From owner-freebsd-current@freebsd.org Mon Jan 25 19:47:02 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 026CF4EF0E1 for ; Mon, 25 Jan 2021 19:47:02 +0000 (UTC) (envelope-from bergerkos@yahoo.co.uk) Received: from sonic309-25.consmr.mail.ir2.yahoo.com (sonic309-25.consmr.mail.ir2.yahoo.com [77.238.179.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DPgP01ZfFz3DKy for ; Mon, 25 Jan 2021 19:46:59 +0000 (UTC) (envelope-from bergerkos@yahoo.co.uk) X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1611604017; bh=iOG34wuoS8ZvA7vVrvpMXqqG+BIGF5fQIw4Gr0p89s0=; h=Date:From:To:Subject:From:Subject:Reply-To; b=JcUnNgq7vXv4cBb0n1coOEmVhsRu/v1oC1I0lidXs6REd+PZMaohjF+plArVL6QtEtMUaALXGxmFGQx8yrpcPYuM55ea/CGjW2tJpKxT9hEqLHVYWEt4cdR8NtqEwkEfsjnY+6Qnn05DPNTsqzfsTvGiDKOFYiLDujqduvCO757Gz8D477xsgfTLxcZnp7rnVGmlN3elehCvq1NosSMzwNlqT7pSbROosRpvKEku5uK+jsBIV8q++QBJdn5sTrzTG0vSHhZdduV2k4xxFX0pRjVIeAFr1Xt7PX3FTelkePNDqyB0IrTy0bPrlCCtxFo4uBd2OCD1NbfbTyD0KXa0+A== X-YMail-OSG: gIKhbeEVM1l49IQqGTUa59qG742N48MzEaqqc4X1F2xv68pcyRTbeNdndDhEyNR vD20tuXOeZOGgiqGo6dvVJs6Be5c6yHKc.4KQdaCTwBpzD1jKubzWIlHUQEBkScqAaPxupSzP6PX nTlE2iWB6x_IQ7Nq68WSZKInV6PjaYCY9I7aoAlKD24aczsDU2UoECiBhRyLL6d4bY0dJ3ndKo2T ucqKTn8rAjp3OTtKtknXq5wxV.SfsxE8oUF9PJLQcwsR9wpzu9R6YHEIioIwZTMzWlNoXRqC2IhK n0q53fSJJqqBdeiNuD2.E7ZrsNLI2t1gJ.8ZwinOregS36O75OBEgz2PfqTFR6AEBFIS.2ZhBvKE VZKsQEpLvNtENfvULcrmr84I2YrQfO1kDyrgyTbzpAALdzhxojIzifB6X7GLFuKk9IEhAFAX6Unv u7ICJsvIkhSl0_i4jTuYR6g6rvE4YoCoxc6GAGKOiEXvktV9wCN0tB7HQVTzJs9IcpX9V.zb94hY DEgOeXNMgQNKSRgWNCWAVr4ZJrS4V.BlmyH94F6pjQNErqf.pBjvdFL5IlSlAq4B.kG1q_fcZDOl Saz2ojtFbsokfwlMOFKcPHSLCLyMvYUWc82au94DkZxc8VGm7rajqsP4tAPDZ368cdFyWwsR8JNB QKczJGIkxwfD7CMyfOFfKyxsYpbAuB9EI9BN5T0lkqaPDRstbn8Zp1mktpOPPf02yP2oCLBbOlxj Z751J.gt8h9mOqnZQXAwQibwikNOyjkJ4KxNC9ckDJgXxwig1toGkPxSN67VjDIcocZUIMCNGUtS 5jV2ILrUoVWmN4JYO_qc1XtwNgGZAkrNRpx7Oz0.H2lm.HNPAd1WnJvgJLgjYV6jm73hszPeg__f bEHph9WHLcv7h0jNpPtIKJuKed9ULmX9.4DyziAPo1H0GrqNphz9WCvV.2PDWMQJvwedQpE4bgTY 21Pq5jXQRO6yGk7FPsJiORPW_HNo3dEC0yBL058Jgybaaufquz9dFTYT89dTXF.ttdvC7RcJ9MGn pVEsElB1ln1DXTVBfu4nvayeGFW0pMP_2aNR0esZJgIuXUGnWbbFdJSPsGv4poe29OC1XIYVgkHj bohW4wGRyZdSlL4p.g9IBAU89H0kO5R5UE2N.LgkluUizfwNEQVLF94B5fCtP3nK0d35vEMMR8kh rxavkRGQdr1M5ZAFSkl.Hgj3FJa6quvnQNJIWZWSpHAkUrlWtwU5wmo9ZOB.R9rwcwXPHRKvvkZN GTBZNYc3vuOSB8bd8RWR1TLIcOescnsdvqTgzHBtFtP2AhVGI602P_zed6BBBRmlqZDfrlezCxWi H0BTek.OtLatVERHalkBaNp48VnAgMe1zFxbkPrmA.ReJNWItjHakdlW1e8okkCBl0dEJmSM92dt fLoSJhzcY4NtolMoqRLrCXO37RuHqUqACBeb.2VViEmZFJq7MKkEZ6vnxjf9.a2LqlhLDYiWdJFQ 1qUepWkxI.LMi6tVjcf9FES1UHPYw7eO4GUmnNRm3X_ximOwGtpONc40OulGUszvQ5tz4zGTRy9P 9JvfeoKtHo1YMx79kFQkZSx3UMgj92zux67tjpMWfR1zCUddrEqwvEB9lOH_AixgB8JXcJFt284p 8neC9598eKB2pfOPtwK.OSucW3rejr9sgwNKlFg7kr5k8fKNVqnXxFSzMLHw_HyAlQM86ZEeR0Do hYT5Sg1QtB3Af5jKtuv4BtShe04QrBKEQV2DPpFNQsQiQU..0dm5AkV1ZRzYuA30lMKLfqQu3x4c KpcfWjavB.NXTwMRyFo2Y9qkV6kZ.6Ju8fgrN.CwxKPjP1BOmMPF6m6Ke3HxdmtyDTWhHFla4OH1 0b4.0t66jAcbL7h7_HDMmbkjw9wD4Z13D5x1nr1aZwCO8pD9xfq3FGvBHLWfUypEr5rAz5I4dbtF xOjI2hcJ4LOzhOwh2RIsHXPyKvmqUYjbF_A96.m4kaxiwN2OHF31Flp3GSwG5bZrM__JrxDBiT3r lRLrXjSDUFQT0NKfLr81R84v9VkID.lz.OM8xNeAXGd0POwtQkbVb7EDLYpeG_dVouyeDPXjVW2q QJAMEOTcm6BQmQSzC7I3pKvxy5aKjqaoyoJpXxOoTpfHi.dKMuWEoggUMHLDxBnfb8NdmP49Dpiv qhfAJow8QesO58MHXcypWMWoLBe4vtE6.XSKDcOvySzupkttLvhzfcYYCo_kQ2k07OvPiM7kiBwn jYJJa0uZ83pskKNHBnL9apzL0AJXe_8YkmL9gCqd0FbAyyjnx0vYmlRofUh6fomwcadp5AgkM1Jw .h4sI4858Gp6O5JYwWk.hWV2Mfq5OyRAAidGFs.IHuWSSa5.dATfwLGxjbQhaYTiiJVztW09I5wj 2wSeB7E71upLcIqVTVp8hnFEXI_C8d_NC7er7vULe5prsG.FcxRjZQFraWF6nxEjv4.vjllTCMQ- - Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.ir2.yahoo.com with HTTP; Mon, 25 Jan 2021 19:46:57 +0000 Date: Mon, 25 Jan 2021 19:46:54 +0000 (UTC) From: Kostya Berger To: FreeBSD Current Message-ID: <985070144.9595325.1611604014395@mail.yahoo.com> In-Reply-To: <1384574721.390368.1611500021710@mail.yahoo.com> References: <992972141.8836030.1611441657314.ref@mail.yahoo.com> <992972141.8836030.1611441657314@mail.yahoo.com> <1384574721.390368.1611500021710@mail.yahoo.com> Subject: Re: 13-alpha2 libncurses removal breaks ports build MIME-Version: 1.0 X-Mailer: WebService/1.1.17501 YMailNorrin Mozilla/5.0 (X11; FreeBSD amd64; rv:85.0) Gecko/20100101 Firefox/85.0 X-Rspamd-Queue-Id: 4DPgP01ZfFz3DKy X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[77.238.179.83:from]; R_DKIM_ALLOW(-0.20)[yahoo.co.uk:s=s2048]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[yahoo.co.uk]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[77.238.179.83:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yahoo.co.uk:+]; DMARC_POLICY_ALLOW(-0.50)[yahoo.co.uk,reject]; RCVD_IN_DNSWL_NONE(0.00)[77.238.179.83:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[yahoo.co.uk]; ASN(0.00)[asn:34010, ipnet:77.238.176.0/22, country:GB]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-current]; RWL_MAILSPIKE_POSSIBLE(0.00)[77.238.179.83:from] Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jan 2021 19:47:02 -0000 Builds OK from inside clean install. Which is all I needed this far. Thank = you. With kindest regards, Kostya Berger =20 =20 On Sunday, 24 January 2021, 17:53:41 GMT+3, Kostya Berger wrote: =20 =20 OK, building ports against a clean installation of 13.0-ALPHA2 has no prob= lem with ncurses.=20 But devel/glib20 fails for no obvious reason closer to the end of building = process... I just wonder: do I need to report this to port maintainers or w= ait till it settles up=C2=A0 somehow? A good deal of ports depend=C2=A0 on = it. With kindest regards, Kostya Berger =20 =20 On Sunday, 24 January 2021, 01:40:57 GMT+3, Kostya Berger wrote: =20 =20 Hi everyone,I don't seem to find any mentioning in the /usr/ports/UPDATING= about how one should handle the removal of libncurses.so.9 from base.=20 Source UPDATING only says:ncurses installation has been modified to only ke= ep the widechar =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 enabled version.=C2=A0 Increment= al build is broken for that change, so it =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 requires a clean build. If that means to just build all ports anew, then it doesn't work as ports d= on't seem to incorporate any change related to this one. It would seem defa= ult configuration should take into account this, but it doesn't. The ports just use --with-libncurses-prefix=3D/usr, and there is no ncurses= libs found there. This make it skip MOST of the ports I'm using. Working Copy Root Path: /usr/ports URL: https://svn.freebsd.org/ports/head Relative URL: ^/head Repository Root: https://svn.freebsd.org/ports Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5 Revision: 562417 Node Kind: directory Schedule: normal Last Changed Author: 0mp Last Changed Rev: 562417 Last Changed Date: 2021-01-23 23:01:38 +0300 (Sat, 23 Jan 2021) With