Release Notes PN 93000942_K4 Digi Connect ME 82001116_K4 EOS August 31, 2011 INTRODUCTION This is a production release of firmware for the Digi Connect ME. The Digi Connect ME embedded device server web and network enables products easily without the complexities of extensive hardware and software integration. The Digi Connect ME provides powerful "plug-and-play", customizable and future-safe features, and performance in one of the smallest solutions available. SUPPORTED PRODUCTS Digi Connect ME ENHANCEMENTS Add support for RealPort authentication BUG FIXES Vantive 27845: Unable to turn off port 80 when HTTPS enabled. This is a long-standing issue, in that HTTPS service requires that HTTP service be enabled. HTTPS requires HTTP service for a local loopback connection (via 127.0.0.1:80). I enhanced the underlying shared web server code to support the use of the web server for HTTPS use even if general web server access is disabled. The change makes use of a related improvement added in the past by the NET+OS dev kit developers for use in their products. I carried this through to the NDS interface to the web server, making it more flexible than the support previously added by NET+OS. Candidate fix for Vantive 26588: Alleviate an issue leading to page corruption, caused by the way RpSendDataOutZeroTerminated was calling RpSendReplyBuffer; RpSendReplyBuffer was not designed to be called outside of the RomPager state machine, and, if it received an EAGAIN on a send call, buffers could get overwritten. SendBuffer now does a select in a loop with a maximum number of iterations. This not the optimal solution because if the loop times out, the same error could occur. One can not wait indefinitely, however, because the webserver is blocking at thtis point. Vantive 30177, ADDP query doesn't say authentication supported. 82001116_K was built September 16, 2008, and was never tested with VPD 82001921. VPD 82001921 calls out product ID 0x7b. This product ID existed in the 2.6.5 branch (82001116_J2), but did not exist in the 2.8.2 branch (82001116_K). Without this product ID, the EOS crashes and resets. The product ID has now been added to the appropriate places in the code. KNOWN ISSUES It is not currently possible to configure the escape characters used by client applications (connect, telnet, and rlogin). If the standard web service (HTTP) is disabled, the encrypted web service (HTTPS) stops operating. They will be made independently selectable in a future release. When attempting to upgrade the firmware on a unit which has password authentication enabled, the initial release of the firmware would fail. This current release includes a workaround to this behavior by allowing the user to disable passwords during the time period of the firmware upgrade. If it becomes necessary to DOWNGRADE the firmware from version B (or greater) back to version A, it is necessary to clear the persistent storage BEFORE downgrading because the version A firmware has a defect in the way it handles unexpected data in the persistent storage. Failure to clear the persistent storage during a DOWNGRADE to A can result in an unusable unit. The recommended procedure, therefore, to preserve as many settings as possible during a downgrade is to backup the configuration, then clear the persistent storage, downgrade the firmware, then restore the configuration. In order to clear the persistent storage from the CLI one can execute the "boot action=factory" command. The only web accessible method for clearing the storage is available via the reset functionality in the administrative pages at "admin/factory_defaults.htm". When attempting to replace files in the file system, simply overwrite the existing version of the file rather than deleting the file first. Attempting to delete the file first defeats the internal file versioning maintained by the firmware, and can confuse your browser's cache. For the most consistent experience with the user interface, it is suggested that you clear your Internet cache. Microsoft Internet Explorer 6 Service Pack 1 (SP1) has a known problem where it displays the error message "Internet Explorer Cannot Open" when you use an HTTPS URL to access this Digi product. The following Microsoft article explains the problem: http://support.microsoft.com/default.aspx?kbid=812935 UI CHANGES Telnet The "send" command has been added which allows the user to send telnet special character sequences when connected using the telnet client. syntax: send [option] options: ao {Send telnet abort output} ayt {Send telnet 'Are You There'} brk {Send telnet break} ec {Send telnet erase character} el {Send telnet erase line} escape {Send current escape character} ga {Send telnet 'Go Ahead' sequence} ip {Send telnet interrupt process} nop {Send telnet 'No operation'} synch {Perform telnet 'Synch operation'} ----- RLogin The "rlogin" command has been added to allow rlogin connections to remote hosts. ----- Network Options The "set net" command has changed in several ways. The "garbage_byte" and "override_dhcp" TCP keepalive options have been removed. The following options have been added: dns1: dns2: Allows the user to specify the IP address of up to two Domain Name Servers for name lookup. rto_min: Allows the user to specify a lower threshold for the TCP retransmission sliding window calculation. Choosing an value lower than the default of 1000 ms may assist in achieving improved latency performance when retransmissions occur. rto_max: Allows the user to specify the maximum retransmit before the TCP connection is terminated. arp_ttl: Allows the user to specify the amount of time that an ARP entry remains in the network ARP cache. garp: Allows the user to specify how often the unit will announce its MAC address on the network using a "Gratuitous ARP" message. ----- Display command There are a few new network related "display" commands. display sockets: Displays information on how socket resources are being used by the system. display tcp: display udp: Displays information about pending and current connections for TCP or UDP respectively.. display netdevice: Displays the network devices present in the system. ----- Delayed ACK A new option has been added to the "set service" command called "delayed_ack". This allows the user to configure how long the TCP stack will wait for data on which to place the ACK flag before sending a packet with no payload and the ACK flag set. ----- RealPort Keepalive The RealPort protocol has an optional mechanism that uses an internal "keepalive" packet to cause periodic guaranteed traffic on a link. This packet however may cause issues in environments that are metered for traffic or do not require this type of mechanism. The "set realport" command can be used to turn off this behavior with "set realport keepalive=off". DOCUMENTATION ERRATA Password authentication can be enabled in this release, but authentication is OFF BY DEFAULT. A security screen has been added to the user interface to allow one to enable username and password authentication. When password checking is enabled, the user will be challenged when accessing the initial screen of the UI, and if the user uses a Digi Device Discovery tool. IP ASSIGNMENT NOTES The Digi Connect ME now supports three IP assignment methods: * Static IP address * DHCP * Auto-IP If a static address is enabled, it will be used. If a static address is not enabled, and DHCP is enabled, the unit will use an address supplied by a DHCP server regardless of the state of Auto-IP configuration. If a static address is not enabled, and Auto-IP is enabled, it will be used to generate an address ONLY if DHCP is disabled, or if DHCP is enabled and a DHCP server has not responded to the DHCP query. If both are enabled, Auto-IP has assigned an address, and then a DHCP server responds, the Auto-IP address will be discarded and the DHCP address will be used. RESETTING THE UNIT One feature introduced in the "C" revision of the Digi Connect ME firmware is an enhanced ability for an embedded host system to both soft reset the unit as well as reset the unit to its factory defaults. Both functions may be invoked via manipulation of pin 20 on the ME module's header: * If the module is running (i.e. more than a few seconds after power on), holding pin 20 low for a second and then raising it will soft reset the unit * If pin 20 is held low for more than 10 seconds from the power on or release from hard reset of the unit, and then raised, it will reset the unit to its factory default state In either case, the action takes effect when the pin is raised (reset released). ADDITIONAL INFORMATION The configuration save and restore tools will save every configurable parameter (including IP configuration) except for those related to password authentication. On initial boot of this device, it will generate some encryption key material: an RSA key for SSL/TLS operations, and a DSA key for SSH operations. This process can take as long as 40 minutes to complete. Until the corresponding key is generated, the device will be unable to initiate or accept that type of encrypted connection. It will also report itself as 100% busy but, since key generation takes place at a low priority, the device will still function normally. On subsequent reboots, the device will use its existing keys and will not need to generate another unless a reset to factory defaults is done, which will cause a new key to be generated on the next reboot. ENABLING THE WEB USER INTERFACE The embedded web user interface is ALWAYS available at the following URL: http://ip-address-of-device/home.htm It is also available as the default configuration interface at the following URL: http://ip-address-of-device If your device contains the Java configuration applet it can be executed by connecting to the embedded web user interface and clicking the "Launch" button on the "Home" page under the "User Interfaces". It can be made to be the default configuration interface by clicking the "Set as Default" button on the same page. The Java Configuration Applet may remain in the unit's file system without affecting the embedded web user interface. If you would like to use the Java Configuration Applet as an alternative, simply upload the index.htm file as a file with an alternate name (e.g. applet.htm). You would then be able to use the Java Configuration Applet by accessing the following URL: http://ip-address-of-device/applet.htm UPGRADING THE CONFIGURATION APPLET Prior to upgrading the configuration applet, you may need to remove the existing files. The main reason for this is that the earliest version of the applet used different filenames than newer versions. If you are simply uploading newer versions of files with the same name, it is not necessary to first delete the files. Removing the existing files: 1. Access the administration web interface by entering the following URL in in a browser's URL window: http://ip-address-of-device/admin/administration.htm 2. Select File Management under the Administration menu. 3. Check the check box adjacent to the files you wish to remove. 