Infix v24.11.2

Fixes

• Fix TCAM memory corruption in mvpp2 Ethernet controller

Infix v24.11.2-rc1

Fixes

• Fix TCAM memory corruption in mvpp2 Ethernet controller

Infix v25.02.0

Changes

• Upgrade Linux kernel to 6.12.18 (LTS)
• Upgrade Buildroot to 2024.02.11 (LTS)
• Add support for link aggregation (lag), static (balance-xor) and LACP
• Add support for the i.MX 8M Plus EVK
• YANG type change for SSH private/public keys, from ietf-crypto-types
  to infix-crypto-types
• Disable global IPv6 forwarding by default, enable by per-interface
  setting. Note, route advertisements are always accepted. Issue #785
• Drop automatic default route (interface route) for IPv4 autoconf, not
  necessary and causes more confusion than good. Issue #923
• Update scripting with new RESTCONF examples

Fixes

• Fix #896: /etc/resolv.conf not properly generated when system runs
  in fail secure mode (failing to load startup-config)
• Fix #902: containers "linger" in the system (state 'exited') after
  having removed them from the configuration
• Fix #930: container configuration changes does not apply at runtime
  only when saved to startup-config and system is rebooted
• Fix #936: DHCP server reconfiguration does not always take effect.
• Fix #956: CLI copy command complains it cannot change owner when
  copying factory-config to running-config. Bogus error, the
  latter is not really a file
• Fix #977: "Operation not permitted" when saving running-config to
  startup-config (harmless warning but annoying and concerning)

Infix v25.02.0-rc2

Changes

• Upgrade Linux kernel to 6.12.18 (LTS)
• Upgrade Buildroot to 2024.02.11 (LTS)
• Add support for link aggregation (lag), static (balance-xor) and LACP
• Add support for the i.MX 8M Plus EVK
• YANG type change for SSH private/public keys, from ietf-crypto-types
  to infix-crypto-types
• Disable global IPv6 forwarding by default, enable by per-interface
  setting. Note, route advertisements are always accepted. Issue #785
• Drop automatic default route (interface route) for IPv4 autoconf, not
  necessary and causes more confusion than good. Issue #923
• Update scripting with new RESTCONF examples

Fixes

• Fix #896: /etc/resolv.conf not properly generated when system runs
  in fail secure mode (failing to load startup-config)
• Fix #902: containers "linger" in the system (state 'exited') after
  having removed them from the configuration
• Fix #930: container configuration changes does not apply at runtime
  only when saved to startup-config and system is rebooted
• Fix #936: DHCP server reconfiguration does not always take effect.
• Fix #956: CLI copy command complains it cannot change owner when
  copying factory-config to running-config. Bogus error, the
  latter is not really a file
• Fix #977: "Operation not permitted" when saving running-config to
  startup-config (harmless warning but annoying and concerning)

Infix v25.02.0-rc1

Changes

• Upgrade Linux kernel to 6.12.17 (LTS)
• Upgrade Buildroot to 2024.02.11 (LTS)
• Add support for link aggregation (lag), static (balance-xor) and LACP
• Add support for the i.MX 8M Plus EVK
• YANG type change for SSH private/public keys, from ietf-crypto-types
  to infix-crypto-types
• Disable global IPv6 forwarding by default, enable by per-interface
  setting. Note, route advertisements are always accepted. Issue #785
• Drop automatic default route (interface route) for IPv4 autoconf, not
  necessary and causes more confusion than good. Issue #923
• Update scripting with new RESTCONF examples

Fixes

• Fix #896: /etc/resolv.conf not properly generated when system runs
  in fail secure mode (failing to load startup-config)
• Fix #902: containers "linger" in the system (state 'exited') after
  having removed them from the configuration
• Fix #930: container configuration changes does not apply at runtime
  only when saved to startup-config and system is rebooted
• Fix #936: DHCP server reconfiguration does not always take effect.
• Fix #956: CLI copy command complains it cannot change owner when
  copying factory-config to running-config. Bogus error, the
  latter is not really a file

Infix v25.01.0

Note

This release contains breaking changes in the configuration file
syntax for DHCP clients. Specifically DHCP options with value,
i.e., the syntax for sending a hexadecimal value now require hex
prefix before a string of colon-separated pairs of hex values.

