From owner-freebsd-net@FreeBSD.ORG Mon Feb 4 21:15:22 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 514CA16A473 for ; Mon, 4 Feb 2008 21:15:22 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id B7C4B13C4EB for ; Mon, 4 Feb 2008 21:15:21 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 19366 invoked from network); 4 Feb 2008 20:34:28 -0000 Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 4 Feb 2008 20:34:28 -0000 Message-ID: <47A78070.1080504@freebsd.org> Date: Mon, 04 Feb 2008 22:15:28 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.14 (Windows/20071210) MIME-Version: 1.0 To: ithilgore References: <32c178710802040633w671f8512mc3f8991dc996d3a3@mail.gmail.com> <20080204191502.GO99258@elvis.mu.org> <47A8057B.2080801@gmail.com> In-Reply-To: <47A8057B.2080801@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Alfred Perlstein Subject: Re: FreeBSD network stack Vs others X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2008 21:15:22 -0000 ithilgore wrote: > Alfred Perlstein wrote: >> * ithilgore -- [080204 06:59] wrote: >> >>> I 'd like to learn what are the basic differences ( pros and cons ) >>> between >>> the >>> FreeBSD network stack and the other OSs' ( especially linux ) >>> >>> I know that linux has had everything rewritten from scratch as far as >>> the >>> implementation of tcp-ip and the sockets are concerned and would like to >>> know if this has made it actually more robust or state-of-the-art than >>> FreeBSD's or the opposite. >>> >>> Some actual technical details and references would be appreciated. >>> >> >> Linux's stack hasn't been rewritten from the BSD one, it was written >> from scratch. >> >> Linux's tcp/ip stack has been rewritten many times over the years >> with the promise of large performance gains. >> >> The fact of the matter is that the performance on the "bleeding >> edge" of both systems, FreeBSD and Linux, is about the same. >> >> From a BSD proponent's perspective, I would take the pragmatic >> viewpoint that everytime Linux reinvents its stack to get performance >> or some other feature FreeBSD isn't far behind with a relatively >> minor change to its stack to accomplish the same feat. >> >> -Alfred >> > > This means less work for the same gain, if it is as you say. FreeBSD's TCP/IP stack is a descendant of the original reference TCP/IP implementation from the University of California at Berkeley. The Internet was pretty much invented and developed on the BSD operating system source code. The reference standard book named "TCP/IP Illustrated Vol. 2" describes the BSD (and FreeBSD's) TCP/IP stack in great detail. This book is used to teach TCP/IP implementations to almost all Computer Science students all over the world. Of course FreeBSD has further refined the implementation and added support for RFCs features that came after the original code base. > As far as special cases are concerned, has FreeBSD taken extra care for > them ? Yes. We have SYN flood attack protection (called syncache) and many more advanced features. > Like for example error checking on more things or > additional care for a special bad condition not to happen. > What about the security hardening ? Would the FreeBSD network stack > succumb less easily to attacks (supposing one doesn't use any additional > protection mechanism ) ? No, the stack is *very* robust. You can't crash it. Though you have to differentiate between attacks that try to cause the operating system to break (which you can't on FreeBSD); and attacks that overload the (any) system by opening so many connections that it can't deal with them anymore. Here we have pretty much all parts covered too. Syncache, compressed time_ wait states, etc. No to say something great can't improved further. I'm currently doing that with long term view. However the FreeBSD approach is evolutionary instead of revolutionary as it happens so often on Linux. This gives us a very stable and very proven long living code base. -- Andre