From owner-freebsd-doc@FreeBSD.ORG Thu Jan 24 21:13:17 2013 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 26FBD14F for ; Thu, 24 Jan 2013 21:13:17 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from rs149.luxsci.com (rs149.luxsci.com [64.49.224.181]) by mx1.freebsd.org (Postfix) with ESMTP id EF15876A for ; Thu, 24 Jan 2013 21:13:16 +0000 (UTC) Received: from rs149.luxsci.com (localhost.localdomain [127.0.0.1]) by rs149.luxsci.com (8.14.4/8.13.8) with ESMTP id r0OLDDfe000459; Thu, 24 Jan 2013 16:13:14 -0500 Received: (from root@localhost) by rs149.luxsci.com (8.14.4/8.13.8/Submit) id r0OLCN3I032479; Thu, 24 Jan 2013 21:12:23 GMT Received: (from sender 74627) (rs149.luxsci.com [127.0.0.1]) by LuxSci SP; Thu, 24 Jan 2013 21:12:21 +0000 Subject: Re: features.xml Content-Type: multipart/mixed; boundary="Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA" From: "Isaac (.ike) Levy" In-Reply-To: Date: Thu, 24 Jan 2013 16:11:04 -0500 References: <70AFF504-314E-4F42-A2E1-D148D8FA2BCD@axialmarket.com> <1359058203-4509368.00016252.fr0OK9rh7016372@rs149.luxsci.com> To: Eitan Adler X-Lux-Comment: Message r0OLB4so031293 sent by user #74627 Message-Id: <1359061943-3954666.10115781.fr0OLB4so031293@rs149.luxsci.com> X-Comment: LuxSci SP Message ID - 1359061943-3954666.10115781 Cc: freebsd-doc@freebsd.org X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2013 21:13:17 -0000 --Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jan 24, 2013, at 3:54 PM, Eitan Adler wrote: > On 24 January 2013 15:09, Isaac (.ike) Levy = wrote: >> On Jan 24, 2013, at 12:09 PM, Eitan Adler wrote: >>=20 >>> On 24 January 2013 12:07, Isaac (.ike) Levy = wrote: >>>>=20 >>>> Would you like me to submit a patch back to list? (Will get to it = this weekend if so.) >>>=20 >>> Please do! >>=20 >> What is the accepted workflow for submitting a doc patch? >=20 > "git format-patch / git send-email", "git show", "git diff", "svn > diff", are all accepted >=20 >> After downloading svn doc repo, and then the git 'best-effort' repo, = I was dismayed not to find the git sha = '1b6e180cdc56ae8cfea8d54f420c282830380f37', referenced in your original = post: >=20 > The patch was the output of "git show" on a local branch. You will > need to use patch(1) - not any git command to apply it. Thanks- Attached are 2x patches, which you can apply using patch(1), or - using git to preserve history and context, # git am 0001-Eitan-original-patch-to-doc-list # git am 0002-clarification-to-virtualized-network-stack-topology - using patch(1) to merely apply the patch, # patch en_US.ISO8859-1/htdocs/features.xml \ 0002-clarification-to-virtualized-network-stack-topology Best, .ike --Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA Content-Disposition: attachment; filename=0001-Eitan-original-patch-to-doc-list.patch Content-Type: application/octet-stream; name="0001-Eitan-original-patch-to-doc-list.patch" Content-Transfer-Encoding: quoted-printable =46rom=20b5db7efcd0d59d252a3803def38cb0526b98c170=20Mon=20Sep=2017=20= 00:00:00=202001=0AFrom:=20"Isaac=20(.ike)=20Levy"=20= =0ADate:=20Thu,=2024=20Jan=202013=2016:01:17=20= -0500=0ASubject:=20[PATCH=201/2]=20Eitan=20original=20patch=20to=20doc=20= list=0A=0ASigned-off-by:=20Isaac=20(.ike)=20Levy=20= =0A---=0A=20= en_US.ISO8859-1/htdocs/features.xml=20|=20=20268=20= +++++++++++------------------------=0A=201=20files=20changed,=2083=20= insertions(+),=20185=20deletions(-)=0A=0Adiff=20--git=20= a/en_US.ISO8859-1/htdocs/features.xml=20= b/en_US.ISO8859-1/htdocs/features.xml=0Aindex=20919195c..c6f97f2=20= 100644=0A---=20a/en_US.ISO8859-1/htdocs/features.xml=0A+++=20= b/en_US.ISO8859-1/htdocs/features.xml=0A@@=20-39,196=20+39,94=20@@=0A=20=09= across=20a=20range=20of=20systems,=20from=20embedded=20environments=20to=20= high-end=0A=20=09multiprocessor=20servers.=0A=20=0A-=20=20=20=20=20=20=

FreeBSD=207.0,=20released=20February=202008,=20brings=20many=20= new=20features=0A-=09and=20performance=20enhancements.=20=20With=20a=20= special=20focus=20on=20storage=0A-=09and=20multiprocessing=20= performance,=20FreeBSD=207.0=20shipped=20with=20support=0A-=09for=20= Sun's=20ZFS=20file=20system=20and=20highly=20scalable=0A-=09= multiprocessing=20performance.=20=20Benchmarks=20have=20shown=20that=20= FreeBSD=0A-=09provides=20twice=20the=20MySQL=20and=20PostgreSQL=20= performance=20as=20current=20Linux=0A-=09systems=20on=208-core=20= servers.

