Release notes from Factory release 1.13.001 to Factory release 1.16.001

• Change to persistent data storage logic and timing

BGP

• Correct BGP route tie break where one route has MED set and one does not. No MED set is now treated as MED 0 correctly
• Minor adjustment in graceful restart logic (not yet advertised)
• Fixed long delay rebooting when BGP active
• Colours on BGP status on web page

Config

• Fixed factory default config for dns host name my.firebrick.co.uk - this means a new factory release of code.
• Corrected parsing of an IP using final :: in place of :0 (i.e. seemed to have too many colons)
• Not generating initial or trailing :: on IPv6 addresses where only one block replaced

DNS

• DNS resolver negative caching handling and tweaks to handle VoIP DNS lookups where CNAME used
• Corrected negative caching timings

Flash

• Image priority tagging removed. Flash contents display shows penalty but no longer priority.
• Change to flash block allocation strategy to spread block usage.

L2TP

• Changed IPv6 padding to be more generic padding of any packet that looks too short and under 73 bytes so works with IPv6 over LCP on BT 20CN lines
• Changed DHCPv6 served timing for L2TP
• Added RADIUS option to avoid LCP restart on mismatched MRU
• Corrected sending MTU in RADIUS auth (could be sent twice in some cases)
• Allowing up to 64 byte CHAP challenge size in proxy auth

Logging

• Better wording for missed log entries

Ping

• Not trying to print reverse DNS on ping command while waiting DNS response

Ports

• Avoid spurious port down messages at startup.

PPPoE

• Config change losing external PPPoE IPv6 address from routing
• Fixed IPv6 prefix delegation timeout issue
• Issue with IPv6 DNS servers not working on a second PPPoE client connection if same as previous

Profiles

• Fixed bug - a ping profile with no routing to send the ping was causing buffer loss
• Possible problem in ping profiles could result in a watchdog failure

RADIUS

• Corrected RADIUS tagging on NSN parameters in platform radius.
• Work on RADIUS accounting to get better stats in case of pre-empted session
• RADIUS accounting refernce could change some time after reboot depending on clock setting, fixed
• Fix buffer leakage if RADIUS servers time out

Time

• Added very simple sanity check to SNTP clock setting, and logging to right place
• Logging IP from which clock was set

VoIP

• Ignoring silly almost empty SIP packets from gigaset (some NAT thing)
• Adjust for restart of LCP on PPP happening when non 1500 MTU proxied negotiation

VRRP

• Fix issue if two separate VRRP configs used with same VRID one for IPv4 and one for IPv6

Web and CLI control

• Added hard reboot option

Web control pages

• Session list copes better if you stop the browser while displaying
• Typo in web config for dns-host/block
• Format of manual image upload UI page changed in line with auto update.
• Avoid unnecessary invocation of bootloader when system reboot is requested

Web status pages

• Fix session table display lockup

Release notes from Factory release 1.10.001 to Factory release 1.11.004

BGP

• Adjusted RR logic on BGP to avoid incorrect messing with next hop decision
• Changed BGP to silently ignore routes where we are already the next hop
• BGP change to still process withdraw in same packet as silently ignored routes (typically if using route reflectors)
• Added peer level export-med to set MED on exported routes (unless explicitly set in export filter) as this is commonly the only export filter
• Made local routes (apart from dead-end) take priority over equivilant BGP originated routes
• Changed ttl-security option to be 1 to 127, and use -ve as meaning force TTL sending and no checking
• Added import-localpref at peer level as a common global setting on EBGP links
• Obscure race condition on BGP shutdown could cause a crash

CLI

• Fix telnet timout on users setting timeout 0 to not logout.
• Implement several readline-style line-editing sequences
• Add two more control sequences - Ctrl-T and Alt-T
• Added "show power status" command - same action as "show fan status"

Config

• IMPORTANT - make sure all interface definitions state the port to use before upgrading
• Documented that a login timeout of 0 means no timeout but not in ip-group users
• Mandatory port on interface. Missing port on interface picks first port else creates a fatal error

Console

• Serial login did not work if user has an allow list for IP access

DHCP

• Added new lock and unlock feature on DHCP allocations
• Added ability to manually set the name of DHCP allocations

DNS

• Added new feature under services/dns to allow local DNS responses including based on DHCP

Factory default

• Changed factory reset to have my.firebrick.co.uk as local DNS for the firebrick itself

Factory Reset

• Changed so factory reset is DHCP client on WAN and DHCP server on LAN

General

• Various additional debugging code added

IPv6

• Adjust handling of RA client to cope when more than one RA has same SLLA (e.g. VRRP) from different hosts

L2TP

• Added more debug logging on L2TP tunnels, especially relating to relaying

Logging

• Changed power failure event to log a simple message rather than panic
• Improved formatting of replay from previous run flash log on boot up

PPPoE

• PPPoE server (BRAS mode) was broken, fixed
• Added return of Relay-Session-Id received in PADO to PADR sent
• Adjusted PPPoE logging so as not to fill logs with requests that are not for us

SNMP

• Fix BGP and L2TP SNMP stats where values 128 to 255 and 32768 to 65535 reported as negative

Web control pages

• Fix issue with some links on Chrome viewing BGP peers
• Typos fixed in config
• Incorrect HTML typo fixed in some tables
• Tidy layout of platform radius controls
• Tidy help on rule log settings
• Correct various typos
• Changed filenames for XML save to be more sensible
• Clearer warning of active sessions on reboot and s/w upgrade pages
• Fixed case where showing tables of information not right if a list of routes also shown
• "Up to date" may have been erroneously displayed on Software Upgrade page - fixed.
• First config save from factory reset was not working, fixed
• Some more colours on tables
• Fix links for ND entries that upset some browsers
• Additional logic for getting L2TP session data using circuit ID in URl

Web pages

• Hovering on a link now underlines it

Web status pages

• Added new System submenu
• Web status pages can now be seen by users with access level >= USER
• Button to clear thread tick counts added to thread statistics page (for users with ADMIN access)

Release notes from Factory release 1.08.001 to Factory release 1.10.001

BGP

• Vendor specific SNMP for BGP status

CQM

• Correct for rare race condition leading to multiple graphs of same name

DHCP

• Clear DHCP command now allows range/prefix to clear multiple entries
• Option to kill a DHCP allocation from web interface (DHCP status) now
• Change handling of BOOTP to operate as a REQUEST not DISCOVER so causing allocation of lease

Flash

• Avoid flash fragmentation by deleting old images if necessary before saving new image.

L2TP

• Internal change to RADIUS handling to reduce risk of watchdog under heavy load
• Updated RADIUS to abort authentication request if session closed to reduce load if slow auth replies
• Better "clear l2tp all", depending on speed of RADIUS accounting
• Vendor specific SNMP for L2TP status
• Added min-retry as a minimum session time before retrying an outgoing L2TP connection (default 10 seconds)
• New platform RADIUS logic

Shaping

• Fix incorrect handling of (legacy) tx-interval on shaper

SNMP

• SNMP now has extra logical interfaces which are all named shapers in order, including relevant stats for a shaper.

Release notes from Factory release 1.06.004 to Factory release 1.07.001

• Does not auto update and reboot if in factory reset recovery state

CLI

• New show routes command not BGP specific
• Show dhcp command layout fix

DHCP

• DHCP client sets /32 routes for DNS servers provided

L2TP

• Pressing a key on telnet command "clear l2tp all" stops clearing lines.
• Increased L2TP neg slots to 1024
• Support for RADIUS Framed-IP-Netmask mapped to L2TP PPP IPCP NETMASK (144)
• L2TP client mode asks for DNS on PPP
• Config change was unnecessarily restarting some L2TP sessions
• L2TP failed tunnel timout reduced from 5 minutes to 1 minute
• L2TP error response on duplicate tunnel ID to try and manage restart case better
• Better logging of unexpected L2TP SCCRQ
• Issue with L2TP clients when no hostname and no local system name configured

Web control pages

• Using web interface diagnostics/routing could cause a crash
• Showing associated routes on subnets, dongles, PPPoE, etc.

Release notes from Factory release 1.05.001 to Factory release 1.06.004

• Added memory usage to one second stats
• Possible obscure issue with DHCP server code fixed - probably only when default dhcp server user (i.e. ip not set)
• Added new show status command on telnet, and reformatted web status page
• Ethernet port status shown on FB6000 now

CQM

• Bug if graphs trying to scale to just under 4Gb/s, showed scaled at bottom end in error. Fixed.
• Not including old (off screen) rate changes in max scale on graphs

DHCP

• Additional options in DHCP client
• Changed DHCP server to serve bricks IP as DNS server allowing it to relay, unless explicit servers set in config

Ethernet

• Changed autoneg setting on ethernet ports to default to false if manually setting speed or duplex and not 1G

L2TP

• Changed L2TP logging so relay sessions have same logging as incoming session at the time
• L2TP config change was clearing tunnels if not using a hostname setting
• Changed logic for logging L2TP to try and ensure relayed sessions log correctly
• L2TP relay was dropping first packets exchanged
• Periodic RADIUS accounting was incorrectly showing timestamp less any current dropped packets which could cause a slight discrepancy
• Change of field name (username) not preserving old field (user-name) in l2tp-relay, fixed

Logging

• Log email sending retry logic changed
• Added much more debug for log-debug for logging email sending

Ping

• Ping graphs can now use a host name

PPPoE

• Default if no route= set to also set /32s to DNS servers as well as default route

RADIUS

• L2TP RADIUS for PAP was using cleartext password as message auth (16 byte), changed to random.

Syslog

• Added additional information to emailed logs

VRRP

• Deleting an interface which VRRP master caused a crash

Web control pages

• Improved lists of objects with sub objects present in config editor
• General change to css, layout and menus, and new options for menu/banner controls
• Extra information on DHCP client status page (subnets)
• Change to allow you to stay logged in when clock first sets
• Home page shows if system name is not set is this really should always be set, but is not actually a mandatory field

Release notes from Factory release 1.03.001 to Factory release 1.05.001

ARP

• Internal adjustment to queued packets waiting on ARP

BGP

• Stopped announce of FE80::/10 when subnet has bgp="true"
• No longer logging full BGP packet when discarded due to !allow-own-as or allow-only-their-as
• Added additional per peer counters for ignored and filtered incoming updates

CLI

• The show flash log command is now available to admin users
• Added new command line to clear data pages in flash

Diagnostics

• Tidy up the traceroute command to allow more than one attempt per hop, and some bug fixes
• Access list check (command and web UI)

Documentation

• Started work on addition information on config documenation

Factory default

• Made factory default have local-only set true on http access

FB105-config

• Various corrections to config convertor for latest releases
• Improved fb105 config conversion for VLAN handling

Logging

• Possible fix to issue causing occasional unexplained crashes
• Bug where viewing logs on web pages could cause crash, fixed
• Removed hex dump debug log of DHCPv6 - as cluttred interface debug logs and better done using pcap

PPPoE

• Additional logging of PPPoE PAP/CHAP response message even if failed

Services

• Added new access check for local-only on services. IMPORTANT - defaults to true for telnet, dns, timed, so you will need to set to false if you want remote access to these

SNMP

• snmp was not access locked to routing table, fixed

Web control pages

• Removed WebSite link as caused confusion, and made footer have link to FB website
• Added configurable links on home page and fb105 conversion
• Added optional CSS URL allowing customisation of control pages
• Added ping/traceroute on web interface
• Ping and traceroute now separate diagnostics
• Show route now on web diagnostics menu
• Web config edit has more information shown now, and change to some spacing.
• Missing titles on lists of blackhole and nowhere routes

Release notes from Factory release 1.01.002 to Factory release 1.03.001

• TCP floods (e.g. http) could cause crash, fixed

Config

• Changed default config - using LAN and WAN as interface and port group names and added more comments

L2TP

• Changed to not debug log PAP passwords at all, but showing length of data sent (so length of password)

Logging

• Documentation updated, and console log off/on commands now TROFF and TRON
• log-starts logs start and stop of stats logging
• Occasional crash in logging when lots of information is logged.

