1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
"http://www.FreeBSD.org/XML/share/xml/xhtml10-freebsd.dtd" [
<!ENTITY title "About &os;'s Technological Advances">
]>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>&title;</title>
<cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
</head>
<body class="navinclude.about">
<h1>&os; offers many unique features.</h1>
<p>No matter what the application, an operating system should take
advantage of every resource available. &os;'s focus on
performance, networking, and storage combines with ease of system
administration and comprehensive documentation to realize the full
potential of any computer.</p>
<h2>A complete operating system based on 4.4BSD.</h2>
<p>&os;'s distinguished roots derive from the <b>BSD</b>
software releases from the Computer Systems Research Group at
the University of California, Berkeley. Over twenty years of
work have been put into enhancing &os;, adding
industry-leading scalability, network performance, management
tools, file systems, and security features. As a result,
&os; may be found across the Internet, in the operating system
of core router products, running root name servers, hosting
major web sites, and as the foundation for widely used desktop
operating systems. This is only possible because of the
diverse and worldwide membership of the
volunteer &os; Project.</p>
<p><b>&os; 10.X</b> introduces many new features
and replaces many legacy tools with updated versions.</p>
<ul>
<li><b>bhyve</b>:
A new BSD licensed, legacy-free hypervisor has been imported
to the &os; base system. It is currently able to run all
supported versions of &os;, and with the help of the
grub-bhyve port, OpenBSD and Linux.</li>
<li><b>KMS And New drm2 Video Drivers</b>:
The new drm2 driver provides support for AMD GPUs up to the
Radeon HD 6000 series and provides partial support for
the Radeon HD 7000 family. &os; now also supports
Kernel Mode Setting for AMD and Intel GPUs.</li>
<li><b>Capsicum Enabled By Default</b>:
Capsicum has been enabled in the kernel by default, allowing
sandboxing of several programs that work within the
"capabilities mode", such as:
<ul>
<li>tcpdump</li>
<li>dhclient</li>
<li>hast</li>
<li>rwhod</li>
<li>kdump</li>
</ul>
</li>
<li><b>New Binary Packaging System</b>:
&os; now uses pkg, a vastly improved package management
system that supports multiple repositories, signed packages,
and safe upgrades. The improved system is combined with
more frequent official package builds for all supported
platforms and a new stable branch of the ports tree for
better long term support.</li>
<li><b>Unmapped I/O</b>:
The newly implemented concept of unmapped VMIO buffers
eliminates the need to perform costly TLB shootdowns for
buffer creation and reuse, reducing system CPU time by up to
25-30% on large SMP machines under heavy I/O load.</li>
</ul>
<p><b>&os; 9.X</b> brought many new features
and performance enhancements with a special focus on desktop
support and security.</p>
<ul>
<li><b>OpenZFS</b>:
&os; 9.2 includes OpenZFS v5000 (Feature Flags), including
the feature flags:
<ul>
<li>async_destroy</li>
<li>empty_bpobj</li>
<li>lz4_compress</li>
</ul>
which allow ZFS destroy operations to happen in the
background, make snapshots consume less disk space, and
offers a better compression algorithm for compressed
datasets.</li>
<li><b>Capsicum Capability Mode</b>:
Capsicum is a set of features for sandboxing support, using
a capability model in which the capabilities are file
descriptors. Two new kernel options CAPABILITIES and
CAPABILITY_MODE have been added to the GENERIC kernel.</li>
<li><b>Hhook</b>: (Helper Hook) and khelp(9) (Kernel Helpers)
KPIs have been implemented. These are a superset of the
pfil(9) framework for more general use in the kernel. The
hhook(9) KPI provides a way for kernel subsystems to export
hook points that khelp(9) modules can hook to provide
enhanced or new functionality to the kernel. The khelp(9)
KPI provides a framework for managing khelp(9) modules,
which indirectly use the hhook(9) KPI to register their hook
functions with hook points of interest within the kernel.
Together, they allow a structured way to dynamically extend the
kernel at runtime in an ABI-preserving manner.</li>
<li><b>Accounting API</b> has been implemented. It can keep
per-process, per-jail, and per-login class resource
accounting information. Note that this is neither built nor
installed by default. To build and install this, specify
the option RACCT in the kernel configuration file and rebuild
the base system as described in the &os; Handbook.</li>
<li><b>Resource-limiting API</b> has been implemented.
It works in conjunction with the RACCT resource accounting
implementation and takes user-configurable actions based on
the set of rules it maintains and the current resource
usage. The rctl(8) utility has been added to manage the
rules in userland. Note that this is neither built nor
installed by default.</li>
<li><b>USB</b> subsystem now supports USB packet filter.
This allows capturing packets which go through each USB
host. The architecture of the packet filter is similar to that of
bpf. The userland program usbdump(8) has been
added.</li>
<li><b>Infiniband support</b>: OFED (OpenFabrics Enterprise
Distribution) version 1.5.3 has been imported into the
base system.</li>
<li><b>TCP/IP network</b> stack now supports the mod_cc(9)
pluggable congestion control framework. This allows TCP
congestion control algorithms to be implemented as
dynamically loadable kernel modules. Many kernel
modules are available: cc_chd(4) for the CAIA-Hamilton-Delay
algorithm, cc_cubic(4) for the CUBIC algorithm, cc_hd(4)
for the Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP
algorithm, cc_newreno(4) for the NewReno algorithm, and
cc_vegas(4) for the Vegas algorithm. The default algorithm
can be set by a new sysctl(8) variable
net.inet.tcp.cc.algorithm.</li>
<li><b>SU+J</b>: &os;'s Fast File System now supports soft
updates with journaling. It introduces an intent log into
a softupdates-enabled file system which eliminates the need
for background fsck(8) even on unclean shutdowns.</li>
</ul>
<p>&os; includes a number of other great features:</p>
<ul>
<li><b>Firewalls:</b>
The base system includes IPFW and IPFilter, as well as a
modified version of the popular pf with improved SMP
performance. IPFW also includes the dummynet feature,
allowing network administrators to simulate adverse network
conditions, including latency, jitter, packet loss and
limited bandwidth.</li>
<li><b>Jails</b>
are a light-weight alternative to virtualization.
Allowing processes to be restricted to a namespace with
access only to the file systems and network addresses
assigned to that namespace. Jails are also Hierarchical,
allowing jails-within-jails.</li>
<li><b>Linux emulation</b>
provides a system call translation layer that allows
unmodified Linux binaries to be run on &os; systems.</li>
<li><b>DTrace</b>
provides a comprehensive framework for tracing and
troubleshooting kernel and application performance issues
while under live load.</li>
<li><b>The Ports Collection</b> is a set of more than 23,000 third
party applications that can be easily installed and run on
&os;. The ports architecture also allows for easy
customization of the compile time options of many of the
applications.</li>
<li><b>Network Virtualization:</b> A container ("vimage") has
been implemented, extending the &os; kernel to maintain
multiple independent instances of networking state. Vimage facilities can be used independently to create fully
virtualized network topologies, and jail(8) can directly
take advantage of a fully virtualized network stack.</li>
</ul>
</body>
</html>
|
