Страница 1 из 7

FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 1:20:10
ProFTP
уже типо вышел, но еще не опубликовали, после 31 августа опубликуют

http://wiki.freebsd.org/8.0TODO



======
======

Официально вышел релиз FreeBSD 8.0. Обзор новшеств

Спустя почти два года с момента выхода версии 7.0 официально анонсирован выход релиза FreeBSD 8.0. Релиз поддерживает архитектуры amd64, i386, ia64, pc98, powerpc и sparc64. Для установки подготовлены 5 установочных сборок: bootonly, CD, DVD, LiveFS и Memstick для USB Flash.



Ключевые новшества FreeBSD 8.0:


  • Реализация технологии виртуализации сетевого стека vimage, которая позволяет обеспечить поддержку на одной машине нескольких полностью виртуальных, изолированных сетевых стеков. Система значительно расширяет сетевую функциональность подсистемы jail. Так, например, появится возможность иметь для каждого jail индивидуальные настройки PF, ipfw, dummynet правил, net.inet sysctl переменных ядра, маршрутизации, IPSec и обеспечить возможность их автономного администрирования;

    C целью поддержки параллельного многопоточного режима переработан фреймворк NETISR, представляющий собой реализованный в ядре интерфейс для сетевой диспетчеризации, позволяющий драйверам напрямую перенаправлять пакеты обработчикам сетевых протоколов. Новая реализация поддерживает выполнение одного NETISR потока на каждый CPU, что значительно повышает производительность сетевой подсистемы на многопроцессорных конфигурациях;

    Поддержка выполнения FreeBSD i386/PAE в гостевом домене Xen (domU);

    Завершена четырехлетняя работа по переводу сетевой подсистемы FreeBSD на более эффективную систему блокировок. Все сетевые драйверы переведены на новую MPSAFE (Multi Processor Safe) систему блокировок, эффективную для многопроцессорных и многоядерных систем. На MPSAFE блокировки также переведена подсистема TTY;


    Режим эмуляции Linux (Linuxulator) переведен на использование 2.6.16 Linux ядра, в качестве порта, используемого для обеспечения работы Linuxulator, по умолчанию устанавливается emulators/linux_base-f10 (Fedora 10);

    По умолчанию GENERIC ядро собирается с поддержкой мандатного контроля доступа (Mandatory Access Control), реализация которого была подготовлена в рамках проекта Trusted BSD. По умолчанию MAC модули с определением политик не загружаются;

    Новый USB-стек HPS (USB2), который адаптирован для работы на SMP системах и содержит новые драйверы для современных высокоскоростных хост-контроллеров. Основные новшества:
    • Новый USB API;
    • Многие USB драйверы избавлены от глобальных блокировок;
    • Режим совместимости с USB подсистемой Linux ядра;
    • Новый UGEN бэкенд и библиотека libusb. Полностью решены проблемы с выгрузкой драйвера. Библиотека libusb20 распространяется под лицензией BSD и польностью совместима с GPL библиотекой libusb-0.1.12 (libusb.sourceforge.net);
    • Новая утилита "usbconfig", для удобной настройки USB устройств;
    • Полная поддержка разделенных транзакций (Split transactions), что подразумевает возможность использования скоростных USB аудио устройств на современных USB HUB.
    • Поддержка HS ISOC транзакций, что, например, открывает двери для создания драйверов для различных высокоскоростных web-камер;
    • Поддержка USB для встраиваемых платформ, улучшенный алгоритм сброса содержимого кэшей и буферов;
    • Возможность автоопределения установочных USB дисков;
    • Расширена поддержка USB устройств, различных режимов работы (например, I/O vectors позволяет увеличить пропускную способность и сократить число прерываний);
    • Решение проблем с крахом при извелечении USB-устройств без их предварительного отмонтирования;
    • Поддержка NDIS USB, позволяющая использовать во FreeBSD NDIS-совместимые драйверы USB устройств из Windows.
    В подсистему CAM, изначально реализующую унифицированный модульный интерфейс для разработки драйверов для SCSI устройств, добавлена поддержка средств для управления устройствами с шиной ATA/SATA. Усовершенствование не влияет на работу текущей ATA подсистемы FreeBSD, предоставляя пользователю альтернативный драйвер для AHCI совместимых контроллеров, который может быть загружен по желанию. Новая инфраструктура поддерживает такие возможности, как NCQ (Native Command Queuing), MSI (Message Signaled Interrupts) и мультипликатор портов (Port Multiplier). Управление производится через стандартную утилиту camcontrol.


    Обновлена поддержка ZFS до версии 13, список улучшений можно найти здесь, а примеры использования здесь. Поддержка файловой системы ZFS во FreeBSD объявлена готовой к промышленной эксплуатации. В настоящий момент ведется работа по портированию ZFS версии v22;

    Во FreeBSD реализации подсистемы NFS добавлена поддержка RPCSEC_GSS аутентификации, как на стороне сервера, так и на стороне клиента. Добавлена новая экспериментальная реализация кода для поддержки NFSv2, NFSv3 и NFSv4 (для включения вместо стандартной реализации нужно пересобрать ядро с опциями options NFSCL (клиент) или options NFSD (сервер)). По умолчанию в качестве транспорта для NFS теперь используется протокол TCP;

    В подсистеме net80211, обеспечивающей поддержку связанных с беспроводными сетями технологий, появилась возможность одновременного создания нескольких подсистем базовых станций (BSS) на базе одной точки доступа. Для определения беспроводного интерфейса отныне используются псевдоинтерфейсы wlanN, вместо имени привязанного к типу задействованного драйвера;

    В состав включены наработки проекта arp-v2 (L2+L3 rewrite project), cуть которого в выносе L2 данных (ARP и ND6) из L3 (IP) таблиц маршрутизации, улучшении параллельной обработки выборок данных за счет исключения лишних блокировок, упрощении логики кода связанного с маршрутизацией. Как итог интеграции arp-v2 стал возможным уход от концепции клонирования маршрутов (RTF_CLONING), сокращение объема кода в модулях IPv4 ARP и IPv6 NDP, а также уменьшение размера структуры данных rtentry;


    Реализация поддержки протоколов групповой маршрутизации IGMPv3 (Internet Group Management Protocol) и SSM (Source Specific Multicast). IGMP активно используется для организации доставки широковещательного мультимедийного контента в IPTV системах;

    В реализации IPSec появилась поддержка технологии NAT-Traversal (RFC 3948) для работы из подсети, находящейся за транслятором адресов.

    При сборке системы в компиляторе GCC отныне по умолчанию включена система защиты от переполнения стека ProPolice SSP (stack-smashing protection). Технология основна на установке и последующей проверке так называемого "канареечного слова" - случайной последовательности устанавливаемой в стек непосредственно перед адресом возврата. Потери производительности при сборке с защитой от переполнения стека составляют 1-2%;

    Jail2 - обновленный код реализации изолированных окружений Jail, в которой представлены следующие новшества:
    • Поддержка установки нескольких IP на каждый jail;
    • В дополнение к IPv4 реализована поддержка IPv6;
    • Возможность создания Jail без указания IP-адреса (без поддержки сети), по аналогии с chroot(8);
    • Обновлена поддержка SCTP внутри Jail, включая работу поверх IPv6;
    • cpuset(1) способен привязывать набор процессоров к определенному jailid или irq, причем установка возможна и после создания jail окружения;
    • В дополнение к имени хоста (hostname) добавлена возможность установки альтернативного имени для jail окружений, которое может использоваться для администрирования и не может быть изменено из jail;
    • В ddb(4) добавлена команда "show jails" для выполнения отладки;
    • Добавлена совместимость 32-разрядных jail'ов с 64-разрядными системами (32-разрядный бинарные файлы jail могут быть запущены в 64-битном системном окружении). Также обеспечена обратная совместимость с системными вызовами и утилитами предыдущей версии.
    • Поддержка иерархических (вложенных) jail'ов. Теперь внутри защищенных контейнеров можно в свою очередь создавать другие контейнеры, при необходимости с более (но никогда не менее) жесткими ограничениями.
    • Настройки, относящиеся к jail и доступные ранее глобально через sysctl, теперь можно изменять для каждого контейнера отдельно (sysctl оставлены для обратной совместимости);
    • Команда jail также претерпела изменения и теперь позволяет вместо предопределенного набора параметров задавать произвольные пары "имя=значение" для более гибкой настройки и возможности последующего расширения. Также параметры jail теперь можно менять "на лету".



Второстепенные улучшения, на которые стоит обратить внимание:
  • Переработан код системы gvinum, разработка которого велась на протяжении двух последних лет. Внутренняя логика работы переведена на событийную модель обработки, переписаны некоторые ключевые компоненты, улучшена реализация перестроения и синхронизации разделов. Добавлены недостающие команды, присутствующие в первоначальном vinum, такие как attach/detach, start, stop, concat, mirror, stripe, raid5. Реализована поддержка исправления деградировавших разделов, находящихся в смонтированном состоянии. Возможность добавления дополнительных дисков в RAID 5 разделы, с целью увеличения размера раздела, с поддержкой фонового перестроения без остановки работы. Значительно увеличена стабильность работы;

    Большая порция изменений в звуковой подсистеме. Реализованы следующие улучшения:
    • Поддержка раздельного и независимого управления громкостью для каждого приложения (канала, потока), без изменения основного уровня громкости;
    • Новый высококачественный конвертер частоты дискретизации (sample-rate-converter), основанный на методе SINC интерполяции;
    • Параметрический программный эквалайзер (feeder_eq), поддерживающий управление частотными характеристиками воспроизводимого pcm-аудиопотока (басы, низкие частоты). Внесенный код предоставляет средства для управления тональностью, как для удовлетворения акустических предпочтений, так и для частотной компенсации звука под заданные характеристики воспроизводящей аппаратуры (например, для оптимизации воспроизведения через наушники или телефон);
    • В реализацию виртуальных аудиоканалов добавлена поддержка прозрачного адаптивного/динамического смешивания каналов с аудиоданными разных форматов и частот;
    • Режим прямой передачи немодифицированных, чистых pcm-потоков на устройства вывода, в обход средств DSP обработки (например, смешивания или преобразования частоты);
    • Режим эксклюзивного доступа к любым видам PCM-потоков (работает через открытие файла с флагом O_EXCL и напоминает режим 'passthrough' для виртуального звукового канала, при котором приглушаются все остальные каналы);
    • Мультиканальная матричная обработка для бесшовного преобразования или перенаправления каналов;
    • Звуковой Loopback/Null драйвер.
    В дополнение к поддержке POSIX.1e ACL для файловых систем UFS и ZFS реализована экспериментальная поддержка NFSv4 ACL;


    Добавлена поддержка чернового варианта стандарта 802.11s (принятие стандарта ожидается в следующем году), регламентирующего работу Mesh-сетей (каждая клиентская точка сети связана через соседние точки). Для маршрутизации в mesh-сети реализована поддержка протокола HWMP;

    Добавлена реализация инфраструктуры для кэширования потоков, позволяющая ускорить выборки на 2 и 3 уровнях сетевого стека и реализовать балансировку нагрузки с учетом состояния соединения. По умолчанию функциональность выключена, для активации нужно использовать "sysctl net.inet.flowtable.enable=1";

    Добавлена экспериментальная поддержка ECMP (Equal-Cost Multi-Path, RFC 2992) для IPv4 и IPv6, что позволяет создавать несколько маршрутов с одинаковым или заданным весом;


    Добавлена экспериментальная поддержка платформы MIPS. Добавлена поддержка 64-разрядных процессоров PowerPC, включая PowerPC G5, PowerPC 970 (G5), POWER3 и POWER4;

    В состав дистрибутива интегрирован пакет OpenBSM 1.1 с открытой реализации Sun Basic Security Module (BSM) Audit API. В новой версии увеличена производительность, BSD API синхронизирован с OpenSolaris, улучшена поддержка IPv6 и аудита событий связанных с сетью. Пакет может быть использован для анализа причин краха приложений или системы, определения факта вторжения злоумышленника, мониторинга состояния системы и т.д.