=0A+=20=20=20=20=20=20

&os; 9.0,=20brings=20= many=20new=20features=0A+=09and=20performance=20enhancements=20with=20a=20= special=20focus=20on=20desktop=0A+=09support=20and=20security=20= features.

=0A=20=0A=20=20=20=20=20=20=20
    =0A-=09
  • SMPng:=20= After=20seven=20years=20of=20development=20on=20advanced=20SMP=0A-=09=20=20= support,=20FreeBSD=207.0=20realizes=20the=20goals=20of=20a=20= fine-grained=20kernel=0A-=09=20=20allowing=20linear=20scalability=20to=20= over=208=20CPU=20cores=20for=20many=20workloads.=0A-=09=20=20FreeBSD=20= 7.0=20sees=20an=20almost=20complete=20elimination=20of=20the=20Giant=20= Lock,=0A-=09=20=20removing=20it=20from=20the=20CAM=20storage=20layer=20= and=20NFS=20client,=20and=20moving=0A-=09=20=20towards=20more=20= fine-grained=20locking=20in=20the=20network=20subsystem.=0A-=09=20=20= Significant=20work=20has=20also=20been=20performed=20to=20optimize=20= kernel=0A-=09=20=20scheduling=20and=20locking=20primitives,=20and=20the=20= optional=20ULE=20scheduler=0A-=09=20=20allows=20thread=20CPU=20affinity=20= and=20per-CPU=20run=20queues=20to=20reduce=0A-=09=20=20overhead=20and=20= increase=20cache-friendliness.=20=20The=20libthr=20threading=0A-=09=20=20= package,=20providing=201:1=20threading,=20is=20now=20the=20default.=20=20= Benchmarks=0A-=09=20=20reveal=20a=20dramatic=20performance=20advantage=20= over=20other=20&unix;=20operating=0A-=09=20=20systems=20on=20identical=20= multicore=20hardware,=20and=20reflect=20a=20long=0A-=09=20=20investment=20= in=20SMP=20technology=20for=20the=20FreeBSD=20kernel.
    • =0A-=0A-=09=
  • ZFS=20filesystem:=20Sun's=20ZFS=20is=20a=20state-of-the-art=20= file=0A-=09=20=20system=20offering=20simple=20administration,=20= transactional=20semantics,=0A-=09=20=20end-to-end=20data=20integrity,=20= and=20immense=20scalability.=20=20From=0A-=09=20=20self-healing=20to=20= built-in=20compression,=20RAID,=20snapshots,=20and=20volume=0A-=09=20=20= management,=20ZFS=20will=20allow=20FreeBSD=20system=20administrators=20= to=20easily=0A-=09=20=20manage=20large=20storage=20arrays.
