git: 7ffc9b15ba9c - main - ktls: Update documentation for software backends.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: John Baldwin <jhb_at_FreeBSD.org>
Date: Tue, 14 Dec 2021 19:01:18 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=7ffc9b15ba9cd10d3bec232a3741f5fce0b93e7c

commit 7ffc9b15ba9cd10d3bec232a3741f5fce0b93e7c
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-14 19:01:05 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-12-14 19:01:05 +0000

    ktls: Update documentation for software backends.
    
    KTLS no longer supports multiple software backends.  Instead, it
    always uses OCF for software crypto.  In particular, the ktls_ocf.ko
    module no longer exists.  The OCF bits for KTLS are compiled into th
    kernel instead.
    
    Sponsored by:   Netflix
---
 share/man/man4/ktls.4 | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/share/man/man4/ktls.4 b/share/man/man4/ktls.4
index 876e9fa57ac0..efb5d7e3cc0a 100644
--- a/share/man/man4/ktls.4
+++ b/share/man/man4/ktls.4
@@ -31,7 +31,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 26, 2021
+.Dd December 14, 2021
 .Dt KTLS 4
 .Os
 .Sh NAME
@@ -77,10 +77,10 @@ The available modes are:
 is not enabled.
 .It Dv TCP_TLS_MODE_SW
 TLS records are encrypted or decrypted in the kernel in the socket
-layer.
-Typically the encryption or decryption is performed in software,
-but it may also be performed by co-processors via
+layer via
 .Xr crypto 9 .
+Typically the encryption or decryption is performed in software,
+but it may also be performed by co-processors.
 .It Dv TCP_TLS_MODE_IFNET
 TLS records are encrypted or decrypted by the network interface card (NIC).
 In this mode, the network stack does not work with encrypted data.
@@ -204,16 +204,7 @@ The
 .Va kern.ipc.mb_use_ext_pgs
 sysctl controls whether the kernel may use unmapped mbufs.
 They are required for TLS transmit.
-.Ss Backends
-The base system includes a software backend for the
-.Dv TCP_TLS_MODE_SW
-mode which uses
-.Xr crypto 9
-to encrypt and decrypt TLS records.
-This backend can be enabled by loading the
-.Pa ktls_ocf.ko
-kernel module.
-.Pp
+.Ss Supported Hardware
 The
 .Xr cxgbe 4
 and