Released on May 20, 2020.
Fixed a bug in daily DISK MIRROR procedure, it stopped to work after a STD/DST time update.
Extended system log message of DISK CHK operations with the indication of automatically recovered errors and/or residual of unrecoverable errors.
Fixed logging of state changes for CTIP CELL, the SMS-STATE was not checked to determine the need for logging, this caused a possibly fare information about the SMS-STATE itself.
Fixed normalization of UNKNOWN and INTERNATIONAL numbers for use with LCS table, the local country code was not removed.
Normalization takes place for called number of originating call and for calling number of callback call.
If the number is u<INT-PREFIX><COUNTRY-CODE><NUMBER> or i<COUNTRY-CODE><NUMBER> the normalized number must be u<NUMBER>. Before the fix it was wrongly set to u<INT-PREFIX><COUNTRY-CODE><NUMBER>.
Added display of current values in round brackets when SYS is configured in NAT-PREFIX, INT-PREFIX, COUNTRY-CODE.
Improved visualization of LCS table. CD and CG fields have been renamed to CDO and CGO.
Improved and fixed F LCST command. Now callback numbers are indicated as CDI and CGI.
Improved and fixed LCST and LCSG related helps.
RTL8139 and compatible: improved interrupt handler.
The fix should solve some extremely seldom system reboots experienced on Microabilis.
EthUsb AX88179:
recovery from RTU_PROTOCOL_ERROR condition was missing, causing permanent blockage of the interface.
improved other recovery procedures that were already present.
Fixed a bug with the recovery of files with length 0.
Due to this bug the TRFA permanently and silently stopped to save data on disk.
Released on March 25, 2020.
Fixed a critical bug that in extremely rare cases caused a freeze in the Abilis initialization process, causing a watchdog driven reboot and WDSTART indication at next start.
Most times the subsequent reboot succeeded, but we experience cases where this lock was unfortunately permanent.
Theoretically it could have occurred on any multicore machine, but in practice it was experienced only on DUAL CORE machines, specifically those equipped with Esprimo/Fujitsu M/B and E4600/E4700 CPU.
Fixed a bug in the preparatory operations of session opening: in some rare circumstances a system lock and subsequent reboot occurred.
Hidden passwords in log and syslog records.
Fixed setting of Ike cli name: if the new name was shorter than the old name the remaining characters were not removed.
Hidden passwords in log and syslog records.
Fixed a bug that blocked the voice stream from CTIP to P/R group in calling state.
Due to this bug it was not possible to interact IVRs or any service that requires audio stream or DTMF before the call is connected.
Fixed missing initialization of CORS-LIST: parameter to # when the resource is added to configuration.
Restyled too small Abilis Address book import/export dialog and some error messages.
Changed logging rules: 'sync' state is now considered equal to 'down'. It became necessary to prevent a log flood when line is down and periodically tries to sync.
Increased receive FIFO size from 5 to 15 packets.
Added counters of received short/long/lost packets.
Reorganized debug commands.
SNMP: Added 'cxSnmpStNoBuf' statistic, for packets discarded because the receive FIFO is full.
abilis2.mib: fixed syntax errors (missing comma).
abilis2.mib: changed label assigned to cxDslDgVdslProfile, cxRvsDgCamResolution, cxRvsDgCamRotation and cxRvsDgCamExposureTime variables because certain consoles don't accept label starting with digit.
Added '-!', '-!w' and '-!ws' options to output filter '|': used to show lines where the given string is not present.
Added '-&' option to output filter '|': used to apply the AND logic to the specified conditions.
Disallowed SYS COMPACT command execution on RAM disk. Such command has no meaning on RAM disks and generates an error if tried.
Removed incongruous message 'no user found' printed by 'D PREF USER:name' command even if the user was found.
Fixed a bug that prevented to load a good DRIVERS.BCK when the previous loading of DRIVERS.CFG failed.
