|Release Type||Release Number||Release Date|
|Original||CDRouter 10.3 Build 1||March 23, 2017|
|Maintenance Release 1||CDRouter 10.3 Build 3||April 19, 2017|
|Maintenance Release 2||CDRouter 10.3 Build 4||May 15, 2017|
|Maintenance Release 3||CDRouter 10.3 Build 6||June 20, 2017|
Note: CDRouter 10.3 includes many new features and configuration testvars. Old config files can be automatically upgraded to include all new CDRouter 10.3 testvars using the config upgrade utility.
CDRouter 10.3 Build 1 March 23, 2017
New Features and Enhancements
New DOCSIS add-on for CDRouter!
We are pleased to announce a brand new add-on for CDRouter - CDRouter DOCSIS! Check out our website for more information.
New DHCP tests added to the dhcp-s module
Six new DHCP server test cases have been added to the dhcp-s test module: cdrouter_dhcp_6, cdrouter_dhcp_7, cdrouter_dhcp_8, cdrouter_dhcp_9, cdrouter_dhcp_800, and cdrouter_dhcp_801.
New description field for device attachments
A description field has been added for each device attachment (file) to better identify and describe the attachment.
New CDRouter version information
CDRouter version information can now be gathered from several key binaries using a new “-version” flag.
/usr/bin/cdrouter -version /usr/cdrouter/bin/cdrouterd -version /usr/cdrouter/bin/cdrouter-migrate -version
Improvements to the configuration diff tool
The UI for the Configuration Diff tool has been updated.
Only the configuration within the left-side panel is editable. (Previously, both left and right were editable. This change includes removing the ability to ‘move’ changes from the configuration on the left to the configuration on the right via the indicator arrows. Only the indicator arrows that move changes from the configuration on the right to the one on the left are available now.
Also added a warning when trying to use the ‘swap’ feature, if the left-side configuration file has changes from the original. The warning will prompt the user to save the changes that were made to the left-side configuration file before performing the swap of configuration files.
Filter results by test case
The Results index page within the web interface can now be filtered by test case using the Filter by testcase… option:
When a test case filter is applied, only results that contain the specified test case are displayed. The test case status can also be specified (as either All, Run, Passes, Failures, or Flagged). This makes it very easy to display only the test results where the specified test case passed, failed, etc.
A small vertical bar of color is also displayed on the left side of the index to indicate the status of the specified test in each result. A green bar indicates that the test passed and a red bar indicates that the test failed. No color bar indicates that the test is either pending (it has not run yet) or that it was not run (because the run was stopped).
Automatic toggle of packets checkbox on the results page
When updating the log file drop-down filter menu on the Results page, the Packets checkbox now gets toggled accordingly. More specifically, when Pass/Fail or Log Only is selected, the Packets checkbox is automatically cleared. When All Lines or Packets Only is selected, the Packets checkbox is automatically selected.
New device connect functionality added to the Device manager
The Device manager now supports connecting to the DUT’s web management interface from within CDRouter’s web UI. This makes it very easy to configure and manage the different devices connected to a CDRouter system without having connect a laptop or PC to them.
This feature relies on information from a number of new fields that must be populated for each device on the Devices page, including:
- Power On Command
- Power Off Command
- Management URL
- Allow connections to device over HTTPS without valid certs
- Configure management interface address
Power On Commandand
Power Off Commandfields are used to specify the command(s) required to remotely turn the DUT on or off. This would typically require some kind of network power distribution unit.
Management URLis the URL normally used to access the DUT’s web interface.
If selected, the
Configure management interface addresscheckbox will temporarily set up an IP address on an interface on the host machine, using the information from the
Addressfields. This can conveniently use an interface that is normally connected to the DUT’s LAN port for testing. This interface cannot be used this way when a package is running, and any IP address will be automatically removed when a package is launched.
