Release notes from Factory release 1.23.001 to Factory release 1.24.004

Config

• Fix problems with factory default config

DHCP

• DHCP address allocation for new devices changed to be more reliable

L2TP

• Changed default lockout timeout on relayed tunnels to 3 minutes
• Use graph setting on local termination L2TP/PPPoE using match

Logging

• Minor changes to default settings for system log messages

OS

• Some thread priorities adjusted.

Routing

• Changed logic for next hop checks where gateway is on multiple subnets, where at least one of which does not answer ARPs causing route to be suppressed

Web control pages

• Changed web status pages to not show unused menus even in debug level user

Release notes from Factory release 1.19.001 to Factory release 1.20.001

• Changed [not] to [inverted] in Profile logging text.

BGP

• Note that the localpref default is 0 for network statements on this factory release.
• Adjust next hop logic in presence of VRRP to avoid incorrect use of VRRP address in some route passing
• Fix debug log of accepted prefixes on BGP, was showing garbage extra bits

CLI

• Fix double line spacing on some command line output
• Added a "show run" and "import config" in telnet/command line allowing dump and upload of raw XML.

CQM

• Configurable latency Y axis
• Ping only graphs (i.e. no throughput) now have standard deviation on ping timings
• Minor change to default colours
• Corrected showing of "off line" on graphs
• Minor tweak on graphs
• Setting Y axis latency in ms on graphs as part of URL

DNS

• Malformed DNS packets could cause crash, fix

Factory reset

• Default timeserver set to ntp.firebrick.ltd.uk rather than pool.ntp.org

L2TP

• Additional control over timeouts on L2TP
• Changed default timeouts on outgoing L2TP client sessions - faster recovery and retry
• Possible lockup and watchdog in cases of unresponsive RADIUS servers
• Added quota (tx) to L2TP (as RAIDUS filter code Q)
• Added quota (tx, or tx+rx) and terminate action to allow radius accounting on exceeding quota or session timeout
• Added Filter-Id and Session-Timeout to all RADIUS updates, was just Start record, as some data can change dynamically
• L2TP should now accept RADIUS CoA sooner - was not accepted until PPP negotiation had finished

Monitoring

• Changes in power supply inputs are now logged.

Ping

• Allow configuration of larger ping packets

PPP

• Improvements to checking and timing in PPP processes
• Slight change in PPP sequence numbering
• Minor tweaks, including new accept-dns in dongle config
• Improved debug / logging for PPP connections
• Support PAP as client login on PPP
• Adjusted retry timeouts on PAP/CHAP requests
• Corrected PPP client PAP continuing to IPCP

PPPoE

• Tweak to handle multiple service responses in PADO

Profile

• Improved logging after non state change profile
• Date/time profile tests when not clock set assume initial state
• Date/time profile tests now have comment field in config

Web config

• Moved css-url to http services config, will need editing as not automatically moved

Web control pages

• New layout for ping and traceroute allowing XML export
• traceroute and ping no reporting a "firewalled" response if seen, rather than just unreachable
• Web interface showing system name on title if trusted IP

XML Config

• Fix factory reset config

XML config

• Changed XSD duration to an FB type that uses saner syntax [[HH:]MM:]SS

Release notes from Factory release 1.17.001 to Factory release 1.18.001

• Draft documentation included in releases

BGP

• New filter option to check for community present in a route
• Showing BGP route details shows additional community tags as well
• Fix for BGP config where local IP is DHCP, meaning BGP did not start up unless a local-id was set
• Fix BGP import/export filtering which only considered first match rule
• Allow use of pad on BGP peer if add-own-as set, even on ibgp
• new use-vrrp-as-self (default true) means the next hop used in BGP will use an appropriate VRRP address if possible
• Ignored received announcments treated correctly as a withdrawal
• Corrected BGP ingress filtering to allow detagging the standard community tags
• Made BGP next hop logic consider routes to dead end and to network as non feasible (previously they were feasible but could not route)
• Fixed config to only allow one list of import and one list of export rules under bgp peer, as only first in list was checked anyway

CQM

• Fix for long term shapers which only worked if sharing of shaper was set
• Graphs show min and max rate limit per hour now
• More corrections on long term shaper logic
• Long term shapers were not actually applying the shaper limit, it seems, even if worked out correctly
• Changed min line on graph to be dotted

DHCP

• Fix for possible lock up causing watchdogs in some cases
• Internal change to try and resolve issue where DHCP has been seen to cause a lock up and watchdog on some systems

DNS

• DNS resolver no longer caching SOA as it was not expanding the MNAME/RNAME fields correctly
• DNS server now ignores expired DHCP allocations

Ethernet

• Added layer 2 interface mapping function (map port/VLAN to port/VLAN directly no session track or firewall)
• Fix for linked ports including port 0

IP

• Added ARP/ND link state test to work at subnet level
• Made Wake on LAN a separate diagnostic and linked to DHCP
• Internal change to avoid possibility of recursive tunnelling overrunning buffer space

IPv6

• Fix for ND responses for FE80::/10 LL addresses matching our MAC prefix (we answered all requests even if specific MAC not in use)
• Adjusted routing for FE80::/10 so all interfaces are equal metric to locate LL endpoints

L2TP

• Change relayed L2TP session stats to be consistent with non relayed by counting only IP and not LCP, etc.
• L2TP status showing an accounting session ID even when not using RADIUS accounting, useful for pcap
• Adjusted length of called number field and improved PAP L2TP relay details
• Better status report for back to back sessions
• Correct NSN RADIUS parameters in platform RADIUS

OS

• Improved watchdog error reporting
• Further improvement to watchdog panic diagnostic
• Avoid 0000fff8 ECC panic when upgrading from older s/w

PPP

• Adjusted LCP restart logic to restart LCP if far end persists in restarting
• Allow far end to refuse magic number negotiation

PPPoE

• Linked status page from PPPoE to L2TP

SNMP

• Added some IfXEntry SNMP values

VRRP

• Changed default startup delay to 60 seconds as usually more sensible and should not cause any harm

Web config

• Tweak class for cqm images in css

Web control pages

• Set larger input box size on web diagnostic tools

Release notes from Factory release 1.16.001 to Factory release 1.17.001

• This release includes additional memory checking - any problems, contact support
• Updated documentation

BGP

• LNS allowing full table
• Corrected AS list in show routes to handle multiple sequences (was showing with no separator)

CLI

• Fix obscure race condition which may cause panic when logging to command line (console).

Config

• Removed redundant fast-reboot options

CQM

• Corrected URL processing for CQM where using x=value/x=value type syntax
• Change to ping scan and cqm polling functions to be more aligned to real time seconds, ready for when we do NTP fully

DHCP

• Corrected tool tips on Kill/Unlock

L2TP

• RFC4818 Delegated-IPv6-Prefix support added - see RADIUS documentation for how this is used.
• Complex bug with IPv6 routed via IPv6 gateway that is routed via an L2TP over IPv4 and generating an ICMP error causing a crash - fixed

Logging

• Removed unused log types for SNMP trap (will move to profiles) and SMS (may be added later)

NTP

• Added option to set ntp poll rate, will be removed/changed when we do NTP fully.

OS

• More details in thread statistics report
• Scrub RAM after ECC errors.

Profiles

• Clarified wording for and, or, and not, tests in profiles
• Clarified meaning of timeout and recover as times not number of tests

RADIUS

• Reinstated platform RADIUS accounting handling and relay (missing since 1.13.111)

Web control pages

• New CSS - especially on config edit pages

Release notes from Factory release 1.13.001 to Factory release 1.16.001

• Change to persistent data storage logic and timing

BGP

• Correct BGP route tie break where one route has MED set and one does not. No MED set is now treated as MED 0 correctly
• Minor adjustment in graceful restart logic (not yet advertised)
• Fixed long delay rebooting when BGP active
• Colours on BGP status on web page

Config

• Fixed factory default config for dns host name my.firebrick.co.uk - this means a new factory release of code.
• Corrected parsing of an IP using final :: in place of :0 (i.e. seemed to have too many colons)
• Not generating initial or trailing :: on IPv6 addresses where only one block replaced

DNS

• DNS resolver negative caching handling and tweaks to handle VoIP DNS lookups where CNAME used
• Corrected negative caching timings

Flash

• Image priority tagging removed. Flash contents display shows penalty but no longer priority.
• Change to flash block allocation strategy to spread block usage.

L2TP

• Changed IPv6 padding to be more generic padding of any packet that looks too short and under 73 bytes so works with IPv6 over LCP on BT 20CN lines
• Changed DHCPv6 served timing for L2TP
• Added RADIUS option to avoid LCP restart on mismatched MRU
• Corrected sending MTU in RADIUS auth (could be sent twice in some cases)
• Allowing up to 64 byte CHAP challenge size in proxy auth

Logging

• Better wording for missed log entries

Ping

• Not trying to print reverse DNS on ping command while waiting DNS response

Ports

• Avoid spurious port down messages at startup.

PPPoE

• Config change losing external PPPoE IPv6 address from routing
• Fixed IPv6 prefix delegation timeout issue
• Issue with IPv6 DNS servers not working on a second PPPoE client connection if same as previous

Profiles

• Fixed bug - a ping profile with no routing to send the ping was causing buffer loss
• Possible problem in ping profiles could result in a watchdog failure

RADIUS

• Corrected RADIUS tagging on NSN parameters in platform radius.
• Work on RADIUS accounting to get better stats in case of pre-empted session
• RADIUS accounting refernce could change some time after reboot depending on clock setting, fixed
• Fix buffer leakage if RADIUS servers time out

Time

• Added very simple sanity check to SNTP clock setting, and logging to right place
• Logging IP from which clock was set

VoIP

• Ignoring silly almost empty SIP packets from gigaset (some NAT thing)
• Adjust for restart of LCP on PPP happening when non 1500 MTU proxied negotiation

VRRP

• Fix issue if two separate VRRP configs used with same VRID one for IPv4 and one for IPv6

Web and CLI control

• Added hard reboot option

Web control pages

• Session list copes better if you stop the browser while displaying
• Typo in web config for dns-host/block
• Format of manual image upload UI page changed in line with auto update.
• Avoid unnecessary invocation of bootloader when system reboot is requested

Web status pages

• Fix session table display lockup

Release notes from Factory release 1.10.001 to Factory release 1.11.004

BGP

• Adjusted RR logic on BGP to avoid incorrect messing with next hop decision
• Changed BGP to silently ignore routes where we are already the next hop
• BGP change to still process withdraw in same packet as silently ignored routes (typically if using route reflectors)
• Added peer level export-med to set MED on exported routes (unless explicitly set in export filter) as this is commonly the only export filter
• Made local routes (apart from dead-end) take priority over equivilant BGP originated routes
• Changed ttl-security option to be 1 to 127, and use -ve as meaning force TTL sending and no checking
• Added import-localpref at peer level as a common global setting on EBGP links
• Obscure race condition on BGP shutdown could cause a crash

CLI

• Fix telnet timout on users setting timeout 0 to not logout.
• Implement several readline-style line-editing sequences
• Add two more control sequences - Ctrl-T and Alt-T
• Added "show power status" command - same action as "show fan status"

Config

• IMPORTANT - make sure all interface definitions state the port to use before upgrading
• Documented that a login timeout of 0 means no timeout but not in ip-group users
• Mandatory port on interface. Missing port on interface picks first port else creates a fatal error

Console

• Serial login did not work if user has an allow list for IP access

DHCP

• Added new lock and unlock feature on DHCP allocations
• Added ability to manually set the name of DHCP allocations

