CDRouter 6.1 Release Notes
Release NotesOriginal release: CDRouter 6.1 build 77, December 16, 2009
New Features and Enhancements
CDRouter
- New test case in basic.tcl test module
The test case cdrouter_basic_20 now verifies the expected source MAC address used by the DUT on the WAN. To run this test, the new testvar wanDutMac must be enabled within your CDRouter configuration file. This testvar specifies the expected MAC address of the DUT's WAN interface. If the DUT is configured to clone a specific MAC address on the WAN, 00:0b:0b:0b:0b:0b for example, this testvar should match the cloned MAC address. This test case verifies that packets originating from the DUT utilize a specific MAC address.
testvar wanDutMac 00:0b:0b:0b:0b:0b
The test case cdrouter_basic_2 has also been updated with a new success metric. Based on this testvar. If an ARP is received, CDRouter will now also verify that the MAC address in the ARP response matches the expected value as defined by the wanDutMac testvar.
Note that cdrouter_basic_20 will be automatically skipped if the WAN mode is PPPoA or PPP/T1.
- Seven new test cases in dos.tcl test module
- cdrouter_dos_20 verifies the DUT is not susceptible to Broadcast ICMP redirection (Smurf Attack)
- cdrouter_dos_21 verifies the DUT is not susceptible to redirecting UDP Services answered on the Broadcast address (Fraggle Attack)
- cdrouter_dos_30 sends a SYN flood from spoofed LAN clients to the DUT's Management Port on the LAN
- cdrouter_dos_31 performs the same test from spoofed IP Addresses to the DUT's Management Port on the WAN
- cdrouter_dos_32 sends an ARP flood on the LAN interface
- cdrouter_dos_33 sends a Christmas Tree attack to the first 1024 TCP ports on the DUT's WAN IP Address
- cdrouter_dos_34 performs the same test using anomalous TCP headers
The cdrouter_dos_30 and cdrouter_dos_31 test cases use a default value of 80 for the Management Port value, but it can be changed with the testvar dosSynAttackPort:
testvar dosSynAttackPort 80
- Support for Ubuntu 9.10 (Karmic Koala)
The latest release of the Ubuntu Linux operating system from Canonical, version 9.10 codenamed Karmic Koala, has been tested for compatibility with CDRouter 6.1 and is now recommended by QA Cafe. CDRouter 6.1 supports both the 32-bit and 64-bit Desktop Editions of Ubuntu 9.10.
- Support for GRE version 0
The GRE protocol has been updated to handle GRE version 0. Although PPTP uses GRE version 1, the GRE protocol was not checking the version in some cases and GRE version 0 traffic was treated as GRE version 1 traffic.
- New PPP test cases for LCP Magic Number
New test cases have been added to the pppoe-c.tcl, pppoa-c.tcl, l2tp-c.tcl, pptp-c.tcl, and pppt1-c.tcl test modules for verifying that the PPP client is able to maintain the LCP Magic Number throughout a session. If the PPP client does not use the Magic Number options, this test case can be skipped by configuring the testvar pppMagicNumber to no.
testvar pppMagicNumber no
- New PPPoE client test case for PPPoE Relay-Session-Id tag
A new test case has been added to the pppoe-c.tcl test module for verifying that the PPPoE client is able to learn and maintain the PPPoE Relay-Session-Id tag throughout a session.
- Case insensitive testvars
Starting with CDRouter 6.1, testvar names are no longer case sensitive. For example, the following testvar declarations are now processed the same way by CDRouter:
testvar wanMode DHCP testvar wanmode DHCP testvar WANMODE DHCP testvar WanMode DHCP
- Windows 7 Updates
Test case cdrouter_nat_401 in the nat.tcl module has been updated to include an example Windows 7 based TCP signature.
- New port trigger delay testvar
The testvar portTriggerOpenDelay has been added. This testvar is used to insert a delay before any ports on the WAN are verified as being open following the trigger. This delay is required for some implementations that do not open WAN ports immediately (due to things like firewall settings that must be modified, etc.). This testvar is used only in the triggerp.tcl test module, and specifies a delay in milliseconds.
testvar portTriggerOpenDelay 1000
Note that the similarly named testvar portTriggerDelay is used to specify a delay between testing of individual port trigger rules.
CDRouter IPv6
- Static IPv6 on the WAN is now supported
CDRouter now supports static IPv6 WAN configurations. To specify a static IPv6 WAN configuration, set the testvar ipv6WanMode to static, and configure the new testvars ipv6WanIspIp and ipv6WanIspAssignIp:
testvar ipv6WanMode static testvar ipv6WanIspIp 3001::1 testvar ipv6WanIspAssignIp 3001::2
When static IPv6 is used on the WAN, the DUT's LAN IPv6 address and prefix length must also be specified. This is not the case when 6to4 is used on the WAN, since the 6to4 prefix and LAN IP of the DUT are deterministic. The DUT's LAN IP and prefix length, which must be an integer between 8 and 64, can be specified using the following new testvars:
testvar ipv6LanIp 3004::1 testvar ipv6LanPrefixLen 64
When running in static IPv6 mode, CDRouter will automatically skip any test modules and test cases that are not applicable or that verify specific behavior based on dynamic WAN connectivity, such as the 6to4.tcl module.
Note that you may have to alter the LAN configuration to ensure that the DUT's WAN interface and LAN interface are on different IPv6 networks.
- DHCPv6 on the LAN is now supported
CDRouter's IPv6 LAN clients now supports DHCPv6, in addition to autoconf. To enable DHCPv6 on the LAN, set the testvar ipv6LanMode to dhcp and configure the testvars ipv6DhcpClientStart and ipv6DhcpClientEnd to match the starting and ending addresses of the DUT's configured DHCPv6 address pool. In addition, a list of excluded DHCPv6 addresses can also be configured using the testvar ipv6DhcpClientExclude.
testvar ipv6DhcpClientStart 3004::2 testvar ipv6DhcpClientEnd 3004::50 testvar ipv6DhcpClientExclude 3004::11
When DHCPv6 is used on the LAN, CDRouter will automatically enable DHCPv6 on the initial LAN client that is created during the startup procedure. If this initial client is unable to obtain an initial IPv6 address via DHCPv6 during startup, CDRouter will abort the test run.
Note that when DHCPv6 is enabled CDRouter will use the range specified by the ipv6DhcpClientStart and ipv6DhcpClientEnd testvars to determine the validity of the DHCPv6 addresses provided by the DUT. CDRouter will also create a maximum number of DHCPv6 clients based the testvar ipv6MaxLanClients during the scaling-v6.tcl test module.
Note that the DUT's LAN IPv6 address and the DHCPv6 pool range should be in the same IPv6 network.
- User defined DHCPv6 options supported
A list of DHCPv6 options can be configured for use with CDRouter's DHCPv6 client. CDRouter's DHCPv6 client can be configured to provide specific options to the server using the testvars dhcpv6ClientOptionCode and dhcpv6ClientOptionData. Likewise, CDRouter's DHCPv6 client can be configured to request specific options from the server using the testvar dhcpv6ClientOptionRequest
For example, the following testvars configure the client to request DHCPv6 options 21 and 22 from the server and provide the DHCPv6 FQDN option (option 39) to the server with a domain name of qacafe.com:
testvar dhcpv6ClientOptionCode1 39 testvar dhcpv6ClientOptionData1 000671616361666503636f6d00 testvar dhcpv6ClientOptionRequest "21 22"
- New test cases added to the ndp.tcl test module
Two new test cases have been added to the ndp.tcl test module to verify the status of the M and A bits in Router Advertisements sent by the DUT.
- Site Local prefixes are ignored during IPv6 autoconfig
The use of site local IPv6 prefixes was depreciated in RFC 3979. CDRouter will now ignore these prefixes when attempting autoconf on any LAN IPv6 clients.
BuddyWeb
- Result details remain expanded when switching results
When viewing a Result it is possible to expand the top-section to see more details about the Package. Expanding this section for one result now carries over to other Results for a more consistent experience when browsing through recent runs.
- Locate missing result directories
If a results directory is moved or deleted, the user can now go in and update where BuddyWeb should expect to find the test logs.
- Integrated File Import Utility
All types of Resources (Packages, Configurations, and Results) are now uploaded using the same tool. Additionally, support for replacing, renaming, and tagging files as they are uploaded has been revamped and is much easier to use.
