DOCSLIB.ORG

Release Notes Release 19.11.10

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Release Notes Release 19.11.10 Release Notes Release 19.11.10 Sep 06, 2021 CONTENTS 1 DPDK Release 19.111 2 DPDK Release 19.08 97 3 DPDK Release 19.05 108 4 DPDK Release 19.02 120 5 DPDK Release 18.11 131 6 DPDK Release 18.08 145 7 DPDK Release 18.05 154 8 DPDK Release 18.02 170 9 DPDK Release 17.11 180 10 DPDK Release 17.08 193 11 DPDK Release 17.05 203 12 DPDK Release 17.02 216 13 DPDK Release 16.11 227 14 DPDK Release 16.07 236 15 DPDK Release 16.04 245 16 DPDK Release 2.2 256 17 DPDK Release 2.1 266 18 DPDK Release 2.0 280 19 DPDK Release 1.8 282 20 Known Issues and Limitations in Legacy Releases 283 21 ABI and API Deprecation 295 i CHAPTER ONE DPDK RELEASE 19.11 1.1 New Features • Added support for –base-virtaddr EAL option to FreeBSD. The FreeBSD version of DPDK now also supports setting base virtual address for mapping pages and resources into its address space. • Added Lock-free Stack for aarch64. Enabled the lock-free stack implementation for aarch64 platforms. • Extended pktmbuf mempool private structure. rte_pktmbuf_pool_private structure was extended to include flags field for future compatibility. As per 19.11 release this field is reserved and should be set to 0 by the user. +* Changed mempool allocation behavior. Changed the mempool allocation behaviour so that objects no longer cross pages by default. Note, this may consume more memory when using small memory pages. • Added support for dynamic fields and flags in mbuf. This new feature adds the ability to dynamically register some room for a field or a flag in the mbuf structure. This is typically used for specific offload features, where adding a static field or flag in the mbuf is not justified. • Added support for hairpin queues. On supported NICs, we can now setup hairpin queues which will offload packets from the wire, back to the wire. • Added flow tag in rte_flow. The SET_TAG action and TAG item have been added to support transient flow tag. • Extended metadata support in rte_flow. Flow metadata has been extended to both Rx and Tx. – Tx metadata can also be set by SET_META action of rte_flow. – Rx metadata is delivered to the host via a dynamic field of rte_mbuf with PKT_RX_DYNF_METADATA. • Added ethdev API to set supported packet types. – Added new API rte_eth_dev_set_ptypes which allows an application to inform a PMD about a reduced range of packet types to handle. 1 Release Notes, Release 19.11.10 – This scheme will allow PMDs to avoid lookup of internal ptype table on Rx and thereby improve Rx performance if the application wishes to do so. • Added Rx offload flag to enable or disable RSS update. – Added new Rx offload flag DEV_RX_OFFLOAD_RSS_HASH which can be used to en- able/disable PMDs write to rte_mbuf::hash::rss. – PMDs notify the validity of rte_mbuf::hash:rss to the application by enabling PKT_RX_RSS_HASH flag in rte_mbuf::ol_flags. • Added Rx/Tx packet burst mode “get” API. Added two new functions rte_eth_rx_burst_mode_get and rte_eth_tx_burst_mode_get that allow an application to retrieve the mode infor- mation about Rx/Tx packet burst such as Scalar or Vector, and Vector technology like AVX2. • Added Hisilicon hns3 PMD. Added the new hns3 net driver for the inbuilt Hisilicon Network Subsystem 3 (HNS3) network engine found in the Hisilicon Kunpeng 920 SoC. See the ../nics/hns3 guide for more details on this new driver. • Added NXP PFE PMD. Added the new PFE driver for the NXP LS1012A platform. See the ../nics/pfe NIC driver guide for more details on this new driver. • Updated Broadcom bnxt driver. Updated Broadcom bnxt driver with new features and improvements, including: – Added support for hot firmware upgrade. – Added support for error recovery. – Added support for querying and using COS classification in hardware. – Added LRO support Thor devices. – Update HWRM API to version 1.10.1.6 • Updated the enic driver. – Added support for Geneve with options offload. – Added flow API implementation