| ▲ | koolba 6 hours ago | |
So it reads the packets and replaces the byte sequences at the kernel level? How does that work across packet boundaries? | ||
| ▲ | neo2006 6 hours ago | parent [-] | |
Secrets are detected before encryption in the user buffer but rewrites happen post encryption in the kernel buffer to be sent on the wire. packets boundaries are not an issue because detection happen at the SSL write where we have the full secret in the buffer and its position so we can know at rewrite time that the secret is cross 2 packets and rewrite it in 2 separate operations. We also have to update the TLS session hash at the end to not corrupt the TLS frame. | ||