NOTE: this page will be updated when
more detailed information is available.
Please note that Day 1 is for tutorials and meetings only. Separate registration is required.
No exhibition and no paper session for unregistered attendees.
Please note that Day 2 is for tutorials and meetings only. Separate registration is required.
No exhibition and no paper session for unregistered attendees.
| Room A | Room B | Room C |
09:50 - 10:00 |
Openning |
10:00 - 10:45 |
P01A: Introducing XC, a FreeBSD Container Runtime Yan Ka, Chiu
- Abstract
Although the lack of a formal definition and being a heavily overloaded term, container and containerization has become increasingly popular and essential in DevOps and modern software engineering. The philosophical discussion of what containers are is out of the scope of this paper; modern container technologies share a few common properties/components which allow them to be useful. First is the ability to run processes in heavily decoupled environments via OS-level virtualization (such as Jail, Zone) or resource visibility controls (Linux namespace).
Second is the ability to distribute self-contained, dependless images efficiently. Running in decoupled environments ensures unrelated processes can run orthogonally; the ability to distribute dependless images streamlines the distribution process and allows reliable orchestration. On FreeBSD, the ability to run applications in the decoupled environment is nothing new. In fact, FreeBSD is the first platform to implement OS-level virtualization. Many tools, such as ocage, bastille,and zjailare available to create and manage Jails and allow applications to run in an isolated environment.
Some even have the ability to bootstrap the containerized environment via user-provided formulations, such as ocage plugin and Bastillefile. However, the support for self-contained, distributable images on FreeBSD receives considerably less attention. Furthermore, modern container workflow builds upon creating ephemeral containers to capture the state of running applications, in which the container itself gets released when the application terminates. In contrast, in the ecosystem of existing Jail solutions, jails are created as lightweight, long-lasting virtual machines.
As container becomes more popular, toolings surrounding the existing, Linux-centric container ecosystem becomes more inclusive and standardized to support other platforms and architectures, such as Windows containers. Such effort enables the possibility of utilizing the toolings and commercially available platforms to host FreeBSD container images and increase the accessibility of FreeBSD technologies. This paper presents xc, a container runtime for FreeBSD with the goal of building, managing, and distributing FreeBSD containers for industrial use.
- Speaker
- Yan Ka, Chiu, nyan@myuji.xyz
|
P01B: Jitsi on OpenBSD - Puffy Presents Video Conferencing Philipp Buhler
- Abstract
This paper will cover all bits and bolts to fully understand the components at play, their intercommunications and how this knowledge can be used to create a Jitsi-on-OpenBSD setup that features a restricted (compartmentalized) setup using dedicated machines or -as shown- VMM based VMs, where each VM runs only one of the components.
It’ll be documented what’s necessary to create a sensible pf.conf on the host, on each VM and how to add system and application specific startup parameters and configuration of each component.
- Speaker
- Philipp Buhler, sysfive.com GmbH, pb-openbsd@sysfive.com
|
P01C: FreeBSD Enablement on Azure ARM64 Souradeep Chakrabarti
- Abstract
In recent years Azure has started offering ARM SKUs and Windows and Linux are already available in Azure marketplace. ARM is becoming popular for low cost, low power and cost to performance ratio. This paper describes the work to enable FreeBSD on ARM64 Azure and also enabling PCI passthrough feature of Azure ARM64 in FreeBSD. This enables high I/O performance to FreeBSD in Azure ARM SKU with accelerated networking.
- Speaker
- Souradeep Chakrabarti, Microsoft, souradch@gmail.com
|
11:00 - 11:45 |
P02A: So You Want to Add A System Call? Brooks Davis
- Abstract
Adding a new system call is notionally simple, but there are numerous edge cases that can confuse even senior developers. In this paper I cover the process of adding a system call including special handing for ABI compatibility layers like freebsd32. I also cover the extra requirements to support upcoming CHERI-extended architectures.
- Speaker
- Brooks Davis, SRI International, brooks.davis@sri.com
|
P02B: Hardening Emulated Devices in OpenBSD's vmd(8) Hypervisor Dave Voutila
- Abstract
The 2010s brought commoditization of hardware-assisted virtualization
as now most consumer operating systems and computers ship with both
support in hardware as well as Type-2 hypervisors. With hypervisors
comes the need for emulated devices to provide virtual machines
interfaces to the outside world, including network cards, disk
controllers, and even hardware random number generators. However,
hypervisors are still software programs and consequently subject to
buffer overflow and stack smashing attacks like any other. Previous
research has shown a common weak point in hypervisors to be these very
emulated devices where exploits enable ``guest to host escapes'', the
most famous being an exploit of an emulated floppy disk controller.
This paper provides an experimental approach with OpenBSD's Type-2
hypervisor (vmd) for isolating emulated devices using the privilege
dropping and separation capabilities available in OpenBSD 7.3 to
mitigate techniques for turning memory bugs into guest-to-host
hypervisor escapes.
- Speaker
- Dave Voutila, OpenBSD, dv@sisu.io
|
P02C: State of pfSense Jim Thompson
- Abstract
- TBA
- Speaker
- Jim Thompson, Netgate, jim@netgate.com
|
12:00 - 13:30 |
Lunch (bento box lunch in Room C) |
13:30 - 14:15 |
P03A: bhyve - Improvements and Comparison for the Live Migration Feature for the Wired and Non-Wired Guests Maria-Elena Mihailescu
- Abstract
Nowadays, one of the most important aspects when it comes to cluster and grid management is client’s services availability. When a cluster node fails or various maintenance operations need to be done, the virtual machines are usually live migrated on other nodes.
FreeBSD is an operating system that is mainly used in server environments. Nevertheless, its hypervisor, bhyve, does not have a live migration feature added in upstream, yet. However, progress towards adding live migration support was made in the last years by the students of University Politehnica of Bucharest. This paper presents the latest changes proposed by the students of the same university, and measures the impact of these changes compared to the previous implementation.
- Speaker
- Maria-Elena Mihailescu, University Politehnica of Bucharest, maria.mihailescu@upb.ro
|
P03B: Highly Available WANs With OpenBSD Marko Cupac
- Abstract
I would like to share my battle tested (over 3 years in production), highly available WAN setup based exclusively on components of OpenBSD base system. In this setup, ~30 branch office (spoke) firewalls connect to a pair of (hub) CARP firewalls over two Internet links, each in its own separate rdomain. Traffic is tunnelled by GRE, protected by transport mode IPsec. Dynamic routing and failover are provided by OSPF.
I plan to show detailed network diagrams along with addressing schemes, as well as all the configuration file templates needed for such setup.
Components used in this setup are: carp, bgpd, ospfd, pf, pfsync, gre, isakmpd, ipsec, rdomain.
- Speaker
- Marko Cupac, Kappa Star LTD, marko.cupac@mimar.rs
|
JNUG Exhibition (togetter AsiaBSDCon2023 & OSC2023spring NetBSD booth) Jun Ebihara
|
14:30 - 15:15 |
P04A: Increasing bhyve Support for Multiple Disk Images Sergiu Weisz
- Abstract
In order to add support for multiple disk formats in bhyve we had to find a
modular way in order to do this. To this end, we have integrated bhyve
together with the libvdsk library \cite{libvdsk}. This library is used as an
abstraction layer between the IO calls made by bhyve and the actual
implementations for each image disk type. Once we have added the libvdsk calls
to bhyve and removed the implementation for the regular, RAW, disk, we have
implemented stub functions for different disk types.
By adding support for QCOW2, VMDK, VHDX and VDI using VDI we are able to make
bhyve a more well rounded tool for both consumer level users who do not need
to convert their downloaded or existing VMs to the raw format and for the
cloud system administrators, because they are able to take advantage of other
disk format's features, such as disk checkpoints and copy-on-write.
Finally, the paper's goal is to compare the results of all the
implementations to the implementations in QEMU, VMware and VirtualBox and to
highlight the work that has been done in order to push for the merging of the
code in bhyve upstream code base.
- Speaker
- Sergiu Weisz, University POLITEHNICA of Bucharest, sergiu.weisz@upb.ro
|
P04B: if_ovpn, OpenVPN Data Channel Offload Kristof Provost
- Abstract
if_ovpn is the FreeBSD implementation of OpenVPN’s Data Channel Offload (DCO) technology. It optimises the OpenVPN data flow for increased VPN performance.
This work was paid for by Netgate, and can be found in Netgate’s pfSense plus products.
In this paper we discuss the advantages and disadvantages of DCO as well as some of the if_ovpn design choices.
- Speaker
- Kristof Provost, FreeBSD, kp@FreeBSD.org
|
15:30 - 16:15 |
P05A: bhyve Debug Server Enhancements Bojan Novkovic
- Abstract
bhyve is a modern type 2 hypervisor orig- inally developed for FreeBSD. Among many function- alities, it also features an embedded GDB debugging server used to debug virtual machines using a remote or local GDB client. Unfortunately, several existing features related to virtual machine debugging are tied to Intel-specific mechanisms, which severely impairs bhyve’s debugging functionality on other platforms.
This paper provides an overview of the debugging features added to bhyve’s debugging server as a part of a Google Summer Of Code 2022. project with the FreeBSD project. We provide an overview of the design and implementation of a generic x86 single-stepping mechanism and support for debugging the virtual ma- chine using its hardware watchpoint registers.
- Speaker
- Bojan Novkovic, Croatia University of Zagreb, bojan.novkovic@fer.hr
|
P05B: Boosting IPsec and VPN Performance in pfSense Software with IIMB Leon Dang
- Abstract
OpenCrypto Framework (OCF) in FreeBSD abstracts the underlying cryptography implementation by providing a set of API functions for in-kernel data encryption, decryption and hashing. The drivers of these functions come from a variety of cryptographic providers which range from software instructions to hardware accelerators.
This paper describes the utility of an engine which replaces OCF and its integration of Intel Multi-Buffer Crypto for IPsec Library (IIMB) as the provider for AES-GCM, AES-CBC and ChaCha20-Poly1305 ciphers, offering reduced CPU overhead and significantly improved performance of pfSense supported VPNs. The solution was developed for both x86-64 and ARM-64 architectures.
- Speaker
- Leon Dang, Netgate, ldang@netgate.com
|
18:30 - 20:30 |
Banquet (in Matsuya Salon, Tokyo Daijingu) |
| Room A | Room B | Room C |
10:00 - 10:45 |
P06A: NGINX Unit -- A Modern Application Server Sergey Osokin
- Abstract
Today the main focus of modern applications is slightly different then it was five years ago. The micro-services paradigm helps to split a legacy monolithic application into different parts, and cloud infrastructure makes it easy to scale up and down, both for the whole application and for those specific parts that require additional power. These changes add other components, such as cache server, reverse proxies, and load balancers, and introduce new communication channels between all of those parts. These aspects are indefinitely important for modern applications.
This paper introduces the NGINX Unit dynamic application server and describes its implementation approach and architectural goals.
- Speaker
- Sergey Osokin, FreeBSD Project, osa@FreeBSD.org
|
P06B: POWER Architecture Support in FreeBSD Piotr Kubaj
- Abstract
IBM POWER processors are designed primarily for server market. With POWER9, there has been renewed interest in them, due to the use of open-source firmware and focus on security and control of the hardware. Because of that, support for them has been improving steadily in FreeBSD. FreeBSD supports four POWER architecture and this paper describes recent improvements (since 13.0-RELEASE) and ongoing challenges for powerpc, powerpc64 and powerpc64le, for both the Ports tree and the base system.
- Speaker
- Piotr Kubaj, FreeBSD Project, pkubaj@FreeBSD.org
|
P06C: Configuration Management Solutions Allow Automation of Services on FreeBSD Roller Angel
- Abstract
Track your BSD machine configuration settings and automate complex deployment tasks involving multiple running services on FreeBSD with configuration management software. The utility of configuration management tools is incredible, no longer must one type each command separately into each machine they need to control. There is powerful software available, written in Python, that allows the Systems Administrator to configure the state of a machine including what files and services the machine may need and allow the manual task of logging into each machine to type commands, enable services, edit files and various other tasks to be automated. Now your BSD machines can all be controlled from one machine, the System Administrators workstation or a dedicated host controller running configuration management software such as Ansible or SaltStack. Each of these configuration management solutions provide methods of automating the deployment of various services on BSD operating systems.
In this talk I will cover using Ansible and SaltStack to control local and remote FreeBSD machines. This talk will include a handful of demos showing the ease of using Ansible and SaltStack to do useful deployments on FreeBSD machines. One of the demos will showcase a freebsd-update caching server one can use to allow the network to cache freebsd-update files so that they are only downloaded the first time they are accessed by one of the machines on the network and the rest of the machines will not be required to fetch the files themselves from the internet, they’ll use the local freebsd-cache server that has stored the files for them to use. Not only does this reduce the bandwidth used from the FreeBSD Project update servers, but this deployment of a local update caching server also speeds up the FreeBSD OS update process as the files are available locally and distributed very quickly to the hosts on the local network. It doesn’t matter where you decide to host your BSD machine, the solutions I will discuss are able to make the daily life of a System Administrator much easier. They will have the confidence that their configuration changes will be implemented properly and not worry about forgetting to do required tasks after performing updates to important services. Having your machines running reliably allows one to focus on writing new tasks to add features to your servers and saves time by not having to repeat the many common tasks one is accustomed to when administering BSD machines. FreeBSD pairs very well with Python web applications and another demo of one of these web applications will be discussed. I will walk through various concepts used to make all the necessary configuration changes to deploy a full stack web application including configuring PostgreSQL, Nginx, Let’s Encrypt, Python’s FastAPI all on FreeBSD. Finally, another useful application that configures all the services necessary for a router and firewall will be discussed in depth so one will see what is involved in deploying these services on FreeBSD.
- Speaker
- Roller Angel, deepstack Powered by Banc of California, roller@bsd.pw
|
11:00 - 11:45 |
P07A: VT-IME: Input Method Editor in FreeBSD vt(4) Fan Chung
- Abstract
In this paper, we present vt-ime, a environment for users to input CJK characters in FreeBSD virtual terminal vt(4).
- Speaker
- Fan Chung, National Yang Ming Chiao Tung University, thesummernightcat@gmail.com
|
P07B: The FreeBSD Appliance: Leveraging FreeBSD and Strategic Scripting to Deliver Storage and Virtualization Services Michael Dexter
- Abstract
The FreeBSD Operating System has traditionally been viewed as a complete server and desktop solution or a collection of core components for commercial appliance development. It has benefited from decades of academic, volunteer, and vendor contribution of core components including its TCP/IP stack, multiple packet filters, Jail containers, the CAM/CTL storage infrastructure, VNET and Netgraph virtual network stacks, the OpenZFS file system and volume manager, and the bhyve hypervisor, all with a unified source tree and build environment. Many of these components have enabled high-profile storage and networking product ecosystems but less-obvious developments are regularly occurring: FreeBSD is experiencing extensive refinement in addition to major feature development, making for an unprecedented "out of the box" user experience.
This paper describes the new abilities enabled by these small and seemingly-unrelated features and their ability to reduce the need for highly-customized FreeBSD appliance distributions. It will also describe strategies for following the "CURRENT" development branch of FreeBSD without becoming a full-time release engineer. Finally, it will outline how contemporary FreeBSD provides a meaningful storage and virtualization platform with minimal supplementary utilities.
- Speaker
- Michael Dexter, Call For Testing, editor@callfortesting.org
|
- |
12:00 - 13:30 |
Lunch (bento box lunch in Room C) |
13:30 - 14:30 |
K01: SDF.ORG---36 Years of Obscurity Stephen M. Jones
- Abstract
- 愛おぼえていますか? Stories of how a little anime themed electronic bulletin board system
running on an Apple ][e still exists today thanks to NetBSD.
- Speaker
- Stephen M. Jones is one of the caretakers for SDF.ORG and was introduced to NetBSD through his mentor Eric Schnoebelen.
|
JNUG Exhibition (togetter AsiaBSDCon2023 & OSC2023spring NetBSD booth) Jun Ebihara
|
14:45 - 15:30 |
P08A: ZFS Data Path, Caching and Performance Alexander Motin
- Abstract
ZFS is a modern copy-on-write file system, depending on data caching and non-trivial amount of data transformation as part of I/O. This presentation, targeted on system administrators and performance engineers, describes the full data path during read and write operations between user-space application and disks through the multiple cache levels and different threads of ZFS. It covers some design decisions behind the current implementation and its performance characteristics, illustrating it with respective CPU profiles.
- Speaker
- Alexander Motin, iXsystems, mav@FreeBSD.org
|
P08B: Add Operating Modes to wtap(4) En-Wei Wu
- Abstract
Wtap, an 802.11 hardware simulator for testing net80211(4), originally supported 802.11s mesh mode and we have enhanced it to support more operating modes, enabling more thorough testing of net80211(4). In addition, we have improved the frame-capture capability by providing more information about 802.11 frames. To facilitate automatic testing, we have written an atf-sh(3) test script for wtap(4) that can perform tests in every operating mode unit.
- Speaker
- En-Wei Wu, National Cheng Kung University, enweiwu@freebsd.org
|
15:45 - 16:30 |
P09A: Lessons from Static Analysis of OpenZFS Richard Yao
- Abstract
ZFS is a modern copy-on-write filesystem designed for data integrity that has earned a reputation for high reliability. It originated in OpenSolaris and has been ported to FreeBSD, Linux, MacOS, NetBSD, OSv and Windows. It is widely deployed on Linux and FreeBSD, where the codebase for both platforms has been unified through the OpenZFS repository. Quality Assurance is paramount in OpenZFS. This has traditionally been done through a mix compiler diagnostics, code review, regression tests and stochastic testing. Static analysis, a technique that can identify bugs before code is executed, has increasingly been used to complement the more traditional practices. This paper describes lessons learned from the use of static analysis in OpenZFS.
- Speaker
- Richard Yao, Klara Systems, Inc., richard.yao@klarasystems.com
|
P09B: Dynamic Host Configuration, please Florian Obser
- Abstract
Smartphones are always online devices in urban areas. They are even mostly online in rural areas. They deal with many different kinds of networks with only minimal configuration from the user. This paper will cover how we achieved a similar user experience on OpenBSD laptops. We will cover how we remember past visited Wi-Fi networks, automatically configuring IPv4 and IPv6 addresses and dealing with DNS in challenging network environments. We will also point out security measurements we put in place while dealing with untrusted networks.
- Speaker
- Florian Obser, OpenBSD Project, florian@openbsd.org
|
16:45 - 17:45 |
Work-in-Progress Session
|
17:45 |
Closing |