| #
8e5f80da |
| 01-Feb-2025 |
Gleb Smirnoff <glebius@FreeBSD.org> |
rpc.tlsservd: provide parallelism with help of pthread(3)
At normal NFS server runtime there is not much RPC traffic from kernel to
rpc.tlsservd. But as Rick rmacklem@ explained, the notion of mult
rpc.tlsservd: provide parallelism with help of pthread(3)
At normal NFS server runtime there is not much RPC traffic from kernel to
rpc.tlsservd. But as Rick rmacklem@ explained, the notion of multiple
workers exists to handle a situation when a server reboots and it has
several hundred or thousands of TLS/TCP connections from clients. Once it
comes back up, all the clients make TCP connections and do TLS handshakes.
So cleanup the remnants of the workers, that left after the conversion of
RPC over netlink(4) transport and restore desired parallelism with help of
pthread(3).
We are processing the TLS handshakes in separate threads, one per
handshake. Number of concurrent threads is capped by hw.ncpu / 2, but this
can be overriden with -N.
Differential Revision: https://reviews.freebsd.org/D48570
show more ...
|
|
Revision tags: release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
fa9896e0 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0 |
|
| #
e4712593 |
| 15-Nov-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsservd.8: Update man page for new -N/--numdaemons option
Commit 1e588a9ceb36 added a new command line option -N/numdaemons
that specifies how many daemons to run. This allows a server
to be co
rpc.tlsservd.8: Update man page for new -N/--numdaemons option
Commit 1e588a9ceb36 added a new command line option -N/numdaemons
that specifies how many daemons to run. This allows a server
to be configured with more than one rpc.tlsservd daemon, which
may be necessary to handle a reboot for an NFS server with
many NFS-over-TLS client mounts.
This patch updates the man page for this commit.
This is a content change.
Reviewed by: karels, pauamma (man pages)
Differential Revision: https://reviews.freebsd.org/D37382
show more ...
|
| #
423387be |
| 24-Sep-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsservd.8: Fix the RFC number now that it exists
The RFC for this finally got published and, therefore,
now has a number. This patch puts this RFC number
in the man page.
This is a content ch
rpc.tlsservd.8: Fix the RFC number now that it exists
The RFC for this finally got published and, therefore,
now has a number. This patch puts this RFC number
in the man page.
This is a content change.
MFC after: 1 week
show more ...
|
| #
e2c72fec |
| 22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsservd: Add the -2 option to the man page
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBS
rpc.tlsservd: Add the -2 option to the man page
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBSD 13,0, 13,1 uses TLS1.2 for
NFS-over-TLS, the "-2" option is added to both daemons
for compatibility with FreeBSD 13.0, 13.1.
This patch updates the man pages for this.
This is a content change.
Reviewed by: pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35290
show more ...
|
| #
d94358e2 |
| 22-May-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
rpc.tlsservd: Update the man page for the -C option
Commit 712aac1389e8 adds a new -C command line option
to rpc.tlsservd.
This patch updates the man page for this new command
line option.
This is
rpc.tlsservd: Update the man page for the -C option
Commit 712aac1389e8 adds a new -C command line option
to rpc.tlsservd.
This patch updates the man page for this new command
line option.
This is a content change.
Reviewed by: jhb, pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35136
show more ...
|
|
Revision tags: release/13.1.0, release/12.3.0, release/13.0.0 |
|
| #
b9cbc85d |
| 18-Feb-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfs-over-tls: add user space daemons rpc.tlsclntd and rpc.tlsservd
The kernel changes needed for nfs-over-tls have been committed to main.
However, nfs-over-tls requires user space daemons to handle
nfs-over-tls: add user space daemons rpc.tlsclntd and rpc.tlsservd
The kernel changes needed for nfs-over-tls have been committed to main.
However, nfs-over-tls requires user space daemons to handle the
TLS handshake and other non-application data TLS records.
There is one daemon (rpc.tlsclntd) for the client side and one daemon
(rpc.tlsservd) for the server side, although they share a fair amount
of code found in rpc.tlscommon.c and rpc.tlscommon.h.
They use a KTLS enabled OpenSSL to perform the actual work and, as such,
are only built when MK_OPENSSL_KTLS is set.
Communication with the kernel is done via upcall RPCs done on AF_LOCAL
sockets and the custom system call rpctls_syscall.
Reviewed by: gbe (man pages only), jhb (usr.sbin/Makefile only)
Comments by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28430
Relnotes: yes
show more ...
|