Belatedly remove amr(4). It was slated to depart before 13.0 but was
overlooked until now.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33113
Belatedly remove iir(4). It was slated to go before 13, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33112
We'd said this was going away in 13, but was overlooked. Belatedly
remove.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33111
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-13-init-16847-g88e66fa60ae5, the last commit before
the upstream release/13.x branch was created.
PR: 258209
MFC after: 2 weeks
Description of FIDO/U2F support (from OpenSSH 8.2 release notes,
https://www.openssh.com/txt/release-8.2):
This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly
authorise operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will
usually require the user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any
other supported key in OpenSSH and may be listed in authorized_keys,
added to ssh-agent(1), etc. The only additional stipulation is that
the FIDO token that the key belongs to must be attached when the key
is used.
To enable FIDO/U2F support, this change regenerates ssh_namespace.h,
adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless building
WITHOUT_USB).
devd integration is not included in this change, and is under
investigation for the base system. In the interim the security/u2f-devd
port can be installed to provide appropriate devd rules.
Reviewed by: delphij, kevans
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32509
The upgrade to libdialog 1.3 included changes to the ABI.
Bump libdpv to 3 since it links against libdialog.
Reported by: Mark Millard <marklmi@yahoo.com>
Reviewed by: bapt
Fixes: a96ef45019 dialog: import dialog 1.3-20210117
Differential Revision: https://reviews.freebsd.org/D32675
The new iSCSI initiator iscsi(4) was introduced with FreeBSD 10.0, and
the old intiator was marked obsolete shortly thereafter (in commit
d32789d95c, MFC'd to stable/10 in ba54910169). Remove it now.
Reviewed by: jhb, mav
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32673
From https://github.com/Yubico/libfido2:
libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.
libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448
Add necessary bits to detect ELF format on Linux/aarch64; note that
Linux calls it aarch64 where we would typically call it arm64 (uname -m)
Reviewed by: arichardson, emaste, imp
Sponsored by: Ampere Computing LLC
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D32542
From https://github.com/PJK/libcbor:
libcbor is a C library for parsing and generating CBOR, the general-
purpose schema-less binary data format.
libcbor will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
cbor_export.h and configuration.h were generated by the upstream CMake
build. We could create them with bmake rules instead (as NetBSD has
done) but this is a fine start.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
no need for libcbor without libfido2.
Reviewed by: kevans
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32347
I forgot to update this file so make delete-old would incorrectly remove
the newly-installed LLVM binutils. While touching the file also update
for 8e1c989abb since ObsoleteFiles.inc now inludes the tablegen binaries.
Reported by: Herbert J. Skuhra <herbert@gojira.at>
Reviewed By: emaste, imp
Differential Revision: https://reviews.freebsd.org/D32022
There's two identical gid_from_group lines in a row. We only need one.
Ditto for uid_from_user().
Sponsored by: Netflix
Reviewed by: bapt, jrtc27
Differential Revision: https://reviews.freebsd.org/D32442
This is useful for WireGuard which uses a nonce of 8 bytes rather
than the 12 bytes used for IPsec and TLS.
Note that this also fixes a (should be) harmless bug in ossl(4) where
the counter was incorrectly treated as a 64-bit counter instead of a
32-bit counter in terms of wrapping when using a 12 byte nonce.
However, this required a single message (TLS record) longer than 64 *
(2^32 - 1) bytes (about 256 GB) to trigger.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32122
By default, the "normal" IV size (12) is used, but it can be overriden
via -I. If -I is not specified and -z is specified, issue requests
for all possible IV sizes.
Reviewed by: markj
Sponsored by: Chelsio Communications, The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32110
calculate_partitioning and create_code_slice are now required in
nanobsd.sh. While things work with the ones provided by legacy.sh, it's
fighting embedded/common's other actions. Instead, replace them with
stubs.
Sponsored by: Netflix
Implement optional timezone change detection for local time libc
functions. This is disabled by default; set WITH_DETECT_TZ_CHANGES
to build it.
Reviewed By: imp
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #47
Differential Revision: https://reviews.freebsd.org/D30183
git-rev-list expects commits to be listed separately, allow word
splitting and disable shellcheck SC2086 when using git-rev-list
to build the commit list.
