Welcome to Kurt Lidl's BSD/OS Hacking Page
Ultimately, this page will talk about some of the things that
have been done with BSD/OS for my former employer.
Hmmm, where does one start with a description of all the cool
things that we've done over the years with the BSD/OS operating
The first real project that I remember running on BSD/OS (it
was called BSD/386 way back then), was a high-performance
network monitoring tool that used ICMP packets (see ping(1)) to
track a list of IP addresses for reachability. This was no
simple replacement for the traditional wrapper script that
calls ping in a loop. It's one of the best engineered pieces of
software that I have ever seen, and it is
still in use today. I'm proud to say that I got to participate
in the design of the program, even though didn't have a chance
to actually work on the code at all. This code was first
written and debugged in 1993, under BSD/OS v0.9.4.
In 1994, a research project was started, to investigate whether
UNIX shell accounts were something that ought to be sold. To
support such an environment, a cold, hard, calculated
examination of the distributed services that were needed for
configuration management and so forth was performed. Work was
done to automate a great many of the tasks that a successful
shell account service would need to provide. We did all the
original design work for the shell account system on BSD/OS
v1.0, and quickly moved to BSD/OS v1.1. One of the coolest
things that came out of this entire project was the relational
database design needed to run shell accounts and attach
arbitrary services to them. Ultimately, the decision to cater
to the needs of businesses and the reliable services that
businesses required, dictated that the shell account system not
Enter the WWW
Conveinently, just as the momentum behind shell accounts was
dying, there was a tremendous surge in interest from business
customers to have a web server hosting product. Never being one
to shy away from an opportunity, we led the effort to develop a
web hosting product. We were able to recycle almost all of the
infrastructure work for the shell accounts into the web hosting
product. This product was first rolled out under BSD/OS v2.0,
quickly upgraded to BSD/OS v2.1.
One of the things that allowed our WWW hosting environment
to be so successful was the integration of an excellent FDDI
driver into the BSD/OS kernel. Rather than attempt to keep up
with the best ethernet card du jour, we were able to
standardize on the DEC FDDI card and are still using those
interface cards to this day. Once you have something that
works, you don't necessarily need to change it, just for the
sake of change.
Bandwidth limiting, anyone?
One of the coolest things that got put into BSD/OS at my
previous job was a kernel facility for doing rate limiting of
IP packets. This allowed for a per IP address setting as to the
amount of bandwidth that a customer was allowed to consume.
This enforces the fair allocation of bandwidth resources on a
customer by customer basis, according to the service class to
which the customer is subscribed. BSD/OS has a facility much
like this under beta test in the BSD/OS 4.0 release,
IPRF (IP Rate Filtering). The
extensions to the kernel were finally publically incorporated
into the BSD/OS 4.1 release. The BSD/OS solution is more
flexible than the rate limiter that what was originally
implemented, but my previous employer has had one in operation
since 1995. They switched to the BSD/OS provided rate limiter
when the machines were upgraded to BSD/OS v4.0.
Another interesting thing that we hacked into the kernel
during this period of time was a modification to turn off the
last access time in the inode for a file. My previous employer
INN on BSD/OS at the time for some of
the news machines, and we found large performance win in making
this (minor) kernel change. A more sophisticated version of
this change later appeared in the BSD/OS v3.0 release, as a
noaccesstime. It's really
phenomenally useful on a news spool partition.
Other virtual services
We added other virtual hosting services to the BSD/OS web
hosting platform -- virtual FTP hosting service, virtual RADIUS
server hosting, and virtual TFTP hosting. All these were
developed, debugged and run under BSD/OS. Currently these
services run under BSD/OS v4.0.1, but an effort is underway to
rebuild all our software on the BSD/OS 4.1 release.
IPFW for fun and profit
One of the things that was used extensively in the BSD/OS v3.1
release (as part of the beta test program) and also as part of
the BSD/OS v4.0 release, is the excellent
addition to kernel. This is a highly configurable packet
matching and filtering language that is easy to write and easy
to insert into the kernel in a variety of interesting filtering
One of the intensely cool features of IPFW is that it allows
packets matching a given
BPF filter to be passed
up a kernel socket to a user process. If the logic needed to
process a given packet is too policy specific to drop into the
BPF commands in the kernel, or requires data that would be too
hard to maintain in the kernel, a user-level process can do
additional processing on the packet before resending it, or
causing some other action to be performed.
While I can't talk about the specific applications that we
built with the
IPFW facilities, I can say that I'm
deeply impressed with how well it works on a day to day basis.
Our applications have passed TERABYTES of data through
these filters, and they just run, and run, and run.
That's about it for now, I'll come back and add some more
things to this list later.
This page has been accessed times since this counter was last reset
Kurt J. Lidl
lidl at pix dot net
Last Updated: $Date: 2007/12/07 03:22:02 $