Introduction:

diff --git a/en/news/status/Makefile b/en/news/status/Makefile index f6f61f46d3..5cba4d27ff 100644 --- a/en/news/status/Makefile +++ b/en/news/status/Makefile @@ -1,42 +1,43 @@ -# $FreeBSD: www/en/news/status/Makefile,v 1.20 2003/03/15 10:00:08 scottl Exp $ +# $FreeBSD: www/en/news/status/Makefile,v 1.21 2003/10/09 06:12:34 scottl Exp $ .if exists(../Makefile.conf) .include "../Makefile.conf" .endif .if exists(../Makefile.inc) .include "../Makefile.inc" .endif .SUFFIXES: .xml .html DOCS= status.sgml DATA= report-june-2001.html DATA+= report-july-2001.html DATA+= report-august-2001.html DATA+= report-september-2001.html DATA+= report-november-2001.html DATA+= report-dec-2001-jan-2002.html DATA+= report-feb-2002-apr-2002.html DATA+= report-may-2002-june-2002.html DATA+= report-july-2002-aug-2002.html DATA+= report-sept-2002-oct-2002.html DATA+= report-nov-2002-dec-2002.html DATA+= report-jan-2003-feb-2003.html DATA+= report-mar-2003-sep-2003.html +DATA+= report-oct-2003-dec-2003.html # Install a sample entry. DATA+= report-sample.xml CLEANFILES+= ${DATA:M*.html} .xml.html: report.xsl includes.xsl ${XSLTPROC} ${XSLTPROCOPTS} -o ${.TARGET} \ ${.CURDIR}/report.xsl ${.IMPSRC} .if !defined(NO_TIDY) -${TIDY} ${TIDYOPTS} ${.TARGET} .endif INDEXLINK= status.html .include "${WEB_PREFIX}/share/mk/web.site.mk" diff --git a/en/news/status/report-2003-10-2003-12.xml b/en/news/status/report-2003-10-2003-12.xml new file mode 100644 index 0000000000..8fdb72f1ee --- /dev/null +++ b/en/news/status/report-2003-10-2003-12.xml @@ -0,0 +1,1374 @@ + + + + + October-December + 2003 + + +

+ Introduction: + +

The FreeBSD status reports are back again with the 2003 year-end + edition. Many new projects are starting up and gaining momentum, + including XFS, MIPS, PowerPC, and networking locking and + mutlithreading. The end of 2003 also saw the release of FreeBSD 4.9, + the first stable release to have greater than 4GB support for the + ia32 platform. Work on FreeBSD 5.2 also finished up and was released + early in January of 2004. Many thanks to all of the people who + worked so hard on these releases and made them happen.

+ +

This is the largest status report ever, so read and enjoy!

+ +

Scott Long, Robert Watson

+ +

+ + + libarchive, bsdtar + + + + + Tim + Kientzle + + kientzle@FreeBSD.org + + + + + + + + +

The libarchive library, which reads and writes tar and cpio + archives, is about ready to commit to the tree. The bsdtar + program, built on libarchive, is also nearing completion and + should soon be a worthwhile successor to our aging GNU tar. I + plan a gradual transition during which "bsdtar" and "gtar" will + coexist in the tree.

+ +

Oddly enough, libarchive and bsdtar are the first fruits of a + project to completely rewrite the pkg tools. I've started + architecting a libpkg library for handling routine package + management and have a prototype pkg_add that is three times faster + than the current version.

+ + + + + Publications Page Update + + + + + Josef + + El-Rayes + + + josef@daemon.li + + + + + Updated Publications Page. + + + +

I did a xml/xslt conversion of the html files to make maintaining + of the page more comfortable. I removed the cdsets, which might be + kept in CVS or some kind of archive for historical reasons. The books + got an update, and were categorized in respect to the language they + are written in. As soon as I get my access on the cvs repository I + will commit the updates. People are encouraged to add local FreeBSD + books, I missed, especially in the asian area. Feel free to send me + links to books to add.

+ + + + + DVB-ASI Support + + + + + Vincent + + Jardin + + + Vincent.Jardin@6wind.com + + + + + Home page and source code + Computer Modules + + + + +

DVB ASI stands for Digital Video Broadcast - Asynchronous Serial + Interface. It is the standard defined to send and receive DVB stream + from Satellite (DVB-S), Terrestrial link (DVB-T), and TV Cable + (DVB-C). This standard was developed in Europe to transport 188-byte + MPEG cells and 204-byte MPEG cells. However it can be used to carry IP + over DVB too.

+ +

The FreeBSD driver uses the newbus amd the bus-dma API. It means that it + could be easily ported to all the BSD flavors (NetBSD, OpenBSD).

+ +

It uses the same API than the Linux DVB ASI support from + ComputerModules that is based on the following devices: +

/dev/asitxN for the transmit stream (only open, write, select, + close and ioctl are supported).
/dev/asirxN for the receive stream (only open, read, select, close + and ioctl are supported).

+ It means that software such as Videolan that support DVB-ASI + broadcasting could be supported by this driver.

+ +

Special thanks to Tom Thorsteinson from Computer Modules who helped + 6WIND to port their driver. It is used by 6WIND in order to provide + IPv4, IPv6, Ethernet and our network services over DVB.

+ +

+ + + + + FreeBSD ports monitoring system + + + + + Mark + + Linimon + + + linimon_at_lonesome_dot_com + + + + + + FreeBSD ports monitoring system + + + + +

Enhancements continue to be made to the system. Several, + including improvements to the PR classification algorithm, the + ability to more correctly guess when a PR has been updated, and + better handling of errors in both port Makefiles and the bento + builds, are invisible to end-users. However, the addition of + a "repocopy" classification is notable, as is the allowing the + wildcard search in "overview of one port" (thanks to edwin@ for + the shove in that direction.) Additionally, logic has been + added to identify the proposed category/portname of new ports, + with the goal being to quickly identify possible duplications + of effort. (Some SQL performance was sacrificed to this goal, + leading to some pages to load more slowly; this needs to be + fixed.)

