From 26e0163cb890ab688943fa8134b523bd6b6eae04 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 27 Jun 2022 10:41:04 +0100
Subject: [PATCH] server: Display kTLS setting in debug output

When using -D nbdkit.tls.session=1 display the kTLS
(kernel-accelerated TLS) setting in the debug output.

Thanks: Daiki Ueno
(cherry picked from commit fd626688845324a4b3c387fa901d96e5d20ea634)
---
 configure.ac    |  1 +
 server/crypto.c | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/configure.ac b/configure.ac
index d958ff2c..6b446a03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -636,6 +636,7 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[
         gnutls_group_get_name \
         gnutls_session_set_verify_cert \
         gnutls_srp_server_get_username \
+        gnutls_transport_is_ktls_enabled \
     ])
     LIBS="$old_LIBS"
 ])
diff --git a/server/crypto.c b/server/crypto.c
index df64e784..51a83b4d 100644
--- a/server/crypto.c
+++ b/server/crypto.c
@@ -53,6 +53,7 @@
 #ifdef HAVE_GNUTLS
 
 #include <gnutls/gnutls.h>
+#include <gnutls/socket.h>
 #include <gnutls/x509.h>
 
 static int crypto_auth;
@@ -531,6 +532,9 @@ debug_session (gnutls_session_t session)
   bool dhe = false, ecdh = false;
   int grp;
   const char *desc, *username, *hint;
+#ifdef HAVE_GNUTLS_TRANSPORT_IS_KTLS_ENABLED
+  gnutls_transport_ktls_enable_flags_t ktls_enabled;
+#endif
 
   if (nbdkit_debug_tls_session <= 0)
     return;
@@ -538,6 +542,24 @@ debug_session (gnutls_session_t session)
   desc = gnutls_session_get_desc (session);
   if (desc) nbdkit_debug ("TLS session: %s", desc);
 
+#ifdef HAVE_GNUTLS_TRANSPORT_IS_KTLS_ENABLED
+  ktls_enabled = gnutls_transport_is_ktls_enabled (session);
+  switch (ktls_enabled) {
+  case GNUTLS_KTLS_RECV:
+    nbdkit_debug ("TLS: kTLS enabled for receive only"); break;
+  case GNUTLS_KTLS_SEND:
+    nbdkit_debug ("TLS: kTLS enabled for send only"); break;
+  case GNUTLS_KTLS_DUPLEX:
+    nbdkit_debug ("TLS: kTLS enabled full duplex"); break;
+  default:
+    if ((int) ktls_enabled == 0)
+      nbdkit_debug ("TLS: kTLS disabled");
+    else
+      nbdkit_debug ("TLS: kTLS enabled unknown setting: %d",
+                    (int) ktls_enabled);
+  }
+#endif
+
   kx = gnutls_kx_get (session);
   cred = gnutls_auth_get_type (session);
   switch (cred) {
-- 
2.31.1