Release Notes PN 93000688_J3 Digi ConnectPort X5 EOS PN 82002035_J3 Software Version 2.15.0.10 February 21, 2013 INTRODUCTION This is a production release of firmware for the Digi ConnectPort X5. The ConnectPort X5 family of rugged gateways is designed for Vehicle Area Network (VAN) traffic such as ZigBee and 802.15.4 point-to- multipoint, for IP connectivity using cellular or Wi-Fi connections. It offers the industry's smallest Quint-Mode (cellular, satellite, GPS, Wi-Fi, VAN) wireless telematics product. ConnectPort X5 gateways provide remote connectivity to mobile assets to monitor operating health, performance, location and driver/operator behavior, as well as to enable automated event reporting. SUPPORTED PRODUCTS Digi ConnectPort X5 R Digi ConnectPort X5 R Iridium Digi ConnectPort X5 F HIGHLIGHTED PRODUCT CHANGES Starting with the 2.14.2.10 firmware version, the following feature has been incorporated: NEW iDIGI MANAGEMENT DEFAULTS Firmware defaults have been changed to enable connectivity to the iDigi(R) Device Cloud and automatic registration of the device to the iDigi(R) Support+ account. Services for registered devices include remote Digi Technical Support, with access to a wider range of remote capabilities through the creation of an iDigi Manager Pro account. iDigi Manager Pro is a web-based service that provides central and remote device management tools including: o Downloading of new software and updates o Editing of configurations and settings o Establishing user accounts with privileges o Selecting additional security measures For more information, visit www.idigi.com. ** NOTE: The following iDigi management defaults change and procedure applies to product versions that provide only an Ethernet or Wi-Fi network interface. Specifically, these defaults DO NOT APPLY to products that include a cellular WAN interface. To disable the iDigi default connection: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Connection Settings" panel, uncheck the box labeled "Enable Device-Initiated iDigi Connection". 4. Press the "Apply" button. 5. Re-boot the gateway. ** NOTE: The following procedure is applicable only to product versions that support Short Message Service (SMS). Products that do not support SMS will not display the user interface described below. To disable the iDigi Short Messaging (SMS) Opt-In capability: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Short Messaging" panel, uncheck the box labeled "Opt-in". To completely disable iDigi SMS, uncheck the box labeled "Enable iDigi SMS". 4. Press the "Apply" button. 5. Re-boot the gateway. Starting with the 2.13.2 firmware version, the following feature has been incorporated: IRIDIUM SATELLITE NETWORK SUPPORT For products with an embedded Iridium 9602 modem, the Digi operating system provides an API for transmitting and receiving Iridium Short Burst Data (SBD) messages over the Iridium satellite network. The modem must be activated on the Iridium network before data transfer is possible. The method by which customers can manipulate SBD messages is Python scripting. Starting with the 2.14.2 firmware version, the following feature has been incorporated: IDIGI IRIDIUM SATELLITE NETWORK SUPPORT For products with an embedded Iridium 9602 modem, iDigi Iridium satellite support has been added. The Digi operating system provides an iDigi API for transmitting and receiving Iridium Short Burst Data (SBD) messages over the Iridium satellite network. In addition, the X5 is capable of responding to iDigi commands from the server such as "Reboot", "CLI", "Request to Connect" and "Status Request" (ping). The modem must be activated on the Iridium network before data transfer is possible. The method by which customers can manipulate SBD messages is Python scripting. ENHACEMENTS For user configuration, improve the web page text and associated help to emphasize the selection of the desired device access and feature permissions for user logins that are added beyond the default "root" user. (44865) BUG FIXES Fix a bug that could corrupt the tuple returned by the Python method xbee.get_node_list() when previously discovered nodes are cleared from the list and are no longer discovered. (44746) Fix a bug in which the "file copy ..." CLI command might fail if the destination is a directory rather than a file. Fix a bug in the PPP settings (both serial and mobile) in which the maximum value length for the phone number fields was not sufficiently large. Values were limited to four characters rather than the intended maximum of 20. This issue affected iDigi users when configuring these settings. (45000) Modify the TCP retransmit timeout (RTO) settings to support different minumum and maximum value ranges. Use of these new ranges may reduce TCP retransmits on mobile networks if application data is sent when the cell modem is in a standby state. The TCP RTO settings are modified to permit a minimum of 30-5000 ms (previously 30-1000) and a maximum of 5-240 seconds (previously 1-240). This system-wide setting affects all TCP connections at the time they are first established. The default values for RTO minimum and maximum are unchanged; only the permissible value ranges have changed. (44960) Corrected wireless ad hoc behavior that caused units to lose connectivity (45536) Corrected Wi-Fi behavior that caused incorrect MAC address filtering and unnecessary re-associations (45402) Fixed a bug that caused the clockstamp returned with J1708 callbacks to roll over to zero after about 49.7 days. (NDS-24) KNOWN ISSUES Problems have been encountered with some Linksys VPN appliance models when using different Diffie-Hellman group settings for phase 1 and phase 2. To work around this issue and successfully establish the VPN tunnel, use the same Diffie-Hellman group for both phase 1 and phase 2 settings. A problem related to the power cycling of the Iridium mode has been observed in conjunction with the Digi CLI "iridium power=on" command. Depending on system conditions, it is possible that an attempt to re- power the 9602 modem after having powered it off will appear to "hang" for a number of minutes waiting for internal timeouts to expire, before ultimately failing. HISTORY 82002035_J3 (2.15.0.10) - February 21, 2012 82002035_J (2.15.0.5) - July 12, 2012 ENHANCEMENTS Add support to perform configuration backup/restore operations via the CLI "backup" command and the web UI. Files are in the internal WEB filesystem. Add the CLI "file" command that can copy, remove, rename and list files in the Digi flash filesystems. For security reasons, the file options copy, remove and rename are not permitted for files in subdirectories of the WEB filesystem (e.g., "python"). The "file" command also supports the display of total/used/available filesystem space. The options are described by "help file". New Packet Capture (PCAP) feature: Add support to the network stack for internal packet captures from various network interfaces. Users can capture packets from eth0, eth1, wln0, mobile0, wmx0 and pppN (serial, N=0-9), with the possible network interfaces differing among Digi products. Only a single interface at a time can be captured. Capture output is a standard PCAP-format stream that can be interpreted by common capture analysis tools. The feature adds a CLI "pcap" command with a variety of options to manage and perform captures. As a security measure, by default, the packet capture capability is disabled when a device boots. There are no stored settings -- all configuration and use of PCAP is a runtime matter after a device boots. The pcap command is hidden from the usual command help unless it is explicitly invoked. Trace output for "pcap" is added to trace capture actions and activity for debugging purposes. Packet captures can be obtained locally to the device from the CLI, with the output written to a local file in the WEB flash filesystem. Local captures may be performed as "foreground" or "background" tasks. Captures