+ +

The other work has been on an email back-end to allow the + occasional sending of email to maintainers. Two functions are + currently available: "remind maintainers of their ports that + are marked BROKEN", and "remind maintainers of PRs that they + may not have seen." A recent run of the former got generally + good response, especially as changing some cases of BROKEN to + IGNORE (PR ports/61090) had removed almost all the annoying + false positives. However, work remains to try to find out why + a few allegedly broken ports only fail in certain environments + (including the bento cluster).

+ +

The next plan is to use the proposed DEPRECATED Makevar (see + ports/59362) to create a new report to allow querying of "ports + currently slated to be removed". This report could also be + posted to ports@ periodically with minimal work. The author + believes that doing this would allow the port deprecation process + to be much more visible to the general FreeBSD user community.

+ + + + + Compile FreeBSD with Intels C compiler (icc) + + + + + Alexander + + Leidinger + + + netchild@FreeBSD.org + + + + + Some patches. + + + +

The FreeBSD kernel now builds and runs fine with icc v7 (only GENERIC + and a custom kernel tested so far). A review on arch@ revealed no + major concerns and some src committers are willing to commit the + patches. As icc v8 is out and defines __GNUC__ I want to rework the + patches before they get committed so an icc v8 compiled kernel DTRT + too.

A complete build of the ports collection (as of start of December) + finished and is under review to determine the reason of build + failures. Current icc stats: +

1108 failed builds (excluding build failures because of failed + dependencies)
3535 successfully build packages (~ 1.7 GB)

+ A parallel build with gcc on the same snapshot of the + ports collection has: +

520 failed builds (excluding build failures because of failed + dependencies) and
7261 successfully build packages (~ 4.8 GB).

The above mentioned build of the ports collection was run on a P4 + with a icc compiled kernel (optimized for a P4). No kernel panics or + other strange behavior was noticed. The ports collection was build + with a CPUTYPE of p4 and CFLAGS set to "-Os -pipe -mfpmath=sse -msse2" + in the gcc and "-O2" in the icc case. No package is tested for correct + run-time behavior so far.

+ + + + + + Porting OpenBSD's pf + + + + + Max + Laier + + max@love2party.net + + + + Pyun + YongHyeon + + yongari@kt-is.co.kr + + + + + + PF homepage + PF FAQ + + + +

Much work has been invested into getting release 2.00 stable. It + provides the complete OpenBSD 3.4 function set, as well as fine + grained locking to work with a giant free network stack.

pf provides: IPv6 filtering and normalization, "syn-proxy" + to protect (web)server against SYN-floods, passive OS detection, fast + and modular address tables, source/policy routing, stateful filter and + normalization engine, structured rulesets via anchors and many many + more. Especially in connection with ALTQ, pf can help to harden + against various flood attacks and improve user experience.

New features from OpenBSD-Current like: state synchronization over wire + and enhanced support for cloned interfaces require patches to the + kernel. We are trying to resolve this issue and start + OpenBSD-Current tracking again as soon as possible.

+ + + + + Binary security updates for FreeBSD + + + + + Colin + + Percival + + + cperciva@daemonology.net + + + + + + + + +

Thanks to recent donations, I am now building binary security + updates for FreeBSD {4.7, 4.8, 4.9, 5.0, 5.1, 5.2}-RELEASE. + (Note that FreeBSD 4.7 and 5.0 are no longer officially + supported; any advisories which are not reflected in the CVS + tree will likewise not result in binary updates.)

+ +

The current version (1.5) of FreeBSD Update will warn about + locally modified files and will, by default, leave them + untouched; if a "distribution branch", (i.e. crypto, nocrypto, + krb4, or krb5) is specified, FreeBSD Update can be forced to + "update" files which have been compiled locally.

+ +

The only major issue remaining with FreeBSD Update is the + single-point-of-failure of the update building process; I + would like to resolve this in the future by having several + machines cross-verify and cross-sign, but this will require + a significant investment of time, and will probably have to + wait until I've finished writing my DPhil thesis.

+ + + + + SGI XFS port for FreeBSD + + + + + Alexander + + Kabaev + + + kan@FreeBSD.org + + + + Russell + + Cattelan + + + cattelan@thebarn.com + + + + +

A project was started to revive a stalled effort to port SGI XFS + journaling filesystem to FreeBSD. The project is based on Linux + development sources from SGI and is currently being kept in a + private Perforce repository. The work is progressing slowly due + to lack of free time. At the moment we have XFS kernel module + which is capable of mounting XFS filesystems read-only, with a + panic or two happening infrequently, that need to be isolated and + fixed. Semi-working metadata updates with full transaction support + are there too, but will probably have to be rewritten to minimize + the amount of custom kernel changes required.

+ +

We seek volunteers to help with userland part of the port. Namely, + existing xfsprogs port needs to be cleaned up, incompletely ported + utilities brought into a working shape. xfs_dump/xfs_restore and + as much from xfstests suite as possible need to be ported too. We do + not need testers for now, so please to not ask for module sources + just yet.

+ + + + + + + Bluetooth stack for FreeBSD (Netgraph implementation) + + + + + + + Maksim + + + + Yevmenkin + + + + + m_evmenkin@yahoo.com + + + + + +

Not much to report. Bluetooth code was integrated into the FreeBSD + source tree. Bluetooth kernel modules appear to be stable. I have + received few success stories from the users.

+ +

During last few months the efforts were to make Bluetooth code + more user friendly. Bluetooth Service Discovery Procotol daemon + sdpd was reimplemented under BSD-style license and committed. The + next step is to integrate existing Bluetooth utilities with SDP.

