Domain: watson.org
Stories and comments across the archive that link to watson.org.
Comments · 29
-
Re:YeahI have a lot of respect for most of the OpenBSD team, but Theo is definitely trolling here.
Let's start with the premise of TFA, which cites the article on Ars that was covered here a few days ago and was complete nonsense about the new random number infrastructure in FreeBSD. We are not moving away from using the hardware random number generator directly, we have never used the hardware random number generator. The new code that the Ars article was talking about is to allow the PRNG to be easily switched. In 10 we're shipping both Fortuna and Yarrow and the infrastructure allows more to be added. The code has been reviewed by two cryptographers that I know of and possibly others. Neither the old nor the new implementation is vulnerable to the attack against random number generators that was published a couple of months ago (Linux was the subject of the paper, not sure if OpenBSD was vulnerable).
If Theo is going to make such remarks as this, he should think more carefully first:
"Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone."
He'd be advised to take a look at the transactions for the IEEE Symposium on Security and Privacy over the last 10 years and see how many papers are describing techniques that were both originally implemented on FreeBSD and are now part of the default install. Let's take a look at the two systems, from a security perspective. Both FreeBSD use SSP and non-excutable stack by default, so I'll skip those. To begin with, OpenBSD features missing on FreeBSD:
W^X enforcement. Definitely a nice idea, but it breaks some things (JITs mostly). The default memory map in FreeBSD is W^X, but it is possible to explicitly mmap() memory both writeable and executable. It's generally considered a bad idea though, and we don't ship any code that allows it. We permit third-party code to shoot itself in the foot if it really wants to and provide mitigation techniques to reduce the risk.
Then there's ASLR. This is a pretty nice technique, which is currently not implemented on FreeBSD. We do support PIE, so it would not be a horrendously difficult thing to add, but current implementations (including OpenBSD) use a surprisingly small amount of entropy in the address layout and so don't provide as much mitigation as you'd hope (which, of course, Theo knows, because he's very familiar with 'relevant research'). This is especially true on 32-bit systems.
And that's it for OpenBSD. Well, unless you want to count , but since that's vulnerable to a timing attack (still not fixed), which was published in the USENIX Workshop on Offensive Technologies, and Theo is aware of all 'relevant research' in security then it can't really still be there.
Now let's look at FreeBSD security mechanisms:
First up, jails. Jails are somewhere between a chroot and a VM: a shared kernel, but all of the global namespaces (filesystems, IP addresses, users) are separated and so you can completely isolate a service, such as a web browser, from the rest of the system. Scripts like ez-jail in the ports tree make it easy to set up lightweight service jails.
Then there's the MAC framework, which allows modular access control policies. This is used by a couple of FreeBSD derivatives: JunOS uses it to implement code signing, OS X and iOS use it for application sandboxing. You can also use it for traditional type enforcement policies, as in SELinux and a variety of other things.
And then there's Capsicum, which adds a capability model on top
-
Re:YeahI have a lot of respect for most of the OpenBSD team, but Theo is definitely trolling here.
Let's start with the premise of TFA, which cites the article on Ars that was covered here a few days ago and was complete nonsense about the new random number infrastructure in FreeBSD. We are not moving away from using the hardware random number generator directly, we have never used the hardware random number generator. The new code that the Ars article was talking about is to allow the PRNG to be easily switched. In 10 we're shipping both Fortuna and Yarrow and the infrastructure allows more to be added. The code has been reviewed by two cryptographers that I know of and possibly others. Neither the old nor the new implementation is vulnerable to the attack against random number generators that was published a couple of months ago (Linux was the subject of the paper, not sure if OpenBSD was vulnerable).
If Theo is going to make such remarks as this, he should think more carefully first:
"Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone."