also can be obtained by connecting to the configured PCAP capture TCP port of the NDS device, when such "network" captures are enabled by the user. This permits "clients" such as netcat to connect and capture the packet stream. Such remote packet captures should not be performed by connecting over the network interface whose packets are being captured. The CLI "pcap" help text documents the various options and caveats for use of the packet capture feature. Improve the network stack's support for unpredictable IP ID use. The change provides better protection against a potential attacker as well as addresses a possible issue with IP fragmentation and reassembly. Address a specific customer issue with NAT for large UDP datagrams that are fragmented and sent in reverse order by a device. Add support for a user-configurable option to relax the NAT trigger matching algorithm to permit transmation and forwarding of IP fragments under out-of-order conditions. This condition is atypical and it is more likely to affect UDP or ICMP than TCP. (41935, 1330099) Add support for a new Mobile Status MIB, with 39 fixed OIDs. The new MIB is Digi part number is 40002486 (DIGI-MOBILE-STATUS.mib). The Digi SMI enterprise MIB, part number 40002195 (DIGI-SMI.mib) also is updated. The new Mobile Status MIB is distinct from the earlier Mobile Information MIB, part number 40002593 (DIGI-MOBILE-INFORMATION.mib). The new MIB has strictly defined meanings and values for its 39 OIDs. On the Mobile Settings web page, add a checkbox to enable/disable the mobile connection. Add associated web help text for this new option. On the Mobile Settings web page, enhance the T-Mobile (USA) service provider screen: - Permit custom APN specification. (42205) - Support username and password specification. Improve the mobile configuration SureLink "Reboot the device..." feature. In the 2.14.1.6 release, a watchdog was implemented as an adjunct to the SureLink "Reboot the device..." option to warm boot the Digi device if 256 consecutive failed mobile connection attempts occur. That watchdog was not configurable and could not be disabled. For the 2.15.0 release, the "Reboot the device" option default is changed to enabled with a value of 255 consecutive failed connection attempts as the threshold. Setting the value to zero disables the reboot (and watchdog). In addition, the "revert to defaults" code for the SureLink settings is corrected to recognize custom factory defaults and not assume settings class defaults are appropriate. (42443) Standardize the format of the MEID value reported by various cell modules. Some modules include a leading 0x, whereas others do not. The standardized format removes the possible leading 0x from the value. Implement changes for possible programming issues that were identified by a static code analysis tool. The identified issues were reviewed and triaged, with changes resulting in many cases. Issues addressed include possible memory leak elimination, removal of unneeded code, improved error detection and handling, data initialization and buffer overflow prevention. While none of the changes are directly linked to issues reported by customers, the changes do improve overall firmware quality. Add event logging and a CLI command to report status of Custom Factory Defaults (CFD). If custom defaults are applied, or if some error occurs while trying to process them at start-up time, a "system" event log record is created. A hidden "cfd" CLI command will display the status of CFD processing. This is added to "display techsupport" as well. This is provided as an aid for troubleshooting. Add event logging and trace for two internal APIs that can disconnect the iDigi connection, via SMS and Python. Helpful for troubleshooting. Optimize the internal na_pton() API to immediately fail look-ups when an empty string (IP address or domain name) is passed to that API. This improves performance in application code such that the eventual failure is more immediate XBee/mesh changes: - Add command to reset radio to factory default settings to Factory Default Settings web page, XBee Device Operations web page, xbee CLI command, and RCI . (41893) - Change max value for JN parameter to 1. (42084) - Expose D6 parameter on ZB gateway radio to enable RTS flow control. - Allow manually scheduled OTA firmware updates even if OTA update setting is disabled. - Add "xbee restart" CLI command to restart gateway radio. - Add ability to include XBee gateway radio settings in the configuration backup file. - Add option to Backup/Restore web page and CLI backup command. - Change RciProcessor and QueryCommands to generate backup directly, rather than changing query_setting to set_setting afterwards. - Add support for DigiMesh 865/868LP radio, including OTA firmware updates. - Add OTA update progress messages, improve error messages. - Check for a valid gateway firmware file before starting update. - Fix threading bug that returned an empty node list when another thread cleared the node list, causing a Python exception. - Indicate "unknown" instead of "end device" if node type is not known. - OTA firmware update improvements (customer-requested: - Invalidate network address on all transmit errors. - Improve command timeout handling. - Give preference to local radio as updater. - Test updater with smaller payload to allow room for encryption and and source routes. - Add RCI to allow commands directly specified to be executed on the Zigbee module. - Add SN parameter for DigiMesh and Smart Energy. - Don't enable RTS flow control (set D6=1) on ZB radio to avoid dropping data in the XBee module when fragmentation is enabled. This is because RTS and fragmentation aren't supported at the same time. (41307) Improve the Python xbee module: - Add source_route member to nodes returned by get_node_list(). - Add option to clear node list to get_node_list(). Eliminate unneeded code and data to reduce runtime memory use. Add support for ConnectPort X5 Iridium MRAM. BUG FIXES Fix a bug in the VPN support in which an empty (NULL) IPSEC hash table was incorrectly used, resulting in subsequent VPN and device problems. The empty table is valid and is now properly handled. (40548, 41522, 41900) Fix a problem in the VPN feature. (43534) If two units were set up to create a VPN tunnel between them, with one unit operating as the server and the other a client, the server would not accept a new connection from the client if the client was rebooted. The old VPN connection in the server side (from before the client rebooted) prevented the client from reconnecting. Two problems were identified and addressed: - The old IKE policy was not being deleted before trying to add the policy for the new connection - The API code to add the policy was not properly cleaning up when it failed to add the new policy because the old one, with the same priority level, was already there. In fact, the API code corrupted the linked list of IKE policies. Fix a problem in which DSA security does not work with the Digi SSL implementation. (42451) Fix a bug in which autoconnect was failing to attempt a sslauth connection. (42575) Fix an issue identified by static code analysis in which a SureLink FQDN inconsistently allowed either 63 or 64 characters. The intended maximum of 63 characters is now universally enforced. A value of 64 characters could have resulted in data corruption. Fix a problem with serial PPP that results in a failed LCP negotiation on the next (immediate) connection attempt following a PPP session disconnect. The change has no effect on cellular PPP connections. (44060) Fix a problem that could cause the iDigi Short Message Service (SMS) feature to attempt to send short messages on devices whose cell modems are not supported by the Digi firmware for SMS capabilities. Although the short messages are never sent, a looping condition can occur in which the firmware continuously attempts to send the failed