FreeBSD Mail Archives

Date:      Thu, 24 Jan 2013 16:11:04 -0500
From:      "Isaac (.ike) Levy" <ike@blackskyresearch.net>
To:        Eitan Adler <lists@eitanadler.com>
Cc:        freebsd-doc@freebsd.org
Subject:   Re: features.xml
Message-ID:  <1359061943-3954666.10115781.fr0OLB4so031293@rs149.luxsci.com>
In-Reply-To: <CAF6rxg=prxii63d%2BJJ8F5Fo2UaMdcPpYkz=SZs9aYJDhPcM9-Q@mail.gmail.com>
References:  <CAF6rxgkbnKbUSuoruaVbHC285JXjdeJd1SjdCBCMBdRj-i2a9A@mail.gmail.com> <CAF6rxgn0W61-LGi4N8N9Bi71jE-WLwD-k5tfq4Obrcrt4zoTaQ@mail.gmail.com> <CAF6rxgk=fDAKQ4Hjq=KBBNKE4n4A=QmtD7YB5e9hFWW=saLoRw@mail.gmail.com> <70AFF504-314E-4F42-A2E1-D148D8FA2BCD@axialmarket.com> <CAF6rxg=rqEnkuabh46iYX%2BzMV2kV0M7=WteLe313m0QXxPA4pg@mail.gmail.com> <1359058203-4509368.00016252.fr0OK9rh7016372@rs149.luxsci.com> <CAF6rxg=prxii63d%2BJJ8F5Fo2UaMdcPpYkz=SZs9aYJDhPcM9-Q@mail.gmail.com>


--Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On Jan 24, 2013, at 3:54 PM, Eitan Adler wrote:

> On 24 January 2013 15:09, Isaac (.ike) Levy <ike@blackskyresearch.net> =
wrote:
>> On Jan 24, 2013, at 12:09 PM, Eitan Adler wrote:
>>=20
>>> On 24 January 2013 12:07, Isaac (.ike) Levy =
<ike.levy@axialmarket.com> wrote:
>>>>=20
>>>> Would you like me to submit a patch back to list?  (Will get to it =
this weekend if so.)
>>>=20
>>> Please do!
>>=20
>> What is the accepted workflow for submitting a doc patch?
>=20
> "git format-patch / git send-email", "git show", "git diff", "svn
> diff", are all accepted
>=20
>> After downloading svn doc repo, and then the git 'best-effort' repo, =
I was dismayed not to find the git sha =
'1b6e180cdc56ae8cfea8d54f420c282830380f37', referenced in your original =
post:
>=20
> The patch was the output of "git show" on a local branch.  You will
> need to use patch(1) - not any git command to apply it.

Thanks-

Attached are 2x patches, which you can apply using patch(1), or

- using git to preserve history and context,
# git am 0001-Eitan-original-patch-to-doc-list
# git am 0002-clarification-to-virtualized-network-stack-topology

- using patch(1) to merely apply the patch,
# patch en_US.ISO8859-1/htdocs/features.xml \
    0002-clarification-to-virtualized-network-stack-topology

Best,
.ike


--Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA
Content-Disposition: attachment;
	filename=0001-Eitan-original-patch-to-doc-list.patch
Content-Type: application/octet-stream;
	name="0001-Eitan-original-patch-to-doc-list.patch"
Content-Transfer-Encoding: quoted-printable

=46rom=20b5db7efcd0d59d252a3803def38cb0526b98c170=20Mon=20Sep=2017=20=
00:00:00=202001=0AFrom:=20"Isaac=20(.ike)=20Levy"=20=
<ike@blackskyresearch.net>=0ADate:=20Thu,=2024=20Jan=202013=2016:01:17=20=
-0500=0ASubject:=20[PATCH=201/2]=20Eitan=20original=20patch=20to=20doc=20=
list=0A=0ASigned-off-by:=20Isaac=20(.ike)=20Levy=20=
<ike@blackskyresearch.net>=0A---=0A=20=
en_US.ISO8859-1/htdocs/features.xml=20|=20=20268=20=
+++++++++++------------------------=0A=201=20files=20changed,=2083=20=
insertions(+),=20185=20deletions(-)=0A=0Adiff=20--git=20=
a/en_US.ISO8859-1/htdocs/features.xml=20=
b/en_US.ISO8859-1/htdocs/features.xml=0Aindex=20919195c..c6f97f2=20=
100644=0A---=20a/en_US.ISO8859-1/htdocs/features.xml=0A+++=20=
b/en_US.ISO8859-1/htdocs/features.xml=0A@@=20-39,196=20+39,94=20@@=0A=20=09=
