!! FreeBSD 10.x 

!Web 認証ツール
 pfSense

!FreeBSD-10 の Tips 
 ProLiant Gen9 以降は FreeBSD10.3 以降を利用の事
 [2016-JUN-01] FreeBSD R10.3では x2apicを offにする必要はなくなりました。
https://www.hpe.com/jp/ja/servers/bsd/faq/freebsd-answer.html

! ディスクの使用量
 FreeBSD 10.2 パーティションの使用量
 未使用の場合
 /          : 2.1G
 /usr/src   : 1.9G ( freebsd のソース )
 /usr/obj   : 3.3G ( buildworld した場合 )
 /usr/ports : 2.1G + 3G 程度（コンパイルするとき)
 
 /usr/local のサイズ
 /var のサイズ
 
 1パーティションで作成の場合には 24G+4G(SWAPサイズ) 30G 程度？？ 
 
 Buildworld,BuildKernel ＆ Portsをビルドした後 ( /root/bin/mkisoimages.sh した後）
 Filesystem     Size    Used   Avail Capacity  Mounted on
 /dev/ada0p2     46G     26G     17G    61%    /
 + Swap + Home
----
 ifconfig re0 media 1000baseTX mediaopt full-duplex
----
 FreeBSDルータの通信速度が遅いと感じたら、LRO, TSOオプションをオフにしてみよう
 /etc/rc.confのネットワークインターフェイスを設定する行にLRO, TSOを無効化する指示(-lro -tso)を追加
 ifconfig_vtnet0="inet <IPアドレス> netmask <ネットマスク> -lro -tso"
 
----
! FB10 -> FB11 upgrade
 Upgrading from FreeBSD 11.0-RELEASE
 
    # : > /usr/bin/bspatch
    # freebsd-update fetch
    # freebsd-update install
     
 Upgrading from FreeBSD 10.3-RELEASE and Earlier
 
    # : > /usr/bin/bspatch
    ## freebsd-update upgrade -r 11.0-RELEASE
    ## freebsd-update upgrade -r 11.1-RELEASE
    # #  nohup freebsd-update -r 11.3-RELEASE upgrade
    # freebsd-update -r 11.3-RELEASE upgrade
    # freebsd-update install
 
    <reboot the system>
    # freebsd-update install
    <rebuild third-party software>
    # freebsd-update install
    <Package UPdate>
    # pkg upgrade -y
    < erace old so files >
    # freebsd-update install

 FreeBSD-UPgrade PROXY use
 # # env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update upgrade -r 11.1-RELEASE
 # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 11.4-RELEASE   
 # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
 < Reboot>
 # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install 
 
 # env HTTP_PROXY="http://127.0.0.1:18080" pkg bootstrap -f
 
 # env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
 <  >
 #  env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
      
 # setenv HTTP_PROXY "http://proxy.ne.jp:8080"
 # setenv HTTP_PROXY_AUTH "basic:*:userid:password"
 # setenv HTTP_PROXY "http://userid:password@proxy.ne.jp:8080"
 # setenv HTTP_TIMEOUT 1800

 SCREEN command で復旧する
 $ screen ssh stepserver 
 $   << ctrl+a d >> ( ctrl+a の後に d ) [にてデタッチ]
     ーSSHに再接続したら，"screen -ls " で復帰したい画面を選ぶことができます。
 $ssh remote
 screen freebsd-update upgrade -r 11.1-RELEASE
 $
 << ctrl+a d >>  で接続解除
 $
 $ ssh remote
 $ screen -ls
 There are several suitable screens on:
    12762.pts-4.user    (12/15/2016 07:05:42 PM)    (Detached)
 $ screem -r 

----
!ports の管理
 pkg install rsync
 pkg install portsnap
 pkg install subversion
 pkg install portupgrade
 pkg install python2
 pkg install python3
 #
 # env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid
 # env HTTP_PROXY="http://192.168.100.10:18080" pkg install net-snmpd
 # env HTTP_PROXY="http://192.168.100.10:18080" pkg install apcupsd
 # env HTTP_PROXY="http://192.168.110.80:8080" pkg install py27-sqlite3
 
 初回
 portsnap fetch
 portsnap extract
 
 2回目移行
 portsnap fetch
 portsnap update
 ## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch
 ## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update
 #
 ## rm /var/db/portsnap/tag           # アップデートがうまく行かないばあい
 # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract &
 # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update &
 
 pkg version -vL=
 portupgrade -rR apache
 # X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 )

----
!src の管理
 # cd /usr/src
 # rm -rf *
 # svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src
 # # mv /usr/src /usr/src.bak  1
 # # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src  
 #
 # cd /usr/src
 # svn update /usr/src
 cd /usr/src
 make update SVN_UPDATE=yes
----
! /proc を使う
詳しくは
FB-tips
を

