CDRouter 11.0

Release Type	Release Number	Release Date
Original	CDRouter 11.0 Build 1	September 4, 2018
Maintenance Release 1	CDRouter 11.0 Build 2	October 4, 2018
Maintenance Release 2	CDRouter 11.0 Build 5	November 13, 2018

Note: CDRouter 11.0 includes many new features and configuration testvars. Old config files can be automatically upgraded to include all new CDRouter 11.0 testvars using the config upgrade utility.

Attention: Operating System Deprecation Notice

Support for the Ubuntu operating system has been deprecated. CDRouter systems running on Ubuntu will now see warning messages during installation and in the ‘start’ log of a test run. Support for this operating system will be officially removed with the next major version of CDRouter (12.0). Please contact support@qacafe.com for additional information and assistance in migrating to a supported operating system.

September 4, 2018

New Features and Enhancements

---

CDRouter

• New USP expansion!

  We are pleased to announce CDRouter USP - a brand new expansion for testing the Broadband Forum’s User Services Platform (USP) protocol as defined in TR-369!

  The USP expansion includes a powerful new USP controller with support for all three MTPs with and without MTP and USP layer encryption. A number of new USP specific test modules for verifying core functionality and profile support for the Device:2.12, FAPService:2.1, STBService:1.4, StorageService:1.2, and VoiceService:2.0 data models have also been developed.

  Please see our website and the CDRouter USP User Guide for more information.

• Updated WAN DHCP and DHCPv6 server

  CDRouter’s WAN DHCP and DHCPv6 servers have been updated to better support testing of non-routing devices such as Ethernet switches and wireless access points. Specifically, CDRouter’s DHCP and DHCPv6 servers now serve addresses from a pool when the forwardingMode is bridge. This allows CDRouter to provide addresses to multiple clients when testing switches and APs. In standard routing configurations where the testvar forwardingMode is set to route these updates should be transparent.

  For more information, please see this Knowledge Base article .

• Update to the ‘Results Diff’ tool

  The Results Diff tool has been updated with a filter to only display test cases that did not produce the same result in all test runs being compared. For more information, please see the “How can I compare multiple test results?” article in our Knowledge Base.

CDRouter IPv6

• Support for IPsec site-to-site VPN tunnels over IPv6

  CDRouter now supports the testing of IPsec site-to-site (ie tunnel mode) VPN tunnels over IPv6 on the WAN. This new feature allows users to define, terminate, and test a mix of IPv4 and IPv6 IPsec VPN tunnels on the WAN with CDRouter.

  Support for manually keyed IPv6 IPsec tunnels is included with the CDRouter IPv6 expansion. Support for dynamic IKEv1 IPv6 IPsec tunnels requires both the CDRouter IKE and CDRouter IPv6 expansions.

  IKEv1 based IPv6 IPsec tunnels can be tested using the existing ike and ike-natt (if NAT-T is enabled) test modules.

  The ESP protocol for all defined IPv6 IPsec tunnels (manually keyed or keyed with IKEv1) can be tested with the new ipsec-esp-v6 test module which includes 10 new test cases.

• New Duplicate Address Detection (DAD) test in the ndp test module

  A new test, ipv6_ndp_16, has been added to the ndp test module. This test verifies that the DUT responds to DAD-style Neighbor Solicitations for its global IPv6 address on the LAN.

• New test in ndp test module to verify behavior when IPv6 default route is lost

  A new test, ipv6_ndp_34, has been added to the ndp test module. This test verifies that the DUT stops advertising itself as a router on the LAN when it receives Router Advertisements on the WAN with a router lifetime of zero. This test is designed to verify requirements G-4 and G-5 in RFC 7084.

• Unique Local Address (ULA) tests

  Two new tests, ula_13 and ula_14 have been added to the ula test module. These tests verify the DUT’s behavior with respect to ULA provisioning of LAN clients when it loses its default router on the WAN. This condition is simulated by sending Router Advertisements with a router lifetime of zero on the WAN.