Disk mirror and system startup: added automatic correction of some type of errors detected by checkdisk procedure on system disk C:.
The other errors are not recovered automatically because it could result in data loss, they require manual intervention.
Automatically recovered errors:
Lost clusters
Invalid or orphaned long file names
Allocation bitmap mismatch (exFAT only)
Disk mirror: extended to 180 sec the maximum wait time for disk lock (it was 60 sec) and to 120 sec the maximum wait time for dir/file lock (it was 60 sec). The retry is executed every 2 sec, as it already was.
Released on February 19, 2020.
Ike and Ipsec have been largely improved and they are now much more reliable. All these improvements were intended for 8.9.0 but we decided for a backport in 8.8.x too.
Added support of hardware ciphering for AES, when the CPU offers the AES support.
Added possibility to trace de-cyphered IKE packets. This is possible by enabling trace of port corresponding to IKE resource.
Added possibility to send IKE log to SYSLOG.
Added MOVE command for IKE CLI and HOSTS ( M IKE CLI:x and M IKE HOST:x)
General improvements of IKE conf/stats/diags.
Added support of hardware ciphering for AES, when the CPU offers the AES support.
Added support for AES-CTR cipher to have compatibility with default ciphers of recent Linux distributions.
Extended CTRL-RES: to LAN and LAN-PT.
TRACE DISPLAY INFO: added the possibility to display trace info [version/start/first-event/end] when trace is running.
SYS COMPACT command extended with '-ro' option, corresponding to execution in read-only mode (No data actually changed).
SYS UPDATE Z/X commands: fixed missing package file deletion in case of session disconnection.
Added '-ws' option to output filter '|': used for whole word only 'strict' match (case-insentive).
Added the possibility to use *, *name, name* or *name* in user name specification for D/S USER[E]: and D/S PREF USER: commands.
Added support of SUBTYPE specification to D P RES:val command (e.g. D P RES:IP AIPT2).
Fixed some bug in window and retransmission handling. In some cases that could cause slow retransmission or session lock.
Fixed REP-SEG-UP-IN statistics (there was a situation where it wasn't increased) and REP-SEG-UP-OUT statistics (previous version increased also keep-alives segments).
SSH: Fixed 'cxSshStChIndex' and 'cxSshStChSession' variables range in cxSshStChTable.
SSH: Extended range of ciphers in cxSshStChCipherOut and cxSshStChCipherIn of cxSshStChTable.
IKE: added cxIkeDgSaCliId to Security Associations diagnostics.
DSL: changed 'cxDslDgSpeedIn' and 'cxDslDgSpeedOut' from Counter to INTEGER{notAvailable(-1)}.
Fixed bug that caused local IP address of outgoing IP resource configured as PPP RETRIEVE to be considered 0.0.0.0: in this situation connection cannot be established and we have error message: SD DVRY-REQ Failed: local IP not available. This bug has been introduced in release 8.8.7.
Improved task switch reaction in some situations and with hundreds links.
Fixed a bug that prevented to count received packets if there were discarded by NAT.
Fixed a bug when running ping from simultaneous sessions.
It was possible to have only one ICMP request pending at a time due to an error in loading number of CP sessions, and while it was pending if other sessions tried to send a ICMP request they got an error.
This problem was more easily visible if the request was pending for long time, e.g. during timeouts.
Fixed handling of IKE-AWARE:YES, translations were not properly created in presence of multiple clients behind NAT.
In some cases there were no side effects but in other cases one or more clients could not start.
Fixed reaction to change of IP address of the resource indicated by ANET:IP-xxx: when IP changes the translation must be re-created. This behaviour was properly done only for ANET:OUT-IP.
Added to ICMP the reaction to the change of IP address of outgoing IpRes.
Fixed checking of "changed IP address", in some special cases it was wrongly checked, causing a malfunction.
Added the 'SameSite = None' and 'Secure' flags to cookies sent over HTTPS connection against a CORs request received from a domain allowed by the CORS-LIST parameter (requested by Chrome starting from v.80).
