diff --git a/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml b/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml index bdcebb038a..5bc5e02816 100644 --- a/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml +++ b/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml @@ -1,1847 +1,1848 @@ April-June 2013
Introduction

This report covers &os;-related projects between April and June 2013. This is the second of four reports planned for 2013.

Thanks to all the reporters for the excellent work! This report contains 32 entries and we hope you enjoy reading it.

The deadline for submissions covering between July and September 2013 is not yet decided.

team &os; Team Reports proj Projects kern Kernel arch Architectures bin Userland Programs ports Ports docs Documentation event Events soc Google Summer of Code misc Miscellaneous PC-BSD Kris Moore kmoore@FreeBSD.org PC-BSD Home Page

Progress on moving PC-BSD & TrueOS to a "rolling release" is happening quickly. We have implemented our own package repository, fully based on pkg(8), which is updated twice monthly, and are now hosting dedicated freebsd-update(8) systems. In addition to the 9.1-RELEASE ISO images, we have begun to create a 9-STABLE branch as well, using freebsd-update(8) to push out the latest world and kernel binaries on a monthly basis.

We are currently working on an implementation of ZFS Boot Environments for desktops and servers. These users to install updates or experimental versions in separate ZFS clones and select the one to run at boot time, providing an easy way of testing upgrades before deployment.

 Wireless Networking Improvements Adrian Chadd adrian@FreeBSD.org

Recently the &os; wireless networking stack has received updates in the following areas:

  • Improved transmit locking in net80211(4) to eliminate a whole class of subtle race conditions leading to out-of-order packets being handed to the driver.
  • Spectral scan (FFT) information is now available for the AR9280, AR9285, AR9287 series NICs.
  • Added support for AR93xx, AR94xx, AR95xx NICs — hostap, adhoc and station modes have been tested, including 3x3 stream support for the those NICs where appropriate.
  • Implemented ps-poll handling in hostap mode. This was required for correct behaviour with stations that implement aggressive power save.
  • Added AR933x SoC support — including all on-board peripherals — the 8devices.com Carambola-2 board is now fully supported and will run &os; from NOR flash.
 Intel IOMMU (VT-d, DMAR) Support Konstantin Belousov kib@FreeBSD.org

Intel VT-d is a set of extensions that were originally designed to allow virtualizing devices. It allows safe access to physical devices from virtual machines and can also be used for better isolation and performance increases. A VT-d driver was developed that implements the busdma(9) interface using the DMA Remap units (DMARs) found in current Intel chipsets. The driver provides reliability and security improvements for the system by facilitating restricted access to main memory from busmastering devices.

It also eliminates bounce buffering (copying) by allocating remapped regions that satisfy a device's access limitations.

With additional work to define a suitable interface the VT-d driver will also provide PCI pass-through functionality for hypervisors.

This project is sponsored by The &os; Foundation.

Implement workarounds for chipset errata. Commit to HEAD after additional testing. Rebalance MSI/MSI-X using interrupt remapping unit, also required for x2APIC use on big machines. Integrate with the Intel GPU MMU and handle Ironlake and SandyBridge errata for the GFXVTd unit. Provide an interface for VMM (hypervisors). Consider implementing a driver for AMD's IOMMU. Multi-threaded Pagedaemon Konstantin Belousov kib@FreeBSD.org

This project aims to improve scalability of the virtual memory subsystem. Based on a prototype change from Jeff Roberson, per-domain page queues and per-domain pagedaemon working threads have been implemented to enable this. At the moment, the domains coincide with the NUMA proximity domains, but this is not neccessary and could be improved with further separation to allow more parallelism in the pagedaemon.

The patch is relatively simple, with the most delicate parts being the page laundry and OOM logic, which requires coordination between all pagedaemon threads to prevent false triggering.

Testing on diverse workloads and on real multi-socket machines is required.

This project is sponsored by The &os; Foundation.

Debug on multi-domain NUMA machine. Test, get review and commit. <tt>bsnmpd(1)</tt> Support in <tt>hastd(8)</tt> Mikolaj Golub trociny@FreeBSD.org

A hastd(8) module for bsnmpd(1) has been committed to &os; head and merged to stable/8 and stable/9 branches recently. This module makes it possible to monitor and manage hastd(8) via the SNMP protocol.