• New IPSEC pass-through module for IPv6

  A new test module, ipsecpt-v6, adds six new test cases that can be used to verify the DUT’s functionality with respect to IPSEC pass-through connections from LAN to WAN and vice-versa over IPv6.

CDRouter TR-069

• Updated CWMP profiles

  CDRouter’s Device2_profiles test module has been updated to support version 2.12 of the Device:2 data model published by the Broadband Forum. All profiles defined in the following data models are now supported:

  Data Model	Version
  InternetGatewayDevice:1	1.14
  Device:1	1.14
  Device:2	2.12
  STBService:1	1.4
  VoiceService:1	1.1
  VoiceService:2	2.0
  StorageService:1	1.2
  FAPService:1	1.1
  FAPService:2	2.1

  This update adds support for the new Device:2 profiles listed below:

  Test Module	Profile
  Device2_profiles	L2TPBasic:1
  Device2_profiles	L2TPv3Adv:1
  Device2_profiles	VXLANBasic:1
  Device2_profiles	VXLANAdv:1
  Device2_profiles	LMAPPreconfiguration:1
  Device2_profiles	LMAPController:1
  Device2_profiles	BASAPM:1
  Device2_profiles	TWAMPReflectorBasic:1

• New TR-069 Wireless configuration test cases

  The tr69_wireless module has been updated with new tests to verify wireless LAN configuration with WPA/WPA2 Enterprise security settings. In addition to configuring the DUT with various combinations of WPA, WPA2, and WPA/WPA2, each test also verifies that CDRouter’s wireless client can connect to and pass traffic through the DUT in the specified configuration.

CDRouter IKE

• Support for IKEv1 IPsec site-to-site VPN tunnels over IPv6

  The CDRouter IKE expansion now supports configuration of IPv6 IKEv1 based IPsec VPN tunnels. Please see the note in the CDRouter IPv6 section above for more information.

CDRouter SNMP

• New SNMPWalk command for SNMP scenario testing

  The [SNMP Scenario Testing] (/cdrouter/user-guide/cdrouter-snmp-user-guide/#snmp-scenario-testing) feature has been updated to support SNMPWalk commands to retrieve multiple OID values at one time. SNMPWalk requests allow you to get all OID instances that exist at a particular node in the MIB hierarchy, and verify the value returned by the DUT.

• Improved SNMP Scenario capabilities

  Two new ways to check the DUT’s response to SNMP commands have been added to SNMP Scenario Testing:

  • Commands in SNMP Scenarios now support an 'expr' argument to allow you to verify whether an OID’s value is less than, greater than, or equal to a specific value.

  • A new 'contains' argument to the SNMPTable command allows you to check the results of a table column as an single unit as opposed to checking each individual row.

New Test Modules and Test Cases

---

CDRouter IPv6

• New test module for verifying IPsec site-to-site VPN tunnels over IPv6

  MODULE: ipsec-esp-v6.tcl
  DESCRIPTION: IPv6 IPSEC ESP tests for IPSEC based VPNs
  NEW TEST CASES: 10
  

• New Duplicate Address Detection test case

  TEST: ipv6_ndp_16
  MODULE: ndp.tcl
  DESCRIPTION: Verify DUT responds to DAD-style Neighbor Solicitations for global address on LAN
  

• New test to verify behavior when DUT loses default IPv6 route on WAN

  TEST: ipv6_ndp_34
  MODULE: ndp.tcl
  DESCRIPTION: Verify DUT does not advertise itself as a default router when WAN RA lifetime is 0
  

• New ULA test cases

  TEST: ula_13
  MODULE: ula.tcl
  DESCRIPTION: Verify unique local prefix is advertised when WAN RA lifetime is 0
  

  TEST: ula_14
  MODULE: ula.tcl
  DESCRIPTION: Verify Route Information option for unique local prefix is valid when WAN RA lifetime is 0
  

• New IPsec pass-through module for IPv6

  MODULE: ipsecpt-v6.tcl
  DESCRIPTION: IPv6 IPSEC based VPN pass through from the LAN to the WAN
  NEW TEST CASES: 6
  