He'd be advised to take a look at the transactions for the IEEE Symposium on Security and Privacy over the last 10 years and see how many papers are describing techniques that were both originally implemented on FreeBSD and are now part of the default install. Let's take a look at the two systems, from a security perspective. Both FreeBSD use SSP and non-excutable stack by default, so I'll skip those. To begin with, OpenBSD features missing on FreeBSD:
W^X enforcement. Definitely a nice idea, but it breaks some things (JITs mostly). The default memory map in FreeBSD is W^X, but it is possible to explicitly mmap() memory both writeable and executable. It's generally considered a bad idea though, and we don't ship any code that allows it. We permit third-party code to shoot itself in the foot if it really wants to and provide mitigation techniques to reduce the risk.
Then there's ASLR. This is a pretty nice technique, which is currently not implemented on FreeBSD. We do support PIE, so it would not be a horrendously difficult thing to add, but current implementations (including OpenBSD) use a surprisingly small amount of entropy in the address layout and so don't provide as much mitigation as you'd hope (which, of course, Theo knows, because he's very familiar with 'relevant research'). This is especially true on 32-bit systems.
And that's it for OpenBSD. Well, unless you want to count , but since that's vulnerable to a timing attack (still not fixed), which was published in the USENIX Workshop on Offensive Technologies, and Theo is aware of all 'relevant research' in security then it can't really still be there.
Now let's look at FreeBSD security mechanisms:
First up, jails. Jails are somewhere between a chroot and a VM: a shared kernel, but all of the global namespaces (filesystems, IP addresses, users) are separated and so you can completely isolate a service, such as a web browser, from the rest of the system. Scripts like ez-jail in the ports tree make it easy to set up lightweight service jails.
Then there's the MAC framework, which allows modular access control policies. This is used by a couple of FreeBSD derivatives: JunOS uses it to implement code signing, OS X and iOS use it for application sandboxing. You can also use it for traditional type enforcement policies, as in SELinux and a variety of other things.
And then there's Capsicum, which adds a capability model on top
-
EDOOFUS
Vaguely reminds me of the EDOOFUS "controversy" in the FreeBSD kernel.
I do kind of agree it's sexist, but it's so infantile, i almost say ignore it. I mean, boobs exist, some are big, some are small, some are medium. Guys have big boobs too, and some are big too (I already see Balmer references in this discussion). I almost say, pull the phrase, and let it die, and not be any worked up about it.
-
Re:Reminds me of an old RPS contest...
0) I have source code for my bot, the tourney announcement, and the tourney results. If you are really curious, ping me at my email address.
1) I never said you were *playing* a random opponent. Against an *arbitrary* opponent your optimal strategy is to play randomly. Any other strategy that you play can be exploited to your loss. In this way, random really is the game-theoretic optimal strategy. It's not just a buzzword.
2) Of course. I'm exploiting an implementation detail. This is a classic side-channel attack on an otherwise secure system.
3) Yes. I looked up the source code for libc implementations online. It's easy: google ' rand.c'. Examples: http://fxr.watson.org/fxr/source/stdlib/rand.c?v=FREEBSD-LIBC, http://fossies.org/dox/glibc-2.15/random_8c_source.html. I also got Microsoft's rand() implementation for their MSVC runtime because the source code for that comes with Visual Studio. Yes, I was using Windows. Contest submissions had to be in C or C++, and most programmers would rather use rand() (portable, simple, easy) than implement their own random() function or use the less-portable
/dev/[u]random.4) Contest programs ran in the same process, so your rand() state was shared. srand was forbidden, but we were given the tournament engine source code and so we knew when srand() was called and with what arguments (time(NULL)). To be specific: I pulled a single rand() value, then ran all my implementations of rand() with different seeds in the neighbourhood of time(NULL), and ran them for a variable number of iterations (up to 20, I think) to guess the sequence offset. The processing strategy was simply observing what values they were adding to the rand() value before taking it mod 3. The input is about 20 seconds * 5 libcs * 20 sequence offsets * 3 "processing strategies" = 6000 possibilities. Four dimensions, but they can all be constrained to small values.
-
Subject to race conditions -- lame
Folks,
Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:
http://www.watson.org/~robert/2007woot/
--Paul
-
Re:Why?
What would be the point? The kernel for Windows is perfectly stable, barring shitty drivers.
