From owner-freebsd-current@freebsd.org Sun Mar 14 23:07:29 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5EFA95B5B67 for ; Sun, 14 Mar 2021 23:07:29 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DzFZ83vfxz4t7T for ; Sun, 14 Mar 2021 23:07:28 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 9CBE92898 for ; Sun, 14 Mar 2021 19:07:26 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 14 Mar 2021 19:07:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=bWt2buRUdOokQNZTderKutKd3QS q487pf7Ve/6g4NWI=; b=LWRPbN4Cr1J6zA3ET4H2whRDhH9GpiI7eeCXNtBBRCI thaKKEMOgZ6JaGWnr5PfeFcNm6WIc/5RiACypFCKxUmag7H3FN5v2siNxaVZKZSl iABRYzHUSaVv1Ei2PahVCRrDRbictoqoKzxzaLBsHTKaoKWb6i3e5vdB0vi0YbuM xpwjXwajLvZOoAdBA1OwGjZ33mTd95x5fXgF93NUqe77qgfNHb2wvEUvDJcdxScH RuvtagMyYf/pOR6oMrddD9m2rEGEACuB9TI15bblhybsdqDndWK4VruB+GJ8eKYy XJlVre/UiEmUBp3hbJzc0jv/xp4gH9ziKQkMrmIGxyQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bWt2bu RUdOokQNZTderKutKd3QSq487pf7Ve/6g4NWI=; b=mu2oRcFWiMvNzpNt2yvLum OBraiiOGpRShiBGCh8SKdrVCF1r9ZyplQ3Ed6A7O+fG4Rp2vCzqoIzLLb18tbuwB hf0rkeOo9FrUtOeul1tyciTvjpliqs/osRL6ykADTIM8GVCcGikUoo5YkjgJpvec qdpoGz4kdcYOQOJrKh58sbWTOW0JxEHzclSR1QvQSWSFYnWfSgnX+0FUIIfvOqUH UCNs8oIFqnc6IUssy3y1NnAO9TyLkcPuyWsbqTN3kbb4D/oDFlJ+4YaRepp2w1fl t/AgBvTqjlf8Q6KU3GacMJaEZLOiQb2JLhKDNPooS5jKEA0PbqCchIu+Eefo0j6Q == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledruddvkedgtdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesghdtre ertddtvdenucfhrhhomhepthgvtghhqdhlihhsthhsuceothgvtghhqdhlihhsthhsseii hiigshhtrdhnvghtqeenucggtffrrghtthgvrhhnpeettddtudeugfeggefhkeekteekje elfeffleehjeffgffftdeffedtjeegueeiffenucffohhmrghinhepfhhrvggvsghsugdr ohhrghenucfkphepkedvrdejtddrledurddutddtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepthgvtghhqdhlihhsthhsseiihiigshhtrdhn vght X-ME-Proxy: Received: from ceres.zyxst.net (ceres.zyxst.net [82.70.91.100]) by mail.messagingengine.com (Postfix) with ESMTPA id D0514108005F for ; Sun, 14 Mar 2021 19:07:25 -0400 (EDT) Date: Sun, 14 Mar 2021 23:07:23 +0000 From: tech-lists To: freebsd-current@freebsd.org Subject: Re: Getting started with ktls Message-ID: Mail-Followup-To: freebsd-current@freebsd.org References: <20210311003136.GM56617@kduck.mit.edu> <20210311031501.GP56617@kduck.mit.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Pk6y6TuZd9lE1HDi" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4DzFZ83vfxz4t7T X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zyxst.net header.s=fm2 header.b=LWRPbN4C; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=mu2oRcFW; dmarc=none; spf=pass (mx1.freebsd.org: domain of tech-lists@zyxst.net designates 64.147.123.20 as permitted sender) smtp.mailfrom=tech-lists@zyxst.net X-Spamd-Result: default: False [-5.70 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[64.147.123.20:from]; R_DKIM_ALLOW(-0.20)[zyxst.net:s=fm2,messagingengine.com:s=fm2]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.20]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[zyxst.net]; DKIM_TRACE(0.00)[zyxst.net:+,messagingengine.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; MAILMAN_DEST(0.00)[freebsd-current]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.20:from] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2021 23:07:29 -0000 --Pk6y6TuZd9lE1HDi Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 14, 2021 at 08:55:18PM +0000, Rick Macklem wrote: >Alan explains how to set it up, below. >However, I thought I'd note that maybe one person has tested KTLS >on arm64, so you should consider doing this for test purposes only. >If you do do some testing, please post with your results, >success or failure. will do. The end-point I want is to have the arm64 machine accessible externally for wireguard-based vpn.=20 >Doing it this way means that everything linked to OpenSSL will use >it. Probably a better testsituation, but expect at least the apache >server to break. (Most breakage was fixed by a recent patch to the >serf library, but I think the apache server is still broken. I have latest serf installed with nginx. The machine, a rpi4/8GB, builds its ports with poudriere. I have WITH_OPENSSL_KTLS=3D set in /etc/src.conf and it's building a new world now. >If you want to try NFS-over-TLS, see this: >https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt >Please let us know if you try it, rick yep, I'll try that too and post results here. thanks :D --=20 J. --Pk6y6TuZd9lE1HDi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmBOlyIACgkQs8o7QhFz NAVZlw//dOMU+9Gu/N9aK7EeF9JZfHeMEKfygCmQdSsE4+YXNyzyNhIusX/E2Qig oja4H12ZhXotP76FTxl2avtYX58A3m0/VDLzVKu5WPGst58AdGfUPMU0shkuAK9+ XBeR3RgU+W5ySURiwlfv73QDEDRcSsHK1yzn97MGnhebq06+PTwAf5+LYdp+fzVQ WN39rCvOQjzAAPrvWqcroCQuPapjhbP6JY27dlIRr1jrafqY8oNlcuERfSJcahhg B0dTe1hQVs9pGWWg3loGhjLMNXT6GyWmwA8m7cO43Pa1XPCsBJ7MmfUIxR8VMqIG YQQdc6sLcURYtoYnKUaUn3CBeWsrAf9H7kpRUni/DWG+8Y8n6E5H9MMjSijIUnxx VDlj6G17DLa+nuZ0Fp9wZdqh1Xcq3wm6vJh8Nd62fnTBLfWWRIUUhxKIuQeczsvG VuniDNz48A8TxWejcKhxV3ebuEieGnwUDIWXDeuPqn//Ky2kz8sJqjsvLM+rhd4i IxXubZdOhWJ8/8iCynb8iaZ3NvN3YcUEtynfC93QM/KC+G7Sn9rYK7UiGd1EIAiO hvGa5nsF7dy6Nv6noXA1SkcQqzeAhwYFCAHrk8g+4WslUyvoSJH6T/Vmo3lA+hYR 4j6SDljjbI2QRzUBF2m44nHexY6m4rGLL89b+rQHH8A/kSP2XZk= =Mjjw -----END PGP SIGNATURE----- --Pk6y6TuZd9lE1HDi--