modprobe tls

# run the https server with supporting ktls
$ git clone https://github.com/crazyguitar/ktls.py.git
$ cd ktls.py
$ python3.6 https.py &
$ wget -qO- https://localhost:4433 --no-check-certificate

Using vagrant

$ vagrant init crazyguitar/xenial64 --box-version 20171205.0.0
$ vagrant up
$ vagrant ssh
vagrant@vagrant:~$ git clone https://github.com/crazyguitar/ktls.py.git
vagrant@vagrant:~$ cd ktls.py
vagrant@vagrant:~/ktls.py$ python3.6 https.py &
[2] 7866
vagrant@vagrant:~/ktls.py$ wget -qO- https://localhost:4433 --no-check-certificate 

Run the tests

# insert tls kernel module if tls is built as module
$ sudo modprobe tls

# checking tls kernel module has been inserted
$ $ lsmod | grep tls
tls                    20480  0

# run lint
$ make lint

# run tests
$ make test

# run all tests and lint
$ make

Reference

  1. KTLS: Linux Kernel Transport Layer Security
  2. brno university of technology linux vpn performance and optimization
  3. Improving High-Bandwidth TLS in the FreeBSD kernel
  4. Optimizing TLS for High-Bandwidth Applications in FreeBSD
  5. TLS in the kernel
  6. djwatson/ktls
  7. ktls/af_ktls-tool
  8. torvalds/linux
  9. Playing with kernel TLS in Linux 4.13 and Go

About

Playing with Linux Kernel TLS in Python

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published