That would be the point, IIRC over 95% of linux is device drivers. There was one computer that windows xp was crashing on every hour or so, Out of curiosity I installed linux on the machine. I had never seen linux spew so many warnings about out of spec hardware and features being disabled. Linux was stable, but really, windows could have been just as stable, if they would have been willing to say, these features disabled because the hardware is lying about having them. But, if Microsoft had done that, it would have been Microsoft vs Foxcom (or who ever made the crapware) and it would have turned into a pr war. With Linux the hardware was tested, and people reported that it did R when it said it would do A, ergo, mark it bad, until someone comes up with a workaround.
Microsoft has a lot of baggage that makes people willing to take the crapware manufacturer seriously, the Linux developers are viewed as impartial reporters about the state of hardware.
Rants like the one here http://fxr.watson.org/fxr/source/pci/if_rl.c are unlike to make it into the windows kernel, no matter how true.
-
buggy since 2000.
rev1.33 2000/01/13 versus rev1.34 2000/01/27
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.c.diff?r1=1.33;r2=1.34;f=hhttp://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L776
http://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L787rev1.33: *alg = satype == SADB_SATYPE_AH ? XF_NEW_AH : XF_OLD_AH; versus rev1.34: *alg = satype = XF_AH; (flawed)
rev1.33: *alg = satype == SADB_SATYPE_ESP ? XF_NEW_ESP : XF_OLD_ESP; versus rev1.34: *alg = satype = XF_ESP; (flawed)the reason of caring the algorithm to be picked is this uniform structure http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111>http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111
if the algorithm is not picked correctly then it can leak by another kind of algorithm
XF_ESP=3, XF_AH=2, XF_IP4=1 (IP inside of IP, don't confuse with ESP encapsulation).
http://fxr.watson.org/fxr/ident?v=OPENBSD;im=excerpts;i=XF_ESP
satype must not be asigned, it's from switch(satype)correct should be *alg = XF_AH; and *alg = XF_ESP;
-
buggy since 2000.
rev1.33 2000/01/13 versus rev1.34 2000/01/27
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.c.diff?r1=1.33;r2=1.34;f=hhttp://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L776
http://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L787rev1.33: *alg = satype == SADB_SATYPE_AH ? XF_NEW_AH : XF_OLD_AH; versus rev1.34: *alg = satype = XF_AH; (flawed)
rev1.33: *alg = satype == SADB_SATYPE_ESP ? XF_NEW_ESP : XF_OLD_ESP; versus rev1.34: *alg = satype = XF_ESP; (flawed)the reason of caring the algorithm to be picked is this uniform structure http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111>http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111
if the algorithm is not picked correctly then it can leak by another kind of algorithm
XF_ESP=3, XF_AH=2, XF_IP4=1 (IP inside of IP, don't confuse with ESP encapsulation).
http://fxr.watson.org/fxr/ident?v=OPENBSD;im=excerpts;i=XF_ESP
satype must not be asigned, it's from switch(satype)correct should be *alg = XF_AH; and *alg = XF_ESP;
-
buggy since 2000.
rev1.33 2000/01/13 versus rev1.34 2000/01/27
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.c.diff?r1=1.33;r2=1.34;f=hhttp://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L776
http://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L787rev1.33: *alg = satype == SADB_SATYPE_AH ? XF_NEW_AH : XF_OLD_AH; versus rev1.34: *alg = satype = XF_AH; (flawed)
rev1.33: *alg = satype == SADB_SATYPE_ESP ? XF_NEW_ESP : XF_OLD_ESP; versus rev1.34: *alg = satype = XF_ESP; (flawed)the reason of caring the algorithm to be picked is this uniform structure http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111>http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111
if the algorithm is not picked correctly then it can leak by another kind of algorithm
XF_ESP=3, XF_AH=2, XF_IP4=1 (IP inside of IP, don't confuse with ESP encapsulation).
http://fxr.watson.org/fxr/ident?v=OPENBSD;im=excerpts;i=XF_ESP
satype must not be asigned, it's from switch(satype)correct should be *alg = XF_AH; and *alg = XF_ESP;
-
buggy since 2000.