across=20a=20range=20of=20systems,=20from=20embedded=20environments=20to=20=
high-end=0A=20=09multiprocessor=20servers.</h2>=0A=20=0A-=20=20=20=20=20=20=
<p><b>FreeBSD=207.0</b>,=20released=20February=202008,=20brings=20many=20=
new=20features=0A-=09and=20performance=20enhancements.=20=20With=20a=20=
special=20focus=20on=20storage=0A-=09and=20multiprocessing=20=
performance,=20FreeBSD=207.0=20shipped=20with=20support=0A-=09for=20=
Sun's=20<b>ZFS=20file=20system</b>=20and=20<b>highly=20scalable=0A-=09=
multiprocessing=20performance</b>.=20=20Benchmarks=20have=20shown=20that=20=
FreeBSD=0A-=09provides=20twice=20the=20MySQL=20and=20PostgreSQL=20=
performance=20as=20current=20Linux=0A-=09systems=20on=208-core=20=
servers.</p>=0A+=20=20=20=20=20=20<p><b>&os;&nbsp;9.0</b>,=20brings=20=
many=20new=20features=0A+=09and=20performance=20enhancements=20with=20a=20=
special=20focus=20on=20desktop=0A+=09support=20and=20security=20=
features.</p>=0A=20=0A=20=20=20=20=20=20=20<ul>=0A-=09<li><b>SMPng</b>:=20=
After=20seven=20years=20of=20development=20on=20advanced=20SMP=0A-=09=20=20=
support,=20FreeBSD=207.0=20realizes=20the=20goals=20of=20a=20=
fine-grained=20kernel=0A-=09=20=20allowing=20linear=20scalability=20to=20=
over=208=20CPU=20cores=20for=20many=20workloads.=0A-=09=20=20FreeBSD=20=
7.0=20sees=20an=20almost=20complete=20elimination=20of=20the=20Giant=20=
Lock,=0A-=09=20=20removing=20it=20from=20the=20CAM=20storage=20layer=20=
and=20NFS=20client,=20and=20moving=0A-=09=20=20towards=20more=20=
fine-grained=20locking=20in=20the=20network=20subsystem.=0A-=09=20=20=
Significant=20work=20has=20also=20been=20performed=20to=20optimize=20=
kernel=0A-=09=20=20scheduling=20and=20locking=20primitives,=20and=20the=20=
optional=20ULE=20scheduler=0A-=09=20=20allows=20thread=20CPU=20affinity=20=
and=20per-CPU=20run=20queues=20to=20reduce=0A-=09=20=20overhead=20and=20=
increase=20cache-friendliness.=20=20The=20libthr=20threading=0A-=09=20=20=
package,=20providing=201:1=20threading,=20is=20now=20the=20default.=20=20=
Benchmarks=0A-=09=20=20reveal=20a=20dramatic=20performance=20advantage=20=
over=20other=20&unix;=20operating=0A-=09=20=20systems=20on=20identical=20=
multicore=20hardware,=20and=20reflect=20a=20long=0A-=09=20=20investment=20=
in=20SMP=20technology=20for=20the=20FreeBSD=20kernel.</li>=0A-=0A-=09=
<li><b>ZFS=20filesystem</b>:=20Sun's=20ZFS=20is=20a=20state-of-the-art=20=
file=0A-=09=20=20system=20offering=20simple=20administration,=20=
transactional=20semantics,=0A-=09=20=20end-to-end=20data=20integrity,=20=
and=20immense=20scalability.=20=20From=0A-=09=20=20self-healing=20to=20=
built-in=20compression,=20RAID,=20snapshots,=20and=20volume=0A-=09=20=20=
management,=20ZFS=20will=20allow=20FreeBSD=20system=20administrators=20=
to=20easily=0A-=09=20=20manage=20large=20storage=20arrays.</li>=0A-=0A-=09=
<li><b>10Gbps=20network=20optimization</b>:=20With=20optimized=20device=20=
drivers=0A-=09=20=20from=20all=20major=2010gbps=20network=20vendors,=20=
FreeBSD=207.0=20has=20seen=0A-=09=20=20extensive=20optimization=20of=20=
the=20network=20stack=20for=20high=20performance=0A-=09=20=20workloads,=20=
including=20auto-scaling=20socket=20buffers,=20TCP=20Segment=0A-=09=20=20=