- Complete Command Line Tool
The
buddywebcommand-line tool now has the ability to upload and import files into BuddyWeb, export files, launch packages, and keep track of their status, all from a scriptable CLI command. For more information, please see the BuddyWeb CLI Guide available in the Customer Lounge. - Support for Google Chrome for Linux
Google has recently release their Chrome web browser for Linux. BuddyWeb is fully supported running in the latest Firefox, Chrome, and Safari browsers on all operating systems.
New Test Modules and Test Cases
CDRouter
- New test case added to basic.tcl module
TEST: Outbound packets use specified/cloned source MAC address MODULE: basic.tcl NAME: cdrouter_basic_20
TEST: PPPoE PPP client maintains LCP Magic Number during session MODULE: pppoe-c.tcl NAME: cdrouter_pppoe_client_60
TEST: PPPoA PPP client maintains LCP Magic Number during session MODULE: pppoa-c.tcl NAME: cdrouter_pppoa_client_60
TEST: PPTP PPP client maintains LCP Magic Number during session MODULE: pptp-c.tcl NAME: cdrouter_pptp_60
TEST: L2TP PPP client maintains LCP Magic Number during session MODULE: l2tp-c.tcl NAME: cdrouter_l2tp_60
TEST: PPP client maintains LCP Magic Number during session MODULE: pppt1-c.tcl NAME: cdrouter_ppp_client_60
TEST: PPPoE client maintains Relay-Session-Id during PPPoE session establishment MODULE: pppoe-c.tcl NAME: cdrouter_pppoe_client_320
TEST: Verify that the DUT is not a Smurf reflector (ICMP attack) MODULE: dos.tcl NAME: cdrouter_dos_20
TEST: Verify that the DUT is not a Fraggle reflector (UDP attack) MODULE: dos.tcl NAME: cdrouter_dos_21
TEST: SYN floods an open port on the DUT from spoofed LAN clients MODULE: dos.tcl NAME: cdrouter_dos_30
TEST: SYN floods an open port on the WAN from spoofed Internet addresses MODULE: dos.tcl NAME: cdrouter_dos_31
TEST: ARP floods the DUT's LAN interface MODULE: dos.tcl NAME: cdrouter_dos_32
TEST: Christmas Tree floods the service ports on the WAN from spoofed Internet addresses MODULE: dos.tcl NAME: cdrouter_dos_33
TEST: Floods the WAN interface with anomalous TCP packets MODULE: dos.tcl NAME: cdrouter_dos_34
CDRouter IPv6
- New test cases added to ndp.tcl module
TEST: Verify IPv6 Router Advertisements contain M bit based on LAN mode MODULE: ndp.tcl NAME: ipv6_ndp_30 TEST: Verify IPv6 Router Advertisements contain A bit and prefix based on LAN IPv6 settings MODULE: ndp.tcl NAME: ipv6_ndp_31
Bug Fixes and Notes
CDRouter
- The config check utility has been updated. In earlier releases the config checker would pass bad values for certain testvars. The config checker is now more strict.
- In previous releases of CDRouter, CDRouter's DHCP clients would not include the 10th DHCP client option, if configured using the testvars dhcpClientOptionCode10 and dhcpClientOptionData10. This release resolves this issue.
- An issue applying with multi-word comments using the -comment BuddyWeb CLI option has been resolved. In previous releases multi-word comments would result in an error and abortion of the test run. To apply multi-word comments to a package started from the CLI, use the following format:
- The functionality of the dhcpClientMac testvar originally introduced in CDRouter 3.3 has been updated. When this testvar is enabled, CDRouter will now filter based on the DHCP chaddr field instead of the Ethernet source MAC address. This allows CDRouter to distinguish between a DHCP relay and a DHCP client.
buddyweb -package myPackage -- -comment 'multi word comment' -comment 'another comment'
testvar dhcpClientMac 00:00:03:04:05:06
CDRouter TR-069
- By default CDRouter 4.2 and newer releases use a faster libxml2 based XML parser. This parser will crash if certain illegal characters such as "&" and ">" are used in an XML string returned by the DUT. These illegal characters should be either escaped, or the entire element should be wrapped in CDATA to tell the XML parser not to interpret the characters. This parser crash caused CDRouter to crash as well. In this release, CDRouter will now catch this error and produce a log message. CDRouter can be configured to use the older Tcl based parser by following the instructions provided in this Knowledge Base article.
- This release corrects a problem with TR-069 sessions using SSL that could
result in an SSL error with some encrypted SSL blocks.
INFO(acs): | SSL Alert:bad record mac
CDRouter IPv6
- This release resolves an issue with IPv6 Router Advertisements that specify of 0 in the router advertisement packet. A hop limit of 0 means the hop limit is unspecified. During autoconfig, CDRouter's IPv6 clients were attempting to use the literal value of 0 instead of the IPv6 default hop limit.
Updated release: CDRouter 6.1 build 78, December 18, 2009
Bug Fixes and Notes
CDRouter
- Updated default configuration file to disable the testvar ipv6LanInterfaceId. In the previous build, a default configuration file would fail a parse check if the IPv6 add-on is not enabled.
Updated release: CDRouter 6.1 build 81, March 3, 2010
Bug Fixes and Notes
CDRouter
- Update to the sip-alg.tcl test module. When responding to REGISTER messages, CDRouter's SIP server now echoes the Contact: header used by the client in the original REGISTER message. This behavior was inconsistent in previous releases.
CDRouter TR-069
- CDRouter TR-111 Part 2 updates. When TR-111 Part 2 is enabled, CDRouter attempts to set certain STUN related parameters during start-up. In previous releases the SetParameterValues RPC issued by CDRouter for these STUN parameters did not include the xsi:type descriptors in the Value tag for certain parameters. In addition, the value of the parameter InternetGatewayDevice.ManagementServer.UDPConnectionRequestAddressNotificationLimit was being incorrectly set as a boolean by CDRouter during this same SetParameterValues RPC. Both issues are resolved in this build. The xsi:type descriptors are included and the UDPConnectionRequestAddressNotificationLimit parameter is set as an unsignedInt rather than a boolean.
Updated release: CDRouter 6.1 build 82, March 29, 2010
Bug Fixes and Notes
CDRouter IPv6
- The CDRouter IPv6 add-on has been updated to resolve a potential issue with Tcl 8.4 on 32-bit host operating systems. In previous releases CDRouter would generate internal errors during certain IPv6 test cases when using static IPv6 on the WAN. This issue is present only on 32-bit systems running Tcl 8.4. 64-bit systems or systems utilizing Tcl 8.5 are not impacted (this includes the NTA1000).
- Resolved an issue with the automatic skipping of certain TR-069 related test modules when TR-069 is disabled. In this release CDRouter will automatically skip all TR-069 related test modules if the testvar acsIp is commented out.
Updated release: CDRouter 6.1 build 86, April 23, 2010
Bug Fixes and Notes
CDRouter
- Update to sip-alg.tcl test module. CDRouter's SIP server will no longer send provisional responses to non-INVITE requests as specified in Section 8.2.6.1 of RFC 3261.
- Update to sip-alg.tcl test module. CDRouter's SIP implementation now includes the tag parameter in the From header as specified in Section 8.1.1.3 of RFC 3261.
- In previous releases CDRouter would generate an internal error if an empty DNS response was received from the DUT. CDRouter will now catch this error condition and generate log warning messages if it receives DNS responses with no records.
- The cdrouter_basic_20 test case has been updated to ping the remote host instead of the WAN stack. This update was made to avoid potential routing issues with certain WAN modes.
Updated release: CDRouter 6.1 build 90, May 5, 2010
Bug Fixes and Notes
CDRouter
- The buddyweb -export-* CLI options have been updated to resolve an issue when used on systems running Tcl 8.4.
- Minor updates to support the latest version of the Linux wireless compat-wireless module. The compat-wireless module contains Linux drivers for Atheros based wireless interfaces.
- Fixed a potential race condition in tests cdrouter_upnp_203 and cdrouter_upnp_204 when using L2TP on the WAN. These test cases along with CDRouter's L2TP server behavior have been updated to mitigate this race condition, which occurs when devices restart L2TP quickly following a tear down.
CDRouter TR-069
- Updated CDRouter TR-069's ACS to automatically adjust the TCP MSS if VLANs are being used on the WAN. This change was made to avoid potentially dropping large packets that exceed the MTU of the link.
Related articles that may also be helpful:
