This course will provide a firm background in the kernel services and I/O structure of the FreeBSD kernel. The course will cover basic kernel services, locking, process structure, scheduling, signal handling, jails, capsicum sandboxing, and virtual and physical memory management. The kernel I/O structure will be described showing how I/O is multiplexed, disks are managed, special devices are configured, and system virtualization is done. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as the implementation of device drivers.

Morning - Kernel Overview

• * Process structure
• * Locking
• * Communications
• * Process Groups and Sessions
• * Jails
• * Scheduling
• * Signals and timers
• * Virtual memory management

Afternoon - Kernel I/O structure

• I/O data structures
• Disk Management
• Multiplexing I/O
• Autoconfiguration strategy
• Configuration of a device driver

This course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using a UNIX-like system. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays).

Prior to taking the course, students are recommended to obtain a copy of the course text: Marshall Kirk McKusick, George Neville-Neil, and Robert N. M. Watson, ‘‘The Design and Implementation of the FreeBSD Operating System’’, Second Edition, Pearson Education, Boston, MA September 2014, ISBN-13: 978-0-321-96897-5, ISBN-10: 0-321-96897-2.

Marshall Kirk McKusick

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.

Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will teach the principles and hands-on operation of the extensive network tools available on OpenBSD and sister operating systems. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.

Topics covered include

• The basics of and network design and taking it a bit further
• Building rulesets best pracitces, avoiding common pitfalls in firewall rule construction.
• Keeping your configurations readable and maintainable
• Filtering, diversion, redirection, Network Address Translation
• Handling services that require proxying (ftp-proxy and others)
• Address tables and daemons that interact with your setup through them
• The whys and hows of network segmentation, DMZs and other separation techniques
• Tackling noisy attacks and other pattern recognition and learning tricks
• Annoying spammers with spamd
• Basics of and not-so basic traffic shaping
• Monitoring your traffic
• Redundancy of PF firewalls using PF sync + CARP + Ifstated
• Troubleshooting: Discovering and correcting errors and faults
• Your network and its interactions with the Internet at large
• Common mistakes in internetworking and peering
• Keeping the old IPv4 world in touch with the new of IPv6
• Using PF and OpenBGPd together to implement an automated, distributed implementation of PF policies

Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.

Participants should bring a laptop, the format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.

This session is an evolutionary successor to previous sessions. Slides for previous PF tutorial sessions are up at https://home.nuug.no/~peter/pftutorial/, to be updated with the present version when the session opens.

Peter N. M. Hansteen, Senior Technical Specialist at Tietoevry. Author of The Book of PF (https://nostarch.com/pf3), occasional blogger (https://bsdly.blogspot.com) and lecturer on IT security with a strong preference for OpenBSD.

Massimiliano Stucchi, Technical Advisor at The Internet Society, IPv6 enthusiast, frequent lecturer on network security and IPv6 matters.

Tom Smyth, CTO Wireless Connect Ltd. ISP Network operator and security consultant.