Offload=20(TSO),=20Large=20Receive=20Offload=20(LRO),=20direct=20network=20=
stack=0A-=09=20=20dispatch,=20and=20load=20balancing=20of=20TCP/IP=20=
workloads=20over=20multiple=20CPUs=0A-=09=20=20on=20supporting=2010gbps=20=
cards=20or=20when=20multiple=20network=20interfaces=20are=0A-=09=20=20in=20=
use=20simultaneously.=20=20Full=20vendor=20support=20is=20available=20=
from=0A-=09=20=20Chelsio,=20Intel,=20Myricom,=20and=20Neterion.</li>=0A-=0A=
-=09<li><b>SCTP</b>:=20FreeBSD=207.0=20is=20the=20reference=20=
implementation=20for=20the=0A-=09=20=20new=20IETF=20Stream=20Control=20=
Transmission=20Protocol=20(SCTP)=20protocol,=0A-=09=20=20intended=20to=20=
support=20VoIP,=20telecommunications,=20and=20other=0A-=09=20=20=
applications=20with=20strong=20reliability=20and=20variable=20quality=0A=
-=09=20=20transmission=20through=20features=20such=20as=20multi-path=20=
delivery,=0A-=09=20=20fail-over,=20and=20multi-streaming.</li>=0A-=0A-=09=
<li><b>Wireless</b>:=20FreeBSD=207.0=20ships=20with=20significantly=20=
enhanced=0A-=09=20=20wireless=20support,=20including=20high-power=20=
Atheros-based=20cards,=20new=0A-=09=20=20drivers=20for=20Ralink,=20=
Intel,=20and=20ZyDAS=20cards,=20WPA,=20background=0A-=09=20=20scanning=20=
and=20roaming,=20and=20802.11n.</li>=0A-=0A-=09<li><b>New=20hardware=20=
architectures</b>:=20FreeBSD=207.0=20includes=0A-=09=20=20significantly=20=
improved=20=20support=20for=20the=20embedded=20ARM=20architecture,=0A-=09=
=20=20as=20well=20as=20preliminary=20support=20for=20the=20Sun=20=
Ultrasparc=20T1=0A-=09=20=20platform.</li>=0A+=09<li><b>Capsicum=20=
Capability=20Mode</b>:=0A+=09=20=20Capsicum=20is=20a=20set=20of=20=
features=20for=20sandboxing=20support,=20using=0A+=09=20=20a=20=
capability=20model=20in=20which=20the=20capabilities=20are=20file=0A+=09=20=
=20descriptors.=20Two=20new=20kernel=20options=20CAPABILITIES=20and=0A+=09=
=20=20CAPABILITY_MODE=20have=20been=20added=20to=20the=20GENERIC=20=
kernel.</li>=0A+=0A+=09<li><b>Hhook</b>:=20=20(Helper=20Hook)=20and=20=
khelp(9)=20(Kernel=20Helpers)=0A+=09=20=20KPIs=20have=20been=20=
implemented.=20These=20are=20a=20kind=20of=20superset=20of=0A+=09=20=20=
pfil(9)=20framework=20for=20more=20general=20use=20in=20the=20kernel.=20=
The=0A+=09=20=20hhook(9)=20KPI=20provides=20a=20way=20for=20kernel=20=
subsystems=20to=20export=0A+=09=20=20hook=20points=20that=20khelp(9)=20=
modules=20can=20hook=20to=20provide=0A+=09=20=20enhanced=20or=20new=20=
functionality=20to=20the=20kernel.=20The=20khelp(9)=0A+=09=20=20KPI=20=
provides=20a=20framework=20for=20managing=20khelp(9)=20modules,=0A+=09=20=
=20which=20indirectly=20use=20the=20hhook(9)=20KPI=20to=20register=20=
their=20hook=0A+=09=20=20functions=20with=20hook=20points=20of=20=
interest=20within=20the=20kernel.=0A+=09=20=20These=20allow=20a=20=
structured=20way=20to=20dynamically=20extend=20the=0A+=09=20=20kernel=20=
at=20runtime=20in=20an=20ABI=20preserving=20manner.</li>=0A+=09=
<li><b>Accounting=20API:</b>=20has=20been=20implemented.=20It=20can=20=
keep=0A+=09=20=20per-process,=20per-jail,=20and=20per-loginclass=20=
resource=0A+=09=20=20accounting=20information.=20=20Note=20that=20this=20=
is=20not=20built=20nor=0A+=09=20=20installed=20by=20default.=20To=20=
build=20and=20install=20them,=20specify=0A+=09=20=20options=20RACCT=20in=20=
the=20kernel=20configuration=20file=20and=20rebuild=0A+=09=20=20the=20=
base=20system=20as=20described=20in=20the=20FreeBSD=20Handbook</li>=0A+=0A=
+=09<li><b>Resource-limiting=20API:</b>=20has=20been=20implemented.=0A+=09=
=20=20It=20works=20in=20conjunction=20with=20the=20RACCT=20resource=20=
accounting=0A+=09=20=20implementation=20and=20takes=20user-configurable=20=
actions=20based=20on=0A+=09=20=20the=20set=20of=20rules=20it=20maintains=20=
and=20the=20current=20resource=0A+=09=20=20usage.=20=20The=20rctl(8)=20=
utility=20has=20been=20added=20to=20manage=20the=0A+=09=20=20rules=20in=20=
userland.=20Note=20that=20this=20is=20not=20built=20nor=20installed=0A+=09=
=20=20by=20default.</li>=0A+=0A+=09<li><b>Usb:</b>=20subsystem=20now=20=
supports=20USB=20packet=20filter.=0A+=09=20=20This=20allows=20to=20=
capture=20packets=20which=20go=20through=20each=20USB=0A+=09=20=20host=20=
controller.=20The=20implementation=20is=20almost=20based=20on=0A+=09=20=20=
bpf(4)=20code.=20=20The=20userland=20program=20usbdump(8)=20has=20been=0A=
+=09=20=20added.</li>=0A+=0A+=09<li><b>Infiniband=20support:</b>,=20OFED=20=
(OpenFabrics=20Enterprise=0A+=09=20=20Distribution)=20version=201.5.3=20=
has=20been=20imported=20into=20the=0A+=09=20=20base=20system.</li>=0A+=0A=
+=09<li><b>TCP/IP=20network:</b>=20stack=20now=20supports=20the=20=
mod_cc(9)=0A+=09=20=20pluggable=20congestion=20control=20framework.=20=
This=20allows=20TCP=0A+=09=20=20congestion=20control=20algorithms=20to=20=
be=20implemented=20as=0A+=09=20=20dynamically=20loadable=20kernel=20=
modules.=20The=20following=20kernel=0A+=09=20=20modules=20are=20=
available=20cc_chd(4)=20for=20the=20CAIA-Hamilton-Delay=0A+=09=20=20=
algorithm,=20cc_cubic(4)=20for=20the=20CUBIC=20algorithm,=20cc_hd(4)=0A+=09=
=20=20for=20the=20Hamilton-Delay=20algorithm,=20cc_htcp(4)=20for=20the=20=
H-TCP=0A+=09=20=20algorithm,=20cc_newreno(4)=20for=20the=20NewReno=20=
algorithm,=20and=0A+=09=20=20cc_vegas(4)=20for=20the=20Vegas=20=
algorithm.=20=20The=20default=20algorithm=0A+=09=20=20can=20be=20set=20=
by=20a=20new=20sysctl(8)=20variable=0A+=09=20=20=
net.inet.tcp.cc.algorithm.</li>=0A+=0A+=09<li><b>SU+J:</b>=20&os;=20Fast=20=
File=20System=20now=20supports=20soft=20updates=20with=0A+=09journaling.=20=
It=20introduces=20an=20intent=20log=20into=20a=0A+=09softupdates-enabled=20=
file=20system=20which=20eliminates=20the=20need=20for=0A+=09background=20=
fsck(8)=20even=20on=20unclean=20shutdowns.</li>=0A=20=20=20=20=20=20=20=
</ul>=0A=20=0A-=20=20=20=20=20=20<p>FreeBSD=20has=20a=20long=20history=20=
of=20advanced=20operating=20system=20feature=0A-=09development;=20you=20=
can=20read=20about=20some=20of=20these=20features=20below:</p>=0A-=0A+=20=
=20=20=20=20=20<p><b>&os;&nbsp;8.x</b>=20brings=20many=20new=0A+=09=
features=20and=20performance=20enhancements.=20With=20special=20focus=20=
on=20a=0A+=09new=20USB=20stack,=20&os;-8.x=20shipped=20with=20=
experimental=20support=20for=0A+=09NFSv4.=20As=20well=20as=20a=20new=20=
TTY=20layer.=20Which=20improves=20scalability=0A+=09and=20resources=20=
handling=20in=20SMP=20enabled=20systems.</p>=0A=20=20=20=20=20=20=20<ul>=0A=
-=09<li><b>A=20merged=20virtual=20memory=20and=20filesystem=20buffer=20=
cache</b>=0A-=09=20=20continuously=20tunes=20the=20amount=20of=20memory=20=
used=20for=20programs=20and=20the=0A-=09=20=20disk=20cache.=20=20As=20a=20=
result,=20programs=20receive=20both=20excellent=20memory=0A-=09=20=20=20=20=
management=20and=20high=20performance=20disk=20access,=20and=20the=20=
system=0A-=09=20=20=20=20administrator=20is=20freed=20from=20the=20task=20=
of=20tuning=20cache=20sizes.</li>=0A-=0A-=09<li><b>Compatibility=20=
modules</b>=20enable=20programs=20for=20other=20operating=0A-=09=20=20=
systems=20to=20run=20on=20FreeBSD,=20including=20programs=20for=20Linux,=20=
SCO=20UNIX,=0A-=09=20=20and=20System=20V=20Release=204.</li>=0A-=0A-=09=
<li><b>Soft=20Updates</b>=20allows=20improved=20filesystem=0A-=09=20=20=
performance=20without=20sacrificing=20safety=20and=20reliability.=0A-=09=20=
=20It=20analyzes=20meta-data=20filesystem=20operations=20to=20avoid=20=
having=0A-=09=20=20to=20perform=20all=20of=20those=20operations=20=
synchronously.=0A-=09=20=20Instead,=20it=20maintains=20internal=20state=20=
about=20pending=20meta-data=0A-=09=20=20operations=20and=20uses=20this=20=
information=20to=20cache=20meta-data,=0A-=09=20=20rewrite=20meta-data=20=
operations=20to=20combine=20subsequent=0A-=09=20=20operations=20on=20the=20=
same=20files,=20and=20reorder=20meta-data=0A-=09=20=20operations=20so=20=
that=20they=20may=20be=20processed=20more=20efficiently.=0A-=09=20=20=
Features=20such=20as=20background=20filesystem=20checking=20and=0A-=09=20=
=20file=20system=20snapshots=20are=20built=20on=20the=20consistency=0A-=09=
=20=20and=20performance=20foundations=20of=20soft=20updates.</li>=0A-=0A=
-=09<li><b>File=20system=20snapshots</b>,=20permitting=20administrators=20=
to=20take=0A-=09=20=20atomic=20file=20system=20snapshots=20for=20backup=20=
purposes=20using=20the=20free=0A-=09=20=20space=20in=20the=20file=20=
system,=20as=20well=20as=20facilitating=20<b>background=0A-=09=20=20=
fsck</b>,=20which=20allows=20the=20system=20to=20reach=20multiuser=20=
mode=20without=0A-=09=20=20waiting=20on=20file=20system=20cleanup=20=
operations=20following=20power=20outages.=0A-=09=20=20</li>=0A-=0A-=09=
<li>Support=20for=20<b>IP=20Security=20(IPsec)</b>=20allows=20improved=20=
security=20in=0A-=09=20=20networks,=20and=20support=20for=20the=20=
next-generation=20Internet=20Protocol,=0A-=09=20=20IPv6.=20=20The=20=
FreeBSD=20IPsec=20implementation=20includes=20support=20for=20a=0A-=09=20=
=20broad=20range=20of=20<b>accelerated=20crypto=20hardware</b>.</li>=0A-=0A=
-=09<li><b>Out=20of=20the=20box=20support=20for=20IPv6</b>=20via=20the=20=
KAME=20IPv6=20stack=0A-=09=20=20allows=20FreeBSD=20to=20be=20seamlessly=20=
integrated=20into=20next=20generation=0A-=09=20=20networking=20=
environments.=20=20FreeBSD=20even=20ships=20with=20many=20applications=0A=
-=09=20=20extended=20to=20support=20IPv6!</li>=0A-=0A-=09=
<li><b>Multi-threaded=20SMP=20architecture</b>=20capable=20of=20=
executing=20the=0A-=09=20=20kernel=20in=20parallel=20on=20multiple=20=
processors,=20and=20with=20<b>kernel=0A-=09=20=20preemption</b>,=20=
allowing=20high=20priority=20kernel=20tasks=20to=20preempt=0A-=09=20=20=
other=20kernel=20activity,=20reducing=20latency.=20=20This=20includes=20=
a=0A-=09=20=20<b>multi-threaded=20network=20stack</b>=20and=20a=20=
<b>multi-threaded=0A-=09=20=20virtual=20memory=20subsystem</b>.=20=20=
Beginning=20with=20FreeBSD=206.x,=20support=0A-=09=20=20for=20a=20fully=20=
parallel=20VFS=20allows=20the=20UFS=20file=20system=20to=20run=20on=20=
multiple=0A-=09=20=20processors=20simultaneously,=20permitting=20load=20=
sharing=20of=0A-=09=20=20CPU-intensive=20I/O=20optimization.</li>=0A-=0A=
-=09<li><b>M:N=20application=20threading=20via=20pthreads</b>=20=
permitting=20threads=0A-=09=20=20to=20execute=20on=20multiple=20CPUs=20=
in=20a=20scalable=20manner,=20mapping=20many=20user=0A-=09=20=20threads=20=
onto=20a=20small=20number=20of=20<b>Kernel=20Schedulable=20Entities</b>.=0A=
-=09=20=20By=20adopting=20the=20<b>Scheduler=20Activation</b>=20model,=20=
the=20threading=0A-=09=20=20approach=20can=20be=20adapted=20to=20the=20=
specific=20requirements=20of=20a=20broad=0A-=09=20=20range=20of=20=
applications.</li>=0A-=0A-=09<li><b>Netgraph=20pluggable=20network=20=
stack</b>=20allows=20developers=20to=0A-=09=20=20dynamically=20and=20=
easily=20extend=20the=20network=20stack=20through=20clean=0A-=09=20=20=
layered=20network=20abstractions.=20=20Netgraph=20nodes=20can=20=
implement=20a=20broad=0A-=09=20=20range=20of=20new=20network=20services,=20=
including=20encapsulation,=20tunneling,=0A-=09=20=20encryption,=20and=20=
performance=20adaptation.=20=20As=20a=20result,=20rapid=0A-=09=20=20=
prototyping=20and=20production=20deployment=20of=20enhanced=20network=20=
services=0A-=09=20=20can=20be=20performed=20far=20more=20easily=20and=20=
with=20fewer=20bugs.</li>=0A-=0A-=09<li><b>TrustedBSD=20MAC=20Framework=20=
extensible=20kernel=20security</b>,=0A-=09=20=20which=20allows=20=
developers=20to=20customize=20the=20operating=20system=20security=0A-=09=20=
=20model=20for=20specific=20environments,=20from=20creating=20hardening=20=
policies=0A-=09=20=20to=20deploying=20mandatory=20labeled=20=
confidentiality=20of=20integrity=0A-=09=20=20policies.=20=20Sample=20=
security=20policies=20include=20<b>Multi-Level=0A-=09=20=20Security=20=
(MLS)</b>,=20and=20<b>Biba=20Integrity=20Protection</b>.=20=20Third=0A-=09=
=20=20party=20modules=20include=20<b>SEBSD</b>,=20a=20FLASK-based=20=
implementation=0A-=09=20=20of=20<b>Type=20Enforcement</b>.</li>=0A-=0A-=09=
<li><b>TrustedBSD=20Audit</b>=20is=20a=20security=20event=20logging=20=
service,=0A-=09=20=20providing=20fine-grained,=20secure,=20reliable=20=
logging=20of=20system=20events=0A-=09=20=20via=20the=20audit=20service.=20=
=20Administrators=20can=20configure=20the=20nature=20and=0A-=09=20=20=
granularity=20of=20logging=20by=20user,=20tracking=20file=20accesses,=20=
commands=0A-=09=20=20executed,=20network=20activity,=20system=20logins,=20=
and=20a=20range=20of=20other=0A-=09=20=20system=20behavior.=20=20Audit=20=
pipes=20allow=20IDS=20tools=20to=20attach=20to=20the=0A-=09=20=20kernel=20=
audit=20service=20and=20subscribe=20to=20events=20they=20require=20for=0A=
-=09=20=20security=20monitoring.=20=20FreeBSD=20supports=20the=20=
industry-standard=20BSM=0A-=09=20=20audit=20trail=20file=20format=20and=20=
API,=20allowing=20existing=20BSM=20tools=20to=0A-=09=20=20run=20with=20=
little=20or=20no=20modification.=20=20This=20file=20format=20is=20used=20=
on=0A-=09=20=20Solaris=20and=20Mac=20OS=20X,=20allowing=20instant=20=
interoperability=20and=20unified=0A-=09=20=20analysis.</li>=0A-=0A-=09=
<li><b>GEOM=20pluggable=20storage=20layer</b>,=20which=20permits=20new=20=
storage=0A-=09=20=20services=20to=20be=20quickly=20developed=20and=20=
cleanly=20integrated=20into=20the=0A-=09=20=20FreeBSD=20storage=20=
subsystem.=20=20GEOM=20provides=20a=20consistent=20and=0A-=09=20=20=
coherent=20model=20for=20discovering=20and=20layering=20storage=20=
services,=0A-=09=20=20making=20it=20possible=20to=20layer=20services=20=
such=20as=20RAID=20and=20volume=0A-=09=20=20management=20easily.</li>=0A=
-=0A-=09<li>FreeBSD's=20<b>GEOM-Based=20Disk=20Encryption=20(GBDE)</b>,=20=
provides=0A-=09=20=20strong=20cryptographic=20protection=20using=20the=20=
GEOM=20Framework,=20and=20can=0A-=09=20=20protect=20file=20systems,=20=
swap=20devices,=20and=20other=20use=20of=20storage=0A-=09=20=20=
media.</li>=0A-=0A-=09<li><b>Kernel=20Queues</b>=20allow=20programs=20to=20=
respond=20more=20efficiently=0A-=09=20=20to=20a=20variety=20of=20=
asynchronous=20events=20including=20file=20and=20socket=20IO,=0A-=09=20=20=
improving=20application=20and=20system=20performance.</li>=0A-=0A-=09=
<li><b>Accept=20Filters</b>=20allow=20connection-intensive=20=
applications,=0A-=09=20=20such=20as=20web=20servers,=20to=20cleanly=20=
push=20part=20of=20their=20functionality=20into=0A-=09=20=20the=20=
operating=20system=20kernel,=20improving=20performance.</li>=0A+=09=
<li><b>Netisr=20framework:</b>=20has=20been=20reimplemented=20for=0A+=09=20=
=20parallel=20threading=20support.=20This=20is=20a=20kernel=20network=0A=
+=09=20=20dispatch=20interface=20which=20allows=20device=20drivers=20=
(and=20other=0A+=09=20=20packet=20sources)=20to=20direct=20packets=20to=20=
protocols=20for=20directly=0A+=09=20=20dispatched=20or=20deferred=20=
processing.=20The=20new=20implementation=0A+=09=20=20supports=20up=20to=20=
one=20netisr=20thread=20per=20CPU,=20and=20several=0A+=09=20=20=
benchmarks=20on=20SMP=20machines=20show=20substantial=20performance=0A+=09=
=20=20improvement=20over=20the=20previous=20version.</li>=0A+=0A+=09=
<li><b>Linux=20emulation:</b>=20layer=20has=20been=20updated=20to=20=
version=0A+=09=20=202.6.16=20and=20the=20default=20Linux=20=
infrastructure=20port=20is=20now=0A+=09=20=20emulators/linux_base-f10=20=
(Fedora=2010)</li>=0A+=0A+=09<li><b>New=20virtualization:</b>=20=
container=20named=20=20vimage=20=20has=0A+=09=20=20been=20implemented.=20=
=20This=20is=20a=20jail=20with=20a=20virtualized=0A+=09=20=20instance=20=
of=20the=20FreeBSD=20network=20stack=20and=20can=20be=20created=0A+=09=20=
=20by=20using=20jail(8)=20command.</li>=0A=20=20=20=20=20=20=20</ul>=0A-=0A=
-=20=20=20=20<h2>FreeBSD=20provides=20many=20security=20features=0A-=20=20=
=20=20=20=20to=20protect=20networks=20and=20servers.</h2>=0A-=0A-=20=20=20=
=20=20=20<p>The=20FreeBSD=20developers=20are=20as=20concerned=20about=20=
security=20as=20they=20are=0A-=09about=20performance=20and=20stability.=20=
=20FreeBSD=20includes=20kernel=20support=20for=0A-=09<b>stateful=20IP=20=
firewalling</b>,=20as=20well=20as=20other=20services,=20such=20as=0A-=09=
<b>IP=20proxy=20gateways</b>,=20<b>access=20control=20lists</b>,=20=
<b>mandatory=0A-=09access=20control</b>,=20<b>jail-based=20virtual=20=
hosting</b>,=20and=0A-=09<b>cryptographically=20protected=20storage</b>.=20=
=20These=20features=20can=20be=0A-=09used=20to=20support=20highly=20=
