Difference between revisions of "Bering-uClibc 7.x"
(→Main Features) |
(→Version Changelog) |
||
(47 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | =WARNING: '''Work in progress, the doc. is not complete'''= | ||
+ | |||
==Overview== | ==Overview== | ||
− | [[Bering-uClibc]] is | + | [[Bering-uClibc]] is a currently active and maintained branch of the [[LEAF]] (Linux Embedded Appliance Framework) project, delivering on LEAF's ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Its primary goal is to be used as an <u>Internet Firewall</u>, but also in other ways like router, BRAS, wireless access point, etc ... |
+ | |||
+ | ===History=== | ||
+ | |||
+ | If you are new to LEAF, you might be interested to know that the [https://en.wikipedia.org/wiki/LEAF_Project LEAF Project] is a collection of Linux distributions that began as a fork from the Linux Router Project (LRP) "linux-on-a-floppy" distribution. [https://en.wikipedia.org/wiki/Linux_Router_Project LRP] was conceived and primarily developed by Dave Cinege from 1997 until 2002 but went defunct. Fortunately it didn't stay dead long as a group of [http://leaf.sourceforge.net/devel/ collaborators], realizing it's potential, revived it and made it evolve to it's [http://leaf.sourceforge.net/images/pagemaster/release-branch-flow.png present day state]. | ||
+ | |||
+ | LRP was designed to be an affordable alternative to expensive Cisco routers, as it was aiming for small business and home usage. At the time, all you needed was an Intel486 and two network cards (NIC), and you could move traffic between two networks, in our case that would be between the malicious Internet and your vulnerable internal lan. This is what LEAF does too nowadays, although it can use much more modern and optimized, but still relatively inexpensive, multi NICs platforms. There is a plethora of mini PC available today, [https://www.pcengines.ch/ pcengines] is a well tested platform, and have look at [https://www.pinterest.ie/pin/758012181015359923/?amp_client_id=CLIENT_ID(_)&mweb_unauth_id=&_url=https%3A%2F%2Fwww.pinterest.ie%2Famp%2Fpin%2F758012181015359923%2F&_expand=true these]... In any cases, if you are not yet ready to spend too much money, you can still use any old Intel motherboards with "at least" two NICs. | ||
− | = | + | ===References=== |
− | == | + | |
==Main Features== | ==Main Features== | ||
Line 10: | Line 17: | ||
* Easy-to-use | * Easy-to-use | ||
** USB bootable images of a basic working firewall system | ** USB bootable images of a basic working firewall system | ||
+ | ** Web browser access for quick and easier configuration, the traditional '''vga''' or '''serial''' display console is not required | ||
** Hardware detection during boot, necessary modules enabling the hardware will be loaded automatically. | ** Hardware detection during boot, necessary modules enabling the hardware will be loaded automatically. | ||
** Load modules when needed for various Packages - e.g. netfilter modules for <code class="filename">shorewall[6]</code>. | ** Load modules when needed for various Packages - e.g. netfilter modules for <code class="filename">shorewall[6]</code>. | ||
Line 16: | Line 24: | ||
* Targeted to run on industry standard devices even with non-x86 processors.[[Image:Bering-uClibc_5.0-prealpha_armv5.png|center|frame|alt=QEMU ARM Screenshot|Bering-uClibc 5.0-prealpha running on an emulated ARM processor]] | * Targeted to run on industry standard devices even with non-x86 processors.[[Image:Bering-uClibc_5.0-prealpha_armv5.png|center|frame|alt=QEMU ARM Screenshot|Bering-uClibc 5.0-prealpha running on an emulated ARM processor]] | ||
* Designed to perform well on relatively low-specification hardware. In particular: | * Designed to perform well on relatively low-specification hardware. In particular: | ||
− | ** | + | ** One of it's most important feature, the system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings. |
** The [http://uclibc-ng.org/ uClibc-ng] C library is used in place of the [http://www.gnu.org/software/libc/libc.html GNU C Library] since uClibc-ng is much smaller in size. | ** The [http://uclibc-ng.org/ uClibc-ng] C library is used in place of the [http://www.gnu.org/software/libc/libc.html GNU C Library] since uClibc-ng is much smaller in size. | ||
** Considerable use is made of [http://www.busybox.net/ BusyBox] utilities as replacements for larger applications. | ** Considerable use is made of [http://www.busybox.net/ BusyBox] utilities as replacements for larger applications. | ||
* Focussed on providing excellent networking facilities. | * Focussed on providing excellent networking facilities. | ||
* Designed to have high fault tolerance: | * Designed to have high fault tolerance: | ||
− | ** There are no writes on HDD/flash during | + | ** There are no writes on HDD/flash during execution since all the codes run in RAMs (except saving configurations during maintenance) - so a power failure will not break file system. Especially true for fragile SD cards... |
** Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before. | ** Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before. | ||
** Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router. | ** Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router. | ||
Line 32: | Line 40: | ||
'''Bering-uClibc 7.0.0''' provides in particular: | '''Bering-uClibc 7.0.0''' provides in particular: | ||
* gcc update to 8.3.0 | * gcc update to 8.3.0 | ||
− | * The Linux kernel has been upgraded to 5 | + | * The Linux kernel has been upgraded to 5.4.x |
− | * The uClibc library has been upgraded to uClibc-ng 1.0. | + | * The uClibc library has been upgraded to uClibc-ng 1.0.35 |
* syslog-ng has been replaced by rsyslog | * syslog-ng has been replaced by rsyslog | ||
+ | |||
+ | Version 7.0.0 was released in November 2020. | ||
+ | |||
+ | Version 7.0.1 was released in December 2020. | ||
+ | |||
+ | Version 7.0.2 was released in February 2021. | ||
+ | |||
+ | Version 7.0.3 was released in July 2021. | ||
+ | |||
+ | '''Bering-uClibc 7.1.0''' provides in particular: | ||
+ | * gcc update to 9.4.0 | ||
+ | * The Linux kernel has been upgraded to 5.10.x | ||
+ | * The uClibc library has been upgraded to uClibc-ng 1.0.38 (1.0.40 with version 7.1.2) | ||
+ | |||
+ | Version 7.1.0 was released in August 2021. | ||
+ | |||
+ | Version 7.1.1 was released in December 2021. | ||
+ | |||
+ | Version 7.1.2 was released in February 2022. | ||
+ | |||
+ | Version 7.1.3 was released in June 2022. | ||
+ | |||
+ | '''Bering-uClibc 7.2.0''' provides in particular: | ||
+ | * The Linux kernel has been upgraded to 5.15.x | ||
+ | * The uClibc library has been upgraded to uClibc-ng 1.0.42 | ||
+ | |||
+ | Version 7.2.0 was released in Dec 2022. | ||
+ | |||
+ | Version 7.2.1 was released in Mar 2023. | ||
+ | |||
+ | Version 7.2.2 was released in May 2023. | ||
+ | |||
+ | Version 7.2.3 was released in Oct 2023. | ||
+ | |||
+ | '''Bering-uClibc 7.3.0''' provides in particular: | ||
+ | * The Linux kernel has been upgraded to 6.1.x | ||
+ | * The uClibc library has been upgraded to uClibc-ng 1.0.45 | ||
+ | |||
+ | Version 7.3.0 was released 31. DEc 2023 | ||
===Version Changelog=== | ===Version Changelog=== | ||
* [[Bering-uClibc 7.0.x - Changelog]] | * [[Bering-uClibc 7.0.x - Changelog]] | ||
+ | * [[Bering-uClibc 7.1.x - Changelog]] | ||
+ | |||
+ | * [[Bering-uClibc 7.2.x - Changelog]] | ||
+ | |||
+ | * [[Bering-uClibc 7.3.x - Changelog]] | ||
+ | |||
+ | * [[Bering-uClibc 7.4.x - Changelog]] | ||
===Known Issues=== | ===Known Issues=== |
Latest revision as of 15:00, 28 August 2024
Contents
WARNING: Work in progress, the doc. is not complete
Overview
Bering-uClibc is a currently active and maintained branch of the LEAF (Linux Embedded Appliance Framework) project, delivering on LEAF's ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Its primary goal is to be used as an Internet Firewall, but also in other ways like router, BRAS, wireless access point, etc ...
