Kurt Lidl's BSD/OS Hacking Page

Welcome to Kurt Lidl's BSD/OS Hacking Page

Ultimately, this page will talk about some of the things that have been done with BSD/OS for my former employer.

Hmmm, where does one start with a description of all the cool things that we've done over the years with the BSD/OS operating system?

mping

The first real project that I remember running on BSD/OS (it was called BSD/386 way back then), was a high-performance network monitoring tool that used ICMP packets (see ping(1)) to track a list of IP addresses for reachability. This was no simple replacement for the traditional wrapper script that calls ping in a loop. It's one of the best engineered pieces of software that I have ever seen, and it is still in use today. I'm proud to say that I got to participate in the design of the program, even though didn't have a chance to actually work on the code at all. This code was first written and debugged in 1993, under BSD/OS v0.9.4.

Shell Accounts?

In 1994, a research project was started, to investigate whether UNIX shell accounts were something that ought to be sold. To support such an environment, a cold, hard, calculated examination of the distributed services that were needed for configuration management and so forth was performed. Work was done to automate a great many of the tasks that a successful shell account service would need to provide. We did all the original design work for the shell account system on BSD/OS v1.0, and quickly moved to BSD/OS v1.1. One of the coolest things that came out of this entire project was the relational database design needed to run shell accounts and attach arbitrary services to them. Ultimately, the decision to cater to the needs of businesses and the reliable services that businesses required, dictated that the shell account system not be deployed.

Enter the WWW

Conveinently, just as the momentum behind shell accounts was dying, there was a tremendous surge in interest from business customers to have a web server hosting product. Never being one to shy away from an opportunity, we led the effort to develop a web hosting product. We were able to recycle almost all of the infrastructure work for the shell accounts into the web hosting product. This product was first rolled out under BSD/OS v2.0, quickly upgraded to BSD/OS v2.1.

One of the things that allowed our WWW hosting environment to be so successful was the integration of an excellent FDDI driver into the BSD/OS kernel. Rather than attempt to keep up with the best ethernet card du jour, we were able to standardize on the DEC FDDI card and are still using those interface cards to this day. Once you have something that works, you don't necessarily need to change it, just for the sake of change.

Bandwidth limiting, anyone?

One of the coolest things that got put into BSD/OS at my previous job was a kernel facility for doing rate limiting of IP packets. This allowed for a per IP address setting as to the amount of bandwidth that a customer was allowed to consume. This enforces the fair allocation of bandwidth resources on a customer by customer basis, according to the service class to which the customer is subscribed. BSD/OS has a facility much like this under beta test in the BSD/OS 4.0 release, IPRF (IP Rate Filtering). The IPRF extensions to the kernel were finally publically incorporated into the BSD/OS 4.1 release. The BSD/OS solution is more flexible than the rate limiter that what was originally implemented, but my previous employer has had one in operation since 1995. They switched to the BSD/OS provided rate limiter when the machines were upgraded to BSD/OS v4.0.

Another interesting thing that we hacked into the kernel during this period of time was a modification to turn off the last access time in the inode for a file. My previous employer was running INN on BSD/OS at the time for some of the news machines, and we found large performance win in making this (minor) kernel change. A more sophisticated version of this change later appeared in the BSD/OS v3.0 release, as a mount flag/option, noaccesstime. It's really phenomenally useful on a news spool partition.

Other virtual services

We added other virtual hosting services to the BSD/OS web hosting platform -- virtual FTP hosting service, virtual RADIUS server hosting, and virtual TFTP hosting. All these were developed, debugged and run under BSD/OS. Currently these services run under BSD/OS v4.0.1, but an effort is underway to rebuild all our software on the BSD/OS 4.1 release.

IPFW for fun and profit

One of the things that was used extensively in the BSD/OS v3.1 release (as part of the beta test program) and also as part of the BSD/OS v4.0 release, is the excellent IPFW addition to kernel. This is a highly configurable packet matching and filtering language that is easy to write and easy to insert into the kernel in a variety of interesting filtering locations.

One of the intensely cool features of IPFW is that it allows packets matching a given BPF filter to be passed up a kernel socket to a user process. If the logic needed to process a given packet is too policy specific to drop into the BPF commands in the kernel, or requires data that would be too hard to maintain in the kernel, a user-level process can do additional processing on the packet before resending it, or causing some other action to be performed.

While I can't talk about the specific applications that we built with the IPFW facilities, I can say that I'm deeply impressed with how well it works on a day to day basis. Our applications have passed TERABYTES of data through these filters, and they just run, and run, and run.

That's about it for now, I'll come back and add some more things to this list later.

This page has been accessed (counter)

times since this counter was last reset (July, 2000).

Kurt J. Lidl
lidl at pix dot net
Last Updated: $Date: 2007/12/07 03:22:02 $