rev1.33 2000/01/13 versus rev1.34 2000/01/27
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.c.diff?r1=1.33;r2=1.34;f=hhttp://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L776
http://fxr.watson.org/fxr/source/net/pfkeyv2.c?v=OPENBSD;im=3#L787rev1.33: *alg = satype == SADB_SATYPE_AH ? XF_NEW_AH : XF_OLD_AH; versus rev1.34: *alg = satype = XF_AH; (flawed)
rev1.33: *alg = satype == SADB_SATYPE_ESP ? XF_NEW_ESP : XF_OLD_ESP; versus rev1.34: *alg = satype = XF_ESP; (flawed)the reason of caring the algorithm to be picked is this uniform structure http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111>http://fxr.watson.org/fxr/source/netinet/ip_ipsp.c?v=OPENBSD#L111
if the algorithm is not picked correctly then it can leak by another kind of algorithm
XF_ESP=3, XF_AH=2, XF_IP4=1 (IP inside of IP, don't confuse with ESP encapsulation).
http://fxr.watson.org/fxr/ident?v=OPENBSD;im=excerpts;i=XF_ESP
satype must not be asigned, it's from switch(satype)correct should be *alg = XF_AH; and *alg = XF_ESP;
-
OpenBSD's kernel UDP port 4500 enabled by default?
1. Why the UDP port 4500 is enabled by default inside of the kernel (upper 1023)?
2. Why is "#if NPF > 0 ... pf_pkt_addr_changed(m); ... #endif" against NetFilter auditory?It's suspected FBI's change to ipsec_output.c (you can ignore the IPv6 / INET6 changes):
ipsec_output.c rev1.25 vs rev1.41"triggers decapsulation"? what is it?
The revlog says "UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)"
ipsec_output.c rev1.28 vs rev1.29
if udpencap_port=4500 then "!udpencap_port" is false so that it doesn't m_freem(m);but it always does mi = m_inject(m, sizeof(struct ip), sizeof(struct udphdr),sizeof(struct udphdr),M_DONTWAIT);ipsec_output.c rev1.30 vs rev1.31
then it does udpencap_enable = 1; /* enabled by default */http://nixdoc.net/man-pages/openbsd/man9/m_inject.9.html
http://fxr.watson.org/fxr/source/kern/uipc_mbuf.c?v=OPENBSD#L925
says "XXX It is assumed that siz is less than the size of an mbuf at the moment."Assumption is unsafety.
ipsec_output.c rev1.40 vs rev 1.41
pf_pkt_addr_changed(m) against NPF (against filter i thought).
http://fxr.watson.org/fxr/ident?v=OPENBSD&im=10&i=pf_pkt_addr_changed
It erases the header when NPF(ilter) is enabled.
Recommended [don't touch PF filter]: void pf_pkt_addr_changed(struct mbuf *m) { /* m->m_pkthdr.pf.statekey = NULL; */ }http://www.ietf.org/rfc/rfc3948.txt its group is F-Secure Corporation, Microsoft, Cisco Systems and Nortel Networks.
3.3./3.5 (Transport or Tunnel) Mode ESP Decapsulation: 1. The UDP header is removed from the packet. <-- imagine that the UDP packet is from the intruder, xD
if the intruder's UDP header is removed then the intruder's information is removed :)
so that OpenBSD removed the intruder's auditoryit was my magic: "look for 'remove' from rfc3948.txt" (to suppose that 'remove' is something unauthorized).
1. The UDP header is removed from the packet. <-- to correct it must be "The UDP header must be CHECKED during the decapsulation process."
Never REMOVED!!!2.3. NAT-Keepalive Packet Format "The receiver SHOULD ignore a received NAT-keepalive packet." <-- it's another unauthorized.
don't remove things, don't ignore things, don't hide things, don't discard things.ipsec_output.c IPsec comment
says "Called by the IPsec output transform callbacks, to transmit the packet or do further processing, as necessary." <-- what "further processing"? xDipcomps_minlen comment
u_int32_t ipcomps_minlen; /* packets too short for compress */ from struct ipcompstat /* IP payload compression protocol (IPComp), see RFC 2393 */http://www.ietf.org/rfc/rfc2393.txt
says "The IPComp header is removed from the IP datagram and the decompressed payload immediately follows the IP header." <-- ehh! removed NOT!!! CHECKED yes!!!
ipcompstat.ipcomps_minlen++ -
OpenBSD's kernel UDP port 4500 enabled by default?
