A printable plain text version is also available.
ImageStream Linux Version 4.2.11-58 is now available as a general availability (GA)
release for all ImageStream routers except the Envoy.

This software release is provided at no charge to all ImageStream customers.
Version 4.2.11-58 is a maintenance release that is recommended for all customers
who wish to run the latest GA release on routers other than the Envoy.

This release note documents commands and features added between version 4.2.10-11
and version 4.2.11-58.


The following bugs have been fixed in Version 4.2.11:

Up to 4 GB RAM now Supported

Previous versions of ImageStream Linux supported a maximum of 1 GB RAM.
Version 4.2.11 now supports up to 4 GB of RAM.

L2TP Improvements

Version 4.2.11 fixes stability and scalability problems with L2TP. CPU usage has been
decreased dramatically resulting in the ability to support thousands more connections
on the Gateway platform.

PCI 530-DE Transmit FIFO Underrun Handling Changes

The PCI 530-DE driver will now dynamically increase the transmit FIFO size when
underrun errors occur.

PCI 440 T1/E1/SSI Fixes

Version 4.2.11 adds support for the PCI 440 T1/E1 and SSI cards. Later releases fixed various bugs
related to the drivers and firmware for the cards.


Detailed revision history:

revision 58
   date: 2008/11/12
   440: Added a global 5 second delay in sand_probe() for to allow cards with old
   firmaware to initialize. This workaround is needed on systems with a mix of old
   and new cards.
   configmgr: Remove the sethorizon option for brctl from distributions other than
   4.4.0-pre which don't support it.

revision 57
   date: 2008/11/10
   440: Update to June 30 drivers which fixes a stuck transmitter bug and an
   initialization problem on cards with older firmware.

revision 56
   date: 2008/10/30
   Add Nvidia NForce 10/100/1000 Ethernet driver for the Gateway Express

revision 55
   date: 2008/07/22
   Fix an openvpn server mode script logic bug that logged the username of authentication
   requests to a temporary file even when debugging was disabled (default).

revision 54
   date: 2008/07/02
   Added netcat, ping6 and traceroute6 utilities.
   Updated sshd binary in OpenSSH_4.4p1_2.  Disabled lastlog support.
   Updated sensors binary in sensors_2.6.3_20.  Disabled reporting of min/max and alarms.
   The hardware clock is now copied to the system clock during system startup.
   The system clock is now copied to the hardware clock before reboot or halt.

revision 53
   date: 2008/03/05
   Fixed a bug with MLFR introduced in revision 25. We stopped adding MLFR
   headers to LMI packets and protocol wasn't coming up!

revision 52
   date: 2008/02/28
   Fixed a setnprobe bug that would cause the script to crash and nprobes to shut down
   when more than one interface was configured.

revision 51
   date: 2008/02/20
   530-TEJ, 440-TEJ: Fix timeslot display for E1 mode. It was displaying one too high (timeslot+1).
   Also fixed the handling of timeslots separated by a ',' in E1 mode. It was adding one
   to any timeslot separated by a comma making it impossible to specify non-contiguous
   timeslot mappings for E1.
   Intics: Fixed the "Protocol xxx is buggy" messages that occur when a port is in
   promiscuous mode. Yes this has been fixed in the past but recently broke when I
   made a change to support the newest 2.6 kernel with a completely different skb
   structure which didn't have the skb->nh field. I set the mac pointer but
   not the network pointer for locally generated packets like HDLC keepalives, PPP LCP packets
   and Frame Relay queries.

revision 50
   date: 2008/02/13
   Commit the latest 440 firmware changes into the 4.2.11 release.

revision 49
   date: 2008/02/12
   Revert back e1000 driver from 7.3.20 to 6.3.9 to solve a tx timeout problem on
   Gateways with a particular P4 SBC. We updated to 7.3.20 in release 44 for ICH8 support which
   we don't use currently.

revision 48
   date: 2008/01/25
   Remove dead gateway detection for all routes except default gateway.

revision 47
   date: 2007/12/28
   Revert back to old 440 firmware - SSI cards do not always init properly - stats locked.

revision 46
   date: 2007/12/20
   Reduce the bridge command line length to 1900 from 2048 to fix a customer
   config which was hanging while adding ports to bridge groups. Bash version 2.04
   does not like commands > 2k.

revision 45
   date: 2007/12/06
   Added USB mass storage support and boot support from USB flash drives.

revision 44
   date: 2007/12/05
   Added the latest e1000 driver from the kernel.

revision 43
   date: 2007/11/29
   Fix kernel pppol2tp problem with openl2tpd being signaled for every packet transmitted.

revision 42
   date: 2007/11/26
   Added ucarp 1.3

revision 41
   date: 2007/11/21
   Added powercode install script and menu option.

revision 40
   date: 2007/11/15
   Add sip connection tracking support.

   modprobe ip_conntrack_sip
   modprobe ip_nat_sip
   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   iptables -A INPUT -p udp --dport 5060 -j ACCEPT
   iptables -A FORWARD -p udp --dport 5060 -j ACCEPT
   # Nat as usual -- nothing special needed in the nat rule.
   iptables -t nat -A POSTROUTING -s -j SNAT --to
revision 39
   date: 2007/11/14
   Added a packet mirroring chain.

   Use this chain on the receive chains and it will make a copy of the packet and
   retransmit on the specified interface. Use the rx_ddp chain to mirror the packet
   without the L2 protocol header. The rx_edp chain will mirror it with the L2 protocol


   addchain mirror   


   # Mirror all traffic received on Serial0 without the PPP headers. This will not
   # mirror any of the PPP negotiation traffic (LCP/IPCP/Keepalives).

   loadchain mirror.o mirror

   interface Serial0
    encapsulation ppp
     ip address
     addchain mirror rx_ddp RX_DDP_DEFAULT Ethernet1

revision 38
   date: 2007/11/07
   Fix HFSC qdisc support.

revision 37
   date: 2007/11/06
   440: latest firmware
   sandcore: remove old add_routes and remove_routes routines that were causing
   wait_on_irq messages on routers with thousands of interfaces when the link transitioned

revision 36
   date: 2007/11/05
   Fix broken conntrack support in esfq. Their #ifdef CONFIG_NF_CONNTRACK needed to be CONFIG_NETFILTER

revision 35
   date: 2007/10/31
   Commit latest SAND release with the following changes:

revision 34
   date: 2007/10/16
   Fix bwinit/bwadd so that it doesn't always specify "burst 2k" and artifically
   limit fast classes - 100Mbps classes could only get about 35Mbps.

   Also make bwinit calculate r2q like configmgr does and pass through the bandwidth
   value the user specified instead of recomputing in bytes per second. This means
   the root class will now show "100mbit" instead of 12500000 which was confusing
   as it's in bytes per second!

revision 33
   date: 2007/10/04
   Added latest (4.1.5) version of GNU sed to the distro to support \n

revision 32
   date: 2007/10/01
   Fix tc pfifo_fast so it doesn't display an error for that qdisc. Not sure why
   this broke but something we linked against must have changed!

revision 31
   date: 2007/09/27
   pppd: Fix a problem with a BAS server resending an LCP config request immediately
   after we sent an auth request and LCP was already open. I had pppd die in this case
   because radius cannot reauth without crashing. I changed pppd so that it only dies if
   it had authenticated.

revision 30
   date: 2007/09/25
   Add pppol2tp module with hash table lookups for multiple L2TP tunnels running over
   one socket. In reality what's happening is Linux does not bind an incoming UDP
   connection to the proper secondary ip address - it only binds to the primary.

revision 29
   date: 2007/09/21
   Fix l2tp problem with multiple tunnels on one socket - didn't work. Really
   it's happening when we've got multiple IPs bound to one interface and the
   LACs are round-robining between them. We bind to the primary IP only so all
   our sockets are coming from the one address and were causing the kernel
   not to find the session as it was looking at the wrong socket / tunnel.

revision 28
   date: 2007/09/19
   Change revision.

revision 27
   date: 2007/09/13
   L2TP: Added global "l2tp max-sessions" and "l2tp max-tunnels" commands to limit
   the number of L2TP sessions and tunnels on a system. By default we set max-sessions
   to 4000. I have tested 6000 successfully with 2GB of RAM on a 2.4GHz Core2 Duo
   440: Commit firmware which fixes the Tx problems we were having with T1/E1. Not
   sure if it was the rise time change on the outputs from the FPGA, rerouting
   due to the loopback additions or due to the updated software used to synthesize.

revision 26
   date: 2007/09/04
   Fix problem with iproute2's ip utility not showing interface names but
   if%d instead caused by my recent performance changes.

revision 25
   date: 2007/08/28
   Add support for PPP over Frame Relay and add memory leak check to logging

revision 24
   date: 2007/08/23
   530-DE: When a Tx FIFO underrun occurs increase the fifo threshold to the next
   value. Default is 128 bytes, then 256, 512, 1024 and finally store and forward
   (entire frame must be in the fifo before transmitting onto the line)

   These FIFO underruns occur when the card cannot perform PCI bus read request to
   fetch more data for the FIFO before the FIFO empties. It only takes 23 microseconds
   to empty 128 bytes at DS3 speeds. A 32 bit 33 MHz PCI bus should be able to transfer
   128 bytes in approximately 2 microseconds.

revision 23
   date: 2007/08/20
   Fix problems with esfq not being recognized by tc - change the main structure
   from esfq_qdisc_util to esfq_util so the tc from iproute2-2.4.7 would recognize it.
   Compile as a module which will get probed by tc.

