Release Notes PN 93000659_D ConnectPort X2B Ethernet 82002162_D EOS July 9, 2012 INTRODUCTION This is a production release of firmware for Digi's ConnectPort X2B gateway. The ConnectPort X2B gateway provides support for communication to end nodes in a wireless PAN from a parent application running on an IP network. This firmware is targeted for applications that require communicating directly with the wireless PAN module in the ConnectPort X2B gateway via RealPort, Modbus, or UDP/TCP sockets. This firmware does not support the Python development environment. For applications that require Python, a separate firmware version is available. For more details, visit the Digi Support website for firmware version P/N 82002161. SUPPORTED PRODUCTS ConnectPort X2B Ethernet HIGHLIGHTED PRODUCT CHANGES Starting with the 2.15.0 firmware version, the changes described in this section are incorporated in this product. CLOCK (TIME) SOURCE MANAGEMENT SUPPORT The "Clock Source" functionality of the system has been replaced so as to simplify the behavior and improve the consistency of the time values delivered by the system, while still allowing the system to maintain a level of synchronization with external time sources. The updated feature includes a ranking system for clock sources. If a sample is taken from a better clock source than what has thus far been received (has a smaller number), the sample will be used to influence the baseline of our time measurements, and all sources of a less significant rank will be temporarily disabled. This allows the system to get a relatively accurate sense of time as quickly as possible, but eventually to run only listening to the best possible external sources. Internally, on products that have an RTC, the RTC itself is given a ranking of 50. This allows clock sources to be configured with a lower ranking... arranging so that they are only enabled when the RTC has not yet been initialized with a time value, essentially assigning them as one-shot programmers of the RTC. The rankings are re-evaluated when the clock sources are reconfigured, or when a user interface causes a "jump" in the time. Event logging of time-related events also is improved. The event log may be displayed using the "display logging" CLI or via the web UI. ENHANCEMENTS iDigi changes: - Change the default for the iDigi client connection method from TCP to SSL as a security improvement (where SSL is supported in the product). - Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. - Always indicate that device data service is available, even if no targets are registered yet. (40837) - Add a feature to execute a CLI command using RCI via the general request do_command target="cli". This is accessed through iDigi Manager Pro. Add support to perform configuration backup/restore operations via the CLI "backup" command and the web UI. Files are in the internal WEB filesystem. New Packet Capture (PCAP) feature: Add support to the network stack for internal packet captures from various network interfaces. Users can capture packets from eth0, eth1, wln0, mobile0, wmx0 and pppN (serial, N=0-9), with the possible network interfaces differing among Digi products. Only a single interface at a time can be captured. Capture output is a standard PCAP-format stream that can be interpreted by common capture analysis tools. The feature adds a CLI "pcap" command with a variety of options to manage and perform captures. As a security measure, by default, the packet capture capability is disabled when a device boots. There are no stored settings -- all configuration and use of PCAP is a runtime matter after a device boots. The pcap command is hidden from the usual command help unless it is explicitly invoked. Trace output for "pcap" is added to trace capture actions and activity for debugging purposes. Packet captures can be obtained locally to the device from the CLI, with the output written to a local file in the WEB flash filesystem. Local captures may be performed as "foreground" or "background" tasks. Captures also can be obtained by connecting to the configured PCAP capture TCP port of the NDS device, when such "network" captures are enabled by the user. This permits "clients" such as netcat to connect and capture the packet stream. Such remote packet captures should not be performed by connecting over the network interface whose packets are being captured. The CLI "pcap" help text documents the various options and caveats for use of the packet capture feature. Improve the network stack's support for unpredictable IP ID use. The change provides better protection against a potential attacker as well as addresses a possible issue with IP fragmentation and reassembly. Implement changes for possible