|Release Type||Release Number||Release Date|
|Original||CDRouter 10.7 Build 1||April 26, 2018|
|Maintenance Release 1||CDRouter 10.7 Build 2||May 2, 2018|
|Maintenance Release 2||CDRouter 10.7 Build 3||June 7, 2018|
|Maintenance Release 3||CDRouter 10.7 Build 4||July 9, 2018|
Note: CDRouter 10.7 includes many new features and configuration testvars. Old config files can be automatically upgraded to include all new CDRouter 10.7 testvars using the config upgrade utility.
CDRouter 10.7 Build 1 April 26, 2018
New Features and Enhancements
New package scheduler!
CDRouter now includes a built in package scheduler! This feature makes it possible to automatically schedule packages to run every day at a specific time. For more information please see this Knowledge Base article.
Support for DNS over TLS
CDRouter’s WAN DNS servers now support DNS over TLS as defined in RFC 7858.
With the addition of DNS over TLS, CDRouter’s DNS servers now support three different transports: traditional DNS over UDP on port 53, DNS over TCP on port 53, and DNS over TLS (over TCP) on port 853.
For more information please see our Knowledge Base article on testing DNS over TLS with CDRouter .
New DNS over TLS test module
To facilitate the testing and adoption of support for DNS over TLS within CPE devices, a new test module, dns-tls.tcl, has been added to CDRouter. This test module adds 34 new test cases that utilize DNS over TLS as a transport.
New DNS test case for verifying privacy-enabling DNS behavior
A new DNS test case, dns_500, for verifying that the DUT’s DNS proxy does not leak DNS queries in plaintext over UDP or TCP on the WAN has been added.
This test is skipped by default. To run this test, DNS over TLS must be enabled on the DUT. In addition, the DUT must support ‘strict privacy’ for authentication as defined in Section 6.6 of RFC8310 and set the new testvar dnsUsageProfile to a value of strict-privacy.
Note that variants of this test have been added to all DNS specific test modules as well. These tests are: dns_tcp_500. dns_tls_500, ipv6_dns_500, ipv6_dns_tcp_500, and ipv6_dns_tls_500.
Support for IPv6 DNS over TLS
CDRouter’s WAN IPv6 DNS servers now also support DNS over TLS as a transport. See the announcement above for more information.
New DNS over TLS test module
To facilitate the testing and adoption of support for IPv6 DNS over TLS within CPE devices, a new test module, dns-tls-v6.tcl, has been added to CDRouter. This test module adds 29 new test cases that utilize DNS over TLS as a transport.
New ID-181 test module
A new ir181 test module has been added to CDRouter! This module includes 50 new test cases based on revision 14 of the Broadband Forum’s CWMP Interoperability and Functionality Test Plan as defined in ID-181.
Please note that ID-181 is currently in draft status within the Broadband Forum. Once approved, this test plan will be published as IR-181. Future releases of CDRouter will be updated to ensure consistency with the most recent available versions of the ID/IR-181 test plan.
CDRouter is now shipping with Release 9.0 of the BBF.069 scripts from the UNH-IOL. For a complete list of modifications included with this release, please see the bug fixes and notes section below.
New Test Modules and Test Cases
New DNS over TLS module
MODULE: dns-tls.tcl DESCRIPTION: DNS over TLS proxy and DNS failover related tests NEW TEST CASES: 35
New DNS test cases for verifying privacy-enabling DNS behavior
TEST: dns_500 MODULE: dns.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
TEST: dns_tcp_500 MODULE: dns-tcp.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
TEST: dns_tls_500 MODULE: dns-tls.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
New IPv6 DNS over TLS module
MODULE: dns-tls-v6.tcl DESCRIPTION: IPv6 DNS over TLS proxy and DNS failover related tests NEW TEST CASES: 30
New IPv6 DNS test cases for verifying privacy-enabling DNS behavior
TEST: ipv6_dns_500 MODULE: dns-v6.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
TEST: ipv6_dns_tcp_500 MODULE: dns-tcp-v6.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
TEST: ipv6_dns_tls_500 MODULE: dns-tls-v6.tcl DESCRIPTION: Verify DNS proxy enforces DNS strict privacy usage profile
New IR-181 test module
MODULE: ir181.tcl DESCRIPTION: CWMP Interoperability and Functionality Test Plan NEW TEST CASES: 49
Bug Fixes and Notes
CDRouter’s utilities for migrating results from pre-10.0 systems has been deprecated. Future versions of CDRouter will not have the ability to migrate older results directly. If migration is needed, we recommend that users first install CDRouter 10.7, perform the results migration, and then upgrade to the latest release of CDRouter. [LH #3715]
