Skip to content

Infix v24.02.0

Compare
Choose a tag to compare
@github-actions github-actions released this 01 Mar 20:39
· 1333 commits to main since this release

Note: the root account is disabled in official builds. Only the
admin user can log in to the system. This can be changed, but only
in developer builds: make menuconfig -> System configuration ->
[*]Enable root login with password

YANG Status

Infix devices support downloading all YANG models over NETCONF, including
models with submodules. As a rule, standard models are used as long as
they map to underlying Linux concepts and services. All exceptions are
listed in Infix specific models, detailing deviations and augmentations.

Currently supported models:

  • ieee802-ethernet-interface:

    • Toggle port speed & duplex auto-negotiation on/off
    • Set port speed and duplex when auto-negotiation is off
    • Query port speed/duplex and auto-negotiation status (operational)
    • Frame counters:
    YANG Linux / Ethtool
    out-frames FramesTransmittedOK
    out-multicast-frames MulticastFramesXmittedOK
    out-broadcast-frames BroadcastFramesXmittedOK
    in-total-octets FramesReceivedOK
    + FrameCheckSequenceErrors
    + FramesLostDueToIntMACRcvError
    + AlignmentErrors
    + etherStatsOversizePkts
    + etherStatsJabbers
    in-frames FramesReceivedOK
    in-multicast-frames MulticastFramesReceivedOK
    in-broadcast-frames BroadcastFramesReceivedOK
    in-error-undersize-frames undersize_pkts
    in-error-fcs-frames FrameCheckSequenceErrors
    in-good-octets OctetsReceivedOK
    out-good-octets OctetsTransmittedOK
  • ietf-hardware:

    • Populates standard hardware model from corresponding data in device EEPROMs
    • augments:
      • Initial support for USB ports
      • Vital Product Data (VPD) from device EEPROMs (ONIE structure)
    • infix-hardware: Deviations and augments
  • ietf-system:

    • augments:
      • Message of the Day (MotD) banner, shown after SSH or console login.
        Please note: the legacy motd has been replaced with motd-banner os
        of v24.02. Use CLI text-editor to modify the latter
      • User login shell, default: /bin/false (no SSH or console login)
      • State information for remotely querying firmware version information
    • deviations:
      • timezone-name, using IANA timezones instead of plain string
      • UTC offset, only support per-hour offsets with tzdata
      • Usernames, clarifying Linux restrictions
      • Unsupported features marked as deviations, e.g. RADIUS
    • infix-system-software: firmware upgrade with install-bundle RPC
  • ietf-interfaces:

    • deviation to allow read-write if:phys-address for custom MAC address
    • ietf-ip: augments
      • IPv4LL similar to standardized IPv6LL
    • ietf-ip: deviations (not-supported) added for IPv4 and IPv6:
      • /if:interfaces/if:interface/ip:ipv4/ip:address/ip:subnet/ip:netmask
      • /if:interfaces/if:interface/ip:ipv6/ip:address/ip:status
      • /if:interfaces/if:interface/ip:ipv4/ip:neighbor
      • /if:interfaces/if:interface/ip:ipv6/ip:neighbor
    • ietf-routing: Base model for routing
    • ietf-ipv4-unicast-routing: Static unicast routing, incl. operational
      data, i.e., setting static IPv4 routes and reading IPv4 routing table
    • ietf-ipv6-unicast-routing: Static unicast routing, incl. operational
      data, i.e., setting static IPv6 routes and reading IPv6 routing table
    • ietf-ospf: Limited support for OSPFv2, with additional support for
      injecting default route, and route redistribution. Underlying routing
      engine in use is Frr. Includes operational status + data (routes).
      See infix-routing model for detailed list of deviations
    • infix-ethernet-interface: deviations for ieee802-ethernet-interface
    • infix-routing: Limit ietf-routing to one instance default per
      routing protocol, also details unsupported features (deviations) to both
      ietf-routing and ietf-ospf models, as well as augments made to support
      injecting default route in OSPFv2
    • infix-if-bridge: Linux bridge interfaces with native VLAN support
    • infix-if-type: deviation for interface types, limiting number to
      supported types only. New identities are derived from default IANA
      interface types, ensuring compatibility with other standard models, e.g.,
      ieee802-ethernet-interface.yang
    • infix-if-veth: Linux VETH pairs
    • infix-if-vlan: Linux VLAN interfaces, e.g. eth0.10
  • infix-containers: Support for Docker containers, incl. operational data
    to query status and remotely stop/start containers

  • infix-dhcp-client: DHCPv4 client, including supported options

  • Configurable services:

Changes

  • New hardware support: NanoPi R2S from FriendlyELEC, a simple two-port router

  • Static routing support, now also for IPv6

  • Dynamic routing support with OSPFv2, limited (see infix-routing.yang for
    deviations), but still usable in most relevant use-cases. If you are using
    this and are interested in more features, please let us know!

    • Multiple area support, including different area types
    • Route redistribution
    • Default route injection
    • Full integration with Bidirectional Forward Detection (BFD)
    • Operational status, including but not limited to:
      • OSPF Router ID
      • Neighbor status
      • OSPF routing table
      • Interface type, incl. passive status
    • For more information, see doc/networking.md
  • Support for disabling USB ports in startup-config (no auto-mount yet!)

  • Initial support for Docker containers, see documentation for details:

    • Custom Infix model, see infix-containers.yang for details
    • Add image URL/location and volumes/mounts/interfaces to configuration,
      the system ensures the image is downloaded and container created in the
      background before launching it. If now networking is available the job
      is queued and retried every time a new network route is learned
    • Status and actions (stop/start/restart) available in operational datastore
    • Possible to move physical switch ports inside container, see docs
    • Possible to bundle OCI archives in Infix image, as well as storing any
      file content in factory-config to override container image defaults
  • IEEE Ethernet interface:

    • Support for setting port speed/duplex or auto-negotiating
    • New per-port counters, augments to IEEE model added in infix-ethernet.yang:
      in-good-octets, out-good-octets
  • Many updates to DHCPv4 client YANG model:

    • new options, see infix-dhcp-client.yang for details:
      • Default options: subnet, router, dns+domain, hostname, broadcast, ntpsrv
      • Set NTP servers, require NTP client in ietf-system to be enabled, will
        be treated as non-preferred sources, configured prefer servers wins
      • Learn DNS servers, statically configured servers always takes precedence
      • Install routes, not only from option 3, but also options 121 and 249
    • Support for ARP:ing for client lease (default enabled)
    • Configurable route metrics, by default metric 100 to allow static routes
      to win over DHCP routes, useful for backup DHCP connections
  • IETF Hardware data: added YANG model for vital product data representation,
    and augments for initial USB support (enable/disable)

  • IETF System:

    • the motd augment in infix-system.yang for Message of the Day has
      been marked as obsolete and replaced with motd-banner. The new setting
      is of type binary and allows control codes and multi-line content to be
      stored. The legacy motd will remain for the foreseeable future and
      takes precedence over the new motd-banner setting
    • new text-editor augment in infix-system.yang to select the backend for
      the new text-editor command: emacs, nano, or vi
  • Many updates to the test system, Infamy, incl. new Quick Start Guide in
    updated doc/testing.md to help new developers get started

  • Add htop to default builds, useful for observing and attaching (strace)

  • Change the default shell of the admin user from clish to bash. Change
    required for factory production and provisioning reasons. Only affects the
    built-in default, customer specific factory-config's are not affected!

  • CLI: the set command on a boolean can now be used without an argument,
    set boolean sets the boolean option to true

  • CLI: new command change, for use with ietf-system user passwords, starts
    an interactive password dialog, including confirmation entry. The resulting
    password is by default salted and hashed using sha512crypt

  • CLI: new command text-editor, for use with binary fields, e.g., content
    for file mounts in containers, or the new motd-banner:

      admin@infix-c0-ff-ee:/config/system/> text-editor motd-banner
      ... exit with Ctrl-x Ctrl-c ...
      admin@infix-c0-ff-ee:/config/system/> show
      motd-banner VGhpcyByZWxlYXNlIHdhcyBzcG9uc29yZWQgYnkgQWRkaXZhIEVsZWt0cm9uaWsK;
    
  • CLI: new admin-exec command show ntp [sources]

  • CLI: new admin-exec command show dns to display DNS client status

  • CLI: new admin-exec command show ospf [subcommand]

  • CLI: new admin-exec command show container [subcommand]

  • CLI: new admin-exec command show hardware only USB port status for now

  • CLI: updates to the show interfaces command to better list bridge VLANs

Fixes

  • Fix #177: ensure bridge is not bridge port to itself
  • Fix #259: failure to copy factory-config startup-config in CLI
  • Fix #278: allow DHCP client to set system hostname (be careful)
  • Fix #283: hostname in DHCP request adds quotation marks
  • Fix #294: drop stray v from version suffix in release artifacts
  • Fix #298: drop privileges properly before launching user shell in CLI
  • Fix #312: race condition in ipv4_autoconf.py, causes test to block forever
  • Backport upstream fix to netopeer2-server for fetching YANG models that
    refer to submodules over NETCONF
  • CLI: drop developer debug in set command
  • Fix out-of-place [OK] messages at shutdown/reboot
  • Fix garbled syslog messages due to unicode in Infix tagline, drop unicode