GSoC/GCI Archive
Google Summer of Code 2009

The FreeBSD Project

Web Page: http://www.freebsd.org/projects/summerofcode.html

Mailing List: http://www.freebsd.org/mailto.html

The FreeBSD Project is a large, mature, and yet relatively tightly knit operating system project. The FreeBSD Project began 15 years ago in 1993, but is based on the work at Berkeley CSRG with open source revision history going back 30 years to 1978. There are currently over 300 developers with write access to the main revision control system, and hundreds more with access to our Perforce servers for experimental and third party development (this is also where our summer of code students have worked in previous years). We have an active mentoring program to bring all new developers into our community, not just those that we introduce to FreeBSD through the GSoC. There are hundreds of mailing lists, forums, blogs, IRC channels, and user groups all detailed on our main website. FreeBSD offers a complete operating system in which students can work, not just a kernel or specific userland stack. This allows for interesting work that spans the userland/kernel boundary. In addition to producing an operating system, FreeBSD has incubated the development of key pieces of infrastructure which are used by other open source projects including bsnmp, jemalloc, libarchive, OpenBSM, and OpenPAM.

Projects

  • Application-Specific Audit Trails Audit is a critical element in operating system security evaluation.With this project an effort will be done to design and implement an application audit system, that will allow application-specific security events to be recorded and managed with an efficient, reliable and trustworthy way.That could be a great addition to the current TrustedBSD project, as it will allow sysadmins to monitor application related security events and consequently enhance application-centric security evaluation.
  • BSD-licensed libiconv in base system The libiconv library is an important piece of I18N software. It implements library routines to convert files from one encoding to another. There is also a command line interface for this library, which provides a convenient way of encoding conversion. Currently, FreeBSD lacks of these pieces of software in the base system. In the Ports Collection, we use GNU libiconv but this is such an underlying tool that we should have an own, customized version that is: * Located in the base system. Currently, we can't use libiconv from the base system and it is a big limiting factor in I18N. * Licensed under BSDL (preferably 2-clause). * Efficient. * Clean. Does not contain a lot of platform-specific ugly hacks. It is optimized to FreeBSD and its coding conventions. * Supports the most important encodings, the more the better, but it must support the following ones: ASCII, ISO8859-family, UTF-family, CP1131, CP1251, ISCII-DEV, ARMSCII-8, SJIS, eucJP, PT154, CP949, eucKR, CP866, KOI8-R, KOI8-U, GB18030, GB2312, GBK, eucCN, Big5HKSCS, Big5. These are the encodings that are supported by our locale subsystem, so an acceptable level of their support is a requirement. * Provides a good level of compatibility with its GNU counterpart. This doesn't only mean standard conformance, but implementing the most common extensions so that we can use it as a drop-in replacement for the Ports Collection, as well.
  • Design and Implementation of Subsystem Support Libraries for Monitoring and Management This project is about creating wrapper libraries to support monitoring and management applications to avoid direct use of the FreeBSD kernel memory interface. This approach would allow the kernel implementation to change and monitoring applications to be extended without breaking applications and requiring them to be recompiled. For this project, we propose to provide such a library for the network and process functions (i.e. libnetstat and libprocstat).
  • FIFO Optimizations Both FIFO and pipe are ways for interprocess communication. FIFO and pipes are similar in many aspects and it is likely that the FIFO implementation can be merged with pipe implementation. I would like to do this for FreeBSD.
  • Geom-based Disk Schedulers This project aims at introducing a framework for pluggable disk schedulers in GEOM, available to the user as a GEOM class, with scheduling algorithms implemented in external modules. We have already implemented a prototype for the framework and we already have some example schedulers. The ultimate goals of this project will be to produce a stable scheduling framework and at least a general purpose disk scheduling plugin, suitable for use under desktop workloads.
  • Hierarchical Resource Limits The project is to extend current resource limits so that they can be specified not only per-proccess, but also per-user, per-job and per-jail. Idea is somewhat similar to the resource management scheme used in SunOS. It should make life easier for administrators of machines where users have access to shell account, such as shared hosting servers or university machines.
  • Implement TCP UTO The objective of the project is to implement TCP UTO(User Timeout Option, defined by RFC 5482) in FreeBSD's TCP stack. The TCP user timeout controls how long transmitted data may remain unacknowledged before a connection is forcefully closed . RFC 5482 specifies a new TCP UTO option that allows one end of a TCP connection to advertise its current user timeout value and provides advice to the other end of the TCP connection to adapt its user timeout accordingly.
  • Improving Second Extended File system (ext2fs) and making it GPL free. The Ext2 or extended file system is a file system developed by Rémy Card and others for the Linux kernel. The ext2fs or it's derivatives are used as the Linux operating system's native file system format today. Ext2 is still preferred on flash drives as it requires fewer write operations (since it has no journal). FreeBSD has had Ext2 support for a long time. The current implementation suffers from some problems and it's GPL'd.
  • In kernel stackable cryptographic filesystem (ownfs) FreeBSD supports only whole filesystem encryption at device level (with GELI or GBDE), but lacks in kernel cryptographic filesystem that can be used transparently atop of other filesystem. Some progress has been seen here recently with userlevel cryptographic filesystems, but userlevel implementations are slow and relay and 3rd party software not included in base system (namely fuse kmod and library). I propose to implement in kernel cryptographic filesystem utilizing stackable VFS layers (like nullfs+crypto).
  • Ipfw and dummynet improvements The microinstruction-based architecture of ipfw stimulated the addition of many new operations and features over the last few years. Individually, each of these additions is a small piece of code, but the overall result is that ipfw source code (both kernel and userland) has grown significantly, leading to very large source files and functions that are not in line with good engineering practices. In this project I plan to revise the ipfw and dummynet code with following goals: + split the kernel source in more manageable parts, similarly to what was done recently for the userland part; + clearly separate userland-visible headers from private kernel parts; + split a very large function, ipfw_chk(), using a dispatch table for microinstructions; + profile the execution time of ipfw_chk, figuring out how the dispatch table affects performance, and whether some performance can be gained by reenginering the code; + make the userland-kernel interface more efficient; + identify the locking issues (specifically, identify any races or performance problems when adding/removing rules, when updating counters, when reading the ipfw state from userland); + build the microinstruction compiler as a library so other programs can use it as well; + verify the behavior of the userland program /sbin/ipfw, trying to make it more robust and predictable in presence of malformed input.
  • ipfw ruleset optimization and highlevel rule definition language ipfw has very flexible internal structure due to representing rules as a series of opcodes. But complex ipfw rulesets tend to become a maze of goto's (skipto opcode) and hard to administrate. I propose to add support for highlevel domain specific language for specifying ipfw rules. As rules generated by such translator are going to contain excessive checks I propose to implement ruleset optimization. Optimizer doesn't depend on highlevel parser and would be useful on its own.
  • IPv6 Secure Neighbor Discovery - native kernel APIs for FreeBSD Neighbor Discovery Protocol (NDP) is the essential part of the IPv6 stack. The Secure Neighbor Discovery protocol (SeND) [rfc3971] counters threats to NDP. This project aims for the design of the efficient and portable SeND implementation. Its goal is to implement a new userspace-kernel API for SeND, which will mitigate overhead associated with netgraph and Berkley Packet Filter used in the existing FreeBSD SeND implementation.
  • Package tools rewrite via a new package library, with new features The collection of package tools that ship with FreeBSD have been recommended for a code cleanup and the addition of new features like package versioning and complete packages. Adding new features to the tools in their current state would just add new hacks to old code, so I propose a complete rewrite of the package tools, fascilitated by creating and completing a library for handling packages, which would contain new features while maintaining compatibility with the current package system.
  • Ports license infrastructure (part 2: integration) This project involves delivering a working solution to the licensing problems in FreeBSD for the end of this SoC, such as automatically identifying GPLv3 ports, restricted distfiles, incompatible licenses, etc. It consists on committing the (already working) code from the start with minimal/normal functionality, and enabling advanced features (which are automated) later, when the respective requirements are met (i.e. FOSSology works on FreeBSD).
  • puffs (pass-to-userspace framework file system) port for FreeBSD Currently FreeBSD has limited support for userlevel file systems with GPL licensed fuse port (fusefs-libs) and kernel module (fusefs-kmod). There are some known design drawbacks in this implementation which can't be easily fixed. I'd like to port puffs (Pass-to-Userspace Framework File system) from NetBSD. I'd suggest not to preserve compatibility with NetBSD, but to develop a port preserving FreeBSD native VFS interface and fix librefuse and ported userlevel file systems (psshfs).
  • TCP\IP Regression Testing Suite Last year, another GSoC'er worked on a project that allows developers to rapidly craft individual packets with a very fine level of detail. The framework will be extended to allow the testing of various TCP/IP stack states and corner cases. This will effectively result in the re-implementation of TCP stack fragments in user-space, and testing the test fragments against the actual TCP stack. The resulting suite will be used to prevent regression errors in the TCP\IP stack.
  • USB improvements under FreeBSD The aim of this project would be to improve the usb into freebsd. To do it I will add support for libusb v1.0 api, improve the usb function subsytem, write some manpages and implement some USB function drivers.