Break out IPv6 and IPsec features. Highlight that IPv6 is "out of the

box", and that IPsec supports hardware acceleration.

Move mention of background file system checking and snapshots up to the
soft updates section.

Mention MPSAFE VFS work in 6.x.

Attempt to slightly smooth language about thread features.

Point out that Netgraph makes it easy to extend the network stack, as
well as helping to reduce bugs in stack extensions.

Mentions some of our MAC policy modules by name.

Mention GBDE.

en/features.sgml

@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" [
-<!ENTITY date "$FreeBSD: www/en/features.sgml,v 1.22 2004/11/17 21:54:32 rushani Exp $">
+<!ENTITY date "$FreeBSD: www/en/features.sgml,v 1.23 2004/12/01 01:04:55 rwatson Exp $">
 <!ENTITY title "About FreeBSD's Technological Advances">
 <!ENTITY % includes SYSTEM "includes.sgml"> %includes;
 ]>
@@ -62,26 +62,10 @@
 	  operations and uses this information to cache meta-data,
 	  rewrite meta-data operations to combine subsequent
 	  operations on the same files, and reorder meta-data
-	  operations so that they may be processed more efficiently.</li>
-
-	<li><b>Support for IPsec and IPv6</b> allows improved security in
-	  networks, and support for the next-generation Internet Protocol,
-	  IPv6.  The FreeBSD IPSEC implementation includes support for a
-	  broad range of accelerated crypto hardware.</li>
-
-	<li><b>Multi-threaded SMP architecture</b> capable of executing the
-	  kernel in parallel on multiple processors, and with <b>kernel
-	  preemption</b>, allowing high priority kernel tasks to preempt
-	  other kernel activity, reducing latency.  This includes a
-	  <b>multi-threaded network stack</b> and a <b>multi-threaded
-	  virtual memory subsystem</b>.</li>
-
-	<li><b>M:N threading application threading</b> permitting threads to
-	  execute on multiple CPUs in a scaleable manner, mapping many user
-	  threads onto a small number of <b>Kernel Schedulable Entities</b>.
-	  By adopting the <b>Scheduler Activation</b> model, the threading
-	  model can be adapted to the specific requirements of a broad range
-	  of applications.</li>
+	  operations so that they may be processed more efficiently.
+	  Features such as background filesystem checking and
+	  file system snapshots are built on the consistency
+	  and performance foundations of soft updates.</li>
 
 	<li><b>File system snapshots</b>, permitting administrators to take
 	  atomic file system snapshots for backup purposes using the free
@@ -90,17 +74,49 @@
 	  waiting on file system cleanup operations following power outages.
 	  </li>
 
+	<li>Support for <b>IP Security (IPsec)</b> allows improved security in
+	  networks, and support for the next-generation Internet Protocol,
+	  IPv6.  The FreeBSD IPSEC implementation includes support for a
+	  broad range of <b>accelerated crypto hardware</b>.</li>
+
+	<li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
+	  allows FreeBSD to be seamlessly integrated into next generation
+	  networking environments.  FreeBSD even ships with many applications
+	  extended to support IPv6!</li>
+
+	<li><b>Multi-threaded SMP architecture</b> capable of executing the
+	  kernel in parallel on multiple processors, and with <b>kernel
+	  preemption</b>, allowing high priority kernel tasks to preempt
+	  other kernel activity, reducing latency.  This includes a
+	  <b>multi-threaded network stack</b> and a <b>multi-threaded
+	  virtual memory subsystem</b>.  With FreeBSD 6.x, support for a
+	  fully parallel VFS allows the UFS file system to run on multiple
+	  processors simultaneously, permitting load sharing of
+	  CPU-intensive I/O optimization.</li>
+
+	<li><b>M:N application threading via pthreads</b> permitting threads
+	  to execute on multiple CPUs in a scaleable manner, mapping many user
+	  threads onto a small number of <b>Kernel Schedulable Entities</b>.
+	  By adopting the <b>Scheduler Activation</b> model, the threading
+	  approach can be adapted to the specific requirements of a broad
+	  range of applications.</li>
+
 	<li><b>Netgraph pluggable network stack</b> allows developers to
 	  dynamically and easily extend the network stack through clean
 	  layered network abstractions.  Netgraph nodes can implement a broad
 	  range of new network services, including encapsulation, tunneling,
-	  encryption, and performance adaptation.</li>
+	  encryption, and performance adaptation.  As a result, rapid
+	  prototyping and production deployment of enhanced network services
+	  can be performed far more easily and with fewer bugs.</li>
 
 	<li><b>TrustedBSD MAC Framework extensible kernel security</b>,
 	  which allows developers to customize the operating system security
 	  model for specific environments, from creating hardening policies
 	  to deploying mandatory labeled confidentiality of integrity
-	  policies.</li>
+	  policies.  Sample seucrity policies include <b>Multi-Level
+	  Security (MLS)</b>, and <b>Biba Integrity Protection</b>.  Third
+	  party modules include <b>SEBSD</b>, a FLASK-based implementation
+	  of <b>Type Enforcement</b>.</li>
 
 	<li><b>GEOM pluggable storage layer</b>, which permits new storage
 	  services to be quickly developed and cleanly integrated into the
@@ -109,6 +125,11 @@
 	  making it possible to layer services such as RAID and volume
 	  management easily.</li>
 
+	<li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
+	  strong cryptographic protection using the GEOM Framework, and can
+	  protect file systems, swap devices, and other use of storage
+	  media.</li>
+
 	<li><b>Kernel Queues</b> allow programs to respond more efficiently
 	  to a variety of asynchronous events including file and socket IO,
 	  improving application and system performance.</li>
@@ -127,8 +148,14 @@
     <blockquote>
       <p>The FreeBSD developers are as concerned about security as they are
 	about performance and stability.  FreeBSD includes kernel support for
-	stateful IP firewalling, as well as other services, such as IP proxy
-	gateways.</p>
+	<b>stateful IP firewalling</b>, as well as other services, such as
+	<b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
+	access control</b>, <b>jail-based virtual hosting</b>, and
+	<b>cryptographically protected storage</b>.  These features can be
+	used to support highly secure hosting of mutually untrusting
+	customers or consumers, the strong partitioning of network segments,
+	and the construction of secure pipelines for information scrubbing
+	and information flow control.</p>
 
       <p>FreeBSD also includes support for encryption software, secure
 	shells, Kerberos authentication, "virtual servers" created using