Added handling of IP addresses collision when ONE modem is shared between TWO (or more) Abilis coordinated via VRRP CTRL-RES.
Typical use is with 1 modem and 2 Abilis connected using a ethernet switch and Poecli controlled by VRRP.
Fixed bug that caused local IP address of outgoing IP resource configured as PPP RETRIEVE to be considered 0.0.0.0: in this situation connection cannot be established and we have error message: SD DVRY-REQ Failed: local IP not available. This bug has been introduced in release 8.8.7.
Fixed a bug on server side related to CR:YES parameter and INIT of resource.
If CR:YES and INIT of AIPT2 was executed the value was internally changed to CR:NO, and although the tunnel was kept UP the packets were discarded due to CR mismatch between client and server. The mismatch was recovered as soon as at least one path had to be closed and reopened.
Fixed handling of RCC (runtime codec change) when CTIG are involved. In some cases the failure was not properly and/or lead to wrong use of alternative routings.
Fixed a bug that caused internal handles exhaustions and after a certain number of failed calls generated a software exception and system reboot.
LTE - Fixed troubles with incorrect closure of DATA connection, in some situation appropriate recovery was not started leaving the LTE module unusable for further connections.
Added new SlotId re-ordering for VIA motherboards (CLE266-8235, P680, CN700-8237), the SlotId 18 (on-board Ethernet) is always processed like first, i.e. it is always assigned to Eth-1 when SlotId:none is there.
BCM (Broadcom) - Fixed frozen transmitter after INIT. Added protection against insertion of TX packets to TX DMA during chip initialisation which could make the chip transmitter not working.
Extended the range of LOCAL-SOURCES with "IPSEC" value (for IpSec and Ike logs) and "#" (none).
Fixed D IPBAN BANNED/ALERTED/FOUND commands: in presence of many entries that command could fail.
Fixed bug in user configuration validation that in some corner case caused a software exception and system reboot.
F CF command: in case of no match changed the current message from 'CALL PREFERENCES NOT FOUND' to 'CALL PREFERENCES DO NOT HAVE A MATCH'.
Removed intentional exception generation in situation where it is not necessary and can only confuse the technician. Typical example is a corrupted or a not valid configuration file.
Enforce cleanup of C:\PKG directory at system boot. The purpose is to clean up disk from undesired relict.
Released on October 5, 2019.
Fixed bug in SYS MIRROR procedure, both manual and automatic, that did not reactivate automation log (IOLOG) causing permanent loss of events.
A consequence of FRMWR for each new IOLOG event was visible in system log after the IOLOG fifo overrun.
The bug has been introduced in 8.8.7.
Extended xterm terminal support to any xterm variant.
Before this fix only PTY:xterm was recognised, now any PTY name starting with xterm is recognised (e.g. xterm-256color used in Ubuntu 19.04).
Improved real-time reaction
A protection has been added to avoid that receiving thread is executed for more than 4 milliseconds without task-switches. This condition can occur on high data rates with load balancing due to reordering.
Released on September 19, 2019.
Fixed a bug that in a very rare case could prevent the system to properly reboot after a system update.
The new version was confirmed to Boot Manager BEFORE the configuration was marked as OK.
If the system reboots/hangs between these two events the update to new version was successful for BM but configuration was then rejected and moved to DRIVER.SAV, and if backup configuration is not present the endless loop takes place.
Now the configuration of the new version is first marked as OK and then the new version is confirmed to BM, therefore if system reboots/hangs between the two events the system will reboot to the previous working version.
If disk mirror can't be executed due to failure in getting disk lock, the list of opened files is indicated in mirror log, and also shown in the terminal if the mirror was started from CP.
Removed fake reports in HOOK monitor.
The measure has 1 tick (10 msec) tolerance in excess.
For example, if the reported value is 15 the actual value is between 5 and 15.
Added processor name to the D CPU command output.
[16:07:43] ABILIS_CPX:d cpu Number of CPU: 4 CPU speed : 1600 MHz CPU name : Intel(R) Celeron(R) CPU N3160 @ 1.60GHz +-----------------+--------------+--------------+--------------+ | | Last 1 sec | Last 15 sec | Last 5 min | +-----------------+--------------+--------------+--------------+ | Main CPU Load | 1% | 4% | 1% | +-----------------+--------------+--------------+--------------+ | Extra CPU1 Load | 0% | 0% | 0% | +-----------------+--------------+--------------+--------------+ | Extra CPU2 Load | 0% | 0% | 0% | +-----------------+--------------+--------------+--------------+ | Extra CPU3 Load | 0% | 0% | 0% | +-----------------+--------------+--------------+--------------+ [16:07:45] ABILIS_CPX:
Improved task switch cooperation in certain computational intensive procedures.
Fixed configuration validation inefficiencies (used in SAVE CONF, VALIDATE, and other commands).
Licence verification is now able to detect compatibility with a patch build too (e.g. 4456.50 -> 4456.70), thus avoiding the message of possible incompatibilities.
Fixed a bug that could occur when a CTIG is used as OUT.
When the call is answered a sw exception and system reboot could take place, but only for packet based resources, e.g. CLUS, SIP, IAX, ... , POTS and ISDN were not affected.
Fixed handling and offer of G.729A annex B.
Previously Abilis offered annexb:yes regardless of SC: setting, now it obeys SC: setting.
Added support for V-OPT (voice packet optimization) parameter, present in NPV resource and in NPVL, default YES.
Until now the optimization was always enabled to reduce the overhead on IP networks, the side effect is an enforced extra jitter of 20 msec that can cause problems in some scenarios with limited jitter compensations.
When updating from 8.8.x to 8.8.7 the value in NPV and in NPVL will be YES, we suggest to change value in NPVL to SYS, using command "s npvl id:a v-opt:sys".
If configuration is converted from 8.7.x or before, using the 8.8.7 converter, the values will be YES and SYS respectively.
Fixed local IP check for ROLE:CLIENT when LOCIPx:OUT-IP. In some case the change of the local IP was not properly performed.
Fixed statistics of MISSING CHECK-IN. Packets received after TOUT expiration were considered good and not counted as MISSING-C, now they are.
Added support for V-OPT (voice packet optimization) parameter, default YES.
Until now the optimization was always enabled to reduce the overhead on IP networks, the side effect is an enforced extra jitter of 20 msec that can cause problems in some scenarios with limited jitter compensations.
Changed role names EXT-SERVER / EXT-CLIENT to SERVER / CLIENT in parameters, diagnostics and snmp.
Removed INITIAL-STATE configuration. It was a mistake, every VRRP participant MUST start in BACKUP state.
Little improvement of INIT command. Upon INIT the VRRPs restarted from FAULT state, now they restart from BACKUP state.
Fixed local IP check for ROLE:CLIENT when LOCIPx:OUT-IP. In some case the change of the local IP was not properly performed.
Fixed statistics of MISSING-C. Packets received after TOUT expiration were considered good and not counted as MISSING-C, now they are.
Fixed local IP check when ANET:OUT-IP. In some case the change of the local IP was not properly performed.
Fixed some rare situation related to Local IP checks, in some cases that could cause failures.
Added immediate removal of IKE and IPSEC SA when a Local IP Address isn't valid anymore (changed or removed).
Improved task switch cooperation in computational intensive procedures used in RSA, elliptic curves, diffie-hellman.
Fixed a bug when SessionControl.xml contains bad command: now the response page contains "INVALID COMMAND" error message instead of "OK".
Fixed get-next request of 'cxCtiPoStIsdnTable' (when no CTI ports are running) taking too much time without task-switches.
PLINKE: changes in range of 'cxPlinkeDgCurMode': 'extServer' to 'server' and 'extClient' to 'client'. Updated MIB and html document.
