|Release Type||Release Number||Release Date|
|Original||CDRouter 11.2 Build 1||February 6, 2019|
|Maintenance Release 1||CDRouter 11.2 Build 2||March 4, 2019|
Note: CDRouter 11.2 includes many new features and configuration testvars. Old config files can be automatically upgraded to include all new CDRouter 11.2 testvars using the config upgrade utility.
Attention: Operating System Deprecation Notice
Support for the Ubuntu operating system has been deprecated. CDRouter systems running on Ubuntu will now see warning messages during installation and in the ‘start’ log of a test run. Support for this operating system will be officially removed with the next major version of CDRouter (12.0). Please contact firstname.lastname@example.org for additional information and assistance in migrating to a supported operating system.
CDRouter 11.2 Build 1 February 6, 2019
New Features and Enhancements
802.11ac Wave 2
CDRouter now supports 802.11ac Wave 2 connections for both simulated LAN clients and WiFi WAN connections. This support comes through the new NTA1000v6 platform, released alongside CDRouter 11.2. If you are interested in upgrading your system to the NTA1000v6, please reach out to email@example.com.
In addition, Wi-Fi scaling tests are now supported on all 3 of the NTA1000v6 wireless cards.
Support for DNS over HTTPS (DoH)
CDRouter’s WAN DNS servers now support DNS over HTTPS (DoH) as defined in RFC 8484.
With the addition of DNS over HTTPS, CDRouter’s DNS servers now support four different transports: traditional DNS over UDP on port 53, DNS over TCP on port 53, DNS over TLS (DoT) on port 853, and DNS over HTTPS on port 443.
For more information please see our Knowledge Base article on testing DNS over TLS and HTTPS with CDRouter.
Support for layer 2 GRE tunnels on the WAN
A new l2gre test module, with 12 test cases, has also been added. This test module can be used to validate layer 2 GRE tunnel behavior on the DUT.
In addition, two more application style L2GRE tests have been added to apps and apps-v6 test modules. [LH #3260]
Support for IPv6 DNS over HTTPS (DoH)
CDRouter’s WAN IPv6 DNS servers now also support DNS over HTTPS as a transport. See the announcement above for more information.
New commands added to CWMP Scenario Testing feature
The CWMP Scenario Testing feature now includes support for GetParameterAttributes and SetParameterAttributes requests to allow scenarios to configure Notifications for any parameter in the CPE’s data model. The Event command has also been updated so that the parameters in Inform messages can be verified when a “Value Change” Event occurs.
These new commands are documented in the CWMP Scenario Testing section of the CDRouter TR-069 User Guide.
Automatically generated capture file for all ICS traffic
When ICS is enabled CDRouter now automatically generates a separate capture file, per test case, for all ICS traffic. The new capture files can be accessed by clicking on the file labeled ics in the Files drop-down within the web UI.
ICS capture files allow users to quickly and easily see exactly what cloud service or resources a device is communicating with. This information is very helpful in understanding the behavior of a device and assessing its overall security.
New Test Modules and Test Cases
New L2GRE application tests
TEST: cdrouter_app_140 MODULE: apps.tcl DESCRIPTION: Verify IPv4 L2GRE session through the router
New GRE test module
MODULE: l2gre.tcl DESCRIPTION: L2 over GRE related test cases NEW TEST CASES: 12
New IPv6 L2GRE application tests
TEST: ipv6_app_140 MODULE: apps-v6.tcl DESCRIPTION: Verify IPv6 L2GRE session through the router
New ACS redirection test cases
TEST: tr69_35 MODULE: tr69.tcl DESCRIPTION: Verify CPE follows 302 redirects to new ACS server with a specified port number
TEST: tr69_36 MODULE: tr69.tcl DESCRIPTION: Verify CPE follows 307 redirects to new ACS server with a specified port number
Bug Fixes and Notes
The CDRouter Customer Lounge website has been redesigned and no longer supports password authentication. Instead, registered users can log in by entering their email address to receive a single-use login token via email. Consequently, the Automatic Upgrade feature on the
/system/upgradepage of CDRouter’s web interface no longer requires a password. A valid, registered email address must still be entered for users to be able to automatically upgrade CDRouter to the latest version, however. Please contact firstname.lastname@example.org if you have any questions about the CDRouter customer Lounge. [LH #3998]
The renum-dhcp, renum-l2tp, renum-pptp, and renum-pppoe test modules have been updated. Many of the tests in these modules have been updated with an additional test metric to explicitly verify that the orignal IP is properly restored and that traffic is flowing at the end of the test. The following table list the test cases affected: [LH #4062]
renum-dhcp renum-l2tp renum-pppoe renum-pptp cdrouter_renumber_1 cdrouter_renum_l2tp_1 cdrouter_renum_pppoe_1 cdrouter_renum_pptp_1 cdrouter_renumber_2 cdrouter_renum_l2tp_2 cdrouter_renum_pppoe_2 cdrouter_renum_pptp_2 cdrouter_renumber_3 cdrouter_renum_l2tp_3 cdrouter_renum_pppoe_3 cdrouter_renum_pptp_3 cdrouter_renumber_4 cdrouter_renum_l2tp_6 cdrouter_renum_pppoe_6 cdrouter_renum_pptp_6 cdrouter_renumber_5 cdrouter_renum_l2tp_50 cdrouter_renum_pppoe_50 cdrouter_renum_pptp_50 cdrouter_renumber_6
The dhcp-c.tcl modules can now be run when CDRouter is in “bridge mode” (testvar forwardingMode is set to “bridge”). [LH #3954]
Improved the TCP behavior associated with the IPv4 https and http2 test cases to better handle packets received out of order and also delayed closing the session to ensure receiving the TCP FIN. [LH #3846]
The version of TCL that CDRouter uses has been upgraded to 8.6.9.
The version of the wpa_supplicant driver that CDRouter uses has been upgraded to 2.7.
Resolved a memory leak leading to system unresponsiveness. This issue was triggered when an OSPFv3 LS Update packet was received by CDRouter. [LH #4081]
Resolved an issue with the NTP server option provided by CDRouter’s DHCP server on the WAN. In previous releases if two NTP servers were defined, the DHCP option would contain only the information for the second NTP server. Both NTP servers are now included in the DHCP option, if specified. [LH #4059]
The interface rotation logic for failure retries has been modified. Prior to this release, if the test retry package option was enabled in a configuration with multiple LAN interfaces, CDRouter would rotate to the next test interface when a test failed. Now, when a test fails under these conditions, all test retries will utilize the same test interface rather than rotating to the next test inteface. [LH #4045]
Prior to this release, the scheme for automatically generating MAC addresses for wireless clients involved appending a 24-bit client identifier to the 24-bit cdrouterOui:
<24-bit OUI><24-bit Client ID>
This scheme is not sufficient for certain configurations where some additional uniqueness, per wireless interface, is required.
If there is more than one wireless LAN interface in use, CDRouter now ensures that all wireless LAN interfaces have a unique 32-bit MAC prefix which is composed by appending an 8-bit random interface identifier to the 24-bit cdrouterOui.
The scheme for automatically generating MAC addresses for wireless clients now involves appending a 16-bit random client identifier to the unique 32-bit interface prefix:
<24-bit OUI><8-bit Interface ID><16-bit Client ID>
Note that this change applies only to wireless clients when there are more than one wireless LAN interface in use. If there is only a single wireless LAN interface in use CDRouter retains the pre 11.1 behavior. [LH #4066]
The lanMac can no longer be specified for wireless interfaces if more than one wireless interface is configured. [LH #4066]
If more than one wireless interface is in use, the following tests and modules will now be skipped [LH #4066]:
Test Cases Test Modules cdrouter_dhcp_server_3 mac-filter.tcl static_1 dmz.tcl static_2 vservice.tcl static_10 triggerp.tcl static_20 arp_10 arp_11 arp_12 arp_13 cdrouter_app_220 cdrouter_app_225 cdrouter_app_227 static_v6_1 static_v6_2
- Improved the TCP behavior associated with the IPv6 https and http2 test cases to better handle packets received out of order and also delayed closing the session to ensure receiving the TCP FIN. [LH #3846]
Updated the tr69_1 test case to verify the MaxEnvelopes and CurrentTime fields in Inform messages [LH #3948]
Updated the tr69_320 test case to include the
cwmp:IDheader in the Fault response sent by the ACS. [LH #4053]
The new testvar acsStrictSyntaxChecking can be used to enable or disable the additional XML syntax validation of array lengths on all CWMP messages received from the DUT. This additional XML syntax check was originally added in CDRouter 11.1 and enabled by default. Setting this testvar to “off” will disable this. [LH #4064] [LH #3929]
Upated tests ir181_test_5.6.9, ir181_test_5.6.11, and ir181_test_5.6.13. The tests now set the RadiusServerIPAddr parameter properly and no longer report an error when the DUT the RadiusSecret parameter with an empty string [LH #3890]
CDRouter 11.2 Build 2 March 4, 2019
Bug Fixes and Notes
A new testvar dhcpRelayServer has been added. This testvar specifies the IPv4 address of the DHCP relay server and is only needed in setups where the relay server is on a different subnet than the address being assigned to the DUT. This testvar is equivalent to the IPv6 testvar dhcpv6RelayServer which was added in CDRouter 10.7.4. [LH #4082]
The generic HTTP server used by CDRouter in various test cases now utilizes the native Linux TCP stack for improved performance and robustness. Certain test cases that require specific non-standard HTTP or TCP behavior will continue to use CDRouter’s built-in TCP stack. [LH #2244]
All CDRouter stacks that are directly connected to the DUT now perform IPv6 Duplicate Address Detection (DAD) on all link-local, unique-local, and global unicast addresses before configuring and using them.
This change impacts CDRouter’s primary WAN stack and all IPv6 enabled LAN clients. If conflicts are detected during DAD, a warning will be displayed in the log file. Additionally, if privacy addresses are used on the LAN CDRouter will automatically assign a new, random privacy address and attempt DAD again.
Note that this enhancement has resulted in changes to the underlying pktsrc API that may impact custom tests. Please refer to the pktsrc API notification section below for more information. [LH #3955]
Updated the dhcpv6_pd_62 test case so that it no longer sends unnecessary IPv6 ping requests after the WAN link has been brought down. [LH #4092]
Update the rip-ng and rip-ng-wan test modules to wait up to 50 seconds for RIPng updates from the DUT, in accordance with Section 2.3 of RFC 2080. RFC 2083 states that the DUT’s RIPng timer should trigger every 30 seconds +/- 15 seconds. By waiting up to 50 seconds CDRouter ensures that all RIPng updates sent by the DUT should have been received. Previously these tests waited up to 40 seconds, which was not adequate in some cases. [LH #4103]
The ipv6_ripng_200 test case is now properly skipped if the testvar ripAcceptWanUpdate is set to a value of no. [LH #4101]
Updated the ipv6_ndp_wan_16 test case to resolve a fatal error that occurred while running in static WAN mode. [LH #4091]
The testvar supportsULA now defaults to a value of no. [LH #4102]
Updated the tr69_80 and tr69_81 test cases to ignore authentication failures (if present) during the clean portion of the test. This allows CDRouter to always restore the DUT’s original connection request username and password regardless of the final result of the test. [LH #4079]
Resolved an issue with the tr69_64 test cases in which
LeaseDurationparameter was being set to two conflicting values in the same SetParameterValues call. [LH #4094]
Pktsrc API Notifications
As a result of ticket #3955 detailed above, the following pktsrc API modifications have been made and may impact custom tests.
IPv6_setproc supports a new, optional argument
nodadwhich will disable DAD when setting an address on a stack.
The following pktsrc API calls now have an optional
packetargument which is used for retrieving a DHCPv6 packet from a callback. The optional
packetargument should be used instead of calling
Stack_get_protocol s DHCPv6 <packet>which is no longer guaranteed to work with DAD enabled.