 &os; Release Engineering Team &os; Release Engineering Team re@FreeBSD.org

The &os; 8.4-RELEASE cycle completed on June 7, 2013, approximately two months behind the original schedule. Please be sure to read the Errata Notices for any post-release issues discovered after 8.4-RELEASE.

The &os; 9.2-RELEASE process will begin July 6, 2013. Unless any critical issues arise, &os; 9.2-RELEASE is expected to be available late August or early September.

Users tracking the &os; 9.X branch are encouraged to test the -BETA and -RC builds whenever possible, and provide feedback and report issues to the freebsd-stable mailing list.

 Virtual Private Systems Klaus Ohrhallinger k@7he.at

VPS for &os; is an OS-level based virtualization implementation that supports advanced features like live migration. It has been recently imported into the Project's Subversion repository as a project branch. The code is currently of alpha quality.

Test with many different guest setups/applications. All feedback is highly appreciated. KDE/&os; KDE &os; kde@FreeBSD.org KDE/&os; home page area51

The KDE/&os; Team has continued to improve the experience of KDE software and Qt under &os;. During this quarter, the team has kept most of the KDE and Qt ports up-to-date, working on the following releases:

As a result — according to PortScoutkde@ has 473 ports (up from 431), of which 98.73% are up-to-date (up from 93.5%). iXsystems Inc. continues to provided a machine for the team to build packages and to test updates. iXsystems Inc. has been providing the KDE/&os; Team with support for quite a long time and we are very grateful for that. This quarter, we would also like to thank Steve Wills (swills@) for providing access to another machine so that we can do our work even faster.

While a great deal of the team's efforts are focused towards packaging released code, we also take a proactive stand in making sure future versions of the software we port is also going to work well on &os;. This involves being in close contact with upstream, raising awareness of &os; as an active project and also sending actual patches that most of the time benefit many other operating systems besides &os; itself. In this regard, we have been dedicating a lot of time making sure both clang and libc++ are fully supported in KDE and Qt. Not only has this resulted in many patches being sent to these projects, but the exposure to these large code bases have been beneficial to the Clang-on-&os; project as well. Dimitry Andric (dim@) has been of great help as a point of contact for all the issues we have faced.

As usual, the team is always looking for more testers and porters so please contact us and visit our home page. It would be especially useful to have more helping hands on tasks such as getting rid of the dependency on the defunct HAL project and providing integration with KDE's Bluedevil Bluetooth interface.

Update out-of-date ports, see PortScout for a list. Work on KDE 4.11 and Qt 5. Make sure the whole KDE stack (including Qt) builds and works correctly with clang and libc++. Remove the dependency on HAL. Upgrading the Documentation Set to DocBook 5.0 Gábor Kövesdán gabor@FreeBSD.org

The Documentation Project has been using old versions of markup standards until recently when we switched to a real XML toolchain and DocBook 4.5. However, we still depend on obsolete technologies — DSSSL and Jade. DocBook 5.0 provides cleaner markup and some nice new features.

The objective of this project is to upgrade the documentation set to DocBook 5.0 and to find a way to properly render our sources without using DSSSL, since the DSSSL stylesheets are discontinued and cannot render DocBook 5.0. The documentation sources have already been successfully transformed to DocBook 5.0 and updates to the rendering process are under development. The common opinion among &os; developers is that Java is a heavy dependency that should be avoided. This has suggested the transformation of DocBook sources to TeX and use TeX as a rendering backend. There are two ways to do this; the sources can be transformed either directly or through the XSL FO output generated by the stylesheets provided for the DocBook Project. The latter approach has been chosen as a preferred way since it better fits the existing documentation infrastructure and provides easier customization.

This project is generously funded by The &os; Foundation.

Finish the implementation of the rendering process. Integrate the rendering solution into the infrastructure. Merge back changes to head. AMD GPU Kernel Mode-setting Support Jean-Sébastien Pédron dumbbell@FreeBSD.org Konstantin Belousov kib@FreeBSD.org Project status on the wiki

Due to non-&os;-related activities from April to end of June, the project progressed slowly:

Several users tested the driver. Andriy Gapon, Jonathan Gray, and Mark Kettenis (of OpenBSD) submitted patches. kyzh kindly donated several discrete cards from different series. A big thanks to all those contributors!

The driver is still not stable enough for a wider call for testers.

Write instructions for the wiki to explain how to test the driver. Realtek RTL8188CU/RTL8192CU USB Wireless Driver Rui Paulo rpaulo@FreeBSD.org Kevin Lo kevlo@FreeBSD.org

The urtwn(4) driver was imported from OpenBSD. This is a driver for very small Realtek USB WiFi cards which are pretty inexpensive and can do 802.11n at the maximum theoretical speed of 150 Mbps. They make a good addition to embedded systems such as the Raspberry Pi and the BeagleBone. The driver requires firmware that is available in the &os; Ports Collection (net/urtwn-firmware-kmod). Note that 802.11n is not yet supported.

 ZFS TRIM and Enhanced <tt>BIO_DELETE</tt> Support Pawel Jakub Dawidek pjd@FreeBSD.org Steven Hartland smh@FreeBSD.org

As of the end of June, &os;'s ZFS implementation now includes TRIM support in head, stable/9, and stable/8 branches. This allows ZFS to help maintain high performance on flash-based devices such as SSD's even under high-load conditions.

When creating new pools and adding new devices to existing pools it first performs a full-device level TRIM to help ensure optimum starting performance. This behaviour can be overridden by setting the vfs.zfs.vdev.trim_on_init sysctl variable to 0 if for example the disks are new or have already been secure erased, which can also now be done using camcontrol(8) security actions.

In order to support TRIM, the kernel requires the underlying device driver supports BIO_DELETE. This is currently mapped through to hardware methods such as ATA TRIM and SCSI UNMAP, which are commonly supported by SSDs via CAM.

In order to increase the supported hardware base, CAM's SCSI layer was also enhanced to allow ATA TRIM via SATL ATA Passthrough to be used in addition to the existing UNMAP and WS methods. This allows SATA disks attached to SCSI controllers with CAM based drivers such as mps(4) and mpt(4) to provide delete support.

Stats for ZFS TRIM can be monitored by looking at the sysctl variables under kstat.zfs.misc.zio_trim in addition to live GEOM delete stats via the gstat -d command.

This project was sponsored by Multiplay and implemented by Pawel Jakub Dawidek.

 Superpages for ARMv7 Zbigniew Bodek zbb@semihalf.com Grzegorz Bernacki gjb@semihalf.com Rafal Jaworowski raj@semihalf.com

The ARM architecture is becoming more and more prevalent, with increasing usage beyond the mobile and embedded space. Among the more interesting industry trends emerging in the recent months, there has been the concept of "ARM server". Some top-tier companies, e.g. Dell and HP, have already started to develop such systems.

Key to success of &os; in these new areas is dealing with the sophisticated features of the platform, for example adding support for superpages.

The objective of this project is to enable &os;/arm to utilize superpages which would allow efficient use of TLB translations (by enlarging TLB coverage), leading to improved performance in many applications and scalability. This is intended to work on ARMv7-based processors, however compatibility with ARMv6 will be preserved.

The following steps have been made since the last status report:

Next steps:

This project is jointly sponsored by The &os; Foundation and Semihalf.

Start utilizing superpages on ARMv6/v7. Find bugs and debug. LLDB Debugger Port Ed Maste emaste@FreeBSD.org

LLDB is the the debugger project in the LLVM family. It supports the Mac OS X, Linux, and &os; platforms, but the latter has recently suffered under a lack of maintenance.

After cleaning bit rot in LLDB's &os; support, it again builds and can be used for basic debugging of single-threaded applications. The test suite also runs to completion, although it experiences a large number of failures.

Ed Maste has been granted an LLDB commit bit, and is now committing ongoing bug fixes and development directly to the upstream repository. There is a significant amount of work still to be done, with one goal being the incorporation of lldb into the base system.

This project is sponsored by DARPA/AFRL in collaboration with SRI International and the University of Cambridge.

Add support for multithreaded processes. Fix watchpoints. Add support for remote debuging (gdbserver / debugserver). Add support for core files. Add support for kernel debugging. Verify i386 and ARM architectures. Implement MIPS target support. Verify cross-debugging. Investigate and fix test suite failures. Prepare lldb for incorporation into the base system. Native iSCSI Stack Edward Tomasz Napierała trasz@FreeBSD.org

The native kernel iSCSI target and initiator project progressed well over the April to June period. The primary focus was to introduce support for iSER (iSCSI over RDMA) in both the initiator and the target. Prerequisite for this was merging some common parts together and implementing a workaround for the lack of iSER support in userspace. Apart from that, there were a myriad of smaller improvements. Such as creating more user-friendly administration utilities, for example iscsictl(8) which displays SCSI device nodes for each iSCSI session. This frees the user from getting the same information through camcontrol(8). There are also improvements in logging and manual pages.

Once the iSER support becomes stable, the work will focus on performance optimizations. The plan is to commit both the new initiator and target in August to allow shipping them in 10.0. The project will continue with implementing support for software iWARP stack (useful mostly for testing and development), SCSI passthrough and various other improvements.

This project is being sponsored by The &os; Foundation.

Performance optimization. Merge to &os; head. &os; Postmaster Team &os; Postmaster Team postmaster@FreeBSD.org

In the second quarter of 2013, the &os; Postmaster Team has implemented the following items that may be interest of the general public:

  • With help from clusteradm, found that unbound (the resolver used on mx1 and mx2) is configured to perform DNSSEC validation which implies that if a signed zone fails validation, unbound refuses to use the information. This had caused one person to be unable to exchange email with &os;.org until the zone signatures were refreshed.
  • Created the freebsd-dtrace mailing list, requested by George Neville-Neil.
  • Resurrected the freebsd-testing mailing list, requested by Garrett Cooper.
  • Created the freebsd-tex mailing list, requested by Hiroki Sato.
  • In response to another comment that our message rejection message was unclear in the case that greylisting was the reason, re-worded that message.
  • Augmented the allowable MIME types for secteam with the following to permit sending encrypted messages:
    • application/pgp-encrypted
    • application/pkcs7-encrypted
    • application/x-pkcs7-encrypted
    • multipart/encrypted
  • Began replacing freebsd-mozilla with freebsd-gecko.
 Capsicum Pawel Jakub Dawidek pjd@FreeBSD.org Capsicum Mailing List cl-capsicum-discuss@lists.cam.ac.uk

Capsicum, lightweight OS capability and sandboxing framework, is being actively worked on. In the last few months the following tasks have been completed:

For Capsicum-based sandboxing in the &os; base system, the commits referenced above and the provided code aim to serve as examples. We would like to see more &os; tools to be sandboxed — every tool that can parse data from untrusted sources, for example. This requires deep understanding of how the tool in question works, not necessarily only Capsicum.

This work is being sponsored by The &os; Foundation.

Get involved, make the Internet finally(!) a secure place. Contact us at the cl-capsicum-discuss mailing list, where we can provide guidelines on how to do sandboxing properly. The fame is there, waiting. Xfce/&os; &os; Xfce Team xfce@FreeBSD.org

The &os; Xfce Team has updated its ports to the latest stable releases, especially:

Fix CPU issue with textproc/xfce4-dict-plugin (bug #10103). Investigate why midori-gtk3 crashes too often. (The port is finished, but some libraries are not present by default in ports tree). Fix x11-themes/gtk-xfce-engine with Gtk+ >=3.6. &os; Security Team &os; Security Team secteam@FreeBSD.org

On April 15th Dag-Erling Smørgrav and Xin Li took over as security officers for the &os; Project, and the team welcomed Qing Li back to the team in June. This report briefly summarizes the work of the Security Team from April until the end of June.

The Security Team has released the following advisories:

  • FreeBSD-SA-13:05.nfsserver: Insufficient input validation in the NFS server (nfsd(8)), reported by Adam Nowacki.
  • FreeBSD-SA-13:06.mmap: Privilege escalation via mmap(), reported by Konstantin Belousov.

The Security Team has contributed to the following errata notices:

  • FreeBSD-EN-13:02.vtnet: Frames are not properly forwarded to vtnet(4) when two or more MAC addresses are configured on QEMU 1.4.0 and later in 8.4-RELEASE, reported by Julian Stecklina.
  • FreeBSD-EN-13:01.fxp: Initialization of fxp(4) network interfaces results in an infinite loop with dhclient(8) in 8.4-RELEASE, reported by Michael L. Squires.

Per the request of Baptiste Daroussin, the Security Team has also reviewed the source code of Poudriere, the port build and test system which is planned to be used for producing pkg(8) ("new-style") packages on the &os; cluster.