revision 22
   date: 2007/08/17
   Configmgr: Dramatically decrease the time it takes to install 2000 atm route-bridged
   interfaces since the chicken/egg fix a month ago. We now combine multiple brctl
   commands into as many as will fit in 2k

   Configmgr: Check for invalid proto sub indexes and vlan indexes so Serial0.0 doesn't
   do nasty things like change the master interface's bandwidth and hang configmgr
   with an extra module count on sandcore.

   iproute2: Fix the ip command so it doesn't load the entire interface table on init.
   brctl: Allow multiple commands to be sent for multiple bridges not just multiple settings
   on one bridge - i.e. set br = NULL at the end of the loop.

revision 21
   date: 2007/08/16
   Added ESFQ support (enhanced SFQ) to the kernel to allow SFQs that can hash
   based on source or dest IP instead of by connection to provide fair access
   per machine and not let one machine with heavy P2P traffic dominate.

revision 20
   date: 2007/08/15
   Added license support to the 2.4 distro - same as Envoy.

revision 19
   date: 2007/08/10
   Fix power on init problem with the r8169 RealTek GigE drivers for the R1.
   If I ifconfig down/up the interface it starts working. With ethtool it would
   hang getting stats. Ifconfig showed 0 packets tx and rx. It only happened
   on cold power start.

   I simply call the tx_timeout routine to reinit it on open.

revision 18
   date: 2007/08/09
   Modify phy init for the single port POS/OC3 card per Andre.

revision 17
   date: 2007/08/07
   Added sand 3.5.26 release 9 with loopback support for the 1001/1004-O3 POS/OC3 cards.
   Commands are the same as DS3/T1:

   For line loopback (bypasses the framer):

   interface Serial0
    loopback line

   For local loopback (framer sends back to us):

   interface Serial0
    loopback local

   No payload loopback is available meaning we cannot have the remote's data come in
   to our framer and then go back out thereby testing our framer.

revision 16
   date: 2007/08/03
   Added 1104-O3 driver with phy debugging messages/statistics
   that print every 3 seconds when hardware debug >= 8.

revision 15
   date: 2007/07/31
   Remove dead gateway detection debug

revision 14
   date: 2007/07/13
   Fix dead gateway detection.

revision 13
   date: 2007/06/22
   Configmgr: Fix chicken/egg problem with bridging over tunnels for good this time!
   I split the bvi configuration out from adding the bridge ports. Now the bvi
   gets configured and IPs assigned to it. Then tunnels are spawned. Then bridge
   ports are added. That allows a tunnel to specify a source IP from one bridge group
   and bridge that tunnel to another bridge group.

revision 12
   date: 2007/06/14
   Removed some debug from SoftATM code.

revision 11
   date: 2007/06/08
   SoftATM: Tweak tx scheduler table size to avoid CRC errors.

revision 10
   date: 2007/06/07
   Major memory leak/crash fixes for SoftATM/IMA - don't try to reset the ring
   or bad things can happen. Also fix a small memory leak - 4 chains per port were
   not getting freed properly in ATM/IMA mode.
   Core: add a logging thread to queue up log messages from PROTO_DEBUG and HW_DEBUG
   so they don't get sent to the console at hard interrupt time. I had to update
   all hardware drivers that did printk's instead of SAND_DEBUG.

revision 9
   date: 2007/06/01
   Added fix for OpenL2TP crashing on mtu change - mtu didn't really change!

revision 8
   date: 2007/05/30
   Disable sconsoled to solve the gateway serial console lockup for a customer.
   This also fixes the problems with panics not being printed. This should not break

revision 7
   date: 2007/05/22
   Added newest tg3 driver for new Gateway with 2xGigE ports
   Added the latest 440 driver fixes for SSI/high speed mode.

revision 6
   date: 2007/05/17
   Added 440 driver changes to support high speed operation with SSI cards.

revision 5
   date: 2007/05/16
   Added OpenCalea package to 4.2.11 and changed the udhcpc client script to
   support load balancing DHCP connections by default. It will add the default
   route as a nexthop route and add an ip rule to match the local ip and send to
   a routing table id based on the interface's id as shown by ip link. The interface's
   subnet and a default route are placed in the separate routing table so that
   NAT will work properly - packets sourced locally from the router will go out
   the correct interface.

revision 4
   date: 2007/05/06
   Added latest OpenL2TP software and 1 minor sand change - configmgr waits
   1 second before blasting configs.

revision 3
   date: 2007/04/25
   Added OpenL2TP version 0.17 compiled with DMALLOC enabled - doesn't crash now!
   PPP: don't take down LCP and exit when receiving a config request over L2TP

revision 2
   date: 2007/04/24
   Recompile everything for 4Gig high memory support.