Release 3.2.9.0
Notable Fixes
WM: Fixes corner case when WiFi driver downgraded the HT mode but did not set the primary channel correctly, resulting in a loss of device connectivity
FSM: Fixed mDNS plugin where mDNS was not cached for each unique IP address
Notable Enhancements
Amended logpull script to collect outputs of lsof and contents of /proc/sys/fs/file-nr
Added health-check script to check the available file handles resource pool (observing /proc/sys/fs/file-nr). If the system gets too close to the limit (only 500 or less file handles remaining), log top 100 process which consumes the most for easier debugging
Enhance 5G radio validation (neighbor configuration) to improve roaming
Platform Support
Fixes ghost client with SDK 5.04L02 (platform/bcm)
Enabled nf_conntrack_helper to address PPTP VPN issue on client device in router mode (platform/bcm)
Fixed channel change in case of radar event when it changes from DFS to non-DFS channel (platform/qca)
Prevent use of DFS channels during node onboarding (platform/qca)
Disabled REPEATER_SAME_SSID feature due to channel change issues with SPF 12.1 (platform/qca)
Added libopenvswitch headers support for Hawkeye (vendor/qca-template)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via Wifi_Route_Config (alpha)
CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.8.0
Notable Fixes
BM:
Use default Operating Class value in phy_type when it is not set in BTM parameters
Add only neighbors which are under that access point
Skipped adding of a 6 GHz self neighbor when a client does not have 6 GHz capability
Reject neighbor when op class is empty
Prevented sending of deauthentication frames to the non-associated clients on QCA platform
Added BTM neighbor candidate filtering according to a properly set value in the ifname field of the Wifi_VIF_Neighbors table
Enhance front-haul interface name validation for QCA platform
FSM: Fixed action value in the DNS MQTT report. Instead of allowed value, observed value is used
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via Wifi_Route_Config (alpha)
CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.7.0
Notable Fixes
FSM/FCM fixes:
dns_parse: Ignore DNS requests with empty ‘name’ (FQDN), because they caused errors during processing but are otherwise of no interest
Notable Enhancements
Extended XM to support DHCP reservation and port forwarding
Added a target function
target_vif_sta_remove()
to allow platform-specific behavior
Platform Support
Fixes for Qualcomm 11ax platforms (QSDK 11.x or newer):
Implemented the new
target_vif_sta_remove()
function to prevent deauth frames from being sent, which could confuse some clients (platform/qca
)Fixed channel width calculation used for neighbor APs (
platform/qca
)Reworked the code for obtaining client statistics (
platform/qca
)When possible, read multiple netlink messages in a single callback invocation to reduce the chance of a socket buffer overrun (
platform/qca
)Removed the rule to drop packets with an invalid TTL, since the underlying problem has been patched in the SDK layer (
platform/qca
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.6.0
Notable Fixes
CM: Do not request DHCPv6 prefix delegation in bridge mode
CM: Fixed the order of operations when removing an uplink
CM: Regression fix (do not use stability timer for GW-only devices)
NM: Force permissions of
/tmp/resolv.conf
because behavior ofmkstemp()
depends on the libc usedNM: Improved detection of changes in DHCP options to prevent unnecessary reconfiguration
BM: Reworked several parts of BM to properly support 6 GHz-capable clients
BM: Fixed a regression which caused stale RRM results to be included in the neighbor list
BM: Filter neighbor list according to supported operating classes
BM: Sort neighbor list using RCPI reported from RRM
BM: Do not add ‘self’ BSSID to the neighbor list if it was already added by the controller
BM: Always use 20 MHz bandwidth for RRM scans
WM: Changed L2UF monitoring on STA interfaces to passive mode to prevent false alerts
WM: hostapd config changes for 6 GHz
WM (libhostap): Force SAE mode for 6 GHz radios if used for onboarding
WM (libhostap): Fixed incorrect value of
wpa_key_mgmt
inWifi_VIF_State
when in mixed modeFSM/FCM fixes and improvements:
Fixed traffic statistics calculation
Provided missing ‘policy’ information when Gatekeeper verdict is “ALLOW”
Fixed the verdict for dropped connections, because an
NF_DROP
removes the entry from conntrack tables and causes re-evaluation for subsequent packetsFixed a crash in
intf_stats_send_report()
if the monitored interface is not availableAdded flow direction to DNS cache
Added direction marking for DHCP packets
Skip DPI inspection of non-IP packets to prevent invalid internal states and potential crashes
Repopulate neighbor cache when restarting FSM
Fixed a regression (IPv6 mDNS messages were ignored)
Fixed a FSM crash caused by improper cleanup in
net_md_free_acc()
Notable Enhancements
Added
pppd
configuration to speed up reconnects (using the ‘persist’ option)
Platform Support
Using ‘
mcpctl reload
’ instead of restartingmcp
when applying changes (platform/bcm
)Fixed CSA handling when it requires switching to another radio, e.g. from 5GU to 5GL (
platform/bcm
)Adjustments for driver version 17.10.188.25010 (
platform/bcm
)Added support for additional Broadcom chipsets: BCM6715 and BCM6756 (
platform/bcm
)Fixed incorrect byte order for BSSID info (
platform/bcm
)Enabled ‘minidump’ support for improved kernel crash analysis (
platform/qca
)Fixes for Qualcomm 11ax platforms (QSDK 11.x or newer):
Applied a missing fix from 11ac code for
ht_mode
reporting during onboarding, if only STA is present, without an AP (platform/qca
)Fixed incorrect XML path used in
cfg80211tool
invocation for channel change commands (platform/qca
)Always disable HT Coexistence mode for 2.4 GHz (
platform/qca
)Reverted to an older implementation of
util_csa_is_sec_offset_supported()
(platform/qca
)Fixed several issues in the code for obtaining the client list (
platform/qca
)Switched to using
libev
instead of a thread for processing statistics (platform/qca
)Fixed ‘Short GI’ and DCS settings (
platform/qca
)Enabled action frame forwarding to user space to receive WNM action frames in BM (
platform/qca
)Fixed a WM crash that occurred when switching channels with a large number of connected clients (
platform/qca
)Fixed a WM crash that occurred when changing auth mode (
platform/qca
)Fixed detection of VIF up/down state (
platform/qca
)Added a rule to drop packets with an invalid TTL value of 0 (
platform/qca
)Additional adjustments for QSDK SPF 11.4 (
platform/qca
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.5.0
Notable Fixes
WANO: Fixed an issue with permissions of
resolv.conf
file on some platformsWANO: Fixed offline recovery for static IP configuration
SM: Fixed an
hapd
resource leakWM: Added SAE PWE derivation setting for 6 GHz channels
WM: Added a check to prevent crashes on incorrect or incomplete PSK configuration
WM: Improved protection against invalid VIF configuration
FSM/FCM fixes and improvements:
Fixed direction marking for reply packets
Added a check to prevent crashing when Gatekeeper cache flush is requested with an empty list
If DNS cache is disabled, check Gatekeeper cache before sending to Gatekeeper for verdict
Fixed processing of messages in mDNS plugin to ignore own messages
Notable Enhancements
WANO: Improved startup time for ethernet clients by echoing their DHCP discovery packets once the data path is established
logpull: Improved performance of the
pskmask
tool by usingmmap
PM: Added support for driving a fan in a duty cycle fashion
Platform Support
Resolved healthcheck issues by ignoring ‘BSS down’ while in CAC (
platform/bcm
)Added handling of
WLC_E_DISASSOC
events (platform/bcm
)Fixed an issue with
ifindex
overflow in BM (platform/qca
, requires a patch in SDK)Adjustments to support QSDK SPF 11.4 (
platform/qca
)Additional fixes for QCA 11ax and Wi-Fi 6E (
platform/qca
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.4.0
Notable Fixes
CM: Fixed uplink validation in bridge mode
BM: Fixed incorrect handling of client configuration for band-steering (regression introduced in version 3.2.0.0)
BM: Improved handling of
op_class
andphy_type
, needed for proper support of the 6 GHz band due to overlapping channel numbersNM: Fixed DHCP request options which caused udhcpc to not report the hostname to the server
NM: Fixed a bad comparator which could cause the NM to hang
WM: Fixed the logic for downgrading the HT mode to account for the cases when the requested bandwidth includes channels which are not available due to regulatory restrictions
WM: Added special handling for a case when all channels are in DFS NOL
FSM/FCM fixes and improvements:
Fixed IP-based blocking when content filtering uses redirection
Fixed a mismatched Gatekeeper categorization value, which caused unnecessary lookups due to a low TTL value
Fixed Gatekeeper statistics to ignore cache hits for private/local IPs
Fixed incorrect IP Threat reporting when using different service providers for DNS and IP Threat
Extended Gatekeeper statistics to include the flow direction
Fixed incorrect handling of the
"report_records"