programming issues that were identified by a static code analysis tool. The identified issues were reviewed and triaged, with changes resulting in many cases. Issues addressed include possible memory leak elimination, removal of unneeded code, improved error detection and handling, data initialization and buffer overflow prevention. While none of the changes are directly linked to issues reported by customers, the changes do improve overall firmware quality. Add event logging and a CLI command to report status of Custom Factory Defaults (CFD). If custom defaults are applied, or if some error occurs while trying to process them at start-up time, a "system" event log record is created. A hidden "cfd" CLI command will display the status of CFD processing. This is added to "display techsupport" as well. This is provided as an aid for troubleshooting. Optimize the internal na_pton() API to immediately fail look-ups when an empty string (IP address or domain name) is passed to that API. This improves performance in application code such that the eventual failure is more immediate XBee changes: - Add command to reset radio to factory default settings to Factory Default Settings web page, XBee Device Operations web page, xbee CLI command, and RCI . (41893) - Change max value for JN parameter to 1. (42084) - Expose D6 parameter on ZB gateway radio to enable RTS flow control. - Allow manually scheduled OTA firmware updates even if OTA update setting is disabled. - Add "xbee restart" CLI command to restart gateway radio. - Add ability to include XBee gateway radio settings in the configuration backup file. - Add option to Backup/Restore web page and CLI backup command. - Change RciProcessor and QueryCommands to generate backup directly, rather than changing query_setting to set_setting afterwards. - Add support for DigiMesh 865/868LP radio, including OTA firmware updates. - Add OTA update progress messages, improve error messages. - Check for a valid gateway firmware file before starting update. - Fix threading bug that returned an empty node list when another thread cleared the node list. - Indicate "unknown" instead of "end device" if node type is not known. - OTA firmware update improvements (customer-requested: - Invalidate network address on all transmit errors. - Improve command timeout handling. - Give preference to local radio as updater. - Test updater with smaller payload to allow room for encryption and and source routes. - Add RCI to allow commands directly specified to be executed on the Zigbee module. - Add SN parameter for DigiMesh and Smart Energy. - Don't enable RTS flow control (set D6=1) on ZB radio to avoid dropping data in the XBee module when fragmentation is enabled. This is because RTS and fragmentation aren't supported at the same time. (41307) - Improve handling of node discovery results for CLI. - Update radio parameter tables. - Use POSIX file system API so OTA firmware update works on all file system types (including YAFFS). - Update configuration web page help for ZB. - Add support for the S2C (surface mount) radio. Improve the web pages for the Alarms Settings: - For the individual alarm configuration page in the web UI, add a link to the SNMP Settings page in existing page text where the SNMP trap can be enabled for the alarm. If no trap destination is configured, display "(not configured)" as the destination value rather than nothing. - Improve error detection in the alarm edit web page. Add "display serial" and "info serial" to "display techsupport" command list. Add the undocumented "full" option to "display dnsserver" in the "display techsupport" command list. This is useful for troubleshooting. Improve memory use by the firmware update feature such that somewhat less memory is used during the upgrade. While all upgrade types are improved (web UI, CLI, iDigi), the CLI upgrade method is most improved. (40391) Reduce memory use by various firmware features. Eliminate unneeded code and data to reduce runtime memory use. BUG FIXES Fix a problem in which the Digi device disconnects momentarily from the iDigi Manager server when the iDigi Manager Pro user opens Device's Properties Page. The problem occurs when the device uses the SSL connection type when connecting to the iDigi Manager server. It may occur over any network connection type (LAN or WAN) but is more likely to be observed over a WAN cellular connection. (39837) Fix a problem in which DSA security does not work with the Digi SSL implementation. (42451) Fix a bug in which autoconnect was failing to attempt a sslauth connection. (42575) Fix a problem with serial PPP that results in a failed LCP negotiation on the next (immediate) connection attempt following a PPP session disconnect. (44060) Fix a problem in which configuration backup/restore with keys/password option selected, does not include some keys. In particular, the SSH and SSL private keys were absent but are now included in the backup RCI as encrypted values, only if the user requests them as such. This uses the same method as for passwords and other keys. (44048) Fix the web server to reset form items for multipart/form-data. (41637) XBee fixes: - Fix lock up after "xbee factory_default" command. (43950) - Ignore unsupported settings when restoring from backup. (44040) - Fix over-the-air firmware updates of the XBee S2C radio. (40587) - Fix timeout errors on local commands that follow node discovery on DigiMesh sleeping networks. (40622, 40701) - Add a missing permissions check for the "xbee" command. - Fix a crash that occurs when passing a long hex string to getaddrinfo() or xbsGetAddr(). (41692) - Fix parsing of a 16-bit cluster ID. Only 8-bit worked correctly. - Ignore flag bits added for DigiMesh in DDO command status byte. - Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. - Fix a bug that blocked all transmissions while waiting for a DDO command issued to an unresponsive node. - Update radio command processing limits for SE and S2C. (38712) - Add SP radio parameter for DigiMesh gateway radio to web UI, CLI, and RCI. (38766) - Fix a bug handling join notification status frame that created incorrect node list entries. - Return None instead of garbage from xbee.ddo_command() when the timeout parameter is 0. This means don't wait for the result. (39245) - Throw an exception from xbee.ddo_get_param() when the timeout parameter is 0 after rounding to milliseconds. (39338) - Reserve extra space in the transmit queue and use a different node address to prevent data messages from blocking the send of local commands to the radio. (39370) Fix a bug in which the help text for the "show ia" CLI command contains "garbage" characters. (41619) Fix a problem that occurs when using the UDP Serial Tunnel feature: the tunnel fails when the IP address changes at either end. This is particularly observed with a cellular network connection, with dynamic public IP addresses, but can occur in other cases as well. In the cellular case, the cellular connection may be dropped by the service provider if no activity has occurred for a provider-determined interval of time. Two two problems are identified and resolved in the UDP Serial feature, both related to failed name resolution of the remote side host when the device first boots or there is serial data to send. (39729) Fix a bug in which the user-configured UTC offset is applied twice, as reported to the iDigi Manager server. (39931) Fix an SNMP issue that could cause an SNMP denial of service. (39737) Fix a bug in which the "set_factory_default" RCI request incorrectly states in its RCI descriptor text that a device reboot will be performed after the "factory" action has been completed. No reboot is performed. Fix a panic that could occur while accessing some System Information pages in the web UI. (38729) KNOWN ISSUES None. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION None. HISTORY 82002162_D (2.15.0.4) - July 9, 2012 See ENHANCEMENTS and BUG FIXES information above. 82002162_C (2.14.0.3) - June 22, 2011 Not released for customer use. ENHANCEMENTS: Improve support for management of clock (time) sources. Refer to the HIGHLIGHTED PRODUCT CHANGES section for further information. The SNTP client component has been improved to better detect failures to retrieve time sync samples from an NTP server as a time source. Failures or "lost" replies result in quick retries for both the initial sample after boot time as well as for subsequent samples. Additional configurability is supported via the "set timemgmt" CLI command and the iDigi platform. Event logging is improved for time-related events. When restoring a device to factory defaults, revert the certificates and keys only if the ALL settings are being reverted. (36710) Improve the network stack to address the issue described in US-CERT Vulnerability Note VU#498440: Multiple TCP/IP implementations may use statistically predictable initial sequence numbers. The note can be viewed at: http://www.kb.cert.org/vuls/id/498440. (36183) Improve the error messages that are reported due to ping CLI failures, such as when there is no route to the destination IP address, to be more specific to the underlying problem. (36872) Add the TCP "timewait" option to the "set network" command. This option specifies the desired system-wide value in seconds for the TCP TIME_WAIT interval. The default value is 60 seconds, and the supported range is from 10 to 240 seconds inclusive. Also added to the RCI settings. Add