What's New in the FreeBSD Network Stack

jjgm writes "As FreeBSD 5-STABLE approaches, Andre Oppermann has produced a high-level presentation on the changes to the FreeBSD 5.3 network stack. There are many clever tricks for performance and scalability. Amongst other things, Andre claims that FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."

a.k.a. Project Evil

[Goyuix]

NDIS Binary Compatibility

FreeBSD i386 can use binary Ethernet and WLAN network drivers written to the
Windows XP NDIS 5.1 specification. It is a little cumbersome to convert a NDIS driver
into a FreeBSD Kernel Loadable Module (KLD): (By: wpaul)

# ndiscvt -O -i neti557x.inf -s neti557x.sys -n intel0
# /* Compile and install new kernel with "options NDIS" */
# kldload intel0

Man ndis(4), ndisapi(9), ndiscvt(

?pps

[BladeMelbourne]

All this talk of Mpps and Kpps is making my need to pee more urgent.

Can someone explain what the 'pps' means? the M and K dont need defining...

Re:?pps

[dave_f1m]

packets per second

Re:?pps

[bohnsack]

Pakets per second.

Re:?pps

[Shanep]

Packets Per Second.

It is usually high packets per second that brings a machine to its knees, as opposed to bits or bytes per second.

If you had a given amount of sustained data coming into a machine, it would typically be much less taxing if those packets where large, as opposed to the same bandwidth being used up with very small packets.

Packets are variable length and a single packet will be much larger than a single byte.

Re:?pps

[FooAtWFU]

It is usually high packets per second that brings a machine to its knees, as opposed to bits or bytes per second.

Which is what you see in DoSc attacks: stuff like SYN floods and smurf attacks.

Re:?pps

[Shanep]

Which is what you see in DoSc attacks:

Yes. A DoS should be most effective with the smallest packets you can send.

stuff like SYN floods

SYN floods work by requestion permision to statefully connect, without then going through with replying to the handshake that is sent back. When done over and over, this eventually fills the table of half-connections, which in turn prevents the initiation of any more connections and thus a denial of service.

The fact that these packets are small, is coincidental to this discusion. In other words, SYN floods don't work because the packets are small, they work because completing the required handshake sequence is not done.

and smurf attacks.

Ahh, DDoS of lots of little packets, via simple spoofing. What fun.

Re:?pps

[Homology]

It is usually high packets per second that brings a machine to its knees, as opposed to bits or bytes per second.

Indeed, in this is very you will see a very marked difference between low and high quality network cards. For instance, the common Realtek NIC offloads alot onto the CPU, and induce many interrupts. While high quality cards, like Intel gigabit, will do much prosessing on the card itself. A "ping -f" while using top can be instructive.

Re:?pps

the M and K dont need defining...

For those that don't know, M is an abreviation for the prefix "Mega" which means 10^6 (1 million). K stands for Kelvins, a unit of measurement for temperature where 0K is absolute 0.

Re:?pps

[Dispossessed]

What the AC is trying to say is that 'kilo' is supposed to be written as 'k' not 'K'.

Re:?pps

[realdpk]

I'm surprised we don't see more DoS attacks like the following:

Connect to a web server from your botnet, and send the query line by line, with ~60 seconds between each line (IE 60 seconds, then send GET, 60 seconds, send User-Agent, so on). You could run an Apache server out of processes in no time, and there'd be no easy way to block what is going on, without also blocking legit traffic.

Heh

[k4rm4_p0l7c3]

Nice throughput- so how long before MS implements it in Longhorn or XP ? :D

Re:Heh

[Shanep]

Nice throughput- so how long before MS implements it in Longhorn or XP ? :D

As long as OpenBSD and OSX get it, I'll be happy.

The BSD's look pretty lively to me (he says, sitting in his OpenBSD shirt).

Re:Heh

[rtaylor]

I know you're being funny -- but I think the answer most of us would have is "Hopefully not too long".

If those changes made it into every OS that could use the improvement, then everything networked would find things just that much better without throwing away the old hardware.

Re:Heh

[0racle]

Never? Microsoft has long since replaced the BSD TCP/IP stack with their own.

Re:Heh

[Billly+Gates]

Hmmm I wonder if they are going to port NDIS into WIndows?

Re:Heh

[tepples]

Still doesn't mean Microsoft can't borrow some of the cheats used in FreeBSD's drivers in a future version of Windows's stack or (less likely) go back to a BSD stack.

Re:pps?

[ryanmoffett]

Actually, pps (packets per second) is a quite common if not misleading statistic spewed by networking equipment vendors, and has been for years. Packets-per-second doesn't really tell you the characteristics of the packets being sent. One interpretation might be the following:
The minimum ICMP packet size with Ethernet II encapsulation is 46 bytes. The minimum TCP packet size with Ethernet II encapsulation is 54 bytes. So, 1000000pps of 46 byte ICMP is 368 megabits/sec. And, 1000000pps of 54 byte TCP is 432 megabits/sec. Both of these figures seem realistic to me.

Now, the maximum length of an Ethernet II packet, regardless of any upper layer protocols is 1514 bytes. 1000000pps of 1514 bytes is 12.1 gigabits/sec. Obviously, that packet size isn't what they were referencing.

In respect to the link speed, a 1000Mbit or a Gigabit Ethernet link is quite common these days and the above minimum packet size stats aren't out of line.

Actually, on both OS's with a larger packet size, and thus a lower amount of packets-per-second, a decent machine with 66mhz PCI Gigabit NICs can easily route 500mb/sec through the box.

Re:pps?

[Shanep]

Packets-per-second doesn't really tell you the characteristics of the packets being sent.

No it doesn't, however, being capable of sustaining 1 million packets per second, even if they are the smallest packets possible, is pretty impressive.