CDRouter TR-069

• Three new test cases to verify “WPA/WPA2 Enterprise” wireless LAN security configurations

  TEST: tr69_wireless_40
  MODULE: tr69_wireless.tcl
  DESCRIPTION: Verify WPA-Enterprise configuration (Device:2 Only)
  

  TEST: tr69_wireless_41
  MODULE: tr69_wireless.tcl
  DESCRIPTION: Verify WPA2-Enterprise configuration (Device:2 Only)
  

  TEST: tr69_wireless_42
  MODULE: tr69_wireless.tcl
  DESCRIPTION: Verify WPA/WPA2-Enterprise configuration (Device:2 Only)
  

CDRouter USP

• Three new test modules for verifying core USP functionality

  MODULE: usp_basic
  DESCRIPTION: Basic USP functionality tests
  NEW TEST CASES: 4
  

  MODULE: usp
  DESCRIPTION: Extended USP functionality tests
  NEW TEST CASES: 30
  

  MODULE: usp_conformance
  DESCRIPTION: Broadband Forum ID-369 USP conformance tests
  NEW TEST CASES: 62
  

  MODULE: usp_scenarios
  DESCRIPTION: General USP configuration testing for user defined USP scenarios
  NEW TEST CASES: 1
  

• Six new test modules for verifying USP profiles

  MODULE: USP_Device2_profiles
  DESCRIPTION: TR-181 Issue 2 USP profile testing for Device:2 root data model
  NEW TEST CASES: 768
  

  MODULE: USP_FAPService2_profiles
  DESCRIPTION: TR-196 Issue 2 USP profile testing for FAPService:2 data model
  NEW TEST CASES: 293
  

  MODULE: USP_STBService1_profiles
  DESCRIPTION: TR-135 USP profile testing for STBService:1 data model
  NEW TEST CASES: 96
  

  MODULE: USP_StorageService1_profiles
  DESCRIPTION: TR-140 USP profile testing for StorageService:1 data model
  NEW TEST CASES: 53
  

  MODULE: USP_VoiceService2_profiles
  DESCRIPTION: TR-104 Issue 2 USP profile testing for VoiceService:2 data model
  NEW TEST CASES: 90
  

  MODULE: usp_profiles
  DESCRIPTION: USP profile testing for user defined CWMP profiles
  NEW TEST CASES: 5
  

Bug Fixes and Notes

---

CDRouter

• ATM support has been removed from CDRouter. This includes support for PPPoA as a WAN mode and the associated pppoa-c and renum-pppoa test modules. [LH #1530]

• Support for 802.1X-WEP, also known as Dynamic WEP, as a wireless security mode has been removed from CDRouter. [LH #3700]

• The data migration tools included with CDRouter 10.x have been removed. These tools were included to help migrate data from older systems to the new database introduced in CDRouter 10.0. Users running versions of CDRouter prior to 10.0 must upgrade to a 10.x release in order to preserve and migrate any old results. Please contact support@qacafe.com for more information or assistance. [LH #3715]

• Resolved a display inconsistency with CDRouter’s web UI associated with the bulk edit feature. If the bulk edit feature was used to change the ‘device’ associated with one or more test results, the change was not reflected correctly on the Home page. The edited result(s) on the Home page and the Results page now match. [LH #3873]

• Resolved an issue with the cdrouter_dhcp_32 test case in which CDRouter was sending the FORCERENEW message to the DUT on the server port (port 68). CDRouter now sends the message on the correct client port (port 67). [LH #3731]

• Resolved an issue that caused a fatal error when CDRouter’s LAN client unexpectedly failed to connect to the DUT in a “Hotspot” configuration. [LH #3866]

• Added a wifi hotspot sub-section to the “LAN->802.11 Wireless” configuration section of a default CDRouter configuration file. These testvars existed previously, but were not made visible in a default CDRouter configuration file [LH #3851]:

          SECTION "Hotspot Router Settings" {
  
              testvar browserLoginUrl1
              testvar browserLogoutUrl1
  
              SECTION "Hotspot Clients" {
  
                  testvar clientLoginName1
                  testvar clientLoginPassword1
  
              }
  
              SECTION "Advanced Hotspot Settings" {
  
                  testvar browserLoginProc
                  testvar browserLogoutProc
                  testvar browserScriptsPath
  
              }
  
          }
  

• Added a new testvar browserScriptsPath to specify the name of the file that contains custom login and logout Tcl procs for “hotspot” configuration. [LH #3876]

• The custom login and logout scripts for “hotspot” scenarios are loaded into the ‘global’ Tcl namespace, so that specifying the buddy namespace (buddy::<proc_name>) to locate the custom procs is no longer required. [LH #3876]

• Updated CDRouter to ensure that LAN clients with a designated IP address in the config file are allocated a static MAC address that is used throughout the test run. Test modules that create LAN clients with a designated address include: apps.tcl (inboundH323Host ), dmz.tcl (lanDmzHost ), mac-filter.tcl ( filteredMacIp , unfilteredMacIp), static.tcl (staticRouteLanNextHop ), static-v6.tcl (staticIpv6RouteLanNextHop ), vservice.tcl (virtualTcpServiceHost , virtualUdpServiceHost ). [LH #3855]

• Updated the cdrouter_tport_10 test case to work when the DUT is configured to forward unknown traffic to a designated “DMZ” host on the LAN. [LH #3823]

• CDRouter now waits up to startTimeout seconds for the DUT to contact the XMPP server during start when XMPP is enabled. Previously this value was hardcoded to a value of 65 seconds which might be too short for some DUTs. [LH #3878]

CDRouter IPv6

• The looping logic and associated log messages in the dhcpv6_pd_15 test case have been cleaned up. This change allows the test to run faster and produces a more descriptive log file. [LH #3788]

• Improved the logging of test case dhcpv6_140 to be more explicit about the expected timings of received DHCPv6 Solicit messages. [LH #3711]

• Improved filtering to suppress excessive and unnecessary logging of received packets in the scaling and scaling-v6 modules. Broadcast and multicast packets sent by CDRouter’s LAN clients are already displayed in the log. The log files will not redundantly display messages from every other client on the LAN that receives these packets. [LH #3844]

• The url-filter-v6 module is no longer skipped if the supportsDnsProxy testvar is set to “no”. [LH #3838]

CDRouter TR-069

• A warning message will now be displayed in SPV profile test logs for any required parameters that are missing within the DUT’s data model. [LH #3847]

• Updated support for the Device:2 (TR-181) data model when the acsCreatePortMapOnIGD testvar is set to “yes”. This allows the ACS to send Connection Requests to a TR-069 CPE device connected to the LAN-side of a TR-069 Gateway. Previously, only the InternetGatewayDevice:1 (TR-098) data model was supported. See “LAN Side TR-069 Devices” (Example 3) in the CDRouter TR-069 User Guide for more information and configuration details. [LH #3843]

• All of the profile verification modules (Device2_profiles.tcl, InternetGatewayDevice1_profiles.tcl, cwmp_profiles.tcl, etc.) were updated to resolve a problem with the data validation of certain parameters in the data model. These tests will now correctly verify that parameters defined as a list of a particular data type are encoded with syntax type string in the SOAP message sent by the DUT, and not the data type of the individual elements. For example, CDRouter will verify that the Device.Bridging.Bridge.{i}.Port.{i}.PriorityRegeneration parameter (defined in the data model as a list of unsignedInt) is encoded as a string by the DUT, and that each element of that string is an unsignedInt. Note that data validation is only done when the cwmpDataValidation testvar is set to “yes”. [LH #3879]

• The tests in the tr69_wireless.tcl and ir181.tcl modules were updated so that they no longer attempt to connect a wireless LAN client if the required wireless settings could not be successfully configured on the DUT. [LH #3868]

