[FreeBSD-Announce] FreeBSD Status Report Fourth Quarter 2006

Max Laier max at love2party.net
Tue Jan 16 23:06:10 UTC 2007


   Happy New Year. This Report covers the last quarter of a exciting year
   2006 for FreeBSD development. FreeBSD 6.2 is finally out of the door
   and work towards FreeBSD 7.0 is gearing up. Some of the projects in
   this report will be part of that effort, others are already in the
   tree. Many projects need your help with testing and otherwise. Please
   see the "Open tasks" sections for more information.

   The BSD crowd will meet at AsiaBSDCon March 8-10th in Tokyo and a two
   day FreeBSD developer summit will be held at BSDCan May 16-19th in
   Ottawa. Finally, EuroBSDCon September 14-15th in Copenhagen is already
   looking for papers.

   Thanks to all the reporters for the excellent work! We hope you enjoy


     * FreeSBIE
     * iSCSI Initiator
     * Network Stack Virtualization
     * New USB Stack
     * Past and Future PR Closing Events
     * Porting ZFS to FreeBSD
     * TrustedBSD Audit
     * TrustedBSD MAC Framework
     * TrustedBSD priv(9)

FreeBSD Team Reports

     * FreeBSD Bugbusting Team
     * FreeBSD Security Officer and Security Team
     * Release Engineering
     * The FreeBSD Foundation

Network Infrastructure

     * Automatic TCP Send and Receive Socket Buffer Sizing
     * FAST_IPSEC Upgrade
     * ipfw NAT and libalias
     * Multi-link PPP daemon (MPD)
     * Wireless Networking


     * Cryptographic Subsystem
     * GEOM Multipath
     * Interrupt Filtering
     * Sound Subsystem Improvements
     * Update of the Linux Compatibility Environment in the Kernel

Hardware Drivers

     * Bt878 Audio Driver (aka FusionHDTV 5 Lite driver)
     * Intel 3945ABG Wireless LAN Driver: wpi
     * MPT LSI-Logic Host Adapters: mpt
     * QLogic SCSI and Fibre Channel: isp


     * Hungarian Translation of the Webpages
     * The FreeBSD Dutch Documentation Project

Userland Programs

     * BSNMP - More Ongoing and Upcoming Work
     * BSNMP Bridge Module
     * BSNMP Client Tools
     * Libelf


     * ARM/XScale Port
     * FreeBSD/powerpc on Freescale MPC8555


     * FreeBSD GNOME Project
     * FreshPorts
     * Ports Collection
     * Updating X.org FreeBSD Ports to 7.2


     * BSDCan 2007
     * EuroBSDCon 2007

ARM/XScale Port

   Contact: Olivier Houchard <cognet at FreeBSD.org>
   Contact: Sam Leffler <sam at FreeBSD.org>

   FreeBSD is running multi-user on a variety of Gateworks Avila boards
   with most of the on-board devices supported. These include the compact
   flash/IDE slot, wired network interfaces, realtime clock, and
   environmental sensors. Several different minipci cards have been
   tested including those supported by the ath(4) and hifn(4) drivers.
   Remaining devices that need support are the onboard flash, optional
   4-port network switch, and optional USB interface. Crypto acceleration
   for IXP425 parts is planned but will likely be done at a later time.

   The Network Processor Engine (NPE) support is done with an entirely
   new replacement for the Intel Access Layer (IAL). The most important
   hardware facilities are supported (e.g. the hardware Q manager) and
   the wired NIC driver was also done from scratch. The resulting code is
   approximately 1/10th the number of lines of the equivalent IAL code.

Open tasks:

    1. Bootstrap support needs work to enable booting from the compact
       flash device.

Automatic TCP Send and Receive Socket Buffer Sizing

   URL: http://people.FreeBSD.org/~andre/tcp_auto_buf-20061212.diff

   Contact: Andre Oppermann <andre at FreeBSD.org>

   Normally the socket buffers are static (either derived from global
   defaults or set with setsockopt) and do not adapt to real network
   conditions. Two things happen: a) your socket buffers are too small
   and you can't reach the full potential of the network between both
   hosts; b) your socket buffers are too big and you waste a lot of
   kernel memory for data just sitting around.

   With automatic TCP send and receive socket buffers we can start with a
   small buffer and quickly grow it in parallel with the TCP congestion
   window to match real network conditions.

   FreeBSD has a default 32K send socket buffer. This supports a maximal
   transfer rate of only slightly more than 2Mbit/s on a 100ms RTT
   trans-continental link. Or at 200ms just above 1Mbit/s. With TCP send
   buffer auto scaling and the default values below it supports 20Mbit/s
   at 100ms and 10Mbit/s at 200ms. That's an improvement of factor 10, or
   1000%. For the receive side it looks slightly better with a default of
   64K buffer size.

   The automatic send buffer sizing patch is currently running on one
   half of the FTP.FreeBSD.ORG cluster w/o any problems so far. Against
   this machine with the automatic receive buffer sizing patch I can
   download at 5.7 MBytes per second. Without patch it maxed out at 1.6
   MBytes per second as the delay bandwidth product became equal to the
   static socket buffer size without hitting the limits of the physical
   link between the machines. My test machine is about 35ms from that
   FTP.FreeBSD.ORG and connected through a moderately loaded 100Mbit
   Internet link.

   New sysctls are:
     * net.inet.tcp.sendbuf_auto=1 (enabled)
     * net.inet.tcp.sendbuf_inc=8192 (8K, step size)
     * net.inet.tcp.sendbuf_max=262144 (256K, growth limit)
     * net.inet.tcp.recvbuf_auto=1 (enabled)
     * net.inet.tcp.recvbuf_inc=16384 (16K, step size)
     * net.inet.tcp.recvbuf_max=262144 (256K, growth limit)

BSDCan 2007

   URL: http://www.bsdcan.org/2007/

   Contact: Dan Langille <dan at langille.org>

   It is that time of year. You may have missed the call for papers , but
   please put in your proposal right away. This is often a busy time of
   year, but please take the time to consider presenting at BSDCan.

   Please read the submission instructions and send in your proposal

   You may be interested in our sister conference: PGCon. If you have an
   interest in PostgreSQL , a leading relational database, which just
   happens to be open source, then we have the conference for you! PGCon
   2007 will be held immediately after BSDCan 2007, at the same venue,
   and will follow a similar format.

Open tasks:

    1. Waiting for papers

BSNMP - More Ongoing and Upcoming Work

   URL: http://wikitest.FreeBSD.org/BsnmpTODO

   Contact: Shteryana Shopova <syrinx at FreeBSD.org>
   Contact: Harti Brandt <harti at FreeBSD.org>
   Contact: Bjoern A. Zeeb <bz at FreeBSD.org>

   In addition to other more detailed reports this is intended to give a
   summary about other ongoing or upcoming BSNMP related work. To collect
   some ideas from users and coordinate work a BSNMP TODO Wiki page was
   created. Feel free to add your ideas or let us know about them.

     * A contributor, Tsvetan Erenditsov, has volunteered to implement a
       VLAN module for BSNMP. Shteryana is helping him.
     * Sam Leffler has asked for a wireless networking monitoring module,
       which will most likely be the next module to be implemented.
     * Some major work is currently going on in the main BSNMP tree:
          + SNMP transports have been factored out into loadable modules.
            The old port tables are still there and will remain at least
            for the next release. Later they will be removed. The
            following modules and transports are already implemented as
            loadable modules:
               o snmp_trans_udp: SNMP over UDP over IPv4, IPv6 and scoped
               o snmp_trans_tcp: SNMP over TCP over IPv4, IPv6 and scoped
               o snmp_trans_ldgram: SNMP over local datagram sockets
               o snmp_trans_lstream: SNMP over local stream sockets
          + Some I/O functions have been moved from the daemon to
          + libisa has been imported into the bsnmp tree. This library
            aims at easy implementation of command line tools for remote
            and local system administration with a special focus on
            administration via SNMP. The library contains command line
            parsing functions, a function for automatically handling help
            text. Actual administration modules are implemented as
            loadable modules. The atmconfig tool in the FreeBSD tree
            contains some old parts of this library.
          + lisa_snmp is a module which implements SNMP functionality for
          + lisa_snmpd is a module for remote administration of the
          + The config file parser of bsnmpd has been rewritten so that
            each section of the file is handled as a transaction (in
            contrast to the previous behavior where the entire file was
            one transaction).

BSNMP Bridge Module

   URL: http://wikitest.FreeBSD.org/SnmpBridgeModule

   Contact: Shteryana Shopova <syrinx at FreeBSD.org>

   The BSNMP bridge module for FreeBSD's BSNMP daemon, which was
   implemented during SoC 2006, was committed to HEAD. In addition to RFC
   4188 single bridge support it also supports monitoring multiple
   bridges via a private MIB. Since SoC 2006 Rapid Spanning Tree (RSTP)
   support (RSTP-MIB defined in RFC4318 and additions to the private MIB)
   was added to the module as well.

   A patch for RELENG_6 is available and will be merged to STABLE the
   next weeks.

Open tasks:

    1. MFC to RELENG_6.
    2. More feedback from users is always welcome.

BSNMP Client Tools

   URL: http://wikitest.FreeBSD.org/BsnmpTools
   inx/ bsnmp/contrib/bsnmp/snmptools

   Contact: Shteryana Shopova <syrinx at FreeBSD.org>
   Contact: Bjoern A. Zeeb <bz at FreeBSD.org>

   During SoC 2005 BSNMP client tools (bsnmptools) were implemented and
   have since then been available via Shteryana's P4 tree or port

   In order to finally get the code committed some cleanup was needed
   which ended in a partly rewrite to minimize duplicate code and to
   reduce the size of the binaries. This ongoing work is available via
   Bjoern's P4 tree and will be merged back to upstream trees before it
   will be committed to HEAD.

Open tasks:

    1. Update Wiki Page to reflect latest work.
    2. Finish cleanup and have it reviewed.
    3. User feedback is always welcome.

Bt878 Audio Driver (aka FusionHDTV 5 Lite driver)


   Contact: John-Mark Gurney <jmg at FreeBSD.org>

   Basic audio capture is working. All of the parameters are set by
   userland, while the RISC program generation is by kernel. No real
   audio has been captured as there are no drivers for the NTSC tuner
   yet. Someone with a real Bt878 NTSC card that is supported by bktr(4)
   could use this to capture audio without using the sound card.

   Due to lack of documentation from DViCO and LG, I have copied magic
   values from the Linux driver and managed to get ATSC capturing
   working. There was a bug in the capture driver that was releasing
   buffers to userland early causing what appeared to be reception
   issues. Now that we use the RISC status bits as buffer completion
   bits, capture works cleanly. This does mean that even if you provide
   more than 4 buffers to the driver, the buffers will be divided into
   four segments, and returned in segments.

   A Python module is available, along with a sample capture application
   using it. The module is now known to work well with threads so that
   tuning (expensive due to i2c ioctls) can happen in another thread
   without causing program slow down. The module is working well with a
   custom PVR backend.

   Additional ioctls have been added to get sibling devices. This allows
   one to open a bktrau device, and get the correct bktr(4) device that
   is in the same slot. This is necessary so that when adjusting GPIO
   pins or sending i2c commands, they are to the correct device.

Open tasks:

    1. Provide support for NTSC and FM tuning.
    2. Add support for other cards and tuners that use the Bt878 chip.

Cryptographic Subsystem

   Contact: Sam Leffler <sam at FreeBSD.org>

   Michael Richardson has been spearheading work to improve the crypto
   subsystem used by various parts of the kernel including Fast IPSec and
   geli. This work is sponsored by Hifn and has been happening outside
   the CVS repository. A main focus of this work is to add support for
   higher-level hardware operations that can significantly improve the
   performance of IPSec and SSL protocols.

   Results of this work are now being readied for CVS. These redesign the
   core/driver APIs to use the kobj facilities and recast software crypto
   drivers as pseudo devices. The changes greatly improve the system and
   permit new functionality such as specifying which crypto device to use
   when multiple are available. The redesign will also enable load
   balancing of crypto work across multiple devices and the addition of
   virtual crypto sessions by which small operations can be done in
   software when the overhead to set up a hardware device is too costly.

   In addition to the changes to the core crypto system several crypto
   drivers have been updated to improve their operation. Top of this list
   is the hifn(4) driver where many longstanding bugs have been fixed for
   7955/756 parts.