Fixes: 4fd0c6ab1a ("Fix most shellcheck warnings in git-arc.sh")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D31838
The purpose of this command is to "refresh" the source reference
files generated with GNU libiconv, located in tools/test/iconv/ref/.
Previously it would generate copies somewhere in OBJDIR, which
we don't use.
Reviewed By: allanjude
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D31820
Previously it would loop indefinitely on getopt_long(3)
due to 'char' being unsigned.
Reviewed By: allanjude
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D31817
When WITH_LLVM_BINUTILS is set, we will install the LLVM binutils as
ar/ranlib/nm/objcopy/etc. instead of the elftoolchain ones.
Having the LLVM binutils instead of the elftoolchain ones allows us to use
features such as LTO that depend on binutils that understand LLVM IR.
Another benefit will be an improved user-experience when compiling with
AddressSanitizer, since ASAN does not symbolize backtraces correctly if
addr2line is elftoolchain addr2line instead of llvm-symbolizer.
See https://lists.freebsd.org/archives/freebsd-toolchain/2021-July/000062.html
for more details.
This is currently off by default but will be turned on by default at some
point in the near future.
Reviewed By: emaste
Differential Revision: https://reviews.freebsd.org/D31060
For other platforms, fspacectl(2) is absent. This commit masks out the
calls to fspacectl(2) and replace them with a ENODEV errno.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31619
There is a __used member in glibc's posix_spawn_file_actions_t in
spawn.h, so we must temporarily undefine __used when including it,
otherwise Support/Unix/Program.inc fails to build. This is based on
similar handling for __unused in other headers.
Fixes: 31ba4ce889 ("Allow bootstrapping llvm-tblgen on macOS and Linux")
MFC after: 1 week
The only exception here being C.UTF-8 as this is the default
locales so it needs to always be installed
Reviewed by: pkgbase (emaste)
Differential Revision: https://reviews.freebsd.org/D31397
the way SAMEDIRS was defined was an abuse of bsd.dirs.mk resulting in
all the directory to be created in one single command, but DESTDIR is
only prepend once on the first element of the list
Switch to the properway to use bsd.dirs.mk
The framework knows how to create directories and tag them properly
for a the creation of a mtree, not need to hardcode all the locales
entries in bsd.usr.mk
This simplifies addition of new locales but also allow people building
with WITHOUT_LOCALES to end up with a directory full of empty files
This is needed in order to build various LLVM binutils (e.g. addr2line)
as well as clang/lld/lldb.
Co-authored-by: Jessica Clarke <jrtc27@FreeBSD.org>
Test Plan: Compiles on ubuntu 18.04 and macOS 11.4
Reviewed By: dim
Differential Revision: https://reviews.freebsd.org/D31057
This is needed to bootstrap llvm-tblgen on Linux since LLVM calls
`::open(...)` which does not work if open is a statement macro.
Also stop defining O_SHLOCK/O_EXLOCK and update the only bootstrap tools
user of those flags to deal with missing definitions.
Reviewed By: jrtc27
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31226
We have installed kernel debug data under /usr/lib/debug/ for some time
now, so the suggestion to set WITHOUT_KERNEL_SYMBOLS for small root
partitions is no longer valid.
Also call them "debug symbol files" rather than just "symbol files",
since they contain much more than just symbols. The kernel also
includes (some) symbols, regardless of the setting of this knob.
MFC after: 1 week
The previous pattern had the (harmless) side-effect of duplicating the
entry in the config file.
No functional change intended.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/510
Remove apm.8 and apmconf.8 from OLD_FILES in the relevant Makefiles.
These pages are now installed unconditionally as per 0a0f748641
PR: 257228
Reported by: yasu@utahime.org, wosch@
Approved by: imp@, wosch@
Fixes: 0a0f748641 - Build manpages for all architectures
MFH: 4 weeks
Differential Revision: https://reviews.freebsd.org/D31256
Bump the rescue size from 1.2GB to just shy of 8GB as things have grown
somewhat. Also make it possible to build rescue somewhere other than
/usr/src.
Sponsored by: Netflix
The attached patch brings two main changes to the nanobsd script:
1- gpart is used instead of fdisk;
2- the code image is created first, and then used to ``assemble'' the
full disk image.
The patch was first proposed on the freebsd-embedded list:
http://lists.freebsd.org/pipermail/freebsd-embedded/2012-June/001580.html
and is currently under discussion:
http://lists.freebsd.org/pipermail/freebsd-embedded/2014-January/002216.html
Another effect is that the -f option ("suppress code slice extraction")
now imples the -i option ("suppress disk image build").
imp@ applied Patch by hand to new legacy.sh, plus tweaked for NANO_LOG vs
NANO_OBJ confusion in original.
PR: 186030
Reviewed by: imp@
Differential Revision: https://reviews.freebsd.org/D31102
NanoBSD has helper script "fill_pkg.sh" which links all packages and
ther dependencies from "package dump" (like /usr/ports/packages/All) to
specified director. fill_pkg.sh has some limitations:
1) It needs ports tree, which should have exactly same versions as
"package dump".
2) It requires full paths to needed ports, including "/usr/ports" part.
3) It has assumptions about Nano Package Dir (it assumes, that it
specified rtelative to current directory).
4) It does not have any diagnostics (almost).
This PR enhances "fill_pkg.sh" script in several ways:
1) Nano package dir could be absolute path.
2) Script understands four ways to specify "root" ports/packages:
(a) Absolute directory with port (old one)
(b) Relative directory with port, relative to ${PORTSDIR} or /usr/ports
(c) Absolute path to file with package (with .tbz suffix)
(d) Name of package in dump dir, with or without .tbz suffix
These ways can be mixed in one call. Dependencies for
packages are obtained with 'pkg_info -r' call, and are searched for
in same directory as "parent" package. Dependencies for ports are
obtained in old way from port's Makefile.
3) Three levels of diagnostic (and -v option, could be repeated) are added.
4) All path variables are enclosed in quotes, to make script work with paths,
containing spaces.
Note: imp merged in the changes to fill_pkg.sh since this has been a PR.
PR: 151695
Reviewed by: imp@
MFC After: 3 days
Differential Revision: https://reviews.freebsd.org/D31101
Remove the qemu sparc64 example. It was only ever compile tested since
qemu had issues booting FreeBSD/sparc64. Also remove obsolete info about
armv5 configs removed long ago.
Sponsored by: Netflix
Per tzsetup(8), /etc/localtime and /var/db/zoneinfo go hand in hand.
Remove extra white spaces as well.
Reviewed by: imp@, phk@ (informal no objection email)
Pull Request: https://github.com/freebsd/freebsd-src/pull/486
As discussed on freebsd-current [1] and freebsd-arch [2] and review
D30833, FreeBSD 14 will ship without the _p.a libraries built with -pg.
Both upstream and base system (in commit b762974cf4) Clang have been
modified to remove the special case for linking against these libraries.
Clang's -pg support and mcount() remain, so building with -pg can still
be used on code that the user builds; we just do not provide prebuilt
libraries compiled with -pg. A similar change is still needed for GCC.
[1] https://lists.freebsd.org/pipermail/freebsd-current/2020-January/075105.html
[2] https://lists.freebsd.org/archives/freebsd-arch/2021-June/000016.html
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
QEMU (now) includes a prebuilt EDK II firmare in edk2-x86_64-code.fd.
Use that instead of requring a standalone uefi-edk2-qemu-x86_64 package.
Reviewed by: imp
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30915
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-12-init-17869-g8e464dd76bef, the last commit before the
upstream release/12.x branch was created.
PR: 255570
MFC after: 6 weeks
I missed adding these to the libc++ Makefile, when importing
llvm-project 11.0.0-rc1, even though they were supplied by upstream.
While here, update OptionalObsoleteFiles.inc to add these new headers,
and cleanup old cruft.
Reported by: yuri
Submitted by: jkim (Makefile diff)
PR: 255374
MFC after: 3 days
Makes pkg-gen quit after having received N packets, the same way it
already supports doing for sent packets.
Reviewed by: vmaffione
Sponsored by: Klara Inc.
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D30266
Add a POLLRDHUP example to this tool, for comparison with other
operating systems. Also record current output on FreeBSD and Linux.