4. Click the delete button. You must load the jar and HTML files onto the device (this only has to be done once). When executed, the configuration applet will connect back to the device it was loaded from. Loading the updated configuration applet files: 1. Access the administration web interface by entering the following URL in in a browser's URL window: http://ip-address-of-device/admin/administration.htm 2. Select File Management under the Administration menu. 3. Click Browse. Locate and select the common.jar file then click Open. 4. Click Upload. 5. Click Browse. Locate and select the configapp.jar file then click Open. 6. Click Upload. 7. Click Browse. Locate and select the index.htm file then click Open. 8. Click Upload. 9. Click Browse. Locate and select the config.ini file then click Open. 10. Click Upload. 11. Click index.htm to run the configuration applet from the device (to access the applet directly use the URL http://ip-address-of-device/index.htm). HISTORY 82001116_H ENHANCEMENTS Added telnet break to serial ports Added the RealPort "exclusive mode" feature Allow clear text passwords to be specified via RCI BUG FIXES Improved the RTS toggle help screen in the Web UI Fixed alarm settings so that the subject field is not required for snmp alarm traps Added checks to the Web UI's TCP socket profile page to insure that the same IP port cannot be assigned more than once Fixed an RCI problem where back-up files created with older versions of the firmware would fail to restore on newer versions Fixed a problem where escape sequences in the socket ID were not being translated correctly Fixed a problem where RCI still required authentication when suppress login has been specified 82001116_G ENHANCEMENTS Configurable RealPort keepalive. Increased network stack configurability. Various command line improvements, see UI CHANGES later in this document. BUG FIXES It is now possible to upgrade the firmware with files that contain a '$' in their filename. 82000904_F5 ENHANCEMENTS Control flashing of 1-1-1 to allow faster boot up. Added a new feature to set the initial level of GPIO output states to a user configurable setting. (Vantive 16384) Added new feature to allow upload of customization files using Connect Programmer. Add support for a user-configurable DHCP host name (DHCP Option 12) to the Digi Connect family of products. (Vantive 14648) With the latest combination of POST firmware and embedded operating system, the Digi Connect device servers now offer the ability to select whether some of their power-on self tests will be executed or skipped. The new default behavior of the POST will be to skip some of its tests, including the test of the diagnostic LED which blinks 1 - 1 - 1 before running the EOS. Skipping the tests enables the device to boot more quickly. With a CLI command in the EOS, customers will be able to choose to execute the tests, restoring the previous POST behavior. The new CLI commands are: boot postaction=display boot postaction=skip boot postaction=execute BUG FIXES Corrected regression where file upload using the Connect Programmer was not showing up in the web UI. (Vantive 15771) Added logic to re-establish a TCP socket connection after a remote host becomes drops off line. (Vantive 16396) 82000856_F5 - Last release under 82000856 part number New SNMP MIBs were added including: RS-232, character, and device info MIBs. SNMP traps were added that allow the generation of SNMP traps when logins, authentication failures, network linkage, and cold startup events occur. In addition SNMP traps are supported with the alarm feature. The alarm feature allows emails and/or SNMP traps to be generated when there is a GPIO signal change or a particuliar data pattern is seen from incoming serial data. The Portbuffering feature was added that allows buffering of incoming ASCII data from the serial port. A memory leak was fixed that occured in rare situations during network data transfer. A problem with data loss on the serial port at 230400k was fixed. 82000856_D Connection and session management has been added to the CLI. The commands related to the manipulation of connections and/or sessions includes: who -- list connections kill -- attempt to kill a connection status -- list all sessions associated with a specified connection close -- attempt to close a session associated with a specific connection reconnect -- if we have "escaped" from a client session back to the CLI, this allows us to return control to the session connect -- from the CLI, send data to/from a serial port, escape character is ^[ telnet -- from the CLI, initiate a telnet session with a remote device, escape character is ^] rlogin -- from the CLI, initiate an rlogin session with a remote device, escape character is ~ The ability to list connections and to attempt to kill connections has been added to web interface. The ability to connect the CLI via rlogin has been added. The ability to initiate an automatic connection between a serial port and a remote network device via rlogin has been added. The ability to enable full duplex ethernet as well as auto duplex negotiation has been added. The ability to influence the way that the unit forwards data from the serial port to the network has been added. This serial over TCP forwarding allows one to insert buffering between the serial port and the network socket for a connection. This buffering allows one to "hold off" on pushing received serial data into the queue for network transmission until certain criteria are met, including the amount of data received, gaps of idle time of a certain length, and/or specific data patterns. This new buffering capability is off by default. The ADDP discovery / IP assignment service may now be completely disabled. A low-level serial configuration interface has been added. When enabled, it allows one to use the DSR modem signal to shift serial port 1 into a special mode where received data is interpreted as a set of RCI commands. Since enabling the feature causes the standard interpretation of the DSR signal to be lost, it is disabled by default. Under certain conditions, received serial data would unexpectedly get duplication of 0xFF characters in the data stream. This now only happens when character marking is explicitly requested. The units were not properly detecting RealPort server disconnects, so were not gracefully recovering from network outages for RealPort connections. 82000856_C The ability to force the ethernet speed to a specific value (rather than depending on auto-negotiation) has been added. Auto-IP has been added as an IP address selection method. See the section "IP ASSIGNMENT NOTES" below for more details. Pseudo-modem capability has been added as a configurable option for the serial port. There are now two choices to use for web-enabled configuration; the Java Configuration Applet (previously shipped with the unit) and a new embedded web user interface. The embedded web user interface allows the user to configure the unit without the need to download a Java Run-time Environment. The Java Configuration Applet is better suited for easy customization. If you simply intend to access and configure the unit from a web browser, you will want to use the embedded web user interface. If you want to create a custom UI, tailored to a specific look and feel, use the Java Configuration Applet. See the section "ENABLING THE EMBEDDED WEB USER INTERFACE" for instructions on how to enable the embedded web user interface as the default. If you choose to use the Java Configuration Applet you must upgrade the applet on your Digi Connect ME to ensure compatibility between revisions. See the section "UPGRADING THE CONFIGURATION APPLET" for instructions. Added a capability for embedded hosts to soft reset the Digi module as well as reset the Digi module configuration back to its factory default state via hardware signals. See the section "RESETTING THE UNIT" for details. Added the "RTS Toggle" feature to the serial port configuration (ability to control the "RTS" signal based on data transmission). The web server is now configurable via the command line interface, in that it can be enabled or disabled, as well as moved to a different TCP port number. Changing the port number or disabling the web server will, as a side effect, cause certain applications and applets to stop operating as they expect the HTTP service to be at port 80. The Digi RealPort service in the firmware has been extended to fully support all Digi supported operating systems, not just the Windows family of operating systems. Two conditions were identified in which the unit would reboot itself during early initialization as a result of internal software conflicts. These conditions have been eliminated. The "Revert to Factory Defaults" feature exposed by the various user interfaces have been consolidated so that their effect is consistent. There were cases in which the serial core would incorrectly interpret signals as modem control signals even though the user has identified them as GPIO inputs or outputs. These conditions have been eliminated. 82000856_B "Reverse Telnet", i.e. making a telnet connection to a serial port, has been added, including RFC 2217 support. A command line interface has been added, accessible via telnet to the standard telnet port (23). The ability to autoconnect to a remote device via telnet has been added. The autoconnect feature has been extended to allow one to autoconnect based on an arbitrary pattern string. TCP socket connections now can be given a configurable idle timeout for connection closure. The "alarm" functionality has been extended to allow one to generate email when pattern strings are present in the data stream. LPD server support has been added. "Socket ID" support (the insertion of a static identifier string into the first transmitted data packet for a TCP socket session or into every datagram carrying data for a serial port over UDP) has been added. The serial over UDP functionality has been extended to allow 64 destinations per serial port. We have updated the Configuration Applet to support these features. You must upgrade the applet on your Digi Connect ME in order to configure these new features from the UI. See the section, UPGRADING THE CONFIGURATION APPLET, for instructions. CPU utilization reported by the web/applet interface is now more representative of the average utilization of the system. The serial over UDP functionality now correctly handles IP broadcast addresses as valid UDP destinations. The interface now automatically reboots after reverting to factory defaults, as it previously implied it would. 82000856_A Initial Release.