From owner-svn-doc-head@FreeBSD.ORG Tue Jan 29 23:24:40 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 59249D7C; Tue, 29 Jan 2013 23:24:40 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 3CBE8EE4; Tue, 29 Jan 2013 23:24:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0TNOdd9094313; Tue, 29 Jan 2013 23:24:39 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0TNOdit094312; Tue, 29 Jan 2013 23:24:39 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201301292324.r0TNOdit094312@svn.freebsd.org> From: Eitan Adler Date: Tue, 29 Jan 2013 23:24:39 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40807 - head/en_US.ISO8859-1/htdocs X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 23:24:40 -0000 Author: eadler Date: Tue Jan 29 23:24:39 2013 New Revision: 40807 URL: http://svnweb.freebsd.org/changeset/doc/40807 Log: Update and modernize the features.xml page Translators take note: this is a full rewrite. Starting with old content will likely not be helpful. Submitted by: Chris Petrik Submitted by: Isaac (.ike) Levy Reviewed by: -doc Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/htdocs/features.xml Modified: head/en_US.ISO8859-1/htdocs/features.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/features.xml Tue Jan 29 22:37:44 2013 (r40806) +++ head/en_US.ISO8859-1/htdocs/features.xml Tue Jan 29 23:24:39 2013 (r40807) @@ -5,7 +5,7 @@ ]> - + &title; $FreeBSD$ @@ -13,222 +13,120 @@ -

FreeBSD offers many advanced features.

&os; offers many unique features.

No matter what the application, you want your system's resources - performing at their full potential. FreeBSD's focus on - performance, networking, and storage combine with easy system - administration and excellent documentation to allow you to do just - that.

No matter what the application, you want your system's + resources performing at their full potential. &os;'s focus + on performance, networking, and storage, combined with easy + system administration and excellent documentation to allow + you to do what you want.

A complete operating system based on 4.4BSD.

FreeBSD's distinguished roots derive from the BSD - software releases from the Computer Systems Research Group at the - University of California, Berkeley. Over ten years of work have been - put into enhancing BSD, adding industry-leading SMP, multithreading, - and network performance, as well as new management tools, file - systems, and security features. As a result, FreeBSD may be found - across the Internet, in the operating system of core router products, - running root name servers, hosting major web sites, and as the - foundation for widely used desktop operating systems. This is only - possible because of the diverse and world-wide membership of the - volunteer FreeBSD Project.

- -

FreeBSD provides advanced operating system features, making it ideal - across a range of systems, from embedded environments to high-end - multiprocessor servers.

- -

FreeBSD 7.0, released February 2008, brings many new features - and performance enhancements. With a special focus on storage - and multiprocessing performance, FreeBSD 7.0 shipped with support - for Sun's ZFS file system and highly scalable - multiprocessing performance. Benchmarks have shown that FreeBSD - provides twice the MySQL and PostgreSQL performance as current Linux - systems on 8-core servers.

&os;'s distinguished roots derive from the BSD + software releases from the Computer Systems Research Group at + the University of California, Berkeley. Over fifteen years of + work have been put into enhancing &os;, adding + industry-leading scalability, network performance, management + tools, file systems, and security features. As a result, + &os; may be found across the Internet, in the operating system + of core router products, running root name servers, hosting + major web sites, and as the foundation for widely used desktop + operating systems. This is only possible because of the + diverse and world-wide membership of the + volunteer &os; Project.

+ +

&os; 9.0, brings many new features + and performance enhancements with a special focus on desktop + support and security features.

SMPng: After seven years of development on advanced SMP - support, FreeBSD 7.0 realizes the goals of a fine-grained kernel - allowing linear scalability to over 8 CPU cores for many workloads. - FreeBSD 7.0 sees an almost complete elimination of the Giant Lock, - removing it from the CAM storage layer and NFS client, and moving - towards more fine-grained locking in the network subsystem. - Significant work has also been performed to optimize kernel - scheduling and locking primitives, and the optional ULE scheduler - allows thread CPU affinity and per-CPU run queues to reduce - overhead and increase cache-friendliness. The libthr threading - package, providing 1:1 threading, is now the default. Benchmarks - reveal a dramatic performance advantage over other &unix; operating - systems on identical multicore hardware, and reflect a long - investment in SMP technology for the FreeBSD kernel.
ZFS filesystem: Sun's ZFS is a state-of-the-art file - system offering simple administration, transactional semantics, - end-to-end data integrity, and immense scalability. From - self-healing to built-in compression, RAID, snapshots, and volume - management, ZFS will allow FreeBSD system administrators to easily - manage large storage arrays.
10Gbps network optimization: With optimized device drivers - from all major 10gbps network vendors, FreeBSD 7.0 has seen - extensive optimization of the network stack for high performance - workloads, including auto-scaling socket buffers, TCP Segment - Offload (TSO), Large Receive Offload (LRO), direct network stack - dispatch, and load balancing of TCP/IP workloads over multiple CPUs - on supporting 10gbps cards or when multiple network interfaces are - in use simultaneously. Full vendor support is available from - Chelsio, Intel, Myricom, and Neterion.
SCTP: FreeBSD 7.0 is the reference implementation for the - new IETF Stream Control Transmission Protocol (SCTP) protocol, - intended to support VoIP, telecommunications, and other - applications with strong reliability and variable quality - transmission through features such as multi-path delivery, - fail-over, and multi-streaming.
Wireless: FreeBSD 7.0 ships with significantly enhanced - wireless support, including high-power Atheros-based cards, new - drivers for Ralink, Intel, and ZyDAS cards, WPA, background - scanning and roaming, and 802.11n.
New hardware architectures: FreeBSD 7.0 includes - significantly improved support for the embedded ARM architecture, - as well as preliminary support for the Sun Ultrasparc T1 - platform.
Capsicum Capability Mode: + Capsicum is a set of features for sandboxing support, using + a capability model in which the capabilities are file + descriptors. Two new kernel options CAPABILITIES and + CAPABILITY_MODE have been added to the GENERIC kernel.
Hhook: (Helper Hook) and khelp(9) (Kernel Helpers) + KPIs have been implemented. These are a kind of superset of + pfil(9) framework for more general use in the kernel. The + hhook(9) KPI provides a way for kernel subsystems to export + hook points that khelp(9) modules can hook to provide + enhanced or new functionality to the kernel. The khelp(9) + KPI provides a framework for managing khelp(9) modules, + which indirectly use the hhook(9) KPI to register their hook + functions with hook points of interest within the kernel. + These allow a structured way to dynamically extend the + kernel at runtime in an ABI preserving manner.
Accounting API: has been implemented. It can keep + per-process, per-jail, and per-loginclass resource + accounting information. Note that this is not built nor + installed by default. To build and install them, specify + options RACCT in the kernel configuration file and rebuild + the base system as described in the FreeBSD Handbook
Resource-limiting API: has been implemented. + It works in conjunction with the RACCT resource accounting + implementation and takes user-configurable actions based on + the set of rules it maintains and the current resource + usage. The rctl(8) utility has been added to manage the + rules in userland. Note that this is not built nor + installed by default.
Usb: subsystem now supports USB packet filter. + This allows to capture packets which go through each USB + host controller. The implementation is almost based on + bpf(4) code. The userland program usbdump(8) has been + added.
Infiniband support:, OFED (OpenFabrics Enterprise + Distribution) version 1.5.3 has been imported into the + base system.
TCP/IP network: stack now supports the mod_cc(9) + pluggable congestion control framework. This allows TCP + congestion control algorithms to be implemented as + dynamically loadable kernel modules. The following kernel + modules are available cc_chd(4) for the CAIA-Hamilton-Delay + algorithm, cc_cubic(4) for the CUBIC algorithm, cc_hd(4) + for the Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP + algorithm, cc_newreno(4) for the NewReno algorithm, and + cc_vegas(4) for the Vegas algorithm. The default algorithm + can be set by a new sysctl(8) variable + net. inet. tcp. cc. algorithm.
SU+J: &os; Fast File System now supports soft + updates with journaling. It introduces an intent log into a + softupdates-enabled file system which eliminates the need for + background fsck(8) even on unclean shutdowns.

FreeBSD has a long history of advanced operating system feature - development; you can read about some of these features below:

&os; 8.x brings many new + features and performance enhancements. With special focus on + a new USB stack, &os;-8.x shipped with experimental support + for NFSv4. As well as a new TTY layer. Which improves + scalability and resources handling in SMP enabled systems.