EuroBSDCon 2007

   URL: http://2007.EuroBSDCon.org/
   URL: http://www.EuroBSDCon.dk/

   Contact: Sidsel Jensen <info at EuroBSDCon.dk>

   The sixth EuroBSDCon will take place in Copenhagen, Denmark on Friday
   the 14th and Saturday 15th of September 2007 . The conference will be
   held at Symbion Science Park . Sunday the 16th there will be an
   optional tour to LEGOland.

   The call for papers was sent out right after EuroBSDCon 2006 in Milan
   in November and abstracts are due February 1st! So hurry up and send
   in all your fantastic and amazing papers to papers at eurobsdcon dot


   URL: http://www.FreeBSD.org/~gnn/fast_ipv6.patch
   URL: http://blogs.FreeBSDish.org/gnn/

   Contact: George Neville-Neil <gnn at FreeBSD.org>
   Contact: Bjoern Zeeb <bz at FreeBSD.org>

   Just this week I got routing working for the FAST_IPSEC and IPv6 code.
   Now there are memory smash problems, and then we need to remove the
   old GIANT lock. I hope to produce another patch with the routing code
   working in the next week.

Open tasks:

    1. Test the patch!!!!

FreeBSD Bugbusting Team

   URL: http://www.FreeBSD.org/doc/en/articles/pr-guidelines/
   URL: http://www.FreeBSD.org/doc/en/articles/problem-reports/

   Contact: Mark Linimon <linimon at FreeBSD.org>
   Contact: Ceri Davis <ceri at FreeBSD.org>
   Contact: Remko Lodder <remko at FreeBSD.org>

   The FreeBSD Bugbusting team is a team of volunteers keeping track of
   various PR tickets in the GNATS application. Currently the Bugbusting
   team is investigating old PR tickets, checking whether they are still
   accurate, checking what needs to be done to fix the issues reported
   and make sure that the developers team can focus on the latest

   The team is always in need of volunteers willing to give a hand to
   resolve the old tickets and get the best feedback that is needed for
   the open tickets.

   Please contact FreeBSD-bugbusters at FreeBSD.org if you want more
   information about the things that need to be done.

Open tasks:

    1. Checkout old PR tickets, getting the proper feedback and finally
       fix and/or resolve the tickets.

FreeBSD GNOME Project

   URL: http://www.FreeBSD.org/gnome/

   Contact: FreeBSD GNOME Project <gnome at FreeBSD.org>

   Where have we been?! Not doing status reports, that's for sure. But
   the FreeBSD GNOME project has been very busy with regular GNOME
   releases, and other side projects. We are currently shipping GNOME
   2.16.2 in the ports tree, and we are testing GNOME 2.17.5 in the
   MarcusCom tree.

   Most recently, work has completed on a cleanup of the FreeBSD backend
   to libgtop. This module has needed a lot of work, and should now be
   reporting correct system statistics. The cleaned up version is
   currently being tested in the MarcusCom tree, and will make it into
   the FreeBSD ports tree along with GNOME 2.18.

   The GStreamer framework has been taken out of direct gnome@
   maintainership, and put under a new multimedia@ umbrella. This will
   give multimedia-savvy developers a chance to collaborate on this
   important piece of the GNOME Desktop along with other important audio
   and video components.

   The biggest accomplishment of 2006 for the FreeBSD GNOME team had to
   have been the port of HAL . This effort was started to give FreeBSD
   users a richer desktop experience. Since the initial FreeBSD release
   of HAL with GNOME 2.16, it has been incorporated into the FreeBSD
   release of KDE 3.5.5 as well as PC-BSD 1.3. The FreeBSD backend has
   also made it upstream into the HAL git repository so future releases
   of HAL will have FreeBSD support out-of-the-box.

   Finally, it is with sadness that we say good-bye to one of our team
   members. Adam Weinberger stepped down from the FreeBSD GNOME team to
   save lives instead (priorities, man!). His splash screens and grammar
   nit-picking will be missed.

Open tasks:

    1. Now that HAL has been ported to FreeBSD, there is a strong desire
       to see NetworkManager ported. The big parts will be porting NM to
       use our 80211 framework, and extending some of the base utilities
       such as ifconfig. Contact marcus at FreeBSD.org if you are interested
       in helping.
    2. Our system-tools-backends module needs some attention. This module
       is responsible for system configuration tasks in GNOME such as
       user management, network shares administration, etc. A knowledge
       of Perl is highly recommended. Contact marcus at FreeBSD.org if you
       are interested in helping.
    3. We need good documentation writers to help update our FAQ and
       other documentation. If you would like to take on the
       responsibility full-time, or just contribute some pieces, please
       notify gnome at FreeBSD.org .
    4. We are always in need of GNOME development testers. See our
       development branch FAQ for ways on how you can help make the next
       release of GNOME the best release.

FreeBSD Security Officer and Security Team

   URL: http://www.FreeBSD.org/security/
   URL: http://vuxml.FreeBSD.org/

   Contact: Security Officer <security-officer at FreeBSD.org>
   Contact: Security Team <security-team at FreeBSD.org>

   In the time since the last status report, four security advisories
   have been issued concerning problems in the base system of FreeBSD
   (three in 2006 and one in 2007); of these, one problem was in
   "contributed" code, while the remaining three were in code maintained
   within FreeBSD. The Vulnerabilities and Exposures Markup Language
   (VuXML) document has continued to be updated by the Security Team and
   Ports Committers documenting new vulnerabilities in the FreeBSD Ports
   Collection; since the last status report, 55 new entries have been
   added, bringing the total up to 869.

   In order to streamline security team operations and ensure that
   incoming emails are promptly acknowledged, Remko Lodder has been
   appointed the security team secretary.

   The following FreeBSD releases are supported by the FreeBSD Security
   Team: FreeBSD 4.11, FreeBSD 5.5, FreeBSD 6.0, FreeBSD 6.1, and FreeBSD
   6.2. The respective End of Life dates of supported releases are listed
   on the web site; of particular note, FreeBSD 4.11 and FreeBSD 6.0 will
   cease to be supported at the end of January 2007.

FreeBSD/powerpc on Freescale MPC8555

   Contact: Rafal Jaworowski <raj at semihalf.com>
   Contact: Marcel Moolenaar <xcllnt at mac.com>

   Platform summary:
     * PowerQuiccIII integrated controller
     * e500 CPU core
     * compliant with PowerPC BookE specification (significantly
       different from the 'traditional' PowerPC architecture the current
       FreeBSD/powerpc supports, particularly in the areas of MMU design,
       exceptions model, specific e500 machine instructions etc.)