1. Why the UDP port 4500 is enabled by default inside of the kernel (upper 1023)?
2. Why is "#if NPF > 0 ... pf_pkt_addr_changed(m); ... #endif" against NetFilter auditory?It's suspected FBI's change to ipsec_output.c (you can ignore the IPv6 / INET6 changes):
ipsec_output.c rev1.25 vs rev1.41"triggers decapsulation"? what is it?
The revlog says "UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)"
ipsec_output.c rev1.28 vs rev1.29
if udpencap_port=4500 then "!udpencap_port" is false so that it doesn't m_freem(m);but it always does mi = m_inject(m, sizeof(struct ip), sizeof(struct udphdr),sizeof(struct udphdr),M_DONTWAIT);ipsec_output.c rev1.30 vs rev1.31
then it does udpencap_enable = 1; /* enabled by default */http://nixdoc.net/man-pages/openbsd/man9/m_inject.9.html
http://fxr.watson.org/fxr/source/kern/uipc_mbuf.c?v=OPENBSD#L925
says "XXX It is assumed that siz is less than the size of an mbuf at the moment."Assumption is unsafety.
ipsec_output.c rev1.40 vs rev 1.41
pf_pkt_addr_changed(m) against NPF (against filter i thought).
http://fxr.watson.org/fxr/ident?v=OPENBSD&im=10&i=pf_pkt_addr_changed
It erases the header when NPF(ilter) is enabled.
Recommended [don't touch PF filter]: void pf_pkt_addr_changed(struct mbuf *m) { /* m->m_pkthdr.pf.statekey = NULL; */ }http://www.ietf.org/rfc/rfc3948.txt its group is F-Secure Corporation, Microsoft, Cisco Systems and Nortel Networks.
3.3./3.5 (Transport or Tunnel) Mode ESP Decapsulation: 1. The UDP header is removed from the packet. <-- imagine that the UDP packet is from the intruder, xD
if the intruder's UDP header is removed then the intruder's information is removed :)
so that OpenBSD removed the intruder's auditoryit was my magic: "look for 'remove' from rfc3948.txt" (to suppose that 'remove' is something unauthorized).
1. The UDP header is removed from the packet. <-- to correct it must be "The UDP header must be CHECKED during the decapsulation process."
Never REMOVED!!!2.3. NAT-Keepalive Packet Format "The receiver SHOULD ignore a received NAT-keepalive packet." <-- it's another unauthorized.
don't remove things, don't ignore things, don't hide things, don't discard things.ipsec_output.c IPsec comment
says "Called by the IPsec output transform callbacks, to transmit the packet or do further processing, as necessary." <-- what "further processing"? xDipcomps_minlen comment
u_int32_t ipcomps_minlen; /* packets too short for compress */ from struct ipcompstat /* IP payload compression protocol (IPComp), see RFC 2393 */http://www.ietf.org/rfc/rfc2393.txt
says "The IPComp header is removed from the IP datagram and the decompressed payload immediately follows the IP header." <-- ehh! removed NOT!!! CHECKED yes!!!
ipcompstat.ipcomps_minlen++ -
OpenBSD's kernel UDP port 4500 enabled by default?
1. Why the UDP port 4500 is enabled by default inside of the kernel (upper 1023)?
2. Why is "#if NPF > 0 ... pf_pkt_addr_changed(m); ... #endif" against NetFilter auditory?It's suspected FBI's change to ipsec_output.c (you can ignore the IPv6 / INET6 changes):
ipsec_output.c rev1.25 vs rev1.41"triggers decapsulation"? what is it?