secure=20hosting=20of=20mutually=20untrusting=0A-=09customers=20or=20=
consumers,=20the=20strong=20partitioning=20of=20network=20segments,=0A-=09=
and=20the=20construction=20of=20secure=20pipelines=20for=20information=20=
scrubbing=0A-=09and=20information=20flow=20control.</p>=0A-=0A-=20=20=20=20=
=20=20<p>FreeBSD=20also=20includes=20support=20for=20encryption=20=
software,=20secure=0A-=09shells,=20Kerberos=20authentication,=20"virtual=20=
servers"=20created=20using=0A-=09jails,=20chroot-ing=20services=20to=20=
restrict=20application=20access=20to=20the=0A-=09file=20system,=20Secure=20=
RPC=20facilities,=20and=20access=20lists=20for=20services=0A-=09that=20=
support=20TCP=20wrappers.</p>=0A-=0A=20=20=20</body>=0A=20</html>=0A--=20=
=0A1.7.5.4=0A=0A=

--Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA
Content-Disposition: attachment;
	filename=0002-clarification-to-virtualized-network-stack-topology.patch
Content-Type: application/octet-stream;
	name="0002-clarification-to-virtualized-network-stack-topology.patch"
Content-Transfer-Encoding: quoted-printable

=46rom=20cf7a1fecc856bc1a51b921d65d872bb3bae16ab0=20Mon=20Sep=2017=20=
00:00:00=202001=0AFrom:=20"Isaac=20(.ike)=20Levy"=20=
<ike@blackskyresearch.net>=0ADate:=20Thu,=2024=20Jan=202013=2016:05:38=20=
-0500=0ASubject:=20[PATCH=202/2]=20clarification=20to=20virtualized=20=
network=20stack=20topology=0A=0ASigned-off-by:=20Isaac=20(.ike)=20Levy=20=
<ike@blackskyresearch.net>=0A---=0A=20=
en_US.ISO8859-1/htdocs/features.xml=20|=20=20=2010=20++++++----=0A=201=20=
files=20changed,=206=20insertions(+),=204=20deletions(-)=0A=0Adiff=20=
--git=20a/en_US.ISO8859-1/htdocs/features.xml=20=
b/en_US.ISO8859-1/htdocs/features.xml=0Aindex=20c6f97f2..b4508ad=20=
100644=0A---=20a/en_US.ISO8859-1/htdocs/features.xml=0A+++=20=
b/en_US.ISO8859-1/htdocs/features.xml=0A@@=20-123,10=20+123,12=20@@=0A=20=
=09=20=202.6.16=20and=20the=20default=20Linux=20infrastructure=20port=20=
is=20now=0A=20=09=20=20emulators/linux_base-f10=20(Fedora=2010)</li>=0A=20=
=0A-=09<li><b>New=20virtualization:</b>=20container=20named=20=20vimage=20=
=20has=0A-=09=20=20been=20implemented.=20=20This=20is=20a=20jail=20with=20=
a=20virtualized=0A-=09=20=20instance=20of=20the=20FreeBSD=20network=20=
stack=20and=20can=20be=20created=0A-=09=20=20by=20using=20jail(8)=20=
command.</li>=0A+=09<li><b>Network=20Virtualization:</b>=20Container=20=
named=20=20vimage=20=20has=0A+=20=20=20=20=20=20=20=20=20=20been=20=
implemented,=20extending=20the=20FreeBSD=20kernel=20to=20maintain=20=
multiple=0A+=20=20=20=20=20=20=20=20=20=20independent=20instances=20of=20=
networking=20state.=20=20vimage=20facilities=20can=20be=0A+=20=20=20=20=20=
=20=20=20=20=20used=20independently=20to=20create=20fully=20virtualized=20=
network=20topologies,=0A+=20=20=20=20=20=20=20=20=20=20and=20jail(8)=20=
can=20directly=20take=20advantage=20of=20a=20fully=20virtualized=20=
network=0A+=20=20=20=20=20=20=20=20=20=20stack.</li>=0A=20=20=20=20=20=20=
=20</ul>=0A=20=20=20</body>=0A=20</html>=0A--=20=0A1.7.5.4=0A=0A=

--Apple-Mail=_349370CA-9A78-4408-B7F6-9432B54FADCA--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1359061943-3954666.10115781.fr0OLB4so031293>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation