Patch release notes 2110d
Vyatta NOS patch release notes 2110d.
Released May 20, 2022
Issues resolved
Issues resolved in 2110d.
Issue number | Priority | Summary |
|---|---|---|
VRVDR-57405 | Blocker | IPsec VCI : vyatta-security-vpn-ipsec-vci.service cored across IPsec client/server RA-VPN and DMVPN on Luton / libopds.so abort() |
VRVDR-57673 | Critical | GNSS 0: hardware failure: [Errno 110] Operation timed out following power-cycle |
VRVDR-57467 | Critical | Banner with newline prevents loading configuration after upgrade from 1903j to 1908n |
VRVDR-56050 | Critical | LACP — Cannot IPv6 ping with mtu set and bonding removed |
VRVDR-55058 | Critical | Routing instance route-distinguisher value changes stops BGP prefix from propagating |
VRVDR-56702 | Critical | add system image for Kington fails when base image is 1912p, works fine from 1903m base |
VRVDR-57307 | Critical | Attempting NAT on an ICMP other than echo request/reply causes dataplane crash |
VRVDR-57165 | Critical | DCSG crash in bgp_master_option_check |
VRVDR_57039 | Critical | Make IPsec trie pools dynamic |
VRVDR-56939 | Critical | Commit failing while deleting vm and vhost interfaces |
VRVDR-56916 | Critical | Installer errors and fails to install image on upgrade of Flexware box from 1903 |
VRVDR-56901 | Critical | Vyatta vrouter in Azure crashes randomly |
VRVDR-57491 | Major | Version shows empty last reboot info if snmp service is not enabled |
VRVDR-57440 | Major | SIAD Boundary Clock becomes unlocked after Grand Master ports bounced |
VRVDR-57256 | Major | vyatta-ptp-mib-subagent log is seen constantly on SIAD when PTP is configured |
VRVDR-57149 | Major | Allow dynamic local traffic selectors |
VRVDR-57133 | Major | IPsec RA-VPN Clients : charon-systemd querying SAD entry with SPI index failed: Operation not permitted |
VRVDR-56343 | Major | Reboot command fails on read only root filesystem |
VRVDR-56969 | Major | IPsec configuration with "tunnel 0" as configuration might be not functional or ignored |
VRVDR-56872 | Minor | 'delete system image <version>' logs deletion as a warning |
VRVDR-56390 | Minor | Reboot Reason string change causing test failure |
Security vulnerabilities resolved
Security vulnerabilities resolved in 2110d.
Issue number | CVSS score | Advisory | Summary |
|---|---|---|---|
VRVDR-57493 | 7.5 | CVE-2022-1271: Debian DSA-5123-1 : xz-utils — security update | |
VRVDR-57273 | 7.5 | CVE-2021-25220, CVE-2022-0396: Debian DSA-5105-1 : bind9 — security update | |
VRVDR-57243 | 7.5 | CVE-2021-4160, CVE-2022-0778: Debian DSA-5103-1 : openssl — security update | |
VRVDR-57102 | 8.8 | CVE-2022-24407: Debian DSA-5087-1 : cyrus-sasl2 — security update | |
VRVDR-57078 | 9.8 | CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315: Debian DSA-5085-1 : expat — security update |
GNSS events
The GNSS (Global Navigation Satellite System) can be in an unexpected state, or be in a temporary state for too long. Therefore, when such issues are detected, an SNMP GNSS failure trap is sent, with a reason for the failure. When the failure event ends, an SNMP GNSS recovery trap is sent. They are also resent periodically when in a failure condition.
The GnssFailure trap is sent for any of the GNSS failure conditions. The failure reason message indicates the cause for the failure. While in a failure condition the trap is sent every 60 minutes. When leaving the failure condition, the GnssRecovery trap is sent.
Timings for the traps sent are approximate, as polling for GNSS status is done about every 10 to 15 seconds.
The following table describes the possible reasons for GNSS failures. These are in the order that is reported if more than one issue occurs.
Failure reason | Text of reason sent in trap |
|---|---|
The GNSS module has not been detected. | Module not detected |
The GNSS module has been disabled by the administrator. | Module disabled by admin |
The GNSS module has reported a failure. | Hardware failure |
The antenna of the GNSS module has failed. |
|
The GNSS module has not been able to enter the tracking state for at least the time specified by the | Holdover exceeded configured duration |
The GNSS module has taken longer than the time specified by the | Too long in entering tracking state |
This patch adds the following configuration commands:
set service gnss instance [number] tracking-time-limit [seconds]number is the instance number of the GNSS receiver in the system. Most systems have at most one GNSS receiver with an instance number of 0.
seconds is how long to wait, in seconds, until a GNSS failure trap indicates that it has taken too long to enter the tracking state. This value must be as follows:
- Has a minimum value of
10 - Is a multiple of
10 - Less than the
holdover-time-limitconfiguration variable - Defaults to a value of
900(15 minutes)
If the tracking state has not transitioned to tracking by the time specified in this configuration value, then a trap is sent with the reason Too long in entering tracking state.
set service gnss instance [number] holdover-time-limit [seconds]number is the instance number of the GNSS receiver in the system. Most systems have at most one GNSS receiver with an instance number of 0.
seconds is how long to wait, in seconds, until a GNSS failure trap indicates that the holdover time has been exceeded. This value must be as follows:
- Has a minimum value of
20 - Is a multiple of
10 - More than the
tracking-time-limitconfiguration variable - Defaults to a value of
7200(2 hours)
If the tracking state has not transitioned to tracking by the time given in this configuration value, then a trap is sent with the reason Holdover exceeded configured duration.
Reboot reason MIB
-
A new MIB
attVrouterRebootReasonMIBhas been added to this patch.
| MIB Name |
Document Title |
OIDs |
|---|---|---|
|
attVrouterRebootReasonMIB |
ATT-VROUTER-REBOOT-REASON-MIB |
1.3.6.1.4.1.74.1.32.7 |
--*********************************************************************
-- ATT-VROUTER-REBOOT-REASON-MIB
--
-- Copyright (c) 2021 by AT&T Intellectual Property.
-- All rights reserved.
--
-- Redistribution and use in source and binary forms, with or without
-- modification, are permitted provided that the following conditions
-- are met:
--
-- 1. Redistributions of source code must retain the above copyright
-- notice, this list of conditions and the following disclaimer.
-- 2. Redistributions in binary form must reproduce the above
-- copyright notice, this list of conditions and the following
-- disclaimer in the documentation and/or other materials provided
-- with the distribution.
-- 3. Neither the name of the copyright holder nor the names of its
-- contributors may be used to endorse or promote products derived
-- from this software without specific prior written permission.
--
-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-- 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-- FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-- COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-- BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-- ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-- POSSIBILITY OF SUCH DAMAGE.
--
-- SPDX-License-Identifier: BSD-3-Clause
--
--*********************************************************************
ATT-VROUTER-REBOOT-REASON-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
enterprises, NOTIFICATION-TYPE
FROM SNMPv2-SMI
TEXTUAL-CONVENTION
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
attVrouterRebootReasonMIB MODULE-IDENTITY
LAST-UPDATED "202105040000Z" -- May 04, 2021
ORGANIZATION "AT&T Inc."
CONTACT-INFO
"Postal: 208 S. Akard Street
Dallas, TX 75202
Web: www.att.com
"
DESCRIPTION
"This MIB describes notification objects
that describe the cause of system reboot
for the Vyatta Vrouter.
Copyright (C) 2021 AT&T Intellectual Property.
"
REVISION "202105040000Z" -- May 05, 2021
DESCRIPTION
"Initial version"
::= { attVrouter 7 }
attEnterprise OBJECT IDENTIFIER ::= { enterprises 74 }
attProducts OBJECT IDENTIFIER ::= { attEnterprise 1 }
attVrouter OBJECT IDENTIFIER ::= { attProducts 32 }
attVrouterRebootReasonNotifications OBJECT IDENTIFIER
::= { attVrouterRebootReasonMIB 0 }
attVrouterRebootReasonObjects OBJECT IDENTIFIER
::= { attVrouterRebootReasonMIB 1 }
RebootReasonType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An enumerated value which provides the
reason for reboot."
SYNTAX INTEGER {
powerOff(1),
warmReboot(2),
coldReboot(3),
systemImageChange(4),
systemCrash(5),
other(6)
}
attVrouterRebootReasonType OBJECT-TYPE
SYNTAX RebootReasonType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A value that indicates the reason for
system reboot."
::= { attVrouterRebootReasonObjects 1 }
attVrouterRebootReasonDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A textual description of the reason for
system reboot."
::= { attVrouterRebootReasonObjects 2 }
attVrouterRebootReason NOTIFICATION-TYPE
OBJECTS {
attVrouterRebootReasonType,
attVrouterRebootReasonDescr
}
STATUS current
DESCRIPTION
"This notification specifies the cause
of system reboot for the Vyatta Vrouter."
::= { attVrouterRebootReasonNotifications 1 }
END