Friday, August 29, 2014

FreeBSD Foundation announces IPsec Enhancement Project

The Internet Protocol Security (IPsec) suite is used to implement virtual private networks on FreeBSD and other operating systems. As the networking world continues its transition from 1 to 10, to 40 gigabit per second speeds, and faster, improvements in IPsec’s cryptographic building blocks are necessary to keep pace. The FreeBSD Foundation is pleased to announce that long-time FreeBSD developer John-Mark Gurney is adding modern AES modes to FreeBSD’s cryptographic framework and IPsec. This project is co-sponsored by the FreeBSD Foundation and Netgate, a leading vendor of BSD-based firewalls and networking gear.

The project adds new encryption modes while also importing infrastructure updates from OpenBSD giving FreeBSD users unprecedented support for high performance, encrypted communications.  New modes include AES-CTR and AES-GCM with hardware acceleration using Intel’s AES-NI instructions. According to John-Mark, “on a modern 64-bit x86 CPU one core can process about 1 gigabyte per second of data” using the new AES-GCM mode.

Concurrent with this project, FreeBSD committer and pfSense employee Ermal Luçi will update the FreeBSD IPsec stack to take advantage of the new cryptographic modes.

Jim Thompson, a co-owner of both Netgate and ESF (the company behind pfSense), said “We are pleased to contribute to this project.  Our interest in high-performance IPsec is obvious, however we also recognize the importance of contributing this capability to the FreeBSD project. Not only because our own software is based on FreeBSD, but for the benefit it brings to the entire community.  We plan to have AES-GCM support for IPsec with AES-NI acceleration available in the 2.2 release of pfSense software.”

The project is currently in progress, with a planned completion at the end of September 2014.

Wednesday, August 20, 2014

EuroBSDCon 2014 Travel Grant Deadline Extended

The deadline for submitting your application for a Travel Grant to EuroBSDCon 2014 has been extended. Please submit your application by Friday, August 22, 2014. Find out more at: https://www.freebsdfoundation.org/announcements#eurobsdcon2014

Tuesday, August 12, 2014

BSDCan Trip Report: Baptiste Daroussin

The next trip report is from Baptiste Daroussin:

Thanks to the FreeBSD Foundation I was able to attend BSDCan 2014.

I arrived in Ottawa on Tuesday evening and went directly to the Royal Oak where I met other FreeBSD developers.

On Wednesday, the DevSummit started with the FreeBSD future plans where I was mainly interested in pushing subjects like packaging base, dma(8) integration, improvements in kqueue, and status of the toolchain.

The afternoon was mainly spent meeting with many other developers to talk face to face on subjects which usually take a while to resolve via mail.

Thursday started with the ports and package session where I talked about the status of the package distribution: from building packages to distributing packages on the FreeBSD cluster. I gave a brief status about pkg(8). We talked about the pkg_tools decomission. We had a long and interesting discussion about the future of the ports tree. The other subjects we talked about were packaging-base, continuous integration of the ports tree, cross building packages, and the license framework.

Like the previous day, I spent the afternoon discussing pkg(8) with other developers, as well as phabricator, and discussing with clusteradm about different possibilities for distributed "extra" packages repositories.

On Friday and Saturday the main conference took place. There were plenty of different interesting talks I went to.

The main interesting one for me was " The architecture of the new solver in pkg" by Vsevolod Stakhov as it gave me more details about his wonderful work on pkg during GSoC 2013!

This conference has been really succesful for me. It was the first time we were able to get 4 pkg developers together: Vsevolod Stakhov (vsevolod@), Bryan Drewery (bdrewery@), Matthew Seaman (matthew@), and myself. I found it really productive to exchange ideas, share problems, and simply have discussion.

This conference also allows me to talk with clusteradm people, in particular Glen Barber (gjb), Peter Wemm (peter@), and Sean Bruno (sbruno@)

There was also the opportunity for 4 portmgrs, a future portmgr, and a former portmgr to have an informal meeting which was really great!

Friday, August 8, 2014

July/August Issue of The FreeBSD Journal Now Available

The fourth issue of the online FreeBSD Journal is now available! The issue is all about FreeBSD and Virtualization and includes topics such as FreeBSD on Amazon's EC2, and FreeBSD's own native virtualization system, bhyve. Plus, you'll find pieces on Xen, the USE Method, and more. The FreeBSD Journal is available at the Apple, Google, and Kindle stores at $19.99/year for six (6) issues or $6.99 for a single issue. Not a subscriber? Find out more and subscribe today!


Tuesday, August 5, 2014

BSDCan Trip Report: Mark Linimon

The next trip report is from Mark Linimon:

The first day, Tuesday, was an unoffficial day, spent socializing.

The Developer's Summit began Wednesday.  My main interest was to attend the "FreeBSD future plans" session.   Of particular interest was the discussion about how Release Engineering should look in the future. The ports team has done a great deal of work to decouple ports releases from src releases.  This required both changes in the way packages were built, as well as a substantial amount of new hardware to be able to build multiple package sets simultaneously.  (Much of this hardware was purchased by the Foundation).  This was the first change that many of the src and docs people had been brought up to speed on these developments.

Thursday, of course, my main interest was the Ports and Packages session.

In the evening, I was invited to an informal meeting with the various Ports Management Team (portmgrs) who were in attendance.  (I had previously served for several years on this team.)  Somehow, I was "volunteered" to rejoin the Ports Management team with an "advisor" status.  Clearly, peer pressure works.

Friday the conference itself started.  I spent some of the day trying to catch up on rest from the hectic first two days, and then socialized in the evening.

On Saturday, the most interesting session was the FreeNAS development talk.  While it was informative, there was also an opportunity to heckle John Hixson.

Perhaps the most important task that I accomplished during the conference was to sit down with Bryan Drewery and discuss future software improvements to the Ports Monitoring System (portsmon), which I wrote.

portsmon has survived many changes in FreeBSD.  The first was from CVS to SVN.  More recently, the ports build farm has been switched over from the old portbuild codebase to a completely rewritten system.  Our discussion dealt with the changes that I needed to make to port over to the new system; what the future changes to the new system would be; and changes that I requested that would make portsmon's job easier.  These changes have now been incorporated.  The next task is to catch up with the change from GNATS to Bugzilla; by that point, all of the inputs to portsmon will have been switched over from their initial codebase.