A merged virtual memory and filesystem buffer cache - continuously tunes the amount of memory used for programs and the - disk cache. As a result, programs receive both excellent memory - management and high performance disk access, and the system - administrator is freed from the task of tuning cache sizes.
Compatibility modules enable programs for other operating - systems to run on FreeBSD, including programs for Linux, SCO UNIX, - and System V Release 4.
Soft Updates allows improved filesystem - performance without sacrificing safety and reliability. - It analyzes meta-data filesystem operations to avoid having - to perform all of those operations synchronously. - Instead, it maintains internal state about pending meta-data - operations and uses this information to cache meta-data, - rewrite meta-data operations to combine subsequent - operations on the same files, and reorder meta-data - operations so that they may be processed more efficiently. - Features such as background filesystem checking and - file system snapshots are built on the consistency - and performance foundations of soft updates.
File system snapshots, permitting administrators to take - atomic file system snapshots for backup purposes using the free - space in the file system, as well as facilitating background - fsck, which allows the system to reach multiuser mode without - waiting on file system cleanup operations following power outages. -
Support for IP Security (IPsec) allows improved security in - networks, and support for the next-generation Internet Protocol, - IPv6. The FreeBSD IPsec implementation includes support for a - broad range of accelerated crypto hardware.
Out of the box support for IPv6 via the KAME IPv6 stack - allows FreeBSD to be seamlessly integrated into next generation - networking environments. FreeBSD even ships with many applications - extended to support IPv6!
Multi-threaded SMP architecture capable of executing the - kernel in parallel on multiple processors, and with kernel - preemption, allowing high priority kernel tasks to preempt - other kernel activity, reducing latency. This includes a - multi-threaded network stack and a multi-threaded - virtual memory subsystem. Beginning with FreeBSD 6.x, support - for a fully parallel VFS allows the UFS file system to run on multiple - processors simultaneously, permitting load sharing of - CPU-intensive I/O optimization.
M:N application threading via pthreads permitting threads - to execute on multiple CPUs in a scalable manner, mapping many user - threads onto a small number of Kernel Schedulable Entities. - By adopting the Scheduler Activation model, the threading - approach can be adapted to the specific requirements of a broad - range of applications.
Netgraph pluggable network stack allows developers to - dynamically and easily extend the network stack through clean - layered network abstractions. Netgraph nodes can implement a broad - range of new network services, including encapsulation, tunneling, - encryption, and performance adaptation. As a result, rapid - prototyping and production deployment of enhanced network services - can be performed far more easily and with fewer bugs.
TrustedBSD MAC Framework extensible kernel security, - which allows developers to customize the operating system security - model for specific environments, from creating hardening policies - to deploying mandatory labeled confidentiality of integrity - policies. Sample security policies include Multi-Level - Security (MLS), and Biba Integrity Protection. Third - party modules include SEBSD, a FLASK-based implementation - of Type Enforcement.
TrustedBSD Audit is a security event logging service, - providing fine-grained, secure, reliable logging of system events - via the audit service. Administrators can configure the nature and - granularity of logging by user, tracking file accesses, commands - executed, network activity, system logins, and a range of other - system behavior. Audit pipes allow IDS tools to attach to the - kernel audit service and subscribe to events they require for - security monitoring. FreeBSD supports the industry-standard BSM - audit trail file format and API, allowing existing BSM tools to - run with little or no modification. This file format is used on - Solaris and Mac OS X, allowing instant interoperability and unified - analysis.
GEOM pluggable storage layer, which permits new storage - services to be quickly developed and cleanly integrated into the - FreeBSD storage subsystem. GEOM provides a consistent and - coherent model for discovering and layering storage services, - making it possible to layer services such as RAID and volume - management easily.
FreeBSD's GEOM-Based Disk Encryption (GBDE), provides - strong cryptographic protection using the GEOM Framework, and can - protect file systems, swap devices, and other use of storage - media.
Kernel Queues allow programs to respond more efficiently - to a variety of asynchronous events including file and socket IO, - improving application and system performance.
Accept Filters allow connection-intensive applications, - such as web servers, to cleanly push part of their functionality into - the operating system kernel, improving performance.
Netisr framework: has been reimplemented for + parallel threading support. This is a kernel network + dispatch interface which allows device drivers (and other + packet sources) to direct packets to protocols for directly + dispatched or deferred processing. The new implementation + supports up to one netisr thread per CPU, and several + benchmarks on SMP machines show substantial performance + improvement over the previous version.
Linux emulation: layer has been updated to version + 2. 6. 16 and the default Linux infrastructure port is now + emulators/linux_base-f10 (Fedora 10)
Network Virtualization: Container named vimage has + been implemented, extending the FreeBSD kernel to maintain + multiple independent instances of networking state. + vimage facilities can be used independently to create fully + virtualized network topologies, and jail(8) can directly + take advantage of a fully virtualized network stack.

- -

FreeBSD provides many security features - to protect networks and servers.

- -

The FreeBSD developers are as concerned about security as they are - about performance and stability. FreeBSD includes kernel support for - stateful IP firewalling, as well as other services, such as - IP proxy gateways, access control lists, mandatory - access control, jail-based virtual hosting, and - cryptographically protected storage. These features can be - used to support highly secure hosting of mutually untrusting - customers or consumers, the strong partitioning of network segments, - and the construction of secure pipelines for information scrubbing - and information flow control.

- -

FreeBSD also includes support for encryption software, secure - shells, Kerberos authentication, "virtual servers" created using - jails, chroot-ing services to restrict application access to the - file system, Secure RPC facilities, and access lists for services - that support TCP wrappers.