Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Release 2.4.5.1

Notable Fixes

  • build: Pinned versions of Jinja2 and MarkupSafe in Dockerfile

  • Updated CA certificates (opensync_ca.pem)

Release 2.4.5.0

Notable Fixes

  • SM: Fixed a crash caused by unnecessary allocations of hapd objects when moving home VAPs between 5GL and 5GU

  • FSM/FCM fixes and enhancements:

    • Fixed incorrect handling of default logging level in mDNS plugin

    • Improved handling of ICMP flows to also provide direction information

    • Additional fixes of code that handles ICMP flows, which can now also be properly blocked

Notable Enhancements

  • Updated CA certificates (opensync_ca.pem)

  • Behavior of memutil helpers adjusted to abort (SIGABRT) on failures

  • logpull: Added detailed memory footprint information

Platform Support

  • Disabled MBO at startup, because it is enabled by default on some drivers and can cause interoperability issues (platform/bcm)

  • Added a missing check for SNR calculation (platform/bcm)

  • Improved probe request filtering which was causing connectivity issues in some situations (platform/bcm)

  • Fixed an issue with setting the off-channel dwell time on QCA 11ax (platform/qca)

  • Added a workaround to prevent kernel panic caused by radartool code on QCA 11ax (platform/qca)

  • Added WANO interface list configuration for 11ax reference boards (vendor/qca-template)

Release 2.4.4.0

Notable Fixes

  • CM: Fixed logic in connectivity checks for faster detection of broken connectivity, and to switch between IPv4 and IPv6 promptly

  • hapd: Fixed a problem with DPP_LISTEN, which caused DPP responder to not work correctly

  • WM, hapd: Added a workaround for client's oftag not being populated when WPA3 is used

  • NM: Fixed problems with configuration being applied too early (most notably for DHCPv6 client)

  • NM: Fixed occasional ‘use-after-free’ crashes (nm2_dhcpv6_client_release(), nm2_dhcpv6_server_release())

  • NFM: Fixed incorrect behavior when deleting rules referring to no longer existing tags

  • OSN: Added missing ‘null’ implementations of functions in osn_route_null.c

  • FSM/FCM fixes and enhancements:

    • Using new memutil macros for improved diagnostics of memory usage

    • Fixed several memory leaks

    • Fixed some unit tests and added a few new ones

    • Fixed flow filtering

    • Fixed a FSM crash caused by incorrectly handled offset in lib/mdnsd

    • Fixed a FSM crash caused by improper cleanup in ct_stats and nf_ct

    • Fixed a FSM crash caused by not properly restarting the pcap container when configuration options change

    • Fixed an issue which caused replies from upstream being marked as a separate inbound flow

Notable Enhancements

  • CM: Reduced the amount of ICMP traffic (ping) in normal state (connected to the cloud)

  • Optimized 'ip -6 route replace' commands to improve behavior of traffic accelerators

  • Adjusted or removed several log messages that were causing unnecessary ‘noise’ in logs

  • Replaced proprietary plookup with nslookup in healthcheck

  • Added a pattern for Kernel crash reporting for ATOM-based platforms

Platform Support

  • Fixed 'mcp reload' which could have failed because mcpd was not ready, resulting in snooping settings not being applied (platform/bcm)

  • Added a workaround for a bug in some drivers, which resets the ‘MPC’ power saving mode to ‘1’ (platform/bcm)

  • Added an option to adjust netfilter NAT options to resolve problems with SIP phones (platform/qca)

  • Fixed a memory leak in osync_nl80211_scan_results_fetch() (platform/qca)

Release 2.4.3.0

Notable Fixes

  • CM: Fixed LAN connectivity loss after a prolonged Internet outage

  • NM: Fixed MSS clamping rules for PPPoE

  • BM: Added missing CLIENT_BTM_STATUS in protobuf

  • QM: Fixed MQTT reconnect logic

  • FSM/FCM fixes and enhancements:

    • Fixed a crash when disabling then enabling IP threat protection

    • Fixed dns_cache hit count

    • Added filtering for invalid DNS lookups

    • Improved blocking of UDP packets

    • Improved memory usage threshold handling

    • Various improvements and fixes in lan_stats

Platform Support

  • Fixed handling of open network clients so that they can be steered (platform/bcm)

  • Removed the ‘DPP mcast action rx’ workaround, now relying on a patch in the driver (platform/qca)

Release 2.4.2.0

Notable Enhancements

  • NM: Reduced the number of ‘ip’ calls during status updates

Notable Fixes

  • NM: Added MSS clamping rules for PPPoE

  • WM: Fixed an out of bounds crash (core, platform/qca)

  • FSM: Fixed incorrect handling of reserved ports (< 1024)

  • FSM: Fixes and enhancements in the Gatekeeper plugin

Platform Support

  • OSN: Added support for the egress QoS map (platform/bcm)

  • Improved netlink event processing to ignore uninteresting events (platform/bcm

Release 2.4.1.0

New Features

  • A new FSM plugin (src/lib/gatekeeper_plugin), acting as a policy engine using an external threat intelligence service

Notable Enhancements

  • PM: Thermal management can be configured to ignore thermal state overrides

Notable Fixes

  • FSM: Fixed bugs related to stale cached data

  • FSM: Fixed risk level processing

Release 2.4.0.0

New Features

  • WPA3 support for 11ax platforms

  • DPP 1.1 support (on Qualcomm only)

  • FSM/FCM features and enhancements:

    • FSM reports mDNS records for improved device typing

    • Additional FSM plugin (src/lib/ipthreat_dpi) for IP-based threat detection using an external service

    • Additional FSM plugin (src/lib/fsm_dpi_sni) for URL and SNI processing

    • Extended flow reports to include directionality information

  • DM: Introduced a new speed test infrastructure using plugins

  • Added a modular ‘healthcheck’ service (core, platform/bcm, platform/qca)

  • Added a modular ‘logpull’ framework (core, platform/bcm, platform/qca)

  • Crash log collection and reporting

Notable Enhancements

  • QM, SM: MQTT reporting interval is now configurable to allow near real-time monitoring (on-demand, controlled by the cloud)

  • CM: Boot time is recorded in OVSDB

  • Extended default implementation of osp_unit_serial_get() with several alternatives (configurable via Kconfig)

  • Revised handling of static routes and VLANs (including support for VLAN 0)

  • Kconfig enhancements:

    • Added support for including configuration files in a configuration file

    • Introduced ‘base’ configuration files (in platform layer) for various chipsets, which can then be included in per-model configuration files (in vendor layer)

    • 3rdparty layer modules can be enabled/disabled via Kconfig

Platform Support

  • Support for hardware acceleration of multicast over VLAN (platform/bcm)

  • No labels