AM
To: freebsd-current@freebsd.org
Subject: Re: Getting started with ktls
On Fri, Mar 19, 2021 at 09:37:30PM +, Rick Macklem wrote:
>J. wrote:
>>on the (main/14) server, /etc/rpc.tlsservd was not already there; I had
>>to create it. Is this correct?
>>
>>version is
On Fri, Mar 19, 2021 at 09:37:30PM +, Rick Macklem wrote:
J. wrote:
on the (main/14) server, /etc/rpc.tlsservd was not already there; I had
to create it. Is this correct?
version is main-n245454
I'll admit I have no idea what n245454 means, but the daemons were
committed to main on Feb 18,
On 3/18/21 8:31 AM, tech-lists wrote:
On Wed, Mar 17, 2021 at 08:39:02PM +, Rick Macklem wrote:
Make sure you've done the following:
ktls_ocf - is loaded
these sysctls are set to 1
kern.ipc.tls.enable
kern.ipc.mb_use_ext_pgs
[on stable/13]
% sysctl kern.ipc.tls.enable kern.ipc.mb_use_ext
J. wrote:
>on the (main/14) server, /etc/rpc.tlsservd was not already there; I had
>to create it. Is this correct?
>
>version is main-n245454
I'll admit I have no idea what n245454 means, but the daemons were
committed to main on Feb 18, 2021.
Installing them from ports should be fine.
rick
--
J.
On Sun, Mar 14, 2021 at 11:07:23PM +, tech-lists wrote:
On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
If you want to try NFS-over-TLS, see this:
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
Please let us know if you try it, rick
Hi,
on the (main/14) serve
On Wed, Mar 17, 2021 at 08:39:02PM +, Rick Macklem wrote:
Make sure you've done the following:
ktls_ocf - is loaded
these sysctls are set to 1
kern.ipc.tls.enable
kern.ipc.mb_use_ext_pgs
[on stable/13]
% sysctl kern.ipc.tls.enable kern.ipc.mb_use_ext_pgs
kern.ipc.tls.enable: 1
kern.ipc.mb
J. wrote:
>On Tue, Mar 16, 2021 at 11:46:27PM +, Rick Macklem wrote:
>>Well, if you do "sysctl -a | fgrep kern.ipc.tls.stats" and it is working,
>>you should see the count for at least one of the "crypts" ticking up.
>>If they are all zero, it isn't working. That might depend on the apps
>>or s
On Tue, Mar 16, 2021 at 11:46:27PM +, Rick Macklem wrote:
Well, if you do "sysctl -a | fgrep kern.ipc.tls.stats" and it is working,
you should see the count for at least one of the "crypts" ticking up.
If they are all zero, it isn't working. That might depend on the apps
or setup and does no
On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
If you want to try NFS-over-TLS, see this:
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
Please let us know if you try it, rick
Hi,
I'm going to try this with 2x rpi4 machines, client on stable/13 and
server on main/
J. wrote:
>On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
>>Alan explains how to set it up, below.
>>However, I thought I'd note that maybe one person has tested KTLS
>>on arm64, so you should consider doing this for test purposes only.
>>If you do do some testing, please post with y
On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
Alan explains how to set it up, below.
However, I thought I'd note that maybe one person has tested KTLS
on arm64, so you should consider doing this for test purposes only.
If you do do some testing, please post with your results,
suc
On Sun, Mar 14, 2021 at 11:07:23PM +, tech-lists wrote:
On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
Alan explains how to set it up, below.
However, I thought I'd note that maybe one person has tested KTLS
on arm64, so you should consider doing this for test purposes only.
On Sun, Mar 14, 2021 at 08:55:18PM +, Rick Macklem wrote:
Alan explains how to set it up, below.
However, I thought I'd note that maybe one person has tested KTLS
on arm64, so you should consider doing this for test purposes only.
If you do do some testing, please post with your results,
suc
[stuff snipped]
> J. wrote:
>>
>> I'd like to have it (ktls) available on the ARM64
>> stable/13-n244876-0b45290603b. Is it just a matter of adding the option,
>> and then the sysctls become available? Is it "better" with openssl[-devel]
>> in ports or openssl in base?
