Money can’t buy you any time. So it’s all about manpower. The older I get, the more I understand that fact.
1 Like
it can buy developers time that otherwise is going to be used to do something else that pays the bills. The IPFire project needs to be funded by its users.
1 Like
Why am I against it? Because it technically does not make any sense and causes a lot of work. Have you never checked what kernel RHEL or Debian are running on? IPFire is not doing anything differently here.
The kernel is not old. In the development tree is usually a kernel that is not older than a week since its release. They are all starting with 4.14 currently: git.ipfire.org Git - thirdparty/kernel/stable.git/shortlog
Good luck with that. And indeed thank you for the tone of your message.
What is frustratingly old?
In a business it does.
1 Like
I think it’s a little bit more then that. Everybodies day has got 24h. You have to sleep, take some time with your family, sports and hobbies and you have to work. Sure if you don’t take your work time for the project, because you don’t get money for it, but have to earn money to finance your life. If you get some money to support the project and finance your work you may take more time for the project, but that will only be possible if you are self-employed. And still your time is limited, independent how much money you get to put some work into the project. Therefore you need manpower.
I don’t know if such a strong response is necessary. I do find it frustrating that we seem to be using some older packages and the tree is getting stale.
What is frustratingly old?
Obviously I understand that this isn’t a full blown distribution that I can just run apt install on. However when I want to get statics off box with what is there, aka collectd, I find out we have a forked very old version.
I would like to have the ability to put netflow on the box, I’m not saying that ipfire has to be opnsense or anything like that, as a matter of fact I much PERFER ipfire and it’s use of linux as a kernel. I’m probably not the average user of ipfire, I get that. For example I want to put in a couple more network cards in my box because I want to do link aggregation from my Cable Modem ( Comcast multigig Docsis service).
I’ve worked around some of this by mirroring the output ethernet port of ipfire on my switch to another computer ( for netflow analysis).
Maybe it’s just a matter of digging in and figuring out how to compile packages with the ipfire 2.x source tree. I’m open to just about anything.
1 Like
Hi all,
in the old forum are some examples according to this topic, not sure if this interesting for you
- Pmmacct → Pmacct - A lightweight passive network monitoring tool .
- Softlowd with an external ELK-Stack → IPFire Community .
- fprobe nfdump → IPFire Community .
- NFsen - Nfdump (problem cause no PHP is available but for the reference) → IPFire Community .
- Ntopng → IPFire Community .
Just to mention some of them. Some packages are surely outdated but there are plenty of possibilities with your own DEV environment.
Just a beside one.
Best,
Erik
@ Arne.F [ Comment 1 ):
Perhaps you do not need to do it lonely all by yourself,
because others are in same urgent need for “quality and longevity of products”:
. . . Linux “Super Long Term Support Kernel”:
. . . 4.19 supported until 2029+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <— !
. . . “Upstream first” policy
. . . Release twice a month (second and fourth Fridays)
“The Civil Infrastructure Platform (“CIP”) is a collaborative, open source project
hosted by the Linux Foundation.”
[ https://www.cip-project.org/ ]
Nothing of that is upstreamed.
ipfire’s collectd is a forked version…
I understand why, but the farther we get away from the mainline the more features we lose.
I am all about digging in and helping… I did embedded C for 15 years on Set top Boxes doing digital encryption and embedded DOCSIS cable modems. I’ve written kernel ethernet drivers.
I’m now doing devops type stuff so I can totally get involved, happy to do so.
Hi Michael,
this was meant in first place as “plenty of possibilities with your own DEV environment.” including some possible hints in the specifics if needed.
Can also push some of them if there are some interesting ? Even some of them are as mentioned outdated (fprobe last update 2005, NFSen makes no sense without PHP) but the rest seems to have an active development.
Best,
Erik
Addendum: Reference:
“I go into why older kernels are supported longer in my big “What stable kernel should I run” post at http://kroah.com/log/blog/2018/08/24/what-stable-kernel-should-i-use/ See the section about “Older LTS releases” at the bottom.
Normally I say I will support LTS releases for only 2 years, …
But I am not promising to do that just yet. Plan on getting your code upstream and then it doesn’t matter about the length of a LTS release at all, you can just update to the next major LTS release each year and all is fine. That’s the safest and best thing to do, you never want to be running older LTS kernels unless you are forced to by a horrible SoC vendor who is holding your kernel version hostage.”
…
If you look at the history of that page over time, the projected end of life for 4.9 was originally just over 2 years, but Greg has continued to maintain it and extended the expected end of life.
…
So it will pretty much always be the case . . . . . . . . . . . . . . . < - - - !
(unless policies or practices change) that
the latest LTS has an expected lifetime of two years, . . . . . . < - - - !
but older ones will have longer expected lifetimes. . . . . . . . . < - - - !
[ https://www.reddit.com/r/linux/comments/aa6ou5/why_are_the_lts_kernel_releases_being_supported/ ]
I am very interested in pmacct. Please make this one official.
Why you think it is a fork?
IPFires collectd is the latest collectd 4.10.x you can get this here: Index of /files
wget https://collectd.org/files/collectd-4.10.9.tar.bz2
--2020-02-08 10:35:57-- https://collectd.org/files/collectd-4.10.9.tar.bz2
Auflösen des Hostnamens collectd.org (collectd.org) … 62.128.13.221, 2001:780:0:1e::c
Verbindungsaufbau zu collectd.org (collectd.org)|62.128.13.221|:443 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 1287153 (1,2M) [application/x-bzip2]
Wird in »collectd-4.10.9.tar.bz2« gespeichert.
collectd-4.10.9.tar 100%[===================>] 1,23M 540KB/s in 2,3s
2020-02-08 10:35:59 (540 KB/s) - »collectd-4.10.9.tar.bz2« gespeichert [1287153/1287153]
md5sum collectd-4.10.9.tar.bz2
980dd3387508f9ad209df04a6f7a126c collectd-4.10.9.tar.bz2
Newer verions needs many other changes. If someone has time to do its a good Idea to update this of course.
Those are my words. We have a couple of patches in there:
But those are necessary because collectd 5 broke compatibility with existing databases.
Hi all,
we started some time ago with an collectd update but stucked with the OpenVPN patches --> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=d81bffdc87f527efcbfd55caf727635dd649fdf3 . The initial start was causing lm_sensors which needed an updated collectd, there is also a testing thread in the old forum --> https://forum.ipfire.org/viewtopic.php?t=23553 , this patch status resulted in a working environment but as mentioned without OpenVPN.
May it is not that far if someone helps out with the OpenVPN stuff ?!
Best,
Erik
I am new to the forum and due to a good offer I ordered new hardware for a firewall relatively spontaneously (same hardware as a PROTECTLI FW4B).
I am looking at what firewall software I will use in the future. Currently I have IPFire and OPNsense on my list.
I haven’t used Cake yet, but I’ve read good things about it, so I searched for it in the forum and found this thread.
Core Update 159 will update the kernel to 5.10. So Cake should be possible with IPfire. Will this be implemented in the GUI?
Under BSD there is no Cake and so IPfire would have an advantage over *sense.
What do mean by ‘cake’?
cake is a packet sheduler and the further development of codel but it need more user configuration.
I have enabled the modul in the kernel but IPFire will not use it yet.
You can experement with it by changing the QoS scripts.
Cake is available as Arne said, but we do not think that it would be a life-changing thing compared to the current fq_codel implementation that we are using. If you would like to play around with it, I would be happy to hear how it works for you.