Re: git: 71e6792cbe81 - stable/13 - ktls: Add simple transmit tests of kernel TLS.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 24 Nov 2021 16:28:27 UTC
On 11/23/21 3:12 PM, John Baldwin wrote: > The branch stable/13 has been updated by jhb: > > URL: https://cgit.FreeBSD.org/src/commit/?id=71e6792cbe81f6fcbfdf545ea7c04b2ae3bfda50 > > commit 71e6792cbe81f6fcbfdf545ea7c04b2ae3bfda50 > Author: John Baldwin <jhb@FreeBSD.org> > AuthorDate: 2021-11-01 18:28:10 +0000 > Commit: John Baldwin <jhb@FreeBSD.org> > CommitDate: 2021-11-23 23:11:45 +0000 > > ktls: Add simple transmit tests of kernel TLS. > > Note that these tests test the kernel TLS functionality directly. > Rather than using OpenSSL to perform negotiation and generate keys, > these tests generate random keys send data over a pair of TCP sockets > manually decrypting the TLS records generated by the kernel. > > Reviewed by: markj > Sponsored by: Netflix > Differential Revision: https://reviews.freebsd.org/D32652 > > (cherry picked from commit a10482ea7476d68d1ab028145ae6d97cef747b49) I'm not quite sure what is needed to enable these tests in CI for 13 (assuming we are running CI in 13?) Mark created a review to set kern.ipc.tls.enable=1 in the sysctl settings which I suspect is used now on 13 as well as head? However, for 13 these tests need ktls_ocf.ko loaded (in head that module doesn't exist and is instead included as part of the base kernel). I'm not sure what the best strategy is here. Perhaps for 13 we should extend the requires_ktls hook to require the ktls_ocf module (do we have glue to autoload modules when run under CI?) -- John Baldwin