Date: Thu, 24 Jan 2013 16:11:04 -0500 From: "Isaac (.ike) Levy" <ike@blackskyresearch.net> To: Eitan Adler <lists@eitanadler.com> Cc: freebsd-doc@freebsd.org Subject: Re: features.xml Message-ID: <1359061943-3954666.10115781.fr0OLB4so031293@rs149.luxsci.com> In-Reply-To: <CAF6rxg=prxii63d%2BJJ8F5Fo2UaMdcPpYkz=SZs9aYJDhPcM9-Q@mail.gmail.com> References: <CAF6rxgkbnKbUSuoruaVbHC285JXjdeJd1SjdCBCMBdRj-i2a9A@mail.gmail.com> <CAF6rxgn0W61-LGi4N8N9Bi71jE-WLwD-k5tfq4Obrcrt4zoTaQ@mail.gmail.com> <CAF6rxgk=fDAKQ4Hjq=KBBNKE4n4A=QmtD7YB5e9hFWW=saLoRw@mail.gmail.com> <70AFF504-314E-4F42-A2E1-D148D8FA2BCD@axialmarket.com> <CAF6rxg=rqEnkuabh46iYX%2BzMV2kV0M7=WteLe313m0QXxPA4pg@mail.gmail.com> <1359058203-4509368.00016252.fr0OK9rh7016372@rs149.luxsci.com> <CAF6rxg=prxii63d%2BJJ8F5Fo2UaMdcPpYkz=SZs9aYJDhPcM9-Q@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Jan 24, 2013, at 3:54 PM, Eitan Adler wrote:
> On 24 January 2013 15:09, Isaac (.ike) Levy <ike@blackskyresearch.net> wrote:
>> On Jan 24, 2013, at 12:09 PM, Eitan Adler wrote:
>>
>>> On 24 January 2013 12:07, Isaac (.ike) Levy <ike.levy@axialmarket.com> wrote:
>>>>
>>>> Would you like me to submit a patch back to list? (Will get to it this weekend if so.)
>>>
>>> Please do!
>>
>> What is the accepted workflow for submitting a doc patch?
>
> "git format-patch / git send-email", "git show", "git diff", "svn
> diff", are all accepted
>
>> After downloading svn doc repo, and then the git 'best-effort' repo, I was dismayed not to find the git sha '1b6e180cdc56ae8cfea8d54f420c282830380f37', referenced in your original post:
>
> The patch was the output of "git show" on a local branch. You will
> need to use patch(1) - not any git command to apply it.
Thanks-
Attached are 2x patches, which you can apply using patch(1), or
- using git to preserve history and context,
# git am 0001-Eitan-original-patch-to-doc-list
# git am 0002-clarification-to-virtualized-network-stack-topology
- using patch(1) to merely apply the patch,
# patch en_US.ISO8859-1/htdocs/features.xml \
0002-clarification-to-virtualized-network-stack-topology
Best,
.ike
[-- Attachment #2 --]
From b5db7efcd0d59d252a3803def38cb0526b98c170 Mon Sep 17 00:00:00 2001
From: "Isaac (.ike) Levy" <ike@blackskyresearch.net>
Date: Thu, 24 Jan 2013 16:01:17 -0500
Subject: [PATCH 1/2] Eitan original patch to doc list
Signed-off-by: Isaac (.ike) Levy <ike@blackskyresearch.net>
---
en_US.ISO8859-1/htdocs/features.xml | 268 +++++++++++------------------------
1 files changed, 83 insertions(+), 185 deletions(-)
diff --git a/en_US.ISO8859-1/htdocs/features.xml b/en_US.ISO8859-1/htdocs/features.xml
index 919195c..c6f97f2 100644
--- a/en_US.ISO8859-1/htdocs/features.xml
+++ b/en_US.ISO8859-1/htdocs/features.xml
@@ -39,196 +39,94 @@
across a range of systems, from embedded environments to high-end
multiprocessor servers.</h2>
- <p><b>FreeBSD 7.0</b>, released February 2008, brings many new features
- and performance enhancements. With a special focus on storage
- and multiprocessing performance, FreeBSD 7.0 shipped with support
- for Sun's <b>ZFS file system</b> and <b>highly scalable
- multiprocessing performance</b>. Benchmarks have shown that FreeBSD
- provides twice the MySQL and PostgreSQL performance as current Linux
- systems on 8-core servers.</p>
+ <p><b>&os; 9.0</b>, brings many new features
+ and performance enhancements with a special focus on desktop
+ support and security features.</p>
<ul>
- <li><b>SMPng</b>: After seven years of development on advanced SMP
- support, FreeBSD 7.0 realizes the goals of a fine-grained kernel
- allowing linear scalability to over 8 CPU cores for many workloads.