The packets have to each be serviced, so at around the same line bandwidth, smallest packets could be coming around 30 times more frequently than the largest packets.

Lots of small packets tend to be more taxing than much fewer large packets.

The fact that there is perhaps a 10 fold difference in performance ceiling between Linux and FreeBSD, should show that this is not a simple bandwidth limit. I would go so far as to say that bits per second can be more misleading than packets per second if used alone or in an inappropriate context.

Packets per second says a lot about the stack, bits per second says more about the interface driver.

Re:Playground r00lz for OSS Hackers?

They don't need to. Linux uses *very* dumb routing algorithms at the moment. There is a fair amount of public research on much smarter mechanisms (one of which I guess FreeBSD would have used). AFAIK, this is getting implemented on Linux as we speak.

Re:pps?

[Homology]

Packets per second says a lot about the stack, bits per second says more about the interface driver.

Packets per second says alot about the NIC as well. Use one of those cheap (cheap, like in bad quality) Realtek cards, and do a "ping -f" while watching top. See the CPU usage increase alot. Now, try some better cards, and you don't see the same.

Sounds great

This is just another proof on the superiority of the freebsd tcp-stack. I can't wait for a full benchmark between 5.3 (or 5.4, too much changes on 5.3 might not work just wounderfully right now) and the linux kernel.

Re:Sounds great

You GNU/LNUX zealots with your NIH syndrome. Nothing on earth beats OpenBSD for firewall usage, not even your piece of shit netfilter thing. When it comes to performance FreeBSD and DragonFlyBSD win hands down. But don't worry, you still get the hype.

Re:Sounds great

[torstenvl]

The BSD networking stack or some sort of clone thereof is in use on every modern operating system in the world. TCP/IP was originally made on BSD. Try opening ftp.exe on Windows in Notepad. Yep, there it is. Copyright Regents of the University of California. It's everywhere. Even the paradigm of sockets is everywhere. BSD defines networking.

Also, features lead to bloat, the opposite of "high-performance" so your argument needs further detail to be of any credibility.

Re:Sounds great

[mnmn]

I'm too itching for real benchmarks for packet receiving, routing, switching as a bridge etc between the BSDs including both FreeBSD 4 and 5.x, and Linux and the rest, including maybe cisco 2600 routers.

For some reason, I dont think cisco or Microsoft would fund such studies.

Re:Sounds great

[erik_norgaard]

This stems from their Linux envy, and their hounding desire for their operating system to be *better* than something, rather than just being satisfied with it being good in its own right.

As if it is specific to BSD to do a comparison. AFAIK linux advocates spends a lot of resources proving that linux is better, more secure, cheaper, etc. than certain comercial products.

And if certain vendors present studies that proves otherwise, these same advocates will imidiately claim that the studies were conducted to arrive at a certain conclusion.

This all stems from the Windows envy because Linux will never become as popular...

Well, I use FreeBSD - who cares about inferior systems as long as you are not using them? :-)

Re:Sounds great

[erik_norgaard]

First: The original subject actually mentions a comparison of FreeBSD vs. Linux stating:

Andre claims that FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps.

While the pure anouncement is indeed purely FreeBSD - and not OpenBSD, NetBSD, Darwin or Linux, the comparison was founded at the very top.

Second: I was offended by the part quoted from the previous post. It is nothing special to do comparisons, we all do it all the time. But some advocates are hugely annoyed when the comparison is not in their favor.

A previous post wrote "This stems from their Linux envy, and their hounding desire for their operating system to be *better* than something, rather than just being satisfied with it being good in its own right."

My "This all stems from the Windows envy because Linux will never become as popular..." is a complete analogy - just with a change of names. I wrote it in anoyance that some of these advocates appears to reserve the right to lobbyism and advocacy.

Finally, my end line: "who cares about inferior systems as long as you are not using them? :-)". First, note the smiley. Second, this can be used by anyone regardless of which system you use. You have the freedom to choose, and assuming you make the best choice for you, why do you put so much energy into whatever is irrelevant to your system? Let people choose whatever you think is inferior, the freedom to choose includes the right to make a bad choice from whichever perspective you have.

I agree with you that the thread is largely throwing mud against whoever throws mud at you. Before you mud me down :-) - note that I abstained from participating in that part of the game - my previous post was intended to throw oil on the water.

This line is off topic.

Re:Sounds great

[torstenvl]

Nothing to back them up, eh?

Fact: OpenBSD has had one, count it, one remote hole in the default install in *eight years*. See http://www.openbsd.org/

Fact: Linux is a kernel, not a complete system, so without some more community-building and standardizing and code merging to come up with a base system universal to the distributions, there's no way Linux -- as opposed to individual vendors thereof -- can ever have a secure default install of a useable system.

Fact: Many people in the industry regard OpenBSD as the most secure OS generally available. This only indirectly supports the point, but nevertheless lends credibility thereto. See http://www.onlamp.com/pub/a/bsd/2000/08/08/OpenBSD .html and http://rootprompt.org/article.php3?article=832

Re:Sounds great

[jrockway]

> What, exactly, is it about the GNU utils that make them so much better than BSD's?

getopt

Re:Sounds great

[dmiller]

Compare:

$ ls -l /bin/bash
-rwxr-xr-x 1 root root 593304 Mar 11 22:19 /bin/bash
$ ldd /bin/bash
libtermcap.so.2 => /lib/libtermcap.so.2 (0x00d86000)
libdl.so.2 => /lib/libdl.so.2 (0x00c93000)
libc.so.6 => /lib/tls/libc.so.6 (0x00b51000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00b38000)
$ file /bin/bash
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped

$ ls -l /bin/ksh
-r-xr-xr-x 3 root bin 319788 Aug 29 01:09 /bin/ksh
$ ldd /bin/ksh
/bin/ksh:
ldd: /bin/ksh: not a dynamic executable
$ file /bin/ksh
/bin/ksh: ELF 32-bit LSB executable, Intel 80386, version 1, for OpenBSD, statically linked, stripped

bash is over 80% larger, even without taking into account the libraries that it must pull in. Yes, bash has more features, but I don't miss them using ksh. The other tools are similar in their minimalism.

