Release Notes PN 93000710_D3 ConnectCore 3G 9P 9215 82002488_D2 EOS Version 2.17.0.22 INTRODUCTION This is a production release of firmware for the ConnectCore 3G 9P 9215. SUPPORTED PRODUCTS ConnectCore 3G 9P 9215 SUPPORTED CELLULAR MODEMS Qualcomm Gobi: 2000, Modem Revision: D1025-STUTABGD-3600 1 [Jan 14 2010 14:00:00] Huawei EM680 w/Gobi Technology: 3000, Modem Revision: D3200-STSUGN-1575 1 [Nov 22 2010 09:00:00] ENHANCEMENTS NDS-509, Add variable modem power-up delay BUG FIXES NDS-575, Fix critical vulnerability - CVE-2014-9222 NDS-574, Fix related critical vulnerability - CVE-2014-9223 NDS-223, Removed obsolete references to an installation CD NDS-222, NDS-214, improve security of SSH server by removing weak connection protocols NDS-200, ensure that Device Cloud hides cleartext passwords NDS-203, correct Device Cloud URLs to include devicecloud.com rather than Etherios NDS-220, fixed altpin handling when closing / re-opening RealPort serial port. NDS-164, fixed an issue where connecting to a Digi device via HTTPS with a newer browser results in a failure to connect because the Digi device is presenting an obsolete SSL protocol version NDS-123, corrected NDS Poodle vulnerability HIGHLIGHTED PRODUCT CHANGES Starting with the 2.17.0 firmware version, iDigi has been rebranded as Device Cloud Starting with the 2.15.0 firmware version, the following feature has been incorporated: NEW iDIGI MANAGEMENT DEFAULTS Firmware defaults have been changed to enable connectivity to the iDigi(R) Device Cloud and automatic registration of the device to the iDigi(R) Support+ account. Services for registered devices include remote Digi Technical Support, with access to a wider range of remote capabilities through the creation of an iDigi Manager Pro account. iDigi Manager Pro is a web-based service that provides central and remote device management tools including: o Downloading of new software and updates o Editing of configurations and settings o Establishing user accounts with privileges o Selecting additional security measures For more information, visit www.idigi.com. ** NOTE: The following iDigi management defaults change and procedure applies to product versions that provide only an Ethernet or Wi-Fi network interface. Specifically, these defaults DO NOT APPLY to products that include a cellular WAN interface. To disable the iDigi default connection: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Connection Settings" panel, uncheck the box labeled "Enable Device-Initiated iDigi Connection". 4. Press the "Apply" button. 5. Re-boot the gateway. ** NOTE: The following procedure is applicable only to product versions that support Short Message Service (SMS). Products that do not support SMS will not display the user interface described below. To disable the iDigi Short Messaging (SMS) Opt-In capability: 1. Open the web UI of the gateway using the method outlined in the Quick Start Guide. 2. Navigate to the "Configuration > iDigi" section. 3. On the "Short Messaging" panel, uncheck the box labeled "Opt-in". To completely disable iDigi SMS, uncheck the box labeled "Enable iDigi SMS". 4. Press the "Apply" button. 5. Re-boot the gateway. Starting with the 2.14.0 firmware version, the changes described in this section are incorporated in this product. CLOCK (TIME) SOURCE MANAGEMENT SUPPORT The "Clock Source" functionality of the system has been replaced so as to simplify the behavior and improve the consistency of the time values delivered by the system, while still allowing the system to maintain a level of synchronization with external time sources. The updated feature includes a ranking system for clock sources. If a sample is taken from a better clock source than what has thus far been received (has a smaller number), the sample will be used to influence the baseline of our time measurements, and all sources of a less significant rank will be temporarily disabled. This allows the system to get a relatively accurate sense of time as quickly as possible, but eventually to run only listening to the best possible external sources. Internally, on products that have an RTC, the RTC itself is given a ranking of 50. This allows clock sources to be configured with a lower ranking... arranging so that they are only enabled when the RTC has not yet been initialized with a time value, essentially assigning them as one-shot programmers of the RTC. The rankings are re-evaluated when the clock sources are reconfigured, or when a user interface causes a "jump" in the time. Event logging of time-related events also is improved. The event log may be displayed using the "display logging" CLI or via the web UI. IDIGI SMS SUPPORT The iDigi SMS feature allows mobile-enabled (cellular) devices to communicate with iDigi using SMS (Short Message Service) messages. iDigi SMS features include: - Device management - Data messages to python applications - Data collection messages from the device to iDigi, including Dia integration. See www.idigi.com for more information on iDigi. KNOWN LIMITATIONS You can receive a lot of errors/missing items if you switch the number of serial ports your device has between configuration saves/restores. KNOWN ISSUES None. DOCUMENTATION ERRATA None. ADDITIONAL INFORMATION None. HISTORY 82002488_D (2.17.0.5) ENHANCEMENTS Rebranded "iDigi" as "Device Cloud" Modify the TCP retransmit timeout (RTO) settings to support different minumum and maximum value ranges. Use of these new ranges may reduce TCP retransmits on mobile networks if application data is sent when the cell modem is in a standby state. The TCP RTO settings are modified to permit a minimum of 30-5000 ms (previously 30-1000) and a maximum of 5-240 seconds (previously 1-240). This system-wide setting affects all TCP connections at the time they are first established. The default values for RTO minimum and maximum are unchanged; only the permissible value ranges have changed. (44960) Add (Mobile Equipment Identifier) to the elements included in the output for a RCI request. This element is included for CDMA modems and for the Gobi module (2000 and 3000), in use for either CDMA or GSM. This value is only meaningful for CDMA, but the Gobi module can be either CDMA or GSM. The MEID value may be reported by iDigi or accessed by Python scripts that run on the Digi device. Improve event log and trace messages to better identify the general cause of a PPP chat script failure. Support differential configuration backups via the web user interface and command line interface (CLI), containing only settings groups whose values differ from the device defaults (settings class and custom defaults). This produces a smaller backup file that is more readily reviewed and perhaps edited for use as a defaults.rci file (custom factory defaults). Select Gobi 3000 firmware for DoCoMo, when DoCoMo is configured as the cellular service provider. Selection of DoCoMo as the service provider is available only on Gobi 3000 modems containing DoCoMo firmware. For the Huawei EM820W GSM cell module, implement limited performance improvements to increase data throughput. This change was implemented due to a customer request. Add conditional support for the Telit HE910 GSM cell module and the Telit DE910 CDMA cell module. Add support for UDP messages using the iDigi short message (SM) protocol. Add support for XBee-Pro 900HP S3B radio, including OTA firmware updates XBee ZB OTA update improvements: - Recover nodes that have failed an OTA update and are on the default channel after reset or losing power. Requires XBee firmware 2xAA or later on the updater node. - Restart update using a different updater node after a failure when automatically selecting an updater. - Use source routes to choose an updater with the shortest route, reject updaters further away in the route than the target, and increase timeouts for longer routes. This is effective only when source routing is enabled. - Use updaters from a previous attempt if updaters cannot be found after an update failure. - When "stop on error" option is enabled, stop all updates when an error occurs, not just automatic updates. - When "stop on error" option is disabled, repeatedly try to update the same node if an error occurs, until cancelled by the user. - Work around XBee bootloader bug that sends NAK on retransmitted block 0xff. Add the CR parameter for XBee ZB radio to XBee advanced settings web page, "set xbee" command, and RCI . (41292) BUG FIXES Don't block forever when radio serial port is flow controlled. Part of a fix for (NDS-19) Treat self-addressed TX status (0x23) as a successful transmission. Needed to support 2xB1 and 4x23 and future XBee firmware. Fixed a bug that updated XBee last contact time for a node no longer on the network during ZDO node discovery Fix XBee bug that sent repeated LQI requests when response contains no entries. Happens during ZDO node discovery with 4023 firmware. Cancel queued and pending XBee commands when gateway is disabled. Caused 900HP and potentially others to lock up when re-enabled (NDS-20). Fix a bug that used too small a buffer when processing ZDO address, routing, and LQI responses from an S2C node. DBL-143: Use the gateway as the default node for xbee child_table and neighbor_table commands. Fixed a bug where an unauthenticated user could delete a file from the filesystem (NDS-69) Fix a bug in which a static route might not be successfully added to the IP routing table if it is for the mobile0 interface operating in PPP mode (versus NDIS mode). Fix a bug in the PPP settings (both serial and mobile) in which the maximum value length for the phone number fields was not sufficiently large. Values were limited to four characters rather than the intended maximum of 20. This issue affected iDigi users when configuring these settings. (45000) Fix a bug in the network stack's PPP NAK handling during IPCP negotiations for Primary and Secondary DNS IP addresses. Change the behavior of NAK of those items so a NAK isn't handled as a REJECT in a condition common to many 3G cell modems while waiting for the mobile connection to complete. Rejecting the values previously resulted in the DNS IP addresses no longer being negotiated and therefore not correctly obtained from the cell modem when valid values were finally acquired from the mobile network. Fix a problem in which an outbound TCP packet might get "stuck" in the cell modem when the modem is operating in PPP mode (versus NDIS mode). For the Gobi 2000 and 3000 cell modules, disable downloading of GPS Xtra data on Gobi modems. This was potentially causing excessive data charges. For the Gobi 2000 and 3000 cell modules, remove Ec/Io value reporting when operating on CDMA networks. That value is not correctly computed and reported by the cell modem. The Ec/Io value is still reported for WCDMA in GSM mode. For the Huawei EM820W GSM cell module, the Cell ID value is now reported showing only the low order 16 bits of the possibly 32-bit value. This change was implemented due to a customer request. (45081) For the Huawei EM820W GSM cell module, fix a problem in which SMS messages were not being properly received. (45084) Fix "xbee factory_default" command error on non-ZigBee radios. Fix an XBee Python issue: Don't throw exception on register joining device status 0xb1, which means key not found. Set get_node_list() clear parameter default value to True only if performing node discovery. (45027) For XBee, allow sending to a 16-bit network address (e.g. [1234]!) on XBee firmware versions that support it. For XBee, allow RCI get_lqi command on XBee with smart energy firmware. For XBee, fix an incorrect error status following gateway firmware update. (45789) 82002488_C1 (2.15.0.8) - August 17, 2012 BUG FIXES Fix a bug that could corrupt the tuple returned by the Python method xbee.get_node_list() when previously discovered nodes are cleared from the list and are no longer discovered. (44746) Fix a bug in which the "file copy ..." CLI command might fail if the destination is a directory rather than a file. Fix a problem in which the SIM PIN status for the Gobi cellular modules (2000 or 3000) might be incorrectly reported. 82002488_C (2.15.0.5) - July 12, 2012 ENHANCEMENTS: The iDigi feature has been improved to support binary data service and file system service between the device and iDigi Server. These services are supported through interfaces available to python applications in the device. See www.idigi.com for more information on iDigi. Change the default for the iDigi client connection method from TCP to SSL as a security improvement. Add event log and trace messages for the "Disconnect" iDigi protocol message, to help with troubleshooting the loss of iDigi connections. Add iDigi SMS Opt-In feature. With the iDigi Opt-in support enabled, the iDigi Technical Support team is afforded visibility and access to your device to diagnose and resolve issues, should you require assistance. NOTE: The Opt-in process involves sending a single SMS message containing the device's mobile phone number and iDigi Device ID to the iDigi servers. iDigi changes: - Always indicate that device data service is available, even if no targets are registered yet. (40837) - Send message with succes status and zero-length response when Python data service callback function returns no value. (41422) Add a feature to execute a CLI command using RCI via the general request do_command target="cli". This is accessed through iDigi Manager Pro. Add support to perform firmware upgrades via the CLI ("boot action=load") and the web UI using files on a FAT32 USB drive local to the Digi device. This feature requires corresponding hardware support in the Digi device. On the USB drive, only access to A/ is supported. The options are described by "help boot". Add support to perform configuration backup/restore operations via the CLI "backup" command and the web UI. Files can be in the internal WEB filesystem or on a FAT32 USB drive local to the Digi device. The USB drive support requires corresponding hardware support in the Digi device. On the USB drive, only access to A/ is supported. Add the CLI "file" command that can copy, remove, rename and list files in the Digi flash filesystems and on a FAT32 USB drive (where supported). For security reasons, the file options copy, remove and rename are not permitted for files in subdirectories of the WEB filesystem (e.g., "python"). The "file" command also supports the display of total/used/available filesystem space. The options are described by "help file". New Packet Capture (PCAP) feature: Add support to the network stack for internal packet captures from various network interfaces. Users can capture packets from eth0, eth1, wln0, mobile0, wmx0 and pppN (serial, N=0-9), with the possible network interfaces differing among Digi products. Only a single interface at a time can be captured. Capture output is a standard PCAP-format stream that can be interpreted by common capture analysis tools. The feature adds a CLI "pcap" command with a variety of options to manage and perform captures. As a security measure, by default, the packet capture capability is disabled when a device boots. There are no stored settings -- all configuration and use of PCAP is a runtime matter after a device boots. The pcap command is hidden from the usual command help unless it is explicitly invoked. Trace output for "pcap" is added to trace capture actions and activity for debugging purposes. Packet captures can be obtained locally to the device from the CLI, with the output written to a local file in the WEB flash filesystem or to a USB drive (A/) on Digi NDS products that incorporate that support. Local captures may be performed as "foreground" or "background" tasks. Captures also can be obtained by connecting to the configured PCAP capture TCP port of the NDS device, when such "network" captures are enabled by the user. This permits "clients" such as netcat to connect and capture the packet stream. Such remote packet captures should not be performed by connecting over the network interface whose packets are being captured. The CLI "pcap" help text documents the various options and caveats for use of the packet capture feature. Improve the network stack's support for unpredictable IP ID use. The change provides better protection against a potential attacker as well as addresses a possible issue with IP fragmentation and reassembly. Address a specific customer issue with NAT for large UDP datagrams that are fragmented and sent in reverse order by a device. Add support for a user-configurable option to relax the NAT trigger matching algorithm to permit transmation and forwarding of IP fragments under out-of-order conditions. This condition is atypical and it is more likely to affect UDP or ICMP than TCP. (41935, 1330099) Add support for the Gobi 3000 cellular modem: - Appears as Huawei EM680. - Service provider firmware must be pre-loaded on modem. - Supports Short Message Service (SMS). Add support for Gobi cellular modems to allow configuration of specific mobile bands, 3G-only or 2G-only for GSM mobile service. For the Gobi cellular modules: - Initiate a PRL update after provisioning the Gobi cellular modems, as requested by Sprint. - Improve monitoring of the PRL update session. Add a mobile profile and CDMA fallback feature for cellular modems. The new mobile profile web UI replaces SIM selection on all modems: - Gobi has 4 profiles, with any combination of GSM and CDMA providers. - GSM modems on dual SIM platforms have 2 profiles. - Configuration pages content depends on selected profile (GSM or CDMA). - Hide profile selection on SMS configuration page. - Switch to selected provider before provisioning, PRL update or carrier scan. - Show provisioning status is undetermined if CDMA profile not used yet. - Show active profile priority and provider on mobile status web page, "display mobile" CLI command, RCI command. Add priority and SIM slot (sim_slot) options to "set mobile" CLI command. Add provider and SIM slot to "set mobile" list display. Add an index option to select the profile to "provision" command. Add support for a new Mobile Status MIB, with 39 fixed OIDs. The new MIB is Digi part number is 40002486 (DIGI-MOBILE-STATUS.mib). The Digi SMI enterprise MIB, part number 40002195 (DIGI-SMI.mib) also is updated. The new Mobile Status MIB is distinct from the earlier Mobile Information MIB, part number 40002593 (DIGI-MOBILE-INFORMATION.mib). The new MIB has strictly defined meanings and values for its 39 OIDs. On the Mobile Settings web page, add a checkbox to enable/disable the mobile connection. Add associated web help text for this new option. Note that only the selected mobile profile is affected by the enable or disable action. On the Mobile Settings web page, enhance the T-Mobile (USA) service provider screen: - Permit custom APN specification. (42205) - Support username and password specification. Add "TELUS Mobility HSPA" to the supported list of explicitly identified service providers. Improve the mobile configuration SureLink "Reboot the device..." feature. In the 2.14.0.3 release, a watchdog was implemented as an adjunct to the SureLink "Reboot the device..." option to warm boot the Digi device if 256 consecutive failed mobile connection attempts occur. That watchdog was not configurable and could not be disabled. For the 2.15.0 release, the "Reboot the device" option default is changed to enabled with a value of 255 consecutive failed connection attempts as the threshold. Setting the value to zero disables the reboot (and watchdog). In addition, the "revert to defaults" code for the SureLink settings is corrected to recognize custom factory defaults and not assume settings class defaults are appropriate. (42443) Add options for automatic PRL updates to CLI "set mobile" (and show). Add help text for the automatic PRL updates option. These changes augment additions to the web UI that were introduced in the 2.14.1.10 release. This capability is applicable for Verizon and the Gobi module only. Standardize the format of the MEID value reported by various cell modules. Some modules include a leading 0x, whereas others do not. The standardized format removes the possible leading 0x from the value. Support the "2g_only" and "3g_only" choices for the "band" option of the CLI "set mobile" command, for cell modules that support 2G and 3G service and also support individual band selection. These are convenient selections for frequency group selection. Add a VPN feature to work around some issues associated with keeping a VPN connection active between a Digi Connect device and a Cisco router. This feature allows the customer to configure the VPN software (in the Digi device) to automatically send ICMP pings through the VPN tunnels to prevent IPSEC from timing out due to lack of traffic. The customer is able to set the frequency of the pings being sent. Add VPN-related commands to "disp techsupport": show vpn phase1 verbose=on show vpn tunnel verbose=on vpn status Implement changes for possible programming issues that were identified by a static code analysis tool. The identified issues were reviewed and triaged, with changes resulting in many cases. Issues addressed include possible memory leak elimination, removal of unneeded code, improved error detection and handling, data initialization and buffer overflow prevention. While none of the changes are directly linked to issues reported by customers, the changes do improve overall firmware quality. Add event logging and a CLI command to report status of Custom Factory Defaults (CFD). If custom defaults are applied, or if some error occurs while trying to process them at start-up time, a "system" event log record is created. A hidden "cfd" CLI command will display the status of CFD processing. This is added to "display techsupport" as well. This is provided as an aid for troubleshooting. For the "flashdrv" CLI command, report the mount point as "A/" rather than "A:/". The colon form was previously eliminated from other places in the firmware, and this instance apparently was missed at that time. Add event logging and trace for two internal APIs that can disconnect the iDigi connection, via SMS and Python. Helpful for troubleshooting. Optimize the internal na_pton() API to immediately fail look-ups when an empty string (IP address or domain name) is passed to that API. This improves performance in application code such that the eventual failure is more immediate XBee changes: - Add command to reset radio to factory default settings to Factory Default Settings web page, XBee Device Operations web page, xbee CLI command, and RCI . (41893) - Change max value for JN parameter to 1. (42084) - Expose D6 parameter on ZB gateway radio to enable RTS flow control. - Allow manually scheduled OTA firmware updates even if OTA update setting is disabled. - Add "xbee restart" CLI command to restart gateway radio. - Remove "xbee reset" test command. - Add ability to include XBee gateway radio settings in the configuration backup file. - Add option to Backup/Restore web page and CLI backup command. - Change RciProcessor and QueryCommands to generate backup directly, rather than changing query_setting to set_setting afterwards. - Add support for DigiMesh 865/868LP radio, including OTA firmware updates. - Add OTA update progress messages, improve error messages. - Check for a valid gateway firmware file before starting update. - Fix threading bug that returned an empty node list when another thread cleared the node list, causing a Python exception. - Indicate "unknown" instead of "end device" if node type is not known. - OTA firmware update improvements (customer-requested: - Invalidate network address on all transmit errors. - Improve command timeout handling. - Give preference to local radio as updater. - Test updater with smaller payload to allow room for encryption and and source routes. - Add RCI to allow commands directly specified to be executed on the Zigbee module. - Add hidden CLI command for testing and certification situations where "set xbee reset=on" will hold the XBee module in reset for testing. - Add SN parameter for DigiMesh and Smart Energy. - Don't enable RTS flow control (set D6=1) on ZB radio to avoid dropping data in the XBee module when fragmentation is enabled. This is because RTS and fragmentation aren't supported at the same time. (41307) - Improve handling of node discovery results for CLI and Python. - Update radio parameter tables. - Use POSIX file system API so OTA firmware update works on all file system types (including YAFFS). - Update configuration web page help for ZB. - Add support for the S2C (surface mount) radio. Improve the Python xbee module: - Add source_route member to nodes returned by get_node_list(). - Add option to clear node list to get_node_list(). Improve the web pages for the Alarms Settings: - For the individual alarm configuration page in the web UI, add a link to the SNMP Settings page in existing page text where the SNMP trap can be enabled for the alarm. If no trap destination is configured, display "(not configured)" as the destination value rather than nothing. - Improve error detection in the alarm edit web page. - Add an optimal RSSI alarm checkbox to web UI. This was available previously using the CLI command "set alarm". (39771, 39833) For cellular RSSI alarms: - Improve processing of RSSI alarms if multiple RSSI alarms are configured in the settings. (39833) - Improve RSSI sample averaging to avoid possible early trigger conditions. - Improve trace output from alarms driver for RSSI sampling and action. Add "display serial" and "info serial" to "display techsupport" command list. Add the undocumented "full" option to "display dnsserver" in the "display techsupport" command list. This is useful for troubleshooting. Add the Python version number to the RCI query_state/device_info reply. Improve memory use by the firmware update feature such that somewhat less memory is used during the upgrade. While all upgrade types are improved (web UI, CLI, iDigi), the CLI upgrade method is most improved. (40391) Reduce memory use by various firmware features. Eliminate unneeded code and data to reduce runtime memory use. BUG FIXES: Fix a problem in which the Digi device disconnects momentarily from the iDigi Manager server when the iDigi Manager Pro user opens Device's Properties Page. The problem occurs when the device uses the SSL connection type when connecting to the iDigi Manager server. It may occur over any network connection type (LAN or WAN) but is more likely to be observed over a WAN cellular connection. (39837) Fix a bug in the VPN support in which an empty (NULL) IPSEC hash table was incorrectly used, resulting in subsequent VPN and device problems. The empty table is valid and is now properly handled. (40548, 41522, 41900) Fix a problem in the VPN feature. (43534) If two units were set up to create a VPN tunnel between them, with one unit operating as the server and the other a client, the server would not accept a new connection from the client if the client was rebooted. The old VPN connection in the server side (from before the client rebooted) prevented the client from reconnecting. Two problems were identified and addressed: - The old IKE policy was not being deleted before trying to add the policy for the new connection - The API code to add the policy was not properly cleaning up when it failed to add the new policy because the old one, with the same priority level, was already there. In fact, the API code corrupted the linked list of IKE policies. Fix a VPN problem that could cause a panic resulting from corruption of a linked list upon the (timed) expiration of an IPSEC SA. (38322) Fix a VPN problem related to this change in an earlier firmware release: When a VPN tunnel is configured to start automatically, the VPN feature starts the tunnel by sending a ping to the remote subnet. This was not working correctly when "tunnel all" was selected since the remote subnet is 0.0.0.0, which is not a valid IP address. This problem has been fixed. (37275) Fix a problem in which DSA security does not work with the Digi SSL implementation. (42451) Fix a bug in which autoconnect was failing to attempt a sslauth connection. (42575) For the Gobi cellular modules, improve error/timeout detection for SMS requests. Perform module recovery after several consecutive timeouts. (41450) Fix a problem that reports the wrong SIM PIN Status in products using the Gobi 3000 or 2000 module. An incorrect status check was at fault, where failure was falsely assumed and the wrong status was returned. In conjunction, improve event logging for SIM PIN activity. (37810, 43943) Fix a bug that fails to count mobile call originations when the cell module operates in NDIS mode (PPP mode is OK). The missing origination counter increment has two known consequences: - The SureLink "reboot the device" setting may not be observed correctly, and the device rboot will not occur as requested. - The Verizon call origination/backoff algorithm most likely is not properly followed, which is a Verizon certification issue. NDIS is the default mode of operation for these cell modules: - Gobi 2000 and 3000 Fix an issue identified by static code analysis in which a SureLink FQDN inconsistently allowed either 63 or 64 characters. The intended maximum of 63 characters is now universally enforced. A value of 64 characters could have resulted in data corruption. Fix a problem with serial PPP that results in a failed LCP negotiation on the next (immediate) connection attempt following a PPP session disconnect. The change has no effect on cellular PPP connections. (44060) Fix a problem that could cause the iDigi Short Message Service (SMS) feature to attempt to send short messages on devices whose cell modems are not supported by the Digi firmware for SMS capabilities. Although the short messages are never sent, a looping condition can occur in which the firmware continuously attempts to send the failed message. The failed message resend loop could also occur for devices whose cell modems do have SMS support in the firmware. (1339982) Add the missing "mobile_cfg_chng" keyword to the "mode" option choices in the help text for the CLI command "set alarm". Fix an issue that occurs in IP pass-through mode, such that tethered DHCP client may not renew its lease. In IP pass-through mode, the Digi DHCP server uses a 4 minute lease time, which forces the tethered pass-through client to renew its lease every 2 minutes. This design accommodates the possibility that the mobile IP address loaned to the tethered host, may change if the mobile connection goes down and is reestablished. However, if the tethered client actually requests a specific lease interval, that 4 minute design was circumvented. The DHCP server has been modified to handle this case and provide the usual 4 minute lease. (40022) Fix a data abort exception in the Python digicli module that can occur due to an allocated buffer overflow for CLI output lines that exceed 256 characters. Although such long lines aren't likely, the crash could result from any CLI output with long lines. The fix limits the output strings to 2048 bytes at most, breaking them into segments if necessary, and it precludes the overflow condition. No CLI output is lost as a consequence of this change. Fix a problem in which configuration backup/restore with keys/password option selected, does not include some keys. In particular, the SSH and SSL private keys were absent but are now included in the backup RCI as encrypted values, only if the user requests them as such. This uses the same method as for passwords and other keys. (44048) Fix a problem in which the CLI "certmgmt" command quietly creates empty files when saving private keys (SSH, SSL, VPN). Per security requirements, disallow saving private keys via "certmgmt" and provide an explicit error message to the user. Detect empty certificates and invalid index (range) values and provide an appropriate error message for such cases. (44048) Fix the web server to reset form items for multipart/form-data. (41637) XBee fixes: - Fix lock up after "xbee factory_default" command. (43950) - Ignore unsupported settings when restoring from backup. (44040) - Fix over-the-air firmware updates of the XBee S2C radio. (40587) - Fix timeout errors on local commands that follow node discovery on DigiMesh sleeping networks. (40622, 40701) - Add a missing permissions check for the "xbee" command. - Fix a crash that occurs when passing a long hex string to getaddrinfo() or xbsGetAddr(). (41692) - Fix parsing of a 16-bit cluster ID. Only 8-bit worked correctly. - Ignore flag bits added for DigiMesh in DDO command status byte. - Allow extra time for DigiMesh node discovery. This fix is needed by 868 MHz firmware 1x61 and 2.4 GHz firmware 8x62. - Fix a bug that blocked all transmissions while waiting for a DDO command issued to an unresponsive node. - Update radio command processing limits for SE and S2C. (38712) - Add SP radio parameter for DigiMesh gateway radio to web UI, CLI, and RCI. (38766) - Fix a bug handling join notification status frame that created incorrect node list entries. - Return None instead of garbage from xbee.ddo_command() when the timeout parameter is 0. This means don't wait for the result. (39245) - Throw an exception from xbee.ddo_get_param() when the timeout parameter is 0 after rounding to milliseconds. (39338) - Reserve extra space in the transmit queue and use a different node address to prevent data messages from blocking the send of local commands to the radio. (39370) Fix a bug in which the Python digihw.gpio_get_value() method is not returning an exception on invalid GPIO number. (43821) Fix a bug in which the help text for the "show ia" CLI command contains "garbage" characters. (41619) Fix a problem that occurs when using the UDP Serial Tunnel feature: the tunnel fails when the IP address changes at either end. This is particularly observed with a cellular network connection, with dynamic public IP addresses, but can occur in other cases as well. In the cellular case, the cellular connection may be dropped by the service provider if no activity has occurred for a provider-determined interval of time. Two two problems are identified and resolved in the UDP Serial feature, both related to failed name resolution of the remote side host when the device first boots or there is serial data to send. (39729) Fix a possible memory leak in the Host List feature. (32850) Fix possible display, validation, get and set problems for some Short Message Service (SMS) settings in the web UI (built-in commands and SCL entries), on products that support multiple SIMs for GSM service. Since SMS settings are global vs. SIM-specific, add a note to the web page and associated help to that effect. (38560) Fix a bug in the displayed "Use%" value for the "flashdrv" CLI command. The computation was incorrect. Also added (back) the Use% value display in tenths of a percentage (lost when support was added for units with greater than 4GB capacity). Fix a bug in which the user-configured UTC offset is applied twice, as reported to the iDigi Manager server. (39931) Fix a problem that could occur if the real-time clock (RTC) is set to a date earlier than January 1, 2009. A date as early as year 2000 is accepted by the firmware (via CLI or web UI), and the RTC could be set with that value. But a subsequent read of the RTC with a year earlier than 2009, could cause that sample to be discarded. (40215) Fix this reported bug: Python TFTP Remote Start Fails with \r\n line endings. Uninitialized "garbage" at the end of the result buffer could cause odd error messages. A previous change for issue 26971 (in 2008) strips carriage returns from the received file. That change had a bug in which it did terminate the remaining text correctly, leaving garbage at the end of the result buffer. This commit corrects that bug. (40307) Fix a bug in which Python digicli.digicli.__doc__ returns a confusing response. (40421) Fix an SNMP issue that could cause an SNMP denial of service. (39737) Fix a bug in which the "set_factory_default" RCI request incorrectly states in its RCI descriptor text that a device reboot will be performed after the "factory" action has been completed. No reboot is performed. Fix a panic that could occur while accessing some System Information pages in the web UI. (38729) 82002488_B (2.14.0.3) - June 22, 2011 ENHANCEMENTS: Added USB_WATCHPORT_CAMERA support. Erase NAND Flash during manufacturing before writing to file system. USB memory stick test for manufacturing. Cell Modem test for manufacturing. Powersave GPIO support. Sim Uart and Sim Can support. Add mobile service provider and Gobi support for these GSM providers: - Vodafone - T-Mobile (Europe) - Telefonica - Telcom Italia - Orange - DoCoMo Powersave RTC support Added FIM management so CANBUS cannot open FIM1 if it is being used by the serial port, and the serial port cannot open FIM1 if it is in use by CANBUS. The FIM serial ports cannot be used if the module is strapped for no sim slots. This indicates the GPIO lines for the FIM serial ports are not available to the FIM adapter kit development board. Removed support for CLI commands "df", "du" and "map32". They were never intended for release. The serial port strapping will now determine if XBee can be supported. If the strapping is set to 3 serial ports, XBee will be unconditionally disabled, and the GPIOs will NOT be used by Python. If the strapping is set to less than 3 serial ports, the XBee enable/disable will determine if the GPIOs can be used by Python. The XBee enable/disable will also start / stop XBee operation, and will not require a reset. This design does not allow the customer to talk directly to the XBee via serial. Added the following MMS features 1. IA2 Engine 2. Generic IA Protocol Manager 3. IA Zigbee 4. Modbus/TCP (MM/MP) 5. IA Pages for WebUI (Replacement for IA port profile pages) Added support for the Gobi 3000 modem. BUG FIXES: Vantive 37090 - Sometimes USB devices aren't enumerated properly at boot-up. Vantive 37231 - CLI: show mobile, show mobileppp, and show surelink all return the same info when no index value is provided. Vantive 37397 - User Button 1 can't Factory Reset the unit properly. KNOWN ISSUES: Vantive 35396 - CLI: display carrier command isn't handled properly. Vantive 37259 - CLI: "display gps" doesn't update Latitude and Longitude properly when the GPS link is down. Vantive 37458 - System doesn't handle long Filenames properly. Vantive 37588 - The NDS FW does not allow to specify the PIN/PUK of the SIM card making it impossible to use a protected card. Vantive 37810 - Mobile PIN Status incorrectly reports Waiting for Pin. Vantive 38417 - CAN bus interface trouble: 200h indent frame not working with sample app. Vantive 38642 - Web Server stutters serving up Web pages from time to time. Vantive 38829 - Gobi 3000 Mobile Country Code incorrect with Sprint configuration. 82002488_A (2.12.3.7) - February 9, 2011 BUG FIXES: Vantive 34857 - Connecting a USB Flash drive caused the unit to reboot. Vantive 34943 - Surprise Removals of USB Flash drives will likely crash the unit. Vantive 34948 - Modem may not Initialize properly after boot, or after a disconnect. Vantive 34957 - Single-SIM module is reported as a Dual-SIM Module. Vantive 34959 - Disconnects of the NMEA GPS Processor are handled poorly. Vantive 34970 - Initial Mobile Configuration options require a reboot, ideally they shouldn't, but we should inform the user of this. Vantive 34996 - Help missing for System Info -> Position and Diagnostics pages. Vantive 35019 - GASS: Cellular Link is not established reliably after a reboot. Vantive 35035 - Web UI: The default SIM Slot displayed should be the Active SIM slot. Vantive 35053 - CLI: "fat32" command returns a confusing entry when a Flash Drive is connected. Vantive 35063 - Multiple SIM switches resulted in the system hanging in trying to bring up the Cellular Link. Vantive 35112 - Telnet connections into the WAN IP address of the unit are failing. Vantive 35119 - Web UI blocks user from configuring Service Provider = None. Vantive 35155 - Writing to the USB Flash drive ends up crashing the system when the NAND Flash is nearly full. Vantive 35175 - BSS: Mobile Firmware Download Error reported in the Event Log. Vantive 35181 - Ethernet Phy improperly handles the setting MDI Mode = Auto. Vantive 35187 - Web UI Location Area Code and Cell ID fields are reporting "-1" Vantive 35208 - GASS: The system misreports the Primary and Backup SIMs. Vantive 35268 - USER LED1 on the dev board is still used as the Diag LED by the boot and post. Vantive 35283 - The system shouldn't attempt to download modem FW if the system is not configured for a Mobile Service Provider. Vantive 35298 - Cellular Link never comes up after a Boot. Vantive 35390 - CLI: flashdrv command appears to limit the device to a 4GB of capacity in the "Bytes" column. Vantive 35391 - Some USB Flash drives take much longer to be queried than others. Vantive 35447 - USB: Couldn't get volume information error message. Vantive 35904 - The Python library 'digihw' has a GPIO misnamed as 'X2-26' instead of 'X2_26'. Vantive 36075 - If the time was never set on the CC3G, using system_power_set(False, 10.0) causes the device to power down, never wake up. Vantive 36107 - CC3g Reports incorrect SIM information on Dual SIM module from 'display mfg' command. Vantive 36031 - The ConnectCore device has an abnormally long boot time Vantive 36288 - Spurrious reboots. Vantive 36336 - Writing to USB Flash drives is problematic. Vantive 36342 - CC3G Device sets wrong XBee DD value on Host Gateway. Vantive 36753 - rci factory default action="erase_user_flash" is not deleting the files in WEB directory. Vantive 36770 - The remote web server is prone to cross-site scripting attacks. Vantive 36872 - ping command returns wrong error when pinging an address that has no route to it. Vantive 36950 - Watchport Camera is not enumerating properly on the CC3G 9P 9215. Vantive 37035 - USB: Reading from the flash drive works in one telnet session fails in another. Vantive 36794 - panic during cellular test. Vantive 37103 - Local Configuration on Port D doesn't provide CLI access. Vantive 37187 - System Time is way off after a 17 day period where the units were idling. Vantive 37244 - CLI: "display carriers" with modem disconnect will PANIC. Fixed problem in the FIM serial driver for NS9215 platforms. This fix only effects platforms which use the FIM UART driver. The problem was that the head and tail pointers in the transmit buffer were getting out of sync with each other when we wrapped at the end of the buffer. This problem was documented in NET+OS Vantives 36895 and 37204. Vantive 37316 - Sleep Mode is broken. Vantive 37757 - CC3G - no cellular link possible Vantive 38165 - Cellular 3G connectivity indicator does not work KNOWN ISSUES: Vantive 34971 - Web UI: Mobile page stutters when opening. Vantive 35281 - The System provides no Event Log message when the GPS connection fails. Vantive 35282 - Manual disconnects of the GPS connection don't recover automatically. Vantive 35396 - CLI: display carrier command isn't handled properly. Vantive 35398 - CLI: dis net command returns "00:00:00:00:00:00" for the MAC address of mobile0. Vantive 35943 - Hardware reference manual cites LED1 as USER LED1, which is confusing. Vantive 37039 - Camera TCP Server: the connection to the Camera Server isn't reestablished after a disconnect. Vantive 37057 - Large Memory Leak observed passing RealPort serial data. Vantive 37090 - Sometimes USB devices aren't enumerated properly at boot-up. Vantive 37231 - CLI: show mobile, show mobileppp, and show surelink all return the same info when no index value is provided. Vantive 37259 - CLI: "display gps" doesn't update Latitude and Longitude properly when the GPS link is down. Vantive 37348 - Unit crashes and reboots while displaying the event log soon after waking up from Hibernation. Vantive 37397 - User Button 1 can't Factory Reset the unit properly. Vantive 37458 - System doesn't handle long Filenames properly. 82002488_2P (2.11.0.9) - October 20, 2010 KNOWN ISSUES: Vantive 34857 - Connecting a USB Flash drive caused the unit to reboot. Vantive 34945 - USB Throughput Issues observed writing data to a USB Flash Drive. Vantive 34946 - Data Passing test results in Memory Loss of about 150KB / Hour. Vantive 34970 - Initial Mobile Configuration options require a reboot, ideally they shouldn't, but we should inform the user of this. Vantive 34971 - Web UI: Mobile page stutters when opening. Vantive 35019 - GASS: Cellular Link is not established reliably after a reboot. Vantive 35112 - Telnet connections into the WAN IP address of the unit are failing. Vantive 35152 - Python Autostart program not running at startup when dealing with the USB Flash Drive. Vantive 35155 - Writing to the USB Flash drive ends up crashing the system when the NAND Flash is nearly full. Vantive 35208 - GASS: The system misreports the Primary and Backup SIMs. Vantive 35269 - Unit ended up coming up with an Auto-IP Address when it shouldn't have. Vantive 35281 - The System provides no Event Log message when the GPS connection fails. Vantive 35282 - Manual disconnects of the GPS connection don't recover automatically. Vantive 35283 - The system shouldn't attempt to download modem FW if the system is not configured for a Mobile Service Provider. Vantive 35391 - Some USB Flash drives take much longer to be queried than others. Vantive 35396 - CLI: display carrier command isn't handled properly. Vantive 35398 - CLI: dis net command returns "00:00:00:00:00:00" for the MAC address of mobile0. Vantive 35447 - USB: Couldn't get volume information error message. Vantive 35919 - Cannot get signal strength, no matter combination of using main and aux connectors and cellular antennas. Vantive 35943 - Hardware reference manual cites LED1 as USER LED1, which is confusing. Vantive 35944 - Silk screen on the development board is confusing regarding the User buttons and LEDs that sit next to them. Vantive 36031 - The ConnectCore device has an abnormally long boot time Vantive 36207 - PPP thread on CC3G stops - unkillable and does not proceed to get a connection. Vantive 36321 - Single-SIM unit is unable to establish the Cellular Link after a long period of having it's antenna disconnected. Vantive 36288 - Spurrious reboots. Vantive 36336 - Writing to USB Flash drives is problematic. Vantive 36342 - CC3G Device sets wrong XBee DD value on Host Gateway. Vantive 36343 - Exception thrown on CC3G device during run of Dia. 82002488_1P (2.11.0.5) - July 15, 2010 KNOWN ISSUES: Vantive 34857 - Connecting a USB Flash drive caused the unit to reboot Vantive 34945 - USB Throughput Issues observed writing data to a USB Flash Drive. Vantive 34943 - Surprise Removals of USB Flash drives will likely crash the unit Vantive 34957 - Single-SIM module is reported as a Dual-SIM Module Vantive 34944 - The system appears to limit me to 5 USB Flash Drives connected behind a USB 2.0 Hub. Vantive 34946 - Data Passing test results in Memory Loss of about 150KB / Hour. Vantive 34948 - Modem may not Initialize properly after boot, or after a disconnect. Vantive 34957 - Single-SIM module is reported as a Dual-SIM Module. Vantive 34959 - Disconnects of the NMEA GPS Processor are handled poorly. Vantive 34970 - Initial Mobile Configuration options require a reboot, ideally they shouldn't, but we should inform the user of this. Vantive 34971 - Web UI: Mobile page stutters when opening. Vantive 34996 - Help missing for System Info -> Position and Diagnostics pages. Vantive 35035 - Web UI: The default SIM Slot displayed should be the Active SIM slot. Vantive 35061 - RealPort Server connections aren't getting cleaned up properly. Vantive 35063 - Multiple SIM switches resulted in the system hanging in trying to bring up the Cellular Link. Vantive 35112 - Telnet connections into the WAN IP address of the unit are failing. Vantive 35119 - Web UI blocks user from configuring Service Provider = None. Vantive 35128 - The os.statvfs function returns values that are more like suggestions rather than actual limits. Vantive 35152 - Python Autostart program not running at startup when dealing with the USB Flash Drive. Vantive 35155 - Writing to the USB Flash drive ends up crashing the system when the NAND Flash is nearly full. Vantive 35181 - Ethernet Phy improperly handles the setting MDI Mode = Auto. Vantive 35187 - Web UI Location Area Code and Cell ID fields are reporting "-1". Vantive 35188 - iDigi Descriptors are resulting in the GPS interface being reported as "GPS usb3" Vantive 35268 - USER LED1 on the dev board is still used as the Diag LED by the boot and post. Vantive 35269 - Unit ended up coming up with an Auto-IP Address when it shouldn't have.