======================================================================
= NetBSD =
======================================================================
Introduction
======================================================================
NetBSD is a free and open-source Unix-like operating system based on
the Berkeley Software Distribution (BSD). It was the first open-source
BSD descendant officially released after 386BSD was forked. It
continues to be actively developed and is available for many
platforms, including servers, desktops, handheld devices, and embedded
systems.
The NetBSD project focuses on code clarity, careful design, and
portability across many computer architectures. Its source code is
publicly available and permissively licensed.
History
======================================================================
NetBSD was originally derived from the 4.3BSD-Reno release of the
Berkeley Software Distribution from the Computer Systems Research
Group of the University of California, Berkeley, via its Net/2 source
code release and the 386BSD project. The NetBSD project began as a
result of frustration within the 386BSD developer community with the
pace and direction of the operating system's development. The four
founders of the NetBSD project, Chris Demetriou, Theo de Raadt, Adam
Glass, and Charles Hannum, felt that a more open development model
would benefit the project: one centered on portable, clean, correct
code. They aimed to produce a unified, multi-platform,
production-quality, BSD-based operating system. The name "NetBSD" was
chosen based on the importance and growth of networks such as the
Internet at that time, and the distributed, collaborative nature of
its development.
The NetBSD source code repository was established on 21 March 1993 and
the first official release, NetBSD 0.8, was made on 19 April 1993.
This was derived from 386BSD 0.1 plus the version 0.2.2 unofficial
patchkit, with several programs from the Net/2 release missing from
386BSD re-integrated, and various other improvements. The first
multi-platform release, NetBSD 1.0, was made in October 1994, and
being updated with 4.4BSD-Lite sources, it was free of all legally
encumbered 4.3BSD Net/2 code. Also in 1994, for disputed reasons, one
of the founders, Theo de Raadt, was removed from the project. He later
founded a new project, OpenBSD, from a forked version of NetBSD 1.0
near the end of 1995.
In 1998, NetBSD 1.3 introduced the pkgsrc packages collection.
Until 2004, NetBSD 1.x releases were made at roughly annual intervals,
with minor "patch" releases in between. From release 2.0 onwards,
NetBSD uses semantic versioning, and each major NetBSD release
corresponds to an incremented major version number, i.e. the major
releases following 2.0 are 3.0, 4.0 and so on. The previous minor
releases are now divided into two categories: 'x.y' "stable"
maintenance releases and 'x.y.z' releases containing only security and
critical fixes.
NetBSD used to ship with twm as a preconfigured graphical interface
(window manager); in 2020 (version 9.1) this was changed to the more
modern and versatile CTWM.
Portability
=============
As the project's motto ('"Of course it runs NetBSD"' ) suggests,
NetBSD has been ported to a large number of 32- and 64-bit
architectures. These range from VAX minicomputers to Pocket PC PDAs.
NetBSD has also been ported to several video game consoles such as the
Sega Dreamcast and the Nintendo Wii. As of 2019, NetBSD supports 59
hardware platforms (across 16 different instruction sets). The kernel
and userland for these platforms are all built from a central unified
source-code tree managed by CVS. Currently, unlike other kernels such
as μClinux, the NetBSD kernel requires the presence of an MMU in any
given target architecture.
NetBSD's portability is aided by the use of hardware abstraction layer
interfaces for low-level hardware access such as bus input/output or
DMA. Using this portability layer, device drivers can be split into
"machine-independent" (MI) and "machine-dependent" (MD) components.
This makes a single driver easily usable on several platforms by
hiding hardware access details, and reduces the work to port it to a
new system.
This permits a particular device driver for a PCI card to work without
modifications, whether it is in a PCI slot on an IA-32, Alpha,
PowerPC, SPARC, or other architecture with a PCI bus. Also, a single
driver for a specific device can operate via several different buses,
like ISA, PCI, or PC Card.
This platform independence aids the development of embedded systems,
particularly since NetBSD 1.6, when the entire toolchain of compilers,
assemblers, linkers, and other tools fully support cross-compiling.
In 2005, as a demonstration of NetBSD's portability and suitability
for embedded applications, Technologic Systems, a vendor of embedded
systems hardware, designed and demonstrated a NetBSD-powered kitchen
toaster.
Commercial ports to embedded platforms were available from and
supported by Wasabi Systems, including platforms such as the AMD Geode
LX800, Freescale PowerQUICC processors, Marvell Orion, AMCC 405 family
of PowerPC processors, and the Intel XScale IOP and IXP series.
Portable build framework
==========================
The NetBSD cross-compiling framework (also known as "build.sh") lets a
developer build a complete NetBSD system for an architecture from a
more powerful system of different architecture (cross-compiling),
including on a different operating system (the framework supports most
POSIX-compliant systems). Several embedded systems using NetBSD have
required no additional software development other than toolchain and
target rehost.
As of 2017, NetBSD had reached fully reproducible builds on amd64 and
SPARC64. The build.sh -P flag handles reproducible builds
automatically.
The pkgsrc packages collection
================================
NetBSD features 'pkgsrc' (short for "package source"), a framework for
building and managing third-party application software packages. The
pkgsrc collection consists of more than 20,000 packages as of .
Building and installing packages such as Lumina, KDE, GNOME, the
Apache HTTP Server or Perl is performed through the use of a system of
makefiles. This can automatically fetch the source code, unpack,
patch, configure, build and install the package such that it can be
removed again later. An alternative to compiling from source is to use
a precompiled binary package. In either case, any
prerequisites/dependencies will be installed automatically by the
package system, without need for manual intervention.
pkgsrc is a cross-platform packaging system, for it supports not only
NetBSD, but can be used on several other Unices, among which macOS,
Solaris and Linux are considered primary targets. Other BSDs, HP-UX,
Minix, SCO UNIX (Unixware and OpenServer) and QNX have a number of
active pkgsrc users but do not receive active maintenance.
pkgsrc is the default package management system on SmartOS and
Minix3.
It was also previously adopted as the official package management
system for DragonFly BSD, and made available as an alternative
packaging framework on MirBSD and QNX.
Symmetric multiprocessing
===========================
NetBSD has supported SMP since the NetBSD 2.0 release in 2004, which
was initially implemented using the giant lock approach.
During the development cycle of the NetBSD 5 release, major work was
done to improve SMP support; most of the kernel subsystems were
modified to use the fine-grained locking approach. New synchronization
primitives were implemented and scheduler activations was replaced
with a 1:1 threading model in February 2007. A scalable M2 thread
scheduler was also implemented, providing separate real-time (RT) and
time-sharing (TS) queues, and improving the performance on MP systems.
Threaded software interrupts were implemented to improve
synchronization. The virtual memory system, memory allocator and trap
handling were made MP safe. The file system framework, including the
VFS and major file systems were modified to be MP safe. As of NetBSD
10.0, the only subsystems running with a giant lock are SATA device
drivers, interrupt handlers, the autoconf(9) framework and most the
network stack, unless the NET_MPSAFE kernel option is enabled.
In reality, starting with release 8.0, various parts of the network
stack have been made MP safe already, but NET_MPSAFE is kept disabled
by default, because non-MP-safe components that are also unprotected
by the giant lock may otherwise crash the kernel when loaded in
memory.
The 4.4BSD scheduler still remains the default, but was modified to
scale with SMP, merging features from SCHED_M2.
In 2017, the scheduler was changed to better distribute load of
long-running processes on multiple CPUs, and tunable kern.sched
sysctl(3) parameters were introduced. The release of NetBSD 10.0
brought significant performance enhancements, especially on
multiprocessor and multicore systems; the scheduler gained major
awareness of NUMA and hyperthreading, and became able to spread the
load evenly across different physical CPUs, as well as to scale better
on a mixture of slow and fast cores (e.g. ARM big.LITTLE).
Security
==========
NetBSD supports a number of features designed to improve system
security. Some are listed below.
The Kernel Authorization framework (or kauth) is a subsystem managing
all authorization requests inside the kernel, and used as system-wide
security policy. kauth(9) acts as a gatekeeper between kernel's own
routines, by checking whether a given call or a specific operation is
allowed within the context, and returns EPERM if not. Most syscalls
issue an authorization request in their corresponding
handler via kauth_authorize_action(). kauth also allows external
modules to plug-in the authorization process.
Verified Executables (or Veriexec) is an in-kernel file integrity
subsystem in NetBSD. It allows the user to set digital fingerprints
(hashes) of files, and take a number of different actions if files do
not match their fingerprints. For example, one can allow Perl to run
only scripts that match their fingerprints.
Starting with version 2.0, NetBSD supports non-executable mappings on
platforms where the hardware allows it. Process stack and heap
mappings are non-executable by default. This makes exploiting
potential buffer overflows harder.
NetBSD supports PROT_EXEC permission via mmap() for all platforms
where the hardware differentiates execute access from data access,
though not necessarily with single-page granularity.
NetBSD implements several exploit mitigation features, such as ASLR
(in both userland and kernel), restricted mprotect() (W^X) and
Segvguard from the PaX project, and GCC Stack Smashing Protection
(SSP, or also known as ProPolice, enabled by default since NetBSD 6.0)
compiler extensions.
The cryptographic device driver (CGD) provides transparent disk
encryption by acting as a logical device that is layered on top of
another block device, such as a physical disk or partition (including
CDs and DVDs) or a vnd(4) pseudo device. It supports the Adiantum
cipher, besides AES in CBC/XTS modes.
NPF, introduced with NetBSD 6.0, is a layer 3 packet filter,
supporting stateful packet inspection, IPv6, NAT, IP sets, and
extensions. It uses BPF as its core engine, and supports bpfjit. NPF
was designed with a focus on high performance, scalability,
multi-threading and modularity.
Relevant to security are also BSD securelevels, blocklistd(8), a
daemon capable of blocking ports on demand to avoid DoS abuse, and the
wg(4) interface, which provides a homegrown implementation of the
Wireguard protocol.
The NetBSD code is regularly scanned for bugs, and security
advisories -- containing a pointer to the fix -- are published on the
official mailing lists.
Memory management
===================
NetBSD uses the UVM virtual memory system, developed by Charles D.
Cranor at Washington University in 1998, and committed to the NetBSD
source tree by Matthew Green, who handled integration issues and wrote
the swap subsystem.
The original Mach based 4.4BSD system was replaced by UVM in NetBSD
1.4. UVM is designed to reduce the complexity of the 4.4BSD VM
system, and offer improved performance for those applications which
make heavy use of VM features, such as memory-mapped files and
copy-on-write memory.
While retaining the same MD/MI layering and mapping structures of the
BSD VM, UVM introduces some noticeable changes:
* Memory objects are allocated and managed in cooperation with their
backing data source (typically vnodes), reducing the overhead of the
'vm_object' chain management. The vm_page structure describes how the
backing store can be accessed. Essentially, this is a pointer to a
list of functions which act as bridge between UVM and the external
backing store (such as a disk) that provides UVM with its data. UVM's
memory object points directly to the pager operations, making the
allocation of pager-related data structures more efficient.
* Anonymous pages are grouped in multi-page clusters for pageout. Each
page’s location on swap is assigned, so that the cluster occupies a
contiguous chunk of swap and can be paged out in a single large I/O
operation. This enhances paging response time for I/O operations, and
allows UVM to recover quicker from page shortages.
* Memory sharing is supported using three data movement mechanisms:
'page loanout', 'page transfer', and 'map entry passing'. A process
may safely let a shared copy-on-write copy of its memory be used
either by other processes, the I/O system, or the IPC system. The
'unified buffer cache' (ubc(9) ), written by Chuck Silvers, allows to
use UVM pages to cache vnode data rather than the traditional UNIX
buffer cache. This avoids costly data copies, and makes more memory
available for caching regular file data.
In 2003, UVM was modified to use a top-down memory management, thus
merging the space reserved for heap growth and the area of space
reserved for mmap(2)'ed allocations. This allows the heap to grow
larger, or a process to mmap more or larger objects.
Support for RAM hot-plugging was added in 2016. The uvm_hotplug(9) API
replaces the previously exposed vm_physmem static array with a
red-black tree backing to keep track of memory segments, allowing the
list of physical pages to be dynamically expanded or collapsed.
During the release cycle of NetBSD 10.0, major work was done to
optimize the virtual memory system. The page allocator was rewritten
to be more efficient and CPU topology aware, adding preliminary NUMA
support. The algorithm used in the memory page lookup cache was
switched to a faster radix tree. Tracking and indexing of clean/dirty
pages was improved, speeding up fsync(2) on large files by orders of
magnitude. Lock contention was reduced by making the maintentance of
page replacement state more concurrent.
Virtualization
================
The Xen virtual-machine monitor has been supported in NetBSD since
release 3.0. The use of Xen requires a special pre-kernel boot
environment that loads a Xen-specialized kernel as the "host OS"
(Dom0). Any number of "guest OSes" (DomU) virtualized computers, with
or without specific Xen/DomU support, can be run in parallel with the
appropriate hardware resources.
The need for a third-party boot manager, such as GRUB, was eliminated
with NetBSD 5's Xen-compatible boot manager. NetBSD 6 as a Dom0 has
been benchmarked comparably to Linux, with better performance than
Linux in some tests.
As of NetBSD 9.0, accelerated virtualization is provided through the
native type-2 hypervisor NVMM (NetBSD Virtual Machine Monitor).
It provides a virtualization API, libnvmm, that can be leveraged by
emulators such as QEMU.
The kernel NVMM driver comes as a dynamically loadable kernel module,
made of a generic machine-independent frontend, to which
machine-dependent backends can be plugged to implement the core
virtualization (currently only x86 AMD SVM and Intel VMX are
supported). A unique property of NVMM is that the kernel never
accesses guest VM memory, only creating it.
Intel's Hardware Accelerated Execution Manager (HAXM) provides an
alternative solution for acceleration in QEMU for Intel CPUs only,
similar to Linux's KVM.
Rump kernels
==============
NetBSD 5.0 introduced the rump kernel, an architecture to run drivers
in user-space by emulating kernel-space calls. A rump kernel can be
seen as a lightweight, portable virtualized driver execution
environment, characterized by small memory footprint and minimized
attack surface.
The core of a rump kernel contains a set of fundamental routines
which allow it to access the host platform's resources, such as
virtual memory, thread scheduler and I/O functions. This is called the
rampuser(3) hypercall interface.
The various kernel subsystems (e.g. TCP/IP stack, filesystems,
hardware device drivers), globally referred as 'drivers', are layered
on top of the hypercall interface, by being linked against a
stripped-down version of the NetBSD kernel that can be executed in
user mode. Most drivers are optional, and may be included or not
depending on the target application and scope.