based on VIC Flow Manager API. • Updated iavf PMD. Enable AVX2 data path for iavf PMD. • Updated the Intel e1000 driver. Added support for the RTE_ETH_DEV_CLOSE_REMOVE flag. • Updated the Intel ixgbe driver. Added support for the RTE_ETH_DEV_CLOSE_REMOVE flag. • Updated the Intel i40e driver. Added support for the RTE_ETH_DEV_CLOSE_REMOVE flag. 1.1. New Features 2 Release Notes, Release 19.11.10 • Updated the Intel fm10k driver. Added support for the RTE_ETH_DEV_CLOSE_REMOVE flag. • Updated the Intel ice driver. Updated the Intel ice driver with new features and improvements, including: – Added support for device-specific DDP package loading. – Added support for handling Receive Flex Descriptor. – Added support for protocol extraction on per Rx queue. – Added support for Flow Director filter based on generic filter framework. – Added support for the RTE_ETH_DEV_CLOSE_REMOVE flag. – Generic filter enhancement - Supported pipeline mode. - Supported new packet type like PPPoE for switch filter. – Supported input set change and symmetric hash by rte_flow RSS action. – Added support for GTP Tx checksum offload. – Added new device IDs to support E810_XXV devices. • Updated the Huawei hinic driver. Updated the Huawei hinic driver with new features and improvements, including: – Enabled SR-IOV - Partially supported at this point, VFIO only. – Supported VLAN filter and VLAN offload. – Supported Unicast MAC filter and Multicast MAC filter. – Supported Flow API for LACP, VRRP, BGP and so on. – Supported FW version get. • Updated Mellanox mlx5 driver. Updated Mellanox mlx5 driver with new features and improvements, including: – Added support for VLAN pop flow offload command. – Added support for VLAN push flow offload command. – Added support for VLAN set PCP offload command. – Added support for VLAN set VID offload command. – Added support for matching on packets withe Geneve tunnel header. – Added hairpin support. – Added ConnectX-6 Dx support. – Flow engine selected based on RDMA Core library version. DV flow engine selected if version is rdma-core-24.0 or higher. Verbs flow engine selected otherwise. • Updated the AF_XDP PMD. Updated the AF_XDP PMD. The new features include: 1.1. New Features 3 Release Notes, Release 19.11.10 – Enabled zero copy between application mempools and UMEM by enabling the XDP_UMEM_UNALIGNED_CHUNKS UMEM flag. • Added cryptodev asymmetric session-less operation. Added a session-less option to the cryptodev asymmetric structure. It works the same way as symmetric crypto, and the corresponding transform is used directly by the crypto operation. • Added Marvell NITROX symmetric crypto PMD. Added a symmetric crypto PMD for Marvell NITROX V security processor. See the ../cryp- todevs/nitrox guide for more details on this new PMD. • Added asymmetric support to Marvell OCTEON TX crypto PMD. Added support for asymmetric operations to Marvell OCTEON TX crypto PMD. Supports RSA and modexp operations. • Added Marvell OCTEON TX2 crypto PMD. Added a new PMD driver for hardware crypto offload block on OCTEON TX2 SoC. See ../cryptodevs/octeontx2 for more details • Updated NXP crypto PMDs for PDCP support. Added PDCP support to the DPAA_SEC and DPAA2_SEC PMDs using rte_security APIs. Sup- port has been added for all sequence number sizes for control and user plane. Test and test-crypto- perf applications have been updated for unit testing. • Updated the AESNI-MB PMD. – Added support for intel-ipsec-mb version 0.53. • Updated the AESNI-GCM PMD. – Added support for intel-ipsec-mb version 0.53. – Added support for in-place chained mbufs with AES-GCM algorithm. • Enabled Single Pass GCM acceleration on QAT GEN3. Added support for Single Pass GCM, available on QAT GEN3 only (Intel QuickAssist Technology C4xxx). It is automatically chosen instead of the classic 2-pass mode when running on QAT GEN3, significantly improving the performance of AES GCM operations. • Updated the Intel QuickAssist Technology (QAT) asymmetric crypto PMD. – Added support for asymmetric session-less