################################################################################ ### This change log documents most changes, especially the user-facing ones. ### ################################################################################ Legend (since v2): [+] new feature, [*] improvement/other, [-] removed feature, [x] bug fix Glossary: EX2 = EX2(+) G2 = EX6, EX5-2-T (not EX5-2) G3 = EX5-2 (not EX5), EX12 G4 = EX32(+), EX20400, EX48400, EX484-3 (not EX484-2 or EX484) 2.2.14 [2020-01-08] -- + sFlow app for EX2 * Fixed XSS issue * Security hardening 2.2.12 [2019-10-18] -- * Removed support for SSLv2, SSLv3, TLSv1.0 and TLSv1.1 * Removed unsafe ciphers for HTTPS 2.2.11 [2019-10-15] -- x Fixed ARP responder app x Fix for Vitrum support for EX6 x Fix for SNMP bug (missing fields) x Fixed filtering for rules on the rule table page 2.2.8 [2019-07-03] -- + Sflow app + Custom device name in web page title + SNMP sysObjectID * MPLS on G2 * RADIUS authentication improvement * Bypass app port checks * Heartbeat app improvements * CUBRO MIB x Apps table default sort x Filtering rangified values in rule table x Matchresponser more stable 2.2.6 [2018-08-01] -- + Improvements in regards to various load-balancing corner cases on G4 * Fixed issues in relation to various load-balancing corner cases on G4 2.2.5 [2018-02-23] -- + QinQ support for EX2 and G3 + Preparations for Cubro Vitrum (central management software). * New favicon and logo. * Caching for port related REST API calls. x Fixed changing a user using the web UI but leaving the password unchanged leading to the password being set to "None". Known Issues: (Unchanged.) 2.2.4 [2017-11-15] -- * Compatiblity with new G2 hardware versions. x Fixed some RADIUS configurations not working correctly. x Fixed SNMP app supplizing CPU load averages as a string instead of an integer. x Fixed SNMP traps not using the configured community string. Known Issues: (Unchanged.) 2.2.3 [2017-05-12] -- * HTTPS on/off not requiring a full reboot any more. * Significantly improved SNMP response time. * Improved cases where not enough free space would have led to situations where the web UI upgrade stopped working (it returned to the previous version). x Fixed web UI possibly not coming up after hotfix installation if HTTPS was activated. x Fixed incorrectly displayed version for hotfixes applied to 2.2.1 base images. x Fixed hotfixes still being applied after downgrading to certain versions. x Fixed not being able to apply EX5-2 hotfixes through the web UI. Known Issues: (Unchanged.) 2.2.2 [2017-05-05 (EX2, G2, G4)] -- + Infrastructure for future hotfixes (minor upgrades without reboots), see "hotfix_howto.txt" for details. + Introducing seperate version number for the base images hotfixes are applied on. x Fixed bug where certain VLAN ranges can lead to undeletable/uneditable rules. x Fixed frozen SNMP counters. x Fixed port counter overflow causing SNMP timeout. x Fixed reset and taking over configs from old versions on G2. x Fixed EX2-only issue introduced in 2.2.1 where the device would stop working when the first optical port is set to 10G and the second one is set to 1G. Known Issues: * Rules with unusual VLAN masks which can be only set on the shell (such as "vlan_tci=0x1001/0x1001" --> odd VLAN numbers only) shown and interpreted as incorrect ranges in web UI. * Consecutive output actions referencing the same output port (traffic duplication) will be ignored in the web UI (note that this does not apply if there is some other action in-between). * Counter values above 2^53 might be shown inaccurately on the web UI. * After a save-point file has been imported it's not possible to import another one with the very same file name on some web browsers such as Google Chrome (issue will go away after reloading the page). * The CSV format is not always compatible with Microsoft Excel (locale config). * NTP app does not work on G2. * There is no exmenu on G2. * VLAN matching issues on G2 (regression starting with 2.0.0). As a workaround a custom match with "dl_vlan=" can be used. 2.2.1 [2017-04-18] -- + QinQ support for EX2 and G3 (ATM only through shell or custom match/actions). x Fixed issues with matching multiple VLAN numbers in a single rule on EX2 and G3 devices. x Fixed giving wrong SNMP reply for OIDs that don't exist. x Fixed some byte and packet counters always being 0 in SNMP. x Fixed issue where with activated HTTPS and web UI user authentication the web UI cannot be accessed anymore after certain actions (IP change or attempting to navigate to HTTP version). Known Issues: * Rules with unusual VLAN masks which can be only set on the shell (such as "vlan_tci=0x1001/0x1001" --> odd VLAN numbers only) shown and interpreted as incorrect ranges in web UI. * Consecutive output actions referencing the same output port (traffic duplication) will be ignored in the web UI (note that this does not apply if there is some other action in-between). * Counter values above 2^53 might be shown inaccurately on the web UI. * After a save-point file has been imported it's not possible to import another one with the very same file name on some web browsers such as Google Chrome (issue will go away after reloading the page). * The CSV format is not always compatible with Microsoft Excel. * NTP app does not work on G2. * There is no exmenu on G2. * VLAN matching issues on G2 (regression starting with 2.0.0). As a workaround a custom match with "dl_vlan=" can be used. * Certain VLAN ranges can lead to undeletable/uneditable rules. * SNMP counters are frozen. * (EX2) Rule infrastructure stops working when the first optical port is set to 10G and the second one is set to 1G. 2.2.0 [2017-04-05] -- !!! PLEASE NOTE THAT ON EX12/EX5-2 DEBIAN WILL BE DISABLED WITH THIS RELEASE !!! + Show hex values of rule cookies below 2^60 and let user add/edit/dup. such rules + Support adding and displaying rules with cookie values (<2^60) instead of names + Rules now support multiple IPs and/or TCP/UDP/SCTP ports (separated by commas) + Added community string check to SNMP app + Added setting for a second trap receiver to SNMP app + Added CSV export for rule, port info and port statistics tables + SSH login using public key authentication on all devices for all users + DNS server settings + Port descriptions * Drop action shown in red on rule table * More consistent user management on shell (still separate from Web UI users, this is per design) * Login prompt for serial console (login using those shell users which have a password and full privileges and additionally UNIX root). * Display whether splitting of port is pending reboot * Improved load balancing on G4 devices, added elephant flow detection and fallback load balancing (not yet in Web UI). * User management more x Fixed problem with redirection from HTTP to HTTPS on some browsers x Fixed potential issues caused when certain rules would be added in shell and the UI at the same time x Fixed Heartbeat app not working reliably x Fixed rule merging that caused rules with different priorities to be considered as one x Fixed issue where the detection for when the reboot is complete when switching between HTTPS/HTTP or changing IP while in HTTPS mode was not always working x Fixed issue with unsplitting ports not taking effect under some circumstances x Fixed SNMP on devices with ports faster or equal to 10G x Fixed SNMP data for temperature sensors x Fixed DNMP traps sent not being compatible with some clients x Fixed issue with editing/duplicating rules with custom IP protocol numbers (2.1.1 regression) x Fixed differing between stored and current netmask not being noted in the UI x Fixed issue where on other settings page the reboot buttons might stop working x Fixed display issue when switching to a different table mode and back without a reboot in-between. Known Issues: * Issues with matching multiple VLAN numbers in a single rule on non-G4 devices. * Rules with unusual VLAN masks which can be only set on the shell (such as "vlan_tci=0x1001/0x1001" --> odd VLAN numbers only) shown and interpreted as incorrect ranges in web UI. x With activated HTTPS and web UI user authentication the web UI cannot be accessed anymore after certain actions (IP change or attempting to navigate to HTTP version). * Consecutive output actions referencing the same output port (traffic duplication) will be ignored in the web UI (note that this does not apply if there is some other action in-between). * Counter values above 2^53 might be shown inaccurately on the web UI. * After a save-point file has been imported it's not possible to import another one with the very same file name on some web browsers such as Google Chrome (issue will go away after reloading the page). * When switching to HTTPS or when changing the IP while HTTPS is activated Internet Explorer 10 might have loading or display problems with the page. Some of these problems go away if the web UI is accessed through a new tab or the cache cleared. * Changing IP while user management and HTTPS is activated can lead to a state where login is not possible. * (EX2) User "admin" missing per default. * (<2.2.0.15) Validation on create rule web UI page breaks on Internet Explorer after switching to "Cookie" instead of "Name". 2.1.2 [8bc09e25, 2016-12-22] -- x Re-added duplex setting when speed is 1G for first 48 ports at EX6 which are 1G SFP (2.1.1 regression) x Fixed no rules being displayed when there is one referencing a GRE port on G4, made code more robust so similar issue is less likely to happen 2.1.1 [94daed4, 2016-12-21] -- ## WebUI: + MPLS Support for rules and groups (G4) + HTTPS + ID LED (G4) + Telnet checkbox + truncate action (at G4 and rules only for now) + improved performance for changing port settings + Performance gain due to rules cache + port settings like CRC check/recalc (G4), FEC (G4, for 100 Gb) and unidir (G4) added where supported + overflow counter + Table modes other than default and IPv6 diusplayed in rule DB settings if set + Reset SFP app improvements (EX2) + Oversubscription counter (G4) + Telnet on/off checkbox + Added NTP and Syslog apps - removed changing protocol transparencies/parsers (MPLS/LACP) since the only sensible settings are now fixed, e.g. MPLS parser always on at G4 x Improved counter accuracy x Fixed extra matches for rule save-points x editing of rules with protocol match "Any" now properly shown as such instead of "Custom" (solely cosmetic) x TCAM flow flags display and deletion of rules with it x fixed write users not being able to set rule SP to load-on-boot x fixed "save active rules as save-point" button instead of the one for port SPs being greyed out on SP page x quick save-point was deletable in permanent mode x fixed GRE ports not being considered at various places (hints/error messages) x removed need to refresh page after savepoints import x fixed 1G/10G setting in port save-points not being applied on EX2 devices x fixed web UI upgrade not working using IE9 (2.0 regression) x fixed splitted ports can be deactivated in port config (G4) x Fixed misleading or unused counters displayed at port statistics page ## General: + Telnet on/off also on G3 and G4 + IPv6 table mode on G3 and G4 # SNMP x works with more clients like Infosim Stablenet + own MIB + a lot more to offer ## REST: + Better port config stuff + load status stuff + Added API calls for CPU load, Memory usage and Fans/PSU status + REST documentation and Swagger format file ## Command line + IPv6 for G4 + QinQ for G4 + Multicast MPLS for G4 + Sflow for G4 * fixed EXMenu for G3 2.0.0 [6ec40d8, 2016-09-08] -- ## Highlights: + Long rule names and descriptions + Much faster adding/modifying/deleting of rules + Save Points + Apps + Adding/viewing/modifying Groups (e.g. Load Balancing Groups) in WebUI + Nested Groups on G4 + CRC can be disabled ## Rule Handling (WebUI and REST API): + Rule descriptions + Add/Display/List/Modify Groups, Group-Hash setting * Much longer and more flexible rule names * Faster addition/modification/deletion of rules, esp. those with a lot of TCAM flows * make VLAN ranges use far fewer TCAM flows - Removed rule duration x Fix issues with rules matching VLANs not working after a reboot or export x Fix issues with splitted Ports being disabled after changing their speed insinde the portconfiguration page ## WebUI: + Save-Points, replacing templates and startup flows file, also for port settings + Show Port Throughput + Added create rule UI for explicit SCTP match and actions + Show TCAM flow usage on rule table page + Added web server logs page + Button for swapping source and destination port and such on rule add page + Added field to enter custom extra matches as a string for rarely used matches like ARP type matching, IPv6 stuff... + Validation of less frequently used input fields like IP protocol number on rule table page + Protocol transparency settings on web UI of G4 devices + Modifying IP source action on G4 * More consistent way of showing protocol on rule table page, e.g. shorthand "IPv6" displayed even if not in IPv6 mode * Better ordering/filtering of split ports on port stats and port info page * Hide some less used columns per default, preparations for future smart column selection * Further improvements to upgrade procedure, even more robust * Store web UI table settings (e.g. column sizes) separately per user/IP/rev. and such - Removed a lot of the explicit MPLS UI elements on the create rules page concerning matching MPLS and MPLS actions for now (use custom action / extra match instead) x Fixed possibly occurring inconsistencies in relation to deletion of big rules (many TCAM flows) while refreshing x Fixed various potential issues in relation to upgrade image upload and made more robust, e.g. try to detect partial uploads and oddly behaving browsers x Create rule page did not show IP protocol no. field when matching IP x Fixed saving state of refresh checkbox x Fixed issue where on web UI tables the column resizing handler would sometimes be at the wrong position x Fixed broken content types and caching regression (of public SW versions affected only EX2) x Fixed input validation symbols not shown correctly for certain action fields like modify MAC on add rule page x Don't show UDP/TCP port source action fields at rule add page on devices that don't support it x Fixed missing validation icons on IP configuration page x Fixed issues in relation to ranges and hex numbers on create rule page Dup./Mod Rule now compatible with custom order, honors rules with custom actions which include multiple outputs with other actions x in-between when editing/duplicating x Fix for editing/duplication of rule with TCP6/UDP6 port match, and generally for match fields that are hidden in the web UI x Fixed displaying of incorrect custom protocols (ethertypes/custom IP protocols) in the rule table x pop_vlan is now called strip_vlan on G4 as it already was on all other devices x Unified using set_field->[field name] instead of mod_[field name] and fixed issues in relation to it (latter mostly on G4 devices) x Various fixes for Internet Explorer (mainly 9-11), especially in regards to create rule page x Fixed missing port configuration options on some G4 ports (e.g. SFP+) and fixed setting duplex type on certain port types x 1G/10G ports set to 10G on some G4 devices now correctly reported as 10G instead of "auto" ## Apps: + New app controller framework (smarter and more flexible), also in web UI, to show/changes/monitor apps + ARP Responder app + Bypass and Heart Beat app + Reset SFP feature as an app * Preliminary redone SNMP app, preparations for upcoming further changes ## REST API: + Params (?username=...&password=...) as an alternative to HTTP basic auth authentication for REST API calls + Added various REST API calls, e.g. for getting HW/SW info * Various changes to user rights, making it more consistent between REST API and web UI ## Command Line: + Added reset rules command line parameter to cch + FEC mode for 100 Gbit ports on G4 units (shell) + Support for setting port to TX only mode (G4, shell) + CRC check configuration per direction (TX/RX, G4, shell) + Unidirectional port mode (shell only) + Packet slicing/truncation (G4, shell only) + Rule action to remove all MPLS tags (G4, shell or custom actions only) + MPLS on G4 (shell only for now) * Increased number of possible buckets per group on G4 (shell only) - Removed some features from exmenu x Redone exmenu and fixed some issues with it, made compatible with G4 devices ## General: * Added MAC and Ethertype group hash methods (load balancing) on G4 * Increased number of possible groups on G4 x Fixes with certain exotic copper SFPs on EX2 1.3.5.5 [bb3f5d3, 2016-03-22] -- * URL slashes folding * custom action input, allows the creation of actions such as "1.) output to one port 2.) mod. traffic 3.) output to other port" through the Web UI, also allows modifying rules using special actions only implemented in the console * EX2: fixed and renamed LACP checkbox from "support" to "transparency" * new update procedure used on some devices, more robust than ever before * more robust EX12/EX5-2 discerning * add /etc/hosts file entry for own hostname * various small filter text field changes * redone port config, combining duplex and speed settings into one and incorporate other modes supported by the driver or changes to what it supports * fixed Reset SFP support * saving configuration to a different folder now * improved/fixed display of units, summing and added tooltips in various tables * redid update page * added checkbox for MPLS transparency on devices supporting it * SNMP app * improved refreshing rule table, no more jumping around 1.3.3.3 [3e2e9fe, 2016-02-13] -- * EXG4: redid parsing of stored flows for improved support for split port edge cases in flows and especially groups * made web update procedure a bit more robust for exceptional cases 1.3.3.1 [49f42a0, 2016-02-03] -- * REST APIs for getting information about the device (model, gen., ver., rev., serial) * Help text explaining that editing rules is limited is by design * Changed how main server process is started and added command line parameters, also added "--help" * app support offical now, coming with heartbeat app, without UI for now * G4: TX only support (from command line) * EX2, EXG2: removed old cc/cv links without OF 1.3.2.2 [37d197b, 2016-02-01] -- * major fix for web update procedure that could cause the device to reboot prematurely and this way destroy the image depending on browser behavior (only 1.3.* non-final [rc, beta] versions from after the end of Nov. affected, please contact d.krywult@cubro.net and p.kafka@cubro.net if this happens to you) * improved device detection, fixed potential detection issue when shutting down the last port on an gen. 3 device (other generations not affected), improved detection code relating to split ports * support X-HTTP-method-override for PUT/DELETE (in order to use the those methods REST APIs using GET or POST where PUT/DELETE is not possible) * added IE8 message and IE8 fixes for user management page, please note that since the 12th January, 2016 this browser version is not officially supported by Microsoft on desktop systems anymore, its use is highly discouraged * fixed ipconfig UI for users with no gateway set (should never happen when only setting IP settings using the Web UI) and setting IP on G4 devices * reverted hiding of action tab on rule table page for readonly users because it would cause problems when logging in as an user with higher rights on the same browser * fixed rare race condition in web server thread * tar fallback to make web upgrade procedure more robust * support for EX5-2-T * improved threading * improved caching, use revision as hard caching string and additionally use etags, also cache favicon * always show revision string now in device info * G4: redone how settings are saved (affects e.g. port settings) * added passive support for groups (no UI) * redone flow file upload, improved portgroups imports * fixed issue with custom device name on G4 device * lerge backend refactoring, made necessarily e.g. because of REST API * added advanced user management, removing old simple one, note that its settings aren't * make version reflect image version instead of hard-coding it into webserver 1.2.8 [2015-10-27] -- * Removing all features concerning Login and password logic temporarily, after it gets included again in a more advanced state (user levels) the old login will not work anymore * Bugfix: fixed bug introduced in 1.2.7 making IP changes impossible * Bugfix: fixed bug introduced in 1.2.7 making it impossible to delete certain rules one-by-one * Feature: Version and Update Image links on update page * Feature: Checkbox for LACP support (if off then LACP packets get ignored) Bugfix release 1.2.8.1 [2015-11-12] * EX2-specific bugfix: Fixed update bug that causes an old version of the WebGUI to be run. 1.2.7 [2015-10-27] --- * More console output in verbose mode, less outside * Bugfix: Fixed downloading empty rule files * Bugfix: Setting port * Feature: preliminary REST API 1.2.6 [2015-10-08] --- * Support for EX32, EX484-3 and EX48400 * Feature: Simple HTTP login * Feature: Activating templates calls make permanent if that setting is activated under Device Info * Feature: Filtering for any (even non-CIDR) IP masks * Bugfix: fixed show sfp info on EX20400 * Bugfix: Allowed filtering and output to GRE ports * Images: All G4 devices (EX20400, EX32, EX484-3 and EX48400) now use the same update images * various stability and performance improvements EX20400-specific: * Bugfix: fixed disappearing ports after split/unsplit * Bugfix: fixed a bug related to port splitting 1.2.5 [2015-09-23] --- * Bugfix: fixed possible race condition in the update process EX20400-specific: * Bugfix: fixed some bugs with the port- and ip configuration 1.2.4 [2015-09-18] --- EX2-specific: * Improved Web-UI for port configuration 1.2.3 [2015-09-16] --- * Support for EX5-2 * Feature: Non-deleteable flow templates * Bugfix: Stability for updates * Bugfix: Improved error messages for updates EX12-specific: * Bugfix: port speed settings for copper ports 1.2.2 [2015-09-09] --- Web-UI: * Performance improvements * Improved compatibility with EX20400 * Improvements on REST interface * Bugfix for setting IP address * Bugfix for Firefox rendering bugs * Improved device detection EX12-specific: * Bugfix: fixed sudo * Bugfix: fixed user "admin" on EX12 * Bugfix: port config with media type 1.2.1 [2015-08-18] -- Web-UI: * Support for EX20400 * Support for Split Ports * Improved input validation * Performance improvements * Support for different Table Modes EX2-specific: * LACP support 1.2.0 [2015-08-04] -- General: * fixed image not entirely working when using exupdate.sh Web-UI: * fixed device picture scaling on Firefox 1.1.9 [2015-07-27] -- Web-UI: * reboot button is back and better than ever before 1.1.8 [2015-07-21] -- Web-UI: * some fixes in regards to hexadecimal inputs on create rule page * create rule page submit button grayed out unless all inputs are valid * better checkbox combination handling on create rules page * fixed UDP/TCP port masks 1.1.7 [2015-07-15] Web-UI: * fix for web update upload failing (time out) on slow connections * fixed IE8 regressions on flow table page * show upload speed on web update * fixed the checkboxes of various rule actions not working * allow spaces in ranges when creating rules EX12-specific: * added web update 1.1.6 [2015-07-01] -- Web-UI: * warning for very too old Internet Explorer versions (before version 8) * 1.1.5 [2015-06-18] -- Web-UI: * upgraded library used for styling and some browser-side interactions * throbber for rule deletion * improve behavior but also warn on very old browsers Web-UI: * fix for issue that might cause the Web UI to partly or entirely stop working at some point 1.1.4 [2015-06-11] -- Web-UI: * increase global timeout for AJAX requests, useful if e.g. device is managed over a very slow line * improve the method used to communicate with certain backend components * fixed description UI quirks on Google Chrome * little fix for editing rules matching MPLS * do not attempting to add rules matching special VLANs 0 and 4095 * improved tooltip behavior on rule table page 1.1.3 [2015-06-08] -- Web-UI: * column selector popover clicking away now always works * tooltip fixes and less JS files on rule table page * allowed manual setting of speed and duplex on GB SFP ports EX12-specific: * first version with the web server * fixed packet-out and other commands where quotes are needed EX6-specific: * first version, right away with web UI 1.1.2 [2015-06-05] -- Web-UI: * summation in columns where it makes sense, also for filtered rows * new upgrader code with one reboot less and a fix for possibly overfull boot partition, web upgrade for devices other than EX2 not yet here * data rate fixed * button icons in flow table and rule im-/export page * proactive measures against AJAX issues like stalling/caching * measure against too many, too quickly occurring AJAX requests * refresh stop and manual refresh button * searching (filtering) with ranges within ranges * searching for output ports (without ranges for now) * table content aligning tweaks * data rate sorting fix * in- and out-port fixes for devices with other than 6 ports * digit grouping for some numbers * display number cell contents even if value is just zero * custom name bold * longer caching * make rules active fixes * SFP info field scrolling instead of breaking * filtering of port status table rows * more basic MPLS support (issues remain) * popup windows without close button where closing not useful EX2-specific: * system changes EX12-specific * first time with Web UI 1.1.1 [2015-05-19] -- Web-UI: * fix ipconfig on IE8 * fixed race conditions possibly leading to mix-ups * fixed major bug in create flows concerning disabled controls being submitted * further steps towards full (what HW offers) MPLS support * against non-working port config choices * performance improvements for some actions * external links in new tab * create flow page clarifications * red error color on create flow page EXMenu/EXFlowmanager: * web server autostart setting 1.1.0 [2015-05-18] -- Web-UI: * first public Web UI version (only on EX2 at first) 1.0.4 -- EXMenu/EXFlowmanager: * added "Delete All Flows" 1.0.3 -- EXMenu/EXFlowmanager: * beautified "show port stats" 1.0.2 -- EXMenu/EXFlowmanager: * automatic model detection (exmenu: EX2, EX12; exflowmanager: EX2, EX6, EX12) * exmenu: show IP, Subnet and Gateway