ImageStream Linux 4.2.7
From ImageStream Router Documentation
ImageStream Linux Version 4.2.7 is now available as a general availability (GA) release for all ImageStream router customers.
This software release is provided at no charge to all ImageStream customers. Version 4.2.7 is a maintenance release and recommended for all customers who wish to run the latest GA release.
This release note documents commands and features added between version 4.2.6 and version 4.2.7 including features added in all version 4.2.7 beta releases.
New Features in Version 4.2.7
ATM Quality of Service Support Added to SoftCell ATM/IMA
- SoftCell ATM/IMA now supports UBR, VBR and CBR settings identical to those previously supported in ImageStream's ATM DS3 and OC3 hardware adapters. SoftCell also has an improved cell scheduler with the ability to interleave cells from multiple PVCs.
DHCP Server Support Added to Inetics
- A full-featured DHCP server has been added to the 4.2.7 release and integrated into the Inetics interface configuration. The DHCP server is very easy to configure and supports most commonly used DHCP server features.
For more information on DHCP server configuration, please visit http://support.imagestream.com/DHCP_Server_Configuration.html
PIM Multicast Routing Support Added to Inetics
- Previous ImageStream Linux releases had basic PIM V2 support that was not configured via Inetics. Version 4.2.7 adds enhanced PIM V2 support integrated into the Inetics interface configuration.
Enhanced RADIUS Support for PPPoE/PPPoA/L2TP
- Version 4.2.7 supports RADIUS bandwidth limiting on a per-user basis via the ASCEND_DATA_RATE (rx) and ASCEND_XMIT_RATE (tx) RADIUS attributes. PPPoE, PPPoA and L2TP sessions can now have their transmit and receive bandwidth limited using these RADIUS attributes. The stats utility has been updated to show users' download and upload speeds. Other attributes now supported include FRAMED_IP_NETMASK, FRAMED_MTU, and FRAMED_ROUTE. Failover support has been improved and the ability to specify separate authentication and accounting servers has been added.
New Command to Show Current PPPoE/PPPoA/L2TP Users
- A new command "ppp-users" has been added to the system. This command displays a list of current PPPoE, PPPoA aand L2TP users, the interface they're logged in from, their user name and their IP address. This command can be used from the command prompt.
OpenSSL, OpenSSH and zlib Potential Vulnerabilities Patched
- Version 4.2.7 includes the latest versions of the OpenSSL and zlib libraries that patch potential vulnerabilities.
- OpenVPN has been updated to version 2.0.7. It is now configured via the Inteics interface configuration, and includes a highly scalable server mode for handling multiple TCP/UDP clients with a single port number. Server mode enables a simplified and usually identical client configuration, with centralized server-side management of client IP addresses, routes and other tunnel options using the new server push feature.
- For more information on OpenVPN server configuration, please visit
- Quagga 0.99.5 adds SMUX support, debugging and status information, and fixes many problems with BGP and OSPF. All versions of Quagga prior to 0.99 used a synchronous messaging interface between the BGP, OSPF and Zebra processes. This could lead to dropped BGP sessions under certain circumstances such as when short keepalive timers were used. Also included in version 4.2.7 is a new Quagga periodic timer which checks the kernel routing table to ensure the kernel stays in sync with Quagga. An out-of-sync event could happen in previous versions when a BGP interface was shut down or had an IP address added, changed or removed.
Added Unstructured/Unframed and CRC4 support to 604 and 608 E1 cards
- Version 4.2.7 adds unstructured/unframed and CRC4 support to the 4 and 8 port E1 cards.
VRRP Now Supports Subnet Mask and Broadcast Address Options
- Version 4.2.7 adds a subnet mask and broadcast address specification to the vrrp command. Previous versions required all backup routers to allocate an IP address in the same subnet as the master router. These extra allocations are wasteful and often not possible with small subnets. These options allow a backup router to take over the VRRP IP address without allocating a second IP address in the VRRP subnet.
Dumpleases Added to UDHCP server
- The dumpleases utility has been added to the UDHCP package. This utility is required to view information on DHCP leases handed out by the udhcpd server. Previous releases included the udhcpd server as a simple stand-alone DHCP server with no Inetics integration. Version 4.2.7 includes a new full-featured DHCP server with Inetics integration. This utility is useful for customers who prefer to use the older stand-alone udhcpd server.
Persistent Command Tracking in Configmgr
- Configmgr now has the ability to keep track of daemons and restart them if they exit for any reason. Configmgr now tracks OpenVPN and pimd processes. It is possible for an OpenVPN client process to terminate if invalid server push options are specified.
- With persistent command tracking, invalid options from the server will not require an administrative restart on the client.
Configmgr Logs Messages via Syslog
- Configmgr now logs all messages to syslog. Users can view the router event log, if enabled, to see configmgr messages.
Added Support for netfilter "recent" module
- Version 4.2.7 adds support for the iptables "recent" module which can be used to prevent brute force attacks and stop network scans.
The following bugs have been fixed in Version 4.2.7:
bwadd Doesn't Work for IP-based Rate-Limiting
- Version 4.2.6 incorrectly added tc filters to the wrong parent class for IPs specified with the "--ip" command. Version 4.2.7 correctly adds filters to the proper parent class.
