This is an old revision of the document!
Table of Contents
Fundamentals of FreeBSD
Getting Started with FreeBSD
Why you should migrate everything from Linux to BSD Technical reasons to choose freebsd over linux Getting Started with FreeBSD BSD Tree
The Kernel Boot Process
The Kernel
64-bit U-Boot on Raspberry Pi 3
Interfacing FreeBSD with U-Boot
Building bootable FreeBSD/i386 images
How FreeBSD Boots: a soft-core MIPS perspective
http://www.isysop.com/unpacking-and-repacking-u-boot-uimage-files/
http://www.isysop.com/unpacking-and-repacking-u-boot-images-part-2/
https://github.com/bitboss-ca/freebsd-arm-tools
https://raybsd.blogspot.cz/2012/12/
http://distkeys.com/blog/2014/08/03/inside-freebsd/
https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-ports-on-freebsd-10-1
FreeBSD Kernel Porting Guide
Do you like backdoors ?
https://elkamika.blogspot.com/2019/09/freebsd-kernel-icmp-backdoor-part-3.html
https://elkamika.blogspot.com/2019/09/freebsd-kernel-stack-unrolling-and-safe.html
Kernel Porting to ARM Board
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-1/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-2/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-3/
NetBooting ARM/MIPS
Kernel Debug, BackTrace
https://backtrace.io/blog/backtrace/improving-freebsd-kernel-debugging/
https://gist.github.com/bijanebrahimi/f2eb0c620d81aa6234e121a0ddd88cc2
https://forums.freebsd.org/threads/ctl-alt-esc-not-taking-me-to-kernel-debugger.40111/
https://riptutorial.com/freebsd/example/23734/download-the-latest-source-code
https://elkamika.blogspot.com/2019/06/freebsd-kernel-remote-debugging-part1.html?m=1
https://blog.hostileadmin.com/2012/09/25/so-you-want-a-freebsd-debugging-kernel/
Extended firmware interface (Efi)
Internal Talks
FreeBSD Kernel Internals, Dr. Marshall Kirk McKusick
An Overview of Locking in the FreeBSD Kernel - Kirk McKusick, EuroBSDcon 2012
An Overview of Security in the FreeBSD Kernel, Dr. Marshall Kirk McKusick
A Narrative History of BSD, Dr. Kirk McKusick
Systems, Science and FreeBSD, George Neville-Neil
The Realities of DTrace on FreeBSD, by George Neville Neil (EuroBSDcon 2017)
Tuning FreeBSD for routing and firewalling, by Olivier Cochard-Labbé (EuroBSDcon 2017)
Brian Kidney: The Realities of DTrace on FreeBSD - BSDCan 2017
An introduction to the implementation of ZFS by Kirk McKusick
FreeBSD is not a Linux distribution
FreeBSD: Not a Linux Distro, George Neville-Neil
FreeBSD is not a Linux distribution: Philip Paes
Convincing a Linux guy to use FreeBSD :-)
What is FreeBSD by Gavin Atkinson
Case Study: Switching from Linux to FreeBSD
Jordan Hubbard - FreeBSD: The Next 10 Years
Rick Reed - WhatsApp: Half a billion unsuspecting FreeBSD users
Michael W. Lucas talks FreeBSD
NYLUG Presents: George Neville-Neil on FreeBSD and Linux, a comparative analysis (Feb 19, 2014)
LFNW 2018: Switching to the BSDs: A crash course in FreeBSD, FreeNAS, TrueOS and OpenBSD
George Neville-Neil, Security Fantasies and Realities for the BSDs
FreeBSD BSDCons
FreeBSD ASIANBSDCON 2018
P01A: Institutionalizing FreeBSD Isolated and Virtualized Hosts -- Michael Dexter
P02A: Tuning FreeBSD for routing and firewalling -- Olivier Cochard Labbe
P03A: PC BSD evolves into TrueOS - Kris Moore
P04A: FreeBSD ARM32ARM64 Porting to a new board - Emmanuel Vadot
P05A: Profiling the FreeBSD kernel boot -- Colin Percival
P06A: Role based Access Control in BCHS Web Applications -- Kristaps Dzonsons
P07A: OpenBSD/x-ray: OpenBSD on medical x-ray machines -- Henning Brauer
P08A: Improving netdump hardware support and performance with iflib -- Sam Gwydir
FreeBSD ASIANBSDCON 2017
AsiaBSDCon 2017 Opening - Hiroki Sato
P01A: Understandings NFSv4 ACLs - John Hixson
P01B: Bulk building in the many core era - Joerg Sonnenberger
P01C: OpenBSD pf+rdomains create splendid multi tenancy firewalls - Philipp Buehler
Tweaking a Running Kernel
Tuning tips
https://cooltrainer.org/a-freebsd-desktop-howto/
http://www.packetwatch.net/documents/guides/2008030201.php
Firewalling with OpenBSD's PF packet filter
Building-bsd-home-router-pt-4-installing-pfsense/
comparative-introduction-to-freebsd-for-linux-users
How to clean and rebuild all ports with Portmaster
http://www.wonkity.com/~wblock/docs/html/disksetup.html
The pain of a Realtek (RTL8111/RTL8168) ethernet card
FreeBSD Broadcom Wi-Fi
Linux® emulation in FreeBSD
How to Become a FreeBSD Committer
Bios
Bhyve Hypervisor
Build ports
Reference
* Creating a FreeBSD Port Patch
* Build your own FreeBSD ports and make packages out of them using jails, poudriere and portshaker
Portmaster
portmaster -L - Check all update for ports portmaster -a - Upgrade ports portmaster -af - Rebuild of installed application
Build ports with Poudriere
Create it ports tree for poudriere
poudriere ports -c
Configure poudriere, file system, ram, etc…
/usr/local/etc/poudriere.conf
List port tree
poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH default portsnap 2019-07-10 21:47:49 /usr/local/poudriere/ports/default
Create it jail for build and the target system
poudriere jail -c -j freebsd_11-2x64 -v 11.2-RELEASE -a amd64
List the jails
sudo poudriere jail -l JAILNAME VERSION ARCH METHOD TIMESTAMP PATH freebsd_11-2x64 11.2-RELEASE-p11 amd64 ftp 2019-07-10 20:48:07 /usr/local/poudriere/jails/freebsd_11-2x64
Copy your port files to /usr/local/poudriere/default/ and then build it port for example
sudo poudriere testport -o lang/halide -j freebsd_11-2x64
Debug ports
Just put the following line to /etc/make.conf. Then recompile port with debug symbol.
WITH_DEBUG= yes
more information in
/usr/ports/Mk/bsd.port.mk
Debug Makefile
Debug makefile for your port
make -d A
Desktop tips
FoldingHome on FreeBSD
Steam on FreeBSD
Bitcoin Full Node
Tuning Power Laptops
Optimus on Freebsd - Hot fix
Comment out Nvidia-related parts from your xorg.conf :
... Section "Device" Identifier "Card0" Driver "intel" BusID "PCI:0:2:0" EndSection #Section "Device" # Identifier "Card1" # Driver "nvidia" # BusID "PCI:1:0:0" #EndSection ...
Then add the following bits to rc.conf(5) :
kld_list='i915kms'
NTPD synchronize
ntpdate_enable="YES" ntpdate_hosts="in.pool.ntp.org"
Or manually update time and date
securelevel on 2 then you cannot set time only about second.
ntpdate -b pool.ntp.org sudo service ntpd start
Disable Beep
# sysctl hw.syscons.bell=0
or if you use XFCE
set bell-style none
Change standard shell to fish
You must add line in /etc/shells for example fish shell
/usr/local/bin/fish
Change shell and path your favorite shell
chsh -s /usr/local/bin/fish
Paths for shell
If you need PATH for example compiler or some options
# ASAN settings set -x ASAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x ASAN_OPTIONS verbosity=1 set -x ASAN_OPTIONS symbolize=1 set -x ASAN_OPTIONS detect_stack_use_after_scope=1 # UBSAN settings set -x UBSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x UBSAN_OPTIONS verbosity=2 # MSAN set -x MSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x MSAN_OPTIONS fsanitize-memory-track-origins=2 set -x MSAN_OPTIONS verbosity=2 set -x MSAN_OPTIONS symbolize=1
Nano tuning
set constantshow set smooth set autoindent set casesensitive set historylog set morespace syntax "comments" ".*" color blue "^#.*" ## nanorc files include "/usr/local/share/nano/asm.nanorc" include "/usr/local/share/nano/awk.nanorc" include "/usr/local/share/nano/c.nanorc" include "/usr/local/share/nano/cmake.nanorc" include "/usr/local/share/nano/css.nanorc" include "/usr/local/share/nano/debian.nanorc" include "/usr/local/share/nano/fortran.nanorc" include "/usr/local/share/nano/gentoo.nanorc" include "/usr/local/share/nano/groff.nanorc" include "/usr/local/share/nano/html.nanorc" include "/usr/local/share/nano/java.nanorc" include "/usr/local/share/nano/makefile.nanorc" include "/usr/local/share/nano/man.nanorc" include "/usr/local/share/nano/mgp.nanorc" include "/usr/local/share/nano/mutt.nanorc" include "/usr/local/share/nano/nanorc.nanorc" include "/usr/local/share/nano/objc.nanorc" include "/usr/local/share/nano/ocaml.nanorc" include "/usr/local/share/nano/patch.nanorc" include "/usr/local/share/nano/perl.nanorc" include "/usr/local/share/nano/php.nanorc" include "/usr/local/share/nano/pov.nanorc" include "/usr/local/share/nano/python.nanorc" include "/usr/local/share/nano/ruby.nanorc" include "/usr/local/share/nano/sh.nanorc" include "/usr/local/share/nano/tcl.nanorc" include "/usr/local/share/nano/tex.nanorc" include "/usr/local/share/nano/xml.nanorc"
QT Creator - Debugging
I cannot debug C/C++ programs because message “No symbol table is loaded. Use the \”file\“ command” …
Best solution is install devel/gdb with path /usr/local/bin/gdb
Touchpad
Touchpad reference
https://forums.freebsd.org/threads/how-to-use-synaptics-driver-for-better-touchpad-features.54872/
http://freebsd.1045724.x6.nabble.com/Glidepoint-Scrolling-td4084250.html
https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/x.html#idp59892168
https://forums.freebsd.org/threads/synaptics-touchpad-on-dell-inspiron-5150.19707/
http://kenbsd.blogspot.com/2015/12/setting-up-horizontal-scroll-on-freebsd.html
https://www.reddit.com/r/freebsd/comments/7o2v62/your_xorgconfd_touchpad_configuration/
https://forums.freebsd.org/threads/synaptics-touchpad-right-key-on-r60.10125/
https://forums.freebsd.org/threads/solved-mouse-pointer-wont-move-for-acer-laptop-touchpad.37329/
https://lists.freebsd.org/pipermail/freebsd-x11/2009-July/008638.html
https://forums.freebsd.org/threads/synaptics-driver-not-loading-elantech-touchpad.59207/#post-339241
Mount
Mount msdosfs
# ls /dev/da* # mount_msdosfs /dev/da0 /media/usb
ReMount /etc/fstab
mount -av
Mount ext2/ext3/ext4
Fuse-ext2 mounts an ext2/ext3/ext4 partition or image file
For control kernels fuse modules is command:
kldstat
If you don't have fuse.ko module in the kernel you use this command
kldload fuse
Then mount your partition
fuse-ext2 /dev/your_partition /media/
Mount NTFS
For mounting ntfs file system you must kernel module loaded.