a note to the "set network" help, and to the "set network" output if a TCP option is changed, to clarify that the change is not applied to existing TCP connections, nor to service listeners until the listeners are restarted or a reboot occurs. Add similar notes to "revert network" help and "revert network" output if the global settings are reverted. Add DHCP lease information to the output of the CLI command "show network" when the IP configuration for the Digi device is received from a DHCP server. The information shown includes the IP address of the DHCP server, the lease duration, the renew and rebind times, and the time remaining in the current lease. Add support for a user-configured Maximum Transmit Unit (MTU) size for the Ethernet interface. The MTU size can be configured using the "mtu" option of the "set network" CLI command, or in the web interface on the Advanced Network Settings page in the Network Configuration area. For the "display logging" CLI, add the ability to display the event log and continue to check for and display new log messages as they are written to the log. The help text for this command is updated to describe how to request and terminate the continuous log "tailing". Improve the user interfaces for configuring static routes in the network stack. For a LAN interface, use the associated interface gateway IP if the static route rule is configured with a gateway address of 0.0.0.0. If the static route gateway IP is other than 0.0.0.0 for a LAN interface, use that configured value. This allows the user to select use of the LAN interface gateway or a configured value for LAN interface static routes. The web UI help is updated to describe this enhancement. Update the SSL/TLS implementation with enhancements and bug fixes. Enable TCP keep-alives by default for these services: ssh, telnet. This provides default cleanup of orphaned sessions. Add a new info command to the CLI, "info time". This command displays SNTP Client statistics when SNTP is configured as a time source. Improve the parsing of RCI documents to better handle embedded XML comment and declaration values. (37651) To CLI, web UI and RCI, add flash (web) filesystem reporting for total, used and free space in the filesystem. Add these to: - CLI: display device (info device) - Web UI: General System Information page, and help - RCI: DeviceStats class (new elements) (38557) Reduce the number of Alarms to 8, from the previous maximum of 32. For Digi devices being upgraded from an earlier firmware version, only the first 8 alarms will be used by the new firmware. The other 24 alarm entries will be discarded (deprecated). An attempt to restore such deprecated alarm entries results in an "invalid index" warning rather than an error. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. Mesh / Zigbee / XBee networking: - Web UI improvements: - Add sorting and paging of node list. - Remove node list from System Info/XBee page. - Move device status page to Configuration/XBee page. - Bring back simple gateway firmware update page for ZB. - RCI discover command additions: - Add option to get current node list without discovery - Add option to return information for a single node - Return time since last contact with each node - Return firmware update status for each ZB node - Add "info xbee" CLI command to display XBS and XBee statistics. - Return an error if the application uses network addressing on ZigBee (extended addressing is required). - Add support for XBee S2B (cost reduced PRO) radio. - Enable RTS flow control to radio. - Update radio parameters. - Set apply changes option on WR command instead of using AC command when saving radio settings. (32848) - Allow LT parameter value of 0. (32847) - Add XBS_TX_STATUS_KEY_NOT_AUTHORIZED constant to driver. (32682) - Limit the number of queued commands. (32568) - Add RCI get_lqi command to get neighbor tables and link quality. (32509) - Add XBee driver statistics. (32508) - Add sorting of node list by clicking on column header in web UI. (24220) - Fix problems on ConnectPort X4 with 868/900 MHz radios and RTS. (33017) - Set NJ parameter range on SE radios to 0-254. (31477) - Hide SN parameter on ZNet 2.5 gateway radio to prevent a firmware update error. SN is still shown for ZB radio. - Add device type string for LTS gateway. - Enable DTR on the X4 XBee serial port. - Add join notification, BR and TC commands for SE 3x28 firmware. - Allow DDO commands to broadcast address from CLI. - Update configuration web page help for ZB. The Connectware Manager (also referred to as Remote Management) has been rebranded in the Digi device firmware as "iDigi". This corresponds with the service being offered by Digi for this purpose. The iDigi feature has been