530 Series DS3/E3 Card Queues Can Stall Under Heavy Transmit Loads
- Version 4.2.7 fixes a driver problem with the 530 series DS3/E3 cards. In previous 4.2 releases, the 530 series DS3/E3 cards could periodically encounter a panic condition with heavily loaded transmit queues. Version 4.2.7 corrects the queue problem that causes this error.
SoftCell ATM PVCs Stop Transmitting Under Specific Conditions
- Version 4.2.7 fixes several related driver problems with interfaces that support SoftCell ATM for T1 and E1. Previous versions would periodically stop transmitting with a "NULL token" error or a "transmit timed-out" error. The new PVC scheduling in Version 4.2.7 corrects this problem.
Improper Interface Restarting with ATM PVC Range Statement
- The 4.2.7 release fixes a reload problem with certain ATM PVCs being restarted when nothing on the PVC changed. The restart could disconnect PPPoE/PPPoA users unnecessarily. Exceptions to ATM PVC ranges no longer trigger a PVC restart when the configuration is reloaded.
Fix Hardware Status Monitoring with the 1104-O3 POS Card
- Version 4.2.7 fixes problems with the 1104-O3 card's ability to detect hardware status transitions. Previous versions used an interrupt-based method which could miss a hardware up event if another transient line condition was also present.
Fix Stability Problem with the 1104-O3 POS Card in Rebel Routers
- The 4.2.7 release includes numerous stability enhancements for the 1104-O3 POS Card including an interrupt lockup issue when the card is installed in a Rebel Router.
430-TE Card Transmit Timeout and Rx Overrun Recovery Bug
- Version 4.2.7 solves a race condition in the 430-TE driver which could lead to occasional transmit timeout errors. The receive overrun handling was also reworked so that the entire card is not reset on Rx overruns to solve a receiver lockup problem on certain platforms.
IPCP Negotiation Problem with Multilink PPP
- Previous releases negotiated IPCP for each link instead of just once for the Multilink PPP bundle. This caused interoperability problems with Huawei routers.
QOS on VLAN Interfaces Did Not Function Properly
- Transmit queues have been enabled on VLAN interfaces to allow QOS to function properly on VLAN interfaces.
- Version 4.2.7 solves several problems with L2TP. An error condition could cause a NULL pointer to be passed to the kernel causing a crash. A UDP socket control bug could lead to certain tunnels going down, getting stuck in the CLOSING state and not re-establishing connectivity with the LAC.
Cisco HDLC SLARP Requests Freed Memory Twice
- Version 4.2.7 fixes a bug in the Cisco HDLC SLARP request processing that caused memory to be freed twice resulting in a kernel panic.
Updated Ethernet Networking Drivers
- Updated drivers include the E100 and E1000 drivers from Intel, Tigon3 (3Com GigE), National Semiconductor (Envoy) and RealTek 8169 (Latest R1).
Source NAT with Multiple Providers Did Not Function Properly
- Version 4.2.6 removed a routes patch which performs a source IP lookup from the connection tracking table prior to making routing decisions. The patch was thought to have caused problems with source NAT and multiple providers. The patch was not the problem. An ip rule statement is needed in addition to the routes patch for multi-provider SNAT. The routes patch is included again in the 4.2.7 release.
Communications Problems between PPPoE over ATM and ATM Route-bridged Interfaces
- Version 4.2.7 fixes a Linux netfilter bridging bug with PPPoE over ATM and ATM
Route-bridged interfaces. Packets recevied on route-bridged interfaces would have their ethernet headers mangled when transmitting them on a PPPoE over ATM interface.
E1000 Does not Support Forced Speed and Duplex Settings
- Version 4.2.7 fixes an inability to set Speed or Duplex settings the E1000 Gigabit Ethernet adapter. This release also fixes a spinlock bug present in the Intel E1000 driver which can cause an SMP router to freeze when ethtool is used to set the speed or duplex.
Connection Tracking/NAT Enhancements
- The 4.2.7 release includes a rework of the Linux connection tracking module core and its handling of table overflows. The new code works harder to remove invalid connections from network scans before resorting to an overflow event - i.e. dropping a new connection when the table is full. This release also increases the size of the conntrack hash table and maximum number of connections tracked. These changes greatly reduce occurances of table overflows and result in better performance when connection tracking is enabled.
Displaying Firewall Rules and Packet Counters Loads Connection Tracking Modules
- Version 4.2.7 fixes a problem with the "Display rules and packet counters" menu option. The option would inadvertantly load the connection tracking module even if no NAT rules were present in the firewall configuration. This could lead to higher CPU utilization, higher memory consumption and connection tracking table overflows on routers that were not configured for connection tracking.
Pico Editor Word Wrap Creates Errors in Firewall Configuration
- Version 4.2.7 disables pico word wrap which caused problems in configuration
files with very long lines - most notably the firewall configuration file.
Configmgr Didn't Properly Set Path Cost or Port Priorities on Bridges
- Version 4.2.7 fixes a problem with Configmgr not setting the specified path cost
or port priorities on bridge groups.
ARP Entries Created for Interfaces with IFF_NOARP set
- Version 4.2.7 fixes a problem with ARP entries being added on point-to-point interfaces with ARP disabled. Routes added via device name (Serial0) instead of gateway IP address would have hidden ARP entries added for each unique destination. Those hidden ARP could not be shown using userspace commands but were present and could lead to neighbour table overflows on very busy routers.