Difference between revisions of "Bering-uClibc 7.x"

From bering-uClibc
Jump to: navigation, search
(Development History)
(Version Changelog)
 
(37 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
==Overview==
 
==Overview==
[[Bering-uClibc]] is one of the branches of the [[LEAF]] (Linux Embedded Appliance Framework) project, delivering on [[LEAF]]'s ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Although it can be used in other ways, its primary goal is as a Internet gateway, BRAS, router, firewall and wireless access point. The hardware running [[LEAF]] in these cases will require a minimum of 2 network interfaces.
+
[[Bering-uClibc]] is a currently active and maintained branch of the [[LEAF]] (Linux Embedded Appliance Framework) project, delivering on LEAF's ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Its primary goal is to be used as an <u>Internet Firewall</u>, but also in other ways like router, BRAS, wireless access point, etc ...
 +
 
 +
===History===
 +
 
 +
If you are new to LEAF, you might be interested to know that the [https://en.wikipedia.org/wiki/LEAF_Project LEAF Project] is a collection of Linux distributions that began as a fork from the Linux Router Project (LRP) "linux-on-a-floppy" distribution. [https://en.wikipedia.org/wiki/Linux_Router_Project LRP] was conceived and primarily developed by Dave Cinege from 1997 until 2002 but went defunct. Fortunately it didn't stay dead long as a group of [http://leaf.sourceforge.net/devel/ collaborators], realizing it's potential, revived it and made it evolve to it's [http://leaf.sourceforge.net/images/pagemaster/release-branch-flow.png present day state].
 +
 
 +
LRP was designed to be an affordable alternative to expensive Cisco routers, as it was aiming for small business and home usage. At the time, all you needed was an Intel486 and two network cards (NIC), and you could move traffic between two networks, in our case that would be between the malicious Internet and your vulnerable internal lan. This is what LEAF does too nowadays, although it can use much more modern and optimized, but still relatively inexpensive, multi NICs platforms. There is a plethora of mini PC available today, [https://www.pcengines.ch/ pcengines] is a well tested platform, and have look at [https://www.pinterest.ie/pin/758012181015359923/?amp_client_id=CLIENT_ID(_)&mweb_unauth_id=&amp_url=https%3A%2F%2Fwww.pinterest.ie%2Famp%2Fpin%2F758012181015359923%2F&amp_expand=true these]... In any cases, if you are not yet ready  to spend too much money, you can still use any old Intel motherboards with "at least" two NICs.
 +
 
 +
===References===
  
 
==Main Features==
 
==Main Features==
Line 16: Line 24:
 
* Targeted to run on industry standard devices even with non-x86 processors.[[Image:Bering-uClibc_5.0-prealpha_armv5.png|center|frame|alt=QEMU ARM Screenshot|Bering-uClibc 5.0-prealpha running on an emulated ARM processor]]
 
* Targeted to run on industry standard devices even with non-x86 processors.[[Image:Bering-uClibc_5.0-prealpha_armv5.png|center|frame|alt=QEMU ARM Screenshot|Bering-uClibc 5.0-prealpha running on an emulated ARM processor]]
 
* Designed to perform well on relatively low-specification hardware. In particular:
 
* Designed to perform well on relatively low-specification hardware. In particular:
** The system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings.
+
** One of it's most important feature, the system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings.
 
** The [http://uclibc-ng.org/ uClibc-ng] C library is used in place of the [http://www.gnu.org/software/libc/libc.html GNU C Library] since uClibc-ng is much smaller in size.
 
** The [http://uclibc-ng.org/ uClibc-ng] C library is used in place of the [http://www.gnu.org/software/libc/libc.html GNU C Library] since uClibc-ng is much smaller in size.
 
** Considerable use is made of [http://www.busybox.net/ BusyBox] utilities as replacements for larger applications.
 
** Considerable use is made of [http://www.busybox.net/ BusyBox] utilities as replacements for larger applications.
 
* Focussed on providing excellent networking facilities.
 
* Focussed on providing excellent networking facilities.
 
* Designed to have high fault tolerance:
 
* Designed to have high fault tolerance:
** There are no writes on HDD/flash during work (except saving configurations during maintenance) - so a power failure will not break file system.
+
** There are no writes on HDD/flash during execution since all the codes run in RAMs (except saving configurations during maintenance) - so a power failure will not break file system. Especially true for fragile SD cards...
 
** Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before.
 
** Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before.
 
** Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router.
 
** Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router.
Line 32: Line 40:
 
'''Bering-uClibc 7.0.0''' provides in particular:
 
'''Bering-uClibc 7.0.0''' provides in particular:
 
* gcc update to 8.3.0
 
* gcc update to 8.3.0
* The Linux kernel has been upgraded to 5,4.x
+
* The Linux kernel has been upgraded to 5.4.x
 
* The uClibc library has been upgraded to uClibc-ng 1.0.35
 
* The uClibc library has been upgraded to uClibc-ng 1.0.35
 
* syslog-ng has been replaced by rsyslog
 
* syslog-ng has been replaced by rsyslog
Line 39: Line 47:
  
 
Version 7.0.1 was released in December 2020.  
 
Version 7.0.1 was released in December 2020.  
 +
 +
Version 7.0.2 was released in February 2021.
 +
 +
Version 7.0.3 was released in July 2021.
 +
 +
'''Bering-uClibc 7.1.0''' provides in particular:
 +
* gcc update to 9.4.0
 +
* The Linux kernel has been upgraded to 5.10.x
 +
* The uClibc library has been upgraded to uClibc-ng 1.0.38 (1.0.40 with version 7.1.2)
 +
 +
Version 7.1.0 was released in August 2021.
 +
 +
Version 7.1.1 was released in December 2021.
 +
 +
Version 7.1.2 was released in February 2022.
 +
 +
Version 7.1.3 was released in June 2022.
 +
 +
'''Bering-uClibc 7.2.0''' provides in particular:
 +
* The Linux kernel has been upgraded to 5.15.x
 +
* The uClibc library has been upgraded to uClibc-ng 1.0.42
 +
 +
Version 7.2.0 was released in Dec 2022.
 +
 +
Version 7.2.1 was released in Mar 2023.
 +
 +
Version 7.2.2 was released in May 2023.
 +
 +
Version 7.2.3 was released in Oct 2023.
 +
 +
'''Bering-uClibc 7.3.0''' provides in particular:
 +
* The Linux kernel has been upgraded to 6.1.x
 +
* The uClibc library has been upgraded to uClibc-ng 1.0.45
 +
 +
Version 7.3.0 was released 31. DEc 2023
  
 
===Version Changelog===
 
===Version Changelog===
 
* [[Bering-uClibc 7.0.x - Changelog]]
 
* [[Bering-uClibc 7.0.x - Changelog]]
  
 +
* [[Bering-uClibc 7.1.x - Changelog]]
 +
 +
* [[Bering-uClibc 7.2.x - Changelog]]
 +
 +
* [[Bering-uClibc 7.3.x - Changelog]]
 +
 +
* [[Bering-uClibc 7.4.x - Changelog]]
  
 
===Known Issues===
 
===Known Issues===

Latest revision as of 15:00, 28 August 2024

WARNING: Work in progress, the doc. is not complete

Overview

Bering-uClibc is a currently active and maintained branch of the LEAF (Linux Embedded Appliance Framework) project, delivering on LEAF's ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Its primary goal is to be used as an Internet Firewall, but also in other ways like router, BRAS, wireless access point, etc ...

History

If you are new to LEAF, you might be interested to know that the LEAF Project is a collection of Linux distributions that began as a fork from the Linux Router Project (LRP) "linux-on-a-floppy" distribution. LRP was conceived and primarily developed by Dave Cinege from 1997 until 2002 but went defunct. Fortunately it didn't stay dead long as a group of collaborators, realizing it's potential, revived it and made it evolve to it's present day state.

LRP was designed to be an affordable alternative to expensive Cisco routers, as it was aiming for small business and home usage. At the time, all you needed was an Intel486 and two network cards (NIC), and you could move traffic between two networks, in our case that would be between the malicious Internet and your vulnerable internal lan. This is what LEAF does too nowadays, although it can use much more modern and optimized, but still relatively inexpensive, multi NICs platforms. There is a plethora of mini PC available today, pcengines is a well tested platform, and have look at these... In any cases, if you are not yet ready to spend too much money, you can still use any old Intel motherboards with "at least" two NICs.

References

Main Features

The key characteristics of Bering-uClibc 7.x are:

  • Based on a recent long-term release of the Linux Kernel.
  • Easy-to-use
    • USB bootable images of a basic working firewall system
    • Web browser access for quick and easier configuration, the traditional vga or serial display console is not required
    • Hardware detection during boot, necessary modules enabling the hardware will be loaded automatically.
    • Load modules when needed for various Packages - e.g. netfilter modules for shorewall[6].
    • Check for and receive updates with command line utility (upgrade) or Web GUI (webconf) from the Packages repository.
  • Targeted to run on industry standard devices even with non-x86 processors.
    QEMU ARM Screenshot
    Bering-uClibc 5.0-prealpha running on an emulated ARM processor
  • Designed to perform well on relatively low-specification hardware. In particular:
    • One of it's most important feature, the system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings.
    • The uClibc-ng C library is used in place of the GNU C Library since uClibc-ng is much smaller in size.
    • Considerable use is made of BusyBox utilities as replacements for larger applications.
  • Focussed on providing excellent networking facilities.
  • Designed to have high fault tolerance:
    • There are no writes on HDD/flash during execution since all the codes run in RAMs (except saving configurations during maintenance) - so a power failure will not break file system. Especially true for fragile SD cards...
    • Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before.
    • Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router.
    • Backup scripts will help to restore system state on storage failure/operator mistake.

Development History

Bering-uClibc 7.x is basically Bering-uClibc 6.x brought up to date with the latest versions of the main software components and with reworked toolchain.

Bering-uClibc 7.0.0 provides in particular:

  • gcc update to 8.3.0
  • The Linux kernel has been upgraded to 5.4.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.35
  • syslog-ng has been replaced by rsyslog

Version 7.0.0 was released in November 2020.

Version 7.0.1 was released in December 2020.

Version 7.0.2 was released in February 2021.

Version 7.0.3 was released in July 2021.

Bering-uClibc 7.1.0 provides in particular:

  • gcc update to 9.4.0
  • The Linux kernel has been upgraded to 5.10.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.38 (1.0.40 with version 7.1.2)

Version 7.1.0 was released in August 2021.

Version 7.1.1 was released in December 2021.

Version 7.1.2 was released in February 2022.

Version 7.1.3 was released in June 2022.

Bering-uClibc 7.2.0 provides in particular:

  • The Linux kernel has been upgraded to 5.15.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.42

Version 7.2.0 was released in Dec 2022.

Version 7.2.1 was released in Mar 2023.

Version 7.2.2 was released in May 2023.

Version 7.2.3 was released in Oct 2023.

Bering-uClibc 7.3.0 provides in particular:

  • The Linux kernel has been upgraded to 6.1.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.45

Version 7.3.0 was released 31. DEc 2023

Version Changelog

Known Issues

Further Documentation

For further information see: