Infix v24.02.0-rc2

Note: the root account is disabled in official builds. Only the
admin user can log in to the system. This can be changed, but only
in developer builds: make menuconfig -> System configuration ->
[*]Enable root login with password

YANG Status

Infix devices support downloading all YANG models over NETCONF, including
models with submodules. As a rule, standard models are used as long as
they map to underlying Linux concepts and services. All exceptions are
listed in Infix specific models, detailing deviations and augmentations.

Currently supported models:

• ieee802-ethernet-interface:

  • Toggle port speed & duplex auto-negotiation on/off
  • Set port speed and duplex when auto-negotiation is off
  • Query port speed/duplex and auto-negotiation status (operational)
  • Frame counters:

  YANG	Linux / Ethtool
  out-frames	FramesTransmittedOK
  out-multicast-frames	MulticastFramesXmittedOK
  out-broadcast-frames	BroadcastFramesXmittedOK
  in-total-octets	FramesReceivedOK
  	+ FrameCheckSequenceErrors
  	+ FramesLostDueToIntMACRcvError
  	+ AlignmentErrors
  	+ etherStatsOversizePkts
  	+ etherStatsJabbers
  in-frames	FramesReceivedOK
  in-multicast-frames	MulticastFramesReceivedOK
  in-broadcast-frames	BroadcastFramesReceivedOK
  in-error-undersize-frames	undersize_pkts
  in-error-fcs-frames	FrameCheckSequenceErrors
  in-good-octets	OctetsReceivedOK
  out-good-octets	OctetsTransmittedOK

• ietf-hardware:

  • Populates standard hardware model from corresponding data in device EEPROMs
  • augments:
    • Initial support for USB ports
    • Vital Product Data (VPD) from device EEPROMs (ONIE structure)
  • infix-hardware: Deviations and augments

• ietf-system:

  • augments:
    • Message of the Day (MotD) banner, shown after SSH or console login.
      Please note: the legacy motd has been replaced with motd-banner os
      of v24.02. Use CLI text-editor to modify the latter
    • User login shell, default: /bin/false (no SSH or console login)
    • State information for remotely querying firmware version information
  • deviations:
    • timezone-name, using IANA timezones instead of plain string
    • UTC offset, only support per-hour offsets with tzdata
    • Usernames, clarifying Linux restrictions
    • Unsupported features marked as deviations, e.g. RADIUS
  • infix-system-software: firmware upgrade with install-bundle RPC

• ietf-interfaces:

  • deviation to allow read-write if:phys-address for custom MAC address
  • ietf-ip: augments
    • IPv4LL similar to standardized IPv6LL
  • ietf-ip: deviations (not-supported) added for IPv4 and IPv6:
    • /if:interfaces/if:interface/ip:ipv4/ip:address/ip:subnet/ip:netmask
    • /if:interfaces/if:interface/ip:ipv6/ip:address/ip:status
    • /if:interfaces/if:interface/ip:ipv4/ip:neighbor
    • /if:interfaces/if:interface/ip:ipv6/ip:neighbor
  • ietf-routing: Base model for routing
  • ietf-ipv4-unicast-routing: Static unicast routing, incl. operational
    data, i.e., setting static IPv4 routes and reading IPv4 routing table
  • ietf-ipv6-unicast-routing: Static unicast routing, incl. operational
    data, i.e., setting static IPv6 routes and reading IPv6 routing table
  • ietf-ospf: Limited support for OSPFv2, with additional support for
    injecting default route, and route redistribution. Underlying routing
    engine in use is Frr. Includes operational status + data (routes).
    See infix-routing model for detailed list of deviations
  • infix-ethernet-interface: deviations for ieee802-ethernet-interface
  • infix-routing: Limit ietf-routing to one instance default per
    routing protocol, also details unsupported features (deviations) to both
    ietf-routing and ietf-ospf models, as well as augments made to support
    injecting default route in OSPFv2
  • infix-if-bridge: Linux bridge interfaces with native VLAN support
  • infix-if-type: deviation for interface types, limiting number to
    supported types only. New identities are derived from default IANA
    interface types, ensuring compatibility with other standard models, e.g.,
    ieee802-ethernet-interface.yang
  • infix-if-veth: Linux VETH pairs
  • infix-if-vlan: Linux VLAN interfaces, e.g. eth0.10

• infix-containers: Support for Docker containers, incl. operational data
  to query status and remotely stop/start containers

• infix-dhcp-client: DHCPv4 client, including supported options

• Configurable services:

  • ieee802-dot1ab-lldp: stripped down to an enabled setting
  • infix-services: support for enabling mDNS service/device discovery

Changes

• New hardware support: NanoPi R2S from FriendlyELEC, a simple two-port router

• Static routing support, now also for IPv6

• Dynamic routing support with OSPFv2, limited (see infix-routing.yang for
  deviations), but still usable in most relevant use-cases. If you are using
  this and are interested in more features, please let us know!

  • Multiple area support, including different area types
  • Route redistribution
  • Default route injection
  • Full integration with Bidirectional Forward Detection (BFD)
  • Operational status, including but not limited to:
    • OSPF Router ID
    • Neighbor status
    • OSPF routing table
    • Interface type, incl. passive status
  • For more information, see doc/networking.md

• Support for disabling USB ports in startup-config (no auto-mount yet!)

• Initial support for Docker containers, see documentation for details:

  • Custom Infix model, see infix-containers.yang for details
  • Add image URL/location and volumes/mounts/interfaces to configuration,
    the system ensures the image is downloaded and container created in the
    background before launching it. If now networking is available the job
    is queued and retried every time a new network route is learned
  • Status and actions (stop/start/restart) available in operational datastore
  • Possible to move physical switch ports inside container, see docs
  • Possible to bundle OCI archives in Infix image, as well as storing any
    file content in factory-config to override container image defaults

• IEEE Ethernet interface:

  • Support for setting port speed/duplex or auto-negotiating
  • New per-port counters, augments to IEEE model added in infix-ethernet.yang:
    in-good-octets, out-good-octets

• Many updates to DHCPv4 client YANG model:

  • new options, see infix-dhcp-client.yang for details:
    • Default options: subnet, router, dns+domain, hostname, broadcast, ntpsrv
    • Set NTP servers, require NTP client in ietf-system to be enabled, will
      be treated as non-preferred sources, configured prefer servers wins
    • Learn DNS servers, statically configured servers always takes precedence
    • Install routes, not only from option 3, but also options 121 and 249
  • Support for ARP:ing for client lease (default enabled)
  • Configurable route metrics, by default metric 100 to allow static routes
    to win over DHCP routes, useful for backup DHCP connections

• IETF Hardware data: added YANG model for vital product data representation,
  and augments for initial USB support (enable/disable)

• IETF System:

  • the motd augment in infix-system.yang for Message of the Day has
    been marked as obsolete and replaced with motd-banner. The new setting
    is of type binary and allows control codes and multi-line content to be
    stored. The legacy motd will remain for the foreseeable future and
    takes precedence over the new motd-banner setting
  • new text-editor augment in infix-system.yang to select the backend for
    the new text-editor command: emacs, nano, or vi

• Many updates to the test system, Infamy, incl. new Quick Start Guide in
  updated doc/testing.md to help new developers get started

• Add htop to default builds, useful for observing and attaching (strace)

• Change the default shell of the admin user from clish to bash. Change
  required for factory production and provisioning reasons. Only affects the
  built-in default, customer specific factory-config's are not affected!

• CLI: the set command on a boolean can now be used without an argument,
  set boolean sets the boolean option to true

• CLI: new command change, for use with ietf-system user passwords, starts
  an interactive password dialog, including confirmation entry. The resulting
  password is by default salted and hashed using sha512crypt

• CLI: new command text-editor, for use with binary fields, e.g., content
  for file mounts in containers, or the new motd-banner:

    admin@infix-c0-ff-ee:/config/system/> text-editor motd-banner
    ... exit with Ctrl-x Ctrl-c ...
    admin@infix-c0-ff-ee:/config/system/> show
    motd-banner VGhpcyByZWxlYXNlIHdhcyBzcG9uc29yZWQgYnkgQWRkaXZhIEVsZWt0cm9uaWsK;
  

• CLI: new admin-exec command show ntp [sources]

• CLI: new admin-exec command show dns to display DNS client status

• CLI: new admin-exec command show ospf [subcommand]

• CLI: new admin-exec command show container [subcommand]

• CLI: new admin-exec command show hardware only USB port status for now

• CLI: updates to the show interfaces command to better list bridge VLANs

Fixes

• Fix #177: ensure bridge is not bridge port to itself
• Fix #259: failure to copy factory-config startup-config in CLI
• Fix #278: allow DHCP client to set system hostname (be careful)
• Fix #283: hostname in DHCP request adds quotation marks
• Fix #294: drop stray v from version suffix in release artifacts
• Fix #298: drop privileges properly before launching user shell in CLI
• Fix #312: race condition in ipv4_autoconf.py, causes test to block forever
• Backport upstream fix to netopeer2-server for fetching YANG models that
  refer to submodules over NETCONF
• CLI: drop developer debug in set command
• Fix out-of-place [OK] messages at shutdown/reboot
• Fix garbled syslog messages due to unicode in Infix tagline, drop unicode