Resolved an issue where CDRouter would run all tests on a ‘Restart’ of a test package, even though the user selected Failed only or Passed only in the ‘Restart this package’ pop-up dialog. [LH #3694]
Improved the cleanup process of the additional clients created in the LAN scaling tests for wireless interfaces. [LH #3706]
Modified behavior of wireless LAN clients that become disassociated during the CDRouter scaling test cases. They will not attempt to automatically reassociate. [LH #3713]
Resolved an internal routing issue in the ipv6_ripngwan_9 that resulted in a false negative test result. [LH #3732]
Resolved an issue in the ipv6_ripngwan_100 test case in which duplicate routes were advertised by CDRouter on the WAN. [LH #3734]
Fixed an issue where CDRouter’s LAN client would try to configure a Unique Local Address (ULA) for itself even if the supportsULA testvar is set to “no”. [LH #3629]
Resolved an issue in the ipv6_ripng_100 test case in which duplicate routes were advertised by CDRouter on the WAN. [LH #3734]
Updated test cases v6_cpe_1_5_a,v6_cpe_1_5_b,v6_cpe_1_5_c, and v6_cpe_1_5_d to use the dhcpv6RestartLatency and dhcpv6PDLatency testvars. These testvars allow CDRouter to give extra time for some DUT’s to (respectively) reinitiate DHCPv6 Prefix Delegation requests and to advertise a newly-learned prefix on the LAN. [LH #3721]
Resolved a misleading log message issue in the ipv6_ndp_30 test case. [LH #3722]
The 5_092_CWMP_Faults_Upload test case has been updated to resolve an exception in cases where a TransferComplete RPC is not received. [LH #136]
CDRouter’s HTTP Cookie handling has been updated which corrects a problem in the 5_036_redirect_cookies test where an unsolicited CWMP session for a periodic Inform caused the wrong cookie value to be recorded. [LH #124]
The 5_014_DNS_server test has been updated to accommodate CPE devices which intentionally map domain names in DNS requests to mixed-case spelling. [LH #127]
All Upload and Download tests have been updated to include additional skip logic which prevents them from being run when relevant testvars are not properly configured. [LH #154]
The 5_010_Multiple_TCP_conn test case has been updated to ensure all subsequent connects include a Authentication header. [LH #155]
The unh_path and unh_base testvars have been removed and replaced with individual testvars. [LH #129]
The UNHWRAP procedure has been replaced by CDRouter’s built in SOAP validation. [LH #117]
The 5_041_maximum_SOAP_message test case has been updated to resolve an exception during the clean up procedure and ensure that the DUT is restored to its original state. [LH #158] [LH #157]
Updated the 5_037_redirect_response_data test to use an HTTPS URL in its “307 (Temporary Redirect)” message if the original ACS URL is also HTTPS. Prior to this change, the ACS always redirected the DUT to an HTTP URL. [LH #167]
CDRouter 10.7 Build 2 May 2, 2018
Bug Fixes and Notes
Updated the cdrouter_mcast_110 and cdrouter_mcast_120 tests so that the testvar iptvMaxFailures will trigger when either the forwarding check fails or the joining of the group fails. Previously, the check for the joining of the group was not considered by iptvMaxFailures. Also, these tests will now abort when the total number of failures is greater than or equal to iptvMaxFailures. Previously, the tests would abort when the total number of failures was greater than iptvMaxFailures. [LH #3742]
The cdrouter_urlfilter_40 test case has been updated to include the server name indication (SNI) TLS header. [LH #3738]
The cdrouter_app_25, cdrouter_app_26, cdrouter_app_27, and cdrouter_app_28 test cases have been updated to ensure that the DUT is actively using the primary DNS server before testing for failover to other non-primary DNS servers. [LH #3729]
Updated the dhcpv6_server_3 test case to support dynamic DHCPv6 valid lifetimes on the LAN that are based on the WAN side IA_PD valid lifetime. To verify this behavior the testvar ipv6DhcpClientValidLifetime can now be set to a keyword value of
dynamicif the valid lifetime varies based on the delegated prefix received on the WAN. If set to
dynamicthis test will verify that the valid lifetime received on the LAN is less than or equal to the IA_PD valid lifetime assigned by CDRouter’s DHCPv6 server on the WAN (which is configured using the testvar dhcpv6IAValidLifetime).
