Mise à jour EdgeOS

Esteban

Grand Maître Jedi
18 Mai 2017
3 522
6
98
France
Hello,

Pour les possesseurs de routers Ubiquiti : (Attention sur ERx depuis 1.9.7-hf4, il a fallu faire: Update -> Backup config -> Reset Erx -> Recovery Backup )

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-10-0/ba-p/2233263

[Release Notes v1.10.0]

Changelog

Changes since v1.9.7-hotfix.4


New features:

[Ssh-recovery] - This is new service which starts during early boot stage and provides emergency SSH access via IPv6 link-local address. ssh-recovery can be used to access shell from directly connected neighbor if router is not accessible by normal means. By default ssh-recovery service is listening on port 60257 on all ethernet interfaces and it is automatically terminated 60 seconds after boot. More information is available in this article.

[Iperf] - Added iperf 2.0.3 which will be used by UNMS to measure bandwidth towards AirMAX devices

[UBNT-discover] - Add CLI command to disable "ubnt-discovery" daemon, thus ER will stop responding to discovery messages on 10001 UDP port. (set service ubnt-discover-server disable). Discussed here

[BGP] - Add support for BGP extended community that allows setting 4-byte AS numbers (set policy route-map xxx rule 42 set extcommunity rt 1234567:3200). Discussed here.

Enhancements and bug fixes:

[WebGUI] - Add link to UMobile app to the login page

[WebGUI] - Show full FW version in system version tooltip

[WebGUI] - Display warning if UF-RJ45-1G has invalid speed

[WebGUI] - Add tooltips for ports whose speeds can't be changed on ER8-XG

[WebGUI] - fix XSS vulnerability in GUI when creating new user

[WebGUI] - fixed security vulnerability when operator user was able to rewrite any file by abusing poorly validated fields in "Packet capture" WebGUI window

[WebGUI] - added UNMS status to WebGUI dashboard

[WebGUI] - Fix stored XSS in Routing window

[WebGUI] - Add "Download tech-support file" button in WebGUI

[Routing] - Add watchdog for critical routing daemons (nsm, ribd, ospfd, bgpd...) which will restore crashed daemon

[BGP] - Fix bug when BGP session was closed if "BGP_ATTR_FLAG_PARTIAL" flag was missing in AS4_PATH attribute. Discussed here

[BGP] - Fix bug when name of BGP community-list was parsed incorrectly allowing bad name to pass validation

[Security] - Fix security vulnerability when partial contents of console buffer could be leaked via web socket connection

[Interfaces] - Fix bug when auto-negotiation did not work on ER-PoE. Discussed here

[Interfaces] - Fix regression in 1.9.7 when POE was randomly not turning on after reboot on ER-X-SFP. Discussed here

[Dnsmasq] - Fix bug when dnsmasq did not start if DHCP server functionality was disabled and DNS "service dns forwarding except-interface" was set. Discussed here

[DHCP] - Add static ARP support for DHCP-leased IPs with "set service dhcp-server static-arp"

[DHCP] - Fix invalid characters in client's hostname. Discussed here

[DHCP] - Fix bug when 2nd DHCP client could not receive address from DHCP server if IPv4 offloading was enabled on Cavium-based routers (ER, ER-8-pro, ER-4, ER-6, ER-lite, ER-poe).

[DHCP] - Add global DHCP client options to configuration (set interfaces ethernet eth0 dhcp-options global-option xxx). Discussed here

[Firewall] - add a contiguous option to firewall time extension "set firewall name xxx rule yyy time contiguous..."

[System] - Increase maximum ARP/NDP cache table size

[System] - Coredumps will not be generated anymore unless explicitly enabled with "set system coredump enabled"

[System] - Fix bug when "ubnt-utils" daemon randomly crashed. Discussed here

[System] - Fix bug when ER-4 and ER-6 randomly hanged

[CLI] - Improve speed of multiple CLI commands in following areas - interfaces, static-route, ospf, ospfv3, policy, dhcp, dns, pppoe-server, qos.

[CLI] - Fix hostname validation when configuring static-mapping.

[Offload] - Fix packet reordering issue on Cavium-based routes. Now you can remove workaround that fixed this issue by forcing single-core RX processing:

Code:
 configure
    delete system packet-rx-core-num
    commit
    save

[Offload] - Remove spurious warning messages from Cavium offload module when handling IPSec traffic

[Offload] - Fixed bug in PPPoE offloading on Cavium-based routers when packets with incorrect IP checksum caused corrupted downloads (this fix works on all models except ER-Infinity). Discussed here

[FlowAccounting] - Added flow-accounting via ipt-netflow which performs better (+25% max throughput) comparing to original pmacct netflow implementation. This ipt-netflow can be configured in CLI with "set system flow-accounting-ipt ..."

[Flow-accounting] - fix bug when flow-accounting detection failed. Discussed here

[Kernel] - Fix bug when ER randomly rebooted on Cavium-based routers. Discussed here and here and many other threads on forum.

[L2tpv3] - Fix bug when l2tpv3 interface could not be added to bridge during boot

[Switch] - Fix bug when last interface could not be removed from switch via GUI

[Switch] - Fix bug when address could be set to interface which is assigned to switch

[SNMP] - Improve snmp performance by moving cache from flash storage to tmpfs.This also fixed random kernel crashes when SNMP updating cache in tight loop

[Boot] - Decrease boot delay on ER-X from 5 seconds to 1 second

[UNMS] - Fix bug when /tmp/sysd-save.xxxx files sometimes were not deleted if UNMS was enabled

[UNMS] - Fix Remote Code Execution via UNMS

[PPPoE] - Add description to pppoe interface. Discussed here

[DNS] - Fix bug when namesevers were randomly erased from '/etc/resolv.conf' file. Discussed here

[EULA] - Update EULA

Updated software components:

[Kernel] - upgraded Linux kernel to 3.10.107
[DHCP] - upgraded ISC DHCP to 4.1-ESV-R8

Known issues:

Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading:

Code:
configure
    set system offload ipv4 pppoe disable
    set system offload ipv6 pppoe disable
    commit
    save

Failover load-balancing stops working after reconfiguration (it works fine when configuring load-balancing for the first time or after reboot). Workaround - reset ubnt-util daemon after reconfiguring load-balancing:

Code:
 sudo kill -kill `pidof ubnt-util`

The ubnt-util daemon randomly crashes and following message is visible in syslog:

Process 749 (ubnt-util) has crashed (parent 656 (ubnt-daemon) signal 11, code 0, addr 0000029000000000), coredumps disabled

This crash does not affect functionality and it can be safely ignored. It will be fixed in future release.