kindest regards, Kostya Berger =20 =20 From owner-freebsd-current@freebsd.org Mon Jan 25 19:55:23 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DA1C94EF559 for ; Mon, 25 Jan 2021 19:55:23 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DPgZg5ykwz3DpB; Mon, 25 Jan 2021 19:55:23 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro.local (unknown [IPv6:2601:648:8681:1cb0:5c12:2e91:6a1e:30bf]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 78F8617BC; Mon, 25 Jan 2021 19:55:23 +0000 (UTC) (envelope-from jhb@FreeBSD.org) To: Neel Chauhan , freebsd-current@freebsd.org References: From: John Baldwin Subject: Re: Can In-Kernel TLS (kTLS) work with any OpenSSL Application? Message-ID: <77a3f82a-5235-f702-41d5-c1edafbab6c3@FreeBSD.org> Date: Mon, 25 Jan 2021 11:55:22 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jan 2021 19:55:23 -0000 On 1/20/21 12:21 PM, Neel Chauhan wrote: > Hi freebsd-current@, > > I know that In-Kernel TLS was merged into the FreeBSD HEAD tree a while > back. > > With 13.0-RELEASE around the corner, I'm thinking about upgrading my > home server, well if I can accelerate any SSL application. > > I'm asking because I have a home server on a symmetrical Gigabit > connection (Google Fiber/Webpass), and that server runs a Tor relay. If > you're interested in how Tor works, the EFF has a writeup: > https://www.eff.org/pages/what-tor-relay > > But the main point for you all is: more-or-less Tor relays deal with > 1000s TLS connections going into and out of the server. > > Would In-Kernel TLS help with an application like Tor (or even load > balancers/TLS termination), or is it more for things like web servers > sending static files via sendfile() (e.g. CDN used by Netflix). It depends. Applications with allow OpenSSL to use a socket directly (e.g. via SSL_set_fd() or via SSL_connect() or the like) will work with kernel TLS transparently. This includes things like apache, nginx, fetch, wget, curl, etc. However, some applications use OpenSSL purely as a data transformation library and manage the socket I/O separately (e.g. OpenVPN). KTLS will not work with these applications since OpenSSL doesn't "know" about the socket in question. > My server could also work with Intel's QuickAssist (since it has an > Intel Xeon "Scalable" CPU). Would QuickAssist SSL be more helpful here? You can use this with ktls_ocf.ko and the qat(4) drivers. I am working, btw, on merging KTLS into base OpenSSL and hope to have it present in 13.0. As you noted, applications would need to be changed to use SSL_sendfile() to get the best performance on TX. We don't really have an analog on the receive side in our syscall API. One might be able to do some creative things with aio_read(4) perhaps, but I haven't implemented that. Also, currently RX offload always returns individual records with the full TLS header via recvmsg(). Linux's RX offload only includes the message for non-application-data messages so that one could in theory do bulk read(2) calls larger than a single TLS record. OpenSSL itself though always reads a single TLS record at a time, so if I were to change this (e.g. with a new socket option to toggle headers for application data), this would only be relevant to software that "knew" it was using KTLS and would use direct read/write after letting OpenSSL (or a similar library) handle the handshake. -- John Baldwin