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D29757
I missed the review comment to commit the changes separately, will
reland in multiple smaller commits.
Requested By: jkim
This reverts commit bbd421cdf6.
iwnstats was not compiling because of some issues raised by the clang
compiler due to -Werror. As a tool it is not connected to world build.
Add missing field "barker_mrc" initialization in struct
iwn_sensitivity_limits for -Wmissing-field-initializers, remove unused
pointer *is on iwn_stats_*_print functions and unused variables for
-Wunused-parameter and -Wunused-variable.
The value for field "barker_mrc" of struct iwn2030_sensitivity_limits
was obtained from linux 3.2 wireless/iwlwifi driver code (iwl-2000.c:115
.barker_corr_th_min_mrc = 390).
Also set BINDIR in Makefile to make it possible to install under
/usr/local/sbin/iwnstats as it require super user.
Reviewed by: adrian
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D29800
Upstream flex has added a yynoreturn, so this diff is no longer needed.
Partially reverts r181269. Also regenerate the pre-generated files that
are used for bootstrapping.
Reviewed By: jkim
Differential Revision: https://reviews.freebsd.org/D29679
There haven't been any non-obscure drivers that supported this
functionality and it has been impossible to test to ensure that it
still works. The only known consumer of this interface was the engine
in OpenSSL < 1.1. Modern OpenSSL versions do not include support for
this interface as it was not well-documented.
Reviewed by: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D29736
The description is clearly what effect the knob has when set, so the
additional text was unnecessary.
Reviewed by: jhb, se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29583
Test individual sizes up to the max encryption block length as well as
a few sizes that include 1 full block and a partial block before
doubling the size.
Reviewed by: cem, markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D29518
In busy-wait mode (BUSYWAIT defined), NIOCTXSYNC should be
performed after packets have been moved to the TX ring
(rather than before).
Before the change, moved packets may stall for an indefinite
time in the TX ring.
MFC after: 1 week
dash does not allow function names containing a ":", so replace it with
a '_'. Additionally, Ubunutu 18.04 ships git 2.17 which does not support
the `--default false` flag for git config.
Reviewed By: markj
Differential Revision: https://reviews.freebsd.org/D29374
This warning is very rarely useful (inline is a hint and not mandatory).
This flag results in many warnings being printed when compiling C++
code that uses the standard library with GCC.
This flag was originally added in back in r94332 but the flag is a no-op
in Clang ("This diagnostic flag exists for GCC compatibility, and has no
effect in Clang"). Removing it should make the GCC build output slightly
more readable.
Reviewed By: jrtc27, imp
Differential Revision: https://reviews.freebsd.org/D29235
If all the require variables (XCC/XCXX/XCPP/XLD) are already set in the
environment, we don't have to infer a default value for the cross toolchain
path. This avoids an additional `brew --prefix` call when building with
cheribuild (since it already sets all these variables).
Since set -e is enabled by sys.mk, if the tool cannot be found in PATH
then the entire shell command line fails, causing us to not print the
error message below and instead silently (due to the @) fail, only
getting the usual "Error code 1" print from bmake. Thus, provide a dummy
default that will never exist (the same as is used by meta2deps.sh) if
which fails so that we get the error message as intended.
MFC after: 1 week
Man pages can be big in total, add an options to split man pages
in -man packages so we produce smaller packages.
This is useful for small jails or mfsroot produced of pkgbase.
The option is off by default.
Reviewed by: bapt, Mina Galić <me@igalic.co>
Differential Revision: https://reviews.freebsd.org/D29169
MFC after: 2 weeks
fmtree(8) deprecation was announced on February 12, 2021, and no longer
built by default as of that date. The deprecation notice was merged
back to stable/12 and stable/13 + releng/13.0.
Continue with the plan by finishing the removal.
Relnotes: yes
Also updated the logic to use subprocess.run() instead of the old
subprocess.getoutput() which also includes stderr and therefore
can trigger an exception inside Path().exists().
Reported by: gnn
A number of projects use "Fixes: <hash>" to identify a commit that is
fixed by a given change. Adopt that convention.
Differential Revision: https://reviews.freebsd.org/D28693
- Make openssl_gcm_encrypt generic to AEAD ciphers (aside from CCM)
and use it for Chacha20-Poly1305.
- Use generic AEAD control constants instead of GCM/CCM specific names.
Reviewed by: cem
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D27838
This script uses -e, so it's prone to exiting in awkward places. In
particular, if arc diff fails, the script just exits without restoring
the checkout.
Mitigate this for now by using a global variable to record the previous
checkout and use a trap handler to restore it in the face of errors. A
better solution might be to use arc diff's --head parameter but that
will require more testing.
Reported by: kevans
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D28631
After changing the namespace.h header we need to provide _err on macOS, too.
Previously we used the system libc err*/warn*, but that does not provide
_err/_warn (which is used by other bootstrapped files from libc).
To fix this problem bootstrap err.c on macOS as well.
Fixes: 02af91c52 (Fix crossbuild bootstrap tools build with Clang 12)
Clang 12 no longer allows re-defining a weak symbol as non-weak. This
happed here because we compile err.c with _err defined to err. To fix
this, use the same approach as the libc namespace.h
Previously bsd.compiler.mk was not able to detect the compiler type for
Ubuntu's /usr/bin/cc unless we were invoking the /usr/bin/gcc symlink.
This problem has been fixed by 9c6954329a
so we can drop the workaround from make.py.
Reviewed By: jrtc27
Differential Revision: https://reviews.freebsd.org/D28323
nmtree is derived from fmtree, and has been the default mtree(8) since
6adfbbbf16, a little over a year after its introduction.
fmtree has not seen any substantial work since then, except for build
fixes and runtime issues that were diagnosed in nmtree and backported
because this was still in the tree.
Turn it off by default.
Reviewed by: bdrewery, brooks, cy, emaste
Differential Revision: https://reviews.freebsd.org/D28573
Add manual page based on the usage in the script with a few changes and
hook it up to the build.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D28519
Rather than putting revision metadata in .git/arc/create-message, create
a tmpfile and use that. Otherwise arc diff always prompts about it and
in some cases complains because its standard input is piped.
Reported by: imp
Differential Revision: https://reviews.freebsd.org/D28614
This is a handy script for creating and updating Differential revisions
from git commits. It tries to avoid forcing the user to manage their
git tree in any particular way, but makes two major assumptions:
- there is a one-to-one mapping between git commits and Differential
revisions,
- the title of a Differential revision is the same as the summary line
of the corresponding commit.
A verbose description of the script's functionality is provided in its
usage message, which should probably be converted to a man page.
A description of workflows using git-arc is here:
https://lists.freebsd.org/pipermail/freebsd-hackers/2021-January/056979.html
There are some loose ends but this is functional enough to be useful.
Discussed with: jhb
Differential Revision: https://reviews.freebsd.org/D28334
Userspace has OFED build enabled for quite some time, but kernel modules
were not. This is useless config because any userspace IB code requires
kernel support. So enable modules build by default.
Move WITH_OFED to WITHOUT_OFED since defaults are now enabled.
Reviewed by: emaste, hselasky, kevans
MFC after: 3 days
Sponsored by: NVidia Networking / Mellanox Technologies
Differential Revision: https://reviews.freebsd.org/D28460
This option has been equivalent to any form of C++ support since libstdc++
was removed. Therefore, replace all MK_LIBCPLUSPLUS uses with MK_CXX.
Reviewed By: emaste
Differential Revision: https://reviews.freebsd.org/D27974
Parallel builds of stand should be assumed both possible and safe as of
7012461c9b, so let's start using some jobs to speed up lualoader test
harness builds.
There's a third party dependency on this option; currently,
net/openldap24-{,sasl-}client. At least mention that an openldap from ports
is needed for this option.
PR: 252866
Reported-by: Build Option Survey via Michael Dexter
MFC-after: 3 days
This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.
Note that TLS 1.3 only supports TX offload.
A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support. It defaults to enabled on amd64 and disabled on all
other architectures.
Reviewed by: jkim (earlier version)
Approved by: secteam
Obtained from: OpenSSL (patches from master)
MFC after: 1 week
Relnotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D28273