    Добавлена библиотека libprocstat с API для просмотра детальной информации о процессах, включая данные о используемых файловых дескрипторах, нитях, мапинге памяти и т.п. На базе libprocstat создана утилита procstat для мониторинга, отладки и инспектирования процессов;

    Добавлен драйвер sdhci для поддержки PCI SD хост контроллеров (кард-ридеров). Также усовершенствованы существующие драйверы mmc и mmcsd, которые теперь поддерживают карты размером более 2Гб, определяют состояние переключателя защиты от записи;
    • В дерево портов (emulators/virtualbox) добавлена система виртуализации VirtualBox, обеспечивающая возможность использования FreeBSD в качестве хост-системы для запуска гостевых ОС. В настоящий момент реализована поддержка механизма аппаратной виртуализации VT-x, поддержка сетевого бриджинга, ACPI, доступа к DVD/CD, поддержка SMP и т.д.

    Улучшение утилит:
    • GNU-версия cpio заменена на распространяемый под лицензией BSD аналог;
    • в утилите traceroute появилась опция "-a" при которой для каждого хопа вычисляется и выводится номер автономной системы;
    • awk теперь может одновременно работать с 64 файлами;
    • оптимизирована буферизация в утилитах cat и cp;
    • в утилите find реализовано несколько свойственных GNU-версии опций (-ignore_readdir_race, -noignore_readdir_race, -noleaf, -gid, -uid, -wholename, -iwholename, -mount, -d, -lname, -ilname, -quit, -samefile, -true.);
    • утилита freebsd-update теперь автоматически производит резервное копирование заменяемой копии ядра;
    • утилита gpt удалена (нужно использовать gpart);
    • в ifconfig добавлены опции vnet и -vnet для перемещения интерфейса между jail;
    • для Dtrace клиентов добавлены библиотеки libdwarf и libproc;
    • для управления NFSv4 добавлены утилиты nfscbd, nfsuserd, nfsdumpstate и nfsrevoke;
    • в утилиту route добавлены команды show, weights и sticky;
    В качестве поддерживаемых версий доступных в портах десктоп-окружений называются GNOME 2.26.3 (x11/gnome2) и KDE 4.3.1 (x11/kde4). Из обновленных сторонних проектов, поставляемых в базовой системе, можно отметить: BIND 9.6.1, Tcpdump 4.0.0, wpa_supplicant 0.6.8, hostapd 0.6.8, OpenSSH 5.1p1, sendmail 8.14.3.


Для осуществления бинарного обновления с версий 7.x и прошлых бета-версий FreeBSD 8.0 необходимо выполнить следующие действия:


Загружаем обновления:

freebsd-update upgrade -r 8.0-RELEASE

Устанавливаем обновления, попутно отвечая на вопросы,
касающиеся решения конфликтов при обновлении файлов конфигурации:

freebsd-update install

Перезагружаем систему:

shutdown -r now

Еще раз выполняем:

freebsd-update install
shutdown -r now








FreeBSD 8.0-RELEASE Release Notes







FreeBSD 8.0-RELEASE Release Notes

The FreeBSD Project

Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009 The FreeBSD Documentation Project

$FreeBSD: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.sgml
199849 2009-11-26 22:09:37Z hrs $



FreeBSD is a registered trademark of the FreeBSD Foundation.

IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks
of International Business Machines Corporation in the United States, other countries, or
both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and
Electronics Engineers, Inc. in the United States.

Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.

Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. Products bearing SPARC trademarks are based
upon architecture developed by Sun Microsystems, Inc.

Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the “™” or the “®” symbol.




The release notes for FreeBSD 8.0-RELEASE contain a summary of the changes made to the
FreeBSD base system on the 8-STABLE development line. This document lists applicable
security advisories that were issued since the last release, as well as significant
changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also
presented.








Table of Contents

1 Introduction

2 What's New



2.1 Security Advisories

2.2 Kernel Changes




2.2.1 Boot Loader Changes

2.2.2 Hardware Support

2.2.3 Network Protocols

2.2.4 Disks and Storage

2.2.5 File Systems




2.3 Userland Changes



2.3.1 /etc/rc.d Scripts



2.4 Contributed Software

2.5 Ports/Packages Collection Infrastructure

2.6 Release Engineering and Integration



3 Upgrading from previous releases of FreeBSD





1 Introduction[/url]

This document contains the release notes for FreeBSD 8.0-RELEASE. It describes
recently added, changed, or deleted features of FreeBSD. It also provides some notes on
upgrading from previous versions of FreeBSD.

This distribution of FreeBSD 8.0-RELEASE is a release distribution. It can be found at
ftp://ftp.FreeBSD.org/[/url] or any of its
mirrors. More information on obtaining this (or other) release distributions of FreeBSD
can be found in the “Obtaining FreeBSD” appendix[/url] to the FreeBSD
Handbook[/url].

All users are encouraged to consult the release errata before installing FreeBSD. The
errata document is updated with “late-breaking” information discovered late
in the release cycle or after the release. Typically, it contains information on known
bugs, security advisories, and corrections to documentation. An up-to-date copy of the
errata for FreeBSD 8.0-RELEASE can be found on the FreeBSD Web site.




2 What's New[/url]

This section describes the most user-visible new or changed features in FreeBSD since
7.0-RELEASE, and changes shown in Release Notes for the previous releases are marked as
[7.1R] and [7.2R].

Typical release note items document recent security advisories issued after
7.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes,
or contributed software upgrades. They may also list changes to major ports/packages or
release engineering practices. Clearly the release notes cannot list every single change
made to FreeBSD between releases; this document focuses primarily on security advisories,
user-visible changes, and major architectural improvements.



2.1 Security Advisories[/url]

Problems described in the following security advisories have been fixed. For more
information, consult the individual advisories available from http://security.FreeBSD.org/[/url].

[/url]







Advisory
Date
Topic





SA-08:05.openssh[/url]

17 April 2008

OpenSSH X11-forwarding privilege escalation




SA-08:06.bind[/url]
13 July 2008


DNS cache poisoning




SA-08:07.amd64[/url]
3 September 2008

amd64 swapgs local privilege escalation





SA-08:08.nmount[/url]
3 September 2008


nmount(2)[/url] local
arbitrary code execution





SA-08:09.icmp6[/url]
3 September 2008

Remote kernel panics on IPv6 connections




SA-08:10.nd6[/url]

1 October 2008

IPv6 Neighbor Discovery Protocol routing vulnerability




SA-08:11.arc4random[/url]
24 November 2008



arc4random(9)[/url]
predictable sequence vulnerability




SA-08:12.ftpd[/url]
23 December 2008


Cross-site request forgery in
ftpd(8)[/url]




SA-08:13.protosw[/url]
23 December 2008


netgraph / bluetooth privilege escalation




SA-09:01.lukemftpd[/url]
07 January 2009

Cross-site request forgery in
lukemftpd(8)[/url]





SA-09:02.openssl[/url]
07 January 2009

OpenSSL incorrectly checks for malformed signatures





SA-09:03.ntpd[/url]
13 January 2009

ntpd cryptographic signature bypass




SA-09:04.bind[/url]
13 January 2009


BIND DNSSEC incorrect checks for malformed signatures




SA-09:05.telnetd[/url]
16 February 2009

telnetd code execution vulnerability





SA-09:06.ktimer[/url]
23 March 2009

Local privilege escalation




SA-09:07.libc[/url]

04 April 2009

Information leak in db(3)[/url]




SA-09:08.openssl[/url]
22 April 2009


Remotely exploitable crash in OpenSSL




SA-09:09.pipe[/url]
10 June 2009

Local information disclosure via direct pipe writes





SA-09:10.ipv6[/url]
10 June 2009

Missing permission check on SIOCSIFINFO_IN6 ioctl




SA-09:11.ntpd[/url]

10 June 2009

ntpd stack-based buffer-overflow vulnerability




SA-09:12.bind[/url]
29 July 2009


BIND
named(8)[/url] dynamic
update message remote DoS




SA-09:14.devfs[/url]
2 Oct 2009


Devfs / VFS NULL pointer race condition









2.2 Kernel Changes[/url]

The FreeBSD GENERIC kernel now includes Trusted BSD MAC
(Mandatory Access Control) support. No MAC policy module is loaded by default.

[i386] A loader tunable hw.clflush_disable has been added
to avoid panic (trap 9) at map_invalidate_cache_range()
even if Intel CPU is used. This tunable can be set to -1
(default), 0 and 1. The -1 is same as the current behavior, which automatically disables CLFLUSH on Intel CPUs without CPUID_SS

(this should occurr on Xen only). You can specify 1 when this
panic happens on non-Intel CPUs (such as AMD's). Because disabling CLFLUSH can reduce performance, you can try with setting 0 on Intel CPUs without SS to use CLFLUSH feature.

The
jail(8)[/url]
subsystem has been updated. Changes include:
  • A new virtualization container named “vimage” has been implemented. This
    is not enabled by default. To enable this, add the following kernel options to your
    kernel configuration file and rebuild the kernel:


    options VIMAGE


    Note that options SCTP in the GENERIC kernel is not compatible with options
    VIMAGE. This limitation will be fixed in the next release.

    The vimage is a jail with a virtualized instance of the FreeBSD network stack. It can
    be created by using

    jail(8)[/url] command
    like this:


    # jail -c vnet name=vnet1 host.hostname=vnet1.example.net path=/ persist


    The vimage has own loopback interface and a separated network stack including the L3
    routing tables. Network interfaces on the system can be moved by using
    ifconfig(8)[/url]
    vnet option between the different vimage jails and outside of
    them.

    Furthermore, the
    epair(4)[/url]
    pseudo-interface driver has been added to help communication between vimage jails. It
    emulates a pair of back-to-back connected Ethernet interfaces. For example, the following
    commands create an interface pair of

    epair(4)[/url]:


    # ifconfig epair0 create
    epair0a
    # ifconfig epair0a
    epair0a: flags=8842 metric 0 mtu 1500
    ether 02:c0:64:00:07:0a
    # ifconfig epair0b
    epair0b: flags=8842 metric 0 mtu 1500
    ether 02:c0:64:00:08:0b



    The
    epair(4)[/url]
    pseudo-interfaces and any physical interfaces on the system can be moved between vimage
    jails by using
    ifconfig(8)[/url]
    vnet option as described above. Even after half of an
    epair(4)[/url] pair is
    moved, the back-to-back connection still valid and can be used for inter-jail
    communication.

    Note that vimage is still considered as an experimental feature.
  • A jail can now have arbitrary named parameters similar to environmental variables and
    the fixed jail parameters in the previous releases have been replaced with them. The jail
    name can now be used for identifying the jail in
    jexec(8)[/url] and
    killall(1)[/url].
  • Multiple IPv4 and/or IPv6 addresses per jail are now supported. It is even possible to
    have jails without an IP address at all, which basically gives one a chrooted environment
    with restricted process view and no networking.
  • SCTP (
    sctp(4)[/url]) with
    IPv6 in jails has been implemented.

  • Specific CPU binding by using
    cpuset(1)[/url] has
    been implemented. Note that the current implementation allows the superuser inside of the
    jail to change the CPU bindings specified.
  • A
    jail(8)[/url] can
    start with a specific route FIB now.
  • The
    ddb(8)[/url] kernel
    debugger now supports a show jails subcommand.
  • Compatibility support which permits 32-bit jail binaries to be used on 64-bit systems
    to manage jails has been added.
  • Note that both version numbers of jail and prison in the
    jail(8)[/url] have
    been updated for the new features.
The
ksyms(4)[/url], kernel
symbol table interface driver has been added. It creates a character device /dev/ksyms and provides read-only access to a snapshot of the
kernel symbol table.

[amd64, i386] The FreeBSD Linux emulation layer has been updated to version 2.6.16 and
the default Linux infrastructure port is emulators/linux_base-f10 (Fedora 10).

[arm] The FreeBSD/arm now supports mini dump.

[powerpc] The FreeBSD/powerpc now supports kernel core dump.

[amd64, i386] The FreeBSD virtual memory subsystem now supports fully transparent use
of superpages[/b] for application memory; application memory pages
are dynamically promoted to or demoted from superpages without any modification to
application code. This change offers the benefit of large page sizes such as improved
virtual memory efficiency and reduced TLB (translation lookaside buffer) misses without
downsides like application changes and virtual memory inflexibility. This can be enabled
by setting a loader tunable vm.pmap.pg_ps_enabled to 1 and is enabled by default on amd64.

[7.2R] The
ddb(8)[/url] kernel
debugger now supports a show mount subcommand.

[7.2R] The FreeBSD DTrace subsystem now supports a probe for process execution.

[7.2R] [amd64] The FreeBSD kernel virtual address space has been increased to 6GB.
This allows subsystems to use larger virtual memory space than before. For example, the


zfs(8)[/url] adaptive
replacement cache (ARC) requires large kernel memory space to cache file system data, so
it benefits from the increased address space. Note that the ceiling on the kernel map
size is now 60% of the size of physical memory rather than an absolute quantity.

[7.2R] The
kld(4)[/url] now
supports installing 32-bit system calls to the FreeBSD syscall translation layer from
kernel modules.

[7.2R] The
ktr(4)[/url] now
supports a new KTR tracepoint in the KTR_CALLOUT class to note
when a callout routine finishes executing.

[7.2R] Types of variables used to track the amount of allocated System V shared memory
have been changed from int to size_t.
This makes it possible to use more than 2 GB of memory for shared memory segments on
64-bit architectures. Please note the new BUGS section in
shmctl(2)[/url] and
/usr/src/UPDATING for limitations of this temporary
solution.

[7.2R] The
sysctl(3)[/url] leaf
nodes have a flag to tag themselves as MPSAFE now.

[7.2R] The FreeBSD 32-bit system call translation layer now supports installing 32-bit
system calls for VFS_AIO.

[7.1R] The
clock_gettime(2)[/url]

and the related system calls now support a clock ID CLOCK_THREAD_CPUTIME_ID, as defined in POSIX.

[7.1R] The
cpuset(2)[/url] system
call has been added. This is an API for thread to CPU binding and CPU resource grouping
and assignment.

[7.1R] The DTrace, a comprehensive dynamic tracing framework and
dtrace(1)[/url]

userland utility have been imported from OpenSolaris. DTrace provides a powerful
infrastructure to permit administrators, developers, and service personnel to concisely
answer arbitrary questions about the behavior of the operating system and user
programs.

[7.1R] The
ddb(4)[/url] kernel
debugger now has an output capture facility. Input and output from
ddb(4)[/url] can now
be captured to a memory buffer for later inspection using
sysctl(8)[/url] or a
textdump. The new capture command controls this feature.

[7.1R] The
ddb(4)[/url] debugger
now supports a simple scripting facility, which supports a set of named scripts
consisting of a set of
ddb(4)[/url] commands.
These commands can be managed from within
ddb(4)[/url] or with
the use of the new

ddb(8)[/url] utility.
More details can be found in the
ddb(4)[/url] manual
page.

[7.1R] The
ddb(4)[/url] ex command now supports an /S mode which
interprets and prints the value at the requested address as a symbol. For example, ex /S aio_swake prints the
name of the function currently registered in via aio_swake hook.

[7.1R] The
ddb(4)[/url] show conifhk command has been added. This lists hooks currently
waiting for completion in run_interrupt_driven_config_hooks().

[7.1R] The
fcntl(2)[/url] system
call now supports F_DUP2FD command. This is equivalent to

dup(2)[/url], and
compatible with the Sun Solaris and the IBM AIX.

[7.1R] The FreeBSD's
linux(4)[/url] ABI
support now implements sched_setaffinity() and sched_getaffinity() using real CPU affinity setting
primitives.

[7.1R] The
procstat(1)[/url]
utility has been added. This is a process inspection utility which provides some of the
missing functionality from
procfs(5)[/url] and
new functionality for monitoring and debugging specific processes.

[7.1R] The client side functionality of
rpc.lockd(8)[/url] has
been implemented in the FreeBSD kernel. This implementation provides the correct
semantics for

flock(2)[/url] style
locks which are used by the
lockf(1)[/url] command
line tool and the
pidfile(3)[/url]
library. It also implements recovery from server restarts and ensures that dirty cache
blocks are written to the server before obtaining locks (allowing multiple clients to use
file locking to safely share data). Also, a new kernel option options
NFSLOCKD has been added and enabled by default. If the kernel support is enabled,

rpc.lockd(8)[/url]
automatically detects and uses the functionality.

[7.1R] The FreeBSD kernel now supports a new textdump format of kernel dumps. A
textdump provides higher-level information via mechanically generated/extracted debugging
output, rather than a simple memory dump. This facility can be used to generate brief
kernel bug reports that are rich in debugging information, but are not dependent on
kernel symbol tables or precisely synchronized source code. More information can be found
in the
textdump(4)[/url]
manual page.

[7.1R] The
wait4(2)[/url] system
call now supports WNOWAIT flag to keep the process whose
status is returned in a waitable state and WSTOPPED which is
equivalent to WUNTRACED.

[7.1R] [amd64, i386, sparc64] The FreeBSD kernel now has initial support of binding
interrupts to CPUs.

[7.1R] [amd64, i386] The
sched_ule(4)[/url]
scheduler is now the default process scheduler in GENERIC
kernels.

[7.1R] The sysctl variables kern.features.compat_freebsd[456] have been added. These are
corresponding to the kernel options COMPAT_FREEBSD[456].



2.2.1 Boot Loader Changes[/url]

The boot0[/b] boot loader now preserves volume ID at offset
0x1b8 used in other operating systems

The
boot0cfg(8)[/url]

utility now supports a new -i option to set the volume
ID.

[arm, powerpc] The
loader(8)[/url] now
supports U-Boot support library.

[7.2R] The
boot(8)[/url] now
supports 4-byte volume ID that certain versions of Windows® put into the MBR and invoking PXE by pressing the
F6 key on some supported BIOSes.

[7.2R] [i386] The
boot(8)[/url] BTX
loader has been improved. This fixes several boot issues on recent machines reported for
7.1-RELEASE and before.

[7.2R] The
loader(8)[/url] is now
able to obtain DHCP options from network boot via
kenv(2)[/url]

variables.

[7.2R] A bug in the
loader(8)[/url] has
been fixed. Now the following line works as expected:


loader_conf_files="foo bar ${variable}"



[7.1R] [amd64, i386] The BTX kernel used by the boot loader has been changed to invoke
BIOS routines from real mode. This change makes it possible to boot FreeBSD from USB
devices.

[7.1R] [amd64, i386] A new gptboot boot loader has been added to support booting from
a GPT labeled disk. A new boot command has been added to
gpt(8)[/url], which
makes a GPT disk bootable by writing the required bits of the boot loader, creating a new
boot partition if required.





2.2.2 Hardware Support[/url]

The FreeBSD now includes experimental support for MIPS platform.

Support for RTC on Dallas Semiconductor chips has been improved. The DS133x and DS1553
are now supported.

[arm] The FreeBSD/arm now supports Feroceon and Sheeva embedded CPU, Marvell Orion
(88F5281), Kirkwood (88F6281), Discovery Innovation (MV-78100) systems-on-chip CPU.

[powerpc] The FreeBSD/powerpc now supports SMP machines

[powerpc] The FreeBSD/powerpc now supports E500 (Book-E) embedded CPU and Freescale
PowerQUICCIII MPC85xx system-on-chip (including single and dual-core).

The
acpi(4)[/url]
subsystem now supports the System Resource Affinity Table (SRAT) used to describe
affinity relationships between CPUs and memory, ACPI 3.0 fields in the MADT including
X2APIC entries and UIDs for local SAPICs, and ACPI 3.0 flags in the FADT.

[powerpc] The
cpufreq(4)[/url]
framework now supports PowerPC G5, along with a skeleton SMU driver in order to slew CPU
voltage during frequency changes.

The sec(4) driver has been added to provide support for the integrated security engine
found in Freescale system-on-chip devices.

The FreeBSD TTY layer has been replaced with a new one which has better support for
SMP and robust resource handling. A tty now has own mutex and it is expected to improve
scalability when compared to the old implementation based on the Giant lock.

[amd64, i386] The
uart(4)[/url] driver
is now the default driver for serial port devices in favor of the
sio(4)[/url] driver.
Note that the device nodes have been renamed from /dev/cuadN and /dev/ttydN to /dev/cuauN and /dev/ttyuN.



Important: Users who are upgrading will need to change their kernel
configurations and possibly also /boot/loader.conf and /boot/device.hints.



The FreeBSD USB subsystem has been reimplemented to support modern devices and better
SMP scalability. The new implementation includes Giant-lock-free device drivers, a Linux
compatibility layer,

usbconfig(8)[/url]
utility, full support for split transaction and isochronous transaction, and more. Device
node names for USB devices are now in a the form of /dev/usb/bus.dev.endpoint, and /dev/usbctl
is the master device node. Note that the
ugen(4)[/url] driver
has nodes for each device as /dev/ugenbus.dev for
backward compatibility.

[7.2R] [sparc64] FreeBSD now supports Ultra SPARC III (Cheetah) processor family.

[7.2R] The
acpi(4)[/url]
subsystem now supports a
sysctl(8)[/url]
variable debug.batt.batt_sleep_ms. On some laptops with
smart batteries, enabling battery monitoring software causes keystrokes from

atkbd(4)[/url] to be
lost. This sysctl variable adds a delay in millisecond to the status checking code as a
workaround.

[7.2R] The
acpi_asus(4)[/url]
driver now supports Asus A8Sr notebooks.

[7.2R] [powerpc] Support for the AltiVec, a floating point and integer SIMD
instruction set has been added.

[7.2R] The
cpuctl(4)[/url]
driver, which provides a special device /dev/cpuctl as an
interface to the system CPU has been added. The
cpuctl(4)[/url]
functionality includes the ability to retrieve CPUID information, read/write machine
specific registers (MSR), and perform CPU firmware updates.

[7.2R] The

cpufreq(4)[/url]
driver now supports an hw.est.msr_info loader tunable. When
this is set to 1, it attempts to build a simple list containing
just the high and low frequencies if it cannot obtain a frequency list from either ACPI
or the static tables. This is disabled by default.

[7.2R] [amd64, i386] CPU frequency change notifiers are now disabled when the TSC is
P-state invariant. Also, a new loader tunable kern.timecounter.invariant_tsc has been added to force this
behavior by setting it to non-zero.

[7.2R] The
atkbd(4)[/url] driver
now disables the interrupt handler which is called from the keyboard callback function
when polled mode is enabled. This fixes the problem of duplicated/missing characters at
the mountroot prompt on multi CPU systems while
kbdmux(4)[/url] is
enabled.

[7.2R] In the
pci(4)[/url] subsystem
INTx is now disabled when MSI/MSIX is enabled. This change fixes interrupt storm related
issues.

[7.2R] [sparc64] The schizo(4) driver for Schizo Fireplane/Safari to PCI 2.1 and
Tomatillo JBus to PCI 2.2 bridges has been added.

[7.2R] The
u3g(4)[/url] driver
for USB based 3G cards and dongles including Vodafone Mobile Connect Card 3G, Qualcomm
CDMA MSM, Huawei E220, Novatel U740, Sierra MC875U, and more has been added. This
provides support for the multiple USB-to-serial interfaces exposed by many 3G USB/PC Card
modems, and the device is accessed through the
ucom(4)[/url] driver
which makes it behave like a
tty(4)[/url].

[7.2R] The
sched_ule(4)[/url]
scheduler now supports the loader tunable machdep.hyperthreading_enabled just like
sched_4bsd(4)[/url].
Note that it cannot be modified at run-time.

[7.1R] The

cmx(4)[/url] driver, a
driver for Omnikey CardMan 4040 PCMCIA smartcard readers, has been added.

[7.1R] [sparc64] The
kbdmux(4)[/url] driver
now supports sparc64. The
sunkbd(4)[/url] driver
now supports

atkbd(4)[/url]
emulation like
ukbd(4)[/url].

[7.1R] The nvram(4) driver is now MPSAFE.

[7.1R] An option of the

puc(4)[/url] driver,
PUC_FASTINTR, is no longer supported.

[7.1R] The
psm(4)[/url] driver
now attempts detection of Synaptics touchpad before IntelliMouse. Some touchpads will
pretend to be IntelliMouse causing the IntelliMouse probe to work and the Synaptics
detection never to be done.

[7.1R] The

uslcom(4)[/url]
driver, a driver for Silicon Laboratories CP2101/CP2102-based USB serial adapters, has
been imported from OpenBSD.



2.2.2.1 Multimedia Support[/url]

The FreeBSD audio subsystem has been improved. The changes include volume per channel,
high quality fixed-point band-limited SINC sampling rate converter, bit-perfect mode,
transparent/adaptive virtual channel, and exclusive stream. For more details, see the
snd(4)[/url] manual
page.

[7.2R] The
agp(4)[/url] driver
now supports Intel G4X series graphics chipsets.

[7.2R] The Direct Rendering Manager (DRM[/b]), a kernel module
that gives direct hardware access to DRI clients, has been updated. Support for AMD/ATI
r500, r600, r700, and IGP based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
improved.

[7.2R] A new loader tunable hw.drm.msi has been added to
control if DRM uses MSI or not. This is set to 1 (enabled) by
default.

[7.2R] The snd_au88x0(4) driver for Aureal Vortex 1/2/Advantage PCI has been removed
because it has been broken for a long time.

[7.2R] The
snd_hda(4)[/url]
driver has been updated. These changes include support for multiple codecs per HDA bus,
multiple functional groups per codec, multiple audio devices per functional group,
digital (SPDIF/HDMI) audio input/output, suspend/resume, and part of multichannel
audio.

[7.2R] Note that due to added HDMI audio and logical audio devices support, the
updated driver often provides several PCM devices. This means that in some cases the
system default audio device no longer corresponds to the users's habitual audio
connectors. In such cases the default device can be specified in audio applications'
setup or defined globally via hw.snd.default_unit sysctl
variable, as described in the

sound(4)[/url] manual
page.

[7.1R] The
agp(4)[/url] driver
now supports the Intel G33 and G45.

[7.1R] [i386] The dpms(4) driver has been added to use the
VESA BIOS for DPMS during suspend and resume.

[7.1R] The DRM[/b] kernel driver now supports i915 GME
devices.




2.2.2.2 Network Interface Support[/url]

The
bwi(4)[/url] driver
has been added to provide support for Broadcom BCM43xx IEEE 802.11b/g wireless network
interfaces.

[sparc64] The
cas(4)[/url] driver
has been added to provide support for Sun Cassini/Cassini+ and National Semiconductor
DP83065 Saturn Gigabit Ethernet devices.

The
cxgbtool(8)[/url] now
supports an interactive mode for scripting of repeatedly performed tasks.

The
fxp(4)[/url] driver
has been improved. Changes include:
  • The multicast filter re-programming is now more robust.
  • [7.2R] The checksum offload feature can be controlled by

    ifconfig(8)[/url]
    now.
  • [7.2R] Rx checksum offload support for 82559 or later controllers has been added.
  • [7.2R] TSO (TCP Segmentation Offload) support for 82550 and 82551 controllers has been
    added.
  • [7.2R] WoL (Wake on LAN) support for 82550, 82551, 82558, and 82559-based controllers
    has been added. Note that ICH based controllers are treated as 82559, and 82557, earlier
    revisions of 82558, and 82559ER have no WoL capability.
  • [7.2R] VLAN hardware tag insertion/stripping support and Tx/Rx checksum offload for
    VLAN frames support has been added. Note that the VLAN hardware assistance is available
    only on 82550 or 82551-based controllers.
[arm, powerpc] The mge(4) driver has been added to provide support for Marvell Gigabit
Ethernet controllers found on ARM-based SOCs (Orion, Kirkwood, Discovery), as well as on
system controllers for PowerPC processors (MV64430, MV6446x).

The
miibus(4)[/url] driver
now supports the Marvell 88E3016.

The
msk(4)[/url] driver
now supports Yukon FE+ A0 including 88E8040, 88E8040T, 88E8048 and 88E8070.

The
mwl(4)[/url] driver
has been added to provide support for Marvell 88W8363 IEEE 802.11n wireless network
devices.

The
mxge(4)[/url] driver
now supports some newer revisions and 10GBASE-LRM and 10GBASE-Twinax media types. The
firmware version has been updated to 1.4.43.

The
nge(4)[/url] driver
has been improved and now works on all platforms.

The tsec(4) driver has been added to provide support for Freescale integrated
Three-Speed Ethernet Controller (TSEC). This driver also works with the enhanced version
of the controller (eTSEC).

The
uath(4)[/url] driver
for USB wireless LAN adapter based on Atheros AR5005UG and AR5005UX chipsets has been
added. The
uathload(8)[/url]
utility, a firmware loader for the Atheros USB wireless driver has also been added.

The
urtw(4)[/url] driver
has been added to provide support for Realtek RTL8187B/L USB IEEE 802.11b/g wireless
network devices.

The xl(4)[/url] driver now
supports TX checksum offload.

[7.2R] The ae(4)[/url] driver now
supports WoL (Wake on LAN).

[7.2R] [amd64, i386] The

ale(4)[/url] driver is
now included in the GENERIC kernel.

[7.2R] The
ath_hal(4)[/url],
Atheros Hardware Access Layer, has been updated to the open source version.

[7.2R] The

axe(4)[/url] driver
has been improved in performance by eliminating extra context switches and now supports
the Apple USB Ethernet adapter.

[7.2R] The
bce(4)[/url] driver's
firmware has been updated to the latest version (4.6.X).

[7.2R] The ciphy(4) driver now supports Vitesse VSC8211 PHY.

[7.2R] The
cxgb(4)[/url] driver
has been updated to firmware revision 4.7 and now supports hardware MAC statistics.

[7.2R] A bug in the
igb(4)[/url] driver,
which prevented the loader tunable hw.igb.ave_latency from
working, has been fixed.

[7.2R] The
ixgbe(4)[/url] driver
has been updated to version 1.7.4.

[7.2R] The
jme(4)[/url] driver
now supports newer JMicron JMC250/JMC260 revisions.

[7.2R] The
msk(4)[/url] driver
has been improved. An issue which made it hang up in a certain condition has been fixed.
Hardware MAC statistics support has been added and users can get the information via
sysctl variables named dev.msk.N.stats.

[7.2R] The
nfe(4)[/url] driver
now supports hardware MAC statistics.

[7.2R] The re(4)[/url] driver has been
improved. It now detects the link status. A new loader tunable hw.re.prefer_iomap has been added, to disable memory register
mapping. This tunable is 0 for all controllers except RTL8169SC
family.

[7.2R] The rl(4)[/url] driver has been
improved. It now detects the link status and a bug which prevented it from working on
systems with more than 4GB memory has been fixed.

[7.2R] A bug in
sis(4)[/url] on VLAN
tagged frame handling has been fixed.

[7.2R] The
txp(4)[/url] driver
now works on all supported architectures. Support has been added for
altq(4)[/url], WoL,
checksum offload when VLAN enabled, and link state change handling has been improved, and
new sysctl variables dev.txp.N.stats for MAC statistics have been added. New
sysctl variables dev.txp.N.process_limit has been added, to control how
many received frames should be served in Rx handler (set to 64 by default and valid
ranges are 16 to 128 in unit of frames). The firmware has been updated to the latest
version.

[7.1R] The ae(4)[/url] driver has been
added to provide support for the Attansic/Atheros L2 FastEthernet controllers.

[7.1R] The
jme(4)[/url] driver
has been added to provide support for PCIe adapters based on JMicron JMC250 gigabit
Ethernet and JMC260 fast Ethernet controllers.

[7.1R] The

age(4)[/url] driver
has been added to provide support for Attansic/Atheros L1 gigabit Ethernet
controller.

[7.1R] The
malo(4)[/url] driver
has been added to provide support for Marvell Libertas 88W8335 based PCI network
adapters.

[7.1R] The bm(4) driver has been added to provide support for Apple Big Mac (BMAC)
Ethernet controller, found on various Apple G3 models.

[7.1R] The et(4) driver has been added to provide support for Agere ET1310
10/100/Gigabit Ethernet controller.

[7.1R] The
glxsb(4)[/url] driver
has been added to provide support for the Security Block in AMD Geode LX processors.

[7.1R] The
ale(4)[/url] driver
has been added to provide support for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet
controllers. This driver is not enabled in GENERIC kernels for
this release.

[7.1R] The em(4)[/url] driver has been
split into two drivers with some common parts. The em(4)[/url] driver will
continue to support adapters up to the 82575, as well as new client/desktop adapters. A
new
igb(4)[/url] driver
will support new server adapters.

[7.1R] The
hme(4)[/url] driver
has been improved.

[7.1R] A bug in some of the
miibus(4)[/url]
supported drivers that IEEE 802.3 auto-negotiation was performed in a wrong order, has
been fixed. Now it chooses the correct technologies supported by IEEE 802.3 in the order
described in Annex 28B.3.

[7.1R] A workaround has been added for a bug in TCP/UDP hardware checksum offload of
the

msk(4)[/url] driver
for short frames. Note that for frames that requires hardware VLAN tag insertion, the
checksum offload workaround does not work due to changes of checksum offset in mbuf after
the VLAN tag. So disabling hardware checksum offload for the VLAN interface is needed in
such cases.

[7.1R] The
ndis(4)[/url] NDIS
miniport driver wrapper has been improved.

[7.1R] The sf(4)[/url] driver has been
improved and now supports checksum offloading.

[7.1R] The
stge(4)[/url] driver
now supports WOL (Wake on LAN).

[7.1R] The vr(4)[/url] driver has been
improved.

[7.1R] [amd64, i386] The

wpi(4)[/url] driver
has been updated to include a number of stability fixes.





2.2.3 Network Protocols[/url]

The FreeBSD netisr framework has been reimplemented for parallel threading support.
This is a kernel network dispatch interface which allows device drivers (and other packet
sources) to direct packets to protocols for directly dispatched or deferred processing.
The new implementation supports up to one netisr thread per CPU, and several benchmarks
on SMP machines show substantial performance improvement over the previous version.

A bug in the

gif(4)[/url] that
EtherIP packets sent by combination of
if_bridge(4)[/url] and

gif(4)[/url] have a
reversed version field has been fixed. If you need to communicate with older FreeBSD
releases via EtherIP, use new flags accept_rev_ethip_ver and send_rev_ethip_ver to control handling the reversed version field.
These can be set by

ifconfig(8)[/url]
utility to
gif(4)[/url]
interfaces. The EtherIP implementation found on FreeBSD 6.1, 6.2, 6.3, 7.0, 7.1, and 7.2
had an interoperability issue because it sent the incorrect EtherIP packets and discarded
the correct ones. For more details, see
gif(4)[/url] manual
page.

The IGMPv3 and SSM (Source-Specific Multicast) including IPv6 SSM and MLDv2 have been
added. Although the old KAME MLDv2 hooks have been replaced with the new implementation,
the related kernel programming interfaces have been preserved.

The multicast routing code has been improved and the IPv4 and IPv6 support has been
split.

The FreeBSD now supports the upcoming Wireless Mesh standard, IEEE 802.11s. The
current implementation is based on the March 2009 D3.0 draft version.

The wireless network support layer (net80211) now uses pseudo-interfaces named as wlanN instead of a device driver
name like em0 directly. The wlanN interface is created by

ifconfig(8)[/url] as
an instance of the parent interface and used for actual communication similar to
vlan(4)[/url], IEEE
802.1Q VLAN network interface. Note that multiple instances (to realize multiple BSSes
with a single AP device, for example) can be created if the parent interface supports it.
For more details, see
ifconfig(8)[/url]
manual page.

The net80211 layer now supports TDMA for long distance point-to-point links using

ath(4)[/url]
devices.

An infrastructure for caching flows as a means of accelerating L2 and L3 lookups has
been added. This is called “flow table” and enabled by default on amd64 and
i386 platforms. This also provides stateful load balancing when used with RADIX_MPATH

The FreeBSD L2 address translation table has been reimplemented to reduce lock
contention on parallel processing and simplify the routing logic. The new implementation
has L2 address translation tables for both ARP (for IPv4) and NDP (for IPv6) which are
separated from the L3 routing tables, and supports flow table caches for both the routing
table and the L2 information. One of the user-visible changes is that a concept of cloned
route (a route generated by an entry with RTF_CLONING flag) is
deprecated. This means routing flags RTF_CLONING, RTF_WASCLONE, and RTF_LLINFO are
obsolete.

The
ipsec(4)[/url]
subsystem now supports NAT-Traversal (RFC 3948). This is disabled by default. To enable
this add the following kernel option and rebuild the kernel:


device crypto
options IPSEC
options IPSEC_NAT_T


[7.2R] IPv4 source address selection for unbound sockets has been implemented as
follows:



[*]
If we found a route, use the address corresponding to the outgoing interface.


[*]
[7.2R] Otherwise we assume the foreign address is reachable on a directly connected
network and try to find a corresponding interface to take the source address from.


[*]
[7.2R] As a last resort use the default jail address.



[7.2R] This also changes the semantics of selecting the IP for processes within a

jail(8)[/url] as it
now uses the same logic as outside the
jail(8)[/url].

[7.2R] The TCP MD5 Signature Option (RFC 2385) for IPv6 has been implemented in the
same way it has been implemented for IPv4.

[7.2R] The
ng_netflow(4)[/url]

Netgraph node now includes support for generating egress netflow instead or in addition
to ingress. An NGM_NETFLOW_SETCONFIG control message has been
added to control the new functionality.

[7.2R] The
tap(4)[/url] Ethernet
tunnel software network interface now supports a new TAPGIFNAME
character device ioctl. This is a convenient shortcut to obtain the network interface
name using a file descriptor to a character device.

[7.2R] The
tap(4)[/url] now
supports SIOCSIFMTU ioctl to set a higher MTU than 1500
(ETHERMTU). This allows
tap(4)[/url] devices
to be added to the same bridge (which requires all interface members to have the same
MTU) with an interface configured for jumbo frames.

[7.2R] The domains list for handling the list of supported domains in the

unix(4)[/url] (UNIX
domain protocol family) subsystem is now MPSAFE.

[7.1R] The
arp(8)[/url] utility
now supports reject and blackhole

keywords. In the entry marked as reject, traffic to the host
will be discarded and the sender will be notified the host is unreachable. In the entry
marked as blackhole, traffic is discarded but the sender is not
notified.

[7.1R] The
bpf(4)[/url] now
supports an ioctl BIOCSETFNR. This is just like BIOCSETF, but it does not drop all the packets buffered on the
descriptor and reset the statistics.

[7.1R] The
if_bridge(4)[/url]
interface can limit the number of source MACs that can be behind a bridge interface via
ifmaxaddr parameter of
ifconfig(8)[/url].

[7.1R] A bug in the

carp(4)[/url]
interface configuration which leads to a system panic has been fixed.

[7.1R] The
dummynet(4)[/url]
subsystem now supports fast mode operation which allows certain
packets to bypass the dummynet scheduler. This can achieve lower latency and lower
overhead when the packet flow is under the pipe bandwidth, and eliminate recursion in the
subsystem. The new sysctl variable net.inet.ip.dummynet.io_fast has been added to enable this
feature.

[7.1R] The
enc(4)[/url] interface
now supports sysctl variables to control whether the firewalls or
bpf(4)[/url] will see
inner and outer headers or just inner or outer headers for incoming and outgoing IPsec
packets.

[7.1R] The
gre(4)[/url] now
supports ioctls GRESKEY and GREGKEY

which allows set or get GRE key used for outgoing packets.

[7.1R] A bug in the
ipsec(4)[/url]
subsystem that PMTU was broken in those cases when there was a route with a lower MTU
than the MTU of the outgoing interface, has been fixed.

[7.1R] The netatm subsystem has been removed due to lacking multiprocessor
support.

[7.1R] The
ng_nat(4)[/url] now
supports redirect functionality in libalias. For more details,
see the manual page.

[7.1R] The
ng_pptpgre(4)[/url]
now supports multiple hooks like
ng_l2tp(4)[/url], to
use one pair of pptpgre and ksocket nodes for all calls between two peers.

[7.1R] The
resolver(3)[/url] now
allows underscore in domain names. Although this is a violation of RFC 1034 [STD 13], it
is accepted by certain name servers as well as other popular operating systems' resolver
library.

[7.1R] A socket option TCP_CONGESTION for TCP sockets has
been added. This is for setting and retrieving the congestion control algorithm. The name
used is to allow compatibility with Linux.

[7.1R] The
rwlock(9)[/url] has
been used throughout the inpcbinfo and inpcb infrastructure, and protocols that depend on that
infrastructure, including UDP, TCP, and IP raw sockets to reduce the lock
contentions.

[7.1R] The FreeBSD now supports multiple routing tables. To enable this, the following
steps are needed:
  • Add the following kernel configuration option and rebuild the kernel. The 2 is the number of FIB (Forward Information Base, synonym for a
    routing table here). The maximum value is 16.


    options ROUTETABLES=2


    The procedure for rebuilding the FreeBSD kernel is described in the FreeBSD Handbook[/url].

    This number can be modified on boot time. To do so, add the following to /boot/loader.conf and reboot the system:


    net.fibs=6
  • Set a loader tunable net.my_fibnum if needed. This means
    the default number of routing tables. If not specified, 0 will
    be used.
  • Set a loader tunable net.add_addr_allfibs if needed. This
    enables to add routes to all FIBs for new interfaces by default. When this is set to 0, it will only allocate routes on interface changes for the FIB of
    the caller when adding a new set of addresses to an interface. Note that this tunable is
    set to 1 by default.
To select one of the FIBs, the new

setfib(1)[/url]
utility can be used. This set an associated FIB with the process. For example:


# setfib -3 ping target.example.com


The FIB #3 will be used for the
ping(8)[/url]

command.

The FIB which the packet will be associated with will be determined in the following
rules:
  • All packets which have a FIB associated with them will use the FIB. If not, FIB #0
    will be used.
  • A packet received on an interface for forwarding uses FIB #0.
  • A TCP listen socket associated with an FIB will generate accept sockets which are
    associated with the same FIB.
  • A packet generated in response to other packet uses the FIB associated with the packet
    being responded to.
  • A packet generated on tunnel interfaces such as
    gif(4)[/url] and

    tun(4)[/url] will be
    encapsulated using the FIB of the process which set up the tunnel.
  • Routing messages will be associated with the process's FIB.
Also, the
ipfw(8)[/url] now
supports an action rule setfib. The following action:


setfib fibnum


will make the matched packet use the FIB specified in fibnum. The rule processing continues at the next
rule.




2.2.4 Disks and Storage[/url]

The FreeBSD CAM SCSI subsystem (
cam(4)[/url]) now
includes experimental support for ATA/SATA/AHCI-compliant devices. This is disabled by
default. To enable this, adding the following kernel options to your kernel configuration
file and rebuild the kernel:


device ahci
device siis


The current implementation supports AHCI-compliant controllers and SiliconImage
SiI3124/SiI3132/SiI3531 controllers. The device node of an ATA drive is ada and an ATAPI drive is cd.

The FreeBSD iSCSI initiator implementation has been improved and supports IPv6.

A userland utility
mfiutil(8)[/url] for
the
mfi(4)[/url] devices
has been added. This includes basic features to monitor controller, array, and drive
status, change basic attributes, create/delete arrays and spares, and flush the
controller firmware. Note that this is a small utility, not a replacement of MegaCLI in
the Ports Collection which is supported officially and provides more functionality.

A userland utility
mptutil(8)[/url] for
the
mpi(4)[/url] devices
has been added. This includes basic features to monitor controller, array, and drive
status, change basic attributes, and create/delete arrays and spares.

The
siis(4)[/url] driver
has been added to provide support for SiliconImage SiI3124/3132/3531 SATA2 controllers.
It supports Serial ATA and ATAPI devices, port multipliers (including FIS-based
switching), hardware command queues (31 commands per port) and Native Command
Queuing.

[7.2R] The
ata(4)[/url] driver
now supports Marvell PATA M88SX6121.

[7.2R] The
ata(4)[/url] driver
now recognizes nForce MCP67 and MCP73 SATA controllers as AHCI.

[7.2R] The
ataraid(4)[/url]
driver now includes preliminary support for DDF metadata found on Adaptec HostRAID
controllers. Note that spares and rebuilds are not supported yet.

[7.2R] The
cam(4)[/url] SCSI
subsystem now supports a new sysctl variable kern.cam.cd.retry_count. This controls the number of retries for
the CD media. When trying to read scratched or damaged CDs and DVDs, the default
mechanism is sub-optimal, and programs like ddrescue[/b] do much
better if you turn off the retries entirely since their algorithms do it by themselves.
This value is set to 4 (for a total of 5 attempts) by default.
Setting it to 0 turns off all retry attempts.

[7.2R] A bug in the
ciss(4)[/url] driver
which caused low “max device openings” count and led to poor performance has
been fixed.

[7.2R] The
glabel(8)[/url] GEOM
class now supports a new UFS-based label called ufsid that can
be used to reference UFS-carrying devices by the unique file system ID. This file system
ID is automatically generated and detected when the

glabel(8)[/url] GEOM
class is enabled. An example of this new label is: /dev/ufsid/48e69c8b5c8e1b43. The benefit of using GEOM labels in
general is to avoid problems of device renaming when shifting drives or controllers.

[7.2R] The
gjournal(8)[/url] GEOM
class now supports the root file system. Previously, an unclean shutdown would make it
impossible to mount the root file system at boot.

[7.2R] The

gpart(8)[/url] utility
has been updated. The APM scheme now supports Tivo Series 1 partitions (read only), a new
EBR scheme to support Extended Boot Records has been added, the BSD scheme now support
bootcode, and bugs in the PC98 and VTOC8 schemes have been fixed.

[7.2R] An issue in
gvinum(8)[/url] with
access permissions to underlying disks used by a gvinum plex has been fixed. If the plex
is a raid5 plex and is being written to, parity data might have to be read from the
underlying disks, requiring them to be opened for reading as well as writing.

[7.2R] The
hptmv(4)[/url] driver
has been updated to version 1.16 from HighPoint.

[7.2R] The
mmc(4)[/url] and
mmcsd(4)[/url] drivers
now support MMC and SDHC cards, high speed timing, wide bus, and multiblock
transfers.

[7.2R] [sparc64] The
mpt(4)[/url] driver is
now in the GENERIC kernel.

[7.2R] The
sdhci(4)[/url] driver
has been added. This supports PCI devices with class 8 and subclass 5 according to the SD
Host Controller Specification.

[7.2R] The
sdhci(4)[/url] driver
now supports kernel dumping and a sysctl variable hw.sdhci.debug for debug level.

[7.2R] The
twa(4)[/url] driver
now supports 64-bit DMA.

[7.2R] The
mmc(4)[/url]
mmcsd(4)[/url], and

sdhci(4)[/url] driver
are now included as kernel modules.

[7.1R] The
aac(4)[/url] driver
now supports 64-bit array support for RAIDs larger than 2TB and simultaneous opens of the
device for issuing commands to the controller.

[7.1R] The
ata(4)[/url] driver
now supports a loader variable hw.ata.ata_dma_check_80pin.
This can be used to disable the 80pin cable check on broken systems such as certain
laptops and Soekris boards. The default value is 1.

[7.1R] A data corruption problem of the
ata(4)[/url] driver on
ServerWorks HT1000 chipsets has been fixed.

[7.1R] The
ciss(4)[/url] driver
now supports a loader tunable hw.ciss.nop_message_heartbeat

for NOP-message polling in ciss_periodic(). This can be
used as a workaround for ADAPTER HEARTBEAT FAILED issue. The
default value is 0 (disabled).

[7.1R] The geom_part GEOM class can be built as a kernel
module.

[7.1R] The geom_linux_lvm GEOM class can be built as a
kernel module.

[7.1R] The
hptrr(4)[/url] driver
has been updated to version 1.2 from Highpoint.

[7.1R] A buffer overflow in the
iir(4)[/url] driver
has been fixed. This likely fixes a great number of weird problems that have been
reported with this driver.

[7.1R] The
mpt(4)[/url] driver
now supports mpt_user personality.

[7.1R] The
rr232x(4)[/url] driver
has been superseded by

hptrr(4)[/url]
driver.

[7.1R] The
twa(4)[/url] driver
has been improved with regard to stability on machines with a plenty of memory and high
CPU load.





2.2.5 File Systems[/url]

“dangerously dedicated” mode for the UFS file system is no longer
supported.



Important: Such disks will need to be reformatted to work with this
release.



The
gvinum(8)[/url] now
supports commands found in the old vinum implementation including attach, detach, start, stop, concat, mirror, stripe, and raid5.

The
gvinum(8)[/url] now
supports grow command to make it easier for users to extend
plexes without having to understand all of the implementation internals.

The FreeBSD NFS subsystem now supports RPCSEC_GSS
authentication on both the client and server. This replaces the RPC implementation of the
NFS client and server with the newer RPC implementation originally developed to support
the NFS Lock Manager. It supports both the new RPC implementation and the older legacy
implementation inherited from the original NFS codebase and the default is to use the new
one. To use RPCSEC_GSS on either client or server, you must
build a kernel which includes the KGSSAPI option and the

crypto(4)[/url]
device. For more details, see
gssd(8)[/url] manual
page.

The FreeBSD NFS subsystem now includes a new, experimental implementation with support
for NFSv2, NFSv3, and NFSv4. This is not enabled by default. To enable this, add the
following kernel options to your kernel configuration file and rebuild the kernel:


options NFSCL # for NFS client
options NFSD # for NFS server


The fstype for
mount(8)[/url] program
is newnfs, and
mount_newnfs(8)[/url]
program has also been added. The old, unmaintained NFSv4 client based on an
implementation from the University of Michigan was removed from the FreeBSD source
tree.

The FreeBSD NFS subsystem now uses TCP as the default transport.

The shared vnode locking for pathname lookups in the
VFS(9)[/url] subsystem
has been improved. This is enabled by default. Setting a sysctl variable vfs.lookup_shared to 0 disables it. Note
that the LOOKUP_SHARED kernel option equivalent to the sysctl
variable has been removed.

The ZFS[/b] file system has been updated to version 13. The
changes include ZFS operations by a regular user, L2ARC, ZFS Intent Log on separated
disks (slog), sparse volumes, and so on.

[7.2R] The semantics of
acl(3)[/url] extended
access control lists has been changed as follows:

  • The inode modification time (mtime) is not updated when extended attributes are added,
    modified, or removed.
  • The inode access time (atime) is not updated when extended attributes are queried.
[7.2R] The FreeBSD NFS file system now supports a sysctl variable vfs.nfs.prime_access_cache to determine whether or not nfs_getattr() will use an ACCESS RPC to prime the access cache
instead of a simple GETATTR RPC. This is because on many NFS servers an ACCESS RPC is
much more expensive to service than a GETATTR RPC for files in an NFSv3 mount. The sysctl
variable is enabled by default to maintain the previous behavior.

[7.2R] The FreeBSD UDF file system now supports a fifo.

[7.1R] The
fdescfs(5)[/url] is
now MPSAFE.

[7.1R] The
gpart(8)[/url] now
supports BSD disklabels (option GEOM_PART_BSD) and VTOC8
disklabels (option GEOM_PART_VTOC8).

[7.1R] The
gvinum(8)[/url] now
accepts volume parameter when creating a plex.

[7.1R] A pathname lookup bug of a UNIX domain socket in the unionfs(7) has been fixed.






2.3 Userland Changes[/url]

The GCC stack protection (also known as ProPolice) has been enabled in the FreeBSD
base system.

A BSD-licensed ar(1)[/url] utility has
been added in favor of one in GNU binutils[/b] and it is now the
default utility for building the FreeBSD base system.

The
awk(1)[/url] utility
now supports 64 files. The upper limit was 20 in prior releases.

The
bsnmpd(1)[/url]
program now supports OIDs for ZFS.

The
camcontrol(8)[/url]
program now supports a new modularized ATA kernel module and various ATA commands.

The
cat(1)[/url] and cp(1)[/url] now use a
larger buffer if the number of pages of the physical memory on the system is grater than
32k. This reduces the number of context switches.

A new BSD-licensed
cpio(1)[/url] utility
has been added in favor of GNU cpio[/b] and it is now the default
utility in the FreeBSD base system.

A script for the
crashinfo(8)[/url]

utility for simple analysis of crash dump has been added. It generates a text file
containing the output of several commands run against the core dump such as
kgdb(1)[/url] (stack
trace), ps(1)[/url],
netstat(1)[/url],
vmstat(8)[/url],

iostat(8)[/url],
dmesg(8)[/url], and
fstat(1)[/url].

The df(1)[/url] utility's -h flag now supports displaying inode counts in a human-readable
format when a flag -i is specified.

The df(1)[/url] utility now
supports a -T flag to display file system type in each
entry.

A bug in the
dhclient(8)[/url] that
can create a malformed /etc/resolv.conf has been fixed.

The
dhclient(8)[/url] now
uses an -n flag when invoking
route(8)[/url]
command. This eliminates a long delay in the case that it gets a lease but DNS service is
not working.

The
dhclient(8)[/url]
utility now uses 68 (bootpc) as the source port for unicast DHCPREQUEST packets instead of allowing the protocol stack to pick a
random source port. This fixes the behavior where
dhclient(8)[/url]
would never transition from RENEWING to BOUND without going through REBINDING in
some networks which has a tight policy on DHCP spoofing.

The
env(1)[/url] utility
now supports a -u name
option that completely unsets the given name instead of setting it to a null value.

The
find(1)[/url] utility
now supports a number of primaries found in GNU find[/b] including

-ignore_readdir_race, -noignore_readdir_race, -noleaf, -gid, -uid, -wholename, -iwholename, -mount, -d, -lname, -ilname, -quit, -samefile, and -true.

The
fsck(8)[/url] utility
now supports a -r flag to free up excess unused inodes.
Decreasing the number of preallocated inodes reduces the running time of future runs of
fsck and frees up space that can allocated to files. This flag is ignored when running in
preen mode.

The
freebsd-update(8)[/url] now supports backing up the old
kernel when installing a new kernel. The backup kernel will be written to /boot/kernel.old if the directory does not exist or the directory
was created by freebsd-update in a previous backup. Otherwise the

freebsd-update(8)[/url] will generate a new directory
name for use by the backup. This is enabled by default.

The
gdbserver(1)[/url] now
supports arm and powerpc platforms.

The
gpt(8)[/url] program
has been removed in favor of

gpart(8)[/url].

The
gzip(1)[/url] utility
now supports uncompressing files which are created by pack[/b]
found in some commercial UNIX-like systems.

The

i2c(8)[/url] utility
for diagnostics of I2C has been added.

The
ifconfig(8)[/url] now
supports vnet and -vnet option to
allow moving interfaces between jails with vimage.

A BSD-licensed libdwarf library has been added for DTrace
clients.

The libmsun library now supports acosl(), asinl(), atanl(), atan2l(), cargl(), csqrtl(), fmodl(), hypotl(), and remquol() functions.

The libproc library has been added for DTrace clients.

The
mtest(8)[/url] utility
now supports IPv6.

The

mount(8)[/url] program
now supports an -o mountprog=filename option to allow an alternative program to
be used for mounting a file system. This is useful for non-
nmount(2)[/url] based
file systems such as FUSE.

The

nfscbd(8)[/url],
nfsuserd(8)[/url],
nfsdumpstate(8)[/url],
and
nfsrevoke(8)[/url]
utilities for the new NFSv4 subsystem has been added.

The
pmcannotate(8)[/url]
utility has been added. This prints out sources of a tool (in C or assembly) with inlined
profiling informations retrieved by a prior
pmcstat(8)[/url]
analysis.

The
route(8)[/url] utility
now supports show, weights, and sticky commands. For more details, see the

route(8)[/url] manual
page.

The
rtld(1)[/url] now
supports a new environment variable LD_ELF_HINTS_PATH for
overriding the rtld hints file. This environment variable would be ignored if the process
uses setuid and/or setgid. This feature gives a convenient way to use a custom set of
shared library that is not in the default location.

The
rtld(1)[/url] now
supports the dynamic string token substitution in the rpath and soneeded pathes. The
$ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens are
supported. Enabling the substitution requires DF_ORIGIN flag in

DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z
origin GNU ld[/b] flag. This translation is unconditionally
disabled for setuid/setgid processes. The $ORIGIN
translation relies on the AT_EXECPATH auxinfo supplied by the
FreeBSD kernel.

It is no longer possible to create UFS filesystems in “dangerously
dedicated” mode using
sysinstall(8)[/url]
since this mode is no longer supported.


sysinstall(8)[/url]
menus have been simplified to reduce confusion and duplication with other parts of the
system. The Xorg[/b] window system should be installed just like
any other package. Configuration of Linux[/b] and OSF/1[/b] emulation should be done via kernel rebuilds. Support for
installation from tape media was removed as it was believed to be broken. Obsolete code
to support OLDCARD was also removed.


sysinstall(8)[/url]
now understands how to use unsliced USB drives as installation source media via /dev/daXa


sysinstall(8)[/url]
now recognizes the new /dev/adaX disk devices, if compiled into the kernel.


sysinstall(8)[/url]
now uses the freebsd-doc-*
packages for localized documents.


sysinstall(8)[/url]
now ejects the CDROM after installation if it was used as source media.

The
traceroute(8)[/url]
and
traceroute6(8)[/url]
now support an -a flag to display AS number corresponding to
the lookup IP address on each hop. It will query the number to WHOIS server specified in
-A option. If no -A is specified,

whois.radb.net will be used as the default value.

The
tzsetup(8)[/url] now
supports an -s flag to skip the question about adjusting the
clock to UTC.

The

wake(8)[/url] utility,
a tool to send Wake on LAN frames to hosts on a local Ethernet network has been
added.

The
ypserv(8)[/url]
program now supports shadow.byname and shadow.byuid maps.

[7.2R] A bug in the
atacontrol(8)[/url]
utility, which prevents it from working when /usr is not
mounted or invoked from /rescue, has been fixed.

[7.2R] The
btpand(8)[/url] daemon
from NetBSD has been added. This daemon provides support for Bluetooth Network Access
Point (NAP), Group Ad-hoc Network (GN) and Personal Area Network User (PANU)
profiles.

[7.2R] The
cpucontrol(8)[/url]
utility has been added to control
cpuctl(4)[/url]
pseudo-device.

[7.2R] The
ncal(1)[/url] utility
now supports multibyte characters.

[7.2R] The
newfs(8)[/url] utility
now supports operations on a regular file.

[7.2R] The
config(8)[/url]
utility now supports multiple makeoption lines.

[7.2R] The
csup(1)[/url] utility
now supports CVSMode to fetch a complete CVS repository. Note that the rsync transfer
mode is currently disabled.

[7.2R] The
dirname(1)[/url]
utility now accepts multiple arguments in the same way that
basename(1)[/url]

does.

[7.2R] The du(1)[/url] utility now
supports an -l flag. When specified, the du(1)[/url] utility counts
a file with multiple hard links as multiple different files.

[7.2R] The du(1)[/url] utility now
supports an -A flag to display the apparent size instead of
the disk usage. This can be helpful when operating on compressed volumes or sparse
files.

[7.2R] The du(1)[/url] utility now
supports a -B blocksize

option to calculate block counts in blocks of blocksize bytes. This is different from the -k or -m options or setting BLOCKSIZE and gives an estimate of how much space the examined
file hierarchy would require on a file system with the given blocksize. Unless in -A mode,

blocksize is rounded up to the next multiple of
512.

[7.2R] The
dumpfs(8)[/url]
utility now supports an -f flag, which causes it to list all
free fragments in the file system by fragment (block) number. This new mode does the
necessary arithmetic to generate absolute fragment numbers rather than the cg-relative
numbers printed in the default mode.

[7.2R] If -f is passed once, contiguous fragment ranges
are collapsed into an X-Y format as free block lists are currently printed in regular
dumpfs output. If specified twice, all block numbers are printed individually, allowing
both compact and more script-friendly representation.

[7.2R] The
fetch(1)[/url] utility
now supports an -i flag which supports the If-Modified-Since
HTTP 1.1 request. If specified it will cause the file to be downloaded only if it is more
recent than the mtime of the local file. Also, libfetch[/b] now
accepts the mtime in the url structure and a flag to indicate when this behavior is
desired.

[7.2R] The

fsck(8)[/url] utility
now supports a -C flag for check
clean mode. This checks if the file system was dismounted cleanly first and then
skip file system checks if true. Otherwise it does full checks.

[7.2R] The
fsck(8)[/url] utility
now supports a -D flag for damaged recovery mode, which will
enable certain aggressive operations that can make

fsck(8)[/url] to
survive with file systems that has very serious data damage. This is a useful last resort
when on disk data damage is very serious and causes
fsck(8)[/url] to
crash.

[7.2R] The
getaddrinfo(3)[/url]
function now supports SCTP.

[7.2R] A bug was fixed in the
ipfw(8)[/url] utility
which displays extra messages for a NAT rule even when a -q
flag is specified.

[7.2R] The ln(1)[/url] utility now
supports a -w flag to check if the source file actually
exists. When the flag is specified and the file does not exist, ln(1)[/url] will issue a
warning message.

The ln(1)[/url] utility now
allows creating hard links to symbolic links because the POSIX.1-2008 requires this
behavior for -L and -P flag.

The
lpr(1)[/url] utility
now support an -m flag to send an email after the job is
completed and a -t option to set the job title.

[7.2R] The
make(1)[/url] utility
now supports a -p flag to print the input graph only, without
executing any commands. The output is the same as -d g1. When
combined with -f /dev/null, only the built-in rules of make
are displayed.

[7.2R] The

make(1)[/url] utility
now supports a -Q flag to cause file banners not to be
generated in addition to the same effect of a -q flag when a
-j option is specified.

[7.2R] The

make(1)[/url] utility
now supports the .MAKE.JOB.PREFIX variable. If -j and -v are specified, its output for
each target is prefixed with a token --- target --- the first part of which can be controlled
via the variable.

[7.2R] The
make(1)[/url] utility
now supports .MAKE.PID and .MAKE.PPID variable. These are set to process ID of the
make(1)[/url] process
and its parent process respectively.

[7.2R] The
makefs(8)[/url]
utility to create a file system image from a directory tree has been added.

[7.2R] The
mergemaster(8)[/url]
utility now supports an -F option to automatically install
files that differ only in their version control ID strings.

[7.2R] The
mount(8)[/url] utility
now supports an -o mountprog=/somewhere/mount_xxx option to force it to use the
specified program to mount the file system instead of calling
nmount(2)[/url]
directly. This is useful when you want to use third party programs such as FUSE, for
example.

[7.2R] The
netstat(1)[/url]
utility now reports
unix(4)[/url] sockets'
listen queue statistics when an -L flag is specified.

[7.2R] A bug in the
netstat(1)[/url]
utility has been fixed. It crashed with the following options in the previous
versions:


% netstat -m -N foo


[7.2R] A bug in the
netstat(1)[/url]

utility has been fixed. The -ss option now works in the icmp6
section as expected.

[7.2R] The
pciconf(8)[/url]
utility now supports a -b flag, which lists any base address
registers (BAR) that are assigned resources for each device.

[7.2R] The
powerd(8)[/url]
program has been improved. Changes include reasonable CPU load estimation on SMP systems
and a new mode named as hiadaptive for AC-powered systems. The
hiadaptive mode raises the CPU frequency twice as fast as adaptive, it drops the CPU frequency 4 times slower, prefers twice
lower CPU load and has an additional delay before leaving the highest frequency after the
period of maximum load.

The

revoke(1)[/url]
utility has been added. This is a wrapper of
revoke(2)[/url]
syscall.

[7.2R] The
stat(1)[/url] utility
now displays an octal representation of suid, sgid and sticky bits when the -x flag is specified.

[7.2R] The
strndup(3)[/url]
function has been added.

The
tftpd(8)[/url] program
now supports a -W option. This is almost the same as a -w option but will generate unique named based on the submitted
filename, a

strftime(3)[/url]
format string, and a two digit sequence number. The time format string can be set by an
-F option.

[7.2R] The wc(1)[/url] utility now
supports an -L flag to output the number of characters in the
longest input line.

[7.2R] A bug in the
rpc.yppasswdd(8)[/url]
program, which causes it to leave a zombie process when a password or default shell is
changed, has been fixed.

[7.1R] The
adduser(8)[/url]
utility now supports a -M option to set the mode of a new
user's home directory.

[7.1R] The
atacontrol(8)[/url]
utility now supports a spindown command to set or report timeout
after which the device will be spun down.

[7.1R] The
chflags(1)[/url] now
supports a -v flag for verbose output, a -f flag to ignore errors, and -h to
allow setting flags on symbolic links with the same semantics as (for example)

chmod(1)[/url].

[7.1R] The cp(1)[/url] now supports a
-a flag, which is equivalent to -RpP flags.

[7.1R] A bug in the cp(1)[/url] utility which
prevents POSIX.1e ACL (see also
acl(3)[/url]) from
copying properly has been fixed.

[7.1R] The
cron(8)[/url] utility
now supports -m flag which overrides the default mail
recipient for cron mails unless explicitly provided by MAILTO=

line in crontab file.

[7.1R] The
dhclient(8)[/url] now
supports more options described in
dhcp-options(5)[/url].

[7.1R] The
dhclient(8)[/url] now
supports is_default_interface() function which determines
if this interface is one with the default route.

[7.1R] A bug in the
dhclient(8)[/url] that
prevents removal of the default route from working has been fixed.

[7.1R] The
environ(7)[/url],
environment array of strings now supports unsetting a variable by setting the first
character to NULL. This is required by third-party software such as Dovecot[/b] and Postfix[/b].

[7.1R] The
fdisk(8)[/url] now
supports a -q flag to not display any warnings.

[7.1R] The
fetch(1)[/url] program
and libfetch library now supports a NO_PROXY environment variable. This specifies comma- or
whitespace-separated list of host names for which proxies should not be used. If a single
asterisk is specified, the use of proxies is disabled.

[7.1R] The

ffsll(3)[/url] and
flsll(3)[/url]
functions have been added. These functions are the same as
ffs(3)[/url] and
fls(3)[/url] except
that they accept long long as the arguments.

[7.1R] The
fortune(6)[/url]
program now supports FORTUNE_PATH environment variable to
specify search path of the fortune files.

[7.1R] A bug in the
fortune(6)[/url]

program that prevents -e option with multiple files from
working has been fixed.

[7.1R] The
freebsd-update.conf(5)[/url] now supports IDSIgnorePaths statement.

[7.1R] The
fwcontrol(8)[/url]
utility now supports -f node option which specifies node as the root node on the next bus reset.

[7.1R] [sparc64] The

gcc(1)[/url] now
accepts -mcpu option properly; it was hardcoded as -mcpu=ultrasparc.

[7.1R] The
ifconfig(8)[/url]
command now supports display of WPS IE (Wireless Provisioning Services Information
Element).

[7.1R] The
kgdb(1)[/url] command
now supports an add-kld kld
command to locate a
kld(4)[/url] and load
its symbols.

[7.1R] The
kgdb(1)[/url] command
now has a shared library backend for kernel files that treats
kld(4)[/url] as shared
libraries and auto-loading symbols for
kld(4)[/url] on
startup.

[7.1R] The
kgdb(1)[/url] now
supports a tid command and other kernel module related commands
even for a remote target.

[7.1R] The
kvm_getcptime(3)[/url]

function to obtain the global CPU time statistics from the kernel has been added.

[7.1R] The libalias library now supports PORT and EPRT FTP commands in
lowercase.

[7.1R] The

man(1)[/url] now
includes a limited support of
bzip2(1)[/url]-compressed manual pages.

[7.1R] The
mdconfig(8)[/url]
command now supports a -v (verbose) flag to -l command. It shows size and backing store of all md(4)[/url] devices at one
time.

[7.1R] The
memrchr(3)[/url]
function has been added. This behaves like
memchr(3)[/url] except
that it locates the last occurrence of the specified character in the string.

[7.1R] The incorrect output grammar of
morse(6)[/url] program
has been fixed.

[7.1R] The
mountd(8)[/url]
utility now supports -h bindip option which specifies IP addresses to bind
to for TCP and UDP requests. This option may be specified multiple times. If no -h option is specified, INADDR_ANY will be
used. Note that when specifying IP addresses with this option, it will automatically add

127.0.0.1 and if IPv6 is enabled, ::1
to the list.

[7.1R] The
moused(8)[/url]
utility now supports -L flag which changes the speed of
scrolling and changes -U option behavior to only affect the
scroll threshold.

[7.1R] The mv(1)[/url] command now
support POSIX specification when moving a directory to an existing directory across
devices.

[7.1R] The
periodic(8)[/url] now
supports daily_status_mail_rejects_shorten configuration
variable in

periodic.conf(5)[/url]. This allows the rejected mail
reports to tally the rejects per blacklist without providing details about individual
sender hosts. The default configuration keeps the reports in their original form.

[7.1R] The
ping6(8)[/url] now
uses exit status of 0 and 2 in the same
manner as

ping(8)[/url].

[7.1R] The
ping6(8)[/url] now
supports an -o flag, which makes
ping6(8)[/url] exit
successfully after receiving one reply packet.

[7.1R] The
ping6(8)[/url] now
supports -r and -R flags, which
are equivalent to
ping(8)[/url]'s -a and -A flags, respectively.

[7.1R] The minimum allowed interval of
ping6(8)[/url] has
been decreased to 0.000001 from 0.01.

[7.1R] The
realpath(1)[/url]
utility now supports a -q flag to suppress warnings and
accepts multiple paths on its command line.

[7.1R] The
rfcomm_pppd(8)[/url]
now supports a -D flag to register DUN (Dial-Up Networking)
service in addition to the LAN (LAN Access Using PPP) service.

[7.1R] The
sdpd(8)[/url] now
supports a NAP, GN, and PANU profiles.

[7.1R] The
setkey(8)[/url]
utility now accepts esp as a protocol name for the spdadd command.

[7.1R] A bug in

telnetd(8)[/url] that
caused it to attempt authentication even when -a off option
is specified has been fixed.

[7.1R] The
top(1)[/url] and
vmstat(8)[/url]

commands now support -P flag which displays per-CPU
statistics.

[7.1R] The
uuid_enc_le(3)[/url],

uuid_dec_le(3)[/url],

uuid_enc_be(3)[/url],
and

uuid_dec_be(3)[/url]
functions have been added. These functions encode/decode a binary representation of a
UUID.

[7.1R] The
watch(8)[/url] utility
now supports more than 10
snp(4)[/url] devices
at a time.

[7.1R] The
ypserv(8)[/url] daemon
now supports a -P option to specify the port number on which
it should listen.



2.3.1 /etc/rc.d Scripts[/url]

[7.1R] The
rc.conf(5)[/url] now
supports dummynet_enable variable which allow
dummynet(4)[/url]
kernel module to be loaded when firewall_enable is YES.

[7.1R] The ntpd rc(8)[/url] script can work
with no configuration file /etc/ntp.conf now.

[7.1R] The ppp rc(8)[/url] script now
supports multiple instances. For more details, see the description of ppp_profile variable in

rc.conf(5)[/url].

[7.1R] The sysctl rc(8)[/url] script now
supports loading /etc/sysctl.conf.local in addition to /etc/sysctl.conf.

[7.1R] The
rc.conf(5)[/url] now
supports configuration of interfaces and attached networks for firewall rule set by rc.firewall when firewall_type is simple or client. See firewall_client_net, firewall_simple_iif, firewall_simple_inet, firewall_simple_oif, and firewall_simple_onet.