VRRP: obsoleted variable 'cxVrrpDgRouterInitState' in cxVrrpDgRouterTable. No longer sent in Vrrp traps too. Updated MIB and html document.
Released on August 9, 2019.
Added support of R:EU in CTIG.
Previously R:EU behaved in same way as R:UN, now the behaviour is that port iteration is permitted for any cause except 0x91 (busy) and 0x93 (noanswer).
[13:46:23] CPX_208:d ctig ? ... R: Rule to proceed with next port [IN, ST, EU, UN, 'listname'] IN = Internal (any cause with locations 0xF0..0xFF) ST = Standard (any cause with locations 0xF0..0xFF + causes 0x92, 0xA2-0xAF, 0xC1-0xCF, 0xD1-0xDF with other locations) EU = End-User (any cause except 0x91 and 0x93 with any location) UN = Unconditional (any cause with any location) 'listname' = an ICAUSE/RU/MR list. ...
Added support for No-C-CIDSA statistic in D S CTISYS.
It is increased when call is refused when the call exceeds the value configured for max-c-tofrom-cisda:
max-c-tofrom-cisda: Number of allowed connections between Cluster and Cluster/Iax/Sip/Disa/AdvancedServices [0..4095]
Modified test message debug command (DEBUG RES:SYSLOG LSN:4) to bypass LOCAL-SOURCES filter.
Added local sources ETHMOD e IPRES.
LOCAL-SOURCES: Allowed message sources [L, LDM, NPV, CP, IPRES, ETHMOD, ALL], where: - L : System log - LDM : Debug log - NPV : Npv log - CP : CP commands - IPRES : IpRes log - ETHMOD : EthMod log Values can be joined using ',' (comma).
Improved the format of messages.
Now TAG is clearly identified and more appropriate FACILITY is used.
<Facility> - Description
LOGAUDIT - System log
LOGAUDIT - Debug log
DAEMON - Control port driver
DAEMON - New Packet Voice driver
DAEMON - Ip resource, where x is the value of IpRes
DAEMON - Ethernet Modem driver
Fixed direct Call Pickup (CP) of VOtoX connection. The bug caused FRMWRs and a call drop after a couple of seconds.
Fixed the local codec list in an outgoing call (from CTIP) to cluster when it is made through the group. The bug caused failure of subsequent RCC procedure in final VtoC connection in Active state.
Fixed handling of sip signalling packets loss.
Sometimes packets were not properly retransmitted or acknowledged, causing unnecessary call failures or irregular call closure.
HUAWEI device: improved handling of PDN disconnection that in some situations ended with a permanent blockage (Abilis restart was required).
Added Syslog support (currently only for AIPT2 resources).
IpRes syslog messages are enabled by enabling IPRES local source in SYSLOG driver.
Fixed a bug that caused ctrl-res to stay with VRRP-CTRL-STATE:UP even if VRRP state went FAULT.
Fixed bug in handling ABANDONED address that prevented assignment of EXP (expired) addresses when an ABANDONED was present.
Such ABANDONED addresses are result of received DECLINE messages or positive ICMP-CHECK procedure, which means that the address was found to be already in use and should not be assigned until the situation is solved.
Now the ABANDONED address is skipped and EXPIRED address can be assigned.
The ABANDONED address is set with 15 minutes expiry time, after which it will become assignable again. This is an "auto-clear" procedure to avoid administrator intervention, after all if address is still in use either DECLINE or ICMP-CHECK will detect it again.
Added a message that clearly indicates when the packet corresponding to the logged operation (e.g. SD OFFER) was not sent, e.g.
07/08 18:16:45 [S/I] SD OFFER 07/08 18:16:45 [S/I] offer: IP:192.168.100.5 07/08 18:16:45 [S/I] lease time requested/offered: 10000/10000 07/08 18:16:45 [S/E] ICMP check found IP busy: IP:192.168.100.5 07/08 18:16:45 [S/E] DHCP message NOT sent
Fixed a bug in AIPT2 LOG.