• The tr69_410 test case has been updated. This test now verifies that the DUT’s NTP client is in the Synchronized state before performing additional validation on the DUT’s current local time. In addition, time validation of the DUT’s current local time has been improved. [LH #3810]

• Updated the ACS to handle cases when the DUT sends an Inform with an empty DeviceSummary parameter. [LH #3656]

• Resolved an issue in the tr69_30 test case. The host making the connection request to the DUT must now be in the same address family (IPv4/IPv6) as the DUT’s Connection Request URL. [LH #3585]

• Resolved a problem in the ir181_test_5.5.1 test which caused a fatal error and halted the test package. [LH #3882]

• Updated tests ir181_test_5.6.9, ir181_test_5.6.11, and ir181_test_5.6.13. The tests now set the RadiusServerIPAddr parameter properly and no longer report an error when the DUT the RadiusSecret parameter with an empty string [LH #3890]

• The various wireless tests in the ir181 test module have been updated and no longer attempt to set or query the BeaconType parameter on Device:2 systems. This parameter is defined only for IGD:1 and Device:1. [LH #3893]

CDRouter Performance

• There is a known issue with CentOS 7.5 systems that may impact performance results. This issue is related to a CentOS bug that has been reported but not yet fixed. Please contact support@qacafe.com for more information and steps to resolve this issue. [LH #3891]

• Support for omitting the first n UDP throughput measurements intervals has been removed. The testvar perfOmit may still be specified for TCP throughput tests. Using this testvar for TCP was the original intent to compensate for the ‘slow-start’ mechanism that many TCP implementations use. UDP has no such mechanism, so omitting the first few intervals is not needed. [LH #3750]

CDRouter SNMP

• The SNMPTable command has been updated with a new contains argument that checks all rows of a particular table column and produces a single PASS/FAIL result instead of issuing separate PASS/FAIL results for each row. [LH #3815]

• A new SNMPWalk command has been added which allows multiple OIDs to be requested at once instead of having to issue separate GetRequest or GetNextRequest commands. [LH #3789]

October 4, 2018

New Test Modules and Test Cases

---

CDRouter TR-069

• New test cases added to TR-069 “ir181” module

  Six new test cases have been added to the ir181.tcl module. These tests cover the “Localized Strings” section of the Broadband Forum ID-181 test plan to verify that the CPE correctly handles strings containing non-ASCII and multi-byte characters received from the ACS.

New Test Modules and Test Cases

---

CDRouter

• New TR-069 test cases added to verify “Localized Strings” in CWMP messages

  TEST: ir181_test_5.7.1        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.1: Non-ASCII Characters in a SetParameterValues RPC
  

  TEST: ir181_test_5.7.2        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.2: Multi-Byte Encoding in a SetParameterValues RPC
  

  TEST: ir181_test_5.7.3        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.3: Non-ASCII Characters in a ParameterKey
  

  TEST: ir181_test_5.7.4        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.4: Multi-Byte Encoding in ParameterKey
  

  TEST: ir181_test_5.7.5        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.5: Non-ASCII Characters in CommandKey
  

  TEST: ir181_test_5.7.6        
  MODULE: ir181.tcl
  DESCRIPTION: ID-181 Test 5.7.6: Multi-Byte Encoding in CommandKey
  

Bug Fixes and Notes

---

CDRouter

• Resolved a fatal error in the cdrouter_dmz_1 test case when configuring a static MAC address using the lanDmzHostMac testvar. [LH #3912]

• Resolved a fatal error in the cdrouter_dyndns_1 test case when the final update error code received from the DUT is ’null’. [LH #3901]

• Added a warning message if a LAN CLient receives an Information Element (IE) in an Association Response that includes an unexpected capability. [LH #3714]

• Resolved an issue in which the values specified for the testvars clientLoginName and clientLoginPassword were not being used. [LH #3918]

• Resolved the issue with the test case arp_12 where CDRouter did not send any gratuitous arp after creating lan clients. [LH#3921]