message. The failed message resend loop could also occur for devices whose cell modems do have SMS support in the firmware. (1339982) Fix a data abort exception in the Python digicli module that can occur due to an allocated buffer overflow for CLI output lines that exceed 256 characters. Although such long lines aren't likely, the crash could result from any CLI output with long lines. The fix limits the output strings to 2048 bytes at most, breaking them into segments if necessary, and it precludes the overflow condition. No CLI output is lost as a consequence of this change. Fix problems in the RCI handling for the and settings. The problems were exposed in the iDigi device configuration interface for these settings. Issues addressed are: - Add missing elements in settings. - Remove excess/incorrect elements in settings. - Correct the value range identification for some elements, specifically those related to group association. Improve the element description strings displayed by iDigi. (41545) Add the missing "mobile_cfg_chng" keyword to the "mode" option choices in the help text for the CLI command "set alarm". Fix a problem in which configuration backup/restore with keys/password option selected, does not include some keys. In particular, the SSH and SSL private keys were absent but are now included in the backup RCI as encrypted values, only if the user requests them as such. This uses the same method as for passwords and other keys. (44048) Fix a problem in which the CLI "certmgmt" command quietly creates empty files when saving private keys (SSH, SSL, VPN). Per security requirements, disallow saving private keys via "certmgmt" and provide an explicit error message to the user. Detect empty certificates and invalid index (range) values and provide an appropriate error message for such cases. (44048) Fix the web server to reset form items for multipart/form-data. (41637) XBee fixes: - Fix lock up after "xbee factory_default" command. (43950) - Ignore unsupported settings when restoring from backup. (44040) XBee/mesh changes: - Add a missing permissions check for the "xbee" command. - Fix a crash that occurs when passing a long hex string to getaddrinfo() or xbsGetAddr(). (41692) - Fix parsing of a 16-bit cluster ID. Only 8-bit worked correctly. Fix a bug in which the Python digihw.gpio_get_value() method is not returning an exception on invalid GPIO number. (43821) 82002035_H1 (2.14.2.10) - March 2, 2012 ENHANCEMENTS: Add iDigi SMS Opt-In feature. With the iDigi Opt-in support enabled, the iDigi Technical Support team is afforded visibility and access to your device to diagnose and resolve issues, should you require assistance. NOTE: The Opt-in process involves sending a single SMS message containing the device's mobile phone number and iDigi Device ID to the iDigi servers. iDigi change: Send message with succes status and zero-length response when Python data service callback function returns no value. (41422) BUG FIXES: None. 82002035_H (2.14.2.5) - December 14, 2011 ENHANCEMENTS: XBee/mesh changes: - Improve handling of node discovery results for CLI and Python. - Remove support of obsolete FreeScale ZigBee radio firmware. - Update radio parameter tables VPN changes: - Add VPN-related commands to "disp techsupport": show vpn phase1 verbose=on, show vpn tunnel verbose=on and vpn status. - Adjust white space in output for "show vpn" and "vpn status" commands. - Added a new VPN feature to work around a problem that Miami Dade ran into. The feature lets the customer configure the VPN software to automatically send pings through the VPN tunnels in order to keep IPSEC from timing them out due to lack of traffic. We allow the customer to set the frequency of the pings too. iDigi changes: - Always indicate that device data service is available, even if no targets are registered yet. (40837) BUG FIXES: XBee/mesh changes: - Fix over the air firmware updates of XBee S2C radio - Fix timeout errors on local commands that follow node discovery on DigiMesh sleeping networks. EDP changes: - Always indicate device data service is available, even if no targets are registered yet. iDigi changes: - Corrected the length of the error text in the error response to include the NULL. This was fixed for the iDigi commands CLI, Request to Connect and Configure. 82002035_G (2.14.1.6) - October 14, 2011 ENHANCEMENTS: Add support for the Sierra Wireless Q26 Elite cellular modem (CDMA). This includes support for Short Message Service (SMS). The iDigi feature has been improved to support binary data service and file system service between the device and iDigi Server. These services are supported through interfaces available to python applications in the device. See www.idigi.com for more information on iDigi. Change the default for the iDigi client connection method from TCP to SSL as a security improvement. Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. Improve the multiple user model's permissions protections to better support limited access users. - Extend permissions for users, groups and permissions to support "self" permissions in addition to the existing none/read-only/read-write permissions choices. - Split apart some of the permissions such that each can be separately selected and configured. - For the CLI "boot" command, improve the permissions checks for the supported options. Specifically, "action=factory" now requires both boot and revert-all permissions. "file=(host):(filename)" now requires both boot and fw-update permissions. - In the web UI, improve page access error messages for user configuration pages. Disallow unauthorized/direct access to user configuration pages that circumvents page links and permissions checks. Add the following notice to the User Configuration web page, with a similar notice in the web help. (38961) Be certain that you know a valid user name and password combination that you previously configured, or the device default values if you have never configured users and passwords. If you do not know a valid combination, you will not be able to log into this device. Improve the web user interface help information regarding username and password values. (38178) The clock (time) source management functionality has been improved to better detect failures to retrieve time sync samples from an NTP server as a time source. Failures or "lost" replies result in quick retries for both the initial sample after boot time as well as for subsequent samples. Additional configurability is supported via the "set timemgmt" CLI command, the web UI and the iDigi platform. Event logging is improved for time-related events. For the clock (time) source management feature, update the web UI and web help to include the configurable jump threshold and "lost time source" detection settings. For the clock (time) source management feature, improve the SNTP client implementation: - Add detection of "expired" NTP replies. o Accept replies only if in response to the most recently issued request for a given NTP time source. Discard other replies. o Replies must not be more than 20 seconds since the request was sent. Old samples can skew the time computation and cause undesired jumps. o Add a statistical counter for "expired" replies ("info time" CLI). - Improve the NTP reply read resolution for the socket, to more quickly process replies. Add a feature to execute a CLI command using RCI via the general request do_command target="cli". This is accessed through iDigi Manager Pro. Improve the parsing of RCI documents to better handle embedded XML comment and declaration values. (37651) Add support for a user-configured Maximum Transmit Unit (MTU) size for the Ethernet interface. The MTU size can be configured using the "mtu" option of the "set network" CLI command, or in the web interface on the Advanced Network Settings page in the Network Configuration area. The MTU selection is similarly supported for the Wi-Fi interface. Improve the SureLink