Microx - A Unix like kernel for Embedded Systems written from scratch.
What is it? Microx is a new Operating System Kernel written from ground up. Designed for Embedded Systems and Devices. Small, Streamlined and Hyper Efficient. Designed to enable rapid development and Deployment of Embedded products.
Kernel Organization Microx is designed as a POSIX compliant UNIX like kernel. Kernel is monolithic. All kernel components run in a single address space in privileged mode. Application Binary Interface (ABI) is kept the same as Linux. Meaning it can run Programs compiled for Linux unmodified. Over 150 POSIX System Calls supported.
Customization Benefits Microx provides a capable and working UNIX like kernel implemented in a modest amount of code. Easy to understand, customize, modify and add features to. All code written in-house. Contains no GPL or BSD licensed code. The kernel can be customized and used as a foundation to add application specific features and create high-performance embedded products and devices
Kernel Architecture : Processes Processes are run in their own protected address spaces. Microx provides 3GB of virtual address space to processes on the x86 Architecture. Threads are implemented as processes that share their address spaces and other resources. The scheduler is organized such that it: Allows fast response time for interactive processes. Provides good throughput to batch processes. Processes can be prioritized. High priority processes are favored by the scheduler. Supports soft real-time processes. Scheduler does not preempt these. They can run until they voluntarily give up the CPU. Very fast context-switching times. Supports Signals, Pipes and UNIX Domain Sockets as Inter Process Communication mechanisms.
Kernel Architecture: MemoryManagement Applications map physical memory into their address spaces as needed. Kernel provides interfaces for applications to map and un-map physical memory. Kernel implements the CoW (Copy on Write) approach when allocating memory for newly created applications. Kernel manages the physical page frames in the system using the well-known Buddy Algorithm. The Slab Allocator is used by the kernel to allocate arbitrary chunks of memory for its internal use. When memory becomes short, the least recently used pages are reclaimed by the kernel and reused.
Kernel Architecture: File Systems• Microx implements a Virtual File System (VFS) to handle different types of physical and pseudo File Systems.• Employs a Page Cache to cache recently used File System data to increase performance.• Writes are not immediately synced to disk. They are deferred and periodically flushed to increase write throughput.• The Microx File System (MicroFS) is a simple UNIX like File System best suited for Flash Storage Devices.• Does not consider the locality of the block when allocating. It allocates a block where ever it can quickly find.• Shows good performance on rotating disks too if the File System is not very fragmented.
Kernel Architecture: Networking Microx implements a set of protocols to allow applications to communicate with the outside world. This set of protocols is collectively called the "Network Stack". Lowest layer is the Interface Layer. Deals with network hardware and physical media. The Network layer implements the "Internet Protocol" or IP. Also handles Static Routing, Fragmentation, Reassembly and ICMP error processing. The transport layer implements the TCP and UDP protocols. TCP implemented as a Finite State Machine and supports connection creation/termination, retransmissions and flow control. Applications interact with the Network Stack via the POSIX compliant Sockets Layer.
Kernel Performance Various Benchmarking tools have been run to evaluate the performance of Microx. Results compared against Linux. Benchmarks run include: Unixbench: Provides basic indicator of the performance of UNIX like systems. LMBench: Series of micro-benchmarks intended to measure basic operating System metrics. IOZone: A Filesystem benchmarking tool. Generates and measures a variety of file operations. Netperf: Benchmark used to measure various aspects of networking performance. WebBench: Evaluates performance of a Web Server running under Microx. Scalability Benchmarks: Series of tests to evaluate the performance of Microx under an increasing amount of work load. See the accompanying "Features and Performance Overview" document for results for the above benchmarks.
Firewall and QoS Firewall and Quality of Service (QoS) functionality has been built into the kernel. The Firewall and QoS module processes packets before being handed over to the regular Network Stack. Purpose is to demonstrate the usefulness of the system in a real-world application. The software can be used to deploy a featureful and configurable Firewall Device. Services to implement other add-on functionality such as IDS/IPS, DPI, Dynamic Routing etc are provided.
Firewall and QoS Firewall processes packets according to Rules specified by the user. Every rule specifies an action (block or pass) and direction (in or out) of the packet. It can also specify: Source and Destination Address of the packet. Source and Destination Port of the packet. Source and Destination Interface of the packet. A rule can be Stateful or Stateless. For Stateful rules, the Firewall Software maintains a state of the connection and does not consult the rule list for every packet in that connection Network Address Translation (NAT) is done on a per rule basis. A NAT address (source or destination) can be specified for a rule. The source or destination address of the packet that matches a rule will be replaced by the NAT address specified in that rule. All blocked packets can be logged for later viewing by the user.
Firewall and QoS Bandwidth of Stateful connections can be controlled using Quality of Service (QoS) queues. A QoS queue specifies the network five tuple of the connection whose bandwidth is to be limited. Queues are hierarchical. Bandwidth of the parent queue can be divided by its child queues. Queues can be assigned priority. Higher priority Queue will be serviced first. Real-time bandwidth of a particular queue can be viewed and monitored.