The message ST [P1:UP] reported wrong (shifted) states (p1 was p2, p2 was p3, and so on). The bug was present since 8.6.5.
SSL CLIENT:aAdded support for Generalized Time field in received certificates.
SSL CLIENT: added support for an optional server name in SSL connect AP, required when connecting to virtual servers.
Fixed a bug in the 'C IPBAN BANNED/ALERTED/FOUND IP: x.x.x.x' commands that wrongly failed in some situations.
Added Syslog support.
EthModem syslog messages are enabled by enabling ETHMOD local source in SYSLOG driver.
Fixed "Host" in Http requests sent to provisioning server: used configured FQDN instead of resolved IP address.
The bug prevented the use of "virtual http servers".
Fixed cxCrdUsbDevHandle string, it was wrongly sent as an INTEGER.
CTISYS: added 'noC-CIDSA' statistic to cxCtiSysStType. Updated MIB and html document.
SYS DELETE DIR command.
By policy it is not possible to delete system version directory, i.e. directories where Abilis system files are stored (e.g. C:\8-8-5 or C:\4456-21).
There was a bug that prevented to delete directory having same name of system version directories not being system versions directory, i.e. not in root (e.g. C:\USR\8-8-5, C:\USR\4456-21)
Added protection to prohibit deletion of system directories C:\LICENCE, C:\APP, C:\PKG, C:\USR. When in SAFE mode the correspondent Z:\ directories are also protected.
Changed SYS CREATE command to SYS CREATE DIR command.
Released on June 12, 2019.
Added support for Broadcom BCM57781 chip.
Fixed a bug that produced mute calls after a certain number of forwarded/transferred calls, when the output side was a cti group (CTIG).
The bug has been introduced in version 8.8.0
Improved handling of certain internal failures to automatically recover instead of producing mute calls.
Fixed bug that caused software exception and system reboot when setting CUSTOM CTI STOP TIME to midnight 00:00).
The bug has been introduced in version 8.7.0.
D IPR: fixed IP help, added 'LOOP' value and added 'read-only' info for read only values.
Restored functionality of LAN-PT. A bug was introduced in 8.6.3 that made LAN-PT not-functional
Fixed bug that made THR IP TRAPs not working even if configured.
The bug has been introduced in version 8.7.0.
Fixed bug with REPEAT: parameter.
The default value is 0 and normally it is never changed, but if it was set to a value different from 0 it did not work.
Fixed range in REPEAT parameter help: from [1..65535 sec] to [0, 60..65535 sec].
D NAT: fixed SPO help, changed 'Only for PROT:TCP/UDP' to 'Only for PROT:*|TCP|UDP'.
Released on May 30, 2019.
Fixed the AC deallocation when cluster without a line (CTIL) is configured in a group.
The bug caused the loss of the AC in RESERVED state, and with the time all AC became occupied as RESERVED, thus preventing and future compressed call.
Fixed a software exception with subsequent system reboot in a procedure performing call transfer (CT) between two outgoing calls from the same origin, and one of the call is in dialling phase without a routing match.
Added disconnection cause FF B2 'No c-tofrom-cidsa connection available', used when the max-c-tofrom-cidsa limit is reached.
Fixed processing of OUT and Gx leading to configured but not existing CTI port. The bug caused logging of unknown port type and its class in COLL and CDR in ACNT.
Added protection to prevent creation of invalid filenames.
Now if the condition is met the file is NOT created and a FRMWR reported in the system log.
Before the fix, it was possible to have files with empty name but with extension in C:\APP\VM\TMP subdir (e.g. .TM1 , .CPM, .MTD).
Added some new errors counters to sessions statistics.
Fixed a problem with unidirectional audio when audio channel was reopened too quickly. The problem was more evident when the port was part of a CTIG used in the routing in OUT field.