History
If you are new to LEAF, you might be interested to know that the LEAF Project is a collection of Linux distributions that began as a fork from the Linux Router Project (LRP) "linux-on-a-floppy" distribution. LRP was conceived and primarily developed by Dave Cinege from 1997 until 2002 but went defunct. Fortunately it didn't stay dead long as a group of collaborators, realizing it's potential, revived it and made it evolve to it's present day state.
LRP was designed to be an affordable alternative to expensive Cisco routers, as it was aiming for small business and home usage. At the time, all you needed was an Intel486 and two network cards (NIC), and you could move traffic between two networks, in our case that would be between the malicious Internet and your vulnerable internal lan. This is what LEAF does too nowadays, although it can use much more modern and optimized, but still relatively inexpensive, multi NICs platforms. There is a plethora of mini PC available today, pcengines is a well tested platform, and have look at these... In any cases, if you are not yet ready to spend too much money, you can still use any old Intel motherboards with "at least" two NICs.
References
Main Features
The key characteristics of Bering-uClibc 7.x are:
- Based on a recent long-term release of the Linux Kernel.
- Easy-to-use
- USB bootable images of a basic working firewall system
- Web browser access for quick and easier configuration, the traditional vga or serial display console is not required
- Hardware detection during boot, necessary modules enabling the hardware will be loaded automatically.
- Load modules when needed for various Packages - e.g. netfilter modules for
shorewall[6]
. - Check for and receive updates with command line utility (
upgrade
) or Web GUI (webconf
) from the Packages repository.
- Targeted to run on industry standard devices even with non-x86 processors.
- Designed to perform well on relatively low-specification hardware. In particular:
- One of it's most important feature, the system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings.
- The uClibc-ng C library is used in place of the GNU C Library since uClibc-ng is much smaller in size.
- Considerable use is made of BusyBox utilities as replacements for larger applications.
- Focussed on providing excellent networking facilities.
- Designed to have high fault tolerance:
- There are no writes on HDD/flash during execution since all the codes run in RAMs (except saving configurations during maintenance) - so a power failure will not break file system. Especially true for fragile SD cards...
- Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before.
- Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router.
- Backup scripts will help to restore system state on storage failure/operator mistake.
Development History
Bering-uClibc 7.x is basically Bering-uClibc 6.x brought up to date with the latest versions of the main software components and with reworked toolchain.
Bering-uClibc 7.0.0 provides in particular:
- gcc update to 8.3.0
- The Linux kernel has been upgraded to 5.4.x
- The uClibc library has been upgraded to uClibc-ng 1.0.35
- syslog-ng has been replaced by rsyslog
Version 7.0.0 was released in November 2020.
Version 7.0.1 was released in December 2020.
Version 7.0.2 was released in February 2021.
Version 7.0.3 was released in July 2021.
Bering-uClibc 7.1.0 provides in particular:
- gcc update to 9.4.0
- The Linux kernel has been upgraded to 5.10.x
- The uClibc library has been upgraded to uClibc-ng 1.0.38 (1.0.40 with version 7.1.2)
Version 7.1.0 was released in August 2021.
Version 7.1.1 was released in December 2021.
Version 7.1.2 was released in February 2022.
Version 7.1.3 was released in June 2022.
Bering-uClibc 7.2.0 provides in particular:
- The Linux kernel has been upgraded to 5.15.x
- The uClibc library has been upgraded to uClibc-ng 1.0.42
Version 7.2.0 was released in Dec 2022.
Version 7.2.1 was released in Mar 2023.
Version 7.2.2 was released in May 2023.
Version 7.2.3 was released in Oct 2023.
Bering-uClibc 7.3.0 provides in particular:
- The Linux kernel has been upgraded to 6.1.x
- The uClibc library has been upgraded to uClibc-ng 1.0.45
Version 7.3.0 was released 31. DEc 2023
Version Changelog
Known Issues
Further Documentation
For further information see:
- Bering-uClibc 7.x - Developer Guide for Developers of new features or new application Packages.