CDRouter 16.5

May 28, 2026

New Features

  • Wi-Fi Key Management Auto Mode: The wpaKeyMgmt testvar now supports an auto mode (the new default) that automatically selects the strongest key management offered by the Access Point. This enables full auto support for wpaMode so that clients negotiate WPA3 where the DUT supports it rather than being capped at WPA2. [sc46694]

  • Wi-Fi OWE: CDRouter now supports Opportunistic Wireless Encryption (OWE), the WPA3 method for a passwordless Wi-Fi network. Additionally OWE is included as an option (with SAE and PSK) when wpaKeyMgmt is set to auto. [sc46697] [sc47445]

  • TLS Handshake Failure Recovery Tests: Added two new tests that verify the CPE recovers its management server connection gracefully after a failed TLS handshake. [sc47141]

    • tr69_240
    • usp_31

  • Speed Test Functional Feature Tests: Added new functional tests to the tr471_functional_cwmp and tr471_functional_usp modules that exercise optional TR-471 speed test features, including jumbo frames, configurable MTU, authentication during the speed test, and changing the server port. [sc47287]

    • tr471_functional_cwmp_2 through tr471_functional_cwmp_17
    • tr471_functional_usp_2 through tr471_functional_usp_17

  • Selectable TCP Congestion Algorithm for Performance Tests: Added the new perfCongestion testvar, which selects the TCP congestion control algorithm (for example cubic, or reno). [sc46037]

  • Dedicated perf_client Graphs: Performance data for perf_client tests has been removed from the main Visualize Performance graph and is now shown in a dedicated perf_client graph. To view the new graph on a result with perf_client metrics, click “Visualize Client Performance” [sc45360]

  • CWMP Data Model Profile Improvements: Improved the efficiency of the CWMP profile tests by eliminating GetParameterValue RPCs on the entire data model and using a single TR-069 session to perform multiple RPC calls. This change affects all CWMP profile test types. [sc47089]

  • USP Data Model Profile Improvements: Improved the efficiency of the USP profile tests by eliminating Gets on the entire data model. This change affects the get, set, and ado USP profile test types. [sc47089]

  • IPv6 SCTP Tests (SCTPv6): Added a new sctp-v6 test module that extends CDRouter’s SCTP coverage to IPv6. [sc25253]

    • ipv6_sctp_1
    • ipv6_sctp_2
    • ipv6_sctp_3
    • ipv6_sctp_4

  • Per-Interface NTP Server Configuration: NTP servers can now be defined uniquely per WAN interface rather than only globally, and CDRouter can advertise IPv6 NTP server addresses directly instead of an FQDN. [sc27538]

Changelog

CDRouter

  • The wpaSaePweH2E testvar now defaults to yes and has been deprecated. CDRouter now uses the Hash-to-Element (H2E) password element derivation by default, as the older Hunt-and-Peck (H2P) process was deprecated due to a security vulnerability. To continue testing H2P, set this testvar to no. [sc46692]
  • The wpaSaePassword testvar has been deprecated and now defaults to none. Its functionality has been folded into the wpaKey testvar, which no longer enforces the WPA2-only length restrictions when used for WPA3 SAE. [sc47081]
  • Added a ±5% tolerance to the T1 (renewal) and T2 (rebinding) timer validation in cdrouter_dhcp_51 so that minor timing variance no longer causes false failures. Note that this change also introduces an upper-bound check on the T1/T2 timers that was not previously enforced. The cleanup waited for a DHCPREQUEST while the DHCP server was still disabled, causing the test to time out. The server is now re-enabled before the wait. [sc45819] [sc47555]
  • Addressed an issue in heartbleed_100 and heartbleed_200 where the LAN test reused the WAN-configured management port, causing false results when the LAN and WAN management ports differ. The LAN test now tests only port 443. [sc40094]

IPv6

  • Addressed a fatal error in dhcpv6_server_80 in the failure-path cleanup. [sc47148]
  • Addressed false failures in cpe_v6_33 where the test logged a long wait for a Duplicate Address Detection (DAD) packet but actually timed out after only a few seconds. Logging around the second prefix RA step has also been clarified. [sc47074]
  • Addressed an issue in cpe_v6_23 and cpe_v6_24 where cleanup proceeded before the advertised prefix had expired, leaving stale IPv6 address data that could cause the next test to fail. [sc47134]
  • Stabilized the Router Advertisement default router preference flag (RFC 4191), which could unexpectedly flip between values during a test run. [sc45800]
  • Moved ipv6_snmp_docsis_201 into the incompatible-with-docsis-dhcpv6-relay skip label removed cpe_v6_35 from the incompatible-with-docsis-dhcpv6-relay skip label so that each test is correctly skipped for its DHCPv6 relay topology. [sc46834]

Performance

  • Updated iPerf from 3.20 to 3.21 and addressed crashes and a server_close SIGTERM race that could cause “perf ended unexpectedly” failures when running multiple Wi-Fi performance packages concurrently on 6 GHz. [sc47174]
  • Addressed a regression where iPerf3 TCP retransmit values were incorrectly reported and/or inflated. The FAIL output and testvar descriptions have also been improved. [sc47395]

prpl Certification

  • Updated the prplOS stats tests in Section 1.1 to support both IGMPv2 and IGMPv3. [sc45694]
  • Addressed a regression from prplos.1.2.30 where the Option 46 value comparison was incorrectly parsing the value. [sc47359]
  • Updated prplos.1.3.10 to normalize hex case before comparing the DUT’s reported DHCPv6 ReceivedOption.Value, so that DUTs reporting the value in lowercase hex no longer fail. [sc47386]
  • Addressed a fatal error in prplos.1.3.24 through prplos.1.3.27 caused by sending a DHCPv6 Solicit before the elapsed-time tracker was started. [sc47182]

Security

  • Updated Nmap from 7.97 to 7.98. [sc46607]
  • Updated the ET Open ruleset in the CDRouter Security expansion to 11200. [sc47294]

USP

  • Addressed an issue where usp_profile_5 reported a PASS even when the DUT failed to respond to the controller’s Add request. The test now correctly fails in that case. [sc46992]
  • Addressed an issue where USP profile loading failed in start for DUTs that report an event name containing spaces (for example “Channel change event!”). [sc47284]
  • Addressed a timing issue in usp_conformance_9_2 where the test reported a PASS for reconnecting to the USP controller after a reboot while the WAN link was still down. [sc47451]