The features listed below are all available in the base system, which is compiled from a single source tree. NetBSD focuses on clean design and well architected solutions. Because of this NetBSD may support certain 'exciting' features later than other systems, but as time progresses the NetBSD codebase is getting even stronger and easier to manage, while other systems that value features over code quality are finding increasing problems with code management and conflicts. NetBSD supports a massive range of hardware platforms from a single source tree, including simultaneous release across all platforms, and continues to attract users and experienced developers despite lack of media exposure and commercial backing - all thanks to attention to code quality. While NetBSD uses the GNU toolchain (compiler, assembler, etc), and certain other GNU tools, the entire kernel and the core of the userland utilities are shipped under a BSD licence. This allows companies to develop products based on NetBSD without the requirement to make changes public (as with the GPL). While the NetBSD Project encourages companies and individuals to feed back changes to the tree, we respect their right to make that decision themselves. NetBSD makes the full source available, both the source code and the full CVS repository. Since everything is in the same source tree, you can always access any version of all files. We were not the first BSD to make a CVS repository available, but we were the only one to meticulously check every file and remove only those revisions that contained tainted USL code, rather than discarding every revision before an arbitrary date. NetBSD has the least number of security bugs reported in any public forums (such as bugtraq). We believe in security without the hype. We do manual code audits and add extended checking capabilities to our toolchain. Retrieval of kernel data is geared towards a sysctl based approach, as opposed to the traditional Unix based kmem access, which requires full access to the whole system, and is often exploited. The BSD codebase can be traced back to the early 80s at UC Berkeley, and has been open to public scrutiny ever since. NetBSD continues this tradition and works ever harder to promote clean design and functionality over hype. NetBSD is being used at NASA's Numerical Aerospace Simulation facility for a reason. Their main platforms are Alpha systems with lots of RAM and diskspace (terabyte and up), and they need a good, stable, codebase on which they can build custom projects. NetBSD was also the first free OS to make a y2k statement. See our testimonials for more success stories! Probably the only thing you won't get with NetBSD is the media hype. You'll need to get that somewhere else. NetBSD ships with an in-kernel packet filtering engine, allowing filtering of traffic based on interface, protocol, port, tos, ttl, source, destination and many other factors. Keeping this inside the kernel permits higher performance. Network Address Translation can permit a local network of machines to use one set of addresses internally, and a different set (or even single IP address) externally. This can be used for security or simple convenience reasons, and also includes a transparent FTP proxy. Again this is all kept inside the kernel for higher performance. NetBSD was the first free OS to provide a leading edge standards conforming IPv6 implementation, and we continue to work with the KAME project to track changes to the specification. NetBSD was also the first free operating system to ship with NFS via IPv6, for both client and server part. NetBSD provides complete in-kernel NFS client and server support, interoperable with other systems, for both NFS2 and NFS3 protocols. This includes support for swapping over NFS, and no arbitrary limits on the size of swap partitions. Client side file creation is correctly implemented as an atomic operation - on systems without this dot locking is not reliable. NetBSD supports the following network types: ARCnet ATM Ethernet FDDI HIPPI PPP - &man.pppd.8; SLIP - &man.slip.8; Token Ring In the process of ARCnet support the ARP subsystem was reworked to remove Ethernet dependencies and to be more generally applicable. NetBSD also supports the following network protocols: Appletalk - &man.atalk.4; ISO - &man.iso.4; TCP/IP (IPv4) - &man.ip.4; TCP/IP (IPv6) - &man.ip6.4; NetBSD also ships with many standard networking daemons, with built-in tcp wrappers support where appropriate, including &man.bootparamd.8;, &man.bootpd.8;, &man.dhcpd.8;, &man.ftpd.8;, &man.identd.8;, &man.mopd.8;, &man.named.8;, &man.postfix.1;, &man.rarpd.8;, &man.rbootd.8;, &man.sshd.8;, &man.tftpd.8;, and &man.xntpd.8;. NetBSD supports a long list of IEEE 802.11 based wireless networking devices, see &man.an.4;, &man.ath.4;, &man.atu.4;, &man.atw.4;, &man.awi.4;, &man.cnw.4;, &man.ral.4;, &man.ray.4;, &man.rtw.4;, &man.rum.4;, &man.wi.4;, &man.wpi.4;, and &man.zyd.4;. NetBSD is designed to take advantage of the latest high end hardware available in Alpha, PowerPC, and PC systems, while still retaining support for older architectures. This is all done from the same source tree and is only possible due to the emphasis on correct design and clean code. It also makes NetBSD an ideal codebase