improved to support binary data service and file system service betwen the device and iDigi Server. These services are supported through interfaces available to python applications in the device. See www.idigi.com for more information on iDigi. A number of enhancements are added for the iDigi client in the Digi device firmware: - iDigi activity is recorded in the Event Log. - An iDigi client entry appears in the "Connections" list when: - The client is connected to the iDigi server. - The client is trying to connect to the iDigi server. - The client is waiting (listening) for the iDigi server to connect to it. - The client is waiting for a configured interval before initiating a (new) connection to the iDigi server. The connections list may be displayed in the CLI ("who") and in the web UI (Management > Connections). - When the iDigi client is waiting to (re)connect to the server, the connection table entry may be "killed" in which case the wait is canceled and the connection attempt proceeds immediately. - When the iDigi client is connecting to the server, the connection table entry may be "killed" in which case the connection attempt is abandoned. The "connecting" state is typically very brief. If for some reason the Digi device gets "stuck" in the "connecting" state, the kill request will terminate the condition. This is not an expected condition. - Add the CLI command "display idigi" report iDigi connection status of the Digi device. - Add the iDigi status web page under Administration > System Information to report iDigi connection status of the Digi device. - Show the iDigi Device Type for the Digi device on the iDigi Configuration page in the web UI. This is the device type by which the Digi device is known to the iDigi server. That value also is displayed via the CLI command "show mgmtglobal" and in the RCI output as (in addition to the existing field). - Send the actual Digi device type to the iDigi server rather than a possibly user-customized product name in config.ini. Customized names are problematic for the iDigi server for device recognition and management. (1291266) - Eliminate unsupported interfaces from the network settings RCI and related CLI (set mgmtnetwork). The web UI was already correct. (34520) - Increase the maximum permitted request and reply document sizes for the iDigi protocol RCI facility. The new size accommodates encoded files of just over 2MB. - Expose the (previously hidden) devicesecurity CLI option from these commands: set, show, revert. This was previously available but hidden to prevent misuse of some of that command's capabilities. The options that could cause problems if misconfigured have been removed, so it is no longer necessary nor appropriate to hide the devicesecurity option. (34535) - Add iDigi connection status items for send and receive idle times. - Add iDigi Timed Connection support to web UI and web help. This connection type has long been exposed via CLI and RCI. - For the iDigi client configuration's connection server list, reduce the number of server entries to 4 from 8. The list of 8 is simply truncated to 4 for this change. An attempt to restore "deprecated" entries results in warnings, not errors, generated by the settings manager. Note that Digi devices are typically configured to use only one of the server list entries, so this change won't affect deployed products. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. (34309) - Improve the error recovery algorithm for failed RCI requests received via iDigi. The updated algorithm reduces network activity by eliminating redundant error reports. Improve trace output for troubleshooting. (37637) - Expand the description of iDigi keep-alives in the web help information. - Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. Enhance filesystem support: - Add POSIX APIs. - Extend the "ls" command for file systems in RCI to request a hash value be returned for files in the listing. At present, the only hash methods supported are "none" (the default) and "crc32". - Extend all RCI implementations in NDS to supporting requesting a specific file rather than just a directory in a "ls" command request. The "dir" attribute of the "ls" command has been deprecated as a result, with the more applicable synonym "path" now taking its place as the standard attribute tag to use to choose what should be listed. For the IA feature, add support for fixed addresses when routing Modbus via XBee. (37200) Support for LPD, RLOGIN and RSH have been removed from the product. Remove unneeded and deprecated data and code to reduce memory use. BUG FIXES: Fix a bug that may result in a memory leak when a fully qualified domain name (FQDN) is configured for a SNTP Server as a time source in the Date and Time Settings (CLI "set clocksource"). (37807) Fix a bug in which multiple SNTP Server entries may be configured as time sources in the Date and Time Settings, but only the first one in the list is used. (33367) Fix an issue in the SNTP Client that results in frequent name resolution attempts (one per second) if a domain name is configured for an SNTP time source. This may occur if the name is invalid or cannot be resolved by the configured DNS servers. A backoff is implemented to mitigate the too-frequent name resolution attempts. (32652) Fix a bug in which the localtime() API didn't correctly adjust time by the specified timezone offset. (36959) Fix a bug in which setting the time with a year greater than 2036 causes the wrong year to be set. (32781) Address SSH public key authentication issues. (37339) - Fix a bug in which configuration settings support for SSH public key authentication was inconsistently implemented in the Digi firmware, depending on the product and user interface being used. - Ensure that user authentication is in accordance with RFC 4252. - Eliminate memory leak when configuring a public key via tftp. - Improve SSH trace output for troubleshooting purposes. Fix a bug in which changing the IP address from dynamic to static via the web UI redirects to a URL mix of old/new IP addresses. Also correct a failure to redirect if the service port for HTTP or HTTPS is other than the usual values 80 or 443, respectively. (33205) Fix a problem in which Classless Inter-Domain Routing (CIDR) fails to route correctly under certain narrow instances (such as routing between hosts with IP addresses 25.0.0.50 and 24.0.0.50, with a subnet mask of 248.0.0.0). (37043) Fix a problem in which Ethernet driver might lose synchronization between its interrupt handler and its packet receive processing thread. This could cause received packets to be held in the driver's receive buffer ring and not passed to the network stack in a timely manner. Under such a condition, network communication might appear to be broken for network protocols and applications. (35638) Fix a possible panic that occurs while configuring the primary network interface (Ethernet) and saving the changes to NVRAM. (35715) Fix a bug in which the file system component was incorrectly accounting for open directories in the system. Due to this bug, it was possible that the open would fail regardless of actual resource availability. (31645) Fix a bug in a previous fix to gettimeofday() that causes incorrect display and behavior in "set time" and the Date and Time web page. (35957) Fix a bug in uudecodeToFile() that causes RCI file transfers to fail when there is white space after the file data. (36147) Fix a bug in which the Digi device might panic (reboot) when using the CLI command "certmgmt" to generate a key for SSH. (33249) Fix a bug in which the cold start trap is sent every time the user enables "Generate cold start traps" in the web page or the CLI. (33655) Fix a pmodem feature problem for which, under some conditions, an ATDT command (that normally works correctly) stops working. (34433) Mesh / Zigbee / XBee networking: - Fix a bug that caused XBee early request timeout and retries resulting from a race condition. (37735) - For mesh networking configuration, display the correct range for the SC setting in the web UI for XBee PRO 802.15.4 and S2B radios. (35660) - Fix bug causing commands to time out too early. (32456) - Require the node ID used in xbee CLI commands be a unique exact or partial match to a node in the node list. (32516) - Fix gateway firmware version display bug in web UI. - Fix a problem in which a specific status message from an XBee radio could cause a false firmware update failure. (34471) - Correct inconsistent return codes from CLI commands "set xbee" and "xbee". (34683) - Fix bug when setting extended timeout option on DDO commands. - Ignore flag bits added for DigiMesh in DDO command status byte. - Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. - Fix a bug that blocked all transmissions while waiting for a DDO command issued to an unresponsive node. - Update radio command processing limits for SE and S2C. (38712) - Add SP radio parameter for DigiMesh gateway radio to web UI, CLI, and RCI. (38766) - Fix a bug handling join notification status frame that created incorrect node list entries. Fix IA route issues in the RCI settings processing. (36812) - IA Route settings support a "scatter string" for the protocol address, but RCI allowed only minimum and maximum. - IA Route settings support Xbee MAC with end-point in the IP address field, but RCI allowed only an IP address. - Change the supported serial port minimum value in the RCI descriptor from 1 to 