 BSD-Day 2013 Gábor Páli pgj@FreeBSD.org BSD-Day 2013 web site YouTube playlist of talks Event photo album

The BSD-Day is a now recurring excuse for BSD developers and users to meet up in person, share some beers and talk about what they are working on these days. There was a detour this year to visit the beautiful city of Naples of Italy, the home of pizza. Fortunately, the event has again gained support from numerous and generous sponsors, such as The &os; Foundation, the EMC Corporation, iXsystems, FreeBSDMall, BSD Magazine, and many others which enabled us to cover the costs of travel and accommodation for the speakers. We are really grateful for this.

Similarly to the previous years, the whole event started with a dinner in the downtown (somewhere around the Irish Pub) on Friday which suddenly turned into a do-it-yourself pizza-fest. Then it was followed by the Saturday event at the Institute of Biostructures and Bioimaging. There we had a lot of attendees for the associated BSDA exam in the morning — 8 persons. The event itself had many interesting topics as well, for example moving MCLinker into the BSD world, organization and culture of the &os; Project, the new callout(9) framework, building and testing ports with Poudriere and Tinderbox, &os; in the embedded space, or building reliable VPN networks with OpenBSD. See the links in the report for more.

 xorg on &os; x11@FreeBSD.org Niclas Zeising zeising@FreeBSD.org Koop Mast kwm@FreeBSD.org

During the beginning of this quarter, work focused on making the xorg update as robust and stable as possible in preparation for the merge to ports. As a part of this, ports exp-runs were performed to find and resolve regressions and other issues. Once this was completed, xorg was updated to version 7.7 on May 25, after more than a year of hard work.

After the update, work immediately shifted to focus on updating and patching xorg client libraries, since numerous security issues had been identified in those. Unfortunately, this took a little longer than anticipated, but all fixes were comitted eventually.

There has also been work on making the new xorg distribution the default for &os; 9.1 and later. A patch was sent out and tested with good results, but this is currently postponed because switching virtual terminals is not working with the KMS driver.

Currently, work is focusing on keeping xorg drivers and libraries up to date. Instead of making big updates every year or less, minor updates to some libraries, applications and drivers happen fairly regularly. Focus is also starting to shift towards newer versions of MESA and xorg-server, but this is still very experimental.

Continue the porting effort of recent versions of MESA. This is ongoing work, but integrating this into the development repo is hard work. Once this is completed, and KMS support for ATI is more mature, more testing can be done. Port Wayland. The future of graphical environments in open source operating system seems to be Wayland. This needs to be ported to &os; so that a wider audience can test it, and so that it eventually can be integrated into the ports tree, perhaps as a replacement for the current xorg. Look into replacements for HAL. HAL is used for hot-plugging of devices, but it has been long abandoned by Linux. A replacement, perhaps built on top of devd(8), would be nice to have. This work should be coordinated with the &os; GNOME and KDE teams. &os; Haskell Ports Gábor Páli pgj@FreeBSD.org Ashish SHUKLA ashish@FreeBSD.org &os; Haskell wiki page &os; Haskell ports repository Experimental pkg(8) package repositories

We are proud to announce that the &os; Haskell Team has updated the Haskell Platform to 2013.2.0.0, GHC to 7.6.3, as well as updated existing ports to their latest stable versions. In this update, we provided experimental support for LLVM-based code generation (disabled by default) to Haskell ports. We also added a number of new ports, which brings their count in the &os; Ports Collection to 402, and now Haskell ports play nicer with portmaster(8)-based upgrades.

In cooperation with Konstantin Belousov and Dimitry Andric, we have managed to unbreak the build of GHC on 32-bit 10.x systems, so we have packages for 10.x again. However, it turned out that this bug (in thread signal delivery) can also affect the building process for other platforms as well, which explains some of the strange build breakages our users experienced in the past.

We have also learned that there is ongoing work in the GHC upstream which will allow us to provide support for building with Clang natively once GHC 7.8 becomes part of the Haskell Platform.

Test experimental Clang/LLVM code generation support to enable it by default. Commit pending Haskell ports to the ports tree. Port more (popular) Cabal packages. V4L2 Update in the Linuxulator Alexander Leidinger netchild@FreeBSD.org

The V4L2 support in the linuxulator was updated in &os; head. This lets Skype v4 display video.

Find out why audio in Skype v4 stops working after some calls. <tt>bsdconfig(8)</tt> and <tt>sysrc(8)</tt> Devin Teske dteske@FreeBSD.org

New utilities have been introduced in &os; base system: bsdconfig(8) and sysrc(8). bsdconfig(8) is a replacement for the post-install abilities of deprecated sysinstall(8), while sysrc(8) is a robust utility for managing rc.conf(5) from the command line without a text editor.

They are expected to be merged back to stable branches shortly.

 Qt and GTK+ Frontends for <tt>pkg(8)</tt> Justin Muniz jmuniz@FreeBSD.org Eitan Adler eadler@FreeBSD.org

This project is part of Google Summer of Code. Work has only just begun, and the code is in its infancy. The Subversion repository holds experimental code that is actively being developed. Development should be concluded before the end of September, and the project will enter the maintenance phase of its life cycle.

Work with Matt Windsor to create a pkg(8) backend for PackageKit. Extend PackageKit's Qt frontend to offer more functionality through pkg(8). Extend PackageKit's GKT+ frontend to offer more functionality through pkg(8). GNOME/&os; &os; GNOME Team gnome@FreeBSD.org

The GNOME 3.6 work is moving along slowly but steadily. Almost all the GNOME 3 desktop ports were updated to their corresponding 3.6 versions.

A big challenge was taken by getting the webkit-gtk3 port updated to 2.0.3. Currently programs using webkit-gtk3 crash on launch. It is hard to find the causes as the debug build of webkit-gtk either runs out of memory or disk space on the developement system used.

Update the &os; GNOME website with recent changes in the ports tree, add new items in preparation for GNOME 3 and Mate, etc. Merge Glib 2.36, GTK+ 3.8 and related ports back to the Ports Collection. Continue work on GNOME 3.6, fix bugs and write code for missing features. Complete the port of MATE. Xen Support Improvements Justin T. Gibbs gibbs@FreeBSD.org Will Andrews will@FreeBSD.org Andre Oppermann andre@FreeBSD.org Roger Pau Monné roger.pau@citrix.com Git repository

&os; Xen HVM can be further improved by using more PV interfaces inside a HVM guest. So far the following items have been completed:

With this changes, &os; will have a complete PVHVM port, this will also set the ground for a future PVH port (when PVH support is merged into Xen).

Further improvements on blkfront and netfront have also been commited:

Netfront changes have been merged to stable branches, blkfront changes are only in head.

Merge remaining changes into head. New Capsicum Features Mariusz Zaborski oshogbo@FreeBSD.org Pawel Jakub Dawidek pjd@FreeBSD.org

Capsicum is a lightweight OS capability and sandboxing framework implemented in &os;. This is still a new technology, so there is a lot of space for improvements. Thanks to the Google Summer of Code program and Pawel Jakub Dawidek for volunteering as mentor, Mariusz will have the chance to work on this project in the summer.

The work on sandboxing the rwho(1) and rwhod(8) utilities was completed recently. There is also a plan to implement two new modules for Casper. Casper is a daemon to provide services for applications using Capsicum's capability mode. Some experimentation with implementing two new capability rights is in progress, so is porting one more program to use the existing features of the Capsicum framework.

system.unix — a Casper module provides connect and listen on Unix domain socket. system.udp — a Casper module enabling connect, listen, send, and receive of UDP packets. Implementing sandboxing for fetch(1). Introduce new capability rights: CAP_SEND_RIGHTS and CAP_RECV_RIGHTS. Improved TCP SYN Cookies Andre Oppermann andre@FreeBSD.org Description Patch

We have had a SYN cookie implementation for quite some time now but it has some limitations with current realities for window scaling and SACK encoding the in the few available bits.

This patch updates and improves SYN cookies mainly by:

  1. Encoding of MSS, WSCALE (window scaling) and SACK into the ISN (initial sequence number) without the use of timestamp bits.
  2. Switching to the very fast and cryptographically strong SipHash-2-4 hash MAC algorithm to protect the SYN cookie against forgery.

The common parameters used on TCP sessions have changed quite a bit since SYN cookies were invented some 17 years ago. Today we have a lot more bandwidth which makes use of window scaling almost mandatory. Also SACK has become standard as it makes recovering from packet loss much more efficient.