    • =0A-=0A-=09=
  • 10Gbps=20network=20optimization:=20With=20optimized=20device=20= drivers=0A-=09=20=20from=20all=20major=2010gbps=20network=20vendors,=20= FreeBSD=207.0=20has=20seen=0A-=09=20=20extensive=20optimization=20of=20= the=20network=20stack=20for=20high=20performance=0A-=09=20=20workloads,=20= including=20auto-scaling=20socket=20buffers,=20TCP=20Segment=0A-=09=20=20= Offload=20(TSO),=20Large=20Receive=20Offload=20(LRO),=20direct=20network=20= stack=0A-=09=20=20dispatch,=20and=20load=20balancing=20of=20TCP/IP=20= workloads=20over=20multiple=20CPUs=0A-=09=20=20on=20supporting=2010gbps=20= cards=20or=20when=20multiple=20network=20interfaces=20are=0A-=09=20=20in=20= use=20simultaneously.=20=20Full=20vendor=20support=20is=20available=20= from=0A-=09=20=20Chelsio,=20Intel,=20Myricom,=20and=20Neterion.
    • =0A-=0A= -=09
  • SCTP:=20FreeBSD=207.0=20is=20the=20reference=20= implementation=20for=20the=0A-=09=20=20new=20IETF=20Stream=20Control=20= Transmission=20Protocol=20(SCTP)=20protocol,=0A-=09=20=20intended=20to=20= support=20VoIP,=20telecommunications,=20and=20other=0A-=09=20=20= applications=20with=20strong=20reliability=20and=20variable=20quality=0A= -=09=20=20transmission=20through=20features=20such=20as=20multi-path=20= delivery,=0A-=09=20=20fail-over,=20and=20multi-streaming.
    • =0A-=0A-=09=
  • Wireless:=20FreeBSD=207.0=20ships=20with=20significantly=20= enhanced=0A-=09=20=20wireless=20support,=20including=20high-power=20= Atheros-based=20cards,=20new=0A-=09=20=20drivers=20for=20Ralink,=20= Intel,=20and=20ZyDAS=20cards,=20WPA,=20background=0A-=09=20=20scanning=20= and=20roaming,=20and=20802.11n.
    • =0A-=0A-=09
  • New=20hardware=20= architectures:=20FreeBSD=207.0=20includes=0A-=09=20=20significantly=20= improved=20=20support=20for=20the=20embedded=20ARM=20architecture,=0A-=09= =20=20as=20well=20as=20preliminary=20support=20for=20the=20Sun=20= Ultrasparc=20T1=0A-=09=20=20platform.
    • =0A+=09
  • Capsicum=20= Capability=20Mode:=0A+=09=20=20Capsicum=20is=20a=20set=20of=20= features=20for=20sandboxing=20support,=20using=0A+=09=20=20a=20= capability=20model=20in=20which=20the=20capabilities=20are=20file=0A+=09=20= =20descriptors.=20Two=20new=20kernel=20options=20CAPABILITIES=20and=0A+=09= =20=20CAPABILITY_MODE=20have=20been=20added=20to=20the=20GENERIC=20= kernel.
    • =0A+=0A+=09
  • Hhook:=20=20(Helper=20Hook)=20and=20= khelp(9)=20(Kernel=20Helpers)=0A+=09=20=20KPIs=20have=20been=20= implemented.=20These=20are=20a=20kind=20of=20superset=20of=0A+=09=20=20= pfil(9)=20framework=20for=20more=20general=20use=20in=20the=20kernel.=20= The=0A+=09=20=20hhook(9)=20KPI=20provides=20a=20way=20for=20kernel=20= subsystems=20to=20export=0A+=09=20=20hook=20points=20that=20khelp(9)=20= modules=20can=20hook=20to=20provide=0A+=09=20=20enhanced=20or=20new=20= functionality=20to=20the=20kernel.=20The=20khelp(9)=0A+=09=20=20KPI=20= provides=20a=20framework=20for=20managing=20khelp(9)=20modules,=0A+=09=20= =20which=20indirectly=20use=20the=20hhook(9)=20KPI=20to=20register=20= their=20hook=0A+=09=20=20functions=20with=20hook=20points=20of=20= interest=20within=20the=20kernel.=0A+=09=20=20These=20allow=20a=20= structured=20way=20to=20dynamically=20extend=20the=0A+=09=20=20kernel=20= at=20runtime=20in=20an=20ABI=20preserving=20manner.
    • =0A+=09=
  • Accounting=20API:=20has=20been=20implemented.=20It=20can=20= keep=0A+=09=20=20per-process,=20per-jail,=20and=20per-loginclass=20= resource=0A+=09=20=20accounting=20information.=20=20Note=20that=20this=20= is=20not=20built=20nor=0A+=09=20=20installed=20by=20default.=20To=20= build=20and=20install=20them,=20specify=0A+=09=20=20options=20RACCT=20in=20= the=20kernel=20configuration=20file=20and=20rebuild=0A+=09=20=20the=20= base=20system=20as=20described=20in=20the=20FreeBSD=20Handbook
    • =0A+=0A= +=09
  • Resource-limiting=20API:=20has=20been=20implemented.=0A+=09= =20=20It=20works=20in=20conjunction=20with=20the=20RACCT=20resource=20= accounting=0A+=09=20=20implementation=20and=20takes=20user-configurable=20= actions=20based=20on=0A+=09=20=20the=20set=20of=20rules=20it=20maintains=20= and=20the=20current=20resource=0A+=09=20=20usage.=20=20The=20rctl(8)=20= utility=20has=20been=20added=20to=20manage=20the=0A+=09=20=20rules=20in=20= userland.=20Note=20that=20this=20is=20not=20built=20nor=20installed=0A+=09= =20=20by=20default.
    • =0A+=0A+=09
  • Usb:=20subsystem=20now=20= supports=20USB=20packet=20filter.=0A+=09=20=20This=20allows=20to=20= capture=20packets=20which=20go=20through=20each=20USB=0A+=09=20=20host=20= controller.=20The=20implementation=20is=20almost=20based=20on=0A+=09=20=20= bpf(4)=20code.=20=20The=20userland=20program=20usbdump(8)=20has=20been=0A= +=09=20=20added.
    • =0A+=0A+=09
  • Infiniband=20support:,=20OFED=20= (OpenFabrics=20Enterprise=0A+=09=20=20Distribution)=20version=201.5.3=20= has=20been=20imported=20into=20the=0A+=09=20=20base=20system.
    • =0A+=0A= +=09
  • TCP/IP=20network:=20stack=20now=20supports=20the=20= mod_cc(9)=0A+=09=20=20pluggable=20congestion=20control=20framework.=20= This=20allows=20TCP=0A+=09=20=20congestion=20control=20algorithms=20to=20= be=20implemented=20as=0A+=09=20=20dynamically=20loadable=20kernel=20= modules.=20The=20following=20kernel=0A+=09=20=20modules=20are=20= available=20cc_chd(4)=20for=20the=20CAIA-Hamilton-Delay=0A+=09=20=20= algorithm,=20cc_cubic(4)=20for=20the=20CUBIC=20algorithm,=20cc_hd(4)=0A+=09= =20=20for=20the=20Hamilton-Delay=20algorithm,=20cc_htcp(4)=20for=20the=20= H-TCP=0A+=09=20=20algorithm,=20cc_newreno(4)=20for=20the=20NewReno=20= algorithm,=20and=0A+=09=20=20cc_vegas(4)=20for=20the=20Vegas=20= algorithm.=20=20The=20default=20algorithm=0A+=09=20=20can=20be=20set=20= by=20a=20new=20sysctl(8)=20variable=0A+=09=20=20= net.inet.tcp.cc.algorithm.
    • =0A+=0A+=09
  • SU+J:=20&os;=20Fast=20= File=20System=20now=20supports=20soft=20updates=20with=0A+=09journaling.=20= It=20introduces=20an=20intent=20log=20into=20a=0A+=09softupdates-enabled=20= file=20system=20which=20eliminates=20the=20need=20for=0A+=09background=20= fsck(8)=20even=20on=20unclean=20shutdowns.
    • =0A=20=20=20=20=20=20=20=
=0A=20=0A-=20=20=20=20=20=20

FreeBSD=20has=20a=20long=20history=20= of=20advanced=20operating=20system=20feature=0A-=09development;=20you=20= can=20read=20about=20some=20of=20these=20features=20below:

=0A-=0A+=20= =20=20=20=20=20

&os; 8.x=20brings=20many=20new=0A+=09= features=20and=20performance=20enhancements.=20With=20special=20focus=20= on=20a=0A+=09new=20USB=20stack,=20&os;-8.x=20shipped=20with=20= experimental=20support=20for=0A+=09NFSv4.=20As=20well=20as=20a=20new=20= TTY=20layer.=20Which=20improves=20scalability=0A+=09and=20resources=20= handling=20in=20SMP=20enabled=20systems.

=0A=20=20=20=20=20=20=20
    =0A= -=09
  • A=20merged=20virtual=20memory=20and=20filesystem=20buffer=20= cache=0A-=09=20=20continuously=20tunes=20the=20amount=20of=20memory=20= used=20for=20programs=20and=20the=0A-=09=20=20disk=20cache.=20=20As=20a=20= result,=20programs=20receive=20both=20excellent=20memory=0A-=09=20=20=20=20= management=20and=20high=20performance=20disk=20access,=20and=20the=20= system=0A-=09=20=20=20=20administrator=20is=20freed=20from=20the=20task=20= of=20tuning=20cache=20sizes.
    • =0A-=0A-=09
  • Compatibility=20= modules=20enable=20programs=20for=20other=20operating=0A-=09=20=20= systems=20to=20run=20on=20FreeBSD,=20including=20programs=20for=20Linux,=20= SCO=20UNIX,=0A-=09=20=20and=20System=20V=20Release=204.
    • =0A-=0A-=09=
  • Soft=20Updates=20allows=20improved=20filesystem=0A-=09=20=20= performance=20without=20sacrificing=20safety=20and=20reliability.=0A-=09=20= =20It=20analyzes=20meta-data=20filesystem=20operations=20to=20avoid=20= having=0A-=09=20=20to=20perform=20all=20of=20those=20operations=20= synchronously.=0A-=09=20=20Instead,=20it=20maintains=20internal=20state=20= about=20pending=20meta-data=0A-=09=20=20operations=20and=20uses=20this=20= information=20to=20cache=20meta-data,=0A-=09=20=20rewrite=20meta-data=20= operations=20to=20combine=20subsequent=0A-=09=20=20operations=20on=20the=20= same=20files,=20and=20reorder=20meta-data=0A-=09=20=20operations=20so=20= that=20they=20may=20be=20processed=20more=20efficiently.=0A-=09=20=20= Features=20such=20as=20background=20filesystem=20checking=20and=0A-=09=20= =20file=20system=20snapshots=20are=20built=20on=20the=20consistency=0A-=09= =20=20and=20performance=20foundations=20of=20soft=20updates.
    • =0A-=0A= -=09
  • File=20system=20snapshots,=20permitting=20administrators=20= to=20take=0A-=09=20=20atomic=20file=20system=20snapshots=20for=20backup=20= purposes=20using=20the=20free=0A-=09=20=20space=20in=20the=20file=20= system,=20as=20well=20as=20facilitating=20background=0A-=09=20=20= fsck,=20which=20allows=20the=20system=20to=20reach=20multiuser=20= mode=20without=0A-=09=20=20waiting=20on=20file=20system=20cleanup=20= operations=20following=20power=20outages.=0A-=09=20=20
    • =0A-=0A-=09=
  • Support=20for=20IP=20Security=20(IPsec)=20allows=20improved=20= security=20in=0A-=09=20=20networks,=20and=20support=20for=20the=20= next-generation=20Internet=20Protocol,=0A-=09=20=20IPv6.=20=20The=20= FreeBSD=20IPsec=20implementation=20includes=20support=20for=20a=0A-=09=20= =20broad=20range=20of=20accelerated=20crypto=20hardware.
    • =0A-=0A= -=09
  • Out=20of=20the=20box=20support=20for=20IPv6=20via=20the=20= KAME=20IPv6=20stack=0A-=09=20=20allows=20FreeBSD=20to=20be=20seamlessly=20= integrated=20into=20next=20generation=0A-=09=20=20networking=20= environments.=20=20FreeBSD=20even=20ships=20with=20many=20applications=0A= -=09=20=20extended=20to=20support=20IPv6!