0, allowing zero to be set when route isn't serial. - Correct a typographical error: change "Pprotocol" to "Protocol" in the RCI descriptor. Fix a problem for the Industrial Automation (IA) feature in which the full settings were not properly restored from a backup file. (35891) Fix an IA modbus problem in which a buffer was being freed twice when a message send failed because the network connection was down. This could result in a panic reboot. (32914, 34800) Fix a problem in which the Industrial Automation "Hostname" was not properly set on a configuration restore. (34086) Add missing ZigBee route type to the IA route settings RCI. (36233) Fix a bug in which the "set_factory_default" RCI request incorrectly states in its RCI descriptor text that a device reboot will be performed after the "factory" action has been completed. No reboot is performed. Eliminate several potential memory leaks. (34946) 82002162_B2 (2.9.0.11) - February 12, 2010 ENHANCEMENTS: The default value of the over-the-air (OTA) firmware update setting to is changed to disabled, to avoid interfering with applications using the XBee network. Improve iDigi (Connectware) client's connection backoff/retry logic in the case of failure to connect to the iDigi server. If SNTP Server use is configured as a time source in the Date and Time Settings, with a domain name specified for the time server, a possible stale name resolution condition was eliminated. Enable IA/Modbus engine sending Modbus via XBee to bind on a source end-point other than 0xE8. This prevents conflict with Dia XBee serial drivers, allowing Modbus and Python/Dia to share the XBee network. The desired bind-end point is appended to the XBee Extended Address (such as 00:13:a2:00:40:3e:15:18!E9). The user must also force the DE in the XBee 232/485 to match this value. (32938) Add "disp ia" to "disp techsupport" command list. (32252) BUG FIXES: Modify SSH to prevent an initial false SNMP login failure trap when the SSH client connects with the "none" authentication method. (1278304). Fix issues in the SSH service implementation: - Eliminate possible memory leaks when loading DSA/RSA keys. - Fix a failure to disconnect and report the reason to the client when the maximum number of authentication failures is reached. Present data frames sent to the mesh gateway broadcast endpoint 0xff to all sockets bound to endpoints 0x01-0xf0 per the ZigBee specification. (32289) Always allow over the air firmware updates of remote XBee-PRO ZB nodes. PRO nodes are not affected by the low-power boot loader problem that prevents updates of non-PRO nodes. Fix a bug in the DHCP client that accumulates small network buffers on the DHCP client's internal information structure. This occurred for options received from a DHCP server that are unrecognized by the DHCP client. These buffers are now freed to avoid gradual memory depletion. Fix an issue where the Send Character Immediate IOCTL was not getting a response, causing a RealPort hang. (32061) Flush the DNS resolver cache when the DNS server list changes (servers are removed). This avoids a possible stale DNS resolver cache issue. Disallow an attempt to set the IP address for a network interface and the interface-specific gateway to the same value, which causes problems for routing in the network stack. 0.0.0.0 is substituted for the gateway so IP routing is not adversely affected. 82002162_B1 (2.9.0.7) - October 30, 2009 ENHANCEMENTS: Add SNTP Client as a time source for time source management. This new feature adds SNTP client as a source for time management. It allows the device to synchronize its clock with NTP/SNTP servers. Configuration for this feature is available through RCI, the web UI and the command line "set clocksource" command. Add an "offset" from UTC to time source management. This new feature adds the ability to modify Coordinated Universal Time (UTC) by increments that correspond with time zones. Configuration for this feature is available through RCI, the web UI and the command line "set time" command. Add logging for time events such as changes to offset or time "jumps". Add SSL connection support and simple password authentication for device connections to the iDigi Server (Connectware Manager Server). Add support for RealPort authentication. Add numerous commands to "display techsupport" for improved reporting. (31539, 31689) Reduce the amount of alarm data sent at the start of a connection to an iDigi Server (Connectware Manager Server) by sending only the active alarms. This improvement is coupled with a server change to not request the current state of all alarms. Add support to flush the ARP table and DNS resolver cache on demand. Enhance "display dnsserver" to display resolver cache