 /etc/fstab に以下を追加 
 proc                /proc           procfs  rw,noauto       0       0

 一時的に使う場合には 
 ## mount /proc
 # mount -t procfs proc /proc
----
! 一つの Ether-net device に複数の IP を割り当てる
 > ifconfig em0 alias 172.29.0.1 netmask 255.255.255.0
----
! CPU の温度を測る
 /boot/loader.conf に
 ## amdtemp_load="YES"
 coretemp_load="YES"
 を追加 ( どちらにするかは試す事 )
確認方法
 # sysctl -a | grep temperature
 
 # sysctl -a | grep temperature 
 hw.acpi.thermal.tz1.temperature: 29.8C
 hw.acpi.thermal.tz0.temperature: 27.8C
 dev.cpu.1.temperature: 43.0C
 dev.cpu.0.temperature: 45.0C

! NTFS のマウント
 $ kldload fuse
 $ dmesg
 ....
 fuse-freebsd: version 0.4.4, FUSE ABI 7.8

 $ cat /etc/rc.conf
 ...
 fuse_load="YES"
 ...

 How to mountting
 $ ntfs-3g -oro /dev/sda0s2 /mnt/ntfs
 $ mount | grep ntfs
 ## 基本的には コマンドでマウントする もし自動でするのであれば
 #### mount_ からプログラム名が始まっていないので、fstab に記載するには
 #### mount_ntfs から  ntfs-3g へシンボリックリンクを作る必要がある。

!Release ISO の作成
FB-bootdvd
にまとめた

----
ベンチマークpolygraph1.3.1
----
! /boot/loader.conf
 #RELOAD is
 # service sysctl restart
 #
 # amdtemp_load="YES"
 coretemp_load="YES"
 # Accept filters for data, http and DNS requests
 # Useful when your software creates process/thread on each request (i.e. apache)
 # Note: DNS accf available on 8.0+
 # Note: In case of badly written software this can increase performance, 
 # but I still would recommend against using accept filters in production because of
 # their opacity - they really break abstractions. Also it's not trivial to debug/monitor
 # their state.
 #accf_data_load="YES" 
 #accf_http_load="YES"
 #accf_dns_load="YES"
 
 # Async IO system calls
 aio_load="YES"
 
 #  Linux specific devices in /dev
 # As for 8.1 it only /dev/full 
 #lindev_load="YES"
 
 # Adds NCQ support in FreeBSD
 # WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
 # 8.0+ only
 #ahci_load="YES"
 #siis_load="YES"
 
 # FreeBSD 9+
 # New Congestion Control for FreeBSD
 cc_htcp_load="YES"
 #cc_cubic_load="YES"
 
 # Increase kernel memory size to 3G. 
 #
 # Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM 
 # Otherwise panic will happen on next reboot!
 #
 # It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
 # Useful on highload stateful firewalls, proxies or ZFS fileservers
 # (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
 #vm.kmem_size="3G"
 
 # If you have really busy forking webserver (i.e. apache13) you may run out of processes
 #kern.maxproc=10000
 
 # If your server has lots of swap (>4Gb) you should increase following value
 # according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009-October/029616.html
 # Otherwise you'll be getting errors
 # "kernel: swap zone exhausted, increase kern.maxswzone"
 #kern.maxswzone="256M" 
 
 # Older versions of FreeBSD can't tune maxfiles on the fly
 #kern.maxfiles="200000"
 
 # Useful for databases 
 # Sets maximum data size to 1G
 # (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
 #kern.maxdsiz="1G"
 
 # Maximum buffer size(vfs.maxbufspace)
 # You can check current one via vfs.bufspace
 # Should be lowered/upped depending on server's load-type
 # Usually decreased to preserve kmem
 # (default is 10% of mem)
 #kern.maxbcache="512M"
 
 # Sendfile buffers
 # Note: i386 only
 #kern.ipc.nsfbufs=10240
 
 # syncache tuning
 net.inet.tcp.syncache.hashsize=32768
 net.inet.tcp.syncache.bucketlimit=32
 net.inet.tcp.syncache.cachelimit=1048576
 
 # Send RST on listen queue overflow / memory shortage. 
 # Hosts behind Load-Balancer should set it to 1 to fail fast.
 # Hosts facing clients should set it to 0 for client to retry connection.
 #net.inet.tcp.syncache.rst_on_sock_fail=0
 
 # Increased hostcache
 # Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl
 # Very useful for it's RTT RTTVAR
 # Must be power of two
 net.inet.tcp.hostcache.hashsize=65536
 # hashsize * bucketlimit (which is 30 by default)
 # It allocates 255Mb (1966080*136) of RAM
 net.inet.tcp.hostcache.cachelimit=1966080
 
