Bering-uClibc 7.x

From bering-uClibc
Revision as of 14:50, 8 January 2023 by Kapeka (Talk | contribs) (Development History)

Jump to: navigation, search

WARNING: Work in progress, the doc. is not complete

Overview

Bering-uClibc is a currently active and maintained branch of the LEAF (Linux Embedded Appliance Framework) project, delivering on LEAF's ambition to provide a secure, feature-rich, customizable embedded Linux network appliance for use in a variety of network topologies. Its primary goal is to be used as an Internet Firewall, but also in other ways like router, BRAS, wireless access point, etc ...

History

If you are new to LEAF, you might be interested to know that the LEAF Project is a collection of Linux distributions that began as a fork from the Linux Router Project (LRP) "linux-on-a-floppy" distribution. LRP was conceived and primarily developed by Dave Cinege from 1997 until 2002 but went defunct. Fortunately it didn't stay dead long as a group of collaborators, realizing it's potential, revived it and made it evolve to it's present day state.

LRP was designed to be an affordable alternative to expensive Cisco routers, as it was aiming for small business and home usage. At the time, all you needed was an Intel486 and two network cards (NIC), and you could move traffic between two networks, in our case that would be between the malicious Internet and your vulnerable internal lan. This is what LEAF does too nowadays, although it can use much more modern and optimized, but still relatively inexpensive, multi NICs platforms. There is a plethora of mini PC available today, pcengines is a well tested platform, and have look at these... In any cases, if you are not yet ready to spend too much money, you can still use any old Intel motherboards with "at least" two NICs.

References

Main Features

The key characteristics of Bering-uClibc 7.x are:

  • Based on a recent long-term release of the Linux Kernel.
  • Easy-to-use
    • USB bootable images of a basic working firewall system
    • Web browser access for quick and easier configuration, the traditional vga or serial display console is not required
    • Hardware detection during boot, necessary modules enabling the hardware will be loaded automatically.
    • Load modules when needed for various Packages - e.g. netfilter modules for shorewall[6].
    • Check for and receive updates with command line utility (upgrade) or Web GUI (webconf) from the Packages repository.
  • Targeted to run on industry standard devices even with non-x86 processors.
    QEMU ARM Screenshot
    Bering-uClibc 5.0-prealpha running on an emulated ARM processor
  • Designed to perform well on relatively low-specification hardware. In particular:
    • One of it's most important feature, the system runs from an in-memory filesystem. Disk storage is only required for booting and for storing configuration settings.
    • The uClibc-ng C library is used in place of the GNU C Library since uClibc-ng is much smaller in size.
    • Considerable use is made of BusyBox utilities as replacements for larger applications.
  • Focussed on providing excellent networking facilities.
  • Designed to have high fault tolerance:
    • There are no writes on HDD/flash during execution since all the codes run in RAMs (except saving configurations during maintenance) - so a power failure will not break file system. Especially true for fragile SD cards...
    • Corrupted/erased config file, or even 'rm -rf /' isn't a problem - changes are stored permanently only when user requires that, and reboot will restore all as it was before.
    • Enabled by default watchdog, reboot on kernel panic and kernel soft-lockup detection will help to have minimum downtime of router.
    • Backup scripts will help to restore system state on storage failure/operator mistake.

Development History

Bering-uClibc 7.x is basically Bering-uClibc 6.x brought up to date with the latest versions of the main software components and with reworked toolchain.

Bering-uClibc 7.0.0 provides in particular:

  • gcc update to 8.3.0
  • The Linux kernel has been upgraded to 5,4.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.35
  • syslog-ng has been replaced by rsyslog

Version 7.0.0 was released in November 2020.

Version 7.0.1 was released in December 2020.

Version 7.0.2 was released in February 2021.

Version 7.0.3 was released in July 2021.

Bering-uClibc 7.1.0 provides in particular:

  • gcc update to 9.4.0
  • The Linux kernel has been upgraded to 5,10.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.38 (1.0.40 with version 7.1.2)

Version 7.1.0 was released in August 2021.

Version 7.1.1 was released in December 2021.

Version 7.1.2 was released in February 2022.

Version 7.1.3 was released in June 2022.

Bering-uClibc 7.2.0 provides in particular:

  • The Linux kernel has been upgraded to 5,15.x
  • The uClibc library has been upgraded to uClibc-ng 1.0.42

Version 7.2.0 was released in Dec 2022.

Version Changelog

Known Issues

Further Documentation

For further information see: