Re: Large scale VPN routers

[Tomas Bodzar]

On Tue, Aug 23, 2011 at 3:55 AM, Brendan Grossman
bren...@grossman.id.au wrote:
 Hi

 Just wondering if anyone has had any experience with using OpenBSD to
 terminate up to 1000 VPN clients and/or route high traffic (say 100
 Mb/s).

 What sort of hardware did you use, type of VPN, encryption and auth
 options, overall experience, etc?

http://www.openbsd.org/products.html
See syscall, GeNUA, .vantronix and probably others as well


 Regards
 Brendan

Re: Expected throughput in an OpenBSD virtual server

[Per-Olov Sjöholm]

On 23 aug 2011, at 01:32, john slee wrote:
 On 22 August 2011 23:45, Per-Olov Sjvholm p...@incedo.org wrote:
 As http://www.openbsd.org/faq/faq6.html states, there's little you can
 tweak
 to improve your numbers; just get a nice-clocked, good cache-sized CPU and
 give it some loving.

 The FAQ you refer to seems to be of no use at all and is totally unrelated
 to
 this post.

 It is quite pertinent, actually. See the beginning of section 6.6;

 http://www.openbsd.org/faq/faq6.html#Tuning

 John



If you please will explain how baddynamic and avoiding certain ports will
affect what we are talking about...

Naaahh lets forget that section

/Per-Olov

Re: OpenBSD 4.9 + Sound Blaster Live!

[Remco]

James Colannino wrote:

 On 08/17/11 06:23, Alexandre Ratchov wrote:
 
 could you provide a dmesg and the list of commands that you run and
 that didn't work?
 
 Sorry it took me so long to get back to everyone.  I've been having all
 sorts of other issues at work that have prevented me from responding
 sooner.  Here's the output of dmesg, audioctl and mixerctl:
 
 James

First of all, I think you forgot to tell which command/application you're
using and what kind of audio you're trying to play (WAV, MP3, AU, AIFF,
Ogg/Vorbis, FLAC, ...).
Is there any output on your screen or in /var/log/* showing anything
problematic while playing sounds ?

One way for me to get a lot of noise is accidentilly playing a file with an
unexpected format, like this: aucat -i somefile.au


About your audioctl:
 name=SB Live!
..
 play.error=1
..
 play.errors=2961
Some errors though I don't expect this to necessarily be the problem.


About your mixerctl:
 outputs.master=255,255
 outputs.master.mute=off
Your output levels are maxed out, I'd start off from e.g.
outputs.master=100,100, going up if necessary.

 inputs.spkr=255
 inputs.spkr.mute=off
I'd mute this, I think it might pick up noise.

 record.source=mic
 record.volume=255,255
 record.volume.mute=off
You may not need this, so trying to mute it to see if it makes a difference
probably doesn't hurt.


About your dmseg:
 OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar  2 06:57:49 MST 2011
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 3128442880 (2983MB)
 avail mem = 3031142400 (2890MB)
..
 acpiec0 at acpi0acpiec _REG failed, broken BIOS
 
..
 cpu0: unknown i686 model 0x2a, can't get bus clock
..
 ... unknown product 0x0100 ...
..
 ... not configured
..
 Realtek 8168 rev 0x06: unknown ASIC (0x2c80), apic 0 int 18 (irq 11),
 address ff:ff:ff:ff:ff:ff rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 5
..
 io address conflict 0x2000d000/0x100
It seems you've got pretty new hardware, not fully supported by your 4.9
installation. I recommend using a snapshot to get an OS which is likely a
better match to you hardware.


I hope any of this helps.

regards,
Remco

Re: Expected throughput in an OpenBSD virtual server

[Patrick Lamaiziere]

Le Mon, 22 Aug 2011 22:49:47 +0200,
Per-Olov SjC6holm p...@incedo.org a C)crit :

Hello,
 Have not tried current, but will try current as soon as I can.
 Also... I will try to do some laborations with CPU speed of the core
 the OpenBSD virtual machine has. This to see how the interrupts and
 throughput is related to the CPU speed of the allocated core.

It would be nice to know if current is better with Intel em(4) cards. 
because of this commit : http://freshbsd.org/2011/04/13/00/19/01

Here we reach 400 MBits/s with a CPU rate ~70% but we
run OpenBSD 4.9.

Regards.

Re: Expected throughput in an OpenBSD virtual server

[Patrick Lamaiziere]

Le Mon, 22 Aug 2011 20:04:50 + (UTC),
Stuart Henderson s...@spacehopper.org a C)crit :

Hello,

 OpenBSD has another way to handle this, MCLGETI.

Is there a documentation (for the human being, not the developer)
about how MCLGETI works? (don't find a lot about it)

Thanks, regards.

Re: Expected throughput in an OpenBSD virtual server

[Ryan McBride]

On Tue, Aug 23, 2011 at 09:10:05AM +0200, Per-Olov SjC6holm wrote:
 If you please will explain how baddynamic and avoiding certain ports will
 affect what we are talking about...
 
 Naaahh lets forget that section

I believe people are referring to the text above that:

   One goal of OpenBSD is to have the system Just Work for the vast
   majority of our users. Twisting knobs you don't understand is far more
   likely to break the system than it is to improve its performance. Always
   start from the default settings, and only adjust things you actually see
   a problem with.

   VERY FEW people will need to adjust any networking parameters!


Earlier you asked:

 So the question remains. Is it likely that a faster cpu core will give
 better performance (not that I need it. Just doing some laborations
 here).  Is a faster CPU the best / only way to increase throughput.

Yes, all other things being equal faster CPU will help. Other hardware factors
include:

- CPU vendor (AMD vs Intel)
- CPU cache, bus, chipset
- PCI bus
- Network card
- If you are doing IPSec, AES-specific instructions (AES-NI on Intel) 

Some CPU architectures have much better IO and interrupt performance for
a given clock speed (Sparc64, for example), but cost makes them an
unlikely choice for a firewall. 

Things that seem to make very little difference in testing:

- MP vs SP kernel
- i386 vs AMD64


 Of course we assume the OS tweak is ok and that reasonable 
 NIC:s are used.  

OS tweaks are usually not OK. The general rule of thumb is that if you
have to ask about them on misc@ because there is no documentation and
you don't understand the effects, then you shouldn't touch it

PF configuration can have a big effect on your performance for some
types of traffic. In general it's better to worry about making your
ruleset correct and maintainable, but if you MUST write your ruleset
with performance in mind, the following article discusses most of the
issues:

http://www.undeadly.org/cgi?action=articlesid=20060927091645


 Is there a plan to change the interrupt handling model in OpenBSD to
 device polling in future releases ?

No. 

Re: Expected throughput in an OpenBSD virtual server

[Tomas Bodzar]

On Tue, Aug 23, 2011 at 11:10 AM, Patrick Lamaiziere
patf...@davenulle.org wrote:
 Le Mon, 22 Aug 2011 20:04:50 + (UTC),
 Stuart Henderson s...@spacehopper.org a C)crit :

 Hello,

 OpenBSD has another way to handle this, MCLGETI.

 Is there a documentation (for the human being, not the developer)
 about how MCLGETI works? (don't find a lot about it)

Maybe these?
http://blogs.oracle.com/video/entry/mclgeti_effective_network_livelock_mitigation
https://www.youtube.com/watch?v=fv-AQJqUzRI
http://wikis.sun.com/display/KCA2009/KCA2009+Conference+Agenda  (see
Friday 17th)

looks like only David Gwynne may point to something useful.



 Thanks, regards.

Re: Expected throughput in an OpenBSD virtual server

[Stuart Henderson]

On 2011-08-22, Per-Olov Sj?holm p...@incedo.org wrote:
 MCLGETI ?? Is it in if_em.c if I want to see how it is implemented?

it's in various files, see mbuf(9) and look for videos/slides from talks
by dlg (David Gwynne), there's an asiabsdcon talk with more details and quite
possibly some others.

Re: Expected throughput in an OpenBSD virtual server

[Ryan McBride]

On Tue, Aug 23, 2011 at 10:42:59AM +, Stuart Henderson wrote:
 On 2011-08-22, Per-Olov Sj?holm p...@incedo.org wrote:
  MCLGETI ?? Is it in if_em.c if I want to see how it is implemented?
 
 it's in various files, see mbuf(9) and look for videos/slides from talks
 by dlg (David Gwynne), there's an asiabsdcon talk with more details and quite
 possibly some others.

The effects of MCLGETI are quite visible in the PF testing I did for our
'10 years of PF' talk, see pages 70-74 of the slides from BSDCan for
example:

http://quigon.bsws.de/papers/2011/pf10yrs/

Re: pf shape download

[Michel Blais]

Hi David (and thank to all the others for you reply),

I didn't have time to work on it but will have some time this week.

I think my main problem was from my Windows 7 laptop that look like to 
block traffic until it understand that traffic can pass.


A exemple we often see with Windows 7 is when the are a internet 
problem, when the problem is fix, you can ping external network and 
domain name but until Windows 7 remove the yellow triangle on the 
network adapter, browser (we are using IE, Firefox  Chrome) won't be 
able to go on the internet.


Even with our old firewall (base on iptables), it was the same. It taked 
some minutes for Windows user to apply rule change. Exemple, I forward 
the port 80 to a server with a alert to contact us, the contact us then 
we erase the rule and apply it but the user will still be forwarded for 
several minutes.


So will doing my test, if I apply a ruleset like, pass in instead of 
block in, often, traffic was still block. It's really hard to test 
ruleset in this condition. For sure, I was able one time to make the 
traffic pass on my second queue but it was after a long time working on 
something else. When I came back to it and looked at pftop, I saw the 
traffic on the second queue.


If I remember well, my ruleset was
block in
block out
pass in on re0 to 10.254.200.2 queue second
pass out on re0 to 10.254.200.2 queue second
pass in on re1 to 10.254.200.2 queue second
pass out on re1 to 10.254.200.2 queue second
pass in on re0 from 10.254.200.2 queue second
pass out on re0 from 10.254.200.2 queue second
pass in on re1 from 10.254.200.2 queue second
pass out on re1 from 10.254.200.2 queue second

I will do more test and write back to the mailling list.

Michel

Le 2011-08-22 18:40, David Newman a icrit :

Did you have any luck getting this working?

Thanks!

dn



On 8/16/11 8:20 AM, Michel Blais wrote:

Hi,

I'm having a problem to shape download with PF. I have 2 HFSC queue
(main and second) created on my internal NIC. Main is my default
queue. If I try to match download traffic to the second queue, it still
go trought the main queue.

The IP I want to download trought the second queue for my test
unit is 10.254.200.2
$ext_if=re0
$int_if=re1

My rule to foward traffic to second queue is :
match out on $int_if from any to 10.254.200.2
I also try with pass instead of match

Look fine if I check the bob exemple in this faq :
http://www.openbsd.org/faq/pf/queueing.html#example1

pfctl -vvsq still show traffic on main queue :

queue  main on re1 bandwidth 1Mb priority 2 qlimit 100 hfsc( red default
upperlimit 97Mb )
   [ pkts:  24701  bytes:   37333295  dropped pkts:  0
bytes:  0 ]
   [ qlength:   0/100 ]
   [ measured:   236.4 packets/s, 2.86Mb/s ]
queue  second on re1 bandwidth 1Mb priority 0 qlimit 250 hfsc( red
upperlimit 97Mb )
   [ pkts:  0  bytes:  0  dropped pkts:  0
bytes:  0 ]
   [ qlength:   0/250 ]
   [ measured: 0.0 packets/s, 0 b/s ]

pftop -v rules show me that the rule don't match
12 Pass out re1 K 0 0 0 inet from any to 10.254.200.2/32flags
S/SA queue second

I can see my download with tcpdump :
# tcpdump -i re1 host 10.254.200.2
...
10:49:19.802505 10.254.200.2.49266  hammurabi.acc.umu.se.www: . ack
832200 win 64240 (DF)
10:49:19.802716 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
832200:833660(1460) ack 1 win 6564 (DF)
10:49:19.802911 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
833660:835120(1460) ack 1 win 6564 (DF)
10:49:19.803040 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
835120:836580(1460) ack 1 win 6564 (DF)
10:49:19.803211 10.254.200.2.49266  hammurabi.acc.umu.se.www: . ack
836580 win 64240 (DF)
10:49:19.803248 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
836580:838040(1460) ack 1 win 6564 (DF)
10:49:19.803252 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
838040:839500(1460) ack 1 win 6564 (DF)
10:49:19.803367 hammurabi.acc.umu.se.www  10.254.200.2.49266: .
839500:840960(1460) ack 1 win 6564 (DF)
...

I have pass days on this with OpenBSD 4.9 and
FreeBSD 8.2 without result.

I even tryed every 8 possible rules at the same time and
pfctl was still showing traffic trought the main queue on :

match in on re0 from any to 10.254.200.2 queue second
match in on re1 from any to 10.254.200.2 queue second
match out on re0 from any to 10.254.200.2 queue second
match out on re0 from any to 10.254.200.2 queue second
match in on re0 from 10.254.200.2 to any queue second
match in on re1 from 10.254.200.2 to any queue second
match out on re0 from 10.254.200.2 to any queue second
match out on re0 from 10.254.200.2 to any queue second

in this case, pftop was showing that it
match out on re0 from 10.254.200.2 to any
match on re1 from 10.254.200.2 to any
it look like only upload rule match

Can somebody help me on this ?

Thanks

Michel

P.S : I have a VoIP queue that I will add after that will need the
realtime option, that why I'm using HFSC.




--
Michel Blais
Administrateur riseau / 

CDDL vs GPL and maybe some implications for BSD?

[Tomas Bodzar]

Hi all,

as some of you maybe know there's new player on OS market called
http://smartos.org . What's starting to be interesting is their port
of KVM to Solaris code base which is used as a kernel module.

Bryan Cantrill didn't talk much about licenses in his paper
http://www.linux-kvm.org/wiki/images/7/71/2011-forum-porting-to-smartos.pdf
No matter how much interesting it sounds, the question on licensing
was addressed vaguely (if at all) during the talk.  In a private chat
later, Bryan mentioned there's no violation at all, but here you can
find a little more discussion https://lwn.net/Articles/455008/

In NetBSD is eg. dtrace/zfs made as module. The question now is if
those ports are CDDL, GPL or BSD licensed. Probably there was not
similar case at court yet.

As I know CDDL parts are (for example as modules) in FreeBSD and
NetBSD and there were couple of threads on misc@ about porting
zfs/dtrace to OpenBSD as  well.

OpenBSD is really clear about its policy, but do you think that it's
really possible to port stuff this way  and made it available as
module without need for change of license or worrying about shark
suits?

Thx

PS: No flame at all. I just think that this situation can be
interesting regarding future because of mixing licenses in some of
systems which are not so strict about license policy

Zurka Forum Obavestenje

[Zurka Forum]

  Postovani,

Zurka Forum sa vama u jos boljem izdanju!


Besplatan download najnovijih filmova,muzike,programa,
igrica,erotskih filmova, domacih i stranih i jos puno toga, noviteti  svakoga
dana ! Zurka Forum se trudi da svojim clanovima maksimalno izadje u susret.

Proverite sta imamo novo za vas :  www.zurkaforum.com
http://www.zurkaforum.com/

Ugodno druzenje i boravak na forumu zeli vam administracija Zurka Foruma.

Hvala vam,
Zurka Forum QP8P.

http://www.zurkaforum.com/

Re: Expected throughput in an OpenBSD virtual server

[Per-Olov Sjöholm]

On 23 aug 2011, at 10:54, Patrick Lamaiziere wrote:
 Le Mon, 22 Aug 2011 22:49:47 +0200,
 Per-Olov SjC6holm p...@incedo.org a C)crit :

 Hello,
 Have not tried current, but will try current as soon as I can.
 Also... I will try to do some laborations with CPU speed of the core
 the OpenBSD virtual machine has. This to see how the interrupts and
 throughput is related to the CPU speed of the allocated core.

 It would be nice to know if current is better with Intel em(4) cards.
 because of this commit : http://freshbsd.org/2011/04/13/00/19/01

 Here we reach 400 MBits/s with a CPU rate ~70% but we
 run OpenBSD 4.9.

 Regards.



How fast is your CPU ?

Yes I can see the 1.254 commit with this came in after the 4.9 release that I
use. I can try to see if I can measure any performance gain with this update.

I will try this from aug 17...
http://ftp.sunet.se/pub/os/OpenBSD/snapshots/i386/install50.iso

I4ll get back

[ YES !! More fun tests :D ]

Regards
Per-Olov

Re: Expected throughput in an OpenBSD virtual server

[Tomas Bodzar]

On Tue, Aug 23, 2011 at 7:21 PM, Per-Olov SjC6holm p...@incedo.org wrote:
 On 23 aug 2011, at 10:54, Patrick Lamaiziere wrote:
 Le Mon, 22 Aug 2011 22:49:47 +0200,
 Per-Olov SjC6holm p...@incedo.org a C)crit :

 Hello,
 Have not tried current, but will try current as soon as I can.
 Also... I will try to do some laborations with CPU speed of the core
 the OpenBSD virtual machine has. This to see how the interrupts and
 throughput is related to the CPU speed of the allocated core.

 It would be nice to know if current is better with Intel em(4) cards.
 because of this commit : http://freshbsd.org/2011/04/13/00/19/01

 Here we reach 400 MBits/s with a CPU rate ~70% but we
 run OpenBSD 4.9.

 Regards.



 How fast is your CPU ?

 Yes I can see the 1.254 commit with this came in after the 4.9 release that
I
 use. I can try to see if I can measure any performance gain with this
update.

 I will try this from aug 17...
 http://ftp.sunet.se/pub/os/OpenBSD/snapshots/i386/install50.iso

Can't see that mirror here http://www.openbsd.org/ftp.html , it's
better to use something more official


 I4ll get back

 [ YES !! More fun tests :D ]

 Regards
 Per-Olov

Re: CDDL vs GPL and maybe some implications for BSD?

[Marco Peereboom]

On Tue, Aug 23, 2011 at 06:17:53PM +0200, Tomas Bodzar wrote:
 Hi all,
 
 as some of you maybe know there's new player on OS market called
 http://smartos.org . What's starting to be interesting is their port
 of KVM to Solaris code base which is used as a kernel module.
 
 Bryan Cantrill didn't talk much about licenses in his paper
 http://www.linux-kvm.org/wiki/images/7/71/2011-forum-porting-to-smartos.pdf
 No matter how much interesting it sounds, the question on licensing
 was addressed vaguely (if at all) during the talk.  In a private chat
 later, Bryan mentioned there's no violation at all, but here you can
 find a little more discussion https://lwn.net/Articles/455008/
 
 In NetBSD is eg. dtrace/zfs made as module. The question now is if
 those ports are CDDL, GPL or BSD licensed. Probably there was not
 similar case at court yet.
 
 As I know CDDL parts are (for example as modules) in FreeBSD and
 NetBSD and there were couple of threads on misc@ about porting
 zfs/dtrace to OpenBSD as  well.
 
 OpenBSD is really clear about its policy, but do you think that it's
 really possible to port stuff this way  and made it available as
 module without need for change of license or worrying about shark
 suits?

Sure you can make a port.  You can have all kinds of unfree things in
packages.  So go for it.

 
 Thx
 
 PS: No flame at all. I just think that this situation can be
 interesting regarding future because of mixing licenses in some of
 systems which are not so strict about license policy

Only for the base OS.  Packages can have all kinds of crazy licenses.

Re: two problems with the recent X @ i386

[ropers]

On 22 August 2011 17:19, Jan Stary h...@stare.cz wrote:
 With today's snapshot, I can no longer kill X with crtl+alt+backspace.
 Has something changed? Is DontZap turned on by default now? I am not
 using any config file.

I'm completely talking out of my arse here, but I have a strong hunch
that this change is Ubuntu's (bad) influence at work:

Ubuntu (-- Debian) -- X.org -- Xenocara

Re: CDDL vs GPL and maybe some implications for BSD?

[martian67]

On 8/23/2011 10:17 AM, Tomas Bodzar wrote:

Hi all,

as some of you maybe know there's new player on OS market called
http://smartos.org . What's starting to be interesting is their port
of KVM to Solaris code base which is used as a kernel module.

Bryan Cantrill didn't talk much about licenses in his paper
http://www.linux-kvm.org/wiki/images/7/71/2011-forum-porting-to-smartos.pdf
No matter how much interesting it sounds, the question on licensing
was addressed vaguely (if at all) during the talk.  In a private chat
later, Bryan mentioned there's no violation at all, but here you can
find a little more discussion https://lwn.net/Articles/455008/

In NetBSD is eg. dtrace/zfs made as module. The question now is if
those ports are CDDL, GPL or BSD licensed. Probably there was not
similar case at court yet.

As I know CDDL parts are (for example as modules) in FreeBSD and
NetBSD and there were couple of threads on misc@ about porting
zfs/dtrace to OpenBSD as  well.

OpenBSD is really clear about its policy, but do you think that it's
really possible to port stuff this way  and made it available as
module without need for change of license or worrying about shark
suits?

Thx

PS: No flame at all. I just think that this situation can be
interesting regarding future because of mixing licenses in some of
systems which are not so strict about license policy




It is extremely clear, no non-ISC licensed/similarly licensed software 
will be imported into base. Peroid.

Re: CDDL vs GPL and maybe some implications for BSD?

[Chris Cappuccio]

martian67 [martia...@gmail.com] wrote:
 
 It is extremely clear, no non-ISC licensed/similarly licensed
 software will be imported into base. Peroid.

I don't know about that.  Quite a bit of GPL software is now being incorporated 
into the base tree.  In fact, Theo is almost finished importing GCC 4.6.1, 
directly into the kernel for faster compiles.  Each stage of GCC becomes a 
short-lived kernel thread, it's quite an interesting model (Apparently avoiding 
context switches cuts compile time in less than half!) 

Miod made some progress on replacing our outdated libc with glibc.  IIRC, the 
main desire there was to fix important POSIX compatibility issues, and to start 
replacing the outmoded strlcat concept with a secure version of strcat.  
Anyways, that's not all, Henning's project to replace PF with a port of 
iptables (to get their fast stateful filtering code) is almost finished!

Here is perhaps the most interesting part.  There was recent talk about 
replacing OpenSSH with a version of Tectia SSH (to satisfy OpenBSD enterprise 
users who are threatening to cut funding to the project if Active Directory 
support isn't finished.)  But, I'm not sure if Tectia's evaluation-only, binary 
version is going to be accepted into the tree without some kind of source code 
audit.  Theo has been talking to Tatu Ylonen about getting a copy of the source 
code (unfortunately under NDA) so that an OpenBSD code audit could be 
performed.  Conveniently, we only need to run Tectia SSH under Linux emulation 
-- binary builds will be handled by Tectia and posted to their web site.  (As 
an aside, the kernel implementation of GCC 4.6.1 will be faster after this, it 
won't be busy building OpenSSH anymore.)

-- 
the preceding comment is my own and in no way reflects the opinion of the Joint 
Chiefs of Staff

Re: CDDL vs GPL and maybe some implications for BSD?

[Nick Holland]

On 08/23/11 12:17, Tomas Bodzar wrote:
...
 OpenBSD is really clear about its policy, but do you think that it's
 really possible to port stuff this way  and made it available as
 module without need for change of license or worrying about shark
 suits?

porting stuff isn't the issue, usually.  OpenBSD doesn't avoid
importing new GPL, CDDL, etc. code because the code can't be imported
into the OpenBSD project by the terms of the proposed code, OpenBSD
avoids importing other licenses because it limits the utility of
OpenBSD, and the ability to be used for any purpose the user desires.

Could OpenBSD import ZFS in one of many ways?  Sure.
Could you use it in all the ways you could use OpenBSD now?  No.
YOU, the user, are the one who has to worry about the sharks.

It's about YOU, not the code.

 Thx
 
 PS: No flame at all. I just think that this situation can be
 interesting regarding future because of mixing licenses in some of
 systems which are not so strict about license policy

yeah, you gotta wonder about that.
No, really, you don't.
Those that tell you it is about Freedom are mostly full of shit.
It's about it didn't cost me anything to most of them.

Watch a person's actions, not their words.
They can chant all they want about freedom, but when they willingly
stick their hands in the cuffs because it's easier in the short term,
their actions have spoken, it's about the effort, not the freedom.
They can chant all they want about the perfection of their license,
but when they freely contaminate it with other license with more
restrictions, they have shown their real motivation.

ZFS is cool, don't get me wrong.  But...by making it such a core part of
what makes FreeBSD special, FreeBSD is no longer BSD-free...it's CDDL or
whatever the Oracle sharks (which make the Sun sharks look sane) want it
to be-free.  Maybe that's good enough for you, maybe it isn't.  YOU have
to pay the lawyers to figure it out, though, not FreeBSD.

With something like ZFS, you have two choices:
1) keep it as a side project, like OpenBSD does with Chrome, Firefox,
etc.  You can build an OpenBSD-based product without any of those
things..by not adding the packages.  But for something like a file
system...do you really want to bet your data on a file system treated
like a bastard step-child, tested by only a few users, and not really
core to the system?  A file system isn't a browser.  When your browser
crashes, well, we are all used to that (says something right there,
doesn't it?).  You don't want your file system working that way, do you?

2) Embrace the product, use it everywhere, assume the user will base
their solutions on it.  In that case...the project is now effectively
FreeCDDL and NetCDDL.  That's fine if that's what they want (obviously,
they do) and they go in eyes open (not so sure about that).

Nick.

Re: CDDL vs GPL and maybe some implications for BSD?

[Theo de Raadt]

 yeah, you gotta wonder about that.
 No, really, you don't.
 Those that tell you it is about Freedom are mostly full of shit.
 It's about it didn't cost me anything to most of them.

We've got an entire operating system which is completely free as a
base; besides that, a shrinking set of GPL2 components are used to
help us build.  Maybe in the future that will change.  A variety of
choices are slowly in play.

And now, because of ZFS and dtrace, we should throw that entire
Bostic-started effort out the window.  Screw freedom, I need ZFS and
dtrace.

Don't be fooled.  This request does not come from people who love ZFS
or dtrace.  It comes from people who apparently love btoh ZFS _and_
dtrace (otherwise, once in a while we'd get a mail from someone who
only mentions ZFS, right?).  Because, as you all know, everyone needs
both ZFS and dtrace, or they are doomed and it is a certainly that
Satan and Bill will consume their souls for eternity.  Yes, I need
dtrace.  Today tomorrow and forever, or I will go to hell.  dtrace or
death.

Yes, some of you will think I am silly, but if you do, please go check
some mail archives and you will see that apparently most ZFS people
don't care about ZFS, unless they post to *BSD mailing lists, and then
suddenly pushing dtrace becomes a real pressure point.

I don't know where these people come from but they seem like agents of
Stallman or Company X or Company Y, at the very least some kind of
divide and conquer or divide or conquer effort is in play.  Don't
even bother to respond to such people, unless your mail explains to
others what is going on.  The real key phrase to watch for here is
that there are people who always mix ZFS and dtrace together.
Everytime they are mixed together, the person posting it is of the
type that has zero use for dtrace.  They've been fooled by someone to
equate those two as equal value.

Who are these ZFS and dtrace people? Are they HFT programmers?  I
really don't know.  Do they help the project?  I can assure you that
they do not.

I bet they couldn't use dtrace to their advantage of their life
depended on it.

Yet ZFS and dtrace so often mentioned together...

Don't be fooled.  In fact, I urge our users to investigate every
person who has mentioned ZFS and dtrace together in the past.  Their
agenda is not the one that you or I believe in.  Their agenda is
division.