Robert Watson's Wiki Page
Robert Watson has been a member of the FreeBSD Core Team, as well as a variety of other teams (Release Engineering, Security, etc), as well as founder of the TrustedBSD Project, and project lead on the SMP Network Performance project.
Personal 8.0 TODO
Done:
- Complete OpenBSM 1.1 and merge into the base FreeBSD tree.
- Add ifnet refcounting to close ioctl/management races with interface removal.
- Complete and merge 'netisr2' parallel network dispatch framework.
Synchronize many parts of the TrustedBSD MAC Framework to what was included in Mac OS X Leopard.
- DTrace probes for MAC Framework, privileges, VFS name cache, NFSv23 client RPCS + access cache + attribute cache.
- Remove IFF_NEEDSGIANT non-MPSAFE network driver compatibility framework, as well as un-updated drivers.
- Continue migrating the TrustedBSD MAC Framework towards more flexibility in terms of label management and avoiding leaking on labeled policy unload, with the hopes of reducing overhead on MAC to the point where it can be put in GENERIC.
- Contribute to testing, evaluating, and productionizing the results of the VImage project for virtualized network stacks (and other system services).
- ... and lots more before I started keeping this list.
Deferred:
- Per-CPU stats for most network statistics (KPI/KBI added for 8.0 so we can do this in 8.1)
In progress:
- Complete address list locking for the network stack. Evaluate rmlocks and other higher-performance synchronization models for frequently read and infrequently modified data structures.
Deferred for a future release:
- Design and implement a privilege API and fine-grained privilege model for the kernel, possibly based on past work on POSIX.1e for FreeBSD as part of TrustedBSD, the Solaris privilege model, and the Linux POSIX.1e-derived privilege model.
- Work on a fine-grained audit pipe subscription model so applications can request more specific events.
- Enable security audit by default with a login/logout selection profile by default.
- Implement breaking out inpcbinfo and related structures into hashed structures allowing reduced contention for UDP and TCP global locks as well as improved CPU locality.