   Currently the machine is booting FreeBSD 6.1-RELEASE-p10 and operating
   both single- and multi-user modes; below are highlights of available
    1. Low-level support
          + booting from U-Boot bootloader
          + locore machine initialization
          + e500 exceptions
          + VM: a new pmap module developed
    3. On-chip peripherals
          + introduced ocpbus hierarchy (nexus and descendants)
          + interrupt controller: using generic OpenPIC driver
          + serial console: using uart(4) driver
          + barebones serial support using the QUICC's SCC
          + host/PCI bridge: a new driver developed for the built-in
          + networking: a new driver developed for TSEC (3-speed
    5. Booting
          + from ATA disk and USB memory stick (both through a secondary
            PCI VIA82C686B controller)
          + from network (NFS-mounted rootfs)
    7. Basic TCP/IP protocols and apps work (DHCP, NFS, SSH, FTP, Telnet
    8. Userland
          + integrated SoftFloat emulation lib (required due to e500 not
            being equipped with the old-style PowerPC FPU)
          + almost all applications seem to work

Open tasks:

    1. Work out extensible layout for sys/powerpc architecture directory
       so we can easily add support for new core variations and platforms
       to come in the future.
    2. Integrate with FreeBSD source tree.
    3. Release and tinderbox related options and settings.


   URL: http://www.FreeSBIE.org
   URL: http://users.gufi.org/~rionda/20relnotes/
   URL: http://users.gufi.org/~rionda/20screen/

   Contact: Matteo Riondato <matteo at FreeBSD.org>
   Contact: FreeSBIE Staff <staff at FreeSBIE.org>
   Contact: FreeSBIE Mailing List <freesbie at gufi.org>

   FreeSBIE is approaching the 2.0-RELEASE. The first release candidate
   proved to be good enough but a second one will probably be released.
   An external developer is working on integrating BSDInstaller in
   FreeSBIE 2.0 and this may cause a little delay of the release date.
   Release Notes were written and need to be updated with the current
   list of packages. A script which allows to switch Tor+Privoxy on and
   off was added and its usage was documented. The 2.0-RELEASE is near,
   hopefully near the end of January but this will also depend on when
   FreeBSD 6.2-RELEASE will be released.


   URL: http://www.freshports.org/
   URL: http://news.freshports.org/

   Contact: Dan Langille <dan at langille.org>

   There have been a number of improvements to FreshPorts over the last
   quarter of 2006. The following are just a few of them. The links take
   you to the relevant article within the FreshPorts News website .
     * Better pagination of larger result sets
     * Listing of sanity test failures
     * Inclusion of latest vulnerabilities on the front page
     * Started working on adding tools to make FreshSource/FreshPorts
       more useful as a developer tool
     * The new dual opteron server has been deployed!

   My thanks to the many people who have contributed suggestions, ideas,
   and code over the years. Most of you are documented at the above URLs.

Open tasks:

    1. FreshPorts/FreshSource as a developer tool

GEOM Multipath

   Contact: Matthew Jacob <mjacob at FreeBSD.org>

   A toy implementation of GEOM based active/passive multipath is now
   done and in a perforce repository. Seems to work.

Hungarian Translation of the Webpages

   URL: http://www.FreeBSD.org/hu/

   Contact: Gábor Kövesdán <gabor at FreeBSD.org>
   Contact: Giorgos Keramidas <keramida at FreeBSD.org>

   Gábor Kövesdán (gabor@) has submitted the Hungarian translation of the
   webpages and Giorgos Keramidas (keramida@) has reviewed and committed
   the pages. The initial rendering issues have also been fixed and the
   webpage is in a pretty good shape now.

   As usual, this translation does not contain every part of the English
   version, but the most important and useful parts are there. Gábor will
   maintain this translation and regularly sync the content with the
   English version and add new translations if such become available.

Open tasks:

    1. Fix typos and mistakes that will be revealed after a deeper review
       by the public
    2. Get more people involved

Intel 3945ABG Wireless LAN Driver: wpi

   URL: http://www.clearchain.com/wiki/wpi

   Contact: Benjamin Close <benjsc at FreeBSD.org>

   An initial port of the NetBSD wpi driver has been done and development
   is happening fast to get this driver ready for the tree. At present
   basic functionality works. The driver can associate with a non
   encrypted peer and pass data in 11b and 11g modes. There is still lots
   to do and testing is welcome.

   Many thanks have to go to Sam, Max and Kip for helping the driver
   reach this point.

Open tasks:

    1. Solve bus dma alignment issues
    2. Support WEP and WPA
    3. Testing and more testing

Interrupt Filtering

   URL: http://wikitest.FreeBSD.org/Interrupts

   Contact: Paolo Pisati <piso at FreeBSD.org>
   Contact: John Baldwin <jhb at FreeBSD.org>
   Contact: Scott Long <scottl at FreeBSD.org>

   Interrupt filtering is a new method to handle interrupts in FreeBSD
   that retains backward compatibility with the previous models (FAST and
   ITHREAD), while improving over them in some aspects. With interrupt
   filtering, the interrupt handler is divided into 2 parts: the filter
   (that checks if the actual interrupt belongs to a device) and a
   private per-handler ithread (that is scheduled in case some blocking
   work has to be done). The main benefits of this work are:
     * Feedback from filters (the operating system finally knows what's
       the state of an event and can react consequently).
     * Lower latency/overhead for shared interrupt line.
     * Previous experiments with interrupt filtering showed an increase
       in performance against the plain ithread model in some cases.
     * General shrink of the machine dependent code - part of the
       interrupting handling code was turned into machine independent

   During the last quarter many improvements were made up to the point
   where 3 archs (i386, amd64 and arm) are reported to work, and the
   project can be considered feature complete.

   I definitely want to make it part of the 7.0 release.

Open tasks:

    1. Define a road map to commit the code into the tree.
    2. Rethink the interrupt stray handling (?!?!).
    3. Finish off support for powerpc, sparc64 and ia64 (sun4v support is
       known to be broken now).

ipfw NAT and libalias

   Contact: Paolo Pisati <piso at FreeBSD.org>

   Support for in-kernel NAT, redirect and LSNAT for ipfw was committed
   to HEAD, and i encourage people to test it so we can quickly
   discover/fix bugs.

