Build 12.2.2.38 ====== Please Read this section! ============================================== Release notes with upgrade consideration and known issues are available through the Procera Customer Service Portal: http://www.proceranetworks.com/secure-customer-login.html Read the Release notes before performing any upgrades!! To receive a username and password for PCSP, please contact the Procera TAC at requestsupport@proceranetworks.com =============================================================================== =============================================================================== Early Deployment date: 2010-03-25 =============================================================================== * BUG: Fixed boot error on 64 bit systems with more than 64GB RAM. * BUG: Differentiate between authentication error and missing 'local-user' in TACACS+ authentication * BUG: Setting an empty string system config value wasn't set properly and the old value was used instead. * BUG: A channel existed on PLS systems that have been upgrading a PLS from v11. Channel has been removed. * BUG: PLS returned 0 as data points even if there were no data when querying statistics. PLS now returns -1 when there is no data for a data point. * BUG: A PLS that didn't collect any statistics leaked memory. * BUG: Engine crash when having a filtering rule with rewrite destination ip on PL10K. * BUG: EoMPLS traffic wasn't forwarded properly. * BUG: Adaptec RAID controller firmware upgrade on PL1400. * BUG: Fix PLOS memory display in CLI/System administration/Information/ System information * BUG: PLS failed to connect to PLR if special characters where used in the password. * BUG: Fixed issue where reconfiguring connsync and aux interface could cause machine to reboot. * BUG: Removing a rule (filtering, shaping or statistics) didn't remove attributes assigned to the rule from the database. Attributes are used by VBS. * BUG: Registering a system diagnostics zone from python with incorrect information could cause packetlogicd to crasch. * BUG: Fixed socket leak when proxying a resource. * BUG: Fixed issue where PLS failed to reconnect to packetlogicd since the collector thread had exited. * BUG: Directory /data/signatures was missing when migrating system from v11. This made it impossible to upgrade signatures. * BUG: Don't stall the CLI interface forever when doing firmware update on system without internet connection. * BUG: Fix for statistics cleanup that is invoked when disk usage is above 70%. The bug could cause the latest global index directory to be removed. * BUG: Fixed web stat graphs for system diagnostics information. * BUG: MiniVBS failed to start beqause of an invalid argument. * BUG: Several bug fixes in minivbs area. * BUG: DRDL fix that caused some services like Gnutella SSL to be misclassified. * BUG: 'System diagnostics/PLSD/Time of last dump' is shown with an incorrect timezone. * BUG: Statistics didn't collect values when you only wanted to collect statistics for Outgoing bytes or only Outgoing QoE values. * BUG: Fix for connsync that could cause engine to crash when connection property ids were out of sync. * BUG: Prevent concurrent connections totals data from getting accounted incorrectly under some other field. The bug causes concurrent connection totals data to be accounted for the next enabled fields (shaping drops or latency or the quality fields). * BUG: System failed to send emails on system diagnostics alerts. * BUG: Fixed bug that caused incorrect live view reporting on incoming and outgoing bps information. * BUG: Channel alert messages always logged as 'internal' interface on PLOS systems. * BUG: Fixed a memory leak when reading statistics graph when doing a multiday query. * BUG: Fixed deadlock when stalled clients with full sendbuffers where detaching from a proxied resource * BUG: Statistics collected information about a Channel 0 that doesn't exist. * BUG: snmpwalk on times out after all values has been fetched. * BUG: Doing a statistics query where the end timestamp is at midnight caused pldbd to crash. * BUG: Adding dynamic items when MAX_DYNAMIC_IPS is over limit makes them appear in the Database but not in packetlogicd. * BUG: First command sent on a proxied resource could result in an error. * BUG: Fix for plsd crash that occur if it needs to reconnect to pldbd when it sends a dataset of values. * BUG: Hosts not removed from local hosts view when all connections have been closed. * BUG: Engine crash when updating signatures and having flow sync running. * BUG: Don't show a engine log in a stats firmware. * BUG: Live view showed incorrect incoming or outgoing traffic for a netobject if a host was added and removed within the CONNECTION_UPDATE_INTERVAL period. * BUG: Connection start time is now shown in the local timezeone. * BUG: Channel out|any condition in filtering rule * BUG: pldbd crash when copy paste a filtering rule with channel condition any set. * BUG: Proxy status information wasn't correct. * BUG: A user without system administration rights could do a system reboot from system configuration editor. * BUG: Allow packetlogicd to run without a working system overview session. * BUG: ARM reloads even if there is no changes. * BUG: packetlogicd could get stuck at startup when initializing PLDB. * BUG: PLOS CPU load calculations has been fixed and are now more accurate. * BUG: The user used when proxying a resource doesn't limit the permissions of the logged in user. Proxying a resource with a read only account will not limit all users to read only for that resource. * BUG: Channel statistics could show incorrect values momentarely when reload or clear channel stats was done. * BUG: Fixed issues when using any condition together with the following types of objects: channel, dscp, vlan and mpls * BUG: plsd crash since it tried to access a value after it