>>
>> thanks,
>> --
>> J.\
Al
On Sun, Mar 14, 2021 at 09:54:33AM -0600, Alan Somers wrote:
> On Sun, Mar 14, 2021 at 8:57 AM tech-lists wrote:
>
> > I'd like to have it (ktls) available on the ARM64
> > stable/13-n244876-0b45290603b. Is it just a matter of adding the option,
> > and then the sysctls become available? Is it "b
On Sun, Mar 14, 2021 at 8:57 AM tech-lists wrote:
> On Thu, Mar 11, 2021 at 03:42:55PM +, Rick Macklem wrote:
> >I'm going to cheat and top post (the discussion looks
> >pretty convoluted).
> >
> >- The kernel must be built with "options KERN_TLS"
> >- OpenSSL must be built with KTLS enabled
On Thu, Mar 11, 2021 at 03:42:55PM +, Rick Macklem wrote:
I'm going to cheat and top post (the discussion looks
pretty convoluted).
- The kernel must be built with "options KERN_TLS"
- OpenSSL must be built with KTLS enabled
- These two sysctls need to be set to 1
kern.ipc.tls.enable
ker
On Thu, Mar 11, 2021 at 11:49 AM John Baldwin wrote:
> On 3/10/21 4:18 PM, Alan Somers wrote:
> > I'm trying to make ktls work with "zfs send/recv" to substantially reduce
> > the CPU utilization of applications like zrepl. But I have a few
> questions:
> >
> > * ktls(4)'s "Transmit" section say
On 3/10/21 4:18 PM, Alan Somers wrote:
I'm trying to make ktls work with "zfs send/recv" to substantially reduce
the CPU utilization of applications like zrepl. But I have a few questions:
* ktls(4)'s "Transmit" section says "Once TLS transmit is enabled by a
successful set of the TCP_TXTLS_ENA
x27;t remember what I called it.
rick
From: owner-freebsd-curr...@freebsd.org on
behalf of Alan Somers
Sent: Wednesday, March 10, 2021 10:55 PM
To: Benjamin Kaduk
Cc: FreeBSD CURRENT
Subject: Re: Getting started with ktls
CAUTION: This email originated from outside of the Univer
On Wed, Mar 10, 2021 at 8:15 PM Benjamin Kaduk wrote:
> On Wed, Mar 10, 2021 at 06:17:42PM -0700, Alan Somers wrote:
> > On Wed, Mar 10, 2021 at 5:31 PM Benjamin Kaduk wrote:
> >
> > > On Wed, Mar 10, 2021 at 05:18:24PM -0700, Alan Somers wrote:
> > > > I'm trying to make ktls work with "zfs sen
On Wed, Mar 10, 2021 at 06:17:42PM -0700, Alan Somers wrote:
> On Wed, Mar 10, 2021 at 5:31 PM Benjamin Kaduk wrote:
>
> > On Wed, Mar 10, 2021 at 05:18:24PM -0700, Alan Somers wrote:
> > > I'm trying to make ktls work with "zfs send/recv" to substantially reduce
> > > the CPU utilization of appl
On Wed, Mar 10, 2021 at 5:31 PM Benjamin Kaduk wrote:
> On Wed, Mar 10, 2021 at 05:18:24PM -0700, Alan Somers wrote:
> > I'm trying to make ktls work with "zfs send/recv" to substantially reduce
> > the CPU utilization of applications like zrepl. But I have a few
> questions:
> >
> > * ktls(4)'s
On Wed, Mar 10, 2021 at 05:18:24PM -0700, Alan Somers wrote:
> I'm trying to make ktls work with "zfs send/recv" to substantially reduce
> the CPU utilization of applications like zrepl. But I have a few questions:
>
> * ktls(4)'s "Transmit" section says "Once TLS transmit is enabled by a
> succe
I'm trying to make ktls work with "zfs send/recv" to substantially reduce
the CPU utilization of applications like zrepl. But I have a few questions:
* ktls(4)'s "Transmit" section says "Once TLS transmit is enabled by a
successful set of the TCP_TXTLS_ENABLE socket option", but the "Supported
Li
25 matches
Mail list logo