   To add these features to ipfw, compile a new kernel adding "options
   IPFIREWALL_NAT" to your kernel config or, in case you use modules, add
   "CFLAGS += -DIPFIREWALL_NAT" to your make.conf.

Open tasks:

    1. Teach libalias to handle mbufs (this will fix TSO-capable NICs).
    2. Add support for hardware checksum offloading.

iSCSI Initiator

   URL: ftp://ftp.cs.huji.ac.il/users/danny/freebsd/iscsi-2.0.1.tar.bz2

   Contact: Daniel Braniss <danny at cs.huji.ac.il>

   Though it is still a work in progress, it now supports more targets,
   has login CHAP authentication and header/data digest. It will also
   recover from a lost connection - most of the time.

Open tasks:

    1. instrumentation
    2. task management support
    3. improve the error recovery


   URL: http://wiki.FreeBSD.org/LibElf
   URL: http://wiki.FreeBSD.org/PmcTools
   URL: http://people.FreeBSD.org/~jkoshy/projects/perf-measurement/

   Contact: Joseph Koshy <jkoshy at FreeBSD.org>

   Libelf is a BSD-licensed library for ELF parsing & manipulation
   implementing the SysV/SVR4 (g)ELF[3] API.

   Current status: The library is now in -CURRENT. Work continues on its
   test suite and tutorial, and on deploying it in PmcTools.

MPT LSI-Logic Host Adapters: mpt

   Contact: Matthew Jacob <mjacob at FreeBSD.org>

   The 'mpt' project is support for the MPT LSI-Logic Host Adapters
   (SCSI, Fibre Channel, SAS).

   The last quarter saw a lot of change supported by Yahoo! and LSI-Logic
   and many others as things settled out for better support for U320.
   Some initial Big Endian support was offered by John Birrel and Scott

Open tasks:

    1. Finish SAS Integrated RAID support.
    2. Try and get U320 RAID working better than it currently does.
    3. Finish Big Endian support, including that for target mode.

Multi-link PPP daemon (MPD)

   URL: http://sourceforge.net/projects/mpd/

   Contact: Alexander Motin <mav at alkar.net>
   Contact: Archie Cobbs <archie at FreeBSD.org>

   MPD is moving to the next major release - mpd4_0. At the end of
   October one more beta version (4_0b5) was released and first RC is
   planned soon.

   Since 3_18 and 4_0b4 numerous bugs and cases of incorrect internal
   handling have been fixed. Performance has been increased and system
   requirements reduced.

   Many new features have been implemented:
     * IPv6 support
     * NAT (using the ng_nat(4) node)
     * integrated web server
     * Deflate and Predictor-1 CCP compression

   Some historically broken features have been reimplemented:
     * TCP and UDP link types
     * CCP compression
     * ECP encryption

   To support compression, two new Netgraph nodes ng_deflate and ng_pred1
   have been created and the ng_ppp node has been modified.

Open tasks:

    1. ng_ppp node refactoring.
    2. Implement packet loss notification in related Netgraph nodes
       (ng_ppp, ng_pptp, ng_async, ng_deflate, ng_pred1, ng_vjc, ...) to
       reduce recovery time and probability of incorrect packet
    3. MPD auth subsystem refactoring.

Network Stack Virtualization

   URL: http://imunes.tel.fer.hr/virtnet/

   Contact: Marko Zec <zec at fer.hr>

   The network stack virtualization project aims at extending the FreeBSD
   kernel to maintain multiple independent instances of networking state.
   This will allow for complete networking independence between jails on
   a system, including giving each jail its own firewall, virtual network
   interfaces, rate limiting, routing tables, and IPSEC configuration.

   The prototype currently virtualizes the basic INET and INET6 kernel
   structures and subsystems, including the TCP machinery and the IPFW
   firewall. The focus is currently being kept on resolving bugs and
   sporadic lockups, and defining the internal and management APIs. It is
   expected that within the next month the code will become sufficiently
   complete and stable for testing by early adopters.

New USB Stack

   URL: http://www.turbocat.net/~hselasky/usb4bsd

   Contact: Hans Petter Sirevaag Selasky <hselasky at FreeBSD.org>

   During the last three months there has not been so much activity in
   the USB project. Some regression issues have been reported and fixed.
   Bernd Walter reports that he has got the new USB stack working on ARM
   processors with some minor tweaks. Markus Brueffer reports that he is
   working on the USB HID parser and support. A current issue with the
   new USB stack is that the EHCI driver does not work on the Sparc64
   architecture. If someone has got a Sparc64 with FreeBSD 7-CURRENT on
   and can lend the USB project the root password, a serial console and a
   USB test device, for example a USB memory stick, that would be much
   appreciated. Another unresolved issue is that the ural(4) USB device
   driver does not always work. This is currently being worked on.

   If you want to test the new USB stack, check out the USB perforce tree
   or download the SVN version of the USB driver from my USB homepage. At
   the moment the tarballs are a little out of date.

   Ideas and comments with regard to the new USB API are welcome at
   freebsd-usb at FreeBSD.org .

Past and Future PR Closing Events

   URL: http://wikitest.freebsd.org/Bugathons

   Contact: Florent Thoumie <flz at FreeBSD.org>

   Following the example of our NetBSD friends, we organized a couple of
   Bugathons to help decreasing the open PR count. At first, it was
   decided to make it a monthly event focused on both src, ports and doc.
   Audience decreased with each Bugathon organized and less non-ports
   committers attended the events. So from now on, we will focus on ports
   (making it a Portathon) and organize a new event after the end of each
   ports freeze (that should be twice a year, at most).

Porting ZFS to FreeBSD

   URL: http://www.opensolaris.org/os/community/zfs/porting/
   URL: http://docs.FreeBSD.org/cgi/mid.cgi?20060822104516.GB16033

   Contact: Pawel Jakub Dawidek <pjd at FreeBSD.org>

   The ZFS file system works quite well on FreeBSD now. The first
   patchset has already been published on the freebsd-fs at FreeBSD.org
   mailing list .