had been unreferenced. * BUG: Statistics on avg latency wasn't correct. * BUG: Creating statistics on MPLS out causes plsd to stop collecting statistics. * BUG: System diagnostics/Firewall/Xxx packets counters isn't per packet. These have now been renamed into "Ruleset evaluations giving ACCEPT|REJECT|DROP|INJECT|DIVERT" * BUG: If fetching of channel statistics failed this caused errors logged and link flap alerts to be sent. * BUG: Handle live view "Expanded Netobjects" permission correctly. * BUG: Fix for QoE fields in statistics. * BUG: Fix for subitem count line graphs in statistics. * BUG: Looking at statistics object on month <-> year ranges results in "Statistics unavailbable for requested date(s)" even if there is data. * BUG: Do not perform peak analysis on statistics values without global index key (happens when global index table is exhausted) * ENHANCEMENT: Filtering and inject action can now inject property values from the connection. * ENHANCEMENT: Reintroduced connection logging * ENHANCEMENT: Support for new hardware revision of PL1200 (Dell R710) * ENHANCEMENT: Only store statistics for connections that sends/receives more than PLD_PLSD_CONN_THRESHOLD_IN, PLD_PLSD_CONN_THRESHOLD_OUT bytes. Add system diagnostics values General/Bytes in/out not accounted in plsd * ENHANCEMENT: SERVICE_PROP_POOLSIZE_64 config value isn't used anymore. Firmware upgrade will reconfigures SERVICE_PROP_POOLSIZE_256 for the change. * ENHANCEMENT: 'RADIUS require remote user' has been removed from CLI maintain menu. 12.2 always requires a template user to be sent, this menu was only used in 12.1 * ENHANCEMENT: V11 volume based shaping files is removed if found during upgrade of firmware. * ENHANCEMENT: New CLI option System administration/Statistics/PL1400 without Storage Node. Controls if a PL1400 is supposed to run without storage nodes, this disables various warnings that would appear if a CN+SN was misconfigured. * ENHANCEMENT: Warn if signature update detects proxied ruleset. This to inform that the signatures needs to be updated on the remote system as well. * ENHANCEMENT: System configuration value SHAPING_OR_BORROWING. This option makes it possible to account dequeued packets on all ShapingObjects in a rule. * ENHANCEMENT: System configuration PL_CONFIG_PACKET_INSPECT_MTU makes it possible to configure max frame size that is handled by the PacketLogic engine. On PLOS this value is rounded up to nearest kB due to HW limitations, so we might end up handling larger frames than configured. * ENHANCEMENT: Allow system configuration value CONNPROT_THRESHHOLD to be 0 which will disable it. * ENHANCEMENT: Add maintain menu option to convert foreign items to local. Use when there is ruleset objects from a remote system (ruleset proxied with the distributed|enterprise) that needs to be removed without wiping the database. * ENHANCEMENT: Bandwidth limits is enforced according to the PacketLogic license. * ENHANCEMENT: New system configuration value SHUNT_CONNECTION_FAILURES. If system experience problems with the MAX_CONNECTION limit then new connections will be forwarded directly. * ENHANCEMENT: Loosen restrictions on signature bundle file name uploaded. Now only looks for *.lzma.gpg files. * ENHANCEMENT: New system configuration value EXT_QUEUESYNC_USE_NAME. It is now possible to use external queue sync without proxying the ruleset. It is enough with ruleset objects with the same name. * ENHANCEMENT: New system configuration value PLS_MAX_VALUE_DEPTH. It controls the number of levels of values that is stored for all statisticsobjects. * ENHANCEMENT: Chassis inventory now warns if XLR bootloader on PL10000 is different than the one on the SM board. * ENHANCEMENT: PL10000 uses system configuration value PBUF_PAGES (number of 256MB memory segments) to configure the amount of packet buffers. PACKET_POOL_SIZE is removed on PL10000 systems since it isn't used. * ENHANCEMENT: Dynamic Divert channels. It is now possible to reconfigure what channels to use for divert using DIVERT_CHANNELS configuration option. Use a comma separated list of channel ids. * ENHANCEMENT: System diagnostics / DRDL / "Number of info structure allocation failures" and "Number of info structures used" are now shown as default. * ENHANCEMENT: There is now a "dynamic netobject" permission in liveview. * ENHANCEMENT: "Procera Networks" is now the contact for the PacketLogic MIB. * ENHANCEMENT: New configuration option. PLDB_STATWRITER_GRACE_PERIOD. It controls the number of seconds pldbd waits before it starts writing statistics to disk after it has received a dump statistics command. * ENHANCEMENT: Upper limit for the number of statistics values that can be stored has increased. PLDB_STATISTICSFS_MAX_VALUES can be raised to 100M and PLDB_STATISTICSFS_MAX_VALUES_DATASET to 25M. * ENHANCEMENT: New configuration value ALLOW_FWD_ON_INJECT. Allows traffic to be forwarded even if it is matching an inject filtering rule. * ENHANCEMENT: 10Gbps ports on FP modules are now enabled on when chassi topology 2FM40 is chosen. Warning: RX more than 5Gbps on a port will most likely cause congestion. * ENHANCEMENT: New configuration value TCPV4_TTL_BEING_ANALYZED. A TTL config value for all connections that are having the service "Being analysed". Means that connections are reclaimed faster when system experience DoS attack. * ENHANCEMENT: All connections that have been active within the last CONNECTION_UPDATE_INTERVAL now has a new "active flag" set. * ENHANCEMENT: New config value TCP_KEEP_RSTD_FLOWS. Optionally keep a REJECTed flow around with a TTL of 2 seconds. We still send RST packets to both ends, but just on the first packet. Subsequent packets will be dropped and TTL refreshed to 2 seconds. * ENHANCEMENT: New config value PLDB_STATWRITER_GRACE_PERIOD. This value controls the time PLDB waits before statistics are written to disk.