The Bullet Points: Linux 2.4 - Part Deux

Introducing the new DevFS: Linux 2.4 will change the way you access your devices.
Firewall/NAT Rewrite (iptables)

Although I probably shouldn't admit it, I know a number of system administrators who never bothered upgrading their kernel to Linux 2.2. Even though Linux 2.2 included a completely rewritten network layer, the cost of bothering to update their old (2.0 era) scripts to the 2.2 command set was daunting to some. That being said, Linux 2.4 has rewritten the entire networking layer (again!) and introduced an entirely new interface: iptables. But what about those people who don't want to upgrade again? This time around, Linux 2.4 includes compatibility modules for both the 2.0 and the 2.2-era tools. With compatibility tools lowering the cost of entry, it is hoped that this release of the Linux kernel will be more readily implemented than the previous release.

The Linux 2.4 networking layer wasn't rewritten again for nothing. Network Address Translation (NAT) and Firewall operations have been made more flexible in their operation and split off into separate modules. With these modules, a Linux 2.4 system becomes nearly as powerful and flexible as modern-day commercial routing hardware. Of course, to use the really nifty features of the new kernel, you have to be using the “real” iptables interface and not either of the compatibility interfaces provided.

While the new flexibility may be enough to convince hard-core network people to upgrade, the 2.4 Linux kernel also includes more general fixes and speedups for the networking layer. David Miller and the rest of the networking gurus have been hard at work making sure Linux 2.4 talks more efficiently to other operating systems. The networking layer and the TCP/IP stack have been rewritten to be more scalable on multi-processor machines. Network device drivers are now written to make them more stable and to eliminate some possible race conditions in the infrastructure, too. These changes further build on the great work that was done with Linux networking during the Linux 2.2 development cycle.

Direct Rendering Manager

Linux 2.2 included the first official support for frame-buffer graphics devices in the kernel; Linux 2.4 also recognizes a new interface for kernel-level control of graphic hardware. With the introduction of Direct Rendering Manager (DRM) comes a system to keep multiple demanding video processes in check. Rather than being a complete video driver in itself (such things are better left in user space), Linux 2.4 makes user-space video more stable (and secure) by providing a kernel interface which controls and synchronizes access to graphical devices. Supported programs, such as Xfree4.x, will talk to this interface whenever a hardware resource is needed. The kernel will know when multiple programs are attempting simultaneous access to video structures, and will save state or do whatever is necessary to make sure they don't conflict. Since supported programs will be unable to send conflicting requests to the graphical hardware, these conflicts will not be able to cause a crash. This new feature is largely geared to advanced accelerated hardware, but lower-end hardware may benefit from the new resource allocation routines as well.

Firewire/I2O

One major area of improvement in Linux 2.4 is the number of device types it supports. I already wrote about Linux 2.4's support for USB, ISA Plug-and-Play and PC Card devices in my previous articles. This picture would not be complete, however, without mention of support for Firewire and I2O (Intelligent Input/Output) devices, two relatively new additions to the PC hardware market.

Firewire, IEEE 1394, is a high-speed external bus system that is similar in concept to USB. (You may also hear it called by Sony's name: i.Link.) Unlike USB, Firewire supports multiple computers on the same bus and at higher-speed transfers than USB. Due to the high bandwidth available, Firewire has proven most useful for digital (video) cameras and similar devices which require a lot of data to be transferred quickly. It should be noted that, although the underlying bus is supported under Linux, not all hardware chip sets and devices are supported yet. This support will improve over time and as more hardware becomes available.

I2O is a new type of I/O subsystem that features operating-system independence in addition to high-speed data transfers. This means that, in theory, one driver is guaranteed to work with all devices of a specific type, regardless of vendor or how the device actually works internally. Unfortunately for us, there are relatively few I2O devices made so far, and the kernel support is still somewhat incomplete.

Although Firewire and I2O are relatively new to the Linux sphere and relatively little hardware actually exists for these bus types, the open-source snowball is rolling and support for these device types will improve as these devices become more common.

Linux 2.4 Scorecard

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix