Michael Tremer

IPFire 2.13 RC 1 - Part 5 - The Base System
by Michael Tremer, February 7, 2013

In this series, we have been talking about various new features and functionality, but what has changed the most in IPFire 2.13 is the base of the system. That means, the kernel, essential system libraries like glibc and zlib and many more things. I would even like to say that we have replaced all of the code that runs in your system 99% of the time.

This post may be a bit boring for people that are not too much into development, but please take this with you if you don’t want to read the rest: IPFire 2.13 replaces like everything and hence is a really modern, fast and secure system under the hood. You might not always see the advantages, but you definitely won’t run into the problems of the past any more.

1. The Kernel

The Linux kernel is the core of the system. It is the piece of software that talks to the hardware and runs the rest of the system. IPFire 2.13 bases on Linux 3.2 in its latest version, but some parts have been replaced by even newer versions of the kernel. For example the wireless drivers have been taken from 3.7 to be able to operate the latest hardware.

It may sound werid, that we are taping things together instead of directly using Linux 3.7. The main reason for that is, that we need a very well tested version of the kernel, because a firewall system needs to be stable and needs to run 24/7 without any problems. Therefore, we use a well-tested version for the base and update some components to not fall back.

We also added some more backports to our kernel. Some of those improve the support for ARM hardware. Others add more functionality like CoDel.

This update also has one downside which is that we cannot support Resier4 anymore. It’s a really good file system, but it is very much trouble to patch it into the kernel for every release we make. It’s too much to take care of for which the project has not got the required man power.

2. glibc

glibc, the GNU libc, is the central library for software written in C. It provides a lot of commonly used functionality and because of that, every program is using it.

We made a giant leap when we updated that library from version 2.3.6 to 2.12.1. The new release is able to use SSE, SSE2 and more enhanced CPU instructions to speed up the code. When you thought this is only handy for multimedia tasks or things like that, you are wrong. Cryptographic algorithms can use those instructions to perform twice as fast or more than before.

3. Toolchain (compilers & assemblers)

GCC, the GNU Compiler collection, has been updated as well. Version 4.4.7 compiles code more efficiently so that it executes faster. It also comes with everything we need to port IPFire to ARM.

We are now able to compile IPFire on 64 bit systems. Note that this does not mean that there will be a 64bit version of IPFire. But developers can now run the build on any distribution they like and won’t need to take care of anything else except that the system used for development must be a Linux distribution.

4. All the other tools

We updated everything that is used on a daily basis. Tools that setup the networking, addons like samba which now finally can run SMB2 and many more things. It’s so much that if I would mention all of it, this post will get at least ten more pages. I am sure that nobody wants to read that, so I will cut it out. It you are intested in what is going on in detail, have a look at our git repository at git.ipfire.org.

For the rest of you who don’t really care, be assured that IPFire is an up to date firewall distribution and it is becoming better and better with every release. Please support us, so that we can keep up with that for a long time to come.


Posted: February 7, 2013 • 646 views