2.4 Contributed Software[/url]

ISC BIND[/b] has been updated to version 9.6.1rc1.

The ACPI-CA[/b] has been updated to 20090521.

The ee[/b] (easy editor) has been updated to 1.5.0. This
version is now licensed under a 2-clause BSD license, instead of the Artistic
license.

The hostapd[/b] has been updated to version 0.6.8 + radius ACL
support.

The less[/b] has been updated to version v436.

The libarchive library has been updated to version
2.7.0.

The libexpat library has been updated from version 1.95.5 to
version 2.0.1.

The ncurses library has been updated to version
5.7-20081102.

OpenBSM[/b] 1.1 from Trusted BSD Project has been merged.

TCPDUMP[/b] has been updated to 4.0.0.

The timezone database has been updated to the tzdata2009f[/b]
release.

wpa_supplicant[/b] has been updated to version 0.6.8

The ZFS[/b] file system has been updated from version 6 to
version 13.

[7.1R] The am-utils[/b] has been updated from version 6.0.10p1
to version 6.1.5.

[7.1R] The awk[/b] has been updated from 1 May 2007 release to
the 23 October 2007 release.

[7.1R] The bzip2[/b] has been updated from version 1.0.4 to
version 1.0.5.

[7.1R] The CVS[/b] has been updated to version 1.11.22.1.

[7.1R] NTP[/b] has been updated to version 4.2.4p5.

[7.1R] OpenPAM[/b] has been updated from the Figwort release to
the Hydrangea release.

[7.1R] OpenSSH[/b] has been updated from version 4.5p1 to
version 5.1p1.

[7.1R] The
resolver(3)[/url]
library has been updated to one of ISC BIND[/b] 9.4.3.

[7.1R] sendmail[/b] has been updated from version 8.14.2 to
version 8.14.3.





2.5 Ports/Packages Collection
Infrastructure[/url]

[7.2R] A bug in the
pkg_create(1)[/url]
utility, which prevented the -n flag from working has been
fixed.

[7.2R] The FreeBSD Ports Collection now supports multiple
make(1)[/url] jobs in
some supported ports. This is automatically enabled when a port is marked as MAKE_JOBS_SAFE and improves CPU utilization at the build stage by
passing an option -jX to
the top level Makefile from the vendor. The number X is set to the number of CPUs by default, and can be set
by users via a

make(1)[/url] variable
MAKE_JOBS_NUMBER. For more details, see ports/Mk/bsd.port.mk.




2.6 Release Engineering and
Integration[/url]

The supported version of the GNOME[/b] desktop environment (x11/gnome2[/url]) has been updated to 2.26.3.

The supported version of the KDE[/b] desktop environment (x11/kde4[/url]) has been updated to 4.3.1.





3 Upgrading from previous releases of
FreeBSD[/url]

[amd64, i386] Upgrades between RELEASE versions (and snapshots of the various security
branches) are supported using the

freebsd-update(8)[/url] utility. The binary upgrade
procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP
kernels distributed as a part of an official FreeBSD release. The
freebsd-update(8)[/url] utility requires that the host
being upgraded has Internet connectivity.

An older form of binary upgrade is supported through the Upgrade option from the main
sysinstall(8)[/url]

menu on CDROM distribution media. This type of binary upgrade may be useful on non-i386,
non-amd64 machines or on systems with no Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD base system from source
code) from previous versions are supported, according to the instructions in /usr/src/UPDATING.



Important: Upgrading FreeBSD should, of course, only be attempted after backing
up all[/i] data and configuration
files.







This file, and other release-related documents, can be
downloaded from ftp://ftp.FreeBSD.org/.

For questions about FreeBSD, read the documentation[/url] before contacting <questions@FreeBSD.org[/url]>.

For questions about this documentation, e-mail <doc@FreeBSD.org[/url]>.



Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 1:47:25
hizel
наркоман? :pardon:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 2:00:33
f_andrey
Однозначно :)
Поэтому мирно едем в null :evil:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 2:50:28
ProFTP
8.0 замерзают с June 26th , скоро будет релиз
August 2009 FreeBSD 8.0 Code Freeze since June 26th
http://www.freebsd.org/releng/

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 3:13:55
f_andrey
ProFTP писал(а):нафига ты перенес? делать нефиг?
ибо не новость, и твои измышления по поводу вообще не выдерживают никакой критики ;)

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-29 3:34:05
ProFTP
ну что тут не понятно если замораживают восьмерку?

должно появится:
http://ru.wikipedia.org/wiki/NCQ
http://ru.wikipedia.org/wiki/Message_Si ... Interrupts
http://en.wikipedia.org/wiki/Port_multiplier
http://planet.xbsd.org/tag/freebsd%208.0/
юникод в консоле http://lists.freebsd.org/pipermail/free ... 09351.html
и VDS клетки наверное, только никто не пишет что они там будут

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-07-31 23:08:33
FenX
ты ппц.
http://www.freebsd.org/news/newsflash.h ... 0090718:01

последняя новость относительно 8ки - бета2.

до релиза ещё как до луны на тракторе.

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-08-01 3:08:34
Гость
судя по 8.0TODO BETA3 должна была быть давно выпущена. Если re@ сразу выпустит RC1 (пропуская BETA3), то можно их смело отправлять в биореактор за урезание времени на QA.

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 10:48:38
gen_attr
Народ, а такой тупой вопрос - в 8-ке исправили кернел паник при вытыкании неотмонтированной флешки?

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 10:52:04
hizel
там новый usb стэк, так что исправили, но возможно добавили других глюков ;]

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 11:02:50
gen_attr
В свете информации о новом usb-стеке и спрашиваю - кто-нить проверял специально именно это? :smile:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 11:08:06
terminus
У всех Ъ БСДшников выполнение команды unmount /mnt/usb перед выдерниванием фляшки является рефлексом и не осознается как обособленное действие.

Накуй эксперименты :smile:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 11:42:05
gen_attr
Ну блин, обновлюсь и сам проверю :)

Не один планирую пользоваться ноутом.

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 11:43:27
gen_attr
После команды unmount на автомате, кстати, поймаете панику :)

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-09-22 18:56:10
hizel
ээ напомните когда там паника раньше была, щаз протестю? : )

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 11:19:22
terminus
ivoras протестировал работу 1000 джайлов в 8.0 ;-)
http://ivoras.sharanet.org/blog/tree/20 ... jails.html

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 16:21:48
Alex Keda
чё-то видео его не кажет...

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 19:18:46
terminus
там видео в Ogg под <video></video> - надо через Firefox3 смотреть...

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 20:03:54
terminus
Еше одна хорошая новость про подсистему SATA которую mav пилит :smile:
http://forums.freebsd.org/showthread.php?t=7871

FreeBSD 7.1

Код: Выделить всё

ad4:
Number of processes: 1.  Bytes per second: 8708462      Requests per second: 133
Number of processes: 2.  Bytes per second: 8698291      Requests per second: 132
Number of processes: 5.  Bytes per second: 8791501      Requests per second: 134
Number of processes: 10.  Bytes per second: 8840052     Requests per second: 135
Number of processes: 20.  Bytes per second: 8942725     Requests per second: 136
Number of processes: 50.  Bytes per second: 9021465     Requests per second: 137
Number of processes: 100.  Bytes per second: 9080795    Requests per second: 138
Number of processes: 200.  Bytes per second: 9125459    Requests per second: 139
Number of processes: 500.  Bytes per second: 9142287    Requests per second: 139

gm0 (ad4,ad6,ad8,ad10):
Number of processes: 1.  Bytes per second: 8746213      Requests per second: 133
Number of processes: 2.  Bytes per second: 16563067     Requests per second: 253
Number of processes: 5.  Bytes per second: 27960155     Requests per second: 427
Number of processes: 10. Bytes per second: 32801220     Requests per second: 501
Number of processes: 20. Bytes per second: 33826945     Requests per second: 517
Number of processes: 50. Bytes per second: 35337642     Requests per second: 540
Number of processes: 100.  Bytes per second: 35175787   Requests per second: 537
Number of processes: 200.  Bytes per second: 33281248   Requests per second: 508
Number of processes: 500.  Bytes per second: 34200148   Requests per second: 522
FreeBSD 8.0-RC1

Код: Выделить всё

ada0 (ad4):
Number of processes: 1.  Bytes per second: 8452955      Requests per second: 129
Number of processes: 2.  Bytes per second: 10020275     Requests per second: 153
Number of processes: 5.  Bytes per second: 12606027     Requests per second: 192
Number of processes: 10.  Bytes per second: 14038579    Requests per second: 214
Number of processes: 20.  Bytes per second: 14600856    Requests per second: 223
Number of processes: 50.  Bytes per second: 13430015    Requests per second: 205
Number of processes: 100.  Bytes per second: 13684512   Requests per second: 209
Number of processes: 200.  Bytes per second: 14657450   Requests per second: 224
Number of processes: 500.  Bytes per second: 14443617   Requests per second: 220

gm0 (ada0, ada1, ada2, ada3):
Number of processes: 1.  Bytes per second: 8698530      Requests per second: 132
Number of processes: 2.  Bytes per second: 16796085     Requests per second: 256
Number of processes: 5.  Bytes per second: 31180404     Requests per second: 476
Number of processes: 10.  Bytes per second: 40947618    Requests per second: 625
Number of processes: 20.  Bytes per second: 48925458    Requests per second: 747
Number of processes: 50.  Bytes per second: 56929077    Requests per second: 870
Number of processes: 100.  Bytes per second: 55048140   Requests per second: 841
Number of processes: 200.  Bytes per second: 57478504   Requests per second: 878
Number of processes: 500.  Bytes per second: 58590155   Requests per second: 895
нифигово если начать делить одно на другое и подсчитывать разы :smile:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 21:03:05
iZEN
gen_attr писал(а):Народ, а такой тупой вопрос - в 8-ке исправили кернел паник при вытыкании неотмонтированной флешки?
Да.
Обхожусь без HAL'а: http://izenfire.blogspot.com/2009/09/fr ... mount.html

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-22 21:03:33
iZEN
gen_attr писал(а):После команды unmount на автомате, кстати, поймаете панику :)
Ложь.

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-23 8:18:52
Alex Keda
там линк на интересный патч.
незакоммиченный, кстати..
никто не в курсе кто GEOM пилит?
мож пнуть надо...

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-23 8:44:40
terminus
ты про патч на gmirror? я ж про это уже писал сто раз - как этот патч полтора года назад написали, а потом так и не закоммители, а еще потом его один наш переписал с нуля так как не знал, что тот уже был написан...

вот новый вариант того же исправления:
http://lists.freebsd.org/pipermail/free ... 06310.html

А в данный момент:
http://wiki.freebsd.org/8.0TODO#head-1a ... 84602e866a
20090718 - gmirror performance improvement (IvanVoras) (patch rejected: more testing required)
и хз закоммичен он в CURRENT или нет - ivoras вот собирался его коммитить да так что-то и не срослось... :unknown:

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-28 22:28:45
Fern
Ам... Дабы не плодить тем, спрошу тут, может и прочтёт кто...
Вот в 8.0-RC1 wifi настраивается как то странно (относительно 7.х конечно). По совету MASiK`a сделал такую запись в rc.conf:

Код: Выделить всё

wlans_rum0=wlan0
ifconfig_wlan0="DHCP ssid <имя ссид'а> wpa up"
Вопрос собственно такой, это зачем оно так придумано? И теперь получается, что помимо прописывания нужных ssid в wpa_supplicant.conf придется их все запихивать в rc.conf :cz2: Непонятно, как тогда сделать приоритет ssid.
Попутно: некоторые порты будучи добавлены через sysinstall ведут себя странно, крестик есть, а самой программы на диске нет. Отличительное сходство - они все для выполнения под иксами. Это от того что RC?
Ну и на будущее, где можно почитать, как правильно обновить систему до RC2, а потом и до release?

Re: FreeBSD 8.0-RELEASE

Добавлено: 2009-10-28 22:34:08
manefesto
rc - Release candidate