to port to new machines and embedded platforms, such as mips, ARM and Super-H based handheld Windows CE devices. The NetBSD Operating System is highly portable and many of the supported hardware platforms are suited for embedded applications. Read more about NetBSD on Embedded Systems In addition to many standalone SCSI RAID devices, NetBSD supports a variety of RAID controllers and a complete software RAID 0, 1, 4, 5, and 6 system in RAIDframe. (More details) Many recent PCI IDE controllers support high speed DMA transfers. NetBSD is one of the few systems to take advantage of these features 'out of the box'. Due to NetBSD's clean design the same drivers and features are available on alpha, i386, macppc and sparc64. NetBSD implements a unified SCSIPI subsystem, avoiding code duplication and allowing a common userland SCSI and ATAPI interface for many devices. As a direct result of this, when ATAPI CD-R units became available existing tools such as sysutils/cdrtools worked with them without any need for modification. NetBSD has shipped with 64-bit file systems since the 1.0 release in October 1994. Under NetBSD berkeley fast file systems can be up to 4TB (4096GB) in size, on both 64- and 32-bit machines. Files and user file quotas can also reach terabytes. Many other systems limit filesize to 4GB on 32-bit machines. An ffs can have up to 2^31 fragment blocks - the maximum file system size is dependent on the fragment size:

Frag size	fs size
512 bytes	1 TB
1kB	2 TB
2kB	4 TB

NetBSD fully supports IDE disks of over 34GB in size, including booting from partitions beyond 8GB (where the BIOS permits). Starting with release 1.6, NetBSD can also use 48-bit logical block addresses (ATA-6 Expanded Addressing) in order to access disks with sizes greater than 137GB. Soft Updates permit metadata writes to be ordered to achieve close to asynchronous disk performance without risk of metadata corruption. This significantly improves the performance of FFS file systems. (More details) NetBSD can handle and manipulate many different file systems, which is useful for both data exchange and binary compatibility. Systems can also optionally mount file systems writing with opposing byte ordering. Note that unlike some other systems NetBSD imposes metadata write ordering, allowing &man.fsync.2; to be used to avoid important data loss in the event of power failure, even on ext2fs. ffs (Berkeley Fast File System) - both the latest 64-bit FFS, including soft updates, and the older 32-bit FFS used by some vendors (SunOS, Ultrix, etc). lfs (Log-structured File System) - LFS is designed to allow safe asynchronous file creation, fast file writes without intervening head seek and near-instantaneous crash recovery. This is a more completely log structured form of 'Journaled' file systems such as IRIX's XFS, Reiserfs, Microsoft's NTFS, IBM's JFS, and similar file systems in Netware and Unixware. (More details). tmpfs (an efficient memory file system) iso9660 (Standard CD file system, supports Rockridge and Joliet extensions). msdosfs (Windows, MS-DOS, and Atari TOS) - including long filenames, FAT32 and VFAT. ntfs (Windows NT native file system) ext2fs (Linux extended file system). ados (AmigaDOS file system). filecorefs (Acorn RISC OS file system). NetBSD also has a range of virtual file system types, including: kernfs - access kernel information nullfs - for loopback mounts portal - portal daemon file system procfs - access process information umapfs - automatically remap uids and gids unionfs - attaches a directory in such a way that the contents of both directory trees remain visible. This can be used to mount a writable file system over a CD-ROM. Starting with version 4.0, NetBSD provides the &man.puffs.3; framework for creating file systems as userspace servers. This opens a myriad of possibilities, like developing new filesystems in userspace for comfortable testing, or representing userspace functionality as a filesystem (such as a SSH filesystem). NetBSD 5.0 will also include the refuse library, which provides a FUSE-like interface. With refuse, many FUSE filesystems can run on top of &man.puffs.3;. You can find more information about puffs and refuse on our Filesystems in userspace page. NetBSD supports large capacity DVD drives for reading data in the common DVD file systems available nowadays. NetBSD provides transparent disk encryption through the &man.cgd.4; driver. &man.cgd.4; acts as a logical device that is layered on top of another block device, such as a physical disk partition or a &man.vnd.4; pseudo device. &man.cgd.4; currently supports the AES, 3DES, and Blowfish ciphers in CBC mode. An extensive introduction to &man.cgd.4; is included in the NetBSD Guide. The NetBSD Packages Collection, pkgsrc, provides easy source or binary installation of a large number of third party applications. It includes all the essentials such as meta-pkgs/kde3, meta-pkgs/gnome, www/firefox, www/apache2, lang/perl5, net/samba, misc/openoffice, graphics/gimp, and more. Features include: Easy install from local or remote binary packages, including automated download of any required packages. Handles fixed and wildcard dependencies both when building from source and installing binary packages. Allows automated installation for tools that cannot be redistributed in binary or source form. Provides an infrastructure designed to keep the information required to build each package both shorter and easier to maintain than in other package systems. Follows the concept of "pristine source", allowing both easy incorporation of local or 3rd party patches as well as submitting changes back to package authors. Includes built-in support for the internal structure of many common source distributions like Imakefiles, GNU autoconf, ..., reducing the need for complicated package specific build rules. Pkgsrc was derived from FreeBSD's 'ports' system, but has been substantially enhanced. A clean separation of chipset drivers from bus attach code, and implementation of a MI &man.bus.space.9; and &man.bus.dma.9; framework has the following advantages: Simplifies porting to new hardware. Reduces the size of a kernel - devices which use same controller share the same driver, and only the necessary bus dependent parts (isa/eisa/pci/pcmcia/sbus/cardbus...) are included. Device drivers (including 32-bit pci devices) are ready for 64-bit physical memory. (Unlike many other systems). Bounce buffer support is unnecessary on the machines which have appropriate hardware (eg. sparc, nearly all alpha), and where needed it is a function of the bus code, not each individual driver. In a similar fashion to the SCSI subsystem, NetBSD has a generic audio layer which attaches to the individual chipset drivers. This gives significantly more consistency and code sharing than other free OS projects. NetBSD has fully featured in-kernel debugger (DDB), much more advanced than some other systems 'SysRQ' type features. Supports kernel crash dumps to ease kernel debugging. Strict consistency check - if a null pointer is accessed by the kernel it will either drop into DDB, or crashdump and reboot to avoid running with potentially corrupted data. NetBSD's unique binary compatibility protects users' investment in existing applications by in kernel support for non-native binaries (for the same processor) to run transparently. Systems include: BSD/OS (i386) Darwin (macppc) FreeBSD (i386) HP-UX (m68k) IRIX (sgimips) Linux (i386, m68k, alpha, powerpc, mips, arm) OSF1/Digitial UNIX/Tru64 (alpha) SCO/iBCS2 (i386) Solaris and SVR4 (sparc, sparc64, i386, m68k) SunOS 4 (sparc, sparc64, m68k) ULTRIX (mips, vax) The package system includes many emulators, including emulators/bochs - i386 machine emulator emulators/ia64sim - IA64 (Intel(R) Architecture 64) emulators/qemu - a generic processor emulator using dynamic translation emulators/spim - MIPS R2000 Simulator emulators/uae - Amiga emulators/wine - Windows emulator emulators/xcopilot - PalmPilot emulators/xmame - Many old arcade and console machines See also supported file systems. NetBSD was the first free OS to provide USB support, and was using USB on Apple Power Macintosh machines before Apple had Mac OS X even booting. The USB support is available on all appropriate platforms, including alpha, i386, and macppc. Supported devices include mice, keyboards, modems, and mass storage devices (ZIP), with more drivers becoming available as the USB standard develops. Well designed and robust support for ISA PnP (Plug'n'play) devices. Raw device access. UVM is a new virtual memory system specifically designed to provide the I/O and IPC (Inter Process Communication) systems with a range of flexible data movement mechanisms. UVM completely replaces the Mach based 4.4BSD VM system, improving virtual memory performance over other VM systems. (More details) Support for the 'cardbus' PC-card and PCMCIA sockets found in modern laptops is available, including hot-swapping, power management and detaching of devices. The &man.wscons.4; driver provides support for machine independent access to the console. It is composed of a number of cooperating modules, in particular: hardware support for display adapters, keyboards and mice, see &man.wsdisplay.4;, &man.wskbd.4;, and &man.wsmouse.4;. terminal emulation modules, such as vt100 and sun. compatibility options to support control operations and other low-level behaviour of existing terminal drivers. NetBSD was the first free OS to support a 64-bit architecture such as the alpha, and still supports more alpha models than any other. The entire source tree has been 64-bit clean for some time, and the package system includes patches to make many third party applications 64-bit clean. Starting with version 2.0, NetBSD supports non-executable mappings on many platforms. If non-executable mappings are enabled, parts of the stack and heap are made non-executable when they are marked writable. This makes exploiting potential buffer overflows harder. We have a seperate page with more detailed information about this subject. Starting with NetBSD 4.0, the NetBSD kernel uses an extensive authorization framework, &man.kauth.9;. In contrast to earlier NetBSD versions, where the access control policy was mostly hard-coded in the kernel following traditional Unix and BSD semantics, every authorization-related decision is now passed to the &man.kauth.9; framework. This allows for the implementation of new security models, either as part of the base system or as LKMs, and modification of the traditional 4.4BSD/NetBSD security model.