Table of Contents
It is impossible to list every single improvement to NetBSD since the previous release 1.6, or even since version 1.0. However, a summary of the major new features in NetBSD 2.0 are below.
Besides SMP support for the NetBSD/i386 port (see below), native thread support was one of the major goals for NetBSD 2.0, and it was implemented via Scheduler Activations. Applications which support native threads can now take full advantage of the high-performance NetBSD POSIX threads implementation. See the pthread(3) manpage for more information.
Multi-threading provides application-level parallelism; multiple threads within the same process can run concurrently on different CPUs; concurrency requires kernel support for threads, which is what Scheduler Activations provides.
Scheduler Activations is an efficient method of mapping N userland threads to M kernel threads which avoids both the concurrency problems of N:1 implementations and the scalability problems of 1:1 implementations.
kqueue provides a stateful and efficient event notification framework. Currently supported events include socket, file, directory, fifo, pipe, tty and device changes, and monitoring of processes and signals. See the kqueue(2) manpage for more information.
kqueue is supported by all writable filesystems in the NetBSD tree (with the exception of Coda) and all device drivers supporting poll(2).
The systrace facility monitors and controls application's access to the system by enforcing access policies for system calls. The systrace utility might be used to trace an untrusted application's access to the system. In addition, it can be used to protect the system from software bugs (such as buffer overflows) by constraining a daemon's access to the system. See the systrace(1) manpage for details.
The privilege elevation feature of systrace can be used to obviate the need to run large, untrusted programs as root when only one or two system calls require the elevated privilege, implementing a very flexible “jails”.
FreeBSD's UFS2 has been ported to NetBSD. UFS2 is an extension to FFS, adding 64 bit block pointers and support for extended file storage. Among other enhancements, UFS2 is better suited for file systems larger than 1 Terabyte.
Improvements have been made to NetBSD's Linux emulation to support the latest Sun JDK/JRE for Linux. Testing has shown that it now runs as well as it does on Linux natively.
As the name suggests, Verified Exec verifies a cryptographic hash before allowing execution of binaries and scripts.
This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. In addition, Verified Exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use.
See the verifiedexec(4) and veriexecctl(8) manpages for more information.
The cryptographic disk driver
(cgd) can be used to encrypt disks or
partitions, using some strong encryption algorithms, like AES
(Rijndael) and Blowfish, and be configured to encrypt swap as
well. See Chapter 14, The cryptographic device driver (CGD), and the cgd(4) and
cgdconfig(8) manpages for more details.
NetBSD 2.0 enforces non-executable mappings on many platforms. This means that parts of the stack and heap are made non-executable when they are marked writable. This makes exploiting potential buffer overflows harder.
NetBSD 2.0 supports a new toolchain based on gcc 3.3.3 and binutils 2.14. gcc 3.3.3 adds support for a number of CPU targets and greatly improved support for i386 and other targets. New platforms supported by gcc 3.3.3 has enabled the porting of NetBSD to even more architectures.
NetBSD 2.0 has been optimized heavily during the development process. These are some of the scalability improvements:
The memory allocation scheme for the buffer cache, which is used for caching file system meta data, has been rewritten. The buffer cache can now use up to 15% of the physical memory in the default configuration (tunable via sysctl(8)).
Socket buffer insertion is now O(C). This can provide a substantial performance boost to some applications which use large socket buffers.
i386 pmap(9) now uses a splay tree instead of linked lists, making fork(2) scale much better as the number of processes increases.
A red-black tree is now being used to find entries in vm_map. This speeds up memory allocation, and memory referencing if there are many vm_map entries.
The Hitachi SuperH SH-5 is a bi-endian, 32 and 64-bit capable CPU, and this is a new port to the SH-5 Cayman evaluation board. Support for a number of generic, machine-independent device drivers including audio, SCSI and ethernet cards is present.
Having Symmetrical Multiprocessing (SMP) available on the i386 port was the second major goal for the NetBSD 2.0 release (besides native threads), and it is achieved. The i386 also has a new ACPI and power management framework which takes advantage of Intel's ACPI implementation.
SMP is now supported on macppc. Hardware support for newer G4 models has been added.
pkgsrc has been significantly expanded and now contains over 5000 packages. A number of new platforms are supported, including Solaris, Linux, Darwin, FreeBSD, OpenBSD, DragonFlyBSD and Irix. Support for various other platforms (among them AIX, BSD/OS and HP-UX) is currently being worked on thanks to our new, portable bootstrap kit which makes it much simpler to port pkgsrc support to new operating systems.