EuroBSDCon 2009

Cambridge, UK. 18-20 September 2009

Talks

A new malloc(3) for OpenBSD — Otto Moerbeek

I will describes the design and implementation of the new OpenBSD malloc(3). This malloc is mmap(2) backed, making effective use of OpenBSD's address randomization. Having random region addresses poses special challenges to the data structures used to keep track of the meta data used by malloc. The data structures used in the original implementation were not well suited handling the fragmented virtual memory regions returned by mmap(2). The new data structure combines a straightforward design with speed and relative simplicity. The new malloc not only randomizes large allocations; sub-page sized allocations and deallocations are also randomized, making all addresses returned by malloc unpredictable. Having unpredictable addresses mitigates against against various attacks that exploit predictable addresses and reuse of heap data as an attack vector. The fragmented virtual memory also opens the possibility to provide desirable features like almost free buffer overrun detection and an optimized realloc(3) implementation. Since malloc(3) is used by virtually any program, these program automatically gain the advantages provided by this new implementation, which has been released in OpenBSD 4.4.

Compiling a v4l DVB driver for FreeBSD — Tim Borgeaud

A, somewhat technical, account of creating a USB DVB-T driver for FreeBSD using Linux DVB driver code and some Linux compatibility magic. A possible approach to "porting" a driver from Linux to FreeBSD is to provide emulated Linux functionality in order to allow Linux driver source code to be compiled into a working FreeBSD driver (module). There exists some code, Luigi Rizzo's linux-kmod-compat port, which may be used to create USB device drivers in this manner. This talk describes the adoption of this approach and the extension of the Linux compatibility code to enable the porting of a Linux DVB driver to FreeBSD. It is a story of diving (falling) into a world of kernels and device drivers, the emulation of Linux functionality and how a FreeBSD device driver can be constructed using compatibility code and Linux source. The talk will include some description of the differences between, and similarities of, Linux and FreeBSD (kernel) functionality, and the resulting emulation code and USB DVB driver (warts and all).

Role Based Access Control — Alistair Crooks

The talk describes the design, implementation and real-world experience of implementing Role-Based Access Control in the NetBSD kernel. Using the existing kauth facility, root's privileged operations have been split into 57 separate roles, and this talk will explain the different role groupings, the development process, design and implementation decisions, kernel and user level changes necessary, and practical lessons learned.

Network event kit (NEK) — Marten Vijn

The Network Event Kit is hardware and software to deploy network for open events. It is based on FreeBSD. It purpose it to be mobile, fast to deploy and low cost. The NEK gives access to internet via a wired and wireless infrastructure. However it is more the just this a kit. The idea behind it is to train people in the use FreeBSD and NanoBSD. It is possible to learn FreeBSD networking from base to expert level on a hands-on base. The main issue with deploying Wifi is to keep control over the users, bandwidth and performance. On events uptime and performance is the main focus. After an event bugs and error are traced with distributed benchmarking. In time, benchmarking will lead to better preparation, finding bugs and deeper insight of deploying better event networks. For more information find the NEK's website: http://bsd.wifisoft.org/nek/.

PC-BSD - Making FreeBSD on the Desktop a mainstream reality — Kris Moore

FreeBSD has a great reputation as a server operating system, and many of those same strengths enable it to perform as a top-notch desktop as well. FreeBSD can run nearly all of the same open-source applications as a Linux desktop, such as Xorg, KDE, FireFox, OpenOffice and more. However, it is not often seen deployed across desktops, except among more experienced FreeBSD users. In presentation we will look at some of the strengths and weaknesses of FreeBSD on the Desktop, and how we are attempting to make mainstream desktop adoption possible in PC-BSD. The presentation will also discuss the various open-source packaging models, and how they may help or hinder desktop adoption. http://www.pcbsd.org

Faster Packets - Performance Tuning in the OpenBSD network stack — Henning Brauer

Overview over the network stack internals focussing on tuning in it done over the last years and a bit of outlook.

FreeBSD kernel protection measures against SMTP DDoS attacks — Martin Blapp

I'll present a new accept filter kernel module for FreeBSD, the handling and the benefits of it and talk about the different attack methods spammers use these days. The kernel module prevents an application like sendmail from receiving the connected descriptor via accept() if the data from the client is incomplete or wrong, or if commands are received before the SMTP greeting banner has been sent from the server side. Therefore accf_smtp can protect smtp- servers against denial-of-service attacks. The filter also includes a greetpause feature. The greetpause mandates a pause of a length in milliseconds that is configurable via sysctl interface. If some connecting host decides to send input before the filter sends the greeting message, the kernel will shutdown the socket. The greetpause is enabled by default with a reasonable default. http://people.freebsd.org/~mbr

FreeBSD in a Complex Environment — Konrad Heuer

The talk will show how FreeBSD fits in a university computer centre with a complex environment. Storage area network, storage virtualization, data backup, network infrastructure, coexistence and cooperation with Linux and Windows server and client systems are keywords of the talk. In real-life experience: Where does FreeBSD well and where should it do better? For example, concerning system security or NFS performance, FreeBSD looks good. But support for commercial products like Tivoli Strorage Manager or the StorNext filesystem is poor or nonexistent. One of best things with FreeBSD is the permanence of its interfaces: Our main print services run on FreeBSD for more than 10 years now with only small modifications. http://www.gwdg.de

ISC and *BSD at the core of the Internet — Peter Losher

Enterprise use case for FreeBSD at ISC, a internet infrastructure company, and how we use FreeBSD at ISC to provide feedback and give back to the project. https://www.isc.org/

Journaling FFS — Joerg Sonnenberger

The talk reintroduces FFS and the consistency constraints for meta data updates. It introduces the WAPBL changes, both in terms of the on-disk format and the implementation in NetBSD. Finally the implementation is compared with other file systems and specific issues of and plans for the current implementation are discussed.

Towards a fully correct SMB/SMB2 stack for freebsd — Zach Loafman

Due to the ubiquity of Windows, SMB is one of the most common network file systems in use. However, proper SMB interoperability on a POSIX-based operating system is difficult. In order to interoperate properly with SMB, and its newest sibling SMB2, operating system support is required. This talk will: * attempt to demystify the SMB protocol * talk briefly about differences between SMB and SMB2 * discuss the Windows notion of SIDs and how they relate to UIDs/GIDS * discuss the required operating system support for SMB * discuss available support in FreeBSD The goal of the session is to discuss the protocol and the operating system support necessary for proper Windows/SMB interoperability. The session will avoid discussion of specific implementations, such as Samba, except when they may be illustrative.

100km@36Mb/s, or Long Distance Wireless — Sam Leffler

Earlier this year I helped setup a 100km wireless link in Chile between the European Southern Observatory (ESO) at La Silla and the Cerro Tololo Inter-American Observatory. The link is used to transfer data collected by Yale University's QUEST Survey camera to researchers for analysis. The wireless link uses off the shelf hardware and the FreeBSD operating system to deliver 36Mb/s aggregate bandwidth using facilities available only in FreeBSD. This talk will describe setting up this link and present the key techniques behind this functionality.

NetBSD LVM — Adam Hamsik

I would like to present state of Logical Volume Manager in NetBSD. How we have implemented support for it, How it works. I will describe device-mapper driver and (linux based) lvm2 tools in more detail. I can show how LVM works and what can be done with it. http://www.netbsd.org/~haad/lvm.html

Wireless mesh networks under FreeBSD — Rui Paulo

A new 802.11 amendment is being developed to support mesh networks on top of the existing 802.11 standard. This new amendment, 802.11s, is already being tested on Linux with the OLPC-XO children laptop. 802.11s is currently under draft status, but should reach final status during 2009 or 2010. Recently, the FreeBSD Foundation sponsored myself to implement the 802.11s amendment on top of the net80211 FreeBSD wireless stack. This work started on the final days of April 2009 and should be finished by the end of July. By then, the FreeBSD operating system will have a working wireless mesh implementation. This talk will expose how the 802.11s standard works, why it is important for the whole world and the FreeBSD mesh implementation developed under sponsorship of the FreeBSD Foundation. http://wiki.freebsd.org/WifiMesh

Profiling and Debugging the FreeBSD* Kernel — Ray Kinsella

The talk discusses the tools I use to diagnose performance bottlenecks in the FreeBSD Kernel, including practical examples demonstrating their use. I wrote the accompanying paper as a guide to developers working to resolve performance problems in FreeBSD Kernel code. Although all of the tools I used are documented, I found few practical examples demonstrating their use; so I wrote the paper in part to correct this deficit. The tools presented enable the developer to demystify the Kernel's internal workings, identify performance bottlenecks and determine appropriate parameter tuning. The paper should help reduce the guesswork involved in tuning the performance of FreeBSD, promoting actions informed by measurement.

mfsBSD — Martin Matuska

mfsBSD is a toolset to create small-sized but full-featured mfsroot based distributions of FreeBSD that store all files in memory (MFS) and load from hard drive, usb storage device or optical media. It can be used for a variety of purposes, including diskless systems, recovery partitions and remotely overwriting other operating systems. This talk presents the design, structure and usage of mfsBSD. http://people.freebsd.org/~mm/mfsbsd/mfsbsd.pdf

pfSense 2.0 and beyond — Chris Buechler

pfSense is a BSD licensed customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. This session will start with an introduction to the project and its common uses, which have expanded considerably beyond firewalling. The primary topic of the talk will be the new functionality coming in the 2.0 release, which contains significant enhancements to nearly every portion of the system as well as numerous new features. Some of these features will be demonstrated live. The future plans for the project will also be discussed. http://www.pfsense.org

20,000 Ports Under The Hood — Ion-Mihai Tetcu

20.000 Ports Under The Hood - A one hour journey into the FreeBSD Ports Collection - The Ports Collection has passed the 20.000 mark and it keeps growing. But is quantity accompanied by quality? This talk aims to present: The changes done in the last 12 months in the ports QA infrastructure (PointyHat, QA Tinderboxes, PortsMon) and how they are helping the committers, the maintainers and our users: what test were done, what long standing problems were fixed and how much effort it took. A journey into the mystical land of PointyHat - the ports build cluster - will uncover for the public what goes on behind the scenes on these overloaded machines. And since machines are run by people, the daily tasks performed by the mysterious portmgr members, the ones who, among other things have the thankless task of running PointyHat are of interest. Statistical data collected over the last years helps us understand the general trends and if we are going in the right direction. The FreeBSD Ports Collection and related tools used to be the best framework for managing third-party applications. Is this still true nowadays? How does it compare to pkgsrc and PBI, both from the maintainer's perspective and from the user's perspective.

FreeBSD and Isilon — Zach Loafman

what Isilon does - why Isilon chose to use FreeBSD - work Isilon has sponsored in FreeBSD - work Isilon has contributed back - work Isilon intends to contribute

The pkgsrc wrapper framework — Joerg Sonnenberger

The wrapper framework in pkgsrc serves two central roles: - abstracting compiler specifica - limiting visibility of installed packages in combination with buildlink. It helps making package builds a lot more reproducable and decreases the number of patches for platforms that are not using GCC or ELF. The offered flexibility comes at a price, both in terms of execution speed and code complexity. This talk explains how the wrapper framework interacts with the rest of pkgsrc, analyzes the performance of the existing implementation and introduces a simpler and faster reimplementation.

Complexity Attacks and Ipfw — David Malone

Ipfw (and most stateful firewalls) need to store information about flows that are currently live, so that the firewall can check that the packets look like they belong in that flow. This means that the firewall will have some data structure for looking up information about flows. A few years ago, Crosby and Wallach pointed out that if an attacker controls the objects you are going to look up, you need to be careful about what data structure you choose, otherwise the attacker can make the data structure perform very badly. These attacks can arrise not just in firewalls, but in any software that has to look things up. In this talk look at how some of these attacks can happen and the sort of data structures you might choose to prevent these attacks. We'll use storing flow state in ipfw, as an example and see how different schemes perform in practice. Interestingly, hashing with an apparently expensive hash function seems to out-perform some of the smarter lookup schemes. http://www.maths.tcd.ie/~dwmalone/p/ec2nd08.pdf

experiences of Google Summer of Code — Brooks Davis

2009 is The FreeBSD Project's fifth year of participation in the Google Summer of Code. A total of 20 students have participated in the project. This talk provides an overview of our experiences and gives a summary of each successful project. The primary purpose of this talk is to highlight the work of our students. http://socghop.appspot.com/org/home/google/gsoc2009/freebsd

porting HPC tools to freebsd — Brooks Davis

Since 2001 we have used FreeBSD as a high performance computing (HPC) cluster operating system. In the process we have ported a number of HPC tools including Ganglia, Globus, OpenMPI, and Sun Grid Engine. In this talk we will discuss the process of porting these types of applications and issues encountered while maintaining these tools. In addition to generally issues of porting code from one Unix-like operating system to another, there are several type of porting common to many HPC infrastructure codes which we will explore. Beyond porting, we will discuss how the ports collection aids our use of HPC applications and ways we think overall integration could be improved.

SuperPages in FreeBSD 8.0 — Kirk McKusick

This talk will describe the addition of superpage support to the FreeBSD 8.0 kernel on the Intel PC architecture. Superpages aggregate together standard-sized hardware pages into much larger "superpages". Each superpage requires only one entry in the page table replacing the numerous entries used by the standard-sized hardware pages. The result is much smaller page tables and greatly increased coverage by the TLB, producing much higher TLB hit rates for large processes. While superpages are used for all appropriate processes with no explicit request by the applications, understanding how they work will enable you to write your applications to make optimal use of them.

How FreeBSD finds Oil - Harrison Grundy

This covers the various uses of FreeBSD in the oil and gas industry, ranging from storage using the new ZFS code to create fileservers over 25TB, to data processing appliances that use 10-20TB of seismic field data to create SEGY data suitable for geophysical interpretation. It starts with where FreeBSD was when I first started working with it at oil and gas companies, and shows how kernel development efforts shaped its utilization in that environment in both positive, and negative ways. Also covered is the economics of using FreeBSD in oil and gas, where licensing costs are effectively nil, compared to the cost of doing exploration, and drilling wells. Also included will be some sample seismic data, sample economics sheets, etc. to show how FreeBSD fits into the process, and to give the audience a little bit of background about the oil and gas industry.

Experiences with kqueue - Ted Unangst

The kqueue framework was developed and introduced to BSD several years ago, but remains a mystery to many developers. This talk is not so much a rehash of the features of kqueue, but will examine some of the current uses that move a step beyond "more scalable select", along with some of the caveats and bugs recently encountered. The focus will be on concrete examples from OpenBSD, but is applicable to anyone developing software on a system using kqueue.

A BSD licensed PGP library - Alistair Crooks

This talk introduces the netpgp library, a BSD-licensed PGP library, which is compatible with the GNU Privacy Guard program. The library itself is described, and the suite of userland programs built around it, such as the signing/verification/encryption and decryption program, a program to manage keys, and an agent program to provide automated encryption and signing. Possible practical uses for the library are also provided, along with a demonstration of some of these uses.

gemdisk: a GEOM class to emulate disk drives - Fabio Checconi

Working on a novel, GEOM-based, disk scheduling infrastructure for FreeBSD, we are facing the problem of test coverage. In particular, it is quite difficult to foresee how a specific scheduling algorithm or optimization will behave with different disks and hardware configurations. Testing with real hardware would be the best thing to have; unfortunately it would require the access to a lot of different, often expensive, media. So we are exploring the feasibility of using emulation, along with real hardware testing, to better understand the behavior of the different scheduling algorithms, and to prevent pitfalls in their deployment. One result of our effort is gemdisk, a disk simulation tool which we are developing to mimic the behaviour of a disk unit (rotational media or even SSD) with programmable features. In this talk we will present the status of our disk simulation tool, which is currently work in progress. We will start giving some information on the state of the art of disk modelling, simulation, and parameter extraction. We will then describe the architecture of our simulator; finally we will show some examples of its use and discuss its limitations.

Embedded FreeBSD for industrial applications: a case study - Stanislav Sedov

Most industries today rely on complex widely imployed information systems to organize information flows, production processes and relations. Usually these systems consist of a large number of different devices installed wherever control operations are required, providing required data to the high-level controllers and performing control functions on its behalf. Last years these systems evolved so much, so even its small parts present quite a comples pieces of harware running rather sophisticated applications. Recent releases of FreeBSD operating systems brought support for ARM and MIPS embedded platforms making itself a good choice for usage in embedded industrial applications. In this paper we will describe our experience of building an industrial GPS navigation and tracking system using FreeBSD/arm platform. We will focus on important problems we met when building the system: bootstrapping the system, reducing the size of application image, improving stability in situations of frequent power loss and implementing safe firmware upgrade functions. Additional attention will be paid to problems maintaining the internal source code branch and keeping it in sync with main line FreeBSD development. Results achieved will be described.

fs-utils: File systems access tools in userland - Arnaud Ysmal

Currently, file system access is done either through a kernel driver or a specialized userspace program. In the former case the file system is mounted. An example of the latter case is mtools which allows to access msdos file systems. The NetBSD Runnable Userspace Meta Program (rump) framework enables the use of kernel file system drivers as part of userspace programs. By building upon rump and NetBSD base system utilities such as ls and cp, we have created the fs-utils application suite. It provides mtools-like file system access without requiring mount privileges and an in-kernel driver. In contrast to mtools, fs-utils reuses the kernel file system drivers instead of relying on a userspace reimplementation, supports a total of 11 file systems from NetBSD and some support for FUSE file systems, and offers the same usage as the well-known tools (e.g. all of the flags of ls are supported). This paper explains how these programs were written and recounts the evolution of the project. It also shows the benefits and use-cases of fs-utils. This paper is coauthored between Arnaud Ysmal and Antti Kantee. http://www.NetBSD.org/~stacktic/fs-utils.html