DNS

• Added new feature under services/dns to allow local DNS responses including based on DHCP

Factory default

• Changed factory reset to have my.firebrick.co.uk as local DNS for the firebrick itself

Factory Reset

• Changed so factory reset is DHCP client on WAN and DHCP server on LAN

General

• Various additional debugging code added

IPv6

• Adjust handling of RA client to cope when more than one RA has same SLLA (e.g. VRRP) from different hosts

L2TP

• Added more debug logging on L2TP tunnels, especially relating to relaying

Logging

• Changed power failure event to log a simple message rather than panic
• Improved formatting of replay from previous run flash log on boot up

PPPoE

• PPPoE server (BRAS mode) was broken, fixed
• Added return of Relay-Session-Id received in PADO to PADR sent
• Adjusted PPPoE logging so as not to fill logs with requests that are not for us

SNMP

• Fix BGP and L2TP SNMP stats where values 128 to 255 and 32768 to 65535 reported as negative

Web control pages

• Fix issue with some links on Chrome viewing BGP peers
• Typos fixed in config
• Incorrect HTML typo fixed in some tables
• Tidy layout of platform radius controls
• Tidy help on rule log settings
• Correct various typos
• Changed filenames for XML save to be more sensible
• Clearer warning of active sessions on reboot and s/w upgrade pages
• Fixed case where showing tables of information not right if a list of routes also shown
• "Up to date" may have been erroneously displayed on Software Upgrade page - fixed.
• First config save from factory reset was not working, fixed
• Some more colours on tables
• Fix links for ND entries that upset some browsers
• Additional logic for getting L2TP session data using circuit ID in URl

Web pages

• Hovering on a link now underlines it

Web status pages

• Added new System submenu
• Web status pages can now be seen by users with access level >= USER
• Button to clear thread tick counts added to thread statistics page (for users with ADMIN access)

Release notes from Factory release 1.08.001 to Factory release 1.10.001

BGP

• Vendor specific SNMP for BGP status

CQM

• Correct for rare race condition leading to multiple graphs of same name

DHCP

• Clear DHCP command now allows range/prefix to clear multiple entries
• Option to kill a DHCP allocation from web interface (DHCP status) now
• Change handling of BOOTP to operate as a REQUEST not DISCOVER so causing allocation of lease

Flash

• Avoid flash fragmentation by deleting old images if necessary before saving new image.

L2TP

• Internal change to RADIUS handling to reduce risk of watchdog under heavy load
• Updated RADIUS to abort authentication request if session closed to reduce load if slow auth replies
• Better "clear l2tp all", depending on speed of RADIUS accounting
• Vendor specific SNMP for L2TP status
• Added min-retry as a minimum session time before retrying an outgoing L2TP connection (default 10 seconds)
• New platform RADIUS logic

Shaping

• Fix incorrect handling of (legacy) tx-interval on shaper

SNMP

• SNMP now has extra logical interfaces which are all named shapers in order, including relevant stats for a shaper.

Release notes from Factory release 1.06.004 to Factory release 1.07.001

• Does not auto update and reboot if in factory reset recovery state

CLI

• New show routes command not BGP specific
• Show dhcp command layout fix

DHCP

• DHCP client sets /32 routes for DNS servers provided

L2TP

• Pressing a key on telnet command "clear l2tp all" stops clearing lines.
• Increased L2TP neg slots to 1024
• Support for RADIUS Framed-IP-Netmask mapped to L2TP PPP IPCP NETMASK (144)
• L2TP client mode asks for DNS on PPP
• Config change was unnecessarily restarting some L2TP sessions
• L2TP failed tunnel timout reduced from 5 minutes to 1 minute
• L2TP error response on duplicate tunnel ID to try and manage restart case better
• Better logging of unexpected L2TP SCCRQ
• Issue with L2TP clients when no hostname and no local system name configured

Web control pages

• Using web interface diagnostics/routing could cause a crash
• Showing associated routes on subnets, dongles, PPPoE, etc.