operations. – Added support for RSA algorithm with pair (n,d) private key representation. – Added support for RSA algorithm with quintuple private key representation. • Updated the Intel QuickAssist Technology (QAT) compression PMD. Added stateful decompression support in the Intel QuickAssist Technology PMD. Please note that stateful compression is not supported. • Added external buffers support for dpdk-test-compress-perf tool. Added a command line option to the dpdk-test-compress-perf tool to allocate and use memory zones as external buffers instead of keeping the data directly in mbuf areas. • Updated the IPSec library. 1.1. New Features 4 Release Notes, Release 19.11.10 – Added Security Associations (SA) Database API to librte_ipsec. A new test-sad appli- cation has also been introduced to evaluate and perform custom functional and performance tests for an IPsec SAD implementation. – Support fragmented packets in inline crypto processing mode with fallback lookaside-none session. Corresponding changes are also added in the IPsec Security Gateway application. • Introduced FIFO for NTB PMD. Introduced FIFO for NTB (Non-transparent Bridge) PMD to support packet based processing. • Added eBPF JIT support for arm64. Added eBPF JIT support for arm64 architecture to improve the eBPF program performance. • Added RIB and FIB (Routing/Forwarding Information Base) libraries. Added Routing and Forwarding Information Base (RIB/FIB) libraries. RIB and FIB can replace the LPM (Longest Prefix Match) library with better control plane (RIB) performance. The data plane (FIB) can be extended with new algorithms. • Updated testpmd with a command for ptypes. – Added a console command to testpmd app, show port (port_id) ptypes which gives ability to print port supported ptypes in different protocol layers. – Packet type detection disabled by default for the supported PMDs. • Added new l2fwd-event sample application. Added an example application l2fwd-event that adds event device support to the traditional l2fwd example. It demonstrates usage of poll and event mode IO mechanism under a single application.
Load more

Recommended publications
  • Ausgabe 05/2012 Als
    freiesMagazin Mai 2012 Topthemen dieser Ausgabe Selbstgebacken 3: make Seite 3 Das Bauen eines Kernels und das Aktualisieren der Quellen ist keine große Zauberkunst und, sofern man keine besonderen Extras haben möchte, mit ein paar make-Kommandos recht schnell erledigt, wobei make den Löwenanteil der Arbeit verrichtet. Es bekommt gesagt, was man möchte, den Rest erledigt es dann von alleine. Der Artikel soll das Geheimnis von make etwas lüften. (weiterlesen) Kollaboratives Schreiben mit LATEX Seite 14 Ob im wissenschaftlichen oder privaten Bereich: Möchte man die volle Kontrolle über das Aus- sehen seiner erstellten Dokumente behalten, führt oft kein Weg an LATEX vorbei. Die Standard TEX-Distribution zeigt jedoch ein paar Restriktionen auf. Sowohl die Online-Verfügbarkeit des Dokuments von jedem Ort aus sowie der kollaborative Ansatz, dass mehrere Personen zeit- gleich an einem Dokument arbeiten können, ist mit den Standardmitteln der Desktopinstallation nicht zu erreichen. Die im Artikel vorgestellten Lösungen versuchen, die gewünschten Zusatz- funktionen bereitzustellen. (weiterlesen) Astah – Kurzvorstellung des UML-Programms Seite 23 Die Februar-Ausgabe von freiesMagazin enthielt einen kleinen Test diverser UML-Programme. Dabei wurde aber das UML- und Mindmap-Programm Astah übersehen. In dem Artikel soll gezeigt werden, ob das Programm mit den zuvor getesteten mithalten kann. (weiterlesen) © freiesMagazin CC-BY-SA 3.0 Ausgabe 05/2012 ISSN 1867-7991 MAGAZIN Editorial Fünfter Programmierwettbewerb be- Abschied Inhalt Linux allgemein endet Im April hieß es Abschied nehmen von einem Selbstgebacken 3: make S. 3 Der am 1. März 2012 gestartete fünfte langjährigen Teammitglied. Thorsten Schmidt, Der April im Kernelrückblick S. 8 freiesMagazin-Programmierwettbewerb [1] ging seit 2007 als Autor, danach als Korrektor und offiziell am 15.
