What's New and Exciting in NetBSD 1.5?

Hubert Feyrer hubert@feyrer.de, November 2000

After a release cycle that turned out to be a tad bit longer than originally intended, NetBSD 1.5 was released by the end of November 2000. This article presents you some of the changes in the latest release of the world's most portable Open Source operating system.

Ports to New Platforms

One of the key strengths of the NetBSD Open Source operating system is its portability to many hardware platforms using a single source tree. Proving this first major goal true, NetBSD has been ported to a number of new platforms since the last major release:

sparc64:

An important platform is Sun's state of the art UltraSPARC (sun4u) machines, getting NetBSD support via the sparc64 port - now you can run NetBSD on your Ultra and some accompanying Enterprise machines (E220, ...). And even though Sun has dropped support for old SPARC and Sun-3 machines, we do still support them in the NetBSD/sparc and NetBSD/sun3 ports.

cobalt:

Also new in NetBSD 1.5 are Cobalt Networks' Microservers, their MIPS based Qube, Raq 1 and 2 machines now run NetBSD and all the software you'd want on your favourite Internet appliance, starting from the Apache web server over PHP and Zope to perl and python, all available via the NetBSD Packages Collection.

arc:

The NetBSD/arc port has replaced the NetBSD/pica port, and will help you out after some random Redmond-based operating system vendor abandoned the MIPS platform, enabling you to run a real operating system on your hardware.

hpcmips:

The meaning behind this port name is "Handheld PC based MIPS machines", and that describes exactly what this port runs on: small machines, ranging from sub-notebooks like the IBM Z-50 to PDA devices like the Casio Cassiopeia. Binary compatibility with the other NetBSD ports running on MIPS CPUs (cobalt, arc, pmax) are available as well as for Ultrix and Linux. Ever wanted to run your Ultrix Oracle database in your pocket? Here's your chance (if you find a machine with enough RAM ;-).

mmeye:

Brains' "Multi Media Server" is a digital ("web" :-) cam that can be remote-controlled via a built-in web server, and it also provides a picture archive and whatnot. And now you've got to guess what operating system this cam is running!

evbsh3:

The evbsh3 port is binary compatible with the NetBSD/mmEye port, and thanks to this binary compatibility, all the programs for that port can be used. The port to the Hitachi Super-H family was further extended to include the SH4 CPU that is used e.g. in several evaluation boards (hence evbsh3) or the Sega Dreamcast game console.

news68k:

Following the support of its MIPS-based cousin introduced in NetBSD 1.4, the Motorola-based Sony Net Work Station series now runs NetBSD too, thanks to Izumi Tsutsui's NetBSD/news68k port. In case you've never heard of these machines: they were designed to replace VAX mini-computers on the desktop, and they were used for DTP, CAD/CAM and other applications.

luna68k:

Further ports are the LUNA product line of OMRON Tateishi Electric, Japan, which comprises our 11th port to the successful Motorola m68k platform.

prep:

When the PowerPC CPU was first released, Motorola and some other manufacturers specified what a PPC based system should look like - machines built after these specs are known as PREP compliant (as opposed to, e.g., the CHRP platform). The NetBSD/prep port is available for machines based on the PowerPC Reference Platform, including machines such as the PowerStack series built by IBM.

amigappc:

This is still a very experimental port to the PowerPC-based Amiga expansion boards as manufactured by Phase 5. Development is continuing on the NetBSD/amigappc port and you can look forward to a binary release in the future. Currently it is available in source only. Feel free to join us hacking on this port!

sgimips:


The NetBSD Project is proud to release the first Open Source operating system to support the MIPS-based SGI O2 machines. Support for more machines such as the Indy is currently being developed. The bad news is that the port maintainer has decided that the port does not currently satisfy the highest quality expected by NetBSD releases and a binary release in NetBSD 1.5 is therefore not available. Please stay tuned for the 1.5.1 release (or use one of the available snapshots).

arm26:

Last but not least 26-bit ARM-based machines like the Acorn Archimedes can now upgrade from their ancient (though BSD-based!) Acorn Un*x derivate using the world's most portable operating system.

Unfortunately not all of these new ports are included in the binary release, and are available "only" in the NetBSD 1.5 source release. If you're interested in any of these ports, feel free to join in and subscribe to the port-arch mailing list. See http://www.netbsd.org/MailingLists/ for more information.

If you want to live on the fast lane, then grab the latest snapshot and test-drive the latest code on your hardware. Many of the ports will be part of the next (patch) release, NetBSD 1.5.1.

Enhanced Security

NetBSD continues to provide state-of-the-art security services with the 1.5 release. Several subsystems were tuned to keep NetBSD ready for today's hostile network environments as often found in ISP and e-commerce environments. NetBSD is secure out-of-the-box, preventing any intrusion or compromise of services. The default install has all network services turned off, relieving the system administrator from having to turn that service off or monitoring the services. Methods for secure remote access are provided by a Secure Shell implementation as well as IPsec.

Thanks to the much less restrictive export restrictions of the U.S., it is now possible to make further crypto mechanisms available in the form of OpenSSL, Kerberos 4 and 5 compatible client and server facilities as well as an implementation of the Rijndael AES encryption algorithm for IPsec.

Besides strong crypto and network security, substantial work was done in the area of host-based security by replacing the traditional kernel-reading interface for process data structures with a sysctl-based implementation, resulting in top, ps and other programs to not require special privileges any more to retrieve that information from the kernel, which prevents them from being vulnerable for buffer overflows e.g. as recently found in the top process monitor.

Another effort for hardening NetBSD were several proactive code audits to identify and fix code where string routines were used without bound checking, and where format strings were used in an unsafe way, allowing arbitrary data entered by (possibly) malicious users to overwrite application code, and leading from Denial of Service attacks to compromised systems.

Changes in Kernel and Networking Code

The UVM virtual memory system was tuned for more performance and stability. The scheduler was changed to prevent processes with nice -20 to take CPU time from processes with nice 0. A mechanism for a platform-specific scheduler clock was also added. A rearrangement of the scheduler and addition of generic locking code inside the kernel will be available for future works in the area of symmetric multi-processing.

The emul system was enhanced to support legacy applications from foreign operating systems not running native on NetBSD, making it easy to switch from Linux, OSF/1 or Solaris to NetBSD. Using this system it's also possible to run applications not available natively for NetBSD.

Thanks to the excellent work of the KAME project, NetBSD is now proud to ship with the next generation Internet Protocol, IPv6, as well as IPsec to allow network-level encryption and authentication for both today's IPv4 and IPv6. Standard services like telnet, FTP, SMTP and SSH are available, and with the new transport independent RPC code we are also the first Open Source operating system to offer you NFS over IPv6.

Further services like the Apache web server, the Samba SMB/CIFS protocol server suite and many other services are are available from the NetBSD Packages Collection, which by now contains more than 1600 applications ready to install. During the 1.5 release cycle it was ensured that as many packages built as possible - we got it down to 7 (seven!) packages not building out of these over 1600 on the i386 port. We have some vacuum on pkg build machines available for some other ports, but we're working on that to provide as many precompiled binary packages as possible for our users' maximum comfort.

File Systems & Data Storage

Probably the most noticeable change in this area is the incorporation of Kirk McKusick's softdep code, which caches updates of meta data (e.g. state information of directories and files in existence) in memory. Using the new "softdep" mount option on any FFS filesystem will result in data operations modifying files and/or directories being sped up somewhat. In combination of this, the codepath to flush dirty buffers back to disk was changed to do this continuously while the system has spare I/O resources, instead of forcing a full sync in fixed intervals. You'll notice that the "update" process is gone, and was replaced by the "ioflush" kernel thread for this purpose.

The RAIDframe software RAID driver now offers auto detection of RAIDframe components and autoconfiguration of RAID sets, making it easier to configure the system when disks were shuffled, maybe due to a failed disk. For more system reliability it's also possible to have the root filesystem (/) on a RAID set.

Other new features include support for NTFS, though readonly at this stage, many improvements on the log structured filesystem (LFS) and changes for revision 1 of the Linux ext2fs. Joliet extensions have been added to the cd9660 CD filesystem, allowing it to properly handle CDs using Windows-style long file names. Several fixes were made to some layered filesystems (like unionfs) that make locking against other layers actually work, and the rpc.lockd, responsible for NFS locking, now works reliably too.

Hardware Improvements

Bus-independent drivers for PCIBIOS, pcmcia, cardbus and USB allow accessing devices on various architectures, including i386, hpcmips, sparc and macppc based notebooks. The i386 port's "laptop" installation now takes care for USB, PCMCIA and Cardbus, supporting a wide range of devices commonly found in these machines today.

An architecture-independent implementation of a driver for IBM's Microchannel Architecture (MCA) is available in NetBSD 1.5. It's currently used on the i386 port to support NetBSD on the "old" MCA IBM PCs. Stay tuned to see this used on other machines using MCA!

Many drivers were added for USB - various USB-ethernet adapters, audio devices, keyboards, mice, printer and modem devices, mass storage like floppies, ZIP drives and digital cameras, and devices like the Prolific host-to-host adapter and the Handspring Visor come to mind. Other areas with new drivers include IEEE 802.11 wireless LAN, audio, 10/100/gigabit ethernet, etc.

Userland changes

The most significant change in the userland code is the way the system boots. The monolitic /etc/rc script was replaced by a number of small scripts, each doing a well-defined job. Order of execution of the scripts is defined using a Provides/Requires mechanism evaluated by the rcorder(8) tool. Configuration of the services is defined in one central place, /etc/rc.conf, which takes its defaults from /etc/defaults/rc.conf. This new layout makes it easy to start/stop single services easily and allows 3rd party software to provide ready-to-drop-in scripts.

The long-standing lack for proper user management tools was ended by importing a set of System V compatible commands in NetBSD 1.5. Available commands include useradd(8), usermod(8), userdel(8), groupadd(8) groupmod(8) and groupdel(8). If you are not familiar with the SysV tools, be sure to give the -m option to useradd to actually create the new user's home dir.

The NetBSD operating system includes a number of programs written and maintained by external parties. Many of the programs were updated to their latest versions in NetBSD: BIND, IPfilter, ppp, sendmail; postfix is now included as an alternative to sendmail, and the games in /usr/games were updated with patches from several other operating systems.

How to Get NetBSD

If you got curious about NetBSD and want to install/upgrade, here are some URLs that you may find of interest:

• Primary FTP download site

• More information on how to get NetBSD

• General information on the NetBSD project