Original PDF: zookeeper Linux Embedded System example: methods and practices
Author: Liang yuanbiao Lin yingda
Liu Jianwen finishing (http://blog.csdn.net/keminlau
)
Key:
Linux embedded for Embedded Operating Systems
Department of Information Science, National Jiaotong University
300 No. 1001, Xinzhu University Road
Tel: 03-5712121 Ext. 56667 Fax: 03-5712121 Ext. 59263 {upleong,
Ydlin} @ cis.nctu.edu.tw Contact Person: Liang yuanbiao
Summary
The rapid development of open source code (Open Source Code) is gradually penetrating into the embedded field. The combination of the two will become an extremely important part of the personal computer era. First, we will discuss the usage
Linux as an embedded operating system, through how to kernel, daemons, library (Libraries)
And Applications (Applications/utilities)
After the size of the four main parts is reduced, it can be configured in an embedded system with flash memory as the storage device. Next we will provide VPN, firewall, and Intrusion Detection System (IDS)
As an example, describes how to build a complete embedded Linux system. Finally, we use the RedHat
System (about 1.3 gbytes) and additional RPM Software Package (about 15 Mbytes), the system is successfully reduced to 19 Mbytes
. After being compressed to 7 Mbytes, it is placed in a system with 64 MB memory and 8 Mb flash memory.
Keywords: embedded, Linux, downsizing
1. Background
Embedded systems are already virtually integrated into our daily lives. Various digital cameras,
Personal Digital Assistants, ADSL or cable data machines used for broadband Internet access, all rely on program control. In these examples,
We can find that they all have specific functions and are stable and very common. This is the power of the embedded system. It uses less resources, has high stability, and has a low price. With many advantages, the embedded system will
This is an important product technology in the personal computer era. In table 1
Lists the differences in resources and functions between PCs and embedded systems. The storage devices used by embedded systems are flash memory, which is more durable than hard disks but has little capacity. The VGA is omitted.
And other unnecessary devices. The most important thing is that embedded systems have specific functions, so they can be optimized and tested easily, and greatly improve the stability of software in the system.
As for network devices, factors such as comprehensive functions, stability, and interoperability are critical. Prior to the vigorous development of open-source software, the market was dominated by commercial software until Linux
The rise of operating systems has become an excellent choice in the network field. Table 2
It makes a simple comparison with the operating systems provided by various vendors. We can see that commercial software is expensive and there is a system that collects royalties. In addition, most of the software provided by each vendor is incompatible, and the operating system is also
It is closed, so the general program does not support it, and it is heavily dependent on the vendor's provision. Embedded Linux provides the source code
The system's application compatibility, full freedom to gain, and other advantages pose a threat to systems with a long history. However, because it is still in its infancy, the current embedded Linux
The version is not a very simple system. How to make good use of and allocate resources, integrate general UNIX programs, and cut down the system to be suitable for embedded applications becomes the main goal.
Next, let's take a look at the highly elastic Linux
, There are some of the main parts that can be cut. Then analyze the methods and development tools to be removed to the embedded version. At the end of this article, we will take the security gateway as an example to introduce its functional specifications and the software packages used.
After the preceding reduction process is transplanted to the embedded system, the success is remarkable.
2. detachable parts
Linux
With the continuous development of software and the accumulation of more and more applications, the formation of the same functional program has the advantages of multiple options. What we need is a streamlined system, so we must cut it down. First, we will summarize the huge system
Four parts: kernel, daemons, libraries, applications, and tool programs
(Applications and utilities ). The principle we are cutting is that we do not directly Delete the code to ensure the integrity of the source code. Table 3
Lists the directions and objectives of each subsystem reduction. The following describes in detail.
2.1 Kernel
Because the functional specifications of the embedded system are clearly defined, only necessary options or modules must be left in the Kernel configuration. Other unnecessary options can be discarded. Another method is to use
Generation Method. If it is a network device, you can replace the output of the console with the serial port. This not only saves the hardware cost, but also saves the cost in Linux 2.4
Kb in the kernel. In addition, the parallel port, plug-and-play, soft drive, optical drive, keyboard, mouse, USB and other drivers can be omitted.