 # TCP control-block Hash table tuning
 # See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd
 net.inet.tcp.tcbhashsize=524288
 
 # Disable ipfw deny all
 # Should be uncommented when there is a chance that
 # kernel and ipfw binary may be out-of sync on next reboot
 #net.inet.ip.fw.default_to_accept=1
 
 #
 # SIFTR (Statistical Information For TCP Research) is a kernel module that
 # logs a range of statistics on active TCP connections to a log file.
 # See prerelease notes:
 # http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6cdce76e4
 # and man 4 sitfr
 #siftr_load="YES"
 
 # Enable superpages, for 7.2+ only
 # See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html
 vm.pmap.pg_ps_enabled=1
 
 # Useful if you are using Intel-Gigabit NIC
 #hw.em.rxd=4096
 #hw.em.txd=4096
 #hw.em.rx_process_limit="-1"
 #  Also if you have A LOT interrupts on NIC - play with following parameters
 # NOTE: You should set them for every NIC
 #dev.em.0.rx_int_delay: 250
 #dev.em.0.tx_int_delay: 250
 #dev.em.0.rx_abs_int_delay: 250
 #dev.em.0.tx_abs_int_delay: 250
 # There is also multithreaded version of em/igb drivers that can be found here:
 # http://people.yandex-team.ru/~wawa/
 #
 # for additional em monitoring and statistics use 
 # sysctl dev.em.0.stats=1 ; dmesg
 # sysctl dev.em.0.debug=1 ; dmesg
 # Also after r209242 (-CURRENT) there is a separate sysctl for each stat  variable;   
 # Same tunings for igb
 #hw.igb.rxd=4096
 #hw.igb.txd=4096
 #hw.igb.rx_process_limit=100
 
 # Some useful netisr tunables. See sysctl net.isr
 #net.isr.maxthreads=4
 #net.isr.defaultqlimit=10240
 #net.isr.maxqlimit=10240
 # Bind netisr threads to CPUs
 #net.isr.bindthreads=1
 
 #
 # FreeBSD 9.x+
 # Increase interface send queue length
 # See commit message http://svn.freebsd.org/viewvc/base?view=revision&revision=207554
 net.link.ifqmaxlen=1024
 
 # IPC prametor
 kern.ipc.msgmnb=8192
 kern.ipc.msgssz=64
 kern.ipc.msgtql=2048
 
 # Nicer boot logo =)
 loader_logo="beastie"

!sysctl.conf
 # $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
 #
 # Ensure ZFS uses 4k block size
 vfs.zfs.min_auto_ashift=12
 kern.ipc.somaxconn=2048
 # set to at least 16MB for 10GE hosts
 kern.ipc.maxsockbuf=16777216
 # socket buffers
 net.inet.tcp.recvspace=4194304
 net.inet.tcp.sendspace=2097152
 net.inet.tcp.sendbuf_max=16777216
 net.inet.tcp.recvbuf_max=16777216
 net.inet.tcp.sendbuf_auto=1
 net.inet.tcp.recvbuf_auto=1
 net.inet.tcp.sendbuf_inc=16384
 net.inet.tcp.recvbuf_inc=524288
 # security
 security.bsd.see_other_uids=0
 security.bsd.see_other_gids=0
 # drop UDP packets destined for closed sockets
 net.inet.udp.blackhole=1
 # drop TCP packets destined for closed sockets
 net.inet.tcp.blackhole=2
 # ipfw
 net.inet.ip.fw.verbose_limit=3
 # H-TCP congestion control algorithm
 net.inet.tcp.cc.algorithm=htcp
 # maximum incoming and outgoing IPv4 network queue sizes
 net.inet.ip.intr_queue_maxlen=2048
 net.route.netisr_maxqlen=2048

!Tips
https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning

!passwd の移行
 master.passwd を
 > pwd_mkdb -p /etc/master.passwd
 実行
----
!　FreeBSD チーミング
https://www.infraexpert.com/study/etherchannel1.html

https://www.cyberciti.biz/faq/freebsd-network-link-aggregation-trunking/

https://bompopo.wordpress.com/2012/01/25/freebsd-lagg%E3%81%AB%E3%82%88%E3%82%8B%E3%83%81%E3%83%BC%E3%83%9F%E3%83%B3%E3%82%B0%E8%A8%AD%E5%AE%9A/

https://qastack.jp/server/64356/freebsd-performance-tuning-sysctl-parameter-loader-conf-kernel

https://wiki.freebsd.org/NetworkPerformanceTuning

https://calomel.org/freebsd_network_tuning.html
----