diff --git a/en/features.sgml b/en/features.sgml index ce2a260a7e..0a1b493c9c 100644 --- a/en/features.sgml +++ b/en/features.sgml @@ -1,5 +1,5 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" [ -<!ENTITY date "$FreeBSD: www/en/features.sgml,v 1.22 2004/11/17 21:54:32 rushani Exp $"> +<!ENTITY date "$FreeBSD: www/en/features.sgml,v 1.23 2004/12/01 01:04:55 rwatson Exp $"> <!ENTITY title "About FreeBSD's Technological Advances"> <!ENTITY % includes SYSTEM "includes.sgml"> %includes; ]> @@ -62,26 +62,10 @@ operations and uses this information to cache meta-data, rewrite meta-data operations to combine subsequent operations on the same files, and reorder meta-data - operations so that they may be processed more efficiently.</li> - - <li><b>Support for IPsec and IPv6</b> allows improved security in - networks, and support for the next-generation Internet Protocol, - IPv6. The FreeBSD IPSEC implementation includes support for a - broad range of accelerated crypto hardware.</li> - - <li><b>Multi-threaded SMP architecture</b> capable of executing the - kernel in parallel on multiple processors, and with <b>kernel - preemption</b>, allowing high priority kernel tasks to preempt - other kernel activity, reducing latency. This includes a - <b>multi-threaded network stack</b> and a <b>multi-threaded - virtual memory subsystem</b>.</li> - - <li><b>M:N threading application threading</b> permitting threads to - execute on multiple CPUs in a scaleable manner, mapping many user - threads onto a small number of <b>Kernel Schedulable Entities</b>. - By adopting the <b>Scheduler Activation</b> model, the threading - model can be adapted to the specific requirements of a broad range - of applications.</li> + operations so that they may be processed more efficiently. + Features such as background filesystem checking and + file system snapshots are built on the consistency + and performance foundations of soft updates.</li> <li><b>File system snapshots</b>, permitting administrators to take atomic file system snapshots for backup purposes using the free @@ -90,17 +74,49 @@ waiting on file system cleanup operations following power outages. </li> + <li>Support for <b>IP Security (IPsec)</b> allows improved security in + networks, and support for the next-generation Internet Protocol, + IPv6. The FreeBSD IPSEC implementation includes support for a + broad range of <b>accelerated crypto hardware</b>.</li> + + <li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack + allows FreeBSD to be seamlessly integrated into next generation + networking environments. FreeBSD even ships with many applications + extended to support IPv6!</li> + + <li><b>Multi-threaded SMP architecture</b> capable of executing the + kernel in parallel on multiple processors, and with <b>kernel + preemption</b>, allowing high priority kernel tasks to preempt + other kernel activity, reducing latency. This includes a + <b>multi-threaded network stack</b> and a <b>multi-threaded + virtual memory subsystem</b>. With FreeBSD 6.x, support for a + fully parallel VFS allows the UFS file system to run on multiple + processors simultaneously, permitting load sharing of + CPU-intensive I/O optimization.</li> + + <li><b>M:N application threading via pthreads</b> permitting threads + to execute on multiple CPUs in a scaleable manner, mapping many user + threads onto a small number of <b>Kernel Schedulable Entities</b>. + By adopting the <b>Scheduler Activation</b> model, the threading + approach can be adapted to the specific requirements of a broad + range of applications.</li> + <li><b>Netgraph pluggable network stack</b> allows developers to dynamically and easily extend the network stack through clean layered network abstractions. Netgraph nodes can implement a broad range of new network services, including encapsulation, tunneling, - encryption, and performance adaptation.</li> + encryption, and performance adaptation. As a result, rapid + prototyping and production deployment of enhanced network services + can be performed far more easily and with fewer bugs.</li> <li><b>TrustedBSD MAC Framework extensible kernel security</b>, which allows developers to customize the operating system security model for specific environments, from creating hardening policies to deploying mandatory labeled confidentiality of integrity - policies.</li> + policies. Sample seucrity policies include <b>Multi-Level + Security (MLS)</b>, and <b>Biba Integrity Protection</b>. Third + party modules include <b>SEBSD</b>, a FLASK-based implementation + of <b>Type Enforcement</b>.</li> <li><b>GEOM pluggable storage layer</b>, which permits new storage services to be quickly developed and cleanly integrated into the @@ -109,6 +125,11 @@ making it possible to layer services such as RAID and volume management easily.</li> + <li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides + strong cryptographic protection using the GEOM Framework, and can + protect file systems, swap devices, and other use of storage + media.</li> + <li><b>Kernel Queues</b> allow programs to respond more efficiently to a variety of asynchronous events including file and socket IO, improving application and system performance.</li> @@ -127,8 +148,14 @@ <blockquote> <p>The FreeBSD developers are as concerned about security as they are about performance and stability. FreeBSD includes kernel support for - stateful IP firewalling, as well as other services, such as IP proxy - gateways.</p> + <b>stateful IP firewalling</b>, as well as other services, such as + <b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory + access control</b>, <b>jail-based virtual hosting</b>, and + <b>cryptographically protected storage</b>. These features can be + used to support highly secure hosting of mutually untrusting + customers or consumers, the strong partitioning of network segments, + and the construction of secure pipelines for information scrubbing + and information flow control.</p> <p>FreeBSD also includes support for encryption software, secure shells, Kerberos authentication, "virtual servers" created using