2.2 daemon
Under the influence of open source, in addition to more complete functions of various programs, the support for various software and hardware is also becoming diversified. However, with limited resources
To redefine the functions required by each program, instead of installing software packages that can be directly executed. For example, if you only use squid as the HTTP proxy and do not use it
Caching. During compilation, you can directly use the squid configuration program to turn off the support for the file system (use options
-- Enable-storeio = NULL ). In this way, the program code obtained in Squid 2.4.stable1 can save KB (about
26%. Other network-related programs such as GNU Zebra can also turn off IPv6 support to save space.
2.3 Library
When a program uses static or dynamic connections, different features are generated. Static connection causes overhead during Program Execution
Reduced, the program code is also relatively simple. Dynamic connection saves a lot of space as the number of programs in the shared library increases. Therefore, you must strike a balance between the two based on your needs. If only one program is in use in the library,
You can choose to use static connections. In the case of dynamic connection, you can use the tool program LDD
To check the dependency between programs and libraries. With this method, you can find and retain the minimum set of shared libraries required by the system.
2.4 applications and tool programs
In this part, it is more flexible, because such programs are more selective and can be replaced by multiple methods. For example
You can read or modify the parameter configurations of multiple systems without using cumbersome or uncommon tools. For example, you can use the command # Cat
/Proc/NET/ARP is achieved, saving the use of the/sbin/arp program. Secondly, in an embedded system, the user is no longer a general PC
Users can simplify the program interface, help online, and even simplify program functions. Busybox [2]
It is a representative set of tool programs. It provides common UNIX functions such as file tools, Shell, text processing, and compression programs with a single small program. Table
4. List busybox and tinylogin [3]
Function and the size relative to the original tool program. It can be seen that the full use of tools designed specifically for Embedded Systems is a good way to achieve a win-win situation.
2.5 debug information and symbol table)
After the debugging stage ends, all the information used for debugging in the program can be deleted, because they all provide the function of debugging with source code, so it occupies a lot of space, you can use the tool program strip
Delete. Take IDs's snort daemon and squid daemon as examples, from 969 K and 670 K to 307 K and
419 K. In this way, we can also scan all the execution files to find out the list of symbols that are not used in the shared library, and use them from the library to strip
Remove to further reduce the system.
3. How to cut
3.1 Method
Current Linux release version (distribution)
Many have their own advantages and disadvantages. It is not a dream to build an embedded Linux system based on appropriate methods. First, RedHat 7.1
For the release version of, the version of the complete Server Installation requires about 1.3 gbytes
The above space does not include some special software packages. However, among the numerous software, we only need a small part, which may be between 10 and 10 ~ 30 Mbytes
. The system must be established efficiently. There are two basic feasible methods:
(1) Delete all unnecessary parts from one of the release versions and leave the system we want.
(2) All the functions of the system are re-built according to the specifications.
As mentioned above, we must first have a clear understanding of the system function specifications before we can cut the system. As shown in figure 1, method 1 provides hundreds of Mbytes
Unnecessary data is affected. In method 2, you can directly create a file from 2 MB to 16 Mb.
Size of the embedded system. Therefore, the reconstruction method is obviously a good choice. before using this method, you must prepare three items: overall functional specifications, used software packages, and specifications of the target platform.
. In fact, these three are closely related, that is, defining system practices from three different perspectives to make them more comprehensive and accurate.
3.2 Development Environment
After learning about the system to be built, you can use Linux to build embedded devices. First, we must
It is divided into development platforms and target platforms. The target platform is where the program is finally transplanted and executed. because of limited resources, the development and debugging environments are concentrated on the development platform. Table 5
List the main development tools on the two platforms.
To establish a basic development environment, you must have a cross-platform development kit that includes the compiler [4].
, Connectors, debuggers, etc. In addition, you must prepare the programs required to create a file system. On the target platform, you only need to prepare a system boot program, such as etherboot [5].
Redboot [6. This program can be started after obtaining the system image from the network or directly starting the system from the flash memory during the debugging phase. Once started
Linux operating system, you can also use GDB server as a remote debugging tool.
3.3 Development Process
The development process 2 can be divided into several parts. First, you must prepare
, Coupled with the root directory of the file system, coupled with daemon programs and applications, after compression, packaged into an image file containing the kernel. The target platform obtains image files through network or flash.
After the system is started and initialized, It is a machine that uses embedded Linux as the operating system.
When creating a file architecture, you must pay attention to the permission configuration. Because the number of overwriting times of flash memory is limited (about 1 million times), the system will be mounted in read-only mode. While
Directories such as/var/dev must be read and written, or some temporary files and record files can be recorded. The system memory space can be used to simulate writable file systems (RAM disks)
,. Build a symbolic link)
The write permission is obtained, and the rest is protected on the flash memory in read-only mode. If a large number of record files must be left after shutdown, plug-in the hard disk to the system/var/log
Is a more appropriate approach. A small number of record files can be written to flash memory, but must be buffered. Otherwise, frequent writing will shorten the service life. Similarly, we cannot use swap.
If the memory is insufficient, you can consider leaving the system on the flash memory and adding a hard disk as the function of swap disk. In the embedded system
It is used on the system, but it is different from the general file system, because ramdisk
Some memory is used, so the available memory is relatively reduced, which may cause misunderstanding of memory usage. Please pay special attention to this. Figure 3 shows the memory space distribution when RAM disk is used.
4. Security Gateway instance
4.1 features
Next, we will take the security gateway as an example to illustrate the effectiveness of developing the embedded version based on the above method. The Security Gateway is an anti-DDoS
Firewall, VPN and Intrusion Detection System gate. All are composed of open-source software, mainly including Linux kernel 2.4.7 [7], Netfilter
(Packet filter, port redirect, Nat), squid (URL Filter) [8], tis
(Content Filter) [9], FreeS/Wan (VPN) [10], and snort (IDS) [11]
. Other functions, such as DNS, DHCP server, routing, bandwidth management [12],
Web-based configuration.
4.2 hardware Specification
Select an industrial-level computer with flash memory. The CPU is Pentium II 350, 64 mb ram, 8 MB
Flash, 10/100 mbpsnic three. The program will first compress and then put it into the flash memory. Therefore, the actual system size can exceed the object size limit of 8 Mbytes.
4.3 main software packages used and Handling Methods
The software used in the main functions of the security gateway is listed in table 6.
4.3.1 kernel Reduction Process
After unlocking the source code of the kernel, configure (command # Make menuconfig or # Make
Xconfig) kernel options, in which the config_serial,
Config_serial_console) replaces VGA Console (disable config_vt, config _ {vt,
VGA }_console) and use the memory as the hard disk during startup (enable config_blk_dev _ {Ram, initrd })
. Finally, you can compile the new kernel (command # Make Dep bzimage ).
4.3.2 daemon process reduction
The squid daemon is used as an example. This is because only transparent HTTP proxy and URL are allowed on the security net.
Filter service, in addition to disabling the cache function in the configuration file (SQUID. conf), you can further Delete the supported parts of the cache from the program. In
In version 2.4.stable1, three cache storage formats are provided: UFS, aufs, and null.
, The last one indicates that the cache is not used, so it meets the requirements. Then use the configuration program to set (command #./configure
-- Enable-storeio = NULL -- enable-Linux-netfilter) and use Linux Netfilter
Module.
4.3.3 library Reduction Process
Here, we all refer to the reduction method for the dynamic library. Because of the sharing, we should consider the entire system rather than a single library. By using
Script program, first find the dependency of the execution file in the system (using LDD, list dynamic dependencies)
And then find out the usage of the symbol between the execution file and the Library (use command # objdump-t to view the dynamic symbol table)
. Finally, based on the record, the program strip is used to remove unnecessary parts of the execution file and library.
4.3.4 tool program Reduction Process
Use busybox
Used as a tool to replace system tools with simplified functions. First undo the source code, select the required features in the configuration file (busybox-0.51/config. h)
For example, # define bb_ping, # define bb_sleep, # define bb_route
. You can edit the list function, and the final commands are linked to/bin/busybox in the form of symbolic link.
