UI: The time at which the page was generated is now displayed on each page. Default filename for config save now includes Firebrick name and date/time. Setup Log/Filter options now correctly displays the default filter setting. Wizard should only display when user has enough access to make suggested change. Fix UI misbehaviour when clicking on Save Config after login has timed out.

Tunnels: Incorrect source IP could be used in some cases, causing a tunnel to fail to establish.

DHCP: Client was incorrectly setting an SNMP server in config on Firebrick without reporting feature. Server running as a backup was incorrectly adding "Offered" entries to DHCP table. Host name in "Offered" entries was sometimes incorrect. DHCP traffic to FireBrick is now allowed through the default filter, so no explicit filters are required for operation of DHCP.

ARP:ARP responses using ethernet 802 frame format are now accepted.

Routing: Session tracking of ICMP sessions (eg PING) improved.

The handling of packet fragments has been improved - they now participate fully in session tracking. This means they will be treated in the same way as unfragmented packets when filter, routing, mapping rules etc. are processed, so can be NATed or address mapped. This should improve performance, and also avoid problems with configurations using NATing where fragmentation cannot be avoided - eg VPNs. The distribution of traffic across bonded tunnel sets should also improve where there is significant fragmented data.

The checkbox for excluding the first packet of a bonded tunnelled session from special treatment which was added with Maraike has been fixed - it was not working correctly when a UI option setting other than "None" had been selected for number formatting.

The debug log output following an unexpected reboot now indicates which task was running at the time of failure.

Fixed minor problem preventing deletion of filter table entries.
Added new tunnel bonding option to inhibit exclusion of first packet in a session from the bonding.

UI:
The log can now be viewed (using an explicit URL .../log) during firmware upgrade when the FireBrick is requesting a new UI file.
The IPgroup and Portgroup pages have been improved, and now allow changes to be made as well as additions and deletions.
The Setup log/filter options page layout has been improved.
Wording on the features page when no contact can be established with the features server has been improved.
The ARP table now displays unknown MACs as blank, not 000000000000.
The MAC table display was sometimes reporting the wrong interface when port monitoring was in operation.
The "wizard" advisory warnings now warn if subnets have been configured but stealth is still enabled.
When a subnet shares the same interface, VLAN and IP range as an earlier subnet in the subnet table, it is now flagged as being an "extension" of the earlier subnet. [It is often useful to duplicate subnet entries in this way, eg to enable multiple DHCP allocation pools, IP aliases or alternative gateways to be specified.]

Routing:
Uplink bonding has been modified to allow bonding over two or more different interfaces (useful for 5-port configurations).
Up to 8 uplink bonding gateways may now be specified.
There has been some rearrangement of the internal router logic. This is unlikely to affect normal operation, but could affect unusual configurations.

DHCP:
Minor modifications have been made to DHCP. In particular, when a client requested renewal of an allocation, the reply was sometimes broadcast when it should have been unicast to the requesting client. This was upsetting some clients, causing them to repeatedly request renewal.

VRRP:
An implementation of VRRP (Virtual Router Redundancy Protocol) has been added. The Bonding feature is required in order to use this.

ARP:
Gratuitous ARPs are now sent whenever a change to a subnet which could affect the MAC address being used occurs, or whenever a subnet becomes live. A sequence of gratuitous ARPs over a few seconds are sent - this helps with devices (typically switches) where ports appear to become live a short while before the device actually begins to respond to traffic.
The same MAC is now used for all subnets sharing the same interface, VLAN and IP range (ie the first subnet and all its extensions - see UI changes above).
The common MAC and gratuitous ARP changes should help configurations with routers which do not regularly refresh their ARP tables. Unfortunately we know of at least one popular router which also ignores gratuitous ARPs, so in some cases a subnet change may still require routers to be rebooted.
A debug log entry is now made when MAC renewal of an active IP fails.

Other changes:
If an ICMP echo request (ping) has the Don't Fragment bit set, the reply will also be marked don't fragment.
When tunnel packets are sent on an interface which has multiple IPs, the destination IP used by remote end is now used by default as the source IP.
A problem which could cause a factory reset during startup if the brick rebooted unexpectedly has been fixed. This could have been the cause of the occasional loss of configuration seen after uploading new software.
Several efficiency improvements have been made, which should reduce CPU workload, and should improve stability and in some cases throughput.
A factory reset now disables debug logging.

Fixed a problem where ping profiles with timeout set to 1 second were erroneously timing out.

Previous fix to routing had broken some session matching - hopefully we've got it right this time! Please upgrade to this version if you have loaded Joost.

Bug fixes:
A problem with ARPs on configurations using VLANs resulting in occasional dropped packets has been fixed.
A problem where routing of tunnel envelope traffic did not follow the routing parameters set in the tunnel configuration, and with tunnel UDP port 1 traffic sometimes appearing as two separate sessions in the session table has been fixed.
A problem in the internal TCP stack which could cause UI pages to display corrupted when a dropped packet caused a fast retransmit has been fixed.

Stealth changes:
New stealth pass-through options have been added for non-IP traffic and/or VLAN traffic, in addition to the IPv6 pass-through option. VLAN passthrough does not require the VLAN feature. Note that these settings are independent of the global stealth disable option.
A warning is displayed on the subnet page if a subnet is flagged as stealth but stealth is globally disabled.
With 5-port feature, a warning is displayed if stealth is enabled but the WAN and LAN interfaces are not both configured.

Other changes:
A setup delay time option has been added to ping-mode profiles. When set non-zero, the profile will not become active until an unbroken sequence of ping replies has been seen for the specified time.
A ping-mode profile that is also dependent on another profile will now not issue pings if replies would not affect the profile state. (i.e. a profile with an AND-dependency on another will not ping when the other profile is inactive, and one with an OR-dependency on another will not ping when the other is active.)
A UDP service has been added which will enable FireBrick throughput to be more easily measured. This needs to be used in combination with a client application which is not yet available.
The number of tunnel sets available with tunnel bonding has been increased to 15.
The Login and help links are no longer displayed on the login page.

Further UI improvements:
Conversion of status-changing links to use forms and POST completed. This has entailed the redesign of some parts of the UI.
The UI "look" has been adjusted to give near-identical presentation with Internet Explorer, FireFox and Opera.
Link to on-line documentation added to all pages.

Other changes:
DHCP bug fixes: lease table could get out of order, causing offering of wrong IP (subsequently retracted before being assigned); Correct IP source address on NAK packets.
Internal TCP stack closes connection cleanly, discarding unwanted input (previously could timeout and/or reset).
dologin and logt URLs repaired.

This release incorporates several enhancements, fixes and tidying up of the UI:

Throughput improvement:
A change made to the ethernet driver in the Folclinda release to improve tunnel performance had the unfortunate side-effect of reducing overall FireBrick throughput. The driver has been revamped yet again, and throughput and performance under load is now much improved.
An experimental option to allow the setting of a back-to-back packet transmit limit has been added on the setup ports page. The default setting (5) works well. Note that this option (and other CPU port settings on the setup ports page) are likely to be removed soon. Please check that you are using the defaults (input throttle off; pause disable off; back-to-back 5) unless you know what you are doing!

Tunnels:
Tunnel parameters are now forced to be consistent across a tunnel set.
Problems with a single tunnel (not in a set) and connecting to Linux tunnel implementation fixed.

Experimental (V3) bonded tunnel retiming:
The ethernet throughput improvements have resulted in improved behaviour of the original (V2) tunnel reordering mechanism, while the hoped-for improvements using the new V3 retiming have not yet materialised. Version 2 packet reordering is therefore now the default; version 3 must be explicitly selected. Note that users of Folclinda or Gemma beta releases should check their settings after upgrade, as the sense of the flag controlling V2/V3 reordering has been reversed.
There have been some V3 retiming changes: the thresholds controlling the latency adjustments are now parameterisable, and packets waiting to be sent now have their timing adjusted when a latency adjustment occurs.

UI changes:
Login mechanism improved - login returns to calling page after successful login, and when logged out with no access login page is displayed.
Introduction of use of POST method for UI actions causing FB state change. Style of the UI is consequently being changed to use forms/buttons rather than links for actions which have any effect on the brick operation or configuration.
Default custom user colour made a slightly lighter shade of grey.
Main page quick configure items are now left-aligned.
Fixed display of some blank table cells showing up with IE.
Improved UI for speed lane control and session display.
Fixed display of some pages with Opera browser (table cells lacking borders).
Saving the log in text form to a file now gives dialog box for file destination. Also it is now possible to save without clearing the log.

Miscellaneous:
Dynamic log display now detects TCP error/closure at remote end.
Very long log lines are no longer discarded.
Added extra LED setting options. These may be useful to enable a particular FireBrick situated with others to be identified.
Saved config file no longer has random data causing successive saves to differ.
Short ether packets padded with nulls rather than junk. [Solves a problem with a Juniper router, which was erroneously rejecting ping packets with non-null padding.]
DHCP bug fix (hopefully fixes occasional lease table corruption).
"VLAN 0" no longer appears in logging (it was causing some confusion).
Internal TCP stack improved - sessions to/from the brick terminate more cleanly, and out-of-order data arrival is supported making transfers faster when packets are dropped.
Port monitoring "Block normal traffic" option fixed (was not blocking traffic if the monitoring port belonged to an interface with one or more other ports).
Added connection timeout mechanism to TCP (mitigate UI loss due to faulty client or DoS attack).
ICMP destination unreachable error now distinguishes between host and network.

The UI web pages have been extensively reviewed for this release. A few improvements to the UI have been incorporated, and several minor bugs fixed.
Changes include:
follows HTTP spec more closely;
HTML 4.01 strict compliance, with lower-case tags;
Fully customizable background colour;
improved login page (can now enter user CR password CR);
improved selection on session table page;
tidied Internet Explorer .png file transparency problem workaround (not needed for IE7);
failed login now logs out previous user;
handling of redirects and refreshed pages improved;
DNS servers can be cleared by saving blank entries;
Tooltips for icons and entry move options now displayed correctly in IE;

Introduction of new tunnel retiming code, which will be replacing the current tunnel reordering mechanism. The tunneling protocol version has been changed from V2 to V3 to include extra retiming information. If both ends of a tunnel are V3-capable, the Firebrick will automatically switch to V3 tunneling, and if tunnel bonding is in use, will retime the packets using the new information.
This release is fully compatible with the older V2 protocol, so can be safely used with FireBricks running pre-V3 software without the need for any configuration changes.
If desired, the old V2-style tunnel reordering can be forced even if both ends of the tunnel support V3.
Please note that this is work-in-progress, and further implementation changes are likely before this is fully released. Any feedback would be gratefully received. There is some new information shown on the tunnel set statistics page; this is primarily for diagnostics, and is not particularly useful for the end-user.

Fix spurious debug log message when viewing route table.
Internal fix - Factory init URL required by production labelling equipment reinstated.

Avoid log corruption if FireBrick reboots while writing to the log.
Drop packets sent to incorrect FireBrick MAC (eg from routers with stale ARP caches).
Improve buffer handling to avoid FireBrick lockups/reboots if buffers become exhausted.
Factory Reset selecting DHCP and/or WAN/LAN reversal now sets Stealth operation off. (Note that we now recommend stealth off for all but the simplest of configurations).
Allow packets with protocol zero (previously could lose session slots).
Improve routing of ICMP error messages, and avoid making unnecessary sessions for them. This fixes some scenarios in which brick would continually reboot when sent an ICMP storm.
Error page (eg page not found message) now displayed using FireBrick page style.
Internal build changes: Introduce OEM CR variant. Minor improvement in efficiency of ARP table code.

Fixed portgroup edit page, which was showing new port ranges preset to start at 1 when using Internet Explorer.
Added diagnostics to check for correct operation of UI page generator.
Corrected error in user access checking when editing the security controls.
Fixed typo on features page.

Fixed update problem with In/Out port traffic counts on status page.
Fixed problem with DHCP occasionally offering in-use IPs.
Disabling ports no longer prevents them from being used for factory reset.
Added "All" tick boxes for setting view and edit rights on user setup page.
DNS server setup now allows the setting of two DNS server IPs.
The Setup Special functions Factory Reset option now allows same selections as available with cable factory reset - DHCP and LAN/WAN swap.
For testing purposes - added ability to disable CPU pause flow control.