+ +

Thanks to Matt Peterson matt at peterson dot org> I now have + Bluetooth keyboard and mouse for development. I'm currently + working on Bluetooth HID profile implementation.

+ +

Dave Sainty (dave at dtsp dot co dot nz) from NetBSD project + offered his help in porting Bluetooth stack to NetBSD.

+ + + + + Network interface naming changes + + + + + Brooks + + Davis + + + brooks@FreeBSD.org + + + + +

At the end of October, the if_name and if_unit members of struct + ifnet were replaced with if_xname from NetBSD and if_dname and + if_dunit. These represent the name of the interface and the + driver name and instance of the interface respectively. Other then + breaking IPFilter for a few weeks due to the userland being on the + vendor branch, this change went quite well. A few ports needed + minor changes, but otherwise nothing changed from the user + perspective.

+ +

The purpose of this change was the lay the groundwork for support + for network interface renaming and to allow the implementation of + more interesting pseudo interface cloning support. An example of + interesting cloning support would be using "ifconfig fxp0.20 + create" to create and configure a vlan interface on fxp0 that + handled frames marked with the tag 20. Interface + renaming is being worked on in Perforce at the moment with a + working version expected for review soon. Support for enhanced + device cloning is still in the planing stage.

+ + + + + Kernel Tunables Documentation Project + + + + Tom + Rhodes + + trhodes@FreeBSD.org + + + + + + The problem report which kicked this project in action. + + + +

FreeBSD has well over a few hundred tunables without + documentation. This project aims at designing an + automated process to rip all available tunables and generate + a manual page based on the selected kernel options. + The ideal implementation, however; would gather tunables + from the LINT kernels as well. This would provide a + default manual page for all supported architectures. + A simple tool has been forged from the various off-list + and on-list discussions and is waiting review from the + -doc team. Anyone interesting in reviewing my current + work is requested to get in contact with me.

+ + + + + jpman project + + + + + Kazuo + Horikawa + + + horikawa@FreeBSD.org + + + + + jpman project + + + +

We have been updating existing Japanese translations + of manual pages to meet the 5.2-RELEASE schedule. + Also, 22 new translations were complete during this period.

+ + + + + FreeBSD MIDI + + + + + Mathew + + Kanner + + + matk@FreeBSD.org + + + + +

This project aims to update the current MIDI implementation. We + are currently looking at removing the current code sometime in + February and importing the new version soon after. I'm currently + working on a kernel/timidiy bridge for those without external + hardware.

+ + + + + + The FreeBSD Russian Documentation Project + + + + + Andrey + + Zakhvatov + + + andy@FreeBSD.org + + + + + The FreeBSD Project [Russian]. + + + +

The FreeBSD Russian Documentation Project aims to provide FreeBSD + Documentation translated to Russian. Already done: FAQ, Porters + Handbook, WWW (partially synched with English version), some + articles.

+ +

We working at Handbook (and more docs) translation and synchronization + with English versions and need more translators (or financial aid to + continue our work. If you can help, please, contact us at + ru-cvs-committers@FreeBSD.org.ua (or andy@FreeBSD.org).

+ + + + + KSE + + + + + Daniel + + Eischen + + + deischen@FreeBSD.org + + + + +

The libkse library will shortly be renamed to libpthread and + be made the default thread library. This includes making the + GCC -pthread option link to -lpthread instead of libc_r and + changing PTHREAD_LIBS to -lpthread. David Xu has been working + on GDB support and has it working with the GDB currently in our + tree. The next step is to make a libpthread_db and get it working + with GDB 6.0 which marcel has imported into the perforce tree.

+ + + + + Donations Team + + + + + Michael + + Lucas + + + donations@FreeBSD.org + + + + + FreeBSD Donations Project. + + + +

2003 was quite successful for the Donations team. We + shepherded over 200 items from donors into the hands of + developers. Some high points include: a small cluster for the + security team, assorted laptop hardware for our cardbus work, + and documentation for our standards group. In the main FreeBSD.org + cluster we were able to replace 8 DEC Miata machines with 6 + Alpha DS10s (21264). Every committer doing SMP work now has + multi-processor testing hardware.

+ +

We have smoothed out the tax deduction process with the FreeBSD + Foundation, and can ship donated items directly to the + recipients instead of tying up Foundation time handling + shipping.

+ +

Current team membership is: Michael Lucas, David O'Brien, and + Tom Rhodes. Wilko Bulte has replaced Robert Watson as the Core + Team representative.

+ + + + + ACPI + + + + + Nate + + Lawson + + + njl@FreeBSD.org + + + + + ACPI TODO + + ACPI-JP Mailing List + + + + + +

The updated acpi_cpu driver was committed in November. Work is + ongoing to finish support for _CST re-evaluation, which makes it + possible for laptops based on processors like the Centrino to use + varying CPU idle states when on or off AC power. 5.2-RELEASE also + went out with support for _CID packages, which fixed mouse probing + for Compaq users. Control of CPU idle states and throttling can + now be done through rc.conf(5) settings for the /etc/power_profile + script, which switches between performance/economy levels when + the AC status changes.

+ +

One huge task underway is the cpufreq project, a framework for + detecting and controlling various frequency/voltage technologies + (SpeedStep, LongRun, ACPI Performance states, etc.) The ACPI + performance states driver is working and the framework is being + implemented. It requires newbus attachments for CPUs so some + ground work needs to go in before the driver can be committed.

+ +

ACPI-CA was updated to 20031203 in early December and with a few + patches is reasonably stable. An ACPI debugging how-to has been + written and is being DocBooked by trhodes@. Ongoing work on fixing + interrupt storms due to various ways of setting up the SCI + is being done by jhb@.