5. Comparison of results
At last, according to the methods mentioned above, different procedures of the security network should be closed and the process should be reduced. Table 7
For some representative functions or software packages, they are compared on the two platforms, and finally the ratio of reduction. The ratio of software packages that can be reduced is.
It can be seen that after the kernel removes all unused drivers, it will cut 11%
. To further scale down, you may need to modify some programs or compile them in modular form. In addition, Pluto daemon and tis
Because of the large amount of debugging information, only the Strip symbol method has a good effect. The Snort part can reach 73% because it is supported by default in the release version.
MySQL databases can be greatly deleted by reconfiguration and removing debugging information. Web Server
The features are preset in the release version, which leads to a higher ratio of reduction after re-compilation. In terms of the library, it is because it is already the smallest set in use, and its space reduction is only a few unused
So there is only a cut rate of about 24%. Parts listed at the end include unprocessed and unclassified procedural parts. Among them, the reason for not being processed is --
The above methods are ineffective, and the program has been very streamlined, so you can use them directly to speed up system establishment. Finally, you can directly modify the program code to develop a dedicated Embedded Version (
For example, using the APIS provided by busybox), integrating more functional daemon programs (replacing squid with the proxy provided by Apache), etc.
6. Conclusion
Use Linux
As an embedded operating system, it is very interesting because users and contributors are everywhere in the world, and they have contributed their own efforts and supported versions on various major platforms. However
In many cases, it is a pity that there is not a good integration environment. In Embedded Linux
Although all independent development tools have complete functions and graphic user interfaces, they are quite good. However, this part of the integrated development environment is still in its infancy. And embedded operating systems
Compared with the development environment of VxWorks, the function is too simple. Even if Lineo [13] embedix is mainly embedded in Linux,
Hardhat Linux of montavista [14]
All provide good development tools, but lack a powerful graphical integration environment. The integrated environment should focus on the cross-platform development environment, supplemented by the network connection debugging function, dynamic
Downloading the execution module and displaying the execution status in real time will be an important milestone challenging commercial software. We believe that this is the same problem that open software has always faced.
Linux applications will certainly grow rapidly. Apart from what we have seen in this article, you can use a general Linux kernel for implementation, but you can also have other options. Excluding Memory Management Units
(MMU) uClinux [15], or armlinux [16, 17], linuxppc [18] supporting various central processors
You can make appropriate choices based on different applications. We hope that you can also use embedded Linux, which can be applied in different fields to achieve unlimited creativity.
7. References
[1] Ying-dar Lin, Shao-Tang Yu, Huan-yun Wei,
Integrating
And benchmarking security gateway
Open source firewall, VPN,
And IDs, submitted
Publication, August 2001.
[2] The Swiss
Army Knife of Embedded Linux,
Http://busybox.lineo.com
[3] The worlds smallest login/passwd/Getty/etc,
Http://tinylogin.lineo.com
[4]
Crossgcc frequently asked questions,
Http://www.objsw.com/CrossGCC
[5]
Etherboot home page,
Http://etherboot.sourceforge.net
[6] The RedHat embedded debug and bootstrap
Firmware, http://sources.redhat.com/redboot
[7] the Linux kernel archives, http://www.kernel.org
[8] Squid Web Proxy Cache,
Http://www.squid-cache.org
[9]
The firewall Toolkit (fwtk) from tis,
Http://www.fwtk.org
[10] Linux
FreeS/WAN, http://www.freeswan.org
[11] The Open Source Network Intrusion Detection
System, http://www.snort.org
[12] iproute2 +
TC notes,
Http://snafu.freedom.org/linux2.2/iproute-notes.html
[13] Lineo, inc., http://www.lineo.com
[14] montavista software, http://www.mvista.com
[15] embedded Linux microcontroller project,
Http://www.uclinux.org
[16]
Armlinux.org homepage, http://www.armlinux.org
[17] the ARM Linux project,
Http://www.arm.linux.org.uk
[18]
The home of the PowerPC GNU/Linux port,
Http://www.linuxppc.org