Regardless of which method is used to connect to the device, once connected, the DUT’s web interface can be accessed by clicking on the “Connected” button or the “View management interface” link. If a package is launched while connected, the connection will be removed.
Additional information provided in error messages for UPnP tests
When parsing XML in UPnP tests, additional information (the path being searched) is now provided if a given element/attribute is not found.
New test module to verify CWMP connection request robustness
The new tr69_conn_req module adds 14 new test cases to verify that the DUT responds (or does not respond) correctly to TR-069 Connection Request attempts under a variety of conditions. This module was developed as a result of the D1000 modem vulnerability discovered in November of 2016.
Support for RFC 6265 style cookies
CDRouter’s ACS now supports RFC 6265 style cookies, as required by TR-069 Amendment 5. Test testvar acsCookieMode can be set to rfc6265 to enable this behavior. Note that rfc6265 is also the new default value for this testvar.
Support for dual-stack ACS
CDRouter’s ACS can now support CWMP sessions over IPv4 and IPv6 at the same time. The optional testvar acsDualStackIp must be explicitly defined in the config file with the secondary address of the ACS. CDRouter will automatically resolve DNS requests for acs.qacafe.com with the appropriate address.
Additional fields added to Performance CSV files
Six new fields have been added to the CSV files generated when performance tests are run. These fields are:
- protocol: enum string “TCP” or “UDP”
- direction: enum string “upload”, “download”, or “lantolan”
- metric2: floating point number [loss percentage, will be 0 for all TCP tests]
- units2: The string “Percentage”
- device1: the physical interface where perf client is located
- device2: the physical interface where perf server is located
There will be a performance CSV file created in the results directory for the following tests:
perf.tcl perf-v6.tcl perf-lan.tcl perf-lan-v6.tcl perf_1 ipv6_perf_1 perf_lan_1 ipv6_perf_lan_1 perf_2 ipv6_perf_2 perf_lan_2 ipv6_perf_lan_2 perf_3 ipv6_perf_3 perf_lan_3 ipv6_perf_lan_3 perf_4 ipv6_perf_4 perf_lan_4 ipv6_perf_lan_4 perf_5 ipv6_perf_5 perf_lan_5 ipv6_perf_lan_5 perf_6 ipv6_perf_6 perf_lan_6 ipv6_perf_lan_6 perf_7 ipv6_perf_7 perf_lan_7 ipv6_perf_lan_7 perf_8 ipv6_perf_8 perf_lan_8 ipv6_perf_lan_8
The information in these CSV files is also available as result metrics using CDRouter’s API.
New version of Nmap
CDRouter now uses version 7.40 of Nmap.
New Test Modules and Test Cases
- New DHCP Server test cases
TEST: cdrouter_dhcp_6 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server returns same IP address when client restarts
TEST: cdrouter_dhcp_7 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server returns same IP address when client releases then restarts
TEST: cdrouter_dhcp_8 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server returns same IP address when client restarts using Requested IP Address option
TEST: cdrouter_dhcp_9 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server returns same IP address when client releases and restarts using Requested IP Address option
TEST: cdrouter_dhcp_800 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server does not become exhausted after a large number of DHCP restarts
TEST: cdrouter_dhcp_801 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server does not become exhausted after a large number of DHCP release then restarts
New TR-069 connection request test module
MODULE: tr69_conn_req.tcl DESCRIPTION: TR-069 tests for TCP Connection Request NEW TEST CASES: 14
Bug Fixes and Notes
In previous versions of CDRouter, when re-launching a package from the Results page within the web UI, the device snapshot from that test run would be used instead of the device currently associated with the package. This issue has been resolved. When re-launching a package from the Results page the current configuration file and device associated with that package are now used.
Resolved an issue when importing packages into CDRouter that contain testlists. Previously the the link between the test package and test list would be lost during the import process. This has been fixed so that imported packages are still linked to any testlists they may contain.
When decoding a packet with an unknown ethernet proto type field, CDRouter had been displaying the unknown type field in decimal rather than hexadecimal. This has been fixed.
CDRouter no longer supports 5GHz WAN Access Point (AP) mode for 5GHz wireless on the WAN testing (2.4GHz AP mode for wireless on the WAN is still supported). The testvar wanApBand has now been obsoleted and removed from the default config file. In addition, all 5GHz channels have been removed from the wanApChannel testvar.
Updated the Import utility to resolve an error when attempting to import some of the items in an archive while skipping others.
In prior versions of CDRouter, an error would be generated if CDRouter’s LAN client was unable to renew its DHCP lease during a test run. This situation could happen if the DUT’s DHCP server stopped responding or crashed. CDRouter has been updated to handle this situation more gracefully.
Resolved an issue with the vservice test module when running in multiport LAN configurations with different subnets. Previously these tests were not subnet aware, and would not work properly if multiple LAN subnets were defined. This issue has been resolved and these tests now work as expected in multi-subnet configurations.
Resolved an issue with the Config Diff tool where every line was highlighted when comparing a Config to the default Config. This issue was introduced in CDRouter 10.2 and has been resolved so that only lines that different are now highlighted.
The cdrouter_firewall_100, cdrouter_firewall_101, and cdrouter_firewall_110 test cases now listen for leaked traffic on all configured LAN interfaces. Previously these tests would only listen for leaked traffic on the primary LAN interface, even if multiple LAN interfaces and subnets were defined in the configuration file.
CDRouter now uses a newer version of tcllib under the hood (version 1.18).
CDRouter now uses a newer version of openssl under the hood (version 1.0.2k).
Previously, the cdrouter_dhcp_20 test would be skipped if there were no LAN interfaces configured (lanInterface = none). However, since this is a WAN side test, this test is now able to run in this situation.
A bug has been fixed where setting lanInterface to “none” caused an error in certain configurations.
CDRouter now uses the tDOM Tcl package when parsing and manipulating XML documents. This replaces the TclDOM and TclXML packages which were used previously. The tDOM package is more efficient and should improve XML processing performance and speed in tests that rely on XML such as TR-069 tests, UPnP tests, etc.
CDRouter’s WAN offload interface code has been refactored. These changes improve speed and performance when running tests that utilize offload interfaces on the WAN such as Nmap, SNMP, TR-069, etc.
Certain warning messages were not formatted and highlighted the same as others. This has been fixed.
Looking at a result shows the configuration and package snapshots used. Clicking on either the configuration or package snapshots allows copying the snapshot to a new resource. If a resource with that name already exists, a “(copy N)” suffix will be added to the new name. This suffix was getting added even if no resource with that name existed, which was not necessary. This has been fixed.
When clicking the Restart button on CDRouter’s home page, the most recent result will be run again. There was a bug where the snapshot of the config and package were being used, rather than the actual, current config and package. This has been fixed.
In previous releases, if multiple IP addresses are assigned to the management interface (typically eth0) with the same IP address but different netmasks, CDRouter could fail to start. This issue has been resolved.
Trying to set the wirelessCountryCode testvar on NTA1000 v5 systems would sometimes fail, resulting in a warning message being displayed in the start log. To resolve this issue, a full “yum update” must be performed on the NTA1000 system. To do this, simply open a terminal window, then as root run the following command:
yum -y update
This may take several minutes to complete. Also note that performing the yum update requires the NTA1000 system to be connected to the internet.
Resolved a fatal error in the mapt_23 test case when processing IPv6 fragments.
Updated the test cases ipv6_ndp_30, ipv6_ndp_31, ipv6_ndp_32, and ipv6_ndp_33 to include one additional second of tolerance when validating the duration between router advertisements from the DUT.
- Resolved a fatal error in the test cases cdrouter_ripwan_5, cdrouter_ripwan_8, cdrouter_ripwan_9, cdrouter_ripwan_20, cdrouter_ripwan_50, and cdrouter_ripwan52.
Modified configuration rules for how to enable the ability to run TR-069 tests.
The default value of the supportsCWMP testvar has been changed to “no”. In order to enable and run the TR-069 addon(s), your CDRouter configuration file must have supportsCWMP uncommented and explicitly set to “yes”. In previous versions of CDRouter, supportsCWMP was assumed to be “yes” if the testvar was commented out and if the acsIp testvar was also explicitly set.
If the testvar supportsCWMP is not in your configuration file, you can use CDRouter’s Configuration Upgrade Utility to have it inserted automatically. Information on how to use this tool may be found in this KB article.
The acsCaCertPath testvar has been updated to allow an empty string to be specified. This will prevent the ACS from transmitting any CA certificates when negotiating the SSL connection.
The od128_test_35.1 and od128_test_35.6 test cases have been updated to resolve an issue with the way the ACS processes the DUStateChangeComplete RPC and queries the DUT’s DeploymentUnit table.
The tr69 test module can now be run against non-IGD devices such as STBs and VoIP ATAs. Previously this test module would be skipped if the tr69DeviceType testvar was set to a value of STB or VoIP. Now only tests tr69_50 through tr69_63 will be skipped since they require IGD functionality.
Two new testvars have been introduced, snmpManagerIp and snmpManagerIpv6. These specify the source address that CDRouter will use when making SNMP requests from the WAN network. CDRouter no longer uses the “Free Network” range for SNMP requests.
Resolved an issue in various SNMP tests that were previously unable to set a value to an empty string. Empty string values are now supported.
The ipv6_snmp_wan_201 and ipv6_snmp_wan_204 test cases no longer send ARPs to determine the DUT’s LAN and WAN MAC addresses. The DUT’s MAC addresses are now determined automatically via NDP in these test cases.
CDRouter 10.3 Build 3 April 19, 2017
New Features and Enhancements
New disk usage warning
If the disk partition where CDRouter stores its results gets too full, a banner will be displayed on the Results page to indicate this.
New DHCP server test cases for verifying the Requested IP Address option
Two new test cases, cdrouter_dhcp_server_10 and cdrouter_dhcp_server_11, have been added to the dhcp-s test module. These tests verify the DUT’s DHCP server behavior when responding to clients that request valid and invalid addresses via the DHCP Requested IP Address option.
New port mapping test cases that verify LeaseDuration
Two new tests, tr69_54 and tr69_64, have been added to the tr69 test module. These tests are designed to verify that the DUT properly handles port mappings that are specified with a non-zero duration using the PortMappingLeaseDuration parameter.
New v6 testvars for outbound firewall
The existing firewallOutBlockedTcpPorts, firewallOutBlockedUdpPorts, and firewallOutBlockedIpProtos testvars are now used just for v4 testing. There are three new testvars dedicated to v6 testing: ipv6FirewallOutBlockedTcpPorts, ipv6FirewallOutBlockedUdpPorts, and ipv6FirewallOutBlockedUdpPorts.
New Test Modules and Test Cases
- New DHCP Server test cases
TEST: cdrouter_dhcp_server_10 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server returns requested IP address when new client uses Requested IP Address option
TEST: cdrouter_dhcp_server_11 MODULE: dhcp-s.tcl DESCRIPTION: Verify DHCP server does not return an address when invalid Requested IP Address option is used
- New TR-069 port mapping tests
TEST: tr69_54 MODULE: tr69.tcl DESCRIPTION: Verify dynamic TR-069 TCP port mapping is removed after lease duration expires
TEST: tr69_64 MODULE: tr69.tcl DESCRIPTION: Verify dynamic TR-069 UDP port mapping is removed after lease duration expires
Bug Fixes and Notes
Resolved an issue with the new device connect feature in which the management IP address was not getting removed from the interface when CDRouter was restarted.
Resolved an issue where Device information would be removed when bulk editing packages within the web UI.
CDRouter’s LAN DHCP clients will now automatically clear any existing addresses when they are restarted without performing a DHCPRELEASE. This change was made to ensure that all DHCPDISCOVER messages, regardless of which state the client is in, are sent with with a source address of 0.0.0.0 and not the previous address. This change will resolve an issue associated with this behavior that was reported in the dns_220 test case.
Updated the cdrouter_dhcp_server_8 and cdrouter_dhcp_server_9 test cases to include only one Requested IP Address option (DHCP option 50) in the DHCPREQUEST messages sent by CDRouter’s LAN DHCP client.
The MAC filtering tests in the mac-filter test module have been updated to now produce a PASS result if the DUT does not allow clients with restricted MAC addresses to associate wirelessly.
The firewallOutBlockedIpProtos testvar now limits values to 0-255. Values outside this range will show an error when running a config check.
Resolved an issue with the mapt_23 and mapt_40 test cases when processing fragments.
Added 1 second to the Router Advertisement timeout that CDRouter uses in various test cases when waiting for RAs from the DUT or validating that RAs are sent by the DUT when expected.
Modified the constraint logic for the ipv6LanIp to no longer allow all zeros for the host ID portion. The all zeros host ID represents an anycast address for the given prefix which has special meaning and should not normally be used by the DUT.
CDRouter’s DHCPv6 server on the WAN has been updated to automatically age out (send lifetimes of zero) for any prefixes that are not currently in use when processing received messages from the DUT’s DHCPv6 client. This update should resolve an issue with some client implementations while running the dhcpv6_60 test case.
CDRouter’s ACS no longer generates the quoted string syntax for the qop and algorithm URL parameters in the WWW-Authenticate header during CWMP connection requests, as required in Section 3.4 of RFC 7616. In previous releases, CDRouter’s ACS generated the quoted string syntax for these parameters which was not compatible with some CWMP implementations.
Updated tests tr69_conn_req_10, tr69_conn_req_11, tr69_conn_req_12, tr69_conn_req_13, and tr69_conn_req_15 to generate a PASS result if the DUT responds to the connection request with an HTTP 405 “Method Not Allowed”.
Resolved a fatal error in the tr69_conn_req_4 test case with some connection request URLs.
Updated the tr111_p1_20, tr111_p1_21, tr111_p1_22, tr111_p1_23, and od128_test_24.1 test cases to upper-case the DeviceManufacturerOUI suboption of DHCP option 125 in all DHCPREQUEST messages sent by CDRouter’s LAN clients. The DeviceManufacturerOUI suboption is based on the DeviceInfo.ManufacturerOUI parameter which is defined as having an all upper-case value according to Section F.2.5 of TR-069 Amendment 5. Previous versions of CDRouter used lower-case values for this suboption.
Resolved an issue with the tr69_conn_req_4 test case. This test was not being cleaned up properly in some failure modes. This resulted in an invalid connection request URL being used in the following test case.
Updated and enhanced the test case titles and descriptions in the tr69_conn_req test module.
Updated the ACS to handle a malformed DUStateChangeComplete message that was causing a fatal error. If the DUT encodes the Results OpResultStruct element as an array CDRouter will now log an Fail messge and continue with the test.
Updated the tr69_conn_req test module to better handle IPv6 based connection request URLs. This update resolves a few different instances of fatal errors in this module when running over IPv6.
Resolved an issue with the od128_test_35.1 and od128_test_35.6 test cases. In previous versions these test cases were hard coded to look up parameters from the Device root data model during validation. When these tests were run against InternetGatewayDevice implemenations parameter validation would fail because of this issue.
CDRouter 10.3 Build 4 May 15, 2017
Bug Fixes and Notes
Relaxed the skip logic constraints to allow some of the DHCP Server tests in the dhcp-s module to run if the the configured DHCPv4 pool size is 1. In previous versions the entire module would be skipped with this configuration setting. The DHCPv4 pool size is determined by the values in dhcpClientStart and dhcpClientEnd.