The revlog says "UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)"
ipsec_output.c rev1.28 vs rev1.29
if udpencap_port=4500 then "!udpencap_port" is false so that it doesn't m_freem(m);but it always does mi = m_inject(m, sizeof(struct ip), sizeof(struct udphdr),sizeof(struct udphdr),M_DONTWAIT);ipsec_output.c rev1.30 vs rev1.31
then it does udpencap_enable = 1; /* enabled by default */http://nixdoc.net/man-pages/openbsd/man9/m_inject.9.html
http://fxr.watson.org/fxr/source/kern/uipc_mbuf.c?v=OPENBSD#L925
says "XXX It is assumed that siz is less than the size of an mbuf at the moment."Assumption is unsafety.
ipsec_output.c rev1.40 vs rev 1.41
pf_pkt_addr_changed(m) against NPF (against filter i thought).
http://fxr.watson.org/fxr/ident?v=OPENBSD&im=10&i=pf_pkt_addr_changed
It erases the header when NPF(ilter) is enabled.
Recommended [don't touch PF filter]: void pf_pkt_addr_changed(struct mbuf *m) { /* m->m_pkthdr.pf.statekey = NULL; */ }http://www.ietf.org/rfc/rfc3948.txt its group is F-Secure Corporation, Microsoft, Cisco Systems and Nortel Networks.
3.3./3.5 (Transport or Tunnel) Mode ESP Decapsulation: 1. The UDP header is removed from the packet. <-- imagine that the UDP packet is from the intruder, xD
if the intruder's UDP header is removed then the intruder's information is removed :)
so that OpenBSD removed the intruder's auditoryit was my magic: "look for 'remove' from rfc3948.txt" (to suppose that 'remove' is something unauthorized).
1. The UDP header is removed from the packet. <-- to correct it must be "The UDP header must be CHECKED during the decapsulation process."
Never REMOVED!!!2.3. NAT-Keepalive Packet Format "The receiver SHOULD ignore a received NAT-keepalive packet." <-- it's another unauthorized.
don't remove things, don't ignore things, don't hide things, don't discard things.ipsec_output.c IPsec comment
says "Called by the IPsec output transform callbacks, to transmit the packet or do further processing, as necessary." <-- what "further processing"? xDipcomps_minlen comment
u_int32_t ipcomps_minlen; /* packets too short for compress */ from struct ipcompstat /* IP payload compression protocol (IPComp), see RFC 2393 */http://www.ietf.org/rfc/rfc2393.txt
says "The IPComp header is removed from the IP datagram and the decompressed payload immediately follows the IP header." <-- ehh! removed NOT!!! CHECKED yes!!!
ipcompstat.ipcomps_minlen++ -
Re:Realtek
The 8139 is one of the shittiest NICs ever created. It personifies the Realtek ethos of bottom-of-the-barrel, "get it to sort-of work and ship it" engineering. The fact that it works on "any operating system you've ever installed" is a testament not to the virtues of Realtek, but the skill and dedication of a few people who undertook the monumental task of creating drivers. Don't get me wrong, I'm glad I have $5 surround sound on my motherboard, but I still wouldn't piss on Realtek to put out a fire.
* Supports several extremely cheap PCI 10/100 adapters based on
40 * the RealTek chipset. Datasheets can be obtained from
41 * www.realtek.com.tw.
42 *
43 * Written by Bill Paul
44 * Electrical Engineering Department
45 * Columbia University, New York City
46 */
47 /*
48 * The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
49 * probably the worst PCI ethernet controller ever made, with the possible
50 * exception of the FEAST chip made by SMC. The 8139 supports bus-master
51 * DMA, but it has a terrible interface that nullifies any performance
52 * gains that bus-master DMA usually offers.
53 *
54 * For transmission, the chip offers a series of four TX descriptor
55 * registers. Each transmit frame must be in a contiguous buffer, aligned
56 * on a longword (32-bit) boundary. This means we almost always have to
57 * do mbuf copies in order to transmit a frame, except in the unlikely
58 * case where a) the packet fits into a single mbuf, and b) the packet
59 * is 32-bit aligned within the mbuf's data area. The presence of only
60 * four descriptor registers means that we can never have more than four
61 * packets queued for transmission at any one time.
62 *
63 * Reception is not much better. The driver has to allocate a single large
64 * buffer area (up to 64K in size) into which the chip will DMA received
65 * frames. Because we don't know where within this region received packets
66 * will begin or end, we have no choice but to copy data from the buffer
67 * area into mbufs in order to pass the packets up to the higher protocol
68 * levels.
69 *
70 * It's impossible given this rotten design to really achieve decent
71 * performance at 100Mbps, unless you happen to have a 400Mhz PII or
72 * some equally overmuscled CPU to drive it.
73 *
74 * On the bright side, the 8139 does have a built-in PHY, although
75 * rather than using an MDIO serial interface like most other NICs, the
76 * PHY registers are directly accessible through the 8139's register
77 * space. The 8139 supports autonegotiation, as well as a 64-bit multicast
78 * filter.
79 *
80 * The 8129 chip is an older version of the 8139 that uses an external PHY
81 * chip. The 8129 has a serial MDIO interface for accessing the MII where
82 * the 8139 lets you directly access the on-board PHY registers. We need
83 * to select which interface to use depending on the chip type.
84 */ -
Re:FreeBSD and i/o monitoring
the BSDs don't go after supporting every POS hardware product on the planet, they focus on supporting the ones that get used in production environments where performance and reliability are far more important than cost. If you want to use some half assed/cheapo/bargin bin hardware product, *BSD isn't what you want, thats not its focus and anyone who uses it will tell you so.
FreeBSD supports at least commonly used low end network cards:http://fxr.watson.org/fxr/source/pci/if_rl.c
-
sandboxing
If sandboxing is systrace as the article mentions, does this mean they have solved the problems related to syscall wrappers first disclosed by watson's woot07 paper? Is the infrastructure tied directly into the system calls instead, or have they simply ignored the problem?
http://www.watson.org/~robert/2007woot/ -
Re:Linux?
Would you be talking about this?
-
Re:Let the market speaks
I can't find any evidence of the realtek comment in the linux tree and since the driver its from is has a four clause BSD it seems unlikely it was ever in linux. It does seem to be in all 3 of the major BSD variants though.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ic /rtl81x9.c?rev=1.68&content-type=text/x-cvsweb-mar kup
http://crypto.riken.go.jp/pub/OpenBSD/src/sys/dev/ ic/rtl81x9.c
http://fxr.watson.org/fxr/source/pci/if_rl.c
In realteks defense mind you i think the worst PCI ethernet controller comment is a bit unfair, sure its a bit heavy on the CPU and annoying to drive but it seems to be a pretty stable chip and its damn cheap.
TBH i suspect you will find lots of comments about hardware issues in any driver source unless its been through a comment stripper. Hardware has bugs and design flaws that can't really be fixed in the hardware either due to the cost of a respin or due to the fact that units are already in the wild. Some of those bugs will be in the IC makers errata but getting them to add newly found issues to the errata can be very hard. I strongly suspect the only difference is that linux/freebsd make those comments fully public whereas with propietry operating systems you'd probablly need a source license to see them. -
Re:Feh...
Speaking of which, I was re-waching my vhs tape of "Metropolis" (silent film made in 1927 about the future) and was amazed to spot a metric clock on the wall! (just did a search and found a shot of it.
-
Re:RealTek?
the full comment that gave it that legendy reputation is in the following source file (you have to scroll past the license boilerplate first).
http://fxr.watson.org/fxr/source/pci/if_rl.c?v=REL ENG5 -
Re:Just wondering...Read Hsu's license. It's a 4 clause BSD license, which _REQUIRES_ attribution, since it has that advertisement clause added back in. It's just different from the usual BSD license. If you would have bothered to read DragonFly's source of the TCP stack, you would have known.
Oh, you were wondering where you could read the source? Well, DragonFly's cvsweb has a nice interface for it. You can also compare codebases at lxr.watson.org.