system reset capability: - When the system reset condition triggers, leave a suitable panic record with information that identifies the reason and cause (for the reboot (versus no information whatsoever). - Add a watchdog-like extension that will reboot the device if 256 consecutive failed connection attempts occur. The setting permits a value in the range 1-255. Even if the system reset is disabled, the watchdog will request a device reset after 256 consecutive failed connection attempts, as a means by which to attempt recovery. This spans a period of many hours, so it is not particularly aggressive. XBee/mesh changes: - Use POSIX file system API so OTA firmware update works on all file system types (including YAFFS). - Update configuration web page help for ZB. - Add support for the S2C (surface mount) radio. Improve the web pages for the Alarms Settings: - For the individual alarm configuration page in the web UI, add a link to the SNMP Settings page in existing page text where the SNMP trap can be enabled for the alarm. If no trap destination is configured, display "(not configured)" as the destination value rather than nothing. - Improve error detection in the alarm edit web page. - Add an optimal RSSI alarm checkbox to web UI. This was available previously using the CLI command "set alarm". (39771, 39833) For cellular RSSI alarms: - Improve processing of RSSI alarms if multiple RSSI alarms are configured in the settings. (39833) - Improve RSSI sample averaging to avoid possible early trigger conditions. - Improve trace output from alarms driver for RSSI sampling and action. To CLI, web UI and RCI, add flash (web) filesystem reporting for total, used and free space in the filesystem. Add these to: - CLI: display device (info device) - Web UI: General System Information page, and help - RCI: DeviceStats class (new elements) (38557) Add "display serial" and "info serial" to "display techsupport" command list. Add the "show idigi_msgservice" command to the "display techsupport" command list (38095) Add the undocumented "full" option to "display dnsserver" in the "display techsupport" command list. This is useful for troubleshooting. Add the Python version number to the RCI query_state/device_info reply. Improve memory use by the firmware update feature such that somewhat less memory is used during the upgrade. While all upgrade types are improved (web UI, CLI, iDigi), the CLI upgrade method is most improved. (40391) Reduce memory use by various firmware features. BUG FIXES: Fix a problem in which the Digi device disconnects momentarily from the iDigi Manager server when the iDigi Manager Pro user opens Device's Properties Page. The problem occurs when the device uses the SSL connection type when connecting to the iDigi Manager server. It may occur over any network connection type (LAN or WAN) but is more likely to be observed over a WAN cellular connection. (39837) Fix a problem that caused the Python built-in time.clock() call to return a value that "rolls over" after approximately 49.7 days of operation after a boot of the Digi device. This occurred due to an internal clock counter rollover. It could cause Python application program to assume that the clock (and time) had gone backwards, resulting in unpredictable behavior of the application. (37986) XBee/mesh changes: - Ignore flag bits added for DigiMesh in DDO command status byte. - Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. - Fix a bug that blocked all transmissions while waiting for a DDO command issued to an unresponsive node. - Update radio command processing limits for SE and S2C. (38712) - Add SP radio parameter for DigiMesh gateway radio to web UI, CLI, and RCI. (38766) - Fix a bug handling join notification status frame that created incorrect node list entries. - Return None instead of garbage from xbee.ddo_command() when the timeout parameter is 0. This means don't wait for the result. (39245) - Throw an exception from xbee.ddo_get_param() when the timeout parameter is 0 after rounding to milliseconds. (39338) - Reserve extra space in the transmit queue and use a different node address to prevent data messages from blocking the send of local commands to the radio. (39370) User logins using the web UI: - Correct the login pages for the multiple user model to support username and password values of 1 to 16 characters. These pages support both "normal" user sessions as well as customization user sessions. The web page scripting and controls supported usernames of 3-15 characters and passwords of up to 15 characters, which don't handle the permissible lengths for the multiple user model username (3-16) and password (4-16), plus customization username (1-16) and password (1-15). - Add a note to the Change Password page for the customization user to indicate that the username and/or password change applies only to the customization user and not to the administrative (or other) user. Update the customization tutorial text to state that the customization username may be 1-16 characters long, and the associated password may be 1-15 characters long. For the clock (time) source management feature: - Fix a bug in which some malformed SNTP responses were counted under the "Receive Timeout" category in addition to "Malformed Responses" in cases for which only the latter category should be incremented. These values are reported by the "info time" CLI command. - Fix a bug in which the RCI descriptor for the settings suggested a minimum ranking value of 0, but it should be 1. The bug resulted in an error being returned to the user when configuring a time source via iDigi, if ranking value 0 was entered by the user. - Fix a bug that possibly allowed packets to accumulate on the socket for an internally disabled NTP source (lesser ranking). Such packets were never being read nor discarded, thereby unnecessarily consuming system memory. Fix a problem that occurs when using the UDP Serial Tunnel feature: the tunnel fails when the IP address changes at either end. This is particularly observed with a cellular network connection, with dynamic public IP addresses, but can occur in other cases as well. In the cellular case, the cellular connection may be dropped by the service provider if no activity has occurred for a provider-determined interval of time. Two two problems are identified and resolved in the UDP Serial feature, both related to failed name resolution of the remote side host when the device first boots or there is serial data to send. (39729) Fix a possible memory leak in the Host List feature. (32850) Fix a bug in which the localtime() API didn't correctly adjust time by the specified timezone offset. (36959) Fix a bug in which the user-configured UTC offset is applied twice, as reported to the iDigi Manager server. (39931) Fix a problem that could occur if the real-time clock (RTC) is set to a date earlier than January 1, 2009. A date as early as year 2000 is accepted by the firmware (via CLI or web UI), and the RTC could be set with that value. But a subsequent read of the RTC with a year earlier than 2009, could cause that sample to be discarded. (40215) Fix this reported bug: Python TFTP Remote Start Fails with \r\n line endings. Uninitialized "garbage" at the end of the result buffer could cause odd error messages. A previous change for issue 26971 (in 2008) strips carriage returns from the received file. That change had a bug in which it did terminate the remaining text correctly, leaving garbage at the end of the result buffer. This commit corrects that bug. (40307) Fix a bug in which Python digicli.digicli.__doc__ returns a confusing response. (40421) Fix an SNMP issue that could cause an SNMP denial of service. (39737) Fix a bug in which the "set_factory_default" RCI request incorrectly states in its RCI descriptor text that a device reboot will be performed after the "factory" action has been completed. No reboot is performed. Fix a panic that could occur while accessing some System Information pages in the web UI. (38729) Fix an issue that occurs in IP pass-through mode, such that tethered DHCP client may not renew its lease. In IP pass-through mode, the Digi DHCP server uses a 4 minute lease time, which forces the tethered pass-through client to renew its lease every 2 minutes. This design accommodates the possibility that the mobile IP address loaned to the tethered host, may change if the mobile connection goes down and is reestablished. However, if the tethered client actually requests a specific lease interval, that 4 minute design was circumvented. The DHCP server has been modified to handle this case and provide the usual 4 minute lease. (40022) Fix a VPN problem that could cause a panic resulting from corruption of a linked list upon the (timed) expiration of an IPSEC SA. (38322) Fix a VPN problem related to this change in an earlier firmware release: When a VPN tunnel is configured to start automatically, the VPN feature starts the tunnel by sending a ping to the remote subnet. This was not working correctly when "tunnel all" was selected since the remote subnet is 0.0.0.0, which is not a valid IP address. This problem has been fixed. (37275) 82002035_F1 (2.13.2.2) - August 19, 2011 ENHANCEMENTS: Starting with the 2.13.2 firmware version, the following feature has been incorporated: IRIDIUM SATELLITE NETWORK SUPPORT For products with an embedded Iridium 9602 modem, the Digi operating system provides an API for transmitting and receiving Iridium Short Burst Data (SBD) messages over the Iridium satellite network. The modem must be activated on the Iridium network before data transfer is possible. The method by which customers can manipulate SBD messages is Python scripting. BUG FIXES: All known issues with the external line (Reset) that is described in the ConnectPort X5 User's Guide with: "Digi does not recommend adding this reset pin to your cable harness" have been resolved. The functionality is primarily for Digi internal use, however, and the recommendation continues to be to avoid using this pin in customer cable harnesses. Under heavy loads at high data rates, the CAN bus controller could inject spurious error conditions onto the bus. The embedded controller code has been modified to fix the synchronous handling of the data bus. 82002035_F (2.13.2.1) - June 20, 2011 ENHANCEMENTS: Added CLI and RCI support for pwoer control and status query of an embedded Iridium 9602 SBD module. Extended the digipowercontrol embedded Python module to be able to manage an embedded Iridium 9602 SBD module. Added the digi_iridium embedded Python module for Python control of an embedded Iridium 9602 SBD module. Added support for an Iridium LED in products with an embedded Iridium 9602 modem module. 82002035_E (2.13.0.7) - March 22, 2011 ENHANCEMENTS: MULTIPLE USER SUPPORT An enhanced device user model is now supported in this product. It is now possible to configure multiple user accounts in the device settings. Different users can be given different access permissions, which can be used to restrict user access to features as "read only" or not accessible. A user account begins with a username and password. Each user may be configured to allow access to the device via the Command Line Interface (CLI) and/or the Web User Interface (browser). SSH (secure shell) Public Key Authentication (RSA public key) also may be configured for each user. Access permissions to the various device features may be selected for individual users as well. The requirement that a user must log into the device to access it, is a configuration choice for this product. If logins are required to access the device, all users will be required to log in. In that case, the individual user permissions are observed to access the various features of the product. If logins are not required, no permissions validation is performed, and all features are available. If this firmware is used to upgrade an earlier firmware revision that did not support the multiple user model, the login requirement, username, password and SSH public key settings will be migrated from the previous "single user model" settings to become those of the "root" user in the new firmware. CLOCK (TIME) SOURCE MANAGEMENT SUPPORT The "Clock Source" functionality of the system has been replaced so as to simplify the behavior and improve the consistency of the time values delivered by the system, while still allowing the system to maintain a level of synchronization with external time sources. The updated feature includes a ranking system for clock sources. If a sample is taken from a better clock source than what has thus far been received (has a smaller number), the sample will be used to influence the baseline of our time measurements, and all sources of a less significant rank will be temporarily disabled. This allows the system to get a relatively accurate sense of time as quickly as possible, but eventually to run only listening to the best possible external sources. Internally, on products that have an RTC, the RTC itself is given a ranking of 50. This allows clock sources to be configured with a lower ranking... arranging so that they are only enabled when the RTC has not yet been initialized with a time value, essentially assigning them as one-shot programmers of the RTC. The rankings are re-evaluated when the clock sources are reconfigured, or when a user interface causes a "jump" in the time. Event logging of time-related events also is improved. The event log may be displayed using the "display logging" CLI or via the web UI. IDIGI SMS SUPPORT The iDigi SMS feature allows mobile-enabled (cellular) devices to communicate with iDigi using SMS (Short Message Service) messages. iDigi SMS features include: - Device management - Data messages to python applications - Data collection messages from the device to iDigi, including Dia integration. See www.idigi.com for more information on iDigi. Extra, optional filtering capabilities have been added at the Python layer for the CAN bus. Messages matching a filter can be limited to return only a fraction of matches, or to enforce a minimum amount of time between reported matches. Add support for an enhanced multiple user model. Migrate existing user settings to the new model. (31007, 34089) Improve support for management of clock (time) sources. Add support for the iDigi SMS feature. When restoring a device to factory defaults, revert the DHCP Server settings only if the network settings are being reverted. (33078) When restoring a device to factory defaults, revert the certificates and keys only if the ALL settings are being reverted. (36710) Improve the error messages that are reported due to ping CLI failures, such as when there is no route to the destination IP address, to be more specific to the underlying problem. (36872) Add the TCP "timewait" option to the "set network" command. This option specifies the desired system-wide value in seconds for the TCP TIME_WAIT interval. The default value is 60 seconds, and the supported range is from 10 to 240 seconds inclusive. Also added to the RCI settings. Add a note to the "set network" help, and to the "set network" output if a TCP option is changed, to clarify that the change is not applied to existing TCP connections, nor to service listeners until the listeners are restarted or a reboot occurs. Add similar notes to "revert network" help and "revert network" output if the global settings are reverted. For the "display logging" CLI, add the ability to display the event log and continue to check for and display new log messages as they are written to the log. The help text for this command is updated to describe how to request and terminate the continuous log "tailing". For CLI commands submitted via the SMS #cli request, in products supporting the multiple user model, ensure permissions are enforced as those of the root user. If a special user named "smscli" is created, the permissions for #cli will be restricted to those configured for user "smscli". This special username cannot be selected by the user. Improve on a condition in which SMS messages, send by Digi devices, might be truncated or corrupted when passing from CDMA networks through GSM gateways. The issue may occur due to differences in the CDMA and GSM standards for short message content encodings. For received SMS message handling, the '#' character is taken to indicate a command upon which the Digi device should act. During global testing, it has been observed that this character may be modified (e.g., replaced with a space) when short messages pass through some SMS gateways. This is problematic for the #command interface to the devices via SMS. To help accommodate possible character translation problems such as this, the SMS settings are updated to permit a user selection of the command character. This character still defaults to '#' but may be any one of: # ! % * + / Add iDigi Timed Connection support to web UI and web help. This connection type has long been exposed via CLI and RCI. Improve the error recovery algorithm for failed RCI requests received via iDigi. The updated algorithm reduces network activity by eliminating redundant error reports. Improve trace output for troubleshooting. (37637) The Python ONEXIT condition has been added to the Web UI. (37541) XBee changes: - Add join notification, BR and TC commands for SE 3x28 firmware. - Allow DDO commands to broadcast address from CLI. - Fix bug setting extended timeout option on DDO commands. Modify the DHCP server feature so it doesn't include its IP address as a DNS Proxy in the lease information it sends to its clients, if DNS Proxy service is not enabled in the configuration settings. Improve the SureLink settings page and web help to further describe the Hardware Reset Thresholds category of settings. Improve the user interfaces for configuring static routes in the network stack. For a WAN interface, always use the interface gateway IP address. For a LAN interface, use the associated interface gateway IP if the static route rule is configured with a gateway address of 0.0.0.0. If the static route gateway IP is other than 0.0.0.0 for a LAN interface, use that configured value. This properly and implicitly accommodates WAN interface static routes and allows the user to select use of the LAN interface gateway or a configured value for LAN interface static routes. The web UI help is updated to describe this enhancement. Improve the network stack to address the issue described in US-CERT Vulnerability Note VU#498440: Multiple TCP/IP implementations may use statistically predictable initial sequence numbers. The note can be viewed at: http://www.kb.cert.org/vuls/id/498440. (36183) Expand the description of iDigi keep-alives in the web help information. Add a Network Port Scan Cloaking feature that permits users to prevent replies to various received packets for which there is no local service. On a global or per-network-interface basis, one can disable ping replies, TCP reset replies for received connection requests to unused ports, and ICMP destination/port unreachable replies to received UDP datagrams destined for unused ports. This capability "cloaks" a device from being probed on such unused ports, and it reduces packet traffic by eliminating replies that may be billable to service accounts (e.g., cellular service). This feature is exposed in the CLI as the "scancloak" option, and it is supported in the web UI on the Advanced Network Settings page under the Network Configuration section. By default, this feature is disabled. Support cloaking for the DNS Proxy feature on a per-interface basis, so the proxy can be enabled for some interfaces yet disabled for others. Enhance the Dynamic DNS update feature to permit the selection of any device network interface. Previously this feature was coupled with the cellular mobile interface and did not support a selection of the network interface for which the asociated IP address is registered with the DDNS service. (35346) If the system has had its software watchdog enabled, the system will attempt to panic (and thus leave information about the timer that expired) rather than simply allow the hardware watchdog to reset the system. BUG FIXES: Fix a bug in which the cellular modem may stop sending or receiving SMS messages. (37718) Fix a bug in which the APN information in the mobile settings web UI could not be saved when selecting Rogers as the mobile service provider. (37117) Fix a bug that may result in a memory leak when a fully qualified domain name (FQDN) is configured for a SNTP Server as a time source in the Date and Time Settings. (37807) Avoid panic due to lack of thread stack space for Python callback functions. (36591) Address SSH public key authentication issues. (37339) - Fix a bug in which configuration settings support for SSH public key authentication was inconsistently implemented in the Digi firmware, depending on the product and user interface being used. - Ensure that user authentication is in accordance with RFC 4252. - Eliminate memory leak when configuring a public key via tftp. - Improve SSH trace output for troubleshooting purposes. Fix a bug in which an SSH user other than the root user, might acquire root user permissions for CLI commands. (37483) Fix a VPN issue in which NAT-T keep-alive packets were not being sent if PFS security was selected. (34186, 36751) When a VPN tunnel is configured to start automatically, the VPN feature starts the tunnel by sending a ping to the remote subnet. This was not working correctly when "tunnel all" was selected since the remote subnet is 0.0.0.0, which is not a valid IP address. This problem has been fixed. (37275) Fix a bug in which changing the IP address from dynamic to static via the web UI redirects to a URL mix of old/new IP addresses. Also correct a failure to redirect if the service port for HTTP or HTTPS is other than the usual values 80 or 443, respectively. (33205) Fix a problem in which Classless Inter-Domain Routing (CIDR) fails to route correctly under certain narrow instances (such as routing between hosts with IP addresses 25.0.0.50 and 24.0.0.50, with a subnet mask of 248.0.0.0). (37043) Fix a busy loop problem when all PPP dial numbers are empty. (36829) Fix a Python socket read failure that could occur if a timeout is set on an SSL socket. Fix an inconsistency and bug in which the Python command string was not properly managed with its maximum length value of 127 characters. Fix a bug that caused XBee early request timeout and retries resulting from a race condition. (37735) Eliminate several potential memory leaks. (34946) Fix a long-standing settings class RCI bug that affects settings restore, custom defaults and iDigi configuration of the failover feature. The TCP test destination port was not being correctly set, which left in place the previous value that was defaulted or set via CLI or web UI. (36372) Fix a VPN problem in which a successful VPN connection could not be established due to the configured subnetting scheme in relation to the mobile network's remote endpoint IP address. Specifically, the remote mobile endpoint was on the same subnet as the remote VPN subnet. This resulted in a packet routing problem that has been resolved. (36588) Display the correct range for the SC setting in the web UI for XBee PRO 802.15.4 radios. (35660) Fix bugs in "set vrrp" option validation in the CLI: - Verify VRID is 1-255 (not 254). - Verify priority is 1-254 (not 255). This matches similar validation in the web UI and configuration restore. Fix a problem in which the iDigi discovery tool uses the Wi-Fi interface MAC address as the iDigi device ID. The required iDigi device ID is based on the Ethernet MAC address. The problem affects only products that have a WiFi network card as a second LAN interface, when that interface is used for iDigi discovery. (35697) Fix a possible panic that occurs while configuring the primary network interface (Ethernet) and saving the changes to NVRAM. (35715) For mesh networking configuration, display the correct range for the SC setting in the web UI for XBee PRO and S2B radios. (35660) Fix a bug in a previous fix to gettimeofday() that causes incorrect display and behavior in "set time" and the Date and Time web page. (35957) Fix a bug in uudecodeToFile() that causes RCI file transfers to fail when there is white space after the file data. (36147) 82002035_D1 (2.10.0.11) - September 2, 2010 ENHANCEMENTS: Add "receive idle" and "send idle" times to the iDigi statistics. Available via "display idigi" in the CLI, and in the web UI. BUG FIXES: Fix cellular modem lockup during power cycle. (34693) Fix to avoid extra SSH key generation if slot #1 is open, but slot #2 is full. (34383) Fix "set ppp" and "revert ppp" to operate properly with no port selection options on single port units. (35388) Python API function xbee.get_node_list() throws an exception if no data is available instead of returning None. (35111) Improve the error handling in the RCI processor, more explicitly indicating memory errors, when detectable. (34955) The value returned by the Python time.time() call is no longer modified by the offset option of "set time". (34994) A few Python modules would block all Python activity during certain lengthy operations without cause. All embedded Python modules have now been reviewed, and errors corrected. (35505) Fix a system lock up under heavy load, found during performance testing over a VPN connection. (34656) Fix a system panic when using IPSec with NAT-T. (35594) 82002035_D (2.10.0.8): - August 9, 2010 ENHANCEMENTS: Mesh / Zigbee / XBee networking: - Web UI improvements: - Add sorting and paging of node list. - Remove node list from System Info/XBee page. - Move device status page to Configuration/XBee page. - Bring back simple gateway firmware update page for ZB. - RCI discover command additions: - Add option to get current node list without discovery - Add option to return information for a single node - Return time since last contact with each node - Return firmware update status for each ZB node - Add "info xbee" CLI command to display XBS and XBee statistics. - Return an error if the application uses network addressing on ZigBee (extended addressing is required). - Add support for XBee S2B PRO radio. - Enable RTS flow control to radio. - Update radio parameters. - Set apply changes option on WR command instead of using AC command when saving radio settings. (32848) - Allow LT parameter value of 0. (32847) - Add XBS_TX_STATUS_KEY_NOT_AUTHORIZED constant to driver and Python (32682) - Limit the number of queued commands. (32568) - Add RCI get_lqi command to get neighbor tables and link quality. (32509) - Add XBee driver statistics. (32508) - Add sorting of node list by clicking on column header in web UI. (24220) - Enable DTR on the X4 XBee serial port. - Add a Python xbee.reset() method to reset XBee radio. This is for use by applications that communicate directly with the radio module. Enhance the Wi-Fi support: - Enable TX power calibration on platforms with Piper+AL7230. - Add "band" configuration on the Wi-Fi LAN Settings web page. Specify the band in which this device is being used. By selecting a band, the channel settings will be restricted to the legal set for that band. - Add "802.11d" configuration on the Wi-Fi LAN Settings web page. 802.11d Multi Domain Capability enables the device operation in additional regulatory domains (countries) with allowed channel set and tx power. - Add "EAP-FAST" network authentication configuration on the Wi-Fi Security Settings web page. EAP-Flexible Authentication via Secure Tunneling is now supported in WPA. - Add the CLI command "revert wlan" and hide the "revert wireless" command (retained for backward compatibility). The option "wlan" is used for the commands set, show, display and info, so the use of "wireless" for revert was inconsistent. (34675) Update the SSL/TLS implementation with enhancements and bug fixes. Enhance the DHCP server feature to support user configurable selection of the default gateway (DHCP Option 3: Routers on Subnet) in leases given to clients. The default selection matches what was implicitly offered in all previous firmware releases with DHCP server support. Add a new info command to the CLI, "info time". This command displays SNTP Client statistics when SNTP is configured as a time source. Enable TCP keep-alives by default for these services: ssh, telnet. This provides default cleanup of orphaned sessions. Clarify description: the serial statistics page displays the current port settings. (32689) The Connectware Manager (also referred to as Remote Management) has been rebranded in the Digi device firmware as "iDigi". This corresponds with the service being offered by Digi for this purpose. A number of enhancements are added for the iDigi client in the Digi device firmware: - iDigi activity is recorded in the Event Log. - An iDigi client entry appears in the "Connections" list when: - The client is connected to the iDigi server. - The client is trying to connect to the iDigi server. - The client is waiting (listening) for the iDigi server to connect to it. - The client is waiting for a configured interval before initiating a (new) connection to the iDigi server. The connections list may be displayed in the CLI ("who") and in the web UI (Management > Connections). - When the iDigi client is waiting to (re)connect to the server, the connection table entry may be "killed" in which case the wait is canceled and the connection attempt proceeds immediately. - When the iDigi client is connecting to the server, the connection table entry may be "killed" in which case the connection attempt is abandoned. The "connecting" state is typically very brief. If for some reason the Digi device gets "stuck" in the "connecting" state, the kill request will terminate the condition. This is not an expected condition. - Add the CLI command "display idigi" report iDigi connection status of the Digi device. - Add the iDigi status web page under Administration > System Information to report iDigi connection status of the Digi device. - Show the iDigi Device Type for the Digi device on the iDigi Configuration page in the web UI. This is the device type by which the Digi device is known to the iDigi server. That value also is displayed via the CLI command "show mgmtglobal" and in the RCI output as (in addition to the existing field). - Send the actual Digi device type to the iDigi server rather than a possibly user-customized product name in config.ini. Customized names are problematic for the iDigi server for device recognition and management. (1291266) - Eliminate unsupported interfaces from the network settings RCI and related CLI (set mgmtnetwork). The web UI was already correct. (34520) - Increase the maximum permitted request and reply document sizes for the iDigi protocol RCI facility. The new size accommodates encoded files of just over 2MB. - Expose the (previously hidden) devicesecurity CLI option from these commands: set, show, revert. This was previously available but hidden to prevent misuse of some of that command's capabilities. The options that could cause problems if misconfigured have been removed, so it is no longer necessary nor appropriate to hide the devicesecurity option. (34535) Improve iDigi information for SMS replies to #idigi commands. - Add the device ID to the returned data if the 'i' flag is specified. E.g., #idigi,i status - Add the "id" command option for #idigi to return the device ID. I.e., #idigi id - Add support to manage the "waiting to connect" state of the iDigi client to the SMS "#idigi" command. The "#idigi waitcancel" command cancels the wait and the connection attempt proceeds immediately. Change "opts" (options) to "flags" in the SMS # usage (help) text. For the iDigi client configuration's connection server list, reduce the number of server entries to 4 from 8. The list of 8 is simply truncated to 4 for this change. An attempt to restore "deprecated" entries results in warnings, not errors, generated by the settings manager. Note that Digi devices are typically configured to use only one of the server list entries, so this change won't affect deployed products. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. (34309) Reduce the number of Alarms to 8, from the previous maximum of 32. For Digi devices being upgraded from an earlier firmware version, only the first 8 alarms will be used by the new firmware. The other 24 alarm entries will be discarded (deprecated). An attempt to restore such deprecated alarm entries results in an "invalid index" warning rather than an error. This reduces runtime memory usage, NVRAM use for configuration setting storage and the RCI text generated for backups. Add DHCP lease information to the output of the CLI command "show network" when the IP configuration for the Digi device is received from a DHCP server. The information shown includes the IP address of the DHCP server, the lease duration, the renew and rebind times, and the time remaining in the current lease. The VRRP feature is now available only on Digi devices that support cellular services (no longer present for non-cellular devices). (32513) Support for LPD, RLOGIN and RSH have been removed from the product. Remove unneeded and deprecated data and code to reduce memory use. Reduce the PPP server shutdown and restart time after DTR/RTS changes on non-cellular PPP ports. BUG FIXES: Mesh / Zigbee / XBee networking: - Fix bug causing commands to time out too early. (32456) - Fix bug in Python xbee module with handling node discovery errors. (32456) - Require the node ID used in xbee CLI commands be a unique exact or partial match to a node in the node list. (32516) - Fix gateway firmware version display bug in web UI. - Fix a problem in which a specific status message from an XBee radio could cause a false firmware update failure. (34471) - Correct inconsistent return codes from CLI commands "set xbee" and "xbee". The bug resulted in problems for the Python interface to the Digi CLI. (34683) Address issues in the Wi-Fi support. - Fix a bug in which the BSSID is not being randomly generated when creating an ad-hoc network. (33819) - Fix a bug in the Wi-Fi driver that caused duplicate packets to be sent. (32292) - Fix a bug in the Wi-Fi driver ad-hoc mode, caused when the unit sends a probe_response and receives an ACK, followed thereafter by the 500 ms timeout. - Fix WPA/Wi-Fi driver issues related to problems in the handling of 4-Way key exchanges, uncovered through UNH Interoperability testing. (24015, 24030, 28561, 28562, 29455, 31391, 31392) - Fix Wi-Fi driver failures for UNH interoperability. (28659, 23903) - Fix a multirate Wi-Fi defect (protection mode) using AES on b/g WLANs, which caused high packet loss. - Fix Wi-Fi driver issues related to Cisco LEAP+WEP. Fix a bug in which setting the time with a year greater than 2036 causes the wrong year to be set. (32781) Fix a bug in which multiple SNTP Server entries may be configured as time sources in the Date and Time Settings, but only the first one in the list is used. (33367) Fix an issue in the SNTP Client that results in frequent name resolution attempts (one per second) if a domain name is configured for an SNTP time source. This may occur if the name is invalid or cannot be resolved by the configured DNS servers. A backoff is implemented to mitigate the too-frequent name resolution attempts. (32652) Fix a bug in which the SMS settings for Python were not being saved when set via the web UI. Fix incorrect "set smscell" help information. Fix a bug in which, for SMS messages sent to Python via #python command, only the text that follows #python (and optional flags/password) should be passed to the Python read interface. The entire message starting with #python was being passed erroneously. Fix a corrupt IPSEC SPD table header string in the output of the CLI commands "display ipsecspd" and "display vpn". Fix a problem in which the Digi device, running in IP Pass-through mode, stops passing packets from the Ethernet interface to the mobile interface. The Digi device had to be rebooted to clear the problem. (33756) - Fix a problem that caused the mobile send to block permanently. - Add detailed statistics for pass-through activity to the CLI command "display passthrough". - Add detailed trace capability for technical support troubleshooting. Fix a bug for dual SIM devices in which the incorrect SIM may be selected when no SIMs are installed or configured. (33966) Fix a problem in which the Cisco ASA would not establish a VPN tunnel to Digi units. (33948) Fix a bug in which the CLI command "show vpn phase1 verbose=on" shows the wrong encryption key size, when the key size is other than the default. (34974) Fix a bug in the Alarms Settings web UI in which the value saved is not what was entered for large time values (cellular-related time intervals). (26557) Fix a bug in which the Digi device might panic (reboot) when using the CLI command "certmgmt" to generate a key for SSH. (33249) Fix a bug in which the cold start trap is sent every time the user enables "Generate cold start traps" in the web page or the CLI. (33655) Fix a bug in which the geofence SMTP server field will not accept a DNS name for the mail server in the web UI (Position Configuration > Geofence Settings). The web page will now accept a FQDN as well as an IP address for the primary and secondary SMTP server fields. (32808) Fix a bug in which the geofence email recipient fields will accept any input as an e-mail address. Recipient strings now are validated in a manner that is consistent with e-mail recipient validation on other web pages. (32809) Fix an inconsistency in validating the signal strength threshold values when configuring alarms for cellular-capable Digi devices. The change standardizes a range of -120 dB to -40 dB. Previously, some interfaces implemented that range, while others implemented the range -300 to 0 dB. (26564) Fix a bug in which a user could not remove or disable a VRRP instance other than by reverting the settings altogether. (30490) Fix a bug in which the DialServ feature's connection_wait_time setting could be set outside its designed value range (10-300). This problem existed only when the setting was applied via the RCI interface. (34647) Fix the keep-alive checkbox for DialServ dial-out configuration. (32833) Fix a pmodem feature problem for which, under some conditions, an ATDT command (that normally works correctly) stops working. (34433) Fix a GPS "virtual serial" driver problem which was able to cause a deadlock of critical resources in the system if Python code was using select on the /gps/0 device. 82002035_C1 (2.9.2.6) - May 19, 2010 Enhance filesystem support: - Add POSIX APIs. - Enhance Python interfaces. - The new filesystem name is now /WEB/ to ease migration. WEB/ is still valid but will be deprecated later. - Extend the "ls" command for file systems in RCI to request a hash value be returned for files in the listing. At present, the only hash methods supported are "none" (the default) and "crc32". - Extend all RCI implementations in NDS to support requesting a specific file rather than just a directory in a "ls" command request. The "dir" attribute of the "ls" command has been deprecated as a result, with the more applicable synonym "path" now taking its place as the standard attribute tag to use to choose what should be listed. Enhance PPP support: - Add PPP server for standard serial ports. - Add PPP server port profile to web UI. - Display statistics for all PPP instances on CLI "display pppstats". - Rename CLI set/show/revert "pppoutbound" commands to "ppp". - Encrypt PPP passwords in RCI and backup files.