Corrected the mapt_42 test case to verify that ICMPv4 Type 3 messages are translated to ICMPv6 Type 1, where appropriate. [LH #3744]
Updated the dhcpv6_pd_62 test case to verify that the advertised prefix on the LAN matches the IA_PD provided by CDRouter on the WAN, regardless of the SLA ID used by the DUT (if any). [LH #3743]
Updated the dhcpv6_pd_63 test case to take into consideration the DUT’s expected SLA ID as configured using the testvar ipv6LanSubnetId. [LH #3743]
The ipv6_urlfilter_40 test case has been updated to include the server name indication (SNI) TLS header. [LH #3738]
Updated the dhcpv6_server_9 test case to allow the DUT to provide its link-local or unique-local IPv6 address as the DNS server to IPv6 LAN clients when the testvar ipv6DNStoLAN is set to a value of no. Previously this test only allowed the DUT’s global address in this configuration. [LH #3736]
Resolved an issue (introduced in CDRouter 10.6) in which the value of the nmapPorts testvar was being ignored, resulting in all Nmap scans being performed over the default port range of 0-2048. [LH #3747]
Resolved an issue (introduced in CDRouter 10.6) in which the scan type argument was not being passed into Nmap resulting in all tests performing the same scan. [LH #3749]
CDRouter 10.7 Build 3 June 7, 2018
Bug Fixes and Notes
Modified the behavior of the following DNS test cases: dns_210, dns_220, dns_230, dns_240, dns_tcp_210, dns_tcp_220, dns_tcp_230, and dns_tcp_240. If the lanDomainName is set to the keyword none, the LAN client will omit the domain name and include only a hostname in the DNS queries for local names that are sent to the DUT. [LH #3773]
CDRouter 10.6 introduced an issue in which the following test cases were not properly terminating the PPP link when a WAN mode of PPPoE was used: upnp_203, upnp_igd2_203, upnp_210, upnp_igd2_210, upnp_220, and upnp_igd2_220. This issue has been resolved. [LH #3759]
The cdrouter_upnp_203 test case and variants have been updated to handle implementations that utilize an intermediate
Connectingconnection status. [LH #3799]
CDRouter’s DNS servers have historically been configured with a WAN MTU of 1404. This restriction has been lifted and the DNS servers will now use the MTU of the parent stack. [LH #3802]
Resolved an issue in the scaling and scaling-v6 test modules where CDRouter continued with the test when the DUT assigned an already used IP address to a client without any warning message. CDRouter now successfully detects and prints out a message letting user know that duplicate IP address was detected. In this scenario we mark the test case as failure. [LH #3746]
WANv6_terminate_linkAPI call has been updated to wait for the DHCPv6 prefix delegation (IA_PD) binding to update in WAN modes where DHCPv6 prefix delegation is enabled. Prior to this modification, this call only terminated the PPP link or waited for the DHCPv6 IA_NA binding to update. Tests that utilize this call will now support stateless WAN modes, such as
static, when DHCPv6 prefix delegation is enabled. This includes ula_10, ula_11, ula_12, ipv6_ripng_wan_50, ipv6_ripngwan_52, dhcpv6_pd_62, v6_cpe_2_2_b, ipv6_upnp_203, ipv6_upnp_igd2_203, ipv6_upnp_210, ipv6_upnp_igd2_210, ipv6_upnp_220, and ipv6_upnp_igd2_220. [LH #3759]
CDRouter 10.6 introduced an issue in which the following test cases were not properly terminating the PPP link when an IPv6 WAN mode of PPPoE was used: ula_10, ula_11, ula_12, ipv6_ripng_wan_50, ipv6_ripngwan_52, v6_cpe_2_2_b, ipv6_upnp_203, ipv6_upnp_igd2_203, ipv6_upnp_210, ipv6_upnp_igd2_210, ipv6_upnp_220, and ipv6_upnp_igd2_220. This issue has been resolved. [LH #3759]
The default router lifetime in all RAs sent by CDRouter on the WAN has been changed from 1800 seconds to three times the WAN RA interval specified by the testvar ipv6RASendInterval. This is consistent with the recommended default value listed in Section 6.2 of RFC 4861. [LH #3787].