    [Show full text]
  • The Kernel Report
    The kernel report (ELC 2012 edition) Jonathan Corbet LWN.net [email protected] The Plan Look at a year's worth of kernel work ...with an eye toward the future Starting off 2011 2.6.37 released - January 4, 2011 11,446 changes, 1,276 developers VFS scalability work (inode_lock removal) Block I/O bandwidth controller PPTP support Basic pNFS support Wakeup sources What have we done since then? Since 2.6.37: Five kernel releases have been made 59,000 changes have been merged 3069 developers have contributed to the kernel 416 companies have supported kernel development February As you can see in these posts, Ralink is sending patches for the upstream rt2x00 driver for their new chipsets, and not just dumping a huge, stand-alone tarball driver on the community, as they have done in the past. This shows a huge willingness to learn how to deal with the kernel community, and they should be strongly encouraged and praised for this major change in attitude. – Greg Kroah-Hartman, February 9 Employer contributions 2.6.38-3.2 Volunteers 13.9% Wolfson Micro 1.7% Red Hat 10.9% Samsung 1.6% Intel 7.3% Google 1.6% unknown 6.9% Oracle 1.5% Novell 4.0% Microsoft 1.4% IBM 3.6% AMD 1.3% TI 3.4% Freescale 1.3% Broadcom 3.1% Fujitsu 1.1% consultants 2.2% Atheros 1.1% Nokia 1.8% Wind River 1.0% Also in February Red Hat stops releasing individual kernel patches March 2.6.38 released – March 14, 2011 (9,577 changes from 1198 developers) Per-session group scheduling dcache scalability patch set Transmit packet steering Transparent huge pages Hierarchical block I/O bandwidth controller Somebody needs to get a grip in the ARM community.
    [Show full text]
  • Privacy in the Domain Name System (DNS): DNS Privacy in Practice
    Privacy in the Domain Name System (DNS): DNS Privacy in Practice Sara Dickinson [email protected] https://sinodun.com @SinodunCom TMA Jun 2019 DNS Privacy https://github.com/Sinodun/tma_phd_school Overview • First - lets look at your DNS queries! • Desktop DoT stub resolvers (client) (Stubby) • Set up your own DoT recursive (Unbound) - decrypt DoT • DoH - Clients & Browsers (Firefox) - decrypt DoH Firefox DoH Decryption is • Mobile Apps easier…. • DNS Libraries (getdns) • Routers TMA, Jun 2019 2 DNS Privacy dnsprivacy.org • DNS Privacy Clients • DNS Privacy Servers setup guides Reference material here • DNS Privacy Test and Public resolvers for most setups and recursive resolvers • DNS Privacy Monitoring • DNS Privacy Current work TMA, Jun 2019 3 DNS Privacy DNS Basics TMA, Jun 2019 4 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘dig’ is available on most *nix systems (or ‘drill’) TMA, Jun 2019 5 DNS Privacy DNS Basics - A UDP query ‘nslookup’ is available on Windows order is important! TMA, Jun 2019 6 DNS Privacy DNS Basics
    [Show full text]
  • Unbound: a New Secure and High Performance Open Source DNS Server
    New Open Source DNS Server Released Today Unbound – A Secure, High-Performance Alternative to BIND – Makes its Debut within Open Source Community Amsterdam, The Netherlands and Mountain View, CA – May 20, 2008 – Unbound – a new open source alternative to the BIND domain name system (DNS) server– makes its worldwide debut today with the worldwide public release of Unbound 1.0 at http://unbound.net. Released to open source developers by NLnet Labs, VeriSign, Inc. (NASDAQ: VRSN), Nominet, and Kirei, Unbound is a validating, recursive, and caching DNS server designed as a high- performance alternative for BIND (Berkeley Internet Name Domain). Unbound will be supported by NLnet Labs. An essential component of the Internet, the DNS ties domain names (such as www.verisign.com) to the IP addresses and other information that Web browsers need to access and interact with specific sites. Though it is unknown to the vast majority of Web users, DNS is at the heart of a range of Internet-based services beyond Web browsing, including email, messaging and Voice Over Internet Protocol (VOIP) telecommunications. Although BIND has been the de facto choice for DNS servers since the 1980s, a desire to seek an alternative server that excels in security, performance and ease of use prompted an effort to develop an open source DNS implementation. Unbound is the result of that effort. Mostly deployed by ISPs and enterprise users, Unbound will also be available for embedding in customer devices, such as dedicated DNS appliances and ADSL modems. By making Unbound code available to open source developers, its originators hope to enable rapid development of features that have not traditionally been associated with DNS.
    [Show full text]
  • Demarinis Kent Williams-King Di Jin Rodrigo Fonseca Vasileios P
    sysfilter: Automated System Call Filtering for Commodity Software Nicholas DeMarinis Kent Williams-King Di Jin Rodrigo Fonseca Vasileios P. Kemerlis Department of Computer Science Brown University Abstract This constant stream of additional functionality integrated Modern OSes provide a rich set of services to applications, into modern applications, i.e., feature creep, not only has primarily accessible via the system call API, to support the dire effects in terms of security and protection [1, 71], but ever growing functionality of contemporary software. How- also necessitates a rich set of OS services: applications need ever, despite the fact that applications require access to part of to interact with the OS kernel—and, primarily, they do so the system call API (to function properly), OS kernels allow via the system call (syscall) API [52]—in order to perform full and unrestricted use of the entire system call set. This not useful tasks, such as acquiring or releasing memory, spawning only violates the principle of least privilege, but also enables and terminating additional processes and execution threads, attackers to utilize extra OS services, after seizing control communicating with other programs on the same or remote of vulnerable applications, or escalate privileges further via hosts, interacting with the filesystem, and performing I/O and exploiting vulnerabilities in less-stressed kernel interfaces. process introspection. To tackle this problem, we present sysfilter: a binary Indicatively, at the time of writing, the Linux
    [Show full text]
  • Mullvad DNS Over HTTPS Server Audit
    Report Mullvad DNS over HTTPS server audit Wictor Olsson, Emilie Barse, Benjamin Svensson, Johanna Abrahamsson Project Version Date MUL001 v1.0 2021-02-23 REPORT Project Version MUL001 v1.0 Date 2021-02-23 Executive summary Assured was tasked to perform a whitebox system audit of Mullvads DNS over HTTPS servers. The audit focused on configuration in regards to privacy, attack sur- face reduction and security best practices. The server deployment and config- uration displayed a good level of security in general. At the time of the au- dit, the exposed services were running at a good patch level, with no known vul- nerabilities. The most notable findings during the audit was related to a mis- configuration of the DNS service (Unbound), NTP service and iptables egress/ingress configuration, these issues were promptly resolved by the Mullvad team and ver- ified during the audit period. i REPORT Project Version MUL001 v1.0 Date 2021-02-23 Contents 1 Introduction 1 1.1 Background . 1 1.2 Constraints and disclaimer . 1 1.3 Project period and staffing . 1 1.4 Risk rating . 2 2 Scope and methodology 3 2.1 Scope . 3 2.1.1 Audit of Mullvad DNS over HTTPS servers . 3 2.2 Methodology . 3 2.2.1 System audit . 3 2.3 Limitations . 4 3 Observations 5 3.1 Mullvad DNS over HTTPS servers . 5 3.1.1 Low MITIGATED Unbound listening socket misconfigu- ration ......................... 5 3.1.2 Low FIXED Iptables should be more restrictive .. 6 3.1.3 Note FIXED Ntpd listening on all interfaces .... 7 3.1.4 Note Apparmor for exposed services .
    [Show full text]
  • GNU MP the GNU Multiple Precision Arithmetic Library Edition 6.0.0 25 March 2014
    GNU MP The GNU Multiple Precision Arithmetic Library Edition 6.0.0 25 March 2014 by Torbj¨orn Granlund and the GMP development team This manual describes how to install and use the GNU multiple precision arithmetic library, version 6.0.0. Copyright 1991, 1993-2014 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover Texts being “A GNU Manual”, and with the Back-Cover Texts being “You have freedom to copy and modify this GNU Manual, like GNU software”. A copy of the license is included in Appendix C [GNU Free Documentation License], page 127. i Table of Contents GNU MP Copying Conditions ................................... 1 1 Introduction to GNU MP .................................... 2 1.1 How to use this Manual ........................................................... 2 2 Installing GMP ................................................ 3 2.1 Build Options ..................................................................... 3 2.2 ABI and ISA ...................................................................... 8 2.3 Notes for Package Builds ......................................................... 11 2.4 Notes for Particular Systems ..................................................... 12 2.5 Known Build Problems ........................................................... 14 2.6 Performance optimization .......................................................
    [Show full text]
  • The Impact of Time on DNS Security
    The Impact of Time on DNS Security Aanchal Malhotray, Willem Tooropz, Benno Overeinderz, Ralph Dolmansz and Sharon Goldbergy Boston Universityy, NLnet Labs, Amsterdamz [email protected], fwillem, benno, [email protected], [email protected] July 5, 2019 Abstract Time is an important component of the Domain Name System (DNS) and the DNS Security Extensions (DNSSEC). DNS caches rely on an absolute notion of time (e.g., “August 8, 2018 at 11:59pm”) to determine how long DNS records can be cached (i.e., their Time To Live (TTL)) and to determine the validity interval of DNSSEC signatures. This is especially interesting for two reasons. First, absolute time is set from external sources, and is thus vulnerable to a variety of network attacks that maliciously alter time. Meanwhile, relative time (e.g., “2 hours from the time the DNS query was sent”) can be set using sources internal to the operating system, and is thus not vulnerable to network attacks. Second, the DNS on-the-wire protocol only uses relative time; relative time is then translated into absolute time as a part of DNS caching, which introduces vulnerabilities. We leverage these two observations to show how to pivot from network attacks on absolute time to attacks on DNS caching. Specifically, we present and discuss the implications of attacks that (1) expire the cache earlier than intended and (2) make the cached responses stick in the cache longer than intended. We use network measurements to identify a significant attack surface for these DNS cache attacks, focusing specifically on pivots from Network Time Protocol (NTP) attacks by both on-path and off-path attackers.
    [Show full text]
  • Toward a Unified Framework for the Heterogeneous Cloud Utilizing Bytecode Containers
    Toward a Unified Framework for the Heterogeneous Cloud Utilizing Bytecode Containers by David Andrew Lloyd Tenty Bachelor of Science (Honours), Ryerson University, 2016 A thesis presented to Ryerson University in partial fulfillment of the requirements for the degree of Master of Science in the program of Computer Science Toronto, Ontario, Canada, 2019 ©David Andrew Lloyd Tenty, 2019 AUTHOR'S DECLARATION FOR ELECTRONIC SUBMISSION OF A THESIS I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I authorize Ryerson University to lend this thesis to other institutions or individuals for the purpose of scholarly research. I further authorize Ryerson University to reproduce this thesis by photocopying or by other means, in total or in part, at the request of other institutions or individuals for the purpose of scholarly research. I understand that my dissertation may be made electronically available to the public. iii Toward a Unified Framework for the Heterogeneous Cloud Utilizing Bytecode Containers Master of Science 2019 David Andrew Lloyd Tenty Computer Science Ryerson University Abstract As we approach the limits of Moore's law the Cloud computing landscape is becoming ever more hetero- geneous in order to extract more performance from available resources. Meanwhile, the container-based cloud is of growing importance as a lightweight way to deploy applications. A unified heterogeneous systems framework for use with container-based applications in the heterogeneous cloud is required. We present a bytecode-based framework and it's implementation called Man O' War, which allows for the creation of novel, portable LLVM bitcode-based containers for use in the heterogeneous cloud.