configuration option for the mDNS pluginAdditional improvements of cleanup procedures when removing plugins to prevent resource leaks and potential crashes
Logging improvements
Notable Enhancements
Updated CA certificates (
opensync_ca.pem
)WANO: Improved robustness of static IP configuration logic
BM: Improved the code for processing 11k Beacon Measurement Reports to produce a more reliable neighbor list, resulting in better roaming experience
BM: Also using the priority field (if set by the cloud) to prioritize the neighbors that should be put on the 11k/11v neighbor lists
WM: Reworked the way client connection/disconnection events are reported to the cloud, improving the behavior of steering algorithms
WM: Added optional handling of stale clients based on L2UF
DM: Added ability to enable or disable a 3rdparty service via the
Node_Config
table
Platform Support
Added a workaround to recover from event overruns (
platform/bcm
)Added 6 GHz support for QCA 11ax (
platform/qca
)DPP support extended to QCA 11ax (
platform/qca
)Fixed an issue with
runcmd
and reverted the workarounds (platform/qca
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.3.0
Notable Fixes
CM: Fixed the address resolving logic to restart the process if an address is removed from the uplink interface
BM: Added a missing update of client’s channel information after a CSA
PM: Improved robustness when and incomplete
Wifi_Inet_Config
table is encounteredPSM: Fixed a memory leak
QM: Improved behavior in case certificates are missing
UM: Fixed a regression (a crash caused by incorrect use of the
memutil
macros)logpull: Fixed processing of tarballs
FSM/FCM fixes and improvements:
Updated the
mdnsd
libraryFixed a FSM crash when there is no IP Threat provider
Fixed a FCM crash when disabling a plugin
Fixed reporting of Gatekeeper statistics to send a report before the cache is flushed (typically because of a policy change)
Fixed reporting of Gatekeeper statistics to omit entries which have not changed in the last observation window
Fixed MAC-based flushing of Gatekeeper statistics
Extended LAN traffic counters from 32 to 64 bits
Notable Enhancements
NM: Revised
Wifi_Route_Config
handler to support updates of static routes
Platform Support
Fixed a bug which caused the probe request information to be cleared before it was propagated to BM (
platform/bcm
)Added an option to enable WPS on 6 GHz channels (
platform/qca
)Added support for
qca5018
chipset (platform/qca
)Added support for
HAWKEYE_PINE
andMAPLE_PINE_PINE
targets (vendor/qca-template
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.2.0
Notable Fixes
WANO: Fixed several potential crashes
PM: Fixed handling of offline recovery enabling/disabling
CM: Fixed an undesired side effect when offline recovery is disabled
FSM/FCM fixes and improvements:
Fixed reporting of the SNI-blocked events
Fixed incorrect behavior of IP blocking when using different service providers for DNS and IP Threat
Fixed a memory leak in FCM (when disabling plugins)
Optimized FSM reporting by storing the action description in the
fsm_policy_reply
structureDNS cache is not needed when both DNS and IP Threat modules are using Gatekeeper, and is disabled in such cases to conserve resources
Added proper support for “redirect” and “forward” actions in Gatekeeper statistics
Notable Enhancements
PSM: Ephemeral columns are not stored to persistent storage to conserve resources
logpull: Uses the new
pskmask
tool to hide (mask) pre-shared keys (PSK) to protect user privacylib/daemon: Added a check to prevent error traceback in logs after an expected signal (typically a
SIGTERM
)mdnsd: Adjusted the level of some log entries to prevent excessive logging, and also adapted the code to use OpenSync logging mechanisms (for consistency and to allow run-time adjustment of the log level)
Introduced a new unit type (package), which can be used for producing shareable archives, containing arbitrary files (e.g. build artifacts, pre-built 3rdparty binaries, and such)
Platform Support
Fixed channel survey statistics for newer drivers (
platform/bcm
)Improved robustness of primary interface mode (AP vs STA) state detection/verification (
platform/bcm
)Added an example script and configuration for enabling persistent storage (
vendor/bcm-template
)
In Development *
LTEM (or LTE Manager) – a manager for LTE uplink management (alpha)
NM and OSN changes to be able to manage default routes via
Wifi_Route_Config
(alpha)CM: Added uplink prioritization capability to improve startup times (PoC)
* Features which are still in development are disabled by default, and will not be supported in this release.
Release 3.2.1.0
New Features
NM: Added support for GRE over IPv6
FSM: Added a plugin (
src/lib/dhcp_relay
), which is able to modify and re-inject DHCP packets (typically for appending additional options)
Notable Fixes
CM: Improved
ares
timeout handling, which could have caused a missed watchdog kickSM: Added missing 6 GHz channel conversion for neighbor reports
SM: Fixed a crash caused by unnecessary allocations of hapd objects when moving home VAPs between 5GL and 5GU
NFM: Fixed incorrect values for
node_id
andlocation_id
WM: Improved handling of DFS NOL channels to prevent topology destabilization
FSM/FCM fixes:
Fixed IP Threat response handling
Revised flawed wildcard policy implementation
Fixed Gatekeeper cache comparator (
gkc_flow_entry_cmp
), which caused incorrect behavior of the cache for IPv6 entriesRevised Gatekeeper cache to store IP attributes in binary form
Fixed a crash in the Gatekeeper cache
Cleaned up excessive logging in FSM and plugins
LTEM fixes:
Disabled LTEM by default
Fixed LTEM unit dependencies
Changed
udhcpc.sh
, which used to always delete all default routes
Note: LTEM is still being implemented and will not be supported in this release
Notable Enhancements
BM: Revised and extended the code to support pre-association steering for 6 GHz band
CM: Cleaned up the code by using
SCHEMA_SET
helpers andC_IFNAME_LEN
constantCM: Cleaned up the configuration to use
CONFIG_LIBEVX_USE_CARES
directlyNM: Removed unnecessary filtering in OVS MAC learning and added support for IPTV interfaces
WM: Reduced unnecessary delays during DPP onboarding
PM: Several improvements for LAN connectivity during internet outage (non-HOME SSIDs, UPnP settings, ‘offline mode’ OpenFlow rules)
FSM: Finalized implementation of aggregated security statistics
Schema extended for VAP airtime management
Platform Support
Disabled MBO at startup, because it is enabled by default on some drivers and can cause interoperability issues (
platform/bcm
)Platform specific adjustments for 6 GHz channels (
platform/bcm
)Fixed SNR calculation in one more place (
platform/bcm
)Re-enabled
radartool
code on QCA 11ax and added a workaround to prevent kernel panic (platform/qca
)Added a script for configuring port isolation on the internal switch (
platform/qca
)Cleanup of WAN bridge related code (
platform/qca
)
Known Issues
Problematic disabling of offline recovery feature in runtime
FSM: DPI SNI events are not processed correctly for the reports
LTEM: MQTT topic is not processed correctly
Excessive logging output of
mdnsd
Release 3.2.0.0
New Features
Extended Wi-Fi 6E support (backhaul and optimisation)
Improved support for mixed Wi-Fi security types (WPA1/WPA2, WPA2/WPA3)
BSS Fast Transition (802.11r) support for WPA2, WPA3, and mixed WPA2/WPA3
VLAN 802.1Q support (supporting separate unique IPTV SSID and PSK)
Added a manager for LTE uplink management (LTEM, or LTE Manager)
Introduced a new manager (PSM, or Persistent Storage Manager), which facilitates persisting of settings from OVSDB
Power supply status reporting
Notable Fixes
NFM: Fixed creation of custom chains
FSM/FCM fixes:
Fixed reporting of client statistics for captive portal clients in bridge mode (
ct_stats
)Fixed a potential arithmetic underflow and out of bounds memory access (
dns_parse
)
Notable Enhancements
WM: Extended target DPP API to allow multiple simultaneous enrollees
NM: Ability to enforce hardcoded multicast flood exceptions via Kconfig
FSM enhancements:
Added reporting of aggregated security counters from the Gatekeeper plugin
Merged
arp_parse
plugin functionality intondp_plugin
to reduce memory footprintRefactored policy request structure
Refactored internal cache (flow direction, invalidation routines, reporting)
FCM enhancements:
Collecting L2 flow statistics using
libopenvswitch
APIRefactored client filtering
Configurable ethernet device tags
PM: Recovery of LAN connectivity for ethernet nodes/clients during internet outage
PM: Added code for mapping of legacy LED states
Using new
memutil
macros throughout the codelogpull: Added detailed memory footprint information
Additional cleanup:
Removed LM (Log Manager) as its functionality has been taken over by PM
Replaced hardcoded WAN and LAN bridge names (
br-wan
,br-home
) with Kconfig definitionsRemoved remaining occurrences of “plume” in hardcoded paths
Platform Support
Disabled code that uses
radartool
on QCA 11ax as it was causing kernel crashes (platform/qca
)Fixed an issue with setting the off-channel dwell time on QCA 11ax (
platform/qca
)Added WANO interface list configuration for 11ax reference boards (
vendor/qca-template
)
Known Issues
LTE manager is enabled by default
SM: Reporting wrong 6 GHz frequencies
To download OpenSync 3.2, go to OpenSync 3.2