Also, DFBSD has diverged from FreeBSD 4 a great deal already. The userland might be mostly the same, but kernelwise it's all different. The developers put a lot of time and effort in it. The fact that you don't see the difference means that they are doing their work correctly. So to say that it is *entirely* based off of it is completely false. It also has bits from NetBSD and OpenBSD.
For the record, I don't give a hoot if they take code from DragonFly. The guys working on DF should be credited for their work, that's all.
-
Re:Looks like there's still a lot to do.Yeah, there is still a lot to be done. I think they're going to miss the release date somewhat but the wins that will be seen by 5.3 will be excellent for the FreeBSD release.
The finer grained locking in the subsystems, and all the great work being done by Robert Watson in the NetPerf area is showing up in the stock kernel. I did a half-upgrade (upgrading select packages) to get the 5.3-beta1 kernel to compile on one of my development hosts, and have begun disabling the Giant lock where it's not really needed. This will mean improved disk and network I/O to anyone that has a HTT or SMP system.
FreeBSD has been lagging somewhat in the threads/smp area for some time, and this is helping bring the kernel closer in line to the performance that is seen by other OSes. I'm very exicted and will be looking forward to upgrading my 4.10-REL host to 5.3 as it will do a lot better job with my hardware (2x2.8Xeon 4g dram, em ether, asr0 scsi) and hopefully help solve some of my database performance issues.
-
Re:Looks like there's still a lot to do.Yeah, there is still a lot to be done. I think they're going to miss the release date somewhat but the wins that will be seen by 5.3 will be excellent for the FreeBSD release.
The finer grained locking in the subsystems, and all the great work being done by Robert Watson in the NetPerf area is showing up in the stock kernel. I did a half-upgrade (upgrading select packages) to get the 5.3-beta1 kernel to compile on one of my development hosts, and have begun disabling the Giant lock where it's not really needed. This will mean improved disk and network I/O to anyone that has a HTT or SMP system.
FreeBSD has been lagging somewhat in the threads/smp area for some time, and this is helping bring the kernel closer in line to the performance that is seen by other OSes. I'm very exicted and will be looking forward to upgrading my 4.10-REL host to 5.3 as it will do a lot better job with my hardware (2x2.8Xeon 4g dram, em ether, asr0 scsi) and hopefully help solve some of my database performance issues.
-
For FreeBSDers, try ethercons
If you use FreeBSD and find this interesting, you should take a look at rwatson's ethercons patches. Basically, it is this but supports bidirectional communication. That means you can run a getty on it and login over ethernet console. Rather slick.
-
Re:ACLs
Since a lot of code is based on FreeBSD 5.x, check out rwatson's page on POSIX.1e.
ACLs in FreeBSD (and by extension "Tiger") are based on the last public draft of the POSIX.1e document (it was never ratified). The procedure will be the same as is done in Solaris and Linux(?).
chmod and chown do not affect ACLs; to do that you have to use setfacl . When you use ls you do not see the extra ACLs, but a '+' character after the traditional permissions. The '+' tells you that ACLs are present; to view them you have to use getfacl utility. -
Re:Question
Yeah, there was that bus boycott back in the 1950s here in the states. Anyone hear how that turned out?
-
Re:You answer your own question...
You are working backwards. Looking at it objectively, it is clear that a system where applications have to become superuser to perform certain tasks but can relinquish this authority is inferior to a system where superuser priveleges are never given to a process.
Your position is understandable since this is how the Unix security model has worked for decades even though better mechanisms have been proposed but rarely caught on. For example, look at POSIX 1.E which is almost 2 decades for an example of a better model for handling systems permissions than the traditional Unix model. Recently there has been work done on FreeBSD POSIX 1.E capabilities as well as on the Linux front. This is a good indication that more and more people are disatisfied with the deficiencies of the Unix security model and its reliance on a "superuser" account for so many essential tasks.
Lastly I don't think any Linux distro has ever been certified as POSIX compliant although many feel that doing so wouldn't be difficult. -
Try these links instead...
-
Re:*BSD Jail?Interesting. FWIW, several of jail()'s shortcomings are going to be addressed in FreeBSD 5.0.
See jailNG