For control kernels fuse modules is command:
kldstat
and load FUSE kernel module:
kldload fuse
and then you can mount ntfs filesystem.
# ls /dev/da* # ntfs-3g /dev/your_partition /mnt/
Automounting Removable Media
Uncomment in config file in /etc/auto_master
/media -media -nosuid
Add lines to /etc/devd.conf
notify 100 { match "system" "GEOM"; match "subsystem" "DEV"; action "/usr/sbin/automount -c"; };
Reload service
service automount reload service devd restart
and added configuration /etc/rc.conf
autofs_enable="YES"
Introduction ZFS
Mount ZFS
zpool import
For control command mount.
Mount ZFS from Live CD
zpool import -fR /media zroot
Tuning zfs on i386
If you will have i386 OS you must set wm.kmem_size=“512M” and vm.kmem_size_max=“” is minimal value.
This is little tunables more information on http://www.freebsd.cz/doc/handbook/zfs-advanced.html
vfs.zfs.prefetch_disable=0 vm.kmem_size="512M" vm.kmem_size_max="768M" vfs.zfs.arc_max="40M" vfs.zfs.vdev.cache.size="5M"
Resize partition
We added space for virtual disk (VirtualBox, or other) but we have disk CORRUPT
lol@ ~/> gpart show ada0 => 40 41942960 ada0 GPT (39G) [CORRUPT] 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 2008 - free - (1.0M)
Fix is easy :
gpart recover ada0
Now we need resize partion 3.
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G)
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 17.9G 17.3G 621M - 76% 96% 1.00x ONLINE -
For device is Busy , we have set this value:
lol@ ~/> sysctl kern.geom.debugflags=16 kern.geom.debugflags: 0 -> 16
Now resize partition number 3
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G) lol@ ~/> sudo gpart resize -i 3 ada0 ada0p3 resized lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 77723608 3 freebsd-zfs (37G)
Last step with zfs pool:
lol@ ~/> sudo zpool set autoexpand=on zroot lol@ ~/> sudo zpool online -e zroot ada0p3 ada0p3
Control space in zpool.Size of zroot is right.
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 37G 17.3G 19.7G - 36% 46% 1.00x ONLINE -
lol@ ~/Desktop> sudo sysctl kern.geom.debugflags=0 kern.geom.debugflags: 16 -> 0
Virtualbox
Virtuabox in FreeBSD
Added line with kernel module to /boot/loader.conf
vboxdrv_load="YES"
Added line for bridged or host-only networking to /etc/rc.conf
vboxnet_enable="YES"
Added to group
pw groupmod vboxusers -m yourusername chown root:vboxusers /dev/vboxnetctl chmod 0660 /dev/vboxnetctl
Permanent permisions added lines to /etc/devfs.conf
own vboxnetctl root:vboxusers perm vboxnetctl 0660
FreeBSD as guest Virtualbox
Write to /etc/rc.conf
vboxguest_enable="YES" vboxservice_enable="YES"
Wifi and FreeBSD
How to setup WIFI card
pciconf -l - look for if see wifi hardware sudo ifconfig wlan0 create wlandev wpi0 sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
How to setup USB WIFI
Add kernel module to /boot/loader.conf
# Kernel module for wifi if_ath_load="YES" if_iw_load="YES" # Next wifi kernel modules wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES"
Add to configure /etc/rc.conf this lines. Configure you wifi device.
wlans_run0="wlan0" create_args_wlan0="wlanmode sta country CZ indoor"
Look to your hardware if you have drivers.