+ +

I'd like to welcome Philip Paeps (philip@) to the FreeBSD team. + Philip has written an ACPI ASUS driver that will be committed soon + and has been very helpful on the mailing lists. We've also had + a lot of help from jhb@, marcel@, imp@, and peter@. We're hoping + to see the return of takawata@ and iwasaki@, who have been very + helpful in the past. + If any developers are interested in assisting with ACPI, please + see the ACPI TODO and send us an email.

+ + + + + kgi4BSD Status Report + + + + + Nicholas + + Souchu + + + nsouch@FreeBSD.org + + + + + + + + + +

Most of the console blocks are in place with nice results + (see screenshots on the site). Boot console and virtual + terminals are working with 8bit rendering and perfect integration + of true graphic drivers in the kernel.

+ +

Now it is time to bring it to end user and a precompiled R5.2 GENERIC + kernel is available for this (see the site news). In parallel, + after providing a last tarball/patch for R5.2, everything will + move to Perforce.

+ +

As always, volunteers are welcome. The task is huge but very + exciting.

+ + + + + FreeBSD/powerpc on PPCBug-based embedded boards + + + + + Rafal + + Jaworowski + + + rafal.jaworowski@motorola.com + + + + + Description + here. + + + + + +

The direct objective is to make FreeBSD/powerpc work on Motorola + MCP750 and similar (single board computer that is compliant with + Compact PCI standard) Based on this work it would be easy to bring it + to other embedded systems.

+ +

1. loader(8) It is based on the existing loader for FreeBSD/powerpc + port but binding to OpenFirmware was removed and replaced with PPCBug + firmware binding. It only supports netbooting for the moment, so disk + (compact flash) support needs to be done one day. The loader is the + only piece that relies onPPCBug system calls - once the kernel starts + it doesn't need firmware support any longer.

+ +

2. kernel It is now divorced from OpenFirmware dependencies; most of + the groundwork finished includes: nexus stuff is sorted out (resources + management is ok except interrupts assignment); host to PCI bridge low + level routines are finished so configuration of and access to PCI + devices works; the only important thing missing is the IRQ management + (Raven MPIC part is done, but the board has the second PIC, + 8259-compatible that needs to be set up, but here the existing code + from x86 arch will be adopted)

+ +

Once the IRQ management is cleared out, most of the devices on board + would work straight away since they are pretty standard chips with + drivers already implemented in the tree (e.g. if_de).

+ +

At the moment work is on hold (don't have physical access to the + device) but will resume when I'm back home (late Feb)

+ + + + + + TrustedBSD Mandatory Access Control (MAC) + + + + + Robert + + Watson + + + rwatson@FreeBSD.org + + + + + TrustedBSD Discussion Mailing List + + + trustedbsd-discuss@TrustedBSD.org + + + + + TrustedBSD MAC + page. + + + +

The TrustedBSD Mandatory Access Control (MAC) Framework + permits the FreeBSD kernel and userspace access control + policies to be adapted at compile-time, boot-time, or + run-time. The MAC Framework provides common infrastructure + components, such as policy-agnostic labeling, making it + possible to easily development and distribute new access + control policy modules. Sample modules include Biba, MLS, + and Type Enforcement, as well as a variety of system + hardening polices.

+ +

TrustedBSD MAC development branch in Perforce integrated + to 5.2-RELEASE.

+ +

The TrustedBSD MAC Framework now enforces protections on System + V IPC objects and methods. Shared memory, semaphores, and + message queues are labeled, and most operations are controlled. + The Biba, MLS, Test, and Stub policies have been updated for + System V IPC. (Not yet merged)

+ +

The TrustedBSD MAC Framework now enforces protections on POSIX + semaphore objects and methods. The Biba, MLS, Test, and Stub + policies have been updated. (Not yet merged)

+ +

The TrustedBSD MAC Framework's central kernel implementation + previously existed in one large file, src/sys/kern/kern_mac.c. + It is now broken out into a series of by-service files in + src/sys/security/mac. src/sys/security/mac/mac_internal.h + specifies APIs, structures, and variables used internally + across the different parts of the framework. System calls + and registration still occur in kern_mac.c. This permits + more easy maintenance of locally added object types. (Merged)

+ +

Break out mac_policy_list into two different lists, one to + hold "static" policy modules -- ones loaded prior to kernel + initialization, and that may not be loaded, and one for + "dynamic" policy modules -- that are either loaded later in + boot, or may be unloaded. Perform less synchronization when + using static modules only, reducing overhead for entering + the framework when not using dynamic modules. (Merged)

+ +

Introduced a kernel option, MAC_STATIC, which permits only + statically registered policy modules to be loaded at boot + or compiled into the kernel. When running with MAC_STATIC, + no internal synchronization is required in the MAC Framework, + lowering the cost of MAC Framework entry points. (Not yet + merged)

+ +

Make mac.h userland API definition C++-happy. (Merged)

+ +

Created mac_support.4, a declaration of what kernel and + userspace features are (and aren't) supported with MAC. + (Not yet merged)

+ +

Stale SEBSD module deleted from MAC branch; SEBSD module will + solely be developed in the SEBSD branch from now on. See + the TrustedBSD SEBSD report for more detail.