• Starting in version 11.0, when CDRouter is running in [“bridge mode”] (/cdrouter/knowledge-base/bridge-mode-testing-with-cdrouter/), CDRouter’s LAN clients now send DHCP requests which the DUT bridge will forward to the WAN link (see the note above for more details). In order for CDRouter’s DHCP server to distinguish the DUT’s client from LAN clients, the wanDutClientID testvar must be set to the hex value that appears in the DUT’s DHCP Client-ID option. Similarly, the ipv6WanDutDuid testvar must be set to the DUT’s DHCPv6 Client-ID option when CDRouter is running in bridge mode. It is no longer necessary to set the wanDutMac testvar when running in bridge mode. [LH #3906]

CDRouter TR-069

• Resolved an issue in certain od128 and tr69 test cases where CDRouter’s ACS was sending a CommandKey argument that was greater than 32 characters when issuing a Reboot RPC. This caused some DUTs to reject the Reboot PRC request entirely. This issue has been resolved. CDRouter now always sends a valid CommandKey argument that is less than 32 characters. [LH #3903]

• Improved the processing of DUStateChangeComplete messages to prevent a fatal error from occurring if the message from the DUT could not be successfully parsed. [LH #3425]

• Resolved an issue in CDRouter’s FTP server that caused a fatal error in the ir181_test_5.2.3 and ir181_test_5.2.5 tests when the DUT attempted to download diagnostics data. [LH #3926]

CDRouter IPv6

• Resolved an issue that caused CDRouter to send ICMPv6 Router Advertisements with the M-flag set when the WAN addressing mode (ipv6WanMode ) was set to “autoconf”. This problem did not occur in CDRouter versions before 11.0 Build 1. [LH #3905]

November 13, 2018

New Features and Enhancements

---

CDRouter

• New test cases to detect presence of BCMUPnP_Hunter malware

  Four new UPnP format string vulnerability test cases have been added to CDRouter: cdrouter_upnp_400, cdrouter_upnp_igd2_400, ipv6_upnp_400, and ipv6_upnp_igd2_400. These new tests check to see if the DUT’s UPnP server is susceptible to the UPnP string format vulnerability recently identified within the BCMUPnP_Hunter malware.

  For more information on the BCMUPnP_Hunter malware, please see these links:

  https://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers-to-email-spammers-en/ https://arstechnica.com/information-technology/2018/11/a-100000-router-botnet-is-feeding-on-a-5-year-old-upnp-bug-in-broadcom-chips/

New Test Modules and Test Cases

---

CDRouter

• New UPnP test cases for verifying susceptibility to BCMUPnP_Hunter malware

  TEST: cdrouter_upnp_400
  MODULE: upnp.tcl
  DESCRIPTION: Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware
  

  TEST: cdrouter_upnp_igd2_400
  MODULE: upnp.tcl
  DESCRIPTION: Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware
  

CDRouter IPv6

• New UPnP test cases for verifying susceptibility to BCMUPnP_Hunter malware

  TEST: ipv6_upnp_400
  MODULE: upnp-v6.tcl
  DESCRIPTION: Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware
  

  TEST: ipv6_upnp_igd2_400
  MODULE: upn-v6p.tcl
  DESCRIPTION: Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware
  

Bug Fixes and Notes

---

CDRouter

• Resolved an issue with the dmz test module in which a fatal error would be produced if the testvar lanDmzHostMac was not specified. [LH #3942]

• Resolved an issue with the MTU configuration of CDRouter’s WAN DNS servers. The DNS server MTU now takes into account the WAN mode being used (DHCP, PPPoE, etc.). [LH #3981]

CDRouter TR-069

• Resolved a problem with one of the parameter paths used when the ACS attempts to add new XMPP entries to the Device.XMPP.Connection. table in the DUT’s data model during the start phase of testing. [LH #3804]

• Resolved an issue with setting the LocalTimeZoneName parameter in the test tr69_410. In previous versions of CDRouter, the parameter had a space in the string to set the timezone. This space has been removed to adhere to what is specified in the TR-098 Amendment 2 specification. [LH #3941]