Profiles

• Changed wording on logs for inverted profiles

Routing

• Possible issue with watchdog failure being addressed

Web control pages

• Heading on web logs saying which log report shown
• Subnets listed in order
• Icons redrawn
• Changed page title to list name before serial
• Manual s/w upgrade looks nicer now
• Graph names as text on graphs list to allow searching in browser
• Corrected icons for rule-set
• Tweak factory reset menu
• Additional per second stats for http access counts
• Adjust timing on status check to try and ensure we see new s/w first time

Release notes from Factory release 1.00.001 to Factory release 1.01.002

Config

• Increase internal storage for config by 33%
• Password now mandatory on user field, and error if blank and not using OTP
• Added extra notes on localpref to explain highest value wins
• Minor change to wording on web config
• Added <blackhole.../> and <nowhere.../> as explicit routing objects rather than using <route.../> with no gateway.
• as-path only on network object as was not in fact functional on route object
• IPv6 addresses use lower case when output as a config view.

DHCPv6

• Rebind handling corrected (was being ignored)

Documentation

• Corrected description of interface object

FB105-config

• Timezone fixes on config convertor

L2TP

• Fixed DHCPv6 issue on L2TP which was only working on session numbers below 4096
• Incorrect logging of LCP Init Rx, Last Rx, and Last Tx, fixed
• Improved logging where incorrect length proxy challenge or response received on L2TP connect
• Added extra checking on L2TP packets where hidden fields could encode invalid length
• Made error for bad hidden field length non fatal - investigating how this is happening
• Hidden fields stopped working on L2TP tunnels after two config changes after tunnel was established, fixed
• Some internal rework of L2TP code, and answering ICMPV6 router solicitations over L2TP
• Adjusted IPv6 RA for L2TP - now send periodically if IPv6 router solicitation previously received
• Logging of CHAP accept/reject showed wrong length (correct length was being sent)

Logging

• Adjusted email log sending to use CR+LF on all contents lines as per RFC2821, rather than just LF as is convention on linux system
• Fix for rare case causing crash after emailing a log.
• Email has boot date/time in text at top now
• Emailed logs were re-sent on every config change, fixed
• Changed syslog to use UDP non encrypted RFC5424 logging with microsecond precision. Affects all log lines as module name added
• Added option to specify source IP for syslog messages

pcap

• Added more useful error messages for malformed pcap requests
• Can now use pcap to log l2tp session from the start based on calling line id, see documentation for details
• PCAP giving better error messages

Ping

• Ping setting on interface was not always starting the pings, and not stopped when config removed. Fixed

Profiles

• Changed logic so "or" profile with no other settings and none of the "or" profiles match will fail not pass.
• Corrected timeout/recovery logic
• Added initial-state option on profiles
• Profiles tracking ppp did not spot if a PPP went off because it was itself turned off by profile config
• Changed logging for profiles so "still active" and "still inactive" logs are log-debug now

Routing

• Correctly sending ICMP errors for dead end routes
• Routing loop detection improvements
• Minor change to internal routing/ARP cache functions to test a specific bug report.

TCP

• TCP test port (4242) removed
• Increased number of active TCP sessions

VRRP

• VRRP use-vmac default changed to true

Web control pages

• Changed headings on config edit boxes
• Changed the sequence when downloading new code
• Automatically redirects to status page after a short delay when new s/w loaded
• Less margins on web pages
• Changed breadcrumbs in UI to use :: not : as spacing, consistent with website
• Slight changes to layout of software upgrade pages
• Made breadcrumbs larger and easier to read