Page MenuHomeFreeBSD

Add a manpage for kernel TLS.
ClosedPublic

Authored by jhb on Wed, Nov 18, 11:55 PM.

Details

Summary

This subsumes some of the content from tcp(4) describing the socket
options but also adds additional notes.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb requested review of this revision.Wed, Nov 18, 11:55 PM
jhb created this revision.
This revision is now accepted and ready to land.Thu, Nov 19, 8:41 AM

@jhb did you run the obligatory igor and mandoc -Tlint checks?

@gbe Hmm, igor was happy, but mandoc found a couple of nits. tcp.4 has many other existing mandoc complaints but I will let those be.

  • Fix a few nits reported by mandoc.
This revision now requires review to proceed.Thu, Nov 19, 7:07 PM
This revision is now accepted and ready to land.Tue, Nov 24, 10:51 AM
This revision was automatically updated to reflect the committed changes.

Thanks for doing this John. A couple of typo comments are inline.
Have you thought about how to configure this at boot time?
(I emailed you a little rc.d script. The nfs-over-tls daemons start
via rc.d scripts and need it configured.

What do you think?
(I can put it on phabricator if you'd prefer that?)

head/share/man/man4/ktls.4
81

spelling of "performed"

87

"is" doesn't seem to be needed and makes it difficult to read?

I am now thinking that the ktls script is not needed
and is just one more thing to maintain.
/boot/loader.conf for loading modules and /etc/sysctl.conf
for syscyls seems sufficient to me.

I'll leave it up to you.