   All file system methods are already implemented (except ACL-related).
   Basically all stress tests I tried work, even under very high load.
   There is still a problem with memory allocation, which can get out of
   control, but from what I know the SUN guys also work on this.

   Recently I have been working on a file system regression test suite.
   From what I found, there are no such test suites for free. I've
   already more than 3000 tests and I'm testing correctness of most file
   system related syscalls (chflags, chmod, chown, link, mkdir, mkfifo,
   open, rename, rmdir, symlink, truncate, unlink). I'm also working to
   make it usable on other operating systems (like Solaris, where it
   already works and Linux).

   Few days ago I also (almost) finished NFS support. You can't use the
   'zfs share' command yet, but you can export file systems via
   /etc/exports and you can also access snapshots. It was quite hard,
   because snapshots are separate file systems and after exporting the
   main file system, we need to also serve data from snapshots under it.

   The one big thing which is missing is ACL support. This is not an easy
   task, because we first have to make some decisions. Currently we use
   POSIX ACLs in our UFS, but the market is moving slowly to
   NTFS/NFSv4-type ACLs. In Solaris they use POSIX ACLs for UFS and
   NFSv4-type ACLs for ZFS and we probably also want to use NFSv4-type
   ACLs in our ZFS, which requires some work outside ZFS.

Ports Collection

   URL: http://www.FreeBSD.org/ports/
   URL: http://people.FreeBSD.org/~fenner/portsurvey/
   URL: http://portsmon.FreeBSD.org/index.html
   URL: http://www.FreeBSD.org/portmgr/index.html
   URL: http://tinderbox.marcuscom.com

   Contact: Mark Linimon <linimon at FreeBSD.org>

   The ports count has jumped to 16347. The PR count, despite a jump, has
   gone back down to around 700.

   Not much work has been committed on the ports infrastructure due to
   the long 6.2 release cycle. However, many test runs have been done for
   several upcoming features, such as making sure that ports will work
   with the new release of gcc (4.1), and do not have /usr/X11R6
   hard-coded into them. The intention of the latter is to move all ports
   to $LOCALBASE, which can then be selected by the user. This should
   help consistency going forwards, albeit at the cost of a one-time

   GNOME was updated to 2.16 during the release cycle.

   In addition, we are in the process of moving the FORTRAN default from
   f77 to gfortran. See the ports mailing list for details.

   The new xorg ports are still being worked on as well; they are
   intended to all live in $LOCALBASE. Hopefully this can get done in the
   early 6.3 development cycle. See the wiki for more information.

   A new version of the ports Tinderbox code is available, which is
   mostly a bugfix release.

   We have also added Pav Lucistnik as a new portmgr member, who we hope
   will help us work on the portmgr PR backlog. Welcome!

   We have also added 8 new committers since the last report.

   linimon continues to work on resetting committers who are no longer
   interested in their ports; as well, several ports commit bits have
   been stored for safekeeping. This is part of an attempt to keep the
   best match between volunteers and work to be done.

Open tasks:

    1. Most of the remaining ports PRs are "existing port/PR assigned to
       committer". Although the maintainer-timeout policy is helping to
       keep the backlog down, we are going to need to do more to get the
       ports in the shape they really need to be in.
    2. Although we have added many maintainers, we still have many
       unmaintained ports. As well, the packages on amd64 and sparc64 are
       lagging behind.

QLogic SCSI and Fibre Channel: isp

   Contact: Matthew Jacob <mjacob at FreeBSD.org>

   This project is for support for QLogic SCSI and Fibre Channel host

   The last quarter saw the addition of 4Gb Fibre Channel support and a
   complete rewrite of fabric management (which is still settling out).

Release Engineering

   URL: http://www.FreeBSD.org/releng/
   URL: http://www.FreeBSD.org/releases/6.2R/announce.html
   URL: http://www.FreeBSD.org/snapshots/

   Contact: Release Engineering Team <re at FreeBSD.org>

   The recent activities of the Release Engineering team have centered
   around FreeBSD 6.2-RELEASE, which is now available for downloading.
   This is the latest release from the RELENG_6 branch, and includes many
   new performance and stability improvements, bug fixes, and new
   features. The release notes and errata notes for FreeBSD 6.2 contain
   more specific information about what's new in this version. We thank
   the FreeBSD developer and user community for their efforts towards
   making this release possible.

   The Release Engineering Team also produced snapshots of FreeBSD
   CURRENT in November 2006 and January 2007. These snapshots have not
   received extensive testing, and should not be used in production
   environments. However, they can be used for testing or
   experimentation, and show the kinds of functionality that can be
   expected in future FreeBSD releases.

Sound Subsystem Improvements

   URL: http://people.FreeBSD.org/~ariff/
   URL: http://www.FreeBSD.org/projects/ideas/
   URL: http://wiki.FreeBSD.org/soundsystem

   Contact: Ariff Abdullah <ariff at FreeBSD.org>
   Contact: Alexander Leidinger <netchild at FreeBSD.org>
   Contact: Multimedia Mailinglist <multimedia at FreeBSD.org>

   Since the last status report there were improvements to the emu10kx
   driver for High Definition Audio (HDA) compatible chips. Some more
   chips are supported now and already supported chips should provide a
   better zero-configuration experience.

   The generic sound code got some very nice low latency changes, and
   fixes which make it multichannel/endian/format safe. We do not support
   multichannel operation yet, but this work is a prerequisite to work on
   implementing multichannel operation. This work also fixed some bugs
   which people may experience as clicks, hickups, truncation or similar
   behavior in the sound-output.

   So far there is no merge to 5.x or 6.x planned for this code,
   especially because there are API/ABI changes, e.g., several sysctls
   changed. People who do not care about this can download binary sound
   modules from Ariff's download page for 6.x and 5.x.

   We thank all people who tested the changes / submitted patches and
   thus helped improving the sound system.

Open tasks:

    1. Have a look at the sound related entries on the ideas list.
    2. Add multichannel support.
    3. sndctl(1): tool to control non-mixer parts of the sound system
       (e.g. spdif switching, virtual-3D effects) by a user (instead of
       the sysctl approach in -CURRENT); pcmplay(1), pcmrec(1),
    4. Plugable FEEDER infrastructure. For ease of debugging various
       feeder stuff and/or as userland library and test suite.
    5. Extend the wiki page.

The FreeBSD Dutch Documentation Project

   URL: http://www.FreeBSD.org/doc/nl/books/handbook
   URL: http://www.evilcoder.org/content/section/6/39/
   URL: http://www.FreeBSD-nl.org/doc/nl/
   URL: http://www.FreeBSD-nl.org/www/

   Contact: Remko Lodder <remko at FreeBSD.org>

   The FreeBSD Dutch Documentation Project is an ongoing project to
   translate the FreeBSD Handbook to the Dutch Language.

   Currently we almost translated the entire handbook, and we translated
   parts of the website, sadly the project went into a slush lately, so
   we seek out for fresh and new translators that are willing to join the
   team to continue the effort.

Open tasks:

    1. Translate the rest of the handbook
    2. Make the documentation up to date
    3. Translate the rest of the website

The FreeBSD Foundation

   URL: http://www.FreeBSDFoundation.org

   Contact: Deb Goodkin <deb at FreeBSD.org>

   The FreeBSD Foundation ended 2006 raising over $100,000. We received
   commitments for another $55,000 in donations for the Fall Fundraiser.
   We fell short of our goal of raising $200,000. But, we are working
   hard to fill this gap, early in 2007, so we can continue with the same
   level of support for the project and community. Please go to
   http://www.freebsdfoundation.org/donate/ to find out how to make a
   donation to the foundation.

   We added a donors page to our website to acknowledge our generous
   donors. We negotiated and are now actively managing a joint technology
   project with NLNet and the University of Zagreb to develop virtualized
   network stack support for FreeBSD. We sponsored AsiaBSDCon and are now
   accepting travel grant applications for this conference.

   We are working to upgrade the project's network testbed with 10Gigabit
   interconnects. Cisco has generously donated a 10Gigabit switch and we
   have received network adapters from Myricom, Neterion, Intel, and
   Chelsio. Adapters from other vendors are being solicited so that we
   can do interoperability testing.

   For more information on what we've been up to, check out our
   end-of-year newsletter at
   http://www.freebsdfoundation.org/press/2006Dec-newsletter.shtml .

TrustedBSD Audit

   URL: http://www.TrustedBSD.org/audit.html
   URL: http://www.OpenBSM.org/

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: Christian Peron <csjp at FreeBSD.org>
   Contact: Wayne Salamon <wsalamon at FreeBSD.org>

   FreeBSD 6.2-RELEASE, the first release of FreeBSD with experimental
   audit support is now available. The plan is to make audit a full
   production feature as of FreeBSD 6.3-RELEASE, with "options AUDIT"
   compiled in by default. A TODO list has been posted to

   OpenBSM 1.0 alpha 13, which includes support for XML record printing,
   additional 64-bit token types, additional audit events, and more
   cross-platform build support, has been released. OpenBSM 1.0 alpha 14,
   which adds support for warnings clean building with gcc 4.1, will be
   released shortly. The new OpenBSM release will be merged to FreeBSD
   CVS in late January or early February.

Open tasks:

    1. Complete assignment of audit events to non-native and a few
       remaining native system calls. Add additional system call argument
    2. Merge MAC Framework hooks allowing MAC modules to control access
       to kernel audit services. Refine and merge MAC labeling support in
       audit, including support for MAC annotations in the audit trail.
    3. Complete pass through user space services adding audit support to
       system management tools (and ftpd). Work with third party software
       maintainers to add audit support for applications like
    4. Merge latest OpenBSM, including XML output support.

TrustedBSD MAC Framework

   URL: http://www.TrustedBSD.org/mac.html

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: <trustedbsd-discuss at TrustedBSD.org>

   Most work on the MAC Framework during this period, other than as
   relates to the priv(9) project described in a separate status report,
   has been in refinement of the structure of the framework.
     * Add two new entry points allowing MAC Framework policy modules to
       grant or limit fine-grained system privileges.
     * A sample mac_priv(4) policy module has been created demonstrating
       how a MAC Framework policy module can grant specific system
       privileges to specific users.
     * Commenting throughout the MAC Framework significantly extended.
     * Correct a bug in which the original ifnet label was copied to user
       space via ioctl, rather than the thread-local copy.
     * mac_enforce_subsystem debugging sysctls removed, as some policies
       rely on access control checks being called even when non-enforcing
       (specifically, information flow related policies).
     * Break out mac.h include file into mac.h (user API, system calls)
       and mac_framework.h (in-kernel interface to the MAC Framework).
       Move non-user MAC include files from src/sys to
       src/sys/security/mac. Move and break out kern_mac.c into
       mac_framework.c and mac_syscalls.c. The MAC Framework is now
       entirely located in src/sys/security/mac.
     * Export the MAC Framework version via a read-only sysctl and
       provide a #define version usable by policies.
     * MAC Framework locking optimized to optimistically expect no write
       lock contention during read locking.

Open tasks:

    1. Now that the MAC Framework has been fully moved to
       src/sys/security/mac, embark on the 'mac2' interface cleanup, in
       which many MAC Framework entry points are renamed for consistency.
       This will require most MAC Framework policy modules to be modified
       between FreeBSD 6.x and FreeBSD 7.x, although in a way that can be
       largely done using sed.
    2. Add accessor functions for policies retrieving per-policy label
       data from labels, so that policy modules do not compile in the
       binary layout of struct label. This will allow future optimization
       of the label layout.
    3. Complete integration of audit and MAC support, allowing MAC policy
       modules to control access to audit interfaces, and allowing them
       to annotate audit records.

TrustedBSD priv(9)

   URL: http://www.TrustedBSD.org/

   Contact: Robert Watson <rwatson at FreeBSD.org>

   TrustedBSD priv(9) replaces suser(9) as an in-kernel interface for
   checking privilege in FreeBSD 7.x. Each privilege check now takes a
   specific named privilege. This allows both centralization of jail
   logic relating to privilege, which is currently distributed around the
   kernel at the point of each call to suser(9), and allows
   instrumentation of the privilege logic by the MAC Framework. Two new
   MAC Framework entry points, one to grant and the other to limit
   privilege, are now available, providing fine-grained control of kernel
   privilege by policy modules. This lays the kernel infrastructure
   groundwork for further refinement and extension of the kernel
   privilege model. The priv(9) implementation has been committed to

   This software was developed by Robert N. M. Watson for the TrustedBSD
   Project under contract to nCircle Network Security, Inc.

Open tasks:

    1. Complete review of kernel privilege checks, removal of suser(9)
       jail flag now that checks are centralized.
    2. Explore possible changes to kernel privilege model along lines of
       POSIX.1e privileges, the Solaris privilege interface, etc. This
       has been explored previously as part of the TrustedBSD
       Capabilities project also.

Update of the Linux Compatibility Environment in the Kernel

   URL: http://wiki.FreeBSD.org/linux-kernel

   Contact: Alexander Leidinger <netchild at FreeBSD.org>
   Contact: Roman Divacky <rdivacky at FreeBSD.org>
   Contact: Emulation Mailinglist <emulation at FreeBSD.org>

   Since the last status report we made good progress in improving the
   compatibility environment. We fixed more than 30 testcases on i386
   (130 testcases = 16% still failing) and more than 60 testcases on
   amd64 (140 testcases = 17% still failing) in the Linux 2.4
   compatibility. These numbers compare FreeBSD 6.2 with -CURRENT. Some
   of those fixes are edge cases in the error handling, and some of them
   fix real issues -- e.g. hangs -- and improve the stability and
   correctness of the emulation.

   Regarding the Linux 2.6 compatibility there are 140 testcases (17%) on
   i386 and 150 testcases (18%) on amd64 still failing in -CURRENT. After
   fixing some showstopper problems with real applications, we should be
   able to give the 2.6 emulation a more widespread exposure "soon" to
   find more bugs and to determine the importance of those Linux syscalls
   which we did not implement yet.

   The severity of the broken testcases varies, and some of them will
   never be fixed, e.g., we will never be able to load Linux kernel
   modules into a FreeBSD kernel, being able to add swap with a Linux
   command has very low priority, and fixing stuff which is used by
   applications like IPC type 17 has high priority.

   Some differences in the 2.6 compatibility are because not all i386
   changes are merged into the amd64 code, and some testcases are already
   fixed in our perforce repository but need more review before they can
   be committed to -CURRENT.

   We need some more testers and bug reporters. So if you have a little
   bit of time and a favorite Linux application, please play around with
   it on -CURRENT. If there is a problem, have a look at the wiki if we
   already know about it and report on emulation@ . We are especially
   interested in reports about the 2.6 compatibility (sysctl
   compat.linux.osversion=2.6.16), but only with the most recent -CURRENT
   and maybe with some patches we have in the perforce repository
   (mandatory on amd64).

   We thank all people who tested the changes / submitted patches and
   thus helped improving the Linux compatibility environment.

Updating X.org FreeBSD Ports to 7.2

   URL: http://xorg.freedesktop.org/
   URL: http://git.xbsd.org/?p=freebsd/ports.git;a=shortlog;h=xorg
   URL: http://blog.xbsd.org/
   URL: http://lists.freebsd.org/pipermail/freebsd-x11/

   Contact: Florent Thoumie <flz at FreeBSD.org>
   Contact: Eric Anholt <anholt at FreeBSD.org>
   Contact: Dejan Lesjak <lesi at FreeBSD.org>

   X.org 7.2 release has been delayed more than a month, which gave us
   more time to fix build failures, to work on a few runtime issues and
   to determine the easiest way to upgrade from 6.9 to 7.2 (mostly with
   the help of people on the freebsd-x11@ mailing list ). Everything is
   in a rather good shape but there's still a little amount of work to
   do. The merge of new ports is most likely to happen before the end of

Open tasks:

    1. Do a global review of the diff between the original tree and the
       experimental one (git-diff origin xorg for git users)
    2. Fix the remaining (9 I think, 3 being lang/jdk's) build errors
    3. Continue testing
    4. Do another experimental build on pointyhat

Wireless Networking

   Contact: Sam Leffler <sam at errno.com>

   Work on wireless support has continued to evolve in the public CVS
   tree while other work has been going on behind the scenes in the
   developer's perforce repository.

   Support was recently added to HEAD for half- and quarter-rate channels
   as found in the 4.9 GHz FCC Public Safety Band. This work was a
   prerequisite to adding similar support in the 900 MHz band as found in
   Ubiquiti's SR9 cards. Adding this functionality was straightforward
   due to the design of the net80211 layer, requiring only some additions
   to handle the unusual mapping between frequencies and IEEE channel
   numbers. The ath(4) driver currently supports hardware capable of
   operating on half- and quarter-rate channels.

   Kip Macy recently made significant advances preparing legacy drivers
   for the re-architected net80211 layer that has been languishing in
   perforce. With his efforts this code is nearly ready for public
   testing after which it can be merged into CVS. Our goal is to complete
   this merge in time for the 7.x branch (otherwise it will be forced to
   wait for 8.0 before it appears in a public release). This revised
   net80211 layer includes advanced station mode facilities such as
   background scanning and roaming and support for Atheros' SuperG
   extensions. Getting the revised scanning work into CVS will greatly
   simplify public distribution of the Virtual AP (VAP) code as a patch
   as well as enable addition of 802.11n support.

   Benjamin Close is working on support for the Intel 3945 parts commonly
   found in laptops. The work is going on in the perforce repository with
   public code drops for testing.

   Atheros PCI/Cardbus support was updated with a new HAL that fixes a
   few minor issues and corrects a problem that kept AR2424 parts from
   working. The new HAL also enables more efficient use of the hardware
   keycache for TKIP keys; on newer hardware you can now support up to 57
   stations without faulting keys into the cache. Support for the latest
   802.11n parts found in the new Lenovo and Apple laptops (among others)
   is in development; initial release will support only legacy operation.

   Support for Atheros USB devices is coming. Atheros has agreed to
   license their firmware with the same license applied to the HAL which
   means it can be committed to the tree and distributed as part of
   releases. The driver is still in development.

   wpa_supplicant and hostapd were updated to the latest stable build
   releases from Jouni Malinen. Shortly the in-tree code base will switch
   to the 0.5.x tree which will bring in much new functionality including
   dynamic VLAN tagging that will be especially useful once the multi-bss
   support is available.

   The support for injection of raw 802.11 frames was committed to HEAD.
   This work was done in collaboration with Andrea Bittau. At this point
   there are no plans to commit this to the STABLE branch as it requires
   API changes.

   Legal Notices | © 1995-2007 The FreeBSD Project. All rights reserved.

More information about the freebsd-announce mailing list