EdgeOS Firmware Changelog ==== Supported products * EdgePoint R6, model: EP-R6 * EdgePoint R8, model: EP-R8 * EdgeRouter X, model: ER-X * EdgeRouter X SFP, model: ER-X-SFP * EdgeRouter Lite, model: ERLite-3 * EdgeRouter PoE, model: ERPoe-5 * EdgeRouter, model: ER-8 * EdgeRouter PRO, model: ERPro-8 * EdgeRouter 4, model: ER-4 * EdgeRouter 6P, model: ER-6P * EdgeRouter 12, model: ER-12 * EdgeRouter 12P, model: ER-12P * EdgeRouter Infinity, model: ER-8-XG ==== 2.0.8 (e50, e100, e200, e300, e1000) Changelog / December 2, 2019 ==== Improvements: Offloading - Ported hwnat offloading for ER-X/ER-X-SFP/ER-10X/EP-R6 from v1.10.9 firmware. This fixes multiple IPv6 and VLAN offloading issues in v2.0.x firmware as well as random kernel crash and failure to work in LoadBalancing/ECMP environments. WebGUI - Add UNMS Cloud quick-connection button in WebGUI Performance - Increased optimization level for proprietary UBNT apps. This decreased memory footprint, increased performance and eliminated "memory allocation failure" errors that randomly occurred on ER-X/ER-X-SFP devices Performance - Improved forwarding performance on ER-Infinity when offloading is disabled. In our UNMS QoS shaping scenario we see +50% throughput growth when handling 256 clients (total throughput increased from 3.6Gbps to 5.5Gbps) Fixes: Offloading - Fix bug when router randomly crashed after disabling offloading on ER-Lite, ER, ER-Pro, ER-Infinity, ER-4, ER-6P, ER-12. Offloading - Fix random scheduling while atomic kernel crash when IPSec offloading was enabled on ER-6P/ER-4. Offloading - Fix bug when some VoIP implementations (WiFi Calling for Verizon) fail if hwnat offloading was enabled on ER-X/ER-X-SFP/ER-10X. Bootloader - Show notification in shell that router needs to be rebooted in order to apply new boot image. WebGUI - Regenerate WebGUI certificate if it does not meet new iOS 13 and MacOS 10.15 requirements. System - Make platform-unique default hostname Switch - Fix bug when switch interface on ER12/ER-12P occasionally did not work Switch - Fix bug when packets tagged with 802.1p (PCP) were not processed by VLAN-aware switch. Discussed here and here PoE - Fix bug when PoE mistakenly remains ON when configuring using wizard Interfaces - Fix bug when speed/duplex settings did not work on switch interfaces on ER-12/ER-12P Interfaces - Fix bad ethX rx/tx counters on ER-X when hwnat is enabled Kernel - Improve interface link monitoring on ER-4/ER-6/ER-12. This reduces CPU load of the kernel Tech-Support - Collect SLAB usage in tech-support file Tech-Support - Fix regression from v2.0.6 when WebGUI generated brief tech-support file instead of full Security - Fix CVE-2018-14880 vulnerability in tcpdump Security - Fix multiple Buffer overflow vulnerabilities when writing to different /proc/xxx entries which could be could be used to abuse kernel stack. Upgrade - Improve upgrade process to ensure that it does not fail in low-RAM environment when upgrading from WebGUI/UNMS. This fixes random upgrade failure errors that were observed on ER-X QoS - Fix bug that caused UNMS QoS configuration to survive factory-reset QoS - Fix bug that caused Commit failure when configuring advanced-queue on redirected interface. Firewall - Fix bug that caused Commit failure when configuring IPv6 MSS clamping. Debian-Platform - upgrades following Debian base packages: e2fslibs (1.43.4-2 => 1.43.4-2+deb9u1) e2fsprogs (1.43.4-2 => 1.43.4-2+deb9u1) libcomerr2 (1.43.4-2 => 1.43.4-2+deb9u1) libexpat1 (2.2.0-2+deb9u2 => 2.2.0-2+deb9u3) libss2 (1.43.4-2 => 1.43.4-2+deb9u1) libssl1.0.2 (1.0.2s-1~deb9u1 => 1.0.2t-1~deb9u1) libssl1.1 (1.1.0k-1~deb9u1 => 1.1.0l-1~deb9u1) openssl (1.1.0k-1~deb9u1 => 1.1.0l-1~deb9u1) sudo (1.8.19p1-2.1 => 1.8.19p1-2.1+deb9u1) tcpdump (4.9.2-1~deb9u1 => 4.9.3-1~deb9u1) Known issues: Performance - Throughput degradation by 5-10% when comparing with v1.10.9 firmware with older kernel VPN - L2TP remote access VPN does not work with Android6/7 L2TP clients, but works with Android9 client though) DPI - Sometimes DPI is reporting wrong rx/tx counters Offloading - On Cavium-based routers (ER, ER-Pro, ER-Lite, ER-PoE, ER-4, ER-6P, ER-12, ER-Infinity) small percentage of packets are randomly reordered. This issue was fixed in v1.10.0 firmware but it reappeared since v2.0.0 because of new ethernet driver.