+ +

Use only pointers to 'struct label' in various kernel objects + outside the MAC Framework, and use a zone allocator to allocate + label storage. This permits label structures to have their + size changed more easily without changing the normal kernel + ABI. This also lowers the non-MAC memory overhead for base + kernel structures. This also simplifies handling and storage + of labels in some of the edge cases where labels are exposed + outside of the Framework, such as in execve(). Include files + outside of the Framework are substantially simplified and now + frequently no longer require _label.h. (Merged)

+ +

Giant pushed down into the MAC Framework in a number of MAC + related system calls, as it is not required for almost all + of the MAC Framework. The exceptions are areas where the + Framework interacts with pieces of the kernel still covered + by MAC and relies on Giant to protect label storage in those + structures. However, even in those cases, we can push Giant + in quite a bit past label internalization/externalization/ + storage allocation/deallocation. This substantially simplifies + file descriptor-based MAC label system calls. (Merged)

+ +

Remove unneeded mpo_destroy methods for Biba, LOMAC, and MLS + since they cannot be unloaded. (Merged)

+ +

Biba and MLS now use UMA zones for label allocation, which + improves storage efficiency and enhances performance. (Merged)

+ +

Bug fix for mac_prepare_type() to better support arbitrary + object label definitions in /etc/mac.conf. (Merged)

+ +

Labels added to 'struct inpcb', which represents TCP and UDP + connections at the network layer. These labels cache socket + labels at the application layer so that the labels may be + accessed without application layer socket locks. When a label + is changed on the socket, it is pushed down to the network + layer through additional entry points. Biba, MLS policies + updated to reflect this change. (Merged)

+ +

SO_PEERLABEL socket option fixed so that peer socket labels + may be retrieved. (Merged)

+ +

mac_get_fd() learns to retrieve local socket labels, providing + a simpler API than SO_LABEL with getsockopt(). mac_set_fd() + learns about local socket labels, providing a simpler API than + SO_LABEL with setsockopt(). This also improves the ABI by not + embedding a struct label in the socket option arguments, instead + using the copyin/copyout routine for labels used for other object + types. (Merged)

+ +

Some function names simplified relating to socket options. + (Merged)

+ +

Library call mac_get_peer() implemented in terms of getsockopt() + with SO_PEERLABEL to improve API/ABI for networked applications + that speak MAC. (Merged)

+ +

mac_create_cred() renamed to mac_cred_copy(), similar to other + label copying methods, allowing policies to implement all the + label copying method with a single function, if desired. This + also provides a better semantic match for the crdup() behavior. + (Merged)

+ +

Support "id -M", similar to Trusted IRIX. (Not yet merged)

+ +

TCP now uses the inpcb label when responding in timed wait, + avoiding reaching up to the socket layer for label information + in otherwise network-centric code.

+ +

Numerous bug fixes, including assertion fixes in the MAC + test policy relating to execution and relabeling. (Merged)

+ + + + + TrustedBSD Access Control Lists (ACLs) + + + + + Robert + + Watson + + + rwatson@FreeBSD.org + + + + + TrustedBSD Discussion Mailing List + + + + trustedbsd-discuss@TrustedBSD.org + + + + + TrustedBSD + ACLs page. + + + +

TrustedBSD Access Control Lists (ACLs) provide extended + discretionary access control support for the UFS and UFS2 + file systems on FreeBSD. They implement POSIX.1e ACLs with + some extensions, and meet the Common Criteria CAPP + requirements. Most ACL-related work is complete, with + remaining tasks associated with userspace integration, third + party applications, and compatibility

+ +

Prototyped Solaris/Linux semantics for combining ACLs and + the umask: if an default ACL mask is defined, substitute that + mask for the umask, permitting ACLs to override umasks. (Not + merged)

+ + + + + TrustedBSD "Security-Enhanced BSD" -- FLASK/TE Port + + + + + Robert + + Watson + + + rwatson@FreeBSD.org + + + + + TrustedBSD Discussion Mailing List + + + trustedbsd-discuss@TrustedBSD.org + + + + + TrustedBSD + SEBSD page. + + + +

TrustedBSD "Security-Enhanced BSD" (SEBSD) is a port of NSA's + SELinux FLASK security architecture, Type Enforcement (TE) + policy engine and language, and sample policy to FreeBSD using + the TrustedBSD MAC Framework. SEBSD is available as a loadable + policy module for the MAC Framework, along with a set of + userspace extensions support security-extended labeling calls. + In most cases, existing MAC Framework functions provide the + necessary abstractions for SEBSD to plug in without SEBSD-specific + changes, but some extensions to the MAC Framework have been + required; these changes are developed in the SEBSD development + branch, then merged to the MAC branch as they mature, and then + to the FreeBSD development tree.

+ +

Unlike other MAC Framework policy modules, the SEBSD module + falls under the GPL, as it is derived from NSA's + implementation. However, the eventual goal is to support + plugging SEBSD into a base FreeBSD install without any + modifications to FreeBSD itself.

+ +

TrustedBSD SEBSD development branch in Perforce integrated + to 5.2-RELEASE. Other changes in the MAC branch, including + restructuring of MAC Framework files also integrated, and a + move to zone allocation for labels. See the TrustedBSD MAC + Framework report for more detail on these and other MAC + changes that also affect the SEBSD work.

+ +

FreeBSD PTY code modified so that the MAC Framework and SEBSD + module can create pty's with the label of the process trying + to access them. Improves compatibility with the SELinux + sample policy. (Not yet merged)

+ +

SEBSD now loads its initial policy in the boot loader rather + than using a dummy policy until the root file system is + mounted, and then loading it using VFS operations. This + avoids initial labeling and access control conditions during + the boot.

+ +

security_load_policy() now passes a memory buffer and length + to the kernel, permitting the policy reload mechanisms to + be shared between the early boot load and late reloads. The + kernel SEBSD code now no longer needs to perform direct file + I/O relating to reading the policy. checkpolicy now mmap's + the policy before making the system call.

+ +

SEBSD now enforces protections on System V IPC objects and + methods. Shared memory, semaphores, and message queues are + labeled, and most operations are controlled. The sample + policy has been updated.

+ +

The TrustedBSD MAC Framework now controls mount, umount, and + remount operations. A new MAC system call, mac_get_fs() can + be used to query the mountpoint label. lmount() system call + allows a mount label to be explicitly specified at mount + time. The SEBSD policy module has been updated to reflect + this functionality, and sample TE policy has been updated. + (Not yet merged)

+ +

SEBSD now enforces protections on POSIX semaphores; the sample + policy has been updated to demonstrate how to label and control + sempahores. This includes sample rules for PostgreSQL.

+ +

The SEBSD sample policy, policy syntax, and policy tools have + been updated to the SELinux code drop from August. Bmake these + pieces so we don't need gmake.

+ +

Provide file ioctl() MAC Framework entry point and SEBSD + implementation.

+ +

A large number of sample policy tweaks and fixes. The policy + has been updated to permit cron to operate properly. It has + been updated for FreeBSD 5.2 changes, including dynamically + linked root. Teach the sample policy about FreeBSD's sendmail + wrapper.

+ +

Adapt sysinstall and install process for SEBSD pieces. Teach + sysinstall, newfs, et al, about multilabel file systems, install + SEBSD sample policy pieces, build policy. Automatically load + the SEBSD module on first boot after install.

+ +

Allow "ls -Z" to print out labels without long format.

+ + + + + TrustedBSD Audit + + + + + Robert + + Watson + + + rwatson@FreeBSD.org + + + + + TrustedBSD Audit Discussion List + + + trustedbsd-audit@TrustedBSD.org + + + + + TrustedBSD + Audit Page. + + + + + + +

The TrustedBSD Project is producing an implementation of CAPP + compliant Audit support for use with FreeBSD. Little progress + was made on this implementation between October and December + other than an update to the existing development tree. However, + in January, work began on porting the Darwin Audit + implementation to FreeBSD. Details on this work will appear in + the next report; more information is available on the TrustedBSD + audit discussion list. Perforce messages may be seen on the + trustedbsd-cvs mailing list.

+ + + + + + TrustedBSD Documentation + + + + + Robert + + Watson + + + rwatson@FreeBSD.org + + + + + TrustedBSD Discussion Mailing List + + + + trustedbsd-discuss@TrustedBSD.org + + + + + TrustedBSD + Documentation Page. + + + + +

The TrustedBSD Project is implementing many new features + for the FreeBSD Project. It also provides documentation for + users, administrators, and developers.

+ +

mac_support.4 added -- documents TrustedBSD MAC Framework + feature compatibility. See also the MAC Framework report.

+ +

FreeBSD security architecture updated and corrections/additions + made.

+ +

A variety of documentation updates relating to API changes, + including the socket-related API changes in libc/mac(3).

+ + + + + FreeBSD/MIPS Status Report + + + + + Juli + + Mallett + + + jmallett@FreeBSD.org + + + + + + + + +

TLB support code and PMAP have come along nicely. GCC and related + have been kept up to date with the main tree. An evaluation board + from Broadcom was donated and initial work on that platform has been + occurring. Much old and obsolete code brought from NetBSD for + bootstrapping the effort has been cleaned up. The system has been + seen to get to the point of trying to initialize filesystems, but + there are still bugs even before that milestone.

+ + + + + AGP 3.0 Support + + + + + John + + Baldwin + + + jhb@FreeBSD.org + + + + +

Simple support AGP 3.0 including support for AGP 8x mode was + added. The support is simple in that it still assumes only one + master and one target. The main gain is the ability to use AGP + 8x with drm modules that support it.

+ + + + + Network Subsystem Locking and Performance + + + + + Sam + + Leffler + + + sam@FreeBSD.org + + + + +

The purpose of this project is to improve performance of the network + subsystem. A major part of this work is to complete the locking of + the networking subsystem so that it no longer depends on the "Giant + lock" for proper operation. Removing the use of Giant will improve + performance and permit multiple instances of the network stack to + operate concurrently on multiprocessor systems.

+ +

Locking of the network subsystem is largely complete. Network + drivers, middleware layers (e.g. ipfw, dummynet, bridge, etc.), the + routing tables, IPv4. NFS, and sockets are locked and operating + without the use of Giant. Much of this work was included in the 5.2 + release, but not enabled by default. The remaining work (mostly + locking of the socket layer) will be committed to CVS as soon as we + can resolve how to handle "legacy protocols" (i.e. those protocols + that are not locked). The code can be obtained now from the Perforce + database. A variety of test and production systems have been running + this code for several months without any obvious issues.

+ +

Performance analysis and tuning is ongoing. Initial results indicate + SMP performance is already better than 4.x systems but UP performance + is still lagging (though improved over -current). The removal of Giant + from the network subsystem has reduced contention on Giant and + highlighted performance bottlenecks in other parts of the system.

+ +

This work was supported by the FreeBSD Foundation.

+ + + + + Wireless Networking Support + + + + + Sam + + Leffler + + + sam@FreeBSD.org + + + + +

Work to merge the NetBSD and MADWIFI code bases is almost complete. + This brings in new features and improves sharing which will enable + future development. Support was added for 802.1x client + authentication (using the open1x xsupplicant program) and for shared + key authentication (both client and AP) which improves interopability + with systems like OS X. The awi driver was updated to use the common + 802.11 layer and the Atheros driver received extensive work to support + hardware multi-rate retry. Kismet now works with the + device-independent radiotap capture format. All of this work is still + in Perforce but should be committed to CVS soon.

+ +

Work has begun on full 802.1x and WPA support.

+ + + + + + SMPng Status Report + + + + + John + + Baldwin + + + jhb@FreeBSD.org + + + + smp@FreeBSD.org + + + + + + + + +

Work is progressing on SMPng on several different fronts. Sam + Leffler and several other folks have been working on locking the + network stack as mentioned elsewhere in this update. Several + infrastructure improvements have been made in the past few months + as well.

+ +

The low-level interrupt code for the i386 architecture has been + redesigned to allow for a runtime selection between different types + of interrupt controllers. This work allows the Advanced Programmable + Interrupt Controllers (APICs) to be used instead of the AT 8259A PIC + without having to compile a separate kernel to do so. It also allows + the APIC to be used in a UP kernel as well as on a UP box. Together, + all these changes allow an SMP kernel to work on a UP box and thus + allowed SMP to be enabled in GENERIC as it already is on all of the + other supported architectures. This work also reworked the APIC + support to correctly route PCI interrupts when using an APIC to + service device interrupts. This work was also used to add SMP support + to the amd64 port.

+ +

A turnstile implementation was committed that implemented a queue + of threads blocked on a resource along with priority inheritance of + blocked threads to the owner of the resource. Turnstiles were then + used to replace the thread queue built into each mutex object which + shrunk the size of each mutex as well as reduced the use of the + sched_lock spin mutex.

+ + + diff --git a/en/news/status/report-oct-2003-dec-2003.xml b/en/news/status/report-oct-2003-dec-2003.xml new file mode 100644 index 0000000000..8fdb72f1ee --- /dev/null +++ b/en/news/status/report-oct-2003-dec-2003.xml @@ -0,0 +1,1374 @@ + + + + + October-December + 2003 + + +

+ Introduction: + +

+ +

This is the largest status report ever, so read and enjoy!

+ +

Scott Long, Robert Watson

+ +

+ + + libarchive, bsdtar + + + + + Tim + Kientzle + + kientzle@FreeBSD.org + + + + + + + + +

+ +

+ + + + + Publications Page Update + + + + + Josef + + El-Rayes + + + josef@daemon.li + + + + + Updated Publications Page. + + + +

+ + + + + DVB-ASI Support + + + + + Vincent + + Jardin + + + Vincent.Jardin@6wind.com + + + + + Home page and source code + Computer Modules + + + + +

+ +

The FreeBSD driver uses the newbus amd the bus-dma API. It means that it + could be easily ported to all the BSD flavors (NetBSD, OpenBSD).

+ +

It uses the same API than the Linux DVB ASI support from + ComputerModules that is based on the following devices: +

/dev/asitxN for the transmit stream (only open, write, select, + close and ioctl are supported).
/dev/asirxN for the receive stream (only open, read, select, close + and ioctl are supported).

+ It means that software such as Videolan that support DVB-ASI + broadcasting could be supported by this driver.

+ +

Special thanks to Tom Thorsteinson from Computer Modules who helped + 6WIND to port their driver. It is used by 6WIND in order to provide + IPv4, IPv6, Ethernet and our network services over DVB.

+ +

+ + + + + FreeBSD ports monitoring system + + + + + Mark + + Linimon + + + linimon_at_lonesome_dot_com + + + + + + FreeBSD ports monitoring system + + + + +

+ +

+ + + + + Compile FreeBSD with Intels C compiler (icc) + + + + + Alexander + + Leidinger + + + netchild@FreeBSD.org + + + + + Some patches. + + + +

A complete build of the ports collection (as of start of December) + finished and is under review to determine the reason of build + failures. Current icc stats: +

1108 failed builds (excluding build failures because of failed + dependencies)
3535 successfully build packages (~ 1.7 GB)

+ A parallel build with gcc on the same snapshot of the + ports collection has: +

520 failed builds (excluding build failures because of failed + dependencies) and
7261 successfully build packages (~ 4.8 GB).

+ + + + + + Porting OpenBSD's pf + + + + + Max + Laier + + max@love2party.net + + + + Pyun + YongHyeon + + yongari@kt-is.co.kr + + + + + + PF homepage + PF FAQ + + + +

Much work has been invested into getting release 2.00 stable. It + provides the complete OpenBSD 3.4 function set, as well as fine + grained locking to work with a giant free network stack.

+ + + + + Binary security updates for FreeBSD + + + + + Colin + + Percival + + + cperciva@daemonology.net + + + + + + + + +

+ +

+ + + + + SGI XFS port for FreeBSD + + + + + Alexander + + Kabaev + + + kan@FreeBSD.org + + + + Russell + + Cattelan + + + cattelan@thebarn.com + + + + +

+ +

+ + + + + + + Bluetooth stack for FreeBSD (Netgraph implementation) + + + + + + + Maksim + + + + Yevmenkin + + + + + m_evmenkin@yahoo.com + + + + + +

Not much to report. Bluetooth code was integrated into the FreeBSD + source tree. Bluetooth kernel modules appear to be stable. I have + received few success stories from the users.

+ +

Thanks to Matt Peterson matt at peterson dot org> I now have + Bluetooth keyboard and mouse for development. I'm currently + working on Bluetooth HID profile implementation.

+ +

Dave Sainty (dave at dtsp dot co dot nz) from NetBSD project + offered his help in porting Bluetooth stack to NetBSD.

+ + + + + Network interface naming changes + + + + + Brooks + + Davis + + + brooks@FreeBSD.org + + + + +

+ +

+ + + + + Kernel Tunables Documentation Project + + + + Tom + Rhodes + + trhodes@FreeBSD.org + + + + + + The problem report which kicked this project in action. + + + +

+ + + + + jpman project + + + + + Kazuo + Horikawa + + + horikawa@FreeBSD.org + + + + + jpman project + + + +

We have been updating existing Japanese translations + of manual pages to meet the 5.2-RELEASE schedule. + Also, 22 new translations were complete during this period.

+ + + + + FreeBSD MIDI + + + + + Mathew + + Kanner + + + matk@FreeBSD.org + + + + +

+ + + + + + The FreeBSD Russian Documentation Project + + + + + Andrey + + Zakhvatov + + + andy@FreeBSD.org + + + + + The FreeBSD Project [Russian]. + + + +

+ +

+ + + + + KSE + + + + + Daniel + + Eischen + + + deischen@FreeBSD.org + + + + +

+ + + + + Donations Team + + + + + Michael + + Lucas + + + donations@FreeBSD.org + + + + + FreeBSD Donations Project. + + + +

+ +

We have smoothed out the tax deduction process with the FreeBSD + Foundation, and can ship donated items directly to the + recipients instead of tying up Foundation time handling + shipping.