- FreeBSD 7.0 sees an almost complete elimination of the Giant Lock,
- removing it from the CAM storage layer and NFS client, and moving
- towards more fine-grained locking in the network subsystem.
- Significant work has also been performed to optimize kernel
- scheduling and locking primitives, and the optional ULE scheduler
- allows thread CPU affinity and per-CPU run queues to reduce
- overhead and increase cache-friendliness. The libthr threading
- package, providing 1:1 threading, is now the default. Benchmarks
- reveal a dramatic performance advantage over other &unix; operating
- systems on identical multicore hardware, and reflect a long
- investment in SMP technology for the FreeBSD kernel.</li>
-
- <li><b>ZFS filesystem</b>: Sun's ZFS is a state-of-the-art file
- system offering simple administration, transactional semantics,
- end-to-end data integrity, and immense scalability. From
- self-healing to built-in compression, RAID, snapshots, and volume
- management, ZFS will allow FreeBSD system administrators to easily
- manage large storage arrays.</li>
-
- <li><b>10Gbps network optimization</b>: With optimized device drivers
- from all major 10gbps network vendors, FreeBSD 7.0 has seen
- extensive optimization of the network stack for high performance
- workloads, including auto-scaling socket buffers, TCP Segment
- Offload (TSO), Large Receive Offload (LRO), direct network stack
- dispatch, and load balancing of TCP/IP workloads over multiple CPUs
- on supporting 10gbps cards or when multiple network interfaces are
- in use simultaneously. Full vendor support is available from
- Chelsio, Intel, Myricom, and Neterion.</li>
-
- <li><b>SCTP</b>: FreeBSD 7.0 is the reference implementation for the
- new IETF Stream Control Transmission Protocol (SCTP) protocol,
- intended to support VoIP, telecommunications, and other
- applications with strong reliability and variable quality
- transmission through features such as multi-path delivery,
- fail-over, and multi-streaming.</li>
-
- <li><b>Wireless</b>: FreeBSD 7.0 ships with significantly enhanced
- wireless support, including high-power Atheros-based cards, new
- drivers for Ralink, Intel, and ZyDAS cards, WPA, background
- scanning and roaming, and 802.11n.</li>
-
- <li><b>New hardware architectures</b>: FreeBSD 7.0 includes
- significantly improved support for the embedded ARM architecture,
- as well as preliminary support for the Sun Ultrasparc T1
- platform.</li>
+ <li><b>Capsicum Capability Mode</b>:
+ Capsicum is a set of features for sandboxing support, using
+ a capability model in which the capabilities are file
+ descriptors. Two new kernel options CAPABILITIES and
+ CAPABILITY_MODE have been added to the GENERIC kernel.</li>
+
+ <li><b>Hhook</b>: (Helper Hook) and khelp(9) (Kernel Helpers)
+ KPIs have been implemented. These are a kind of superset of
+ pfil(9) framework for more general use in the kernel. The
+ hhook(9) KPI provides a way for kernel subsystems to export
+ hook points that khelp(9) modules can hook to provide
+ enhanced or new functionality to the kernel. The khelp(9)
+ KPI provides a framework for managing khelp(9) modules,
+ which indirectly use the hhook(9) KPI to register their hook
+ functions with hook points of interest within the kernel.
+ These allow a structured way to dynamically extend the
+ kernel at runtime in an ABI preserving manner.</li>
+ <li><b>Accounting API:</b> has been implemented. It can keep
+ per-process, per-jail, and per-loginclass resource
+ accounting information. Note that this is not built nor
+ installed by default. To build and install them, specify
+ options RACCT in the kernel configuration file and rebuild
+ the base system as described in the FreeBSD Handbook</li>
+
+ <li><b>Resource-limiting API:</b> has been implemented.
+ It works in conjunction with the RACCT resource accounting
+ implementation and takes user-configurable actions based on
+ the set of rules it maintains and the current resource
+ usage. The rctl(8) utility has been added to manage the
+ rules in userland. Note that this is not built nor installed
+ by default.</li>
+
+ <li><b>Usb:</b> subsystem now supports USB packet filter.
