About FreeBSD's Technological Advances

FreeBSD offers many advanced features.

No matter what the application, you want your system's resources performing at their full potential. FreeBSD's advanced features enable you to do just that.

FreeBSD's distinguished roots derive from the latest BSD software releases from the Computer Systems Research Group at the University of California, Berkeley. The book The Design and Implementation of 4.4BSD Operating System , written by the 4.4BSD system architects, thus describes much of FreeBSD's core functionality in detail.

Drawing on the skills and experience of a diverse and world-wide group of volunteer developers, the FreeBSD Project has worked to extend the feature set of the 4.4BSD operating system in many ways, striving constantly to make each new release of the OS more stable, faster and containing new functionality driven by user requests.

FreeBSD's developers attacked some of the more difficult problems in operating systems design to give you these advanced features:

• A merged virtual memory and filesystem buffer cache continuously tunes the amount of memory used for programs and the disk cache. As a result, programs receive both excellent memory management and high performance disk access, and the system administrator is freed from the task of tuning cache sizes.
• Compatibility modules enable programs for other operating systems to run on FreeBSD, including programs for Linux, SCO UNIX, and System V Release 4.
• Soft Updates allows improved filesystem performance without sacrificing safety and reliability. It analyzes meta-data filesystem operations to avoid having to perform all of those operations synchronously. Instead, it maintains internal state about pending meta-data operations and uses this information to cache meta-data, rewrite meta-data operations to combine subsequent operations on the same files, and reorder meta-data operations so that they may be processed more efficiently. Features such as background filesystem checking and file system snapshots are built on the consistency and performance foundations of soft updates.
• File system snapshots , permitting administrators to take atomic file system snapshots for backup purposes using the free space in the file system, as well as facilitating background fsck , which allows the system to reach multiuser mode without waiting on file system cleanup operations following power outages.
• Support for IP Security (IPsec) allows improved security in networks, and support for the next-generation Internet Protocol, IPv6. The FreeBSD IPsec implementation includes support for a broad range of accelerated crypto hardware .
• Out of the box support for IPv6 via the KAME IPv6 stack allows FreeBSD to be seamlessly integrated into next generation networking environments. FreeBSD even ships with many applications extended to support IPv6!
• Multi-threaded SMP architecture capable of executing the kernel in parallel on multiple processors, and with kernel preemption , allowing high priority kernel tasks to preempt other kernel activity, reducing latency. This includes a multi-threaded network stack and a multi-threaded virtual memory subsystem . With FreeBSD 6.x, support for a fully parallel VFS allows the UFS file system to run on multiple processors simultaneously, permitting load sharing of CPU-intensive I/O optimization.
• M:N application threading via pthreads permitting threads to execute on multiple CPUs in a scaleable manner, mapping many user threads onto a small number of Kernel Schedulable Entities . By adopting the Scheduler Activation model, the threading approach can be adapted to the specific requirements of a broad range of applications.
• Netgraph pluggable network stack allows developers to dynamically and easily extend the network stack through clean layered network abstractions. Netgraph nodes can implement a broad range of new network services, including encapsulation, tunneling, encryption, and performance adaptation. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs.
• TrustedBSD MAC Framework extensible kernel security , which allows developers to customize the operating system security model for specific environments, from creating hardening policies to deploying mandatory labeled confidentiality of integrity policies. Sample seucrity policies include Multi-Level Security (MLS) , and Biba Integrity Protection . Third party modules include SEBSD , a FLASK-based implementation of Type Enforcement .
• GEOM pluggable storage layer , which permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. GEOM provides a consistent and coherent model for discovering and layering storage services, making it possible to layer services such as RAID and volume management easily.
• FreeBSD's GEOM-Based Disk Encryption (GBDE) , provides strong cryptographic protection using the GEOM Framework, and can protect file systems, swap devices, and other use of storage media.
• Kernel Queues allow programs to respond more efficiently to a variety of asynchronous events including file and socket IO, improving application and system performance.
• Accept Filters allow connection-intensive applications, such as web servers, to cleanly push part of their functionality into the operating system kernel, improving performance.

The FreeBSD developers are as concerned about security as they are about performance and stability. FreeBSD includes kernel support for stateful IP firewalling , as well as other services, such as IP proxy gateways , access control lists , mandatory access control , jail-based virtual hosting , and cryptographically protected storage . These features can be used to support highly secure hosting of mutually untrusting customers or consumers, the strong partitioning of network segments, and the construction of secure pipelines for information scrubbing and information flow control.

FreeBSD also includes support for encryption software, secure shells, Kerberos authentication, "virtual servers" created using jails, chroot-ing services to restrict application access to the file system, Secure RPC facilities, and access lists for services that support TCP wrappers.