diff --git a/website/content/en/features.adoc b/website/content/en/features.adoc --- a/website/content/en/features.adoc +++ b/website/content/en/features.adoc @@ -1,72 +1,114 @@ --- -title: "About FreeBSD's Technological Advances" +title: "FreeBSD features" sidenav: about --- -= About FreeBSD's Technological Advances += FreeBSD features == FreeBSD offers many unique features. -No matter what the application, an operating system should take advantage of every resource available. FreeBSD's focus on performance, networking, and storage combines with ease of system administration and comprehensive documentation to realize the full potential of any computer. +No matter what the application, an operating system should take advantage of every resource available. +FreeBSD's focus on performance, networking, and storage combines with ease of administration and comprehensive documentation to realize the full potential of a computer. -== A complete operating system based on 4.4BSD. +== A complete operating system based on 4.4BSD -FreeBSD's distinguished roots derive from the *BSD* software releases from the Computer Systems Research Group at the University of California, Berkeley. Over twenty years of work have been put into enhancing FreeBSD, adding industry-leading scalability, network performance, management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems. This is only possible because of the diverse and worldwide membership of the volunteer FreeBSD Project. +link:https://freebsdfoundation.org/freebsd/timeline/[FreeBSD's roots] are the *BSD* software releases from the Computer Systems Research Group at the University of California, Berkeley. +Decades of development have led to advanced scalability, network performance, management tools, file systems support, security and other features. +FreeBSD is found across the Internet in core router products, running root name servers, hosting major web sites, and as a foundation for widely used desktop operating systems. -*FreeBSD 10.X* introduces many new features and replaces many legacy tools with updated versions. +[[features]] +== Features -* *bhyve*: A new BSD licensed, legacy-free hypervisor has been imported to the FreeBSD base system. It is currently able to run all supported versions of FreeBSD, and with the help of the grub-bhyve port, OpenBSD and Linux. +[[openzfs]] +=== OpenZFS -* *KMS And New drm2 Video Drivers*: The new drm2 driver provides support for AMD GPUs up to the Radeon HD 6000 series and provides partial support for the Radeon HD 7000 family. FreeBSD now also supports Kernel Mode Setting for AMD and Intel GPUs. +More than a file system, ZFS is fundamentally different from traditional file systems. +Combining the traditionally separate roles of software RAID, volume manager and file system provides ZFS with unique advantages. -* *Capsicum Enabled By Default*: Capsicum has been enabled in the kernel by default, allowing sandboxing of several programs that work within the "capabilities mode", such as: +ZFS has three main design goals: -** tcpdump -** dhclient -** hast -** rwhod -** kdump +* Data integrity -* *New Binary Packaging System*: FreeBSD now uses pkg, a vastly improved package management system that supports multiple repositories, signed packages, and safe upgrades. The improved system is combined with more frequent official package builds for all supported platforms and a new stable branch of the ports tree for better long term support. +* Pooled storage -* *Unmapped I/O*: The newly implemented concept of unmapped VMIO buffers eliminates the need to perform costly TLB shootdowns for buffer creation and reuse, reducing system CPU time by up to 25-30% on large SMP machines under heavy I/O load. +* Performance. -*FreeBSD 9.X* brought many new features and performance enhancements with a special focus on desktop support and security. +[[zfs-boot-environments]] +=== ZFS boot environments +A ZFS boot environment is a bootable clone/snapshot of specially preselected parts of a system. -* *OpenZFS*: FreeBSD 9.2 includes OpenZFS v5000 (Feature Flags), including the feature flags: +Use cases include: -** async_destroy -** empty_bpobj -** lz4_compress +* Bulletproof upgrades/changes to the system +* Create safe fallback ZFS Boot Environment before upgrade or changes to the system +* Update a new (inactive) environment without altering the active environment +* Perform upgrade and test the results inside jail +* Copy/move ZFS boot Environment into another machine +* Major reconfiguration (Bareos/Postfix/...) +* Mass populate large number of servers with one configured BE +* Bare metal backup solution. -which allow ZFS destroy operations to happen in the background, make snapshots consume less disk space, and offers a better compression algorithm for compressed datasets. +[[jails]] +=== Jails -* *Capsicum Capability Mode*: Capsicum is a set of features for sandboxing support, using a capability model in which the capabilities are file descriptors. Two new kernel options CAPABILITIES and CAPABILITY_MODE have been added to the GENERIC kernel. +Jails originated with FreeBSD 4.X. -* *Hhook*: (Helper Hook) and khelp(9) (Kernel Helpers) KPIs have been implemented. These are a superset of the pfil(9) framework for more general use in the kernel. The hhook(9) KPI provides a way for kernel subsystems to export hook points that khelp(9) modules can hook to provide enhanced or new functionality to the kernel. The khelp(9) KPI provides a framework for managing khelp(9) modules, which indirectly use the hhook(9) KPI to register their hook functions with hook points of interest within the kernel. Together, they allow a structured way to dynamically extend the kernel at runtime in an ABI-preserving manner. +They build upon man:chroot[8], which changes the root directory. +This creates a safe environment, separate from the rest of the system. +Processes created in a jailed environment can not access files or resources outside of it. -* *Accounting API* has been implemented. It can keep per-process, per-jail, and per-login class resource accounting information. Note that this is neither built nor installed by default. To build