+ This allows to capture packets which go through each USB
+ host controller. The implementation is almost based on
+ bpf(4) code. The userland program usbdump(8) has been
+ added.</li>
+
+ <li><b>Infiniband support:</b>, OFED (OpenFabrics Enterprise
+ Distribution) version 1.5.3 has been imported into the
+ base system.</li>
+
+ <li><b>TCP/IP network:</b> stack now supports the mod_cc(9)
+ pluggable congestion control framework. This allows TCP
+ congestion control algorithms to be implemented as
+ dynamically loadable kernel modules. The following kernel
+ modules are available cc_chd(4) for the CAIA-Hamilton-Delay
+ algorithm, cc_cubic(4) for the CUBIC algorithm, cc_hd(4)
+ for the Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP
+ algorithm, cc_newreno(4) for the NewReno algorithm, and
+ cc_vegas(4) for the Vegas algorithm. The default algorithm
+ can be set by a new sysctl(8) variable
+ net.inet.tcp.cc.algorithm.</li>
+
+ <li><b>SU+J:</b> &os; Fast File System now supports soft updates with
+ journaling. It introduces an intent log into a
+ softupdates-enabled file system which eliminates the need for
+ background fsck(8) even on unclean shutdowns.</li>
</ul>
- <p>FreeBSD has a long history of advanced operating system feature
- development; you can read about some of these features below:</p>
-
+ <p><b>&os; 8.x</b> brings many new
+ features and performance enhancements. With special focus on a
+ new USB stack, &os;-8.x shipped with experimental support for
+ NFSv4. As well as a new TTY layer. Which improves scalability
+ and resources handling in SMP enabled systems.</p>
<ul>
- <li><b>A merged virtual memory and filesystem buffer cache</b>
- continuously tunes the amount of memory used for programs and the
- disk cache. As a result, programs receive both excellent memory
- management and high performance disk access, and the system
- administrator is freed from the task of tuning cache sizes.</li>
-
- <li><b>Compatibility modules</b> enable programs for other operating
- systems to run on FreeBSD, including programs for Linux, SCO UNIX,
- and System V Release 4.</li>
-
- <li><b>Soft Updates</b> allows improved filesystem
- performance without sacrificing safety and reliability.
- It analyzes meta-data filesystem operations to avoid having
- to perform all of those operations synchronously.
- Instead, it maintains internal state about pending meta-data
- operations and uses this information to cache meta-data,
- rewrite meta-data operations to combine subsequent
- operations on the same files, and reorder meta-data
- operations so that they may be processed more efficiently.
- Features such as background filesystem checking and
- file system snapshots are built on the consistency
- and performance foundations of soft updates.</li>
-
- <li><b>File system snapshots</b>, permitting administrators to take
- atomic file system snapshots for backup purposes using the free
- space in the file system, as well as facilitating <b>background
- fsck</b>, which allows the system to reach multiuser mode without
- waiting on file system cleanup operations following power outages.
- </li>
-
- <li>Support for <b>IP Security (IPsec)</b> allows improved security in
- networks, and support for the next-generation Internet Protocol,
- IPv6. The FreeBSD IPsec implementation includes support for a
- broad range of <b>accelerated crypto hardware</b>.</li>
-
- <li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
- allows FreeBSD to be seamlessly integrated into next generation
- networking environments. FreeBSD even ships with many applications
- extended to support IPv6!</li>
-
- <li><b>Multi-threaded SMP architecture</b> capable of executing the
- kernel in parallel on multiple processors, and with <b>kernel
- preemption</b>, allowing high priority kernel tasks to preempt
- other kernel activity, reducing latency. This includes a
- <b>multi-threaded network stack</b> and a <b>multi-threaded
- virtual memory subsystem</b>. Beginning with FreeBSD 6.x, support
- for a fully parallel VFS allows the UFS file system to run on multiple
- processors simultaneously, permitting load sharing of
- CPU-intensive I/O optimization.</li>
-
- <li><b>M:N application threading via pthreads</b> permitting threads
- to execute on multiple CPUs in a scalable manner, mapping many user
- threads onto a small number of <b>Kernel Schedulable Entities</b>.
- By adopting the <b>Scheduler Activation</b> model, the threading
- approach can be adapted to the specific requirements of a broad
- range of applications.</li>
-
- <li><b>Netgraph pluggable network stack</b> allows developers to
- dynamically and easily extend the network stack through clean
- layered network abstractions. Netgraph nodes can implement a broad
- range of new network services, including encapsulation, tunneling,
- encryption, and performance adaptation. As a result, rapid
- prototyping and production deployment of enhanced network services
- can be performed far more easily and with fewer bugs.</li>
-
- <li><b>TrustedBSD MAC Framework extensible kernel security</b>,
- which allows developers to customize the operating system security
- model for specific environments, from creating hardening policies
- to deploying mandatory labeled confidentiality of integrity
- policies. Sample security policies include <b>Multi-Level
- Security (MLS)</b>, and <b>Biba Integrity Protection</b>. Third
- party modules include <b>SEBSD</b>, a FLASK-based implementation
- of <b>Type Enforcement</b>.</li>
-
- <li><b>TrustedBSD Audit</b> is a security event logging service,
- providing fine-grained, secure, reliable logging of system events
- via the audit service. Administrators can configure the nature and
- granularity of logging by user, tracking file accesses, commands
- executed, network activity, system logins, and a range of other
- system behavior. Audit pipes allow IDS tools to attach to the
- kernel audit service and subscribe to events they require for
- security monitoring. FreeBSD supports the industry-standard BSM
- audit trail file format and API, allowing existing BSM tools to
- run with little or no modification. This file format is used on
- Solaris and Mac OS X, allowing instant interoperability and unified
- analysis.</li>
-
- <li><b>GEOM pluggable storage layer</b>, which permits new storage
- services to be quickly developed and cleanly integrated into the
- FreeBSD storage subsystem. GEOM provides a consistent and
- coherent model for discovering and layering storage services,
- making it possible to layer services such as RAID and volume
- management easily.</li>
-
- <li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
- strong cryptographic protection using the GEOM Framework, and can
- protect file systems, swap devices, and other use of storage
- media.</li>
-
- <li><b>Kernel Queues</b> allow programs to respond more efficiently
- to a variety of asynchronous events including file and socket IO,
- improving application and system performance.</li>
-
- <li><b>Accept Filters</b> allow connection-intensive applications,
- such as web servers, to cleanly push part of their functionality into
- the operating system kernel, improving performance.</li>
+ <li><b>Netisr framework:</b> has been reimplemented for
+ parallel threading support. This is a kernel network
+ dispatch interface which allows device drivers (and other
+ packet sources) to direct packets to protocols for directly
+ dispatched or deferred processing. The new implementation
+ supports up to one netisr thread per CPU, and several
+ benchmarks on SMP machines show substantial performance
+ improvement over the previous version.</li>
+
+ <li><b>Linux emulation:</b> layer has been updated to version
+ 2.6.16 and the default Linux infrastructure port is now
+ emulators/linux_base-f10 (Fedora 10)</li>
+
+ <li><b>New virtualization:</b> container named vimage has
+ been implemented. This is a jail with a virtualized
+ instance of the FreeBSD network stack and can be created
+ by using jail(8) command.</li>
</ul>
-
- <h2>FreeBSD provides many security features
- to protect networks and servers.</h2>
-
- <p>The FreeBSD developers are as concerned about security as they are
- about performance and stability. FreeBSD includes kernel support for
- <b>stateful IP firewalling</b>, as well as other services, such as
- <b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
- access control</b>, <b>jail-based virtual hosting</b>, and
- <b>cryptographically protected storage</b>. These features can be
- used to support highly secure hosting of mutually untrusting
- customers or consumers, the strong partitioning of network segments,
- and the construction of secure pipelines for information scrubbing
- and information flow control.</p>
-
- <p>FreeBSD also includes support for encryption software, secure
- shells, Kerberos authentication, "virtual servers" created using
- jails, chroot-ing services to restrict application access to the
- file system, Secure RPC facilities, and access lists for services
- that support TCP wrappers.</p>
-
</body>
</html>
--
1.7.5.4
[-- Attachment #3 --]
From cf7a1fecc856bc1a51b921d65d872bb3bae16ab0 Mon Sep 17 00:00:00 2001
From: "Isaac (.ike) Levy" <ike@blackskyresearch.net>
Date: Thu, 24 Jan 2013 16:05:38 -0500
Subject: [PATCH 2/2] clarification to virtualized network stack topology
Signed-off-by: Isaac (.ike) Levy <ike@blackskyresearch.net>
---
en_US.ISO8859-1/htdocs/features.xml | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/en_US.ISO8859-1/htdocs/features.xml b/en_US.ISO8859-1/htdocs/features.xml
index c6f97f2..b4508ad 100644
--- a/en_US.ISO8859-1/htdocs/features.xml
+++ b/en_US.ISO8859-1/htdocs/features.xml
@@ -123,10 +123,12 @@
2.6.16 and the default Linux infrastructure port is now
emulators/linux_base-f10 (Fedora 10)</li>
- <li><b>New virtualization:</b> container named vimage has
- been implemented. This is a jail with a virtualized
- instance of the FreeBSD network stack and can be created
- by using jail(8) command.</li>
+ <li><b>Network Virtualization:</b> Container named vimage has
+ been implemented, extending the FreeBSD kernel to maintain multiple
+ independent instances of networking state. vimage facilities can be
+ used independently to create fully virtualized network topologies,
+ and jail(8) can directly take advantage of a fully virtualized network
+ stack.</li>
</ul>
</body>
</html>
--
1.7.5.4
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1359061943-3954666.10115781.fr0OLB4so031293>