entries. Automatically flush the DNS resolver cache when the DNS server list changes, removing possibly stale cache entries. XBee (mesh) networking enhancements: Show XBee SN parameter for gateway radio in web UI and CLI. (30782) Improve ZDO node discovery: - ZDO node discovery performed by default on Smart Energy networks. - DDO node discovery performed by default on other networks. - Verify that routers respond to LQI request. - Find and verify end devices in router child table. - Prevent extra LQI requests outside of ZDO discovery. - Add CLI "display xbee zigbee" option to enable ZDO discovery. Log changes in local modem status in event log. Save changes to D7 on web UI basic settings page. Don't require "!" at end of node address in CLI. Update radio parameters. Blink X2 association LED when "identify device" is done on the gateway by itself. Supported on ZNet, ZB, and DigiMesh. Correct node identify message sent to DP 868 and 900 radios. Queue transmissions in gateway while DigiMesh network is asleep. Add CLI "xbee child_table" command to display associated end devices. Add web UI and improve CLI for over the air firmware updates. Improve the ability to break out of "xbee ping" command. Improve support for DigiMesh sleeping network. Add the ability to backup and restore configuration of XBee nodes to .pro files, which are compatible with the X-CTU configuration tool. Add backup and restore, and move existing node identify and resets to a new Device Operations tab under the XBee Configuration web page. Add backup and restore to a TFTP server to the "set xbee" command. (31389) Allow gateway radio firmware update via RCI when the radio is disabled or not recognized. The target address attribute must not be specified in this case. Add click/shift-click support to select a range of nodes on the XBee OTA firmware update web page Correct the range and scaling of XBee voltage parameters. (31943) Allow fully qualified domain names (FQDN) instead of only IP address for a number of features. These features are: AutoConnect, UDP Serial, SNMP trap destinations, and the alarms e-mail server. For UDP Serial, a lookup of the FQDN (typically in the DNS resolver's cache) is done for each packet sent, with a full name resolution occurring only when the cached entry's time-to-live expires (or the cache is flushed). This supports dynamic destination IP addresses. (19517, 30637) Add options to CLI, web UI and RCI to save encrypted passwords and keys in the configuration backup file. Configuration restore accepts either encrypted or plain text passwords and keys. (15108) Change the signature method on the self-generated, self-signed certificate from MD5 to SHA1. Although MD5 is not generally unsafe, SHA1 is deemed to be the most secure. All browsers or SSL clients recognize SHA1 instead of MD5. Update the web UI for IP Forwarding Settings to show the maximum number of entries for Static routes and "Forward TCP/UDP/FTP connections...". (31866) ENHANCEMENTS in 82002162_B1 subsequent to 82002162_B: Add support to send login success and failure traps via SNMP when a user logs into the device using HTTP or HTTPS. Improve the information sent for some alarm conditions when e-mail is the configured method for sending the alarm. BUG FIXES: Fix Modbus IA engine support of 802.15.4 radios. (30733) Modbus Web UI misaligns the Master to Table Relationship. (31803) Check if enough free memory is available to handle a firmware update from the iDigi Server (Connectware Manager) and return an appropriate error response if not. (31321) Fix a bug that limited length of the primary SNMP destination field in the SNMP Settings web UI. (31895) Add a change to work around a problem in which Digi products do not accept gateways from Apple's Airport Extreme when the Digi product is configured as a DHCP client and the Apple is the DHCP server. (31166) Improve a condition under which client-initiated connections to the iDigi Server (Connectware Manager Server)) won't start unless the "Reconnect after..." box is checked. (31885) Eliminate several memory leaks. BUG FIXES in 82002162_B1 subsequent to 82002162_B: Fix a bug in which login success and failure traps were not being sent via SNMP when a user logs into the device using SSH. (32161) 82002162_B (2.9.0.5) - October 17, 2009 Not released for customer use. See ENHANCEMENTS and BUG FIXES information for 82002162_B1 EOS. 82002162_A1 (2.8.4.16) - August 28, 2009 ENHANCEMENTS: None. BUG FIXES: Fix a memory leak that may occur when DNS lookups are performed. Although the leak is small, it can lead to memory exhaustion in systems that perform many DNS operations, such as some iDigi client configurations. (30870) 82002162_A (2.8.4.7) - March 31, 2009 Initial release.