    • =0A-=0A-=09=
  • Multi-threaded=20SMP=20architecture=20capable=20of=20= executing=20the=0A-=09=20=20kernel=20in=20parallel=20on=20multiple=20= processors,=20and=20with=20kernel=0A-=09=20=20preemption,=20= allowing=20high=20priority=20kernel=20tasks=20to=20preempt=0A-=09=20=20= other=20kernel=20activity,=20reducing=20latency.=20=20This=20includes=20= a=0A-=09=20=20multi-threaded=20network=20stack=20and=20a=20= multi-threaded=0A-=09=20=20virtual=20memory=20subsystem.=20=20= Beginning=20with=20FreeBSD=206.x,=20support=0A-=09=20=20for=20a=20fully=20= parallel=20VFS=20allows=20the=20UFS=20file=20system=20to=20run=20on=20= multiple=0A-=09=20=20processors=20simultaneously,=20permitting=20load=20= sharing=20of=0A-=09=20=20CPU-intensive=20I/O=20optimization.
    • =0A-=0A= -=09
  • M:N=20application=20threading=20via=20pthreads=20= permitting=20threads=0A-=09=20=20to=20execute=20on=20multiple=20CPUs=20= in=20a=20scalable=20manner,=20mapping=20many=20user=0A-=09=20=20threads=20= onto=20a=20small=20number=20of=20Kernel=20Schedulable=20Entities.=0A= -=09=20=20By=20adopting=20the=20Scheduler=20Activation=20model,=20= the=20threading=0A-=09=20=20approach=20can=20be=20adapted=20to=20the=20= specific=20requirements=20of=20a=20broad=0A-=09=20=20range=20of=20= applications.
    • =0A-=0A-=09
  • Netgraph=20pluggable=20network=20= stack=20allows=20developers=20to=0A-=09=20=20dynamically=20and=20= easily=20extend=20the=20network=20stack=20through=20clean=0A-=09=20=20= layered=20network=20abstractions.=20=20Netgraph=20nodes=20can=20= implement=20a=20broad=0A-=09=20=20range=20of=20new=20network=20services,=20= including=20encapsulation,=20tunneling,=0A-=09=20=20encryption,=20and=20= performance=20adaptation.=20=20As=20a=20result,=20rapid=0A-=09=20=20= prototyping=20and=20production=20deployment=20of=20enhanced=20network=20= services=0A-=09=20=20can=20be=20performed=20far=20more=20easily=20and=20= with=20fewer=20bugs.
    • =0A-=0A-=09
  • TrustedBSD=20MAC=20Framework=20= extensible=20kernel=20security,=0A-=09=20=20which=20allows=20= developers=20to=20customize=20the=20operating=20system=20security=0A-=09=20= =20model=20for=20specific=20environments,=20from=20creating=20hardening=20= policies=0A-=09=20=20to=20deploying=20mandatory=20labeled=20= confidentiality=20of=20integrity=0A-=09=20=20policies.=20=20Sample=20= security=20policies=20include=20Multi-Level=0A-=09=20=20Security=20= (MLS),=20and=20Biba=20Integrity=20Protection.=20=20Third=0A-=09= =20=20party=20modules=20include=20SEBSD,=20a=20FLASK-based=20= implementation=0A-=09=20=20of=20Type=20Enforcement.
    • =0A-=0A-=09=
  • TrustedBSD=20Audit=20is=20a=20security=20event=20logging=20= service,=0A-=09=20=20providing=20fine-grained,=20secure,=20reliable=20= logging=20of=20system=20events=0A-=09=20=20via=20the=20audit=20service.=20= =20Administrators=20can=20configure=20the=20nature=20and=0A-=09=20=20= granularity=20of=20logging=20by=20user,=20tracking=20file=20accesses,=20= commands=0A-=09=20=20executed,=20network=20activity,=20system=20logins,=20= and=20a=20range=20of=20other=0A-=09=20=20system=20behavior.=20=20Audit=20= pipes=20allow=20IDS=20tools=20to=20attach=20to=20the=0A-=09=20=20kernel=20= audit=20service=20and=20subscribe=20to=20events=20they=20require=20for=0A= -=09=20=20security=20monitoring.=20=20FreeBSD=20supports=20the=20= industry-standard=20BSM=0A-=09=20=20audit=20trail=20file=20format=20and=20= API,=20allowing=20existing=20BSM=20tools=20to=0A-=09=20=20run=20with=20= little=20or=20no=20modification.=20=20This=20file=20format=20is=20used=20= on=0A-=09=20=20Solaris=20and=20Mac=20OS=20X,=20allowing=20instant=20= interoperability=20and=20unified=0A-=09=20=20analysis.
    • =0A-=0A-=09=
  • GEOM=20pluggable=20storage=20layer,=20which=20permits=20new=20= storage=0A-=09=20=20services=20to=20be=20quickly=20developed=20and=20= cleanly=20integrated=20into=20the=0A-=09=20=20FreeBSD=20storage=20= subsystem.=20=20GEOM=20provides=20a=20consistent=20and=0A-=09=20=20= coherent=20model=20for=20discovering=20and=20layering=20storage=20= services,=0A-=09=20=20making=20it=20possible=20to=20layer=20services=20= such=20as=20RAID=20and=20volume=0A-=09=20=20management=20easily.
    • =0A= -=0A-=09
  • FreeBSD's=20GEOM-Based=20Disk=20Encryption=20(GBDE),=20= provides=0A-=09=20=20strong=20cryptographic=20protection=20using=20the=20= GEOM=20Framework,=20and=20can=0A-=09=20=20protect=20file=20systems,=20= swap=20devices,=20and=20other=20use=20of=20storage=0A-=09=20=20= media.
    • =0A-=0A-=09
  • Kernel=20Queues=20allow=20programs=20to=20= respond=20more=20efficiently=0A-=09=20=20to=20a=20variety=20of=20= asynchronous=20events=20including=20file=20and=20socket=20IO,=0A-=09=20=20= improving=20application=20and=20system=20performance.
    • =0A-=0A-=09=
  • Accept=20Filters=20allow=20connection-intensive=20= applications,=0A-=09=20=20such=20as=20web=20servers,=20to=20cleanly=20= push=20part=20of=20their=20functionality=20into=0A-=09=20=20the=20= operating=20system=20kernel,=20improving=20performance.
    • =0A+=09=
  • Netisr=20framework:=20has=20been=20reimplemented=20for=0A+=09=20= =20parallel=20threading=20support.=20This=20is=20a=20kernel=20network=0A= +=09=20=20dispatch=20interface=20which=20allows=20device=20drivers=20= (and=20other=0A+=09=20=20packet=20sources)=20to=20direct=20packets=20to=20= protocols=20for=20directly=0A+=09=20=20dispatched=20or=20deferred=20= processing.=20The=20new=20implementation=0A+=09=20=20supports=20up=20to=20= one=20netisr=20thread=20per=20CPU,=20and=20several=0A+=09=20=20= benchmarks=20on=20SMP=20machines=20show=20substantial=20performance=0A+=09= =20=20improvement=20over=20the=20previous=20version.
    • =0A+=0A+=09=
  • Linux=20emulation:=20layer=20has=20been=20updated=20to=20= version=0A+=09=20=202.6.16=20and=20the=20default=20Linux=20= infrastructure=20port=20is=20now=0A+=09=20=20emulators/linux_base-f10=20= (Fedora=2010)
    • =0A+=0A+=09
  • New=20virtualization:=20= container=20named=20=20vimage=20=20has=0A+=09=20=20been=20implemented.=20= =20This=20is=20a=20jail=20with=20a=20virtualized=0A+=09=20=20instance=20= of=20the=20FreeBSD=20network=20stack=20and=20can=20be=20created=0A+=09=20= =20by=20using=20jail(8)=20command.
    • =0A=20=20=20=20=20=20=20
=0A-=0A= -=20=20=20=20

FreeBSD=20provides=20many=20security=20features=0A-=20=20= =20=20=20=20to=20protect=20networks=20and=20servers.

=0A-=0A-=20=20=20= =20=20=20

The=20FreeBSD=20developers=20are=20as=20concerned=20about=20= security=20as=20they=20are=0A-=09about=20performance=20and=20stability.=20= =20FreeBSD=20includes=20kernel=20support=20for=0A-=09stateful=20IP=20= firewalling,=20as=20well=20as=20other=20services,=20such=20as=0A-=09= IP=20proxy=20gateways,=20access=20control=20lists,=20= mandatory=0A-=09access=20control,=20jail-based=20virtual=20= hosting,=20and=0A-=09cryptographically=20protected=20storage.=20= =20These=20features=20can=20be=0A-=09used=20to=20support=20highly=20= secure=20hosting=20of=20mutually=20untrusting=0A-=09customers=20or=20= consumers,=20the=20strong=20partitioning=20of=20network=20segments,=0A-=09= and=20the=20construction=20of=20secure=20pipelines=20for=20information=20= scrubbing=0A-=09and=20information=20flow=20control.

=0A-=0A-=20=20=20=20= =20=20

FreeBSD=20also=20includes=20support=20for=20encryption=20= software,=20secure=0A-=09shells,=20Kerberos=20authentication,=20"virtual=20= servers"=20created=20using=0A-=09jails,=20chroot-ing=20services=20to=20= restrict=20application=20access=20to=20the=0A-=09file=20system,=20Secure=20= RPC=20facilities,=20and=20access=20lists=20for=20services=0A-=09that=20= support=20TCP=20wrappers.

=0A-=0A=20=20=20=0A=20=0A--=20= =0A1.7.5.4=0A=0A= --Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA Content-Disposition: attachment; filename=0002-clarification-to-virtualized-network-stack-topology.patch Content-Type: application/octet-stream; name="0002-clarification-to-virtualized-network-stack-topology.patch" Content-Transfer-Encoding: quoted-printable =46rom=20cf7a1fecc856bc1a51b921d65d872bb3bae16ab0=20Mon=20Sep=2017=20= 00:00:00=202001=0AFrom:=20"Isaac=20(.ike)=20Levy"=20= =0ADate:=20Thu,=2024=20Jan=202013=2016:05:38=20= -0500=0ASubject:=20[PATCH=202/2]=20clarification=20to=20virtualized=20= network=20stack=20topology=0A=0ASigned-off-by:=20Isaac=20(.ike)=20Levy=20= =0A---=0A=20= en_US.ISO8859-1/htdocs/features.xml=20|=20=20=2010=20++++++----=0A=201=20= files=20changed,=206=20insertions(+),=204=20deletions(-)=0A=0Adiff=20= --git=20a/en_US.ISO8859-1/htdocs/features.xml=20= b/en_US.ISO8859-1/htdocs/features.xml=0Aindex=20c6f97f2..b4508ad=20= 100644=0A---=20a/en_US.ISO8859-1/htdocs/features.xml=0A+++=20= b/en_US.ISO8859-1/htdocs/features.xml=0A@@=20-123,10=20+123,12=20@@=0A=20= =09=20=202.6.16=20and=20the=20default=20Linux=20infrastructure=20port=20= is=20now=0A=20=09=20=20emulators/linux_base-f10=20(Fedora=2010)=0A=20= =0A-=09
  • New=20virtualization:=20container=20named=20=20vimage=20= =20has=0A-=09=20=20been=20implemented.=20=20This=20is=20a=20jail=20with=20= a=20virtualized=0A-=09=20=20instance=20of=20the=20FreeBSD=20network=20= stack=20and=20can=20be=20created=0A-=09=20=20by=20using=20jail(8)=20= command.
    • =0A+=09
  • Network=20Virtualization:=20Container=20= named=20=20vimage=20=20has=0A+=20=20=20=20=20=20=20=20=20=20been=20= implemented,=20extending=20the=20FreeBSD=20kernel=20to=20maintain=20= multiple=0A+=20=20=20=20=20=20=20=20=20=20independent=20instances=20of=20= networking=20state.=20=20vimage=20facilities=20can=20be=0A+=20=20=20=20=20= =20=20=20=20=20used=20independently=20to=20create=20fully=20virtualized=20= network=20topologies,=0A+=20=20=20=20=20=20=20=20=20=20and=20jail(8)=20= can=20directly=20take=20advantage=20of=20a=20fully=20virtualized=20= network=0A+=20=20=20=20=20=20=20=20=20=20stack.
    • =0A=20=20=20=20=20=20= =20=0A=20=20=20=0A=20=0A--=20=0A1.7.5.4=0A=0A= --Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA--