This is an old revision of the document!
Table of Contents
General information about FreeBSD
README noobs
Tips and tricks
Tuning and tips
https://cooltrainer.org/a-freebsd-desktop-howto/
http://www.packetwatch.net/documents/guides/2008030201.php
Firewalling with OpenBSD's PF packet filter
Building-bsd-home-router-pt-4-installing-pfsense/
comparative-introduction-to-freebsd-for-linux-users
How to clean and rebuild all ports with Portmaster
http://www.wonkity.com/~wblock/docs/html/disksetup.html
The pain of a Realtek (RTL8111/RTL8168) ethernet card
How to Become a FreeBSD Committer
Lecture about FreeBSD
Lecture from Net
FreeBSD: Not a Linux Distro, George Neville-Neil
FreeBSD is not a Linux distribution: Philip Paes
FreeBSD Kernel Internals, Dr. Marshall Kirk McKusick
An Overview of Locking in the FreeBSD Kernel - Kirk McKusick, EuroBSDcon 2012
An Overview of Security in the FreeBSD Kernel, Dr. Marshall Kirk McKusick
A Narrative History of BSD, Dr. Kirk McKusick
Systems, Science and FreeBSD, George Neville-Neil
Convincing a Linux guy to use FreeBSD :-)
The Realities of DTrace on FreeBSD, by George Neville Neil (EuroBSDcon 2017)
Tuning FreeBSD for routing and firewalling, by Olivier Cochard-Labbé (EuroBSDcon 2017)
Brian Kidney: The Realities of DTrace on FreeBSD - BSDCan 2017
What is FreeBSD by Gavin Atkinson
Case Study: Switching from Linux to FreeBSD
Jordan Hubbard - FreeBSD: The Next 10 Years
Rick Reed - WhatsApp: Half a billion unsuspecting FreeBSD users
LFNW 2018: Switching to the BSDs: A crash course in FreeBSD, FreeNAS, TrueOS and OpenBSD
ZFS video
FreeBSD Video ASIANBSDCON 2018
P01A: Institutionalizing FreeBSD Isolated and Virtualized Hosts -- Michael Dexter
P02A: Tuning FreeBSD for routing and firewalling -- Olivier Cochard Labbe
P03A: PC BSD evolves into TrueOS - Kris Moore
P04A: FreeBSD ARM32ARM64 Porting to a new board - Emmanuel Vadot
P05A: Profiling the FreeBSD kernel boot -- Colin Percival
P06A: Role based Access Control in BCHS Web Applications -- Kristaps Dzonsons
P07A: OpenBSD/x-ray: OpenBSD on medical x-ray machines -- Henning Brauer
P08A: Improving netdump hardware support and performance with iflib -- Sam Gwydir
FreeBSD Video ASIANBSDCON 2017
AsiaBSDCon 2017 Opening - Hiroki Sato
P01A: Understandings NFSv4 ACLs - John Hixson
P01B: Bulk building in the many core era - Joerg Sonnenberger
P01C: OpenBSD pf+rdomains create splendid multi tenancy firewalls - Philipp Buehler
General Kernel porting
Boot kernel
Kernel porting tips
https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-ports-on-freebsd-10-1
https://bsdimp.blogspot.cz/2007/10/building-bootable-freebsdi386-images.html
https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201403-asiabsdcon2014-freebsd-smp-boot.pdf
https://www.bsdcan.org/2008/schedule/attachments/49_2008_uboot_freebsd.pdf
http://www.strugglingcoder.info/index.php/category/freebsd/
http://www.isysop.com/unpacking-and-repacking-u-boot-uimage-files/
http://www.isysop.com/unpacking-and-repacking-u-boot-images-part-2/
https://github.com/bitboss-ca/freebsd-arm-tools
http://blog.khubla.com/freebsd/building-u-boot-for-chromebook
http://www.nikoopour.com/2015/03/
Kernel Porting to ARM Board
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-1/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-2/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-3/
FreeBSD Kernel for beringer
Extended firmware interface (Efi)
Making a New Port
Build your own FreeBSD ports and make packages out of them using jails, poudriere and portshaker
Jails
https://clinta.github.io/freebsd-jails-the-hard-way/
https://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/
https://www.cyberciti.biz/faq/how-to-install-and-configure-jails-on-freenas-corral-10/
https://gundersen.net/32bit-jail-on-64bit-freebsd/
https://medium.com/chris-opperwall/quick-jail-updating-in-freebsd-f7c6bb52c6de
https://www.kirkg.us/posts/how-to-configure-a-freebsd-jail-on-a-digital-ocean-droplet/
https://www.cockroachlabs.com/blog/critters-in-a-jar-running-cockroachdb-in-a-freebsd-jail/
https://www.cyberciti.biz/faq/how-to-configure-a-freebsd-jail-with-vnet-and-zfs/
ZFS
Desktop tips
Sound
Steam on FreeBSD
Bitcoin Full Node
Tuning Power Laptops
Optimus on Freebsd - Hot fix
Comment out Nvidia-related parts from your xorg.conf :
... Section "Device" Identifier "Card0" Driver "intel" BusID "PCI:0:2:0" EndSection #Section "Device" # Identifier "Card1" # Driver "nvidia" # BusID "PCI:1:0:0" #EndSection ...
Then add the following bits to rc.conf(5) :
kld_list='i915kms'
NTPD synchronize
ntpdate_enable="YES" ntpdate_hosts="in.pool.ntp.org"
Or manually update time and date
securelevel on 2 then you cannot set time only about second.
ntpdate -b pool.ntp.org sudo service ntpd start
Disable Beep
# sysctl hw.syscons.bell=0
or if you use XFCE
set bell-style none
Change standard shell to fish
You must add line in /etc/shells for example fish shell
/usr/local/bin/fish
Change shell and path your favorite shell
chsh -s /usr/local/bin/fish
Aliases
Paths for shell
If you need PATH for example compiler or some options
# ASAN settings set -x ASAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x ASAN_OPTIONS verbosity=1 set -x ASAN_OPTIONS symbolize=1 set -x ASAN_OPTIONS detect_stack_use_after_scope=1 # UBSAN settings set -x UBSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x UBSAN_OPTIONS verbosity=2 # MSAN set -x MSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x MSAN_OPTIONS fsanitize-memory-track-origins=2 set -x MSAN_OPTIONS verbosity=2 set -x MSAN_OPTIONS symbolize=1
Nano tuning
set constantshow set smooth set autoindent set casesensitive set historylog set morespace syntax "comments" ".*" color blue "^#.*" ## nanorc files include "/usr/local/share/nano/asm.nanorc" include "/usr/local/share/nano/awk.nanorc" include "/usr/local/share/nano/c.nanorc" include "/usr/local/share/nano/cmake.nanorc" include "/usr/local/share/nano/css.nanorc" include "/usr/local/share/nano/debian.nanorc" include "/usr/local/share/nano/fortran.nanorc" include "/usr/local/share/nano/gentoo.nanorc" include "/usr/local/share/nano/groff.nanorc" include "/usr/local/share/nano/html.nanorc" include "/usr/local/share/nano/java.nanorc" include "/usr/local/share/nano/makefile.nanorc" include "/usr/local/share/nano/man.nanorc" include "/usr/local/share/nano/mgp.nanorc" include "/usr/local/share/nano/mutt.nanorc" include "/usr/local/share/nano/nanorc.nanorc" include "/usr/local/share/nano/objc.nanorc" include "/usr/local/share/nano/ocaml.nanorc" include "/usr/local/share/nano/patch.nanorc" include "/usr/local/share/nano/perl.nanorc" include "/usr/local/share/nano/php.nanorc" include "/usr/local/share/nano/pov.nanorc" include "/usr/local/share/nano/python.nanorc" include "/usr/local/share/nano/ruby.nanorc" include "/usr/local/share/nano/sh.nanorc" include "/usr/local/share/nano/tcl.nanorc" include "/usr/local/share/nano/tex.nanorc" include "/usr/local/share/nano/xml.nanorc"
QT Creator - Debugging
I cannot debug C/C++ programs because message “No symbol table is loaded. Use the \”file\“ command” …
Best solution is install devel/gdb with path /usr/local/bin/gdb
Mount
Mount msdosfs
# ls /dev/da* # mount_msdosfs /dev/da0 /media/usb
ReMount /etc/fstab
mount -av
Mount ext2/ext3/ext4
Fuse-ext2 mounts an ext2/ext3/ext4 partition or image file
For control kernels fuse modules is command:
kldstat
If you don't have fuse.ko module in the kernel you use this command
kldload fuse
Then mount your partition
fuse-ext2 /dev/your_partition /media/
Mount NTFS
For mounting ntfs file system you must kernel module loaded.
For control kernels fuse modules is command:
kldstat
and load FUSE kernel module:
kldload fuse
and then you can mount ntfs filesystem.
# ls /dev/da* # ntfs-3g /dev/your_partition /mnt/
Automounting Removable Media
Uncomment in config file in /etc/auto_master
/media -media -nosuid
Add lines to /etc/devd.conf
notify 100 { match "system" "GEOM"; match "subsystem" "DEV"; action "/usr/sbin/automount -c"; };
Reload service
service automount reload service devd restart
and added configuration /etc/rc.conf
autofs_enable="YES"
Ports
Portmaster
portmaster -L - Check all update for ports portmaster -a - Upgrade ports portmaster -af - Rebuild of installed application
Build ports with Poudriere
Create it ports tree for poudriere
poudriere ports -c
Configure poudriere, file system, ram, etc…
/usr/local/etc/poudriere.conf
List port tree
poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH default portsnap 2019-07-10 21:47:49 /usr/local/poudriere/ports/default
Create it jail for build and the target system
poudriere jail -c -j freebsd_11-2x64 -v 11.2-RELEASE -a amd64
List the jails
sudo poudriere jail -l JAILNAME VERSION ARCH METHOD TIMESTAMP PATH freebsd_11-2x64 11.2-RELEASE-p11 amd64 ftp 2019-07-10 20:48:07 /usr/local/poudriere/jails/freebsd_11-2x64
Copy your port files to /usr/local/poudriere/default/ and then build it port for example
sudo poudriere testport -o lang/halide -j freebsd_11-2x64
Debug ports
Just put the following line to /etc/make.conf. Then recompile port with debug symbol.
WITH_DEBUG= yes
more information in
/usr/ports/Mk/bsd.port.mk
Debug Makefile ports
Debug makefile for your port
make -d A
Compiling programs
Simple setup
How to fast setup MYSQL Database
The first step is the installation
sudo pkg install mysql56-server
next step is enable in /etc/rc.conf
sudo sysrc mysql_enable=yes
Remember to run mysql_upgrade the first time you start the MySQL server after an upgrade from an earlier version.
Now start MYSQL Server
sudo service mysql-server start
then set database
sudo mysql_secure_installation
Jails
Simple script for create jail on zfs filesystem
#!/bin/sh ######################################################################## # Donwload amd64 base, ports tree FreeBSD OS # and unpack base OS to your jail folder ######################################################################## set +x name_jail="freebsd11_2" arch_jail="amd64" version_jail="11.2-RELEASE" # Create new zfs dataset for jail - only once #zfs create -o mountpoint=/usr/local/jails zroot/jails # Create jail folder zfs create zroot/jails/$name_jail rm /tmp/base.txz rm /tmp/ports.txz echo "Fetching package from FreeBSD server ..." fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/base.txz -o /tmp/base.txz fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/ports.txz -o /tmp/ports.txz mkdir -p /usr/local/jails/$name_jail echo "Unpacking Freebsd base OS ..." tar -xf /tmp/base.txz -C /usr/local/jails/$name_jail tar -xf /tmp/ports.txz -C /usr/local/jails/$name_jail cp /etc/resolv.conf /usr/local/jails/$name_jail/etc
#!/bin/sh ######################################################################## # Donwload i386 base, ports tree FreeBSD OS # and unpack base OS to your jail folder ######################################################################## set +x name_jail="freebsd386" arch_jail="i386" version_jail="11.2-RELEASE" # Create new zfs dataset for jail - only once #zfs create -o mountpoint=/usr/local/jails zroot/jails # Create jail folder zfs create zroot/jails/$name_jail rm /tmp/base.txz rm /tmp/ports.txz echo "Fetching package from FreeBSD server ..." fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/base.txz -o /tmp/base.txz fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/$arch_jail/$version_jail/ports.txz -o /tmp/ports.txz mkdir -p /usr/local/jails/$name_jail echo "Unpacking Freebsd base OS ..." tar -xf /tmp/base.txz -C /usr/local/jails/$name_jail tar -xf /tmp/ports.txz -C /usr/local/jails/$name_jail cp /etc/resolv.conf /usr/local/jails/$name_jail/etc echo "Done"
/etc/jail.conf
# /etc/jail.conf # Global settings applied to all jails. exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; allow.raw_sockets; # The jail definition for freebsd386 freebsd386 { host.hostname = "freebsd386.domain.local"; path = "/usr/local/jails/freebsd386"; interface = "lagg0"; ip4.addr = 10.0.2.15; }
Packet forwarding
/etc/pf.conf
# /etc/pf.conf #Define the interfaces ext_if = "em0" int_if = "lagg0" jail_net = $int_if:network #Define the NAT for the jails nat on $ext_if from $jail_net to any -> ($ext_if)
Run jail
bsd@ ~> sudo jail -c freebsd386 bsd@ ~> jls bsd@ ~> sudo jail -m jid=1 (number of jail)
ZFS
Mount ZFS
zpool import
For control command mount.
Mount ZFS from Live CD
zpool import -fR /media zroot
Tuning zfs on i386
If you will have i386 OS you must set wm.kmem_size=“512M” and vm.kmem_size_max=“” is minimal value.
This is little tunables more information on http://www.freebsd.cz/doc/handbook/zfs-advanced.html
vfs.zfs.prefetch_disable=0 vm.kmem_size="512M" vm.kmem_size_max="768M" vfs.zfs.arc_max="40M" vfs.zfs.vdev.cache.size="5M"
Resize partition
We added space for virtual disk (VirtualBox, or other) but we have disk CORRUPT
lol@ ~/> gpart show ada0 => 40 41942960 ada0 GPT (39G) [CORRUPT] 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 2008 - free - (1.0M)
Fix is easy :
gpart recover ada0
Now we need resize partion 3.
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G)
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 17.9G 17.3G 621M - 76% 96% 1.00x ONLINE -
For device is Busy , we have set this value:
lol@ ~/> sysctl kern.geom.debugflags=16 kern.geom.debugflags: 0 -> 16
Now resize partition number 3
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G) lol@ ~/> sudo gpart resize -i 3 ada0 ada0p3 resized lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 77723608 3 freebsd-zfs (37G)
Last step with zfs pool:
lol@ ~/> sudo zpool set autoexpand=on zroot lol@ ~/> sudo zpool online -e zroot ada0p3 ada0p3
Control space in zpool.Size of zroot is right.
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 37G 17.3G 19.7G - 36% 46% 1.00x ONLINE -
lol@ ~/Desktop> sudo sysctl kern.geom.debugflags=0 kern.geom.debugflags: 16 -> 0
Virtualbox
Virtuabox in FreeBSD
Added line with kernel module to /boot/loader.conf
vboxdrv_load="YES"
Added line for bridged or host-only networking to /etc/rc.conf
vboxnet_enable="YES"
Added to group
pw groupmod vboxusers -m yourusername chown root:vboxusers /dev/vboxnetctl chmod 0660 /dev/vboxnetctl
Permanent permisions added lines to /etc/devfs.conf
own vboxnetctl root:vboxusers perm vboxnetctl 0660
FreeBSD as guest Virtualbox
Write to /etc/rc.conf
vboxguest_enable="YES" vboxservice_enable="YES"
Wifi and FreeBSD
How to setup WIFI card
pciconf -l - look for if see wifi hardware sudo ifconfig wlan0 create wlandev wpi0 sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
How to setup USB WIFI
Add kernel module to /boot/loader.conf
# Kernel module for wifi if_ath_load="YES" if_iw_load="YES" # Next wifi kernel modules wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES"
Add to configure /etc/rc.conf this lines. Configure you wifi device.
wlans_run0="wlan0" create_args_wlan0="wlanmode sta country CZ indoor"
Look to your hardware if you have drivers.
# Look for if see wifi hardware (wpi, run0) pciconf -l # Create a device with name wlan0 sudo ifconfig wlan0 create wlandev wpi0 # Create wpa_supplicant configure file with ssid network sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf # Scan your wifi networks ifconfig wlan0 up scan SSID/MESH ID BSSID CHAN RATE S:N INT CAPS lol 00:13:46:49:41:76 11 54M -90:96 100 EPS WPA WME trololo 00:11:95:c3:0d:ac 1 54M -83:96 100 EPS WPA # IP address from DHCP server sudo dhclient wlan0
GELI
Install CD -> Partition -> Shell gpart create -s gpt vtbd0 gpart add -t freebsd-boot -s 512k -a 4k vtbd0 gpart add -t freebsd-ufs -a 1M vtbd0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 vtbd0 geli init -b -g vtbd0p2 geli attach vtbd0p2 newfs -j /dev/vtbd0p2.eli mount /dev/vtbd0p2.eli /mnt - /tmp/bsdinstall_etc/fstab /dev/vtbd0p2.eli / ufs rw,noatime 1 1 - /tmp/bsdinstall_boot/loader.conf geom_eli_load="YES" exit (installer will continue) Change /dev/vtbd0p2.eli to gptid/rawuuid (gpart list): /dev/gptid/015ceb9a-90a4-11e6-b8fc-1392a9ed1847 / ufs rw,noatime 1 1
FreeBSD Kernel
Source code FreeBSD kernel
sudo pkg install subversion sudo svn checkout https://svn0.us-east.FreeBSD.org/base/stable/you_version_system /usr/src svn up /usr/src
Profiling and debugging kernel
Performance observality tools
Kernel module
Simple kernel module. https://github.com/Martinfx/FreeBSD-Kernel-module
FreeBSD Security
Security on FreeBSD
To check the status of the securelevel on a running system: Add to /etc/sysctl.conf
kern.securelevel=2 security.bsd.see_other_uids=0 security.bsd.stack_guard_page=1 net.inet.ip.random_id=1
Enabling and Utilizing Process Accounting
Tracking information such as CPU statistics and executed commands.
touch /var/account/acct chmod 600 /var/account/acct accton /var/account/acct echo 'accounting_enable="YES"' >> /etc/rc.conf
ACPI
IBM ACPI
If you use notebooks, is better enable acpi driver in /boot/loader.conf For IBM notebooks is command:
acpi_ibm_load="YES"
HP ACPI
If you use notebooks, is better enable acpi driver in /boot/loader.conf For HP notebooks is command:
acpi_hp_load="YES"
Linux® Binary Compatibility
# kldload linux # kldload linux64 # kldstat - you can look for modules 1 72 0xffffffff80200000 1fa7c38 kernel 2 1 0xffffffff821a9000 30aec0 zfs.ko 3 2 0xffffffff824b4000 adc0 opensolaris.ko ... 23 1 0xffffffff827bc000 389f4 linux64.ko and add line to /etc/rc.conf: linux_enable="YES"
Troubleshooting with FreeBSD
SSH
Too many authentication failures
If You are not able to authenticate via ssh and message “Too many authentication failures” is logged in /var/log/auth.log you probably have more than 2 keys loaded in your ssh agent that are failing to authenticate. To solve this unload keys you are not using from ssh agent (ssh-add -d path/ ssh-add -D), use ssh -i path_to_key or create an appropriate section in your ~/.ssh/config with IdentityFile.
BOOT on FreeBSD
Fatal double fault FreeBSD 10.3 - i386 , FreeBSD 11 - i386
The fatal double fault is a problem on FreeBSD - i386 with ZFS file system.
As described in /usr/src/UPDATING entry 20121223, rebuilding the kernel with options KSTACK_PAGES=4 has been observed to resolve the boot-time crash. This, however, is not an ideal solution for inclusion in the GENERIC kernel configuration, as increasing KSTACK_PAGES implicitly decreases available usermode threads in an environment that is already resource-starved.
You must do this steps for new kernel:
# mkdir -p /usr/src # svnlite co svn://svn.freebsd.org/base/releng/10.2 /usr/src # make -C /usr/src kernel-toolchain # printf "include GENERIC\noptions KSTACK_PAGES=4\n" > /usr/src/sys/i386/conf/ZFS # make -C /usr/src buildkernel KERNCONF=ZFS # make -C /usr/src installkernel KERNCONF=ZFS
For FreeBSD 10.3 - More information on page https://www.freebsd.org/releases/10.3R/errata.html For FreeBSD 11.0 - More information on page https://www.freebsd.org/releases/11.0R/errata.html
How to boot from live CD
If is a problem with boot on FreeBSD and cannot run the system. Back to FreeBSD menu and choose option 3. ( Escape to loader prompt ) For help in command line is command help or ? (list of commands ) help set are options for the command set
For boot from CD is commnad
set boot_cdrom (for mount filesystem) boot
Look for a mounted filesystem with command mount.If you haven't zfs filesystem mounted you must run command and connect zpool :
zpool import -f zroot
How to mount disk with geli from live CD
Boot live system …
geli attach /dev/ada0p3 password:
The command mount only part of filesystem. For example /usr; /tmp; /var; but not /boot
zpool import -f /mnt zroot
The command mount /boot etc..
zfs mount zroot/ROOT/default