+ +

Current team membership is: Michael Lucas, David O'Brien, and + Tom Rhodes. Wilko Bulte has replaced Robert Watson as the Core + Team representative.

+ + + + + ACPI + + + + + Nate + + Lawson + + + njl@FreeBSD.org + + + + + ACPI TODO + + ACPI-JP Mailing List + + + + + +

+ +

+ + + + + kgi4BSD Status Report + + + + + Nicholas + + Souchu + + + nsouch@FreeBSD.org + + + + + + + + + +

+ +

As always, volunteers are welcome. The task is huge but very + exciting.

+ + + + + FreeBSD/powerpc on PPCBug-based embedded boards + + + + + Rafal + + Jaworowski + + + rafal.jaworowski@motorola.com + + + + + Description + here. + + + + + +

+ +

Once the IRQ management is cleared out, most of the devices on board + would work straight away since they are pretty standard chips with + drivers already implemented in the tree (e.g. if_de).

+ +

At the moment work is on hold (don't have physical access to the + device) but will resume when I'm back home (late Feb)

+ +

TrustedBSD MAC development branch in Perforce integrated + to 5.2-RELEASE.

+ +

The TrustedBSD MAC Framework now enforces protections on POSIX + semaphore objects and methods. The Biba, MLS, Test, and Stub + policies have been updated. (Not yet merged)

+ +

Make mac.h userland API definition C++-happy. (Merged)

+ +

Created mac_support.4, a declaration of what kernel and + userspace features are (and aren't) supported with MAC. + (Not yet merged)

+ +

Stale SEBSD module deleted from MAC branch; SEBSD module will + solely be developed in the SEBSD branch from now on. See + the TrustedBSD SEBSD report for more detail.

+ +

Remove unneeded mpo_destroy methods for Biba, LOMAC, and MLS + since they cannot be unloaded. (Merged)

+ +

Biba and MLS now use UMA zones for label allocation, which + improves storage efficiency and enhances performance. (Merged)

+ +

Bug fix for mac_prepare_type() to better support arbitrary + object label definitions in /etc/mac.conf. (Merged)

+ +

SO_PEERLABEL socket option fixed so that peer socket labels + may be retrieved. (Merged)

+ +

Some function names simplified relating to socket options. + (Merged)

+ +

Library call mac_get_peer() implemented in terms of getsockopt() + with SO_PEERLABEL to improve API/ABI for networked applications + that speak MAC. (Merged)

+ +

Support "id -M", similar to Trusted IRIX. (Not yet merged)

+ +

TCP now uses the inpcb label when responding in timed wait, + avoiding reaching up to the socket layer for label information + in otherwise network-centric code.

+ +

Numerous bug fixes, including assertion fixes in the MAC + test policy relating to execution and relabeling. (Merged)

+ +

Prototyped Solaris/Linux semantics for combining ACLs and + the umask: if an default ACL mask is defined, substitute that + mask for the umask, permitting ACLs to override umasks. (Not + merged)

+ +

SEBSD now enforces protections on POSIX semaphores; the sample + policy has been updated to demonstrate how to label and control + sempahores. This includes sample rules for PostgreSQL.

+ +

The SEBSD sample policy, policy syntax, and policy tools have + been updated to the SELinux code drop from August. Bmake these + pieces so we don't need gmake.

+ +

Provide file ioctl() MAC Framework entry point and SEBSD + implementation.

+ +

Allow "ls -Z" to print out labels without long format.

The TrustedBSD Project is implementing many new features + for the FreeBSD Project. It also provides documentation for + users, administrators, and developers.

+ +

mac_support.4 added -- documents TrustedBSD MAC Framework + feature compatibility. See also the MAC Framework report.

+ +

FreeBSD security architecture updated and corrections/additions + made.

+ +

A variety of documentation updates relating to API changes, + including the socket-related API changes in libc/mac(3).

+ + + + + FreeBSD/MIPS Status Report + + + + + Juli + + Mallett + + + jmallett@FreeBSD.org + + + + + + + + +

+ + + + + AGP 3.0 Support + + + + + John + + Baldwin + + + jhb@FreeBSD.org + + + + +

+ + + + + Network Subsystem Locking and Performance + + + + + Sam + + Leffler + + + sam@FreeBSD.org + + + + +

+ +

This work was supported by the FreeBSD Foundation.

+ + + + + Wireless Networking Support + + + + + Sam + + Leffler + + + sam@FreeBSD.org + + + + +

+ +

Work has begun on full 802.1x and WPA support.

+ + + + + + SMPng Status Report + + + + + John + + Baldwin + + + jhb@FreeBSD.org + + + + smp@FreeBSD.org + + + + + + + + +

+ +

+ + + diff --git a/en/news/status/status.sgml b/en/news/status/status.sgml index aab5cbc608..cb670762cf 100644 --- a/en/news/status/status.sgml +++ b/en/news/status/status.sgml @@ -1,71 +1,73 @@ - + %includes; ]> &header;

One of the benefits of the FreeBSD development model is a focus on centralized design and implementation, in which the operating system is maintained in a central repository, and discussed on centrally maintained lists. This allows for a high level of coordination between authors of various components of the system, and allows policies to be enforced over the entire system, covering issues ranging from architecture to style. However, as the FreeBSD developer community has grown, and the rate of both mailing list traffic and tree modifications has increased, making it difficult even for the most dedicated developer to remain on top of all the work going on in the tree.

The FreeBSD Bi-Monthly Development Status Report attempts to address this problem by providing a vehicle that allows developers to make the broader community aware of their on-going work on FreeBSD, both in and out of the central source repository. For each project and sub-project, a one paragraph summary is included, indicating progress since the last summary. If it is a new project, or if a project has not submitted any prior status reports, a short description may precede the status information.

These status reports may be reproduced in whole or in part, as long as the source is clearly identified and appropriate credit given.

2003

2002

2001

&footer;