Re:Sounds great

[dmiller]

I suppose you mean getopt_long and not getopt (which IIRC originated in BSD). I suspect that if you use BSD for a while, you may find that you have less need to for the --long-options because the documentation is usually much better on BSD systems (and not suffed into those atrocious info files). If you value terseness or you have to write portable shell scripts, then you probably won't want to use the --long-options anyway.

Re:Sounds great

[jrockway]

I like all the features, myself, and I like the license. That's why I use GNU/Linux and not OpenBSD (although I am planning of pulling out the good features of GNU/Linux and putting them in OpenBSD because OpenBSD is just very very cool).

Re:Sounds great

[jrockway]

I guess I'm just used to the GNU utils. I tried to do a cp -a /dir /dir2 in OS X and it didn't recognize the -a option. Apparently -dpR is the same, but I didn't know that until I did an info cp on my GNU system.

As for getopt_long, it is really convenient for non-shell-script tasks. I mostly like the auto-completion. I like to be able to type:

tar --check-l --tot --blo

when i mean

tar --check-links --total --block-number

That's obviously a random example, but I still enjoy that functionality.

Re:Sounds great

[dmiller]

Is that REALLY a major issue with todays larger memory sizes?

I don't know for you, but it does matter to me.

And isn't it just a little shaddy to compare a statically liked app to a dynamic app?

You have this backwards. Staticly linked binaries would normally be expected to be *bigger* than dynamic ones. Static BSD /bin/sh is half the size of a dynamic /bin/bash.

Re:Sounds great

[SillyNickName4me]

Next time you happen to encounter a unix like system (other then Linux that is) *I suggest you try the man command.

man cp would have told you exactly what you needed to know.

Re:Sounds great

[SillyNickName4me]

> Let's see. ......
> all employ full time staff to work just on the
> Linux kernel. Apart from hundreds of other small
> companies, governments, educational institutes,
> thousands of volunteers.

Ever heard what too many cooks do to a potentially good dish?

Seems rather appropriate in case of Linux...

Re:Sounds great

[SillyNickName4me]

> Let me see... I suppose you think FreeBSD is cool and most scalable and has the best networking stack and is the fastest and most sable and second most secure (behind OpenBSD, of course) and best engineered and consistient and cool and best networking stack, and most stablest operating system evar, right?

Nope, neither do I think Linux qualifies for all those. Both systems have their merrits and disadvantages.

What I was pointing at here is that the fact that a zillion peopel are involved can be as much a disadvantage as an advantage, and as a result is a stupid argument to make.

> Nice. Linux must suck, eh?

I do commercial support on both Linux and FreeBSD, I run both for commercial and private purposes also and I maintain a small Linux distribution together with a friend (as well as maintaining my own variation on the FreeBSD distribution)

I have been using both systems since the first half of the 90s (pre 1.0 versions of linux and 2.0 beta of FreeBSD were the first versions I worked with)

I have made contributions (abeit small ones) to both systems.

I do think I have some background here. Now, what do you have to base yourself on? claims from an AC who doesn't even provide anything like an argument or background for making those claims are pretty silly.

It seems to me that when you replace FreeBSD with Linux in your post, you exactly get the opinion of zealots like you.

What I find rather hilarious is how stupid some (luckily by far not all) Linux fans respond to anything that might be remotely critical of Linux.

Re:Sounds great

[SillyNickName4me]

> No you didn't. You said (maybe indirectly) that the Linux kernel was being mucked up by having too many people working on it.

I implied that that might well be possible yes.

> What I find very hilarious is that BSD zealots who are now trying to claim that Linux must be worse because it has *more* people working on it.

Lack of direction, lack of knowing what you can count on with Linux? yes, those are issues when using and supporting it, and can directly be linked to the huge diversity of people working on it and their conflicting priorities.

More people working on it also means more resources.

What works out better is not that easy to say, and depends a lot on what you need.

I do know that for me it is approx 30% cheaper to support a FreeBSD server instead of a functionally equivalent Linux setup simply because of the lack of structure in Linux (which results directly from the diversity of people working on it)

I also know that it is easier (and as a result cheaper) for me to support a linux desktop on some random piece of hardware exactly because of the same diversity.

For the rest, if your claim about 'BSD zealots' were true, that would just make it a typical case of pot and kettle.

- Look at which slashdot section this is posted in
- Look at the original post I replied to.

What does it have to do there other then trying to do the exact same thing you are accusing 'BSD zealots' of?

At any rate, reply to this if you feel so inclined to having the last word, but unless you actually provide some kind of argument and back it up (as opposed to making assumptions which are based on very little and are factually wrong), I'll ignore your replies.

Re:Sounds great

[SillyNickName4me]

> No, you implied that that actually was the case. You said words to the effect of "too many people mess things up, that applies to linux".

I refered to a well known saying. If you have too many people working on something, that does not result in better results, more likely in worse results.

That was an answer to the implication in the parent post that more people means better results by definition.

And yes, that implies that this could well be the case for Linux.

> You are a fine person to accuse me of baseless and factually wrong claims. What lack of direction in Linux?

It is a little while ago now, but I'd suggest reading up on the VM related discussions with regards to Linux for a nice example.

I'd also suggest looking at how many Linux distributions come with their own collection of kernel patches.

The later is a direct result of too many different people/organisations with different priorities.

It is also a direct cause of it beign more expensive to support for me. The only way around that is to support one single distribution only.

> As opposed to what in FreeBSD?

A single distribution, features that are claimed to be there actually work (ACLs, large file support, complete pthread support to just name some examples)

> How can it be directly linked to the people working on it?

Again, check out for example the VM situation in 2.4

> Again, back up these claims: what lack of structure, how does it link directly to the people, how is FreeBSD different?

I clearly stated that those were my personal experience. It is what applies to my situation, yours may be different.

The lack of structure was a claim independent of my experience, but for example FreeBSD gives you a clear and easy to handle source tree, including ALL tools you need to build it and all tools that depend on it. In case of Linux, I need to go collect the kernel source, binutils, filesystem utils, correct compiler etc from different places (not even talking about 'normal' userland tools here)

In case of FreeBSD those have been tested together, and produce a predictable result. You also simply do not have to put efford into ensuring you get everything in the correct versions yourself.

For as far as the kernel itself goes, I'd for example take a peek at how support for removable media and ide cd devices etc works. The same applies for non-ethernet network devices for example.

FreeBSD uses CAM for supporting anythign that can work as if it is a scsi device, instead of needing a zilion different layers depending on what physical connection the device happens to have (scsi over ide to just point you at one specific example)

FreeBSD uses netgraph for supporting any type of networking interface, providing for a structured way of defining and supporting network interfaces without having to deal with their physical properties, whereas Linux has a slightly different layer for each type of network interface (and doesn't support somewhat relevant things like PPPoE without a 3rd party tool)

It of course may have to do with lack of design capabilities but I honestly do not believe that is the case with the core Linux developers. The only alternative explanation I can see is too many people workign on similar things independently and not integrating their work properly.

Glad to see that at least you are willing to discuss and left the name calling and assumptions out. I am quite willing to discuss as well in that case.

Re:Sounds great

[SillyNickName4me]

> That isn't lack of direction, there were problems with the page scanning code and so it was replaced with a better version. Yes it was unfortunately a stable kernel series and that wasn't good at all, but the alternative was to either fix it or always have an unstable "stable" series. That doesn't say anything about lack of direction.

> As I said, this wasn't lack of direction. I suggest you look at the fiasco that is FreeBSD 5. Their operating system is *years* late, and the lack of direction splintered its developers (yes, including resignations and a fork).

> Why would that be "too many"? You've skipped the "lack of direction" question, and made this assertion. What is the problem with having different vendors offer different sets of kernel patches.

> What was the last thing you had to do differently because two vendors offered different kernel patches? How much did it cost you?

The last time was when I had to figure out why the fuck some RH 2.4.x based kernel worked slightly differently then a Gentoo one (my normal testing environment) for a for my customer relevant situation. It costed approx 2 hours to figure out where the exact difference was between 2 kernels with identical version numbers, both compiled with identical options, but not from the exact same source (redhat patches)

Supposed purpose of a 'stable' version, provide a stable version.

Reality in the Linux kernel was implementing something that was not proven and could not be considered stable yet (the vm).

I consider that lack of direction.

I don't blame the developers for not getting it right the first time around, but I do consider having this happen in what is supposedly a stable version to be a major issue.

What happened with FreeBSD 5 happened in the development release, not in something that was supposedly stable and ready for normal use.

It gets released when it is ready as opposed to when it is convenient for marketing reasons.

There will always be issues that result in controversy and disagreement. FreeBSD keeps that out of the stable releases that peopel count on, and breaking the binary interface in stable releases is not done.

Linux has not been able to keep that out of stable releases, and has had multiple cases of breaking binary interfaces in supposedly stable versions.

As for pthread support, FreeBSD 4.x lacks kerel schedulable units and can be said to not be fully pthread compliant.

With regards to Linux and FBSD and pthread support, a nice bit of dicussion can be found at http://kerneltrap.org/node/view/422 for example.

FreeBSD 5.x is as possix threading complient as it gets while Linux suffers from some small issues regarding signalling (officially fixed when usign 2.6 and the new phtread library, but that breaks all old apps that use libpthread)

> Linux kernel is fully device hotplug capable for hardware that supports it
> Linux doesn't need "a zillion" layers. Linux uses SCSI for everything other than PATA controllers, which it uses a seperate IDE layer for. 2. FreeBSD also has an IDE layer.

Ah, tell me then how to get an ide cd/dvd burner to work without the 'ide-scsi' hack.

And yes, FreeBSD has an ide layer as well, but for any relevant devices this neatly plugs into the underside of CAM.

> No it doesn't

You obviously never saw how netgraph works, so I'll excuse you for not realizing the difference and not seeing how linux does in fact provide a zilion similar layers instead of one.

Tell me, how do you get pppoe to work without the rp-pppoe package? just saying it does, does not prove anything at all, and anything I can find on google as well as my own experience tell me I need that 3rd party package to get it to work.

Just in case you want to know, on a stock FreeBSD machine, you load the pppoe kernel module and it works. No compilation needed, no external packages needed, nothing of that all.

Again, calling yes/no makes for unfounded claims. Back them up or shutup. If you do not have anything to contribute in the BSD section other then proclaiming Linux superiority, without backing up your claims, then you are the troll here my friend.

Re:Sounds great

[SillyNickName4me]

> Yeah you're just making this up because you don't have an answer. What was this "slight difference", and why did you have to figure it out, eh? Come on, you challenge me to provide facts, you haven't provided a single one.

RH 2.4.22 kernel properly supported acpi while gentoo with a 2.4.22 kernel did not. RedHat imported patches from the 2.4.23 pre series.