and install this, specify the option RACCT in the kernel configuration file and rebuild the base system as described in the FreeBSD Handbook. +Jails improve upon chroot in several ways. +In a traditional chroot environment, processes are limited to a part of the file system. +The rest of the system resources, system users, running processes, and the networking subsystem are shared by the chrooted processes and the processes of the host system. +Jails further restrict access to the file system, the set of users, and the networking subsystem. +Finer-grained access controls are available. -* *Resource-limiting API* has been implemented. It works in conjunction with the RACCT resource accounting implementation and takes user-configurable actions based on the set of rules it maintains and the current resource usage. The rctl(8) utility has been added to manage the rules in userland. Note that this is neither built nor installed by default. +[[ports-collection]] +=== Ports collection -* *USB* subsystem now supports USB packet filter. This allows capturing packets which go through each USB host. The architecture of the packet filter is similar to that of bpf. The userland program usbdump(8) has been added. +More than 30,000 applications and libraries are link:https://www.freebsd.org/ports/[ported] to FreeBSD. +The architecture allows easy customization of compile time options of many of the ports. -*Infiniband support*: OFED (OpenFabrics Enterprise Distribution) version 1.5.3 has been imported into the base system. +[[virtualization]] +=== Virtualization -* *TCP/IP network* stack now supports the mod_cc(9) pluggable congestion control framework. This allows TCP congestion control algorithms to be implemented as dynamically loadable kernel modules. Many kernel modules are available: cc_chd(4) for the CAIA-Hamilton-Delay algorithm, cc_cubic(4) for the CUBIC algorithm, cc_hd(4) for the Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP algorithm, cc_newreno(4) for the NewReno algorithm, and cc_vegas(4) for the Vegas algorithm. The default algorithm can be set by a new sysctl(8) variable net.inet.tcp.cc.algorithm. +link:https://bhyve.org/[bhyve]: a BSD licensed, legacy-free hypervisor that runs all supported versions of FreeBSD, as well as other operating systems that support UEFI, including but not limited to link:https://www.openbsd.org/[OpenBSD], link:https://www.microsoft.com/en-us/windows/[Windows(R)] and link:https://kernel.org/[Linux(R)], with the use of bhyve-firmware. -* *SU+J*: FreeBSD's Fast File System now supports soft updates with journaling. It introduces an intent log into a softupdates-enabled file system which eliminates the need for background fsck(8) even on unclean shutdowns. +[[linuxulator]] +=== Linux binary compatibility -FreeBSD includes a number of other great features: +Linux binary compatibility, commonly referred to as link:https://wiki.freebsd.org/Linuxulator[Linuxulator], allows FreeBSD to run many unmodified Linux binaries. +It does not involve virtual machines or emulation; +instead, it provides the binaries with kernel interfaces identical to those provided by a real Linux kernel. +Linuxulator is comparable to 32-bit FreeBSD binaries running on a 64-bit FreeBSD kernel. -* *Firewalls*: The base system includes IPFW and IPFilter, as well as a modified version of the popular pf with improved SMP performance. IPFW also includes the dummynet feature, allowing network administrators to simulate adverse network conditions, including latency, jitter, packet loss and limited bandwidth. +[[dtrace]] +=== DTrace -* *Jails* are a light-weight alternative to virtualization. Allowing processes to be restricted to a namespace with access only to the file systems and network addresses assigned to that namespace. Jails are also Hierarchical, allowing jails-within-jails. +DTrace, also known as Dynamic Tracing, was developed by Sun Microsystems(TM) to locate performance bottlenecks in production and pre-production systems. +In addition, DTrace can help to investigate and debug unexpected behaviors in the kernel and in userland. -* *Linux emulation* provides a system call translation layer that allows unmodified Linux binaries to be run on FreeBSD systems. +DTrace has an impressive array of features. +It's scriptable. +Developers can use the DTrace D Language to create utilities for custom profiling. -* *DTrace* provides a comprehensive framework for tracing and troubleshooting kernel and application performance issues while under live load. +The FreeBSD implementation provides full support for kernel DTrace and experimental support for userland DTrace. +Userland DTrace allows users to perform function boundary tracing for userland programs using the pid provider, and to insert static probes into userland programs for later tracing. -* *The Ports Collection* is a set of more than 23,000 third party applications that can be easily installed and run on FreeBSD. The ports architecture also allows for easy customization of the compile time options of many of the applications. +[[capsicum]] +=== Capsicum +Capsicum allows sandboxing of several programs that work within the "capabilities mode", such as: -* *Network Virtualization*: A container ("vimage") has been implemented, extending the FreeBSD kernel to maintain multiple independent instances of networking state. Vimage facilities can be used independently to create fully virtualized network topologies, and jail(8) can directly take advantage of a fully virtualized network stack. +* tcpdump +* dhclient +* hast +* rwhod +* kdump. + +[[vnet]] +=== Network Virtualization + +VNET virtualizes the network stack. +The basic idea is to change global resources most notably variables into per network stack resources and have functions, sysctls, eventhandlers, etc. access and handle them in the context of the correct instance. +Each (virtual) network stack is attached to a prison, with vnet0 being the un-restricted default network stack of the base system. +`VIMAGE` facilities can be used independently to create fully virtualized network topologies, and man:jail[8] can directly benefit from a fully virtualized network stack.