Resolved an issue with the ‘obtain IP address’ timeout value when starting a new DHCP client on the LAN for the test cases in the dhcp-s module.
Resolved an issue with the way names are generated when copying configs and other resources in the web interface. CDRouter now correctly leaves the original resource name intact and appends ”(copy 1)” to the end.
The configuration associated with a saved testlist can now be cleared by selecting the “Please choose a config to use…” option when editing the package within the web UI.
Resolved an issue with the wireless scan and association logic used during the start up procedure when wireless interfaces are configured.
Resolved an issue with the cdrouter_dhcp_server_31 test. CDRouter was incorrectly failing the test when the DUT sent back a DHCPACK in response to a DHCPDISCOVER with the Rapid Commit flag.
- Resolved an issue in the dhcpv6_server_9 test case to only verify the IPv6 servers defined (uncommented) in the configuration file. Up to four (4) IPv6 DNS server may be defined, using the testvars ipv6WanDnsServer, ipv6WanBackupDnsServer, ipv6WanBackupDnsServer2, and ipv6WanBackupDnsServer3.
Resolved an issue introduced in release 10.3 with the SOAP headers generated by CDRouter. The cwmp version string in the SOAP header is based on the value of the cwmpProtocolVersion testvar. If this testvar is set to 1.0, the SOAP header will include cwmp-1-0. If this testvar is set to 1.1, the SOAP header will include cwmp-1-1. If ths testvar is set to 1.2, 1.3, or 1.4, the SOAP header will include cwmp-1-2.
Updated the tr69_conn_req_30, 31, 32 test cases to verify a successful connection request prior to initiating the DoS attack in each test. This resolves an error that would occur when running these tests in isolation.
If the Name parameter for the primary WAN instance is not writeable, the tr69_conn_req_40 test case will now use the ProvisioningCode parameter instead to test for the TR-069 code injection vulnerability.
- Resolved fatal errors in the 5_095_xml_namespace_prefix_validation and 5_073_SPA_incorrect_param_name tests. These fatal erros are related to the updated XML parser included in release 10.3 Build 1 of CDRouter.
CDRouter 10.3 Build 6 June 20, 2017
Bug Fixes and Notes
Added constraints for staticRoute testvars staticRouteLanNetwork, staticRouteLanNextHop, staticRouteWanNetwork, staticRouteWanNextHop such that now the config checker verifies that the “Network” destination is not on the same subnet as the interface and the “NextHop” is on the same network as the sending interface.
-new-testpathin cdrouter-cli -help output.
Updated the tests in the firewall test module to better support configurations that utilize virtual services on multiple unique LAN subnets.
Resolved an issue with the cdrouter_app_17 test case that could lead to an invalid test case failure. This test had an issue parsing port numbers that were a single digit from the FTP header.
Resolved an issue with the installer that reported an error/warning when installing CDRouter 10.3 Build 4 on an Ubuntu operating system.
The ipsecTunnelKeyType testvar will now generate a config error if it is set to a value of IKE and the system does not have the CDRouter IKE add-on enabled within its license.
Added support for vservice tests to be compatible with multiport LAN config.
The log file generated using cdrouter-diag script will no longer include the cdrouter.log file to reduce its overall size.
Modified the cdrouter_dhcp_server_540 test case to allow an ICMP Echo sent to the wrong MAC address to be counted as a successful probe and therefore PASS the test.
Updated CDRouter to automatically skip the dhcpv6_150 test if the wanDhcpv6ClientOptionCode testvar is not defined.
Updated the dhcpv6_20 and dhcpv6_pd_20 test cases to be more strict in what DHCPv6 messages it expects to receive from a DUT. These tests will now report a failure earlier if CDRouter’s DHCPv6 server does not receive a Renew/Request message from the DUT when expected.
This release of CDRouter requires BBF.069 Release 8.1.
For a complete list of the changes associated with BBF.069 Release 8.1, please see the release notes.