Changes

• Upgrade Linux kernel to 6.12.11 (LTS)
• Upgrade Buildroot to 2024.02.10 (LTS)
• Upgrade FRR from 9.1.2 to 9.1.3
• Add support for configuring SSH server, issue #441. As a result,
  both SSH and NETCONF now use the same host key in factory-config
• Add operational support for reading DNS resolver info, issue #510
• Add operational support for NTP client, issue #510
• Add support for more mDNS settings: allow/deny interfaces, acting
  as "reflector" and filtering of reflected services. Issue #678
• Add DHCPv4 server support, multiple subnets with static hosts and
  DHCP options on global, subnet, or host level, issue #703.
  Contributed by MINEx Networks
  • DHCP client options aligned with DHCP server, startup-config
    files with old syntax are automatically migrated
• Breaking change in DHCP client options with value. Hexadecimal
  values must now be formatted as { "hex": "c0:ff:ee" } (JSON)
• Add documentation on management via SSH, Web (RESTCONF, Web
  Console), and Console Port, issue #787
• Add documentation of DNS client use and configuration, issue #798
• Add support for changing boot order for the system with an RPC,
  including support for reading boot order from operational datastore
• Add support for GRE/GRETAP tunnels
• Add support for STP/RSTP on bridges
• Add support for VXLAN tunnels

Fixes

• Fix #777: Authorized SSH key not applied to startup-config
• Fix #829: Avahi (mDNS responder) not starting properly on switches
  with many ports (>10). This led to a review of sysctl:
  • New for IPv4:
    • Adjust IGMP max memberships: 20 -> 1000
    • Use neighbor information on nexthop selection
    • Use inbound interface address on ICMP errors
    • Ignore routes with link down
    • Disable rp_filter
    • ARP settings have been changed to better fit routers, i.e.,
      systems with multiple interfaces:
      • Always use best local address when sending ARP
      • Only reply to ARP if target IP is on the inbound interface
      • Generate ARP requests when device is brought up or HW address changes
  • New for IPv6:
    • Keep static global addresses on link down
    • Ignore routes with link down
• Fix #861: Fix error when running 251+ reconfigurations in test-mode
• Fix #869: Setup of bridges is now more robust
• Fix #899: DHCP client with client-id does not work
• Minor cleanup of Networking Guide
• Fix memory leaks in confd

Infix v24.11.1

Changes

• Upgrade Frr to 9.1.2, fixes an OSPF issue where Zebra lost netlink
  messages and drifted out of sync with the kernel's view of addresses
  and interfaces available in the system
• Allow setting IP address directly on VLAN filtering bridges. This
  only works when the bridge is an untagged member of a (single) VLAN.
• cli: usability -- showing log files now automatically jump to the end
  of the file, where the latest events are
• cli: usability -- showing container status, or other status that
  overflows the terminal horizontally, now wrap the lines and exit the
  pager immediately if the contents fit on the first screen
• The default log level of the mDNS responder, avahi-daemon, has been
  adjusted to make it less verbose. Now only LOG_NOTICE and higher
  severity is logged -- making it very quiet

Fixes

• Fix #685: DSA conduit interface not always detected. Previous
  attempt at a fix (v24.10.2) mitigated the issue, but did not
  completely solve it.
• Fix #835: redesign how the system creates/deletes containers from the
  running-config. Prior to this change, all removal and creation was
  handled by a separate queue that ran asynchronously from the confd
  process. This could lead to situations where new configurations are
  applied before the queue had been fully processed. After this change
  containers are deleted synchronously and new containers are created
  in the same flow as during normal runtime operation (start/upgrade)
• Fix start of containers with manual=True option should now work
  again, regression in v24.11.0
• Fix loss of writable volumes when temporarily disabling a container
  in the configuration, now the container remains dormant with all its
  volumes still available
• Fix presentation bug in CLI show interfaces where all line-drawing
  characters showed up as hexadecimal values. Regression in v24.11.0
• Fix missing log messages from Frr Zebra daemon
• Stop the zeroconf (IPv4LL) agent, avahi-autoipd, when removing an
  interface, e.g., br0
• Creating more than one container trigger restarts of previously set
  up containers. Which in some cases may cause these earlier ones to
  end up in an inconsistent state
• Prevent traffic assigned to locally terminated VLANs from being
  forwarded, when the underlying ports are simultaneously attached to
  a VLAN filtering bridge.

Infix v24.11.1-rc1

Changes

• Upgrade Frr to 9.1.2, fixes an OSPF issue where Zebra lost netlink
  messages and drifted out of sync with the kernel's view of addresses
  and interfaces available in the system
• Allow setting IP address directly on VLAN filtering bridges. This
  only works when the bridge is an untagged member of a (single) VLAN.
• cli: usability -- showing log files now automatically jump to the end
  of the file, where the latest events are
• cli: usability -- showing container status, or other status that
  overflows the terminal horizontally, now wrap the lines and exit the
  pager immediately if the contents fit on the first screen
• The default log level of the mDNS responder, avahi-daemon, has been
  adjusted to make it less verbose. Now only LOG_NOTICE and higher
  severity is logged -- making it very quiet

Fixes

• Fix #685: DSA conduit interface not always detected. Previous
  attempt at a fix (v24.10.2) mitigated the issue, but did not
  completely solve it.
• Fix #835: redesign how the system creates/deletes containers from the
  running-config. Prior to this change, all removal and creation was
  handled by a separate queue that ran asynchronously from the confd
  process. This could lead to situations where new configurations are
  applied before the queue had been fully processed. After this change
  containers are deleted synchronously and new containers are created
  in the same flow as during normal runtime operation (start/upgrade)
• Fix start of containers with manual=True option should now work
  again, regression in v24.11.0
• Fix loss of writable volumes when temporarily disabling a container
  in the configuration, now the container remains dormant with all its
  volumes still available
• Fix presentation bug in CLI show interfaces where all line-drawing
  characters showed up as hexadecimal values. Regression in v24.11.0
• Fix missing log messages from Frr Zebra daemon
• Stop the zeroconf (IPv4LL) agent, avahi-autoipd, when removing an
  interface, e.g., br0
• Creating more than one container trigger restarts of previously set
  up containers. Which in some cases may cause these earlier ones to
  end up in an inconsistent state
• Prevent traffic assigned to locally terminated VLANs from being
  forwarded, when the underlying ports are simultaneously attached to
  a VLAN filtering bridge.

Infix v24.11.0

Caution

This release contains breaking changes for container users! As of v24.11.0, all persistent¹ containers always run in read-only mode and the setting itself is deprecated (kept only for compatibility reasons). The main reason for this change is to better serve users with embedded container images in their builds of Infix. I.e., they can now upgrade the OCI image in their build and rely on the container being automatically upgraded when Infix is upgraded, issue #823. For other users, the benefit is that all container configuration changes take when activated, issue #822, without having to perform any tricks.

Changes

• Add validation of interface name lengths, (1..15), Linux limit
• Add support for ftp/http/https URI:s in container image, with a new checksum setting for MD5/SHA256/SHA512 verification, issue #801
• Add a retry timer to the background container create service. This will ensure failing docker pull operations from remote images are retrying after 60 seconds, or quicker
• CLI base component, klish, has been updated with better support for raw terminal mode and alternate quotes (' in addition to ")
• Log silenced from container activation messages, only the very bare necessities are now logged, e.g., podman create command + status
• Factory reset no longer calls shred to "securely erase" any files from writable data partitions. This will speed up the next boot considerably

Fixes

• Fix #659: paged output in CLI accessed via console port sometimes causes lost lines, e.g. missing interfaces. With updated klish and the terminal in raw mode, the pager (less) can now control both the horizontal and vertical
• Fix #822: adding, or changing, an environment variable to a running container does not take without the container upgrade NAME trick
• Fix #823: with an OCI image embedded in the Infix image, an existing container in the configuration is not upgraded to the new OCI image with the Infix upgrade.
• Frr leaves log files in /var/tmp/frr on unclean shutdowns. This has now been fixed with a "tmpfiles" cleanup of that path at boot

1. I.e., set up in the configuration, as opposed to temporary ones started with container run from the CLI admin-exec context. ↩

Infix v24.11.0-rc1

Caution

This release contains breaking changes for container users! As of
v24.11.0, all persistent¹ containers always run in read-only mode
and the setting itself is deprecated (kept only for compatibility
reasons). The main reason for this change is to better serve users
with embedded container images in their builds of Infix. I.e., they
can now upgrade the OCI image in their build and rely on the container
being automatically upgraded when Infix is upgraded, issue #823. For
other users, the benefit is that all container configuration changes
take when activated, issue #822, without having to perform any tricks.

Changes

• Add validation of interface name lengths, (1..15), Linux limit
• Add support for ftp/http/https URI:s in container image, with a new
  checksum setting for MD5/SHA256/SHA512 verification, issue #801
• Add a retry timer to the background container create service. This
  will ensure failing docker pull operations from remote images are
  retrying after 60 seconds, or quicker
• CLI base component, klish, has been updated with better support for
  raw terminal mode and alternate quotes (' in addition to ")
• Log silenced from container activation messages, only the very bare
  necessities are now logged, e.g., podman create command + status
• Factory reset no longer calls shred to "securely erase" any files
  from writable data partitions. This will speed up the next boot
  considerably

Fixes

• Fix #659: paged output in CLI accessed via console port sometimes
  causes lost lines, e.g. missing interfaces. With updated klish
  and the terminal in raw mode, the pager (less) can now control both
  the horizontal and vertical
• Fix #822: adding, or changing, an environment variable to a running
  container does not take without the container upgrade NAME trick
• Fix #823: with an OCI image embedded in the Infix image, an existing
  container in the configuration is not upgraded to the new OCI image
  with the Infix upgrade.
• Frr leaves log files in /var/tmp/frr on unclean shutdowns. This
  has now been fixed with a "tmpfiles" cleanup of that path at boot

1. I.e., set up in the configuration, as opposed to temporary ones
   started with container run from the CLI admin-exec context. ↩