March 5, 2024

Introduction

FreeBSD is an outstanding choice for those seeking a modern, enterprise-class open source operating system. Its permissive licensing, superior security, exceptional performance, and rock-solid stability make it an ideal solution for businesses and organizations of all sizes. 

FreeBSD 13.3-RELEASE offers significant enhancements to infrastructure, hardware compatibility, and security, further demonstrating its value to the industry. This version builds upon the strong foundation established by previous versions within the 13.x series and aligns with the development timeline that includes the FreeBSD 14 branch, which was introduced in November 2023.

Join us as we delve into the transformative journey of FreeBSD 13.x, showcasing the progressive enhancements that underscore FreeBSD’s enduring relevance and leadership in the open source ecosystem.

FreeBSD 13.x overview

FreeBSD 13.0-RELEASE brought significant improvements that set a new standard for system robustness and performance for the operating system. Among these improvements were strategic shifts in its toolchain, transitioning fully to LLVM/Clang as the default compiler, which streamlined development processes and enhanced system stability. Additionally, the introduction of WireGuard, a modern VPN tunnel, significantly enhanced FreeBSD’s network security, providing a simpler and faster alternative to IPSec and OpenVPN.

FreeBSD is widely recognized for its strength, security, and performance within the open source operating system community. The release of FreeBSD 13.3 is a significant milestone in its development and showcases substantial enhancements that highlight its dedication to meeting modern technological needs. 

The 13.x series features crucial improvements to its userland and kernel, addressing important security vulnerabilities and ensuring the system remains resilient against evolving threats. 

Now, with expanded hardware support and networking capabilities, the release of FreeBSD 13.3 reinforces the Project’s commitment to adaptability and forward-thinking, catering to a broad range of users, from server administrators to desktop users.

General network improvements in 13.x

The FreeBSD 13.x series has made significant progress in networking, which has resulted in improved performance and security. A notable improvement is introducing the new mbuf type, which can represent multiple unmapped physical pages as a single buffer. This enhancement has improved the performance of sendfile operations and was sponsored by Netflix.

During the transition to version 13.x, FreeBSD has made significant improvements to its core functionalities. These improvements include the addition of Safe Memory Reclamation (SMR) to the kernel and significant updates to the routing stack and reflect the Project’s ongoing efforts to refine and evolve its core system functionalities to meet contemporary computational demands and networking paradigms.

Other notable network stack improvements include:

  • Transport Layer Security (TLS) Enhancements: Kernel-based framing and encryption of TLS data on TCP sockets were introduced for TLS versions 1.0 through 1.3. This includes transmit offload via in-kernel crypto drivers for AES-CBC and AES-GCM cipher suites, as well as receive offload for AES-GCM cipher suites for TLS 1.2, utilizing a KTLS-aware SSL library. This feature was sponsored by Netflix and Chelsio Communications, and it reinforces FreeBSD’s commitment to secure and efficient data transmission.
  • Proportional Rate Reduction (PRR): tcp now supports PRR for improved SACK loss recovery during burst loss and ACK thinning scenarios, enabled by default. This feature enhances loss recovery performance and prevents retransmit timeout (RTO) stalls, with a conservative variant available for specific traffic conditions.

Routing stack revamp in 13.x

  • Rewritten Routing Stack: A new routing stack, based on nexthops, has been introduced, which holds all the necessary state information for routing packets to the desired destination. This allows for more efficient and scalable routing operations.
  • Enhanced Multipath Routing Support: Multipath routing support has been re-engineered to feature 64-wide multipath routes with O(1) lookup time, significantly improving scalability and performance in multipath routing scenarios.
  • Custom Route Lookup Algorithms: Introduction of support for custom route lookup algorithms, decoupling control-plane and data-plane operations for faster lookups and better convergence times under load.
  • DPDK Librte-based IPv4/IPv6 Route Lookup Algorithms: Optimized control-plane and data-plane operations for large routing tables through DPDK librte-based route lookup algorithms, enhancing overall routing efficiency.

Quality of Service (QoS) and congestion control in 13.x

  • QoS Enhancements: The ping utility now supports setting network Quality of Service (QoS) with IP DSCP and Ethernet PCP, facilitating more granular traffic management and prioritization.
  • Congestion Control Algorithm Improvements: The cc_cubic TCP congestion control algorithm has been updated to align more closely with the standard outlined in RFC8312, optimizing TCP congestion control behavior.

Stream Control Transmission Protocol (SCTP) and advanced networking in 13.x

  • SCTP as Loadable Kernel Module: SCTP support has been transitioned to a new sctp.ko kernel module, making it optional and no longer compiled into GENERIC by default, allowing for more flexible deployment scenarios.
  • Stacked VLAN (802.1ad) Support: Introduction of support for stacked VLANs, enhancing the flexibility and scalability of VLAN configurations in complex networking environments.
  • Advanced Networking Features: Enhancement of TCP/IP stack features like Proportional Rate Reduction (PRR) for improved SACK loss recovery, showcasing FreeBSD’s dedication to maintaining a competitive edge in network performance and reliability.

FreeBSD is committed to maintaining a cutting-edge networking stack by integrating new protocols, improving existing implementations, and focusing on performance and security. These enhancements and others not listed here demonstrate FreeBSD’s dedication to remaining competitive for network administrators, developers, and end-users.

Storage and virtualization improvements in 13.x

Storage

  • Network QoS: The ctld utility now supports network QoS specification using DiffServ Codepoints and Ethernet Priority Code Point, allowing FreeBSD to deliver high-performance storage solutions.
  • Updated NFS: The NFS client and server have been updated to support NFSv4.2, including extended attributes, demonstrating FreeBSD’s continued commitment to compatibility and feature richness.
  • Secure NFS: FreeBSD also supports configuring NFS over TLS, demonstrating its focus on secure storage solutions.
  • Migration to OpenZFS: ZFS, a cornerstone of FreeBSD’s storage capabilities, can store up to 256 quadrillion zettabytes (ZB) of data and (as of 13.3) is now provided by OpenZFS 2.1.14, ensuring that FreeBSD benefits from the latest developments in this powerful filesystem.

Virtualization

  • Enhanced Guest Support: The vmm kernel module now supports more than 16 vCPUs in a guest, allowing guests to use the CPU resources of the host more effectively. Bhyve has also introduced support for virtio-input device emulation, improving interaction with virtualized environments by injecting keyboard and mouse input events into a guest more easily.

Userland and kernel enhancements in FreeBSD 13.x

The FreeBSD 13.x series has undergone significant improvements in both userland and kernel, making it more robust, secure, and adaptable. These enhancements improve the system’s functionality and ensure it remains up-to-date with the latest technological standards and user expectations.

Userland enhancements

  • Security and Authentication: The libtacplus library enhancement enhances TACACS+ authentication by ensuring tacplus.conf adheres to POSIX shell syntax, improving both security and configurability.
  • Data Archiving and Extraction: Upgrading libarchive to version 3.6.2 has introduced numerous reliability fixes, enhancing its multi-format archive and compression library functionality. This upgrade ensures more robust data archiving and extraction capabilities, crucial for system operations and user applications. 
  • Process Management: Enhancements to utilities like login introduce the capability to set process priorities directly from ~/.login_conf, offering refined control over process management.
  • Reporting and Configuration: Streamlining periodic outputs and updates to utilities such as head and tail for consistent -q (quiet) and -v (verbose) options, along with adopting SI suffixes for numeric arguments, augment system usability and configuration flexibility.

Kernel enhancements

  • Security Improvements: Introducing Address Space Layout Randomization (ASLR) for 64-bit executables and a workaround for hardware page invalidation issues on specific Intel CPUs underscore FreeBSD’s commitment to security.
  • Debugging Enhancements: A new SPLIT_KERNEL_DEBUG configuration option enables separate kernel and module debug data handling, streamlining debugging processes without compromising system performance.

Enhanced cryptographic framework and drivers in FreeBSD 13.x

The FreeBSD 13.x series introduces significant updates to its libraries and APIs alongside a comprehensive overhaul of its cryptographic framework, marking a pivotal stride towards aligning with the latest software requirements and security standards.

  • Enhanced Cryptographic Versatility with libmd: SHA-512/224, a truncated version of the SHA-512 hash function, offers a compact yet secure hash alternative, balancing the need for shorter hash values without compromising on cryptographic strength.
  • Revamped Cryptographic Framework: The in-kernel cryptographic framework has undergone significant overhauls to improve support for modern cryptographic algorithms and simplify interfaces for device drivers and framework consumers. As part of these changes, support for Kerberos GSS algorithms that have been deprecated by RFC 6649 and RFC 8429, as well as IPsec algorithms deprecated by RFC 8221 and other cryptographic algorithms that were previously deprecated, have been removed. 
  • Cyptographic Driver Support: Improved cryptographic driver support by including the aesni driver in GENERIC kernels for amd64 and i386, which enhances software cryptography and security mechanisms through hardware-accelerated encryption capabilities.

Hardware support improvements

The FreeBSD 13.x series has ushered in substantial enhancements in hardware support, reflecting FreeBSD’s ongoing commitment to embracing the latest in technology and expanding its compatibility landscape. These improvements span networking hardware, processor support, and cryptographic capabilities, ensuring FreeBSD remains at the forefront of open source operating systems in terms of performance, security, and versatility.

  • Ethernet Controller Support: The introduction of the igc driver marks a significant advancement for users of Intel I225 Ethernet controllers, offering support for 2.5G/1G/100Mb/10Mb speeds alongside sophisticated features like tx/rx checksum offload, TSO, LRO, and multi-queue operation. 
  • Driver Updates: The ice driver has been updated to add firmware logging and initial DCB support, further enhancing FreeBSD’s capabilities in managing and optimizing network interfaces.
  • Processor Support: FreeBSD has extended its support to Intel Alder Lake 12th-generation CPUs, integrating basic support within the hwpmc framework so that users can leverage CPU design and performance advancements.

Deprecated features and removed support in 13.x 

Throughout the FreeBSD 13.x series, several features and supports were deprecated or removed entirely, indicating the project’s forward-looking approach and dedication to embracing modern technologies and standards.

Userland and kernel changes:

  • Toolchain Modernization: The obsolete binutils 2.17 and gcc 4.2.1 were removed, marking the full transition to the LLVM/Clang toolchain for all supported architectures. This shift underscores FreeBSD’s commitment to leveraging modern toolchains for enhanced system stability and development flexibility.
  • Licensing and Software Updates: The GPL-licensed version of dtc was replaced by a BSD-licensed variant, reflecting FreeBSD’s preference for more permissive licensing. Additionally, the BSD version has supplanted the GNU version of grep, which was previously the default. The bc and dc utilities were also replaced with versions developed by Gavin D. Howard, which do not depend on an external large-number library and offer GNU bc extensions. 
  • Deprecated Utilities: Several utilities, including the ctm and amd automount daemon, were removed. Modern alternatives have superseded or incorporated their functionalities into other system parts, such as autofs.
  • Network Driver Deprecation: FreeBSD has recently removed several outdated network drivers that were no longer in use to simplify support for newer and more commonly used hardware. This reduces the number of drivers that need to be maintained and allows for a greater focus on improving support for modern network interfaces.
  • Virtualization Deprecation: FreeBSD refined bhyve, its native hypervisor, by removing deprecated device models and supporting newer features like VirtIO-9p filesystem sharing and virtual machine snapshots. 

Forward-looking changes:

  • A significant change in the default CPUTYPE for the i386 architecture has occurred. The default has shifted from 486 to 686, meaning binaries now require a 686-class CPU. This decision was based on various factors, including the requirement for 64-bit atomics and the need to conform to industry standards, which have largely moved to i686 as a baseline.

FreeBSD 13.3-RELEASE Highlights

FreeBSD 13.3-RELEASE is the latest version in the 13-STABLE branch. It comes with enhancements, security patches, and updated features to improve the overall user experience and system stability. In this section, we will discuss the notable changes and improvements that FreeBSD 13.3 has to offer.

Upgrading from previous releases

Users upgrading from earlier versions of FreeBSD will find the transition smooth, with comprehensive documentation available to navigate the upgrade process. Consulting the release errata for any late-breaking issues or updates is advised before proceeding with the installation.

Userland configuration changes

  • TACACS+ Authentication: Enhancements to the libtacplus library improve POSIX shell syntax rule adherence, although special character handling within shared secrets may require additional attention for proper quoting or escaping.
  • Process Priority and Umask Configuration: Updates allow setting process priorities and umask values directly from ~/.login_conf, introducing more flexibility in process and file permission management.
  • Periodic Output and Security Reporting: Refinements in the reporting mechanisms used by periodic reduce the inclusion of unrelated content in administrative reports, making them more concise and relevant.

Userland application changes

  • Enhanced Utilities: The head and tail programs now consistently support -q (quiet) and -v (verbose) options, and numeric arguments can utilize SI suffixes for more intuitive usage.
  • LLVM objdump: The availability of the LLVM objdump utility offers an alternative to GNU objdump, with different output formats for some options, enriching the toolset for developers.

Contributed software

  • Authentication Library: The libfido2 library has been updated to version 1.13.0, reflecting FreeBSD’s commitment to supporting modern authentication technologies.
  • Compiler Upgrades: Significant updates to LLVM and the clang compiler to version 17.0.6 ensure that FreeBSD remains in step with current software standards and security practices.
  • sendmail has been upgraded to version 8.18.1. This version introduces stricter RFC compliance by default, particularly concerning line endings. This change aims to improve the interoperability and security of email transmission, although it may require adjustments for messages from non-compliant Mail Transfer Agents (MTAs).
  • OpenSSH has been updated to version 9.6p1. This upgrade includes several security fixes and enhancements, such as defaulting to generating Ed25519 keys with ssh-keygen and accurately preserving quoting of subsystem commands and arguments in sshd.

Kernel documentation enhancements

  • Kernel Documentation Changes: The introduction section to kernel programming interfaces in the documentation has been completely rewritten, offering clearer guidance for developers working within the FreeBSD kernel.

Devices and drivers

  • PCI MCFG Region Support: Enhanced support for multiple PCI MCFG regions on x86 systems facilitates PCI config access across different domains, improving hardware compatibility.
  • Ethernet Adapter Enhancements: Updates to the smsc driver enhance MAC address handling on Raspberry Pi systems, showcasing FreeBSD’s ongoing effort to improve hardware support on popular platforms.

Storage improvements

  • NFS Server in Vnet Jail: Running NFS server components in a vnet jail is now possible, expanding the flexibility of NFS deployments within FreeBSD’s jail infrastructure.
  • Kerberized NFS Mounts: A new syskrb5 mount option simplifies Kerberized NFSv4.1/4.2 mounts, eliminating the need for Kerberos credentials at mount time.

Networking

  • IPv6 RFC 4620 and pf Filter Rules: Default disabling of IPv6 RFC 4620 nodeinfo and optional pf filter rules for local packet delivery highlight FreeBSD’s adaptability to evolving network security and configuration needs.

On future releases and development strategy

As FreeBSD continues to evolve, the Project’s development strategy and roadmap for future releases reflect a commitment to embracing modern computing architectures while ensuring broad compatibility and support. FreeBSD 15.0 will mark a pivotal point in this journey, with several key decisions shaping the direction of the operating system:

  • Phasing Out 32-bit Platform Support: FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7, signaling a strategic shift towards focusing on 64-bit computing. The armv6, i386, and powerpc platforms are deprecated and slated for removal, though 64-bit systems will retain the capability to run older 32-bit binaries.
  • Tier 2 Architecture and armv7: The armv7 architecture is anticipated to be supported as a Tier 2 architecture in FreeBSD 15.0 and the stable/15 branch. However, there is an expectation that armv7 support may be discontinued in FreeBSD 16.0, with updates on the status of armv7 support to be provided around the time of the 15.0 release.
  • Continued Support for 32-bit Binaries and Applications: Despite the shift towards 64-bit platforms, FreeBSD will continue to support the execution of 32-bit binaries on 64-bit platforms through the COMPAT_FREEBSD32 option for at least the stable/15 and stable/16 branches. Moreover, the compilation of individual 32-bit applications will be supported in the stable/15 branch, ensuring compatibility with a broad range of software.
  • Ports and Package Infrastructure: Future releases, starting from FreeBSD 15.0, will not include support for building packages from ports for deprecated 32-bit platforms. This decision reflects the broader industry trend of moving away from 32-bit architectures and focuses development efforts on more widely used 64-bit platforms.
  • End of Life (EOL) for 32-bit Support: The stable/14 branch will retain support for 32-bit kernel and world, along with the ports system’s support for 32-bit systems, until it reaches end of life (EOL) five years after the release of FreeBSD 14.0. This timeline provides a transition period for users and developers relying on 32-bit platforms to migrate to supported architectures.
  • Community Feedback and Future Decisions: The FreeBSD Project acknowledges the importance of community feedback and committed efforts in shaping the support strategy for deprecated platforms. The community’s needs and contributions will inform decisions regarding extending support for certain platforms in FreeBSD 15.0 or later.

Conclusion

The FreeBSD 13.x series exemplifies the Project’s dedication to continuous improvement, security, and modernization. FreeBSD has consistently improved system robustness, security, and hardware compatibility, keeping up with and sometimes surpassing contemporary technological advancements in other operating systems. The 13.3-RELEASE version is a testament to FreeBSD’s unwavering commitment to meeting the evolving needs of its users, reinforcing its position as one of the top choices among open source operating systems.

References

For those interested in exploring the detailed evolution of FreeBSD through the 13.x series, the official FreeBSD documentation and release notes offer comprehensive insights into the advancements and improvements of each version. 

Also View: What’s New in FreeBSD 13.0 (Video)

Also Read: Why you should upgrade to FreeBSD 13.2 (Blog)