The dhcpv6_pd_15 test case has been modified to remove all IA_PD specific checks and instead focus on the behavior of LAN side RAs when the WAN link is down. In addition this test now waits for an RA from the DUT with a non-zero router lifetime before running the final connectivity check at the end of the test. These modifications are more consistent with the requirements being tested and also result in the test running much faster. [LH #3754]
The ipv6_slaac_wan_12 and ipv6_slaac_wan_13 test cases have been updated to better support bridge devices such as APs, Ethernet switches, etc. These tests now explicitly ensure that the router bit in Neighbor Advertisements received from the DUT is 0 for bridges and 1 for routers. Previously these tests would fail if the router bit was 0 for any type of device, which would lead to false negatives for bridge devices where the router bit is expected to be 0. [LH #3774]
Resolved an issue with CDRouter’s ICMPv4 checksum calculation in MAP-T mode. This issue resulted in dropped ICMPv4 packets and bad ICMP checksum warning messages in various test logs. [LH #3782]
Resolved an issue in the slaac-wan and cpe-v6 modules in which the M-bit in WAN RAs sent by CDRouter was being enabled for non DHCP WAN modes. These modules now properly set the M-bit based on the configured WAN mode. [LH #3783]
The ula_10, ula_11, ula_12, and dhcpv6_pd_15 test cases have been updated to wait for wait the longer of the WAN RA lifetime or the LAN RA interval + 1 LAN RA interval for the DUT to send the expected RAs on the LAN. These tests have also been updated to wait for the duration of the testvar dhcpv6PDLatency rather than a fixed delay of 5 seconds before performing the final connectivity check. [LH #3790]
- The 5_019_conn_request and 5_020_conn_request_session_exists tests were updated to handle cases when the DUT sends a fragmented message to the ACS. [LH #3777]
- The nmap and nmap-v6 test modules are now multiport aware. Previously these tests were always executed on the primary LAN interface. In multiport configurations, these tests will now cycle through LAN interfaces. [LH #3418]
CDRouter 10.7 Build 4 July 9, 2018
New Features and Enhancements
New version of Nmap
CDRouter now uses version 7.70 of Nmap.
Bug Fixes and Notes
- Version 5.4 of the NTA1000 operating system image is now available! Please contact email@example.com for more information.
Resolved a fatal error in the wifi_1 and wifi_2 test cases by automatically skipping them if no wifi interfaces with DHCP or DHCPv6 are available. These tests require a wifi interface that has DHCP or DHCPv6 enabled. [LH #3805]
Resolved a fatal error associated with setting the lanMac or wanMac testvars to a value of
00:00:00:00:00:00. The config check utility now explicitly prevents these testvars from being set to this value. [LH #3780]
The cdrouter_eapol_1 test case has been updated. For wired supplicants only, the destination MAC address of EAPOL packets from the DUT’s 802.1X authenticator can now be either the supplicant’s unicast MAC address or the PAE group address 01:80:C2:00:00:03. Previously only the unicast MAC address of the supplicant was allowed. [LH #3820]
invalid tokenerror when logging in to a CDRouter system via the web UI. [LH #3807]
The web UI now supports all result filtering view modes while a result is running. Previously these options were only available for finished results. [LH #3792]
CDRouter’s 802.1X supplicant now waits up to 100ms for an EAPOL Failure message whenever it sends an EAPOL Logoff. Reception of an EAPOL Failure message indicates that the controlled port has been closed and resolves a race condition in certain test cases in the eapol test modules. [LH #3775]
CDRouter now actively monitors the state of all configured LAN and WAN network interfaces. If any configured interface is down at the start of a test CDRouter will fail the test. [LH #3794]
Introduced a new testvar, dhcpv6RelayServer, which can be set to the IPv6 address of the relay-server that forwards DHCPv6 requests from the DUT. This testvar is only necessary when the source IPv6 address of DHCPv6 requests sent by the relay-server is on a different prefix than the address being assigned to the DUT. [LH #3798]
Relaxed the requirements in the ipv6_ndp_wan_16 test case. Previously this test would FAIL if the DUT did not use its GUA as the source address of the NA sent to CDRouter. This test now allows the DUT to use any of its valid source addresses (GUA, LLA, etc.) as the source address of the NA. [LH #3801]
Resolved a false negative result when running the v6_cpe_1_2 test with the ipv6WanMode set to a value of
autoconf. [LH #3800]
- Resolved an issue associated with maintaining the WAN PPPoE session while running the tr143_http test module. This issue resulted in premature termination of the PPPoE session leading to test failures. [LH #3829]
- Removed the 1,000,000 byte (1 MB) file size limit for the DOCSIS TFTP server. The DOCSIS TFTP server now supports large files and can be used for downloading firmware via the CM interface using the SNMP Scenarios feature. [LH #3806]