This "anykernel" design allows adding support of NetBSD drivers to
other kernel architectures, ranging from exokernels to monolithic
kernels. Other possible applications of rump kernels include deploying
a task-specific unikernel to provide a POSIX API for application
depending on it, running a self-contained database with minimal
footprints, a userspace Wireguard instance, editing the contents of a
file system as unprivileged user, and segregating a web browser to its
own TCP/IP stack.
Rump kernels are also used internally by the NetBSD project for
running tests on different kernel subsystems, as well as for
debugging purposes.
Storage
=========
NetBSD includes many enterprise features like iSCSI, a journaling
filesystem, logical volume management and the ZFS filesystem.
The bio(4) interface for vendor-agnostic RAID volume management
through bioctl has been available in NetBSD since 2007.
Support for software RAID is provided as a port of CMU RAIDframe,
available since NetBSD 1.4.
The ccd(4) driver provides the capability of combining one or more
disks/partitions into one virtual disk, acting as another in-kernel
RAID 0 subsystem.
UFS2, an extension to BSD FFS adding 64-bit block pointers,
variable-sized blocks (similar to extents), and extended flag fields,
was ported from FreeBSD in 2003 and made available since NetBSD 2.0.
The fss(4) snapshot driver was introduced the same year, allowing to
create a read-only, atomic view of a FFS filesystem at a given point
of time; a FFS snapshot works as a special device, which can be
mounted and used in conjunction with utilities like dump(8) to create
and export system backups.
WAPBL, a FFS filesystem extension providing data journaling, was
contributed by Wasabi Systems in 2008. Journaling allows rapid
filesystem consistency after an unclean shutdown, and improves write
performance by reducing synchronous metadata writes, especially when
creating a large number of inodes. Support for soft updates on NetBSD
FFS(v1/2) was eventually removed in favor of WAPBL.
Starting with release 10.0, FFSv2 also supports extended file
attributes and ACLs as well as data TRIM.
The ZFS filesystem developed by Sun Microsystems was imported into the
NetBSD base system in 2009. In 2018, the ZFS codebase was updated and
rebased on FreeBSD's implementation. ZFS was finally marked safe for
daily use in NetBSD 9.0. As of 10.0 release, NetBSD ZFS stack is
comparable to that of FreeBSD 12 (or below), with ZFS filesystem
version "5.3", zpool version "5000" (some feature flags are not
supported). Native ZFS encryption is noticeably missing, though a
zpool may be created within a cgd(4) encrypted disk.
Initial support for ZFS root is available, but neither integrated in
the installer nor in the bootloader.
The NetBSD Logical Volume Manager is based on a BSD reimplementation
of a device-mapper driver and a port of the Linux Logical Volume
Manager tools. It was mostly written during the Google Summer of Code
2008.
The CHFS Flash memory filesystem was imported into NetBSD in November
2011. CHFS is a file system developed at the Department of Software
Engineering, University of Szeged, Hungary, and is the first open
source Flash-specific file system written for NetBSD.
The PUFFS framework, introduced in NetBSD 5.0, is a kernel subsystem
designed for running filesystems in userspace, and provides FUSE
kernel level API compatibility in conjunction with the perfused(8)
userland daemon.
A tmpfs implementation for NetBSD using conventional in-memory data
structures, was first developed by Julio M. Merino Vidal in 2005 as a
GSoC project, and merged the same year in the NetBSD source tree.
Compatibility with other operating systems
============================================
At the source code level, NetBSD is very nearly entirely compliant
with POSIX.1 (IEEE 1003.1-1990) standard and mostly compliant with
POSIX.2 (IEEE 1003.2-1992).
NetBSD provides system call-level binary compatibility on the
appropriate processor architectures with its previous releases, but
also with several other UNIX-derived and UNIX-like operating systems,
including Linux, and other 4.3BSD derivatives like SunOS 4. This
allows NetBSD users to run many applications that are only distributed
in binary form for other operating systems, usually with no
significant loss of performance. Initial support for a Haiku binary
compat layer was published on the netbsd-user mailing list.
A variety of "foreign" disk filesystem formats are also supported in
NetBSD, including ZFS, FAT, NTFS, Linux ext2fs, Apple HFS and OS X
UFS, RISC OS FileCore/ADFS, AmigaOS Fast File System, IRIX EFS,
Version 7 Unix File System, and many more through PUFFS.
WINE can be installed on NetBSD through pkgsrc. Kernel support for
USER_LTD -- required for WoW64 -- was contributed by Maxime Villard in
2017, allowing Win32 applications to be executed on amd64. The amd64
port of wine for NetBSD was completed by Naveen Narayanan as part of
GSoC 2019.
Kernel scripting
==================
Kernel-space scripting with the Lua programming language was added in
NetBSD 7.0. The Lua language (i.e., its interpreter and standard
libraries) was initially ported by Lourival Vieira Neto to the NetBSD
kernel during GSoC 2010 and has undergone several improvements since
then. The Lua (userspace) Test Suite was ported to NetBSD kernel Lua
during GSoC 2015.
There are two main differences between user and kernel space Lua:
kernel Lua does not support floating-point numbers; as such, only Lua
integers are available. It also does not have full support to user
space libraries that rely on the operating system (e.g., 'io' and
'os'). A sample implementation of I/O (file systems and sockets)
bindings for kernel Lua was developed by Guilherme Salazar.
Possible applications of the Lua kernel interpreter include embedding
extensions for the NPF packet fiter, and building an in-kernel
application sandbox based on kauth(9), with sandbox policies provided
as Lua scripts.
Kernel debugging
==================
NetBSD provides a minimalist kernel debugger -- DDB(4) -- which is
invoked by default whenever the kernel would otherwise panic. DDB
allows to inspect processes and threads, investigate deadlocks, get a
stack trace, and generate a kernel crash dump for later analysis.
Strict consistency check is enabled by building the kernel with option
DIAGNOSTIC. This will cause the kernel to panic if corruption of
internal data structures is detected (e.g. kernel NULL pointer
dereference).
NetBSD also supports a variety of in-kernel bug detection facilities,
including code sanitizers (undefined behavior, address, thread, memory
sanitizers), a kernel memory disclosure detection system (KLEAK) and a
kernel diagnostic subsystem named heartbeat(9).
LKMs
======
Loadable kernel modules have been supported on NetBSD since 0.9. The
original lkm(4) interface written by Terry Lambert was replaced by
the new modules(7) subsystem, which supports dependency handling
between modules, and loading of kernel modules on demand.
New modules can only be loaded when securelevel is less than or equal
to zero, or if the kernel was built with options INSECURE, due to
security concerns regarding the lack of memory protection between
modules and the rest of the kernel.
Every kernel module is required to define its metadata through the C
macro MODULE(class, name, required) and to implement a MODNAME_modcmd
function, which the kernel calls to report important module-related
events, like when the module loads or unloads.
Init
======
NetBSD uses a BSD style init.
Support for using an initial ramdisk is available but not enabled by
default, except for specific configurations (e.g. root encryption).
The rc.d(8) framework, designed by Luke Mewburn for NetBSD 1.5,
provides a fully modular service management system, using individual
shell scripts for controlling services, similar to what System V does,
but without runlevels. When '/etc/rc/' is invoked by init(8), it
executes scripts located in the /etc/rc.d directory. The order in
which scripts are executed is determined by the rcorder(8) utility,
based on the requirements stated in the dependency tags found within
each script.
Sensors
=========
NetBSD has featured a native hardware monitoring framework since
1999/2000. In 2003, it served as the inspiration behind the OpenBSD's
sysctl hw.sensors framework when some NetBSD drivers were being ported
to OpenBSD.
, NetBSD had close to 85 device drivers exporting data through the API
of the envsys framework. Since the 2007 revision, serialization of
data between the kernel and userland is done through XML property
lists with the help of NetBSD's proplib(3).
Sound subsystem
=================
The NetBSD audio(4) kernel API, modelled after SunOS sound stack
(SADA), provides at the same time a uniform programming interface
layer above different underlying audio hardware drivers, and a simple
and well-documented backend for different sound libraries (SDL,
PortAudio, Mozilla cubeb) to use.
Applications may interact with the '/dev/audio' device node directly,
using a series of ioctls specified in the 'sys/audioio.h' header file.
Audio device information may be queried with the AUDIO_GETDEV ioctl.
Playing and recording sound implies opening '/dev/audio' for read() /
write() operations and passing a audio_info struct to the kernel. This
results in reduced audio latency and CPU usage compared to using
additional abstraction layers (other sound libraries and/or sound
servers).
The audio stack was reworked in NetBSD 8.0 to provide an in-kernel
software mixing engine, with support for virtual channels; this allows
more than one process to play or record audio at the same time.
A compatibility mode for the OSS API is provided by the 'soundcard.h'
header file and the 'libossaudio' library, which internally operate
using the native Sun-like audio interface.
NetBSD includes built-in MIDI support through the machine-independent
midi(4) system.
Uses
======================================================================
NetBSD's clean design, high performance, scalability, and support for
many architectures has led to its use in embedded devices and
servers, especially in networking applications.
NetBSD has also been noted for its stability and reliability over
time.
A commercial real-time operating system, QNX, uses a network stack
based on NetBSD code, and provides various drivers ported from NetBSD.
Dell Force10 uses NetBSD as the underlying operating system that
powers FTOS (the Force10 Operating System), which is used in high
scalability switch/routers. Force10 also made a donation to the NetBSD
Foundation in 2007 to help further research and the open development
community.
NetBSD was used in NASA's SAMS-II Project of measuring the
microgravity environment on the International Space Station, and for
investigations of TCP for use in satellite networks.
In 2004, SUNET used NetBSD to set the Internet2 Land Speed Record.
NetBSD was chosen "due to the scalability of the TCP code".
NetBSD is also used in Apple's AirPort Extreme and Time Capsule
products, instead of Apple's own OS X (of which most Unix-level
userland code is derived from FreeBSD code but some is derived from
NetBSD code).
Several companies are known to use NetBSD internally:
* Wasabi Systems provides a commercial "Wasabi Certified BSD" product
based on NetBSD with proprietary enterprise features and extensions,
which are focused on embedded, server and storage applications. Wasabi
has a long history of cooperation with the NetBSD project, including
the development of WAPBL and PCI storage devices powered by NetBSD.
* Precedence Technologies offers thin-client software (ThinIT) and
accompanying hardware based on NetBSD.
* Internet Initiative Japan, Inc. (IIJ) sells CPE routers
commercialized as "SEIL", which run a modified version of NetBSD at
their core, and operate through a proprietary network management
system (SMF) also based on NetBSD. The SEIL/X4 has 2x GE ports (WAN,
DMZ), 4x GE L2 switch ports, 2x USB 2.0 ports, and reaches a
throughput of 2Gbps, and VPN rate of up to 2 Gbit/s.
* Moritz Systems, an EU-based IT company specialized in embedded
systems, IoT, edge computing and quality audits, also bases its
products on NetBSD.
* TDI Security, a US company specialized in cybersecurity, offers
portable SAN and VPN solutions (named "pocketSAN" and "pocketVPN"
respectively), designed to be run from a USB thumb-drive or an
embedded device, and built upon a minimalist deployment of NetBSD
installed on flash memory ("polyBSD").
The operating system of the T-Mobile Sidekick LX 2009 smartphone is
based on NetBSD.
The Minix operating system uses a mostly NetBSD userland as well as
its pkgsrc packages infrastructure since version 3.2.
Parts of macOS were originally taken from NetBSD, such as some
userspace command line tools.
Bionic, the C standard library found in Android, incorporates code
from NetBSD libc.
The NPF packet filter has been used in commercial products such as
Outscale and BisonRouter.
NetBSD's own curses implementation is used by Sabotage Linux.
NetBSD has earned popularity among retrocomputing enthusiasts, due to
its lightweight and support for a wide range of hardware
architecures. NetBSD may be used to revive vintage hardware, rainging
from DEC VAXen, to Commodore Amiga and IBM PCs.
Rump kernels have been integrated in other operating systems to
provide additional functionality:
* Genode OS Framework; uses a rump kernel to support various files
systems, both as a standalone FS server ('rump_fs') and as a library
plugin for its modular VFS ('vfs_rump.lib.so').
* GNU Hurd; implements multiple rump kernel deployments to get modern
device drivers, ranging from storage device drivers ('RumpDisk'), to
sound devices drivers ('RumpSound'), and drivers for Ethernet/WLAN
controllers ('RumpNet').
* VMware's Node Replicated Kernel (NRK); uses a rump kernel to provide
a POSIX userspace API (libc, libpthread etc.) used by applications
like memcached, LevelDB and Redis.
The SDF Public Access Unix System, a non-profit public access UNIX
shell provider with the aim to provide remotely accessible computing
facilities, uses NetBSD to power its infrastructure. With a network of
eight 64-bit enterprise class servers running NetBSD, and realising a
combined processing power of over 21.1 GFLOPS (2018), the SDF.org
cluster is considered the largest NetBSD installation in the world,
factually working as a testbed for future NetBSD releases.
Licensing
======================================================================
All of the NetBSD kernel and most of the core userland source code is
released under the terms of the BSD License (two, three, and
four-clause variants). This essentially allows everyone to use,
modify, redistribute or sell it as they wish, as long as they do not
remove the copyright notice and license text (the four-clause variants
also include terms relating to publicity material). Thus, the
development of products based on NetBSD is possible without having to
make modifications to the source code public. In contrast, the GPL,
which does not apply to NetBSD, stipulates that changes to source code
of a product must be released to the product recipient when products
derived from those changes are released.
On 20 June 2008, the NetBSD Foundation announced a transition to the
two clause BSD license, citing concerns with UCB support of clause 3
and industry applicability of clause 4.
NetBSD also includes the GNU development tools and other packages,
which are covered by the GPL and other open source licenses. As with
other BSD projects, NetBSD separates those in its base source tree to
make it easier to remove code that is under more restrictive licenses.
As for packages, the installed software licenses may be controlled by
modifying the list of allowed licenses in the pkgsrc configuration
file (mk.conf).
Releases
======================================================================
The following table lists major NetBSD releases and their notable
features in reverse chronological order. Minor and patch releases are
not included.
Notable features and changes
28 March 2024 * Scheduler aware of non-uniform memory access,
hyperthreading, and ARM big.LITTLE. File path cache replaced with
faster red-black tree. Memory page lookup cache replaced with faster
radix tree. * Hardware support for Apple M1, Raspberry Pi 4, Nintendo
Wii, Asus Tinker Board, Realtek 2.5GBASE-T Ethernet, Intel 40 Gigabit
Ethernet * Updated Direct Rendering Manager (DRM) to Linux 5.6 *
Support for new AArch64 security features: Privileged Access Never,
Pointer Authentication, Branch Target Identification. Support for
Linux binary compatibility on AArch64. * Support for PVH Xen
virtualization, paravirtualization and multiprocessor Dom0 support in
Xen * POSIX.1e access-control lists for the Fast File System,
Filesystem in Userspace API compatibility up to FUSE 3.10, fsck
support for the Universal Disk Format * Compatibility with WireGuard
VPNs, Adiantum disk encryption, Argon2 password hashing, constant time
in-kernel cryptography * Removal of various obsolete and unmaintained
networking components, such as HIPPI, Fiber Distributed Data
Interface, and Token Ring support
14 February 2020 * Support for AArch64 (64-bit ARMv8-A) machines,
including SBSA/SBBR, big.LITTLE, compatibility with 32-bit binaries,
and up to 256 CPUs * Enhanced support for ARMv7-A, including UEFI
bootloader, big.LITTLE, kernel mode setting for Allwinner and other
SoCs, and device tree support * Updated Direct Rendering Manager (DRM)
to Linux 4.4, support for Intel graphics up to and including Kaby Lake
* Hardware accelerated virtualization for QEMU via NVMM (NetBSD
Virtual Machine Monitor) * Improvements in the NPF firewall, updated
ZFS, new and reworked drivers * Support for various new kernel and
userland code sanitizers, and kernel ASLR. Audited network stack. *
Removal of various old and unmaintained components, such as Intel 386
and ISDN support
17 July 2018 * Audio system reworked with an in-kernel mixer * USB
stack reworked with support for USB 3 host controllers and data rates
* PaX ASLR enabled by default on supported architectures * Hardened
memory layout with fewer writable pages and PaX MPROTECT (W^X)
enforced by default on supported architectures * Support for
reproducible builds, and userland built with position-independent code
by default * Meltdown and Spectre vulnerability mitigations for Intel
and AMD CPUs * Added a UEFI bootloader, NVMe driver, nouveau driver
for Nvidia GPUs, support for more ARM boards including the Raspberry
Pi 3
8 October 2015 * Add accelerated support for modern Intel and Radeon
devices on x86 through a port of the Linux 3.15 DRM/KMS code. * Lua
kernel scripting * blacklistd, a daemon that integrates with packet
filters to dynamically protect network daemons from network break-in
attempts. * NPF improvements such as JIT compilation and dynamic
rules. * Multiprocessor ARM support * Support for many new ARM boards:
** Raspberry Pi 2 ** ODROID-C1 ** BeagleBoard, BeagleBone, BeagleBone
Black ** Allwinner A20, A31: (Cubieboard2, Cubietruck, Banana Pi,
etc.) ** Freescale i.MX50, i.MX51: (Kobo Touch, Netwalker) ** Xilinx
Zynq: (Parallella, ZedBoard) * Add support for Lemote Yeeloong
Notebooks.
17 October 2012 * Support for thread-local storage, Logical Volume
Manager functionality * Rewritten disk quota subsystem * New
subsystems to handle flash devices and NAND controllers * An
experimental CHFS file system designed for flash devices * Support for
the Multiprotocol Label Switching protocol. * Introduce NetBSD Packet
Filter (NPF) - a new packet filter, designed with multi-core systems
in mind, which can do TCP/IP traffic filtering, stateful inspection,
and Network Address Translation * SMP support for Xen domU kernels,
initial suspend/resume support for Xen domU, PCI pass-through support
for Xen3, and addition of the balloon driver * Major rework of MIPS
port adding support for Symmetric multiprocessing and 64-bit (O32,
N32, N64 ABIs are supported) processors, DSP v2 ASE extension, various
NetLogic/RMI processor models, Loongson family processors, and new SoC
boards * Improved SMP on PowerPC port and added support for Book E
Freescale MPC85xx (e500 core) processors * ARM has gained support for
Cortex-A8 processors, various new SoCs, and initial support for
Raspberry Pi * To address the year 2038 problem, time t was extended
to 64-bit type on all NetBSD ports. * apropos rewritten to implement
full text search for man pages * Access to driver-internal limit
values added to sysmon_envsys(9), freshly utilized by new drivers like
aibs(4)
29 April 2009 * Rewritten threading subsystem based on a 1:1 model
and rewritten scheduler implementation. * Support for kernel
preemption, POSIX real-time scheduling extensions, processor-sets, and
dynamic CPU sets for thread affinity * Added jemalloc memory
allocator. A metadata journaling for FFS, known as WAPBL (Write Ahead
Physical Block Logging) * Rewritten Loadable kernel module framework,
which will replace old LKMs. Use of X.Org rather than XFree86 by
default for i386 and amd64 ports, and introduction of drm(4)/DRI for
3D hardware acceleration. Preliminary support for using Clang instead
of GCC as the system compiler. * Added support for ASLR in the kernel
and dynamic linker. * Rewritten envsys framework (envsys2); addition
of 8 new Hardware Monitoring sensor drivers; new I2C attachment of the
lm(4) driver; additional hardware support in several sensor drivers
19 December 2007 * Added support for slab allocator, bioctl, iSCSI
target, CARP, tmpfs, Explicit Congestion Notification, Xen 3, the
Kernel Authorization framework, Veriexec and other security
extensions, property list exchange between kernel/userland through
ioctl with proplib(3), and a Bluetooth protocol suite.
23 December 2005 * Support for Xen 2.0 * Support for filesystems
> 2 terabytes added. * Pluggable Authentication Modules added. *
OpenBSD Packet Filter was integrated as an alternative to IPFilter. *
UFS directory hash support.
9 December 2004 * Addition of native POSIX threads and SMP support
on i386 and other platforms. * AMD64 architecture added. * Support for
UFS2 and SMBFS, addition of kqueue.
* Added support for multibyte LC_CTYPE locales.
14 September 2002 * Unified Buffer Cache (UBC) was introduced, which
unifies the filesystem and virtual memory caches of file data. *
Zero-copy support for TCP and UDP transmit path. * Ten new platforms
supported. * New implementation of cross-building ('build.sh')
infrastructure.
6 December 2000 * IPv6 and IPsec were added to the network stack. *
OpenSSL and OpenSSH imported. * New implementation of rc.d system
start-up mechanism. * Start of migration to ELF-format binaries. * A
ktruss utility for kernel tracing was added. * Six new platforms
supported, including sparc64. * Added FFS soft updates and support for
NTFS.
12 May 1999 * UVM, a rewritten virtual memory subsystem, was
introduced. * Added RAIDframe, a software RAID implementation, and
imported IPFilter. * Completion of the integration of all remaining
4.4BSD Lite-2 kernel improvements. * Ports to Power Macintosh and
NeXTcube/station systems added. * Added full USB support.
9 March 1998 * XFree86 source tree was made a supported part of the
distribution. * Support for ISA Plug and Play, PCMCIA, ATAPI and APM
added. * ext2fs and FAT32 filesystems added. * The pkgsrc packages
collection system was introduced.
4 October 1996 * Support for NFSv3, SCSI scanner and medium changer
devices added. * NTP phase-locked loop added in kernel. * Ports for
ARM and Sharp X68k systems added.
26 November 1995 * Ports for DEC Alpha, Atari TT/Falcon030 and
MVME68k systems added. * Binary emulation facility added. * Generic
audio subsystem introduced.
26 October 1994 * The first multi-platform release, supporting the
PC, HP 9000 Series 300, Amiga, 68k Macintosh, Sun-4c series and the
PC532. * The legally encumbered Net/2-derived source code was replaced
with equivalent code from 4.4BSD-lite, in accordance with the USL v
BSDi lawsuit settlement. * Addition of shared libraries and Kerberos
5.
20 August 1993 * Contained many enhancements and bug fixes. * This
was still a PC-platform-only release, although by this time, work was
underway to add support for other architectures. * Support for
loadable kernel modules (LKM).
20 April 1993 * The first official release, derived from 386BSD 0.1
plus the version 0.2.2 unofficial patchkit, with several programs from
the Net/2 release missing from 386BSD re-integrated, and various other
improvements.
Logo
======================================================================
The NetBSD "flag" logo, designed by Grant Bissett, was introduced in
2004 and is an abstraction of the older logo, which was designed by
Shawn Mueller in 1994. Mueller's version was based on the famous World
War II photograph Raising the Flag on Iwo Jima.
The NetBSD Foundation
======================================================================
The NetBSD Foundation is the legal entity that owns the intellectual
property and trademarks associated with NetBSD, and on 22 January
2004, became a 501(c)3 tax-exempt non-profit organization. The members
of the foundation are developers who have CVS commit access. The
NetBSD Foundation has a Board of Directors, elected by the voting of
members for two years.
Hosting
======================================================================
Hosting for the project is provided primarily by Columbia University,
and Western Washington University, fronted by a CDN provided by
Fastly. Mirrors for the project are spread around the world and
provided by volunteers and supporters of the project.
See also
======================================================================
* Berkeley Software Distribution
* BSD licenses
* Comparison of BSD operating systems
* List of BSD operating systems
* Lumina (desktop environment)
* Comparison of operating systems
* Comparison of operating system kernels
License
=========
All content on Gopherpedia comes from Wikipedia, and is licensed under CC-BY-SA
License URL:
http://creativecommons.org/licenses/by-sa/3.0/
Original Article:
http://en.wikipedia.org/wiki/NetBSD
