Release 2.4.5.1
Notable Fixes
build: Pinned versions of Jinja2 and MarkupSafe in
Dockerfile
Updated CA certificates (
opensync_ca.pem
)
Release 2.4.5.0
Notable Fixes
SM: Fixed a crash caused by unnecessary allocations of hapd objects when moving home VAPs between 5GL and 5GU
FSM/FCM fixes and enhancements:
Fixed incorrect handling of default logging level in mDNS plugin
Improved handling of ICMP flows to also provide direction information
Additional fixes of code that handles ICMP flows, which can now also be properly blocked
Notable Enhancements
Updated CA certificates (
opensync_ca.pem
)Behavior of
memutil
helpers adjusted to abort (SIGABRT
) on failureslogpull: Added detailed memory footprint information
Platform Support
Disabled MBO at startup, because it is enabled by default on some drivers and can cause interoperability issues (
platform/bcm
)Added a missing check for SNR calculation (
platform/bcm
)Improved probe request filtering which was causing connectivity issues in some situations (
platform/bcm
)Fixed an issue with setting the off-channel dwell time on QCA 11ax (
platform/qca
)Added a workaround to prevent kernel panic caused by
radartool
code on QCA 11ax (platform/qca
)Added WANO interface list configuration for 11ax reference boards (
vendor/qca-template
)
Release 2.4.4.0
Notable Fixes
CM: Fixed logic in connectivity checks for faster detection of broken connectivity, and to switch between IPv4 and IPv6 promptly
hapd: Fixed a problem with
DPP_LISTEN
, which caused DPP responder to not work correctlyWM, hapd: Added a workaround for client's
oftag
not being populated when WPA3 is usedNM: Fixed problems with configuration being applied too early (most notably for DHCPv6 client)
NM: Fixed occasional ‘use-after-free’ crashes (
nm2_dhcpv6_client_release()
,nm2_dhcpv6_server_release()
)NFM: Fixed incorrect behavior when deleting rules referring to no longer existing tags
OSN: Added missing ‘null’ implementations of functions in
osn_route_null.c
FSM/FCM fixes and enhancements:
Using new
memutil
macros for improved diagnostics of memory usageFixed several memory leaks
Fixed some unit tests and added a few new ones
Fixed flow filtering
Fixed a FSM crash caused by incorrectly handled offset in
lib/mdnsd
Fixed a FSM crash caused by improper cleanup in
ct_stats
andnf_ct
Fixed a FSM crash caused by not properly restarting the
pcap
container when configuration options changeFixed an issue which caused replies from upstream being marked as a separate inbound flow
Notable Enhancements
CM: Reduced the amount of ICMP traffic (
ping
) in normal state (connected to the cloud)Optimized
'ip -6 route replace'
commands to improve behavior of traffic acceleratorsAdjusted or removed several log messages that were causing unnecessary ‘noise’ in logs
Replaced proprietary
plookup
withnslookup
in healthcheckAdded a pattern for Kernel crash reporting for ATOM-based platforms
Platform Support
Fixed
'mcp reload'
which could have failed becausemcpd
was not ready, resulting in snooping settings not being applied (platform/bcm
)Added a workaround for a bug in some drivers, which resets the ‘MPC’ power saving mode to ‘1’ (
platform/bcm
)Added an option to adjust
netfilter
NAT options to resolve problems with SIP phones (platform/qca
)Fixed a memory leak in
osync_nl80211_scan_results_fetch()
(platform/qca
)
Release 2.4.3.0
Notable Fixes
CM: Fixed LAN connectivity loss after a prolonged Internet outage
NM: Fixed MSS clamping rules for PPPoE
BM: Added missing
CLIENT_BTM_STATUS
in protobufQM: Fixed MQTT reconnect logic
FSM/FCM fixes and enhancements:
Fixed a crash when disabling then enabling IP threat protection
Fixed
dns_cache
hit countAdded filtering for invalid DNS lookups
Improved blocking of UDP packets
Improved memory usage threshold handling
Various improvements and fixes in
lan_stats
Platform Support
Fixed handling of open network clients so that they can be steered (
platform/bcm
)Removed the ‘DPP mcast action rx’ workaround, now relying on a patch in the driver (
platform/qca
)
Release 2.4.2.0
Notable Enhancements
NM: Reduced the number of ‘
ip
’ calls during status updates
Notable Fixes
NM: Added MSS clamping rules for PPPoE
WM: Fixed an out of bounds crash (
core
,platform/qca
)FSM: Fixed incorrect handling of reserved ports (< 1024)
FSM: Fixes and enhancements in the Gatekeeper plugin
Platform Support
OSN: Added support for the egress QoS map (
platform/bcm
)Improved netlink event processing to ignore uninteresting events (
platform/bcm
Release 2.4.1.0
New Features
A new FSM plugin (
src/lib/gatekeeper_plugin
), acting as a policy engine using an external threat intelligence service
Notable Enhancements
PM: Thermal management can be configured to ignore thermal state overrides
Notable Fixes
FSM: Fixed bugs related to stale cached data
FSM: Fixed risk level processing
Release 2.4.0.0
New Features
WPA3 support for 11ax platforms
DPP 1.1 support (on Qualcomm only)
FSM/FCM features and enhancements:
FSM reports mDNS records for improved device typing
Additional FSM plugin (
src/lib/ipthreat_dpi
) for IP-based threat detection using an external serviceAdditional FSM plugin (
src/lib/fsm_dpi_sni
) for URL and SNI processingExtended flow reports to include directionality information
DM: Introduced a new speed test infrastructure using plugins
Added a modular ‘healthcheck’ service (
core
,platform/bcm,
platform/qca
)Added a modular ‘logpull’ framework (
core
,platform/bcm
,platform/qca
)Crash log collection and reporting
Notable Enhancements
QM, SM: MQTT reporting interval is now configurable to allow near real-time monitoring (on-demand, controlled by the cloud)
CM: Boot time is recorded in OVSDB
Extended default implementation of
osp_unit_serial_get()
with several alternatives (configurable via Kconfig)Revised handling of static routes and VLANs (including support for VLAN 0)
Kconfig enhancements:
Added support for including configuration files in a configuration file
Introduced ‘base’ configuration files (in platform layer) for various chipsets, which can then be included in per-model configuration files (in vendor layer)
3rdparty layer modules can be enabled/disabled via Kconfig
Platform Support
Support for hardware acceleration of multicast over VLAN (
platform/bcm
)