The original SYN cookies method only stored an indexed MSS value in the cookie. This obviously is not sufficient any more and breaks in the presence of WSCALE. WSCALE information is only exchanged during SYN and SYN-ACK. If we cannot keep track of it then we severely underestimate the available send or receive window, compounded with the fact that with large window scaling the window size information on the TCP segment header would be even lower numerically.

A number of years back, SYN cookies were extended to store the additional state in the TCP timestamp fields, if available on a connection. It has been adopted by Linux as well. While timestamps are common among the BSD, Linux and other Unix systems, Windows never enabled them by default, thus they are not present for the vast majority of clients seen on the Internet.

The new improvement in this patch moves all necessary information into the ISN again, removing the need for timestamps. Both the MSS and send WSCALE are stored in 3 bit indexed form together with a single bit for SACK. While we cannot represent all possible MSS and WSCALE values in only 3 bits each (both are 16-bit fields in the TCP header), it turns out that is not actually necessary.

These improvements allow one to run with SYN cookies only on Internet-facing servers. However while SYN cookies are calculated and sent all the time, they are only used when the syn cache overflows due to attacks or overload. In that case though, you can rest assured that no significant degradation in TCP connection setup happens any more and that even Windows clients can make use of window scaling and SACK.

Additional testing on busy servers. The &os; Foundation Deb Goodkin deb@FreeBSDFoundation.org

We started the quarter with our "Raise a Million — Spend a Million" Spring Fundraiser. This was the first of three major fundraisers scheduled for the year. We were pleased to have raised $365,291 by the end of the campaign — May 31. Last year, by the same time, we had raised only $56,196. We have started this year off with a much better fundraising strategy. We want to send a big thank you to everyone out there that has made a donation in 2013. Your early donations have made a significant impact on our fundraising endeavors so far this year.

Some things we accomplished this last quarter are:

 &os; Core Team &os; Core Team core@FreeBSD.org

In the second quarter of 2013, the Core Team approved a new Security Officer, Dag-Erling Smørgrav and his deputy, Xin - Li, who replaced Simon Nielsen. Peter Wemm volunteered to - reorganize and take the lead on administration of the &os; - cluster and then the Core Team has approved and welcome Glen - Barber and Ryan Steinmetz as additions to his team.

+ Li. The Core Team acknowledges Simon Nielsen, the outgoing + Security Officer, for his work in the role. Peter Wemm took the + lead on the reorganization and administration of the &os; + cluster, and with the Core Team's approval, Glen Barber and Ryan + Steinmetz were welcomed to the cluster administration team.

Based on the recommendation and experiences of Martin Wilke, - core also supported establishing a liaison role between port - managers and release engineers in order to improve their - communication, especially for preparing releases. This liaison - became Bryan Drewery.

- -

Following up on the request from Eitan Adler, core agreed to - remove CVS from the base system, which was soon followed by - importing a lightweight version of Subversion tools, implemented - by Peter Wemm.

+ the Core Team also supported establishing a liaison role between + port managers and release engineers in order to improve their + communication, especially for preparing releases. The Core Team + welcomes Bryan Drewery to this role.

+ +

Following up on the request from Eitan Adler, the Core Team + agreed to remove CVS from the base system, which was soon followed + by importing a lightweight version of Subversion tools, + implemented by Peter Wemm.

There were src commit bits issued for 3 new developers and 1 existing committer received extension in this quarter.

 Newcons Reboot Aleksandr Rybalko ray@FreeBSD.org

The purpose of the Newcons project is to provide a new interface for console and video output to graphic devices. This will allow simple drivers access the console and terminal mode early, and framebuffer access for xorg. Drivers will not need embedded font bitmaps, color maps, or mouse cursor bitmaps, as the whole infrastructure will be provided by the vt(4) Newcons driver.

As the project includes Kernel Mode Setting (KMS) integration, one of the goals is support for modern Xorg releases, allowing the kernel to switch back to virtual terminal mode after graphics mode or resolution used with xorg changes.

There are a lot of changes involved in the project. Main tasks include:

The first deliverables of the project, including moused(8), ukbd(4), and KMS support are expected to arrive around the middle or end of August 2013. The whole project is expected to complete in November 2013.

This project is being sponsored by The &os; Foundation.

Many thanks to Ed Schouten who started Newcons project and did most of the work.

Provide different flavors of hardware for testing the implementation. Do not hesitate to volunteer when a call for testing is announced.