There be Dragons, BSD Dragons! | BSD Now 119

There be Dragons, BSD Dragons! | BSD Now 119

This week on BSDNow – It’s getting close to christmas and the presents seem to be dropping early! We have a new DragonflyBSD release, loads of news, and an exciting interview with NetBSD developer Paul Goyette coming your way right now!

Thanks to:




Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –


n2k15 hackathon reports

  • tedu@ worked on rebound, malloc hardening, removing legacy code
  • “I don’t usually get too involved with the network stack, but sometimes you find yourself at a network hackathon and have to go with the flow. With many developers working in the same area, it can be hard to find an appropriate project, but fortunately there are a few dusty corners in networking land that can be swept up without too much disturbance to others.”
  • “IPv6 is the future of networking. IPv6 has also been the future of networking for 20 years. As a result, a number of features have been proposed, implemented, then obsoleted, but the corresponding code never quite gets deleted. The IPsec stack has followed a somewhat similar trajectory”
  • “I read through various networking headers in search of features that would normally be exposed to userland, but were instead guarded by ifdef _KERNEL. This identified a number of options for setsockopt() that had been officially retired from the API, but the kernel code retained to provide ABI compatibility during a transition period. That transition occurred more than a decade ago. Binary programs from that era no longer run for many other reasons, and so we can delete support. It’s only a small improvement, but it gradually reduces the amount of code that needs to be reviewed when making larger more important changes”
  • Ifconfig txpower got similar treatment, as no modern WiFi driver supports it
  • Support for Ethernet Trailers, RFC 893, enabled zero copy networking on a VAX with 512 byte hardware pages, the feature was removed even before OpenBSD was founded, but the ifconfig option was still in place
  • Alexandr Nedvedicky (sashan@) worked on MP-Safe PF
  • “I’d like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let’s switch to PF hacking.”
  • “mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It’s called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pf_test() function. The pf_test() function parts will be gradually unlocked as the work will progress.
  • To make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pf_test(). The pf_test() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ip_send() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pf_route() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked.
    There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step.”

[ACM Queue: Challenges of Memory Management on Modern NUMA System

+ “Modern server-class systems are typically built as several multicore chips put together in a single system. Each chip has a local DRAM (dynamic random-access memory) module; together they are referred to as a node. Nodes are connected via a high-speed interconnect, and the system is fully coherent. This means that, transparently to the programmer, a core can issue requests to its node’s local memory as well as to the memories of other nodes. The key distinction is that remote requests will take longer, because they are subject to longer wire delays and may have to jump several hops as they traverse the interconnect. The latency of memory-access times is hence non-uniform, because it depends on where the request originates and where it is destined to go. Such systems are referred to as NUMA (non-uniform memory access).”
+ So, depending what core a program is running on, it will have different throughput and latency to specific banks of memory. Therefore, it is usually optimal to try to allocate memory from the bank of ram connected to the CPU that the program is running on, and to keep that program running on that same CPU, rather than moving it around
+ There are a number of different NUMA strategies, including:
+ Fixed, memory is always allocated from a specific bank of memory
+ First Touch, which means that memory is allocated from the bank connected to the CPU that the application is running on when it requests the memory, which can increase performance if the application remains on that same CPU, and the load is balanced optimally
+ Round Robin or Interleave, where memory is allocated evenly, each allocation coming from the next bank of memory so that all banks are used. This method can provide more uniform performance, because it ensures that all memory accesses have the same change to be local vs remote. If even performance is required, this method can be better than something more focused on locality, but that might fail and result in remote access
+ AutoNUMA, A kernel task routinely iterates through the allocated memory of each process and tallies the number of memory pages on each node for that process. It also clears the present bit on the pages, which will force the CPU to stop and enter the page-fault handler when the page is next accessed. In the page-fault handler it records which node and thread is trying to access the page before setting the present bit and allowing execution to continue. Pages that are accessed from remote nodes are put into a queue to be migrated to that node. After a page has already been migrated once, though, future migrations require two recorded accesses from a remote node, which is designed to prevent excessive migrations (known as page bouncing).
+ The paper also introduces a new strategy:
+ Carrefour is a memory-placement algorithm for NUMA systems that focuses on traffic management: placing memory so as to minimize congestion on interconnect links or memory controllers. Trying to strike a balance between locality, and ensuring that the interconnect between a specific pair of CPUs does not become congested, which can make remote accesses even slower
+ Carrefour uses three primary techniques:
+ Memory collocation, Moving memory to a different node so that accesses will likely be local.
+ Replication, Copying memory to several nodes so that threads from each node can access it locally (useful for read-only and read-mostly data).
+ Interleaving, Moving memory such that it is distributed evenly among all nodes.
+ FreeBSD is slowly gaining NUMA capabilities, and currently supports: fixed, round-robin, first-touch. Additionally, it also supports fixed-rr, and first-touch-rr, where if the memory allocation fails, because the fixed domain or first-touch domain is full, it falls back to round-robin.
+ For more information, see numa(4) and numa_setaffinity(2) on 11-CURRENT

Is that Linux? No it is PC-BSD

  • Larry Cafiero continues to make some news about his switch to PC-BSD from Linux. This time in an blog post titled “Is that Linux? No, its PC-BSD” he describes an experience out and about where he was asked what is running on his laptop, and was unable for the first time in 9 years to answer, it’s Linux.
  • The blog then goes on to mention his experience up to now running PC-BSD, how the learning curve was fairly easy coming from a Linux background.
  • He mentions that he has noticed an uptick in performance on the system, no specific benchmarks but this “Linux was fast enough on this machine. But in street racing parlance, with PC-BSD I’m burning rubber in all four gears.”
  • The only major nits he mentions is having trouble getting a font to switch in FireFox, and not knowing how to enable GRUB quiet mode. (I’ll have to add a knob back for that)

Dual booting OS X and OpenBSD with full disk encryption

  • New GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs
  • This tutorial walks the read through the steps of installing OpenBSD side-by-side with Mac OS X
  • First the HFS+ partition is shrunk to make room for a new OpenBSD partition
  • Then the OpenBSD installer is run, and the available free space is setup as an encrypted softraid
  • The OpenBSD installer will add itself to the EFI partition
  • Rename the boot loader installed by OpenBSD and replace it with rEFInd, so you will get a boot menu allowing you to select between OpenBSD and OS X

Interview – Paul Goyette –

NetBSD Testing and Modularity


News Roundup

HOWTO: L2TP/IPSec with OpenBSD

  • *BSD contributor Sevan Janiyan provides an update on setting up a road-warrior VPN
  • This first article walks through setting up the OpenBSD server side, and followup articles will cover configuring various client systems to connect to it
  • The previous tutorial on this configuration is from 2012, and things have improved greatly since then, and is much easier to set up now
  • The tutorial includes PF rules, npppd configuration, and how to enable isakmpd and ipsec
  • L2TP/IPSec is chosen because most operating systems, including Windows, OS X, iOS, and Android, include a native L2TP client, rather than requiring some additional software to be installed

DragonFly 4.4 Released

  • DragonFly BSD has made its 4.4 release official this week!
  • A lot of big changes, but some of the highlights
    • Radeon / i915 DRM support for up to Linux Kernel 3.18
    • Proper collation support for named locales, shared back to FreeBSD 11-CURRENT
    • Regex Support using TRE “As a consequence of the locale upgrades, the original regex library had to be forced into POSIX (single-byte) mode always. The support for multi-byte characters just wasn’t there. ” …. “TRE is faster, more capable, and supports multibyte characters, so it’s a nice addition to this release.”
    • Other noteworthy, iwm(4) driver, CPU power-saving improvements, import ipfw from FreeBSD (named ipfw3)
  • An interesting tidbit is switching to the Gold linker (

Guide to install Ajenti on Nginx with SSL on FreeBSD 10.2

  • Looking for a webmin-like interface to control your FreeBSD box? Enter Ajenti, and today we have a walkthrough posted on how to get it setup on a FreeBSD 10.2 system.
  • The walkthrough is mostly straightforward, you’ll need a FreeBSD box with root, and will need to install several packages / ports initially.
  • Because there is no native package (yet), it guides you through using python’s PIP installer to fetch and get Ajenti running.
  • The author links to some pre-built rc.d scripts and other helpful config files on GitHub, which will further assist in the process of making it run on FreeBSD.
  • Ajenti by itself may not be the best to serve publically, so it also provides instructions on how to protect the connection by serving it through nginx / SSL, a must-have if you plan on using this over unsecure networks.

BSDCan 2016 CFP is up!

  • BSDCan is the biggest North American BSD conference, and my personal favourite
  • The call for papers is now out, and I would like to see more first-time submitters this year
  • If you do anything interesting with or on a BSD, please write a proposal
  • Are the machines you run BSD on bigger or smaller than what most people have? Tell us about it
  • Are you running a big farm that does something interesting?
  • Is your university research using BSD?
  • Do you have an idea for a great new subsystem or utility?
  • Have you suffered through some horrible ordeal? Make sure the rest of us know the best way out when it happens to us.
  • Did you build a radar that runs NetBSD? A telescope controlled by FreeBSD?
  • Have you run an ISP at the north pole using Jails?
  • Do you run a usergroup and have tips to share?
  • Have you combined the features and tools of a BSD in a new and interesting way?
  • Don’t have a talk to give? Teach a tutorial!
  • The conference will arrange your air travel and hotel, and you’ll get to spend a few great days with the best community on earth
  • Michael W. Lucas’s post about the 2015 proposals and rejections

Beastie Bits


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to

Question? Comments? Contact us here!