> The Linux kernel has never been released for "marketing" reasons. Linus has never even worked for a company that markets Linux.

Linus releases things when he believes them ready, agreed there. That said, in both Linux and FreeBSD things come as they come, and the argument of 'too late' doesn't seem to make sense in either case. Maybe you should learn a bit about sarcasm here.

> That is 2 years old, and way before Linux 2.6 was released. It was close to the start of the Linux 2.5 development cycle.

The issues being discussed are still relevant, most importantly, signal delivery to threads.

> No that doesn't break all old apps that use libpthread. Why do you just claim that sort of FUD? FreeBSD 5 actually cannot pass the NPTL compliance test suite.

Hmm, you are right indeed that it doesn't break all of them, only those that rely on the old way of signal delivery.

> cdrecord dev=/dev/hda

Thanks, hadn't tried that for some time now, and on my 'modern' workstation it indeed works with the 'atapi' support only (it had failed on my server without the ide-scsi 'hack'). See, providing actual arguments can be informative and makes discussing worthwhile.

> Linux has one interface. It is accessable through ifconfig, ip, etc. It has a number of layers (sockets, tcp, ip, ethernet, tunnels, etc). If FreeBSD didn't have the same layers it would be useless. Tell me what you you mean by Linux having a zillion layers.

Sorry, that was bad wordign on my side. Should have said, has a zillion similar implementations of the interface.

> apt-get install pppoe

So I do have to install an external package for it. That is not goign to be very helpfull really when for example doing a network install over a dsl connection.

WIll this make it to Mac OS X?

[AIXadmin]

The more interesting thing for me is: Will these enhancements make it to Mac OS X?

As far as I am concerned, the closer Mac OS X under the hood, makes itself closer to FreeBSD the better.

Re:WIll this make it to Mac OS X?

[psyconaut]

Good question.

While Jordan still works at Apple AFAIK, my understanding is that OSX has branched significantly from FreeBSD now. So it's definitely not much of a drop-in replacement.

That said, no reason why stuff can get selectively ported...there are definitely some things in this release that I could see being nice for the Mac:

- Arbitary interface naming
- Better VLANs

-psy

Re:WIll this make it to Mac OS X?

[ArbitraryConstant]

Unlikely.

a) While MacOS X libraries are from FreeBSD, Darwin (the kernel) is Mach derived and has very little to do with the FreeBSD kernel. The same tricks might work if they were ported, but that would be more of a rewrite with the same concepts rather than a port.

b) Who in their right mind uses MacOS X for routing? Serving, fine, but actual network infrastructure? I highly doubt it.

Re:WIll this make it to Mac OS X?

[stab]

While MacOS X libraries are from FreeBSD, Darwin (the kernel) is Mach derived and has very little to do with the FreeBSD kernel.

That's not true. The FreeBSD network stack is used in Darwin with a compat layer. Look at OpenDarwin's cvsweb for an example.

Re:WIll this make it to Mac OS X?

[AIXadmin]

Actually the kernel in Mac OS X is a merge between mach and FreeBSD. The networking stack takes a ton of code from FreeBSD. I remember at WWDC 2 years ago where they were talking about how the kernel networking stack was largely derived from 4.3 and and had even taken some code from 5.0.

Not many people use Mac OS X for routing. But people do use it for VPN servers, and NAT servers on smaller networks. Even though they would do better with just buying a one-hundred dollar SOHO router.

FreeBSD and Mac are still kissing cousins.

Re:WIll this make it to Mac OS X?

[ArbitraryConstant]

Okay, well I was clearly wrong about what I said. Thanks to all the corrections (3 of them as of now.).

Still-- I don't know anyone that uses MacOS as a router that will see an Mpps.

Re:WIll this make it to Mac OS X?

[AIXadmin]

No you wont see it, if you are seeing Mpps. Go by something from Cisco. =)

Re:WIll this make it to Mac OS X?

[ArbitraryConstant]

You might need something else if you want a decent firewall... but no stateful firewall is going to give you an Mpps. There's just no way.

Re:WIll this make it to Mac OS X?

[bofkentucky]

Today yes. Tomorrow, who knows? Mr. Moore and his wacky law seem to work through problems like that, given enough time.

Re:pps?

[renehollan]

Great, now, let's see if you can actually GET a Million Packets in a Second just to the hardware, let alone to the software. Hmm.

When I worked at Chiaro, we routinely handled saturated optical GbE links as part of testing. Of course, these didn't handle bulk data traffic, just the routing protocol updates :-> for the control processor(s) for the real router, which was all optical. I forget how many hundred OC-192 (10 Gb/s) ports it could handle.

My job there involved, among writing and backporting GbE drivers for Intel NICs under FreeBSD, stress testing their STAR mechanism: this was designed to ensure if one router control processor went down, there would be no loss of functionality -- the secondary router control processor was on hot standby and knew all about the routing table state of the first one.

Re:My personal experience with FreeBSD

[hugo_pt]

your ignorance is great, pf is already ported to FreeBSD for quite some time as a kernel loadable module, and it will be integrated with 5.3-RELEASE. Have you copy-pasted a FreeBSD flaming text a year old ?

Please.

Re:Playground r00lz for OSS Hackers?

[mosel-saar-ruwer]

Linux uses *very* dumb routing algorithms at the moment. There is a fair amount of public research on much smarter mechanisms (one of which I guess FreeBSD would have used).

Thanks.

Listen - do you know of any good texts or treatises that describe these [new] mechanisms?

Re:pps?

[psyconaut]

When even my laptop has 1Gbit networking built-in, I'm not sure how you can say "faster than 100Mbit exists, but it sure isn't common".

And Mpps is a standard notation for packet forwarding....FYI.

-psy

Re:pps?

[Fweeky]

From FreeBSD /usr/src/sys/pci/if_rl.c:

* The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
* probably the worst PCI ethernet controller ever made, with the possible
* exception of the FEAST chip made by SMC. The 8139 supports bus-master
* DMA, but it has a terrible interface that nullifies any performance
* gains that bus-master DMA usually offers.

Hopefully RealTek have improved matters with their more recent offerings, especially with the new consumer level GigE chips, one of which I'm using right now...

Re:My personal experience with FreeBSD

[Homology]

your ignorance is great, pf is already ported to FreeBSD for quite some time as a kernel loadable module, and it will be integrated with 5.3-RELEASE. Have you copy-pasted a FreeBSD flaming text a year old ?
Please.

Of course the trolls just copy/paste/edit, and it's a sign of their inferior and feeble mind. Not that they have any mind at all; it's just mindless copy/paste/edit, when they manage not to bungle the "edit" too much.

Most of them don't even do a copy/paste/edit : they download a script that does all the work for them. Quite frankly, I'm not sure that they are capable to do a copy/paste/edit. This is why you never see any spark of intelligence or originality in their posting; it's the same post over and over and over and over and over again.

Damn...

[JamesTRexx]

Reading through the presentation I realised I'll be reinstalling my FreeBSD firewall again after 5 becomes officially STABLE, heh.
Yes, I always do a fresh install and not an upgrade.

Re:pps?

[XO]

Hmm. My server has 3 RT8139's in it.

Perhaps the Linux driver handles it better.. (this is a 486sx/33 that is hammered by doing routing for anywhere from 3 to 10 other computers, email services for a whole metric arseload of accounts that receive a ton of spam a day..) still pulls out around 80-95Mbps on transfers within the network, and gets me up to the max 3Mbps incoming speed for Internet usage.

I'm happy with my RT8139's :)

Re:pps?

[XO]

Wow, those packets are damn cold. Yes, they are.

Re:pps?

[crackshoe]

common? in the mac community, powermacs (and some powerbooks) have had gigabit ethernet as standard and the rise of feature rich mobos (quick - here's SATA raid, 2 channels of ATA raid, a dancing lemur, and gigabit ethernet) are making it steadily more common.

We survived a DoS on .edu network

[agent+dero]

I read some comments on "it is likely you'll be able to through Mpps at it?"

YES, it's happened to us, here on our university boxen, somebody got r00ted, and _crackers_ got in through some backdoors on a LOT of machines, then started DoS'ing my department, we have a small P-II 5.2.1 box tossing packets like nobody's business.

When the college network runs mostly Gigabit, Mpps is a plausible measure of connectivity.

Re:It's amazing...

[torstenvl]

Uh. This is not a Troll. This is anti-troll, via being facetious.

assert(mod == stupid);

That's exactly the point

[Santana]

You've got it. Unlike what is perceived from Linux (all software must be free), BSD is about making all software better. That's the benefit of the BSD license that many people (usually GPL fans) don't understand.

Re:That's exactly the point

Sometimes I'm amazed by Linux developers humbling asking to use my software. "Go right ahead," I tell them, "That's why I put it under the BSD license!" But they still don't get it. While I appreciate the asking, it still find it strange that I get an email about once a quarter asking me to release my BSD licensed work under the GPL so it can be used in GPL projects.

I guess it's hard for users of a "members only" license to grok the concept of "free for everyone".

Re:That's exactly the point

[Trepalium]

Part of it is etiquette, and the other part is some BSD license fanatics who insist their software can not be relicensed under the GPL. By asking, even if you can fairly safely assume the answer is yes, you avoid nasty situations like that. Most of the people who support the BSD license are reasonable just like most of the people who support the GPL license are reasonable. It's the extremists that are a bit of a problem.

Re:That's exactly the point

[ArbitraryConstant]

Any of the newer BSD licenses is GPL compatible, so you can relicense it to the GPL as you please, no permission necessary. This is the same as a company "stealing" the code and selling it in a commerical product.

GPLing BSD code doesn't really "protect" it though. You can't strip the copyright notice off, so anyone that wants to use it can find out where it came from and grab the original to use however they like. It protects any changes made to the GPLed version, but those changes can't be released into the BSD licensed original either.

Re:That's exactly the point

[Brandybuck]

Actually you CANNOT relicense BSD code under the GPL. I don't think you understand what "relicense" means. It means to remove the BSD license from the code completely. No Open Source license allows relicensing.

What you can do, however, is to redistribute BSD licensed code under the GPL. You can also license your own derivative works under the GPL. But you certainly may not take BSD licensed code and file off the license.

Re:That's exactly the point

[Tony-A]

It protects any changes made to the GPLed version, but those changes can't be released into the BSD licensed original either.

Part of the reason for the etiquette is to arrange things so that if the changes are worthwhile they will be released into the BSD licensed original. Being easy to fork does not mean that it's desirable to fork. Whatever is desirable in a fork stands a much higher chance of survival if it is incorporated into the main line that if it orphans itself. If the main-line is BSD licensed, a GPL-only fork is unsupportable if the changes are minor.

Re:pps?

[noselasd]

you have a 33 MHz box that pulls 90Mbps of traffic ? I'm impressed ....

Re:pps?

[Fweeky]

I dunno; the only reference I can find comparing them is this, where the FreeBSD driver is said to be using a faster technique. What's your system load when network's saturated?

My machines all have NetGear FA311's, which seem to hasis0: Applying short cable fix (reg=5)ve a few of their own problems, but at least they don't have pages of pained commentary in their drivers on how awful the developers think the hardware is ;)

Yes, this will make it to Mac OS X

The networking functionality of Mac OS X is in fact derived from BSD, FreeBSD in particular. There is actually a fair bit of FreeBSD kernel stuff in the Mac OS X kernel, and you can see this in the Darwin source code:

http://gobsd.com/code/darwin/
http://gobsd.com/code/darwin/xnu/bsd/
http://gobsd.com/code/darwin/xnu/bsd/net/

About FreeBSD and Mac OS X

Sadly it seems that people here are very ignorant about the connection between FreeBSD, and Mac OS X, especially where the Mac OS X kernel is concerned. There are a few people here that are claiming that there is not FreeBSD code in the Darwin kernel, only in the Mac OS X command line apps, and this is blatantly untrue.

In order to better see just how much FreeBSD code there is in the Darwin/Mac OS X kernel, and how relevant this work in FreeBSD will be to Mac OS X, please read the following links:

http://www.kernelthread.com/mac/osx/
http://gobsd.com/code/darwin/xnu/
http://www.apple.com/ca/macosx/features/darwin/
http://developer.apple.com/darwin/

Seriously, with so much documentation available, it's unacceptable for supposedly technical people involved with BSD to not know just how important BSD code is to the kernel of a very nice, and hardly secret or obscure operating system like Mac OS X.

The world's best firewall is *not* OpenBSD

While I am mostly in agreement with you about Linux being crap compared to OpenBSD security wise, your statement regarding nothing beating OpenBSD as a firewall is pure bunk.

The Sidewinder G2 firewall implemented on top of "Secure OS" (a BSDi derived OS developed by the people who co developed the technology used by the NSA's "Security Enhanced Linux" has not yet been compromised, and has recently achieved full EAL4+Common Criteria (CC) certification. It is unlikely that OpenBSD will ever do that.

Had I the money, I would use nothing else myself, as Secure OS is *Hard Core* Military grade security built into a BSD OS.

http://www.securecomputing.com/news_display.cfm?ni d=466&lang=en

Read. Learn. Grow.

Re: torstenvl (769732) (#10158823)

[torstenvl]

Please refrain from personal attacks.

I realized that my wording was off as soon as I hit Submit, but I decided not to post a reply to it as most intelligent people would be able to figure out what I meant.

The BSD license _never_ required "attribution" except to the original copyright holders. There is no requirement beyond that, and never has been. For some reason I thought there had been, and I forgot to change the paragraph text after reading the license and realizing my mistake. I'm sure you've made editing mistakes as well.

As far as being a troll, I most certainly am not. A troll spouts off at the mouth trying to get emotional responses. A troll does not lay out organized lists of specific opinions and a troll does not then back up those opinions with sources. Please see http://en.wikipedia.org/wiki/Internet_troll, specifically "Many posts may inadvertently cause strife as collateral damage, but they are not trolls."

Certain Slashdot moderators would do well to read this as well.

Re:pps?

[SirDrinksAlot]

It's not a question of actually doing 1 million packets per second, it's the efficiency that gives it the POTENTIAL to do 1 million packets per second that's important. This gives everything else that much more time to do what they need so the same hardware can do MORE work.

Re: torstenvl (769732) (#10158823)

[torstenvl]

I said it is not required *except* to the original copyright holders. If I make change X to program Y, and submit that change back to the owners of program Y, they are not required by the license under which they put program Y to give attribution in the source or documentation of program Y to me for change X. They are not required to do so. Period. You see, the thing with the BSD license is that it isn't "viral" like the GPL. It applies to the original and not to derivative works. If I want attribution like that I have to separately license my changes back to the original authors, which, depending on the size of my modifications, could be either wise or very petty. Kind of like you're being. Petty, I mean.

Re:Just wondering...

[CoolVibe]

Read Hsu's license. It's a 4 clause BSD license, which _REQUIRES_ attribution, since it has that advertisement clause added back in. It's just different from the usual BSD license. If you would have bothered to read DragonFly's source of the TCP stack, you would have known.

Oh, you were wondering where you could read the source? Well, DragonFly's cvsweb has a nice interface for it. You can also compare codebases at lxr.watson.org.

Also, DFBSD has diverged from FreeBSD 4 a great deal already. The userland might be mostly the same, but kernelwise it's all different. The developers put a lot of time and effort in it. The fact that you don't see the difference means that they are doing their work correctly. So to say that it is *entirely* based off of it is completely false. It also has bits from NetBSD and OpenBSD.

For the record, I don't give a hoot if they take code from DragonFly. The guys working on DF should be credited for their work, that's all.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Playground r00lz for OSS Hackers?

Because FreeBSD has a grown-up license [i.e. a license written by grown-ups, as opposed to a license written by Peter Pan Syndrome utopian-fantasist fifty-year-old teenagers],

Wow.

Whos' bitter now?

Re: torstenvl (769732) (#10158823)

It might not be required but it is at the very least part of proper social interaction. You don't just "steal" bits from somewhere else and include it in your own *BSD project.
Now concerning the case of the DragonFly network stack, Hsu's chooses to use a time-limited advertisement clause for his code. That's his very own right to do. IIRC the reason was exactly the goingons with certain FreeBSD commiters not willing to correctly attribute his and others changes.

Re:Just wondering...

Face it: DFBSD has not got anything to propose to FreeBSD save Dillon's marketing speeches on various mailing lists and its influence on FreeBSD was abysmal. Hsu's license is _incompatible_ with FreeBSDs goals and thus his code has not been taken verbatim.Of course, some ideas have been borrowed and improved upon. This is no different from the constant stream of improvements DFBSD folks appropriate from FreeBSD5, often with no attribution at all. Frankly, I hardly see any useful stuff in Hsu's code worth facing his assholic personality. If anything, it is DFBSD folks who should be jealous. Hsu has left FreeBSD and _nothing_ has happened. Project continued just fine, in fact, making more progress every day now that this particular obstacle has kindly removed itself.

Re:pps?

[Cochonou]

You've got PCI slots in that 486SX/33 ? That is not that common.

Re:1Mpps?

[zdzichu]

Yes, Opterons are sweeter when it comes to routing. Here's excerpt from commentary on Linux netdev:

We can certainly do better than that on Opterons. Robert
reports a 1.3 Mpps rate on a dual opteron 1.6Ghz. Our numbers on Xeons
are less than 1Mpps.

Re:1Mpps?

[Brandybuck]

But is still is impressive on a 2.8 Xeon, which is what the blurb stated.

Re:Just wondering...

/*
* Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
*
* License terms: all terms for the DragonFly license above plus the following:
*
* 4. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
*
* This product includes software developed by Jeffrey M. Hsu
* for the DragonFly Project.
*
* This requirement may be waived with permission from Jeffrey Hsu.
* This requirement will sunset and may be removed on July 8 2005,
* after which the standard DragonFly license (as shown above) will
* apply.
*/

http://www.dragonflybsd.org/cgi-bin/cvsweb.cgi/s rc /sys/sys/socketops.h?rev=1.5&content-type=text/x-c vsweb-markup
http://www.google.com/search?q=commi ts+hsu&btnG=Go ogle+Search&domains=leaf.dragonflybsd.org&sitesear ch=leaf.dragonflybsd.org
http://leaf.dragonflybsd .org/mailarchive/kernel/20 04-07/msg00121.html

This took a total of 2 minutes to find.

Why not use google next time before looking like a flaming linux jackass?

Re:Just wondering...

[CoolVibe]

This is no different from the constant stream of improvements DFBSD folks appropriate from FreeBSD5, often with no attribution at all.

Please point out an example where DFBSD doesn't attribute correctly. I think you won't find any. (and if you do, please mail the kernel-list, since the dfbsd crew is very strict about that)

Read the rest of the comments

[Effugas]

* It's impossible given this rotten design to really achieve decent
* performance at 100Mbps, unless you happen to have a 400Mhz PII or
* some equally overmuscled CPU to drive it.

That being said, wow, that's a truly awful design.

--Dan

Slashdot inspires OS features!

[ziegast]

Seen in Slide 21 in the PDF file....

• Compressed TIME_WAIT2 State
  
  TCP connections in TIME_WAIT2 state (connection closed) waiting for the 2MSL timeout maintain only a minimal set of necessary information instead of a full blown TCP control block. This saves about 80% memory per connection in that state. Especially for HTTP servers this give a far better kernel memory resource usage and a higher number of concurrent connections that can be served within a short time frame ("Slashdot effect").
  
  

... so now your old Pentium Pro 200MHz machine sitting in the garage can keep up with a slashdotting.

ob. Life of Brian quote

[BenjyD]

Brian: Friends, we must unite to fight the common enemy!
Everyone: The People's Front of Judea!? Where!

For god's sake, they're both Unix-like operating systems. There's not a huge difference between them for most purposes, I don't think anyone who's not a complete fanbot would say either is objectively better than the other for all purposes.

NDIS in XP!

[cryogenic]

What'd really be funny is if MS replaced their own NDIS guts with the BSD implementation, since (*big assumption*) MS created NDIS for themselves.

Re:It's amazing...

[SillyNickName4me]

I can read that many ways.. yeah, also as a troll, but 'funny' was really the first thing that came to mind, not troll.. and it is factual.

I'd really appreciate it if my fellow BSD users would get a bit more of a sense of humor etc...

Re:Just wondering...

[SillyNickName4me]

Which is too bad. the similar clause in the BSD license was removed for good reasons, and without wanting to give any judgement as to the quality of Hsu's work, he obviously did not get the clue there.

Re:Playground r00lz for OSS Hackers?

[Too+Much+Noise]

Anyway, I was wondering about the rules on this playground: How would you pull a stunt like that without losing face?

Contrary to the impression left by all the Linux/BSD/GNU etc. zealots, releasing the code under a BSD or GPL license means there is no real OS war going on between say Linux (with or without GNU) and *BSD. The BSD license for the network stack pretty much says "here's our code - feel free to use it, find mistakes, improve on it, etc." If other operating systems (open or not) decide to ad[ao]pt it, this would be a recognition of its quality. There's no losing face in paying a compliment to someone for good code. Of course, if one has a better idea/technology/etc. for doing the same job, one does one's own implementation.

However, childish types will only see a 'my OS is bigger than your OS' face for this.

Re:pps?

[Fweeky]

Filesharing at 1000Mbps > filesharing at 100Mbps.

Not that I'd know, not having a GigE switch, or indeed any other GigE devices, but since it comes bundled on most new motherboards I can at least look forward to my HD's no longer outpacing my LAN many times over next time I upgrade my server.

Re:It's amazing...

[Shanep]

I'd really appreciate it if my fellow BSD users would get a bit more of a sense of humor etc...

Me too. I am responsible for the first post. I meant it as a jab to the trolls who keep posting the BSD is dead crap. They just keep on posting, while FreeBSD, OpenBSD, NetBSD and Mac OSX just keep taking huge strides forward.

I posted as AC because I did not want to submit my login details from where I was at the time.

That's exactly what "relicense" means

[tepples]

No Open Source license allows relicensing. What you can do, however, is to redistribute BSD licensed code under the GPL. You can also license your own derivative works under the GPL.

Not everybody always uses the most precise language in informal contexts such as Slashdot. In colloquial discussion of free software, to "relicense" a work means to distribute a derivative work under a different license, often from permissive to GPL or the like.