    [Show full text]
  • Sysadmin Documentation Documentation Release 1.0
    Sysadmin Documentation Documentation Release 1.0 Alexander Werner Nov 05, 2018 Contents: 1 FreeBSD 3 1.1 Resources.................................................3 1.2 Installation of software..........................................3 1.3 Update of software............................................3 1.4 System update..............................................4 1.5 Change system configuration......................................4 2 MariaDB Galera Cluster 5 2.1 Tasks...................................................5 3 PF - FreeBSD Packet Filter 7 3.1 Installation................................................7 3.2 Configuration...............................................7 4 Unbound DNS 9 4.1 Installation................................................9 4.2 Configuration...............................................9 5 ZFS 11 5.1 Installation................................................ 11 5.2 Operation................................................. 11 6 Setup of Debian 9 on a Lenovo Thinkpad 470 13 6.1 Preparation................................................ 13 6.2 Booting the Installer........................................... 13 6.3 Partitioning the disk........................................... 14 6.4 Software selection............................................ 14 6.5 Finishing the setup............................................ 14 6.6 Post-Setup................................................ 14 7 Resources 15 8 Indices and tables 17 i ii Sysadmin Documentation Documentation, Release 1.0 This manual serves as
    [Show full text]
  • Free, Functional, and Secure
    Free, Functional, and Secure Dante Catalfamo What is OpenBSD? Not Linux? ● Unix-like ● Similar layout ● Similar tools ● POSIX ● NOT the same History ● Originated at AT&T, who were unable to compete in the industry (1970s) ● Given to Universities for educational purposes ● Universities improved the code under the BSD license The License The license: ● Retain the copyright notice ● No warranty ● Don’t use the author's name to promote the product History Cont’d ● After 15 years, the partnership ended ● Almost the entire OS had been rewritten ● The university released the (now mostly BSD licensed) code for free History Cont’d ● AT&T launching Unix System Labories (USL) ● Sued UC Berkeley ● Berkeley fought back, claiming the code didn’t belong to AT&T ● 2 year lawsuit ● AT&T lost, and was found guilty of violating the BSD license History Cont’d ● BSD4.4-Lite released ● The only operating system ever released incomplete ● This became the base of FreeBSD and NetBSD, and eventually OpenBSD and MacOS History Cont’d ● Theo DeRaadt ○ Originally a NetBSD developer ○ Forked NetBSD into OpenBSD after disagreement the direction of the project *fork* Innovations W^X ● Pioneered by the OpenBSD project in 3.3 in 2002, strictly enforced in 6.0 ● Memory can either be write or execute, but but both (XOR) ● Similar to PaX Linux kernel extension (developed later) AnonCVS ● First project with a public source tree featuring version control (1995) ● Now an extremely popular model of software development anonymous anonymous anonymous anonymous anonymous IPSec ● First free operating system to implement an IPSec VPN stack Privilege Separation ● First implemented in 3.2 ● Split a program into processes performing different sub-functions ● Now used in almost all privileged programs in OpenBSD like httpd, bgpd, dhcpd, syslog, sndio, etc.
    [Show full text]
  • Analysis of DNS Resolver Performance Measurements Author
    Master in System and Network Engineering Analysis of DNS Resolver Performance Measurements Supervisors: Author: Yuri Schaeffer Hamza Boulakhrif [email protected] [email protected] Willem Toorop [email protected] July 13, 2015 Abstract The Domain Name System (DNS) is an essential building block of the Internet. Applica- tions depend on it in order to operate properly. Therefore DNS resolvers are required to perform well, and do whatever they can to provide an answer to a query. In this paper a methodology is devised to measure the performance of the Unbound, BIND, and PowerDNS resolvers. Measurements of these resolvers is required to be objective and not biased. Analysis is conducted on these performance measurements, where the implementations are compared to each other. Corner cases have also been identified and analysed. Acknowledgement I would like to thank NLnet Labs for providing this interesting Research Project. Also the support they provided throughout this project is really appreciated. Especially Willem Toorop and Yuri Schaeffer who answered all of my questions and guided me through this project. Thanks go also to Wouter Wijngaards who answered my questions related to DNS resolvers. The performed measurements during this project were carried out from the SNE lab, at the University of Amsterdam. I would also like to thank Harm Dermois for providing his server in the lab to perform these measurements. Special thanks also go to the SNE staff for their support and guidance. This does not only concern this project but the entire study. Hamza Boulakhrif 1 Contents 1 Introduction 3 1.1 Related Work . .3 1.2 Research Questions .
    [Show full text]