# Look for if see wifi hardware (wpi, run0) pciconf -l # Create a device with name wlan0 sudo ifconfig wlan0 create wlandev wpi0 # Create wpa_supplicant configure file with ssid network sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf # Scan your wifi networks ifconfig wlan0 up scan SSID/MESH ID BSSID CHAN RATE S:N INT CAPS lol 00:13:46:49:41:76 11 54M -90:96 100 EPS WPA WME trololo 00:11:95:c3:0d:ac 1 54M -83:96 100 EPS WPA # IP address from DHCP server sudo dhclient wlan0
GELI
Install CD -> Partition -> Shell gpart create -s gpt vtbd0 gpart add -t freebsd-boot -s 512k -a 4k vtbd0 gpart add -t freebsd-ufs -a 1M vtbd0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 vtbd0 geli init -b -g vtbd0p2 geli attach vtbd0p2 newfs -j /dev/vtbd0p2.eli mount /dev/vtbd0p2.eli /mnt - /tmp/bsdinstall_etc/fstab /dev/vtbd0p2.eli / ufs rw,noatime 1 1 - /tmp/bsdinstall_boot/loader.conf geom_eli_load="YES" exit (installer will continue) Change /dev/vtbd0p2.eli to gptid/rawuuid (gpart list): /dev/gptid/015ceb9a-90a4-11e6-b8fc-1392a9ed1847 / ufs rw,noatime 1 1
FreeBSD Security
Security on FreeBSD
To check the status of the securelevel on a running system: Add to /etc/sysctl.conf
kern.securelevel=2 security.bsd.see_other_uids=0 security.bsd.stack_guard_page=1 net.inet.ip.random_id=1
Enabling and Utilizing Process Accounting
Tracking information such as CPU statistics and executed commands.
touch /var/account/acct chmod 600 /var/account/acct accton /var/account/acct echo 'accounting_enable="YES"' >> /etc/rc.conf
Troubleshooting with FreeBSD
SSH
Too many authentication failures
If You are not able to authenticate via ssh and message “Too many authentication failures” is logged in /var/log/auth.log you probably have more than 2 keys loaded in your ssh agent that are failing to authenticate. To solve this unload keys you are not using from ssh agent (ssh-add -d path/ ssh-add -D), use ssh -i path_to_key or create an appropriate section in your ~/.ssh/config with IdentityFile.
BOOT on FreeBSD
Fatal double fault FreeBSD 10.3 - i386 , FreeBSD 11 - i386
The fatal double fault is a problem on FreeBSD - i386 with ZFS file system.
As described in /usr/src/UPDATING entry 20121223, rebuilding the kernel with options KSTACK_PAGES=4 has been observed to resolve the boot-time crash. This, however, is not an ideal solution for inclusion in the GENERIC kernel configuration, as increasing KSTACK_PAGES implicitly decreases available usermode threads in an environment that is already resource-starved.
You must do this steps for new kernel:
# mkdir -p /usr/src # svnlite co svn://svn.freebsd.org/base/releng/10.2 /usr/src # make -C /usr/src kernel-toolchain # printf "include GENERIC\noptions KSTACK_PAGES=4\n" > /usr/src/sys/i386/conf/ZFS # make -C /usr/src buildkernel KERNCONF=ZFS # make -C /usr/src installkernel KERNCONF=ZFS
For FreeBSD 10.3 - More information on page https://www.freebsd.org/releases/10.3R/errata.html For FreeBSD 11.0 - More information on page https://www.freebsd.org/releases/11.0R/errata.html
How to boot from live CD
If is a problem with boot on FreeBSD and cannot run the system. Back to FreeBSD menu and choose option 3. ( Escape to loader prompt ) For help in command line is command help or ? (list of commands ) help set are options for the command set
For boot from CD is commnad
set boot_cdrom (for mount filesystem) boot
Look for a mounted filesystem with command mount.If you haven't zfs filesystem mounted you must run command and connect zpool :
zpool import -f zroot
How to mount disk with geli from live CD
Boot live system …
geli attach /dev/ada0p3 password:
The command mount only part of filesystem. For example /usr; /tmp; /var; but not /boot
zpool import -f /mnt zroot
The command mount /boot etc..
zfs mount zroot/ROOT/default