Fixed the setting of disconnection direction of XtoG connection if the call fails on an outgoing side(s). The bug caused a wrong call result in the recent calls, e.g. "unreachable" instead of "busy".
Restyled and fixed tooltip shown when call is in progress.
Fixed improper '-inverse' suffix added to disabled icon on mouseover that caused repeated requests of not existent icons.
Fixed a bug that in particular cases causes a bad handling of a new SA and left it installed forever even with expiry=0, thus preventing any further connection.
It was caused by a missing buffer clear
Fixed Speed Mismatch Detection (SMD) procedure for USB 3.0 devices.
The procedure was started even on M/B with only UHCI/OHCI controllers, while in this case it must not be started at all..
Fix to HTTP pages to allow download of scripts with any filename. Before it was possible to download only files with .LUA extension.
FILE DELETE:added the possibility to delete files without name part, i.e. only with extension part (e.g. '.tmp').
SYS DISK DETAILS: fixed not reported error in the Boot Record section.
IP resources: fixed INSP parameter help; fixed REMIPADD2 parameter help; fixed IPADD parameter help for those resources that do not support 'DHCP' value.
Fixed WARM START help: added information that each option is an alternative to the others. Fixed in the same way SYSRBDELAY e SYSRBCOND help in D G.
A CTIDISA SERVICE/USER commands: fixed bugged error message displayed when the service/user name is not valid.
Extended the System Log message 'SYSTEM MIRROR NOT EXECUTED' by adding the cause of the missed execution.
CTIVM: added new counters in session's statistics. Updated MIB and html document.
Released on May 8, 2019.
Fixed a bug with XHCI controllers.
The effects of this bug could be various and few has been well identified:
Reset or replug of devices connected through an USB 2.0 hub either external or embedded in the M/B, frequently caused a lock of the hub with the impossibility to detect the device and any other device subsequently connected.
Ethusb dongles shown errors indicating data corrupted in the USB stream. Most of the time the device autorestart procedure was able to solve the problem, but sometimes the device stayed not functional until a manual reset.
Any USB device could be affected by this bug, although in this moment we are unable to describe the effects.
Fixed reset procedure for USB 3.0 devices when "speed mismatch" was detected.
Such a reset is no more done if the device is disconnected before the reset timeout expiration. This fix avoids an infinite loop in USB:SMD_Rest thread, with consequent system restart.
Fixed the presentation of connection in ConnectRequest/Active states combination as ACTIVE instead of CREQ.
Fixed the call handle re-allocation when GtoX connection is picked up. The bug caused the depletion of call handles during the time.
Fixed the missing delivery of RG/SD/SG fields from Lua's 'dial' function.
When ROLE:CLIENT or PEER, and LOCIPx is OUT-IP or IP-x or R-ID the local IP can change during the time, e.g. because the output resource changed it's IP address.
Up to 8.8.2 the LOCIP was taken at connection establishment and preserved until session closure. Now, when the session is established, the local IP is verified every 5 seconds and if changed the session is immediately closed and reopened with the new IP address.
When ROLE:CLIENT and LOCIPx is OUT-IP or IP-x or R-ID the local IP can change during the time, e.g. because the output resource changed it's IP address.
Up to 8.8.2 the LOCIP was taken at connection establishment and preserved until session closure. Now, when the session is established, the local IP is verified every 5 seconds and if changed the session is immediately closed and reopened with the new IP address.
Fixed monitoring of IP addresses belonging to local LAN/LAN-PT interfaces: PRIMARY, SECONDARY and VRRP addresses.
If the IP address is PRIMARY or SECONDARY or VRRP currently active, the indicated state is that of the local interface (e.g. if cable is disconnected state is DOWN).
Fixed a bug that caused a software exception and system reboot when trying to activate a trace on a resource that was set in CTRL-RES:
Fixed a bug when removing a resource from CTRL-RES: the INIT RES:VRRP did not remove the resource from CTRL.RES.
Changed parameter max-ssl-sess: to max-ssl-cli: , now it is:
max-ssl-cli: Maximum number of FTP clients using SSL [0..255]. It must be lower or equal than 'max-cli'.
Fixed handling of SSL sessions.
The DATA-TOUT expiration caused a leak in the number of SSL connections available,
Now the value max-ssl-cli * 2 is correctly used for cross-setting of sesnum: value in SSL driver.
Now the value max-ssl-cli * 2 of FTP driver is correctly used for cross-setting of sesnum: value.
Renamed 'CORS-DOMAINS-LIST' parameter to 'CORS-LIST' and improved the help.
Extended the set of default documents to be loaded when URL specify only the path.
Old set: default.htm
New set, in order of priority: index.html, index.htm, default.html, default.htm.
Administration preferences: fixed link of parent page icon in user's preferences page, it didn't refer to the right parent page (i.e. preferences index).
SYS DISK CHK: added the file size values in "too small/too large" error messages.
Fixed typo in MIB file: 'ounter' instead of 'Counter' for 'cxAipt2Dg5minThroughputIn' variable.
Released on April 12, 2019.
When Abilis 8.9.0 will be released in a near future it will automatically convert at boot the DRIVERS.CFG of precedent versions (down to 7.9.x) found in the working directory.
To take advantage of this feature, starting with version 8.8.2 it is allowed to save an incompatible DRIVERS.CFG into a next minor release, with a proper notice in evidence. Prior to 8.8.2 it was forbidden.
Some improvements have also been done when dealing with unreleased builds.
The goal is to balance between "protection from accidental overwriting" and "flexibility for upgrading and testing".
Read carefully the messages prior to answer Y or N.
Example of save conf from 8.8.2 to 8.9.0, when 8.9.0 does not contain a correct drivers.cfg. [20:12:57] ABILIS_CPX:save conf 8.9.0 TARGET VERSION IS INCOMPATIBLE WITH THE RUNNING VERSION BUT THE CONFIGURATION WILL BE CONVERTED WHEN TARGET VERSION WILL START. PROCEED ANYWAY (N/Y)?y VALIDATION IN PROGRESS ... VALIDATION SUCCESSFULLY EXECUTED SAVE EXECUTED [20:13:41] ABILIS_CPX:
If the target release version already has a DRIVERS.CFG of the correct version the SAVE CONF is forbidden.
Example of save conf from 8.8.2 to 8.9.0, when 8.9.0 already contains a correct drivers.cfg. [18:28:19] ABILIS_CPX:save conf 8.9.0 TARGET VERSION IS INCOMPATIBLE WITH THE RUNNING VERSION AND A CONFIGURATION OF THE CORRECT VERSION IS ALREADY PRESENT. COMMAND NOT EXECUTED. [18:28:26] ABILIS_CPX:
It remains forbidden to save to an older incompatible, version.
Example of saving from 8.8.2 to 8.7.7 [20:12:26] ABILIS_CPX:save conf 8.7.7 TARGET VERSION IS INCOMPATIBLE WITH THE RUNNING VERSION COMMAND NOT EXECUTED [20:12:57] ABILIS_CPX:Other cases with unreleased builds involved are not shown here, however they are handled to balance between "protection from accidental overwriting" and "flexibility for upgrading and testing".
Fixed a bug in call pickup feature.
Due to this bug, introduced in 8.8.0, the call was mute in one direction.
Added autorestart when a particular error that blocked TX stream is detected
Improved handling in INIT RES:IP-x functionality when PPP is used to prevent CP session blockage whatever happens in PPP or in the drivers used by PPP.
Fixed bug in daily MIRROR execution if the scheduled time fall during the STD->DST change (e.g. 02:00).
Due to this bug the MIRROR was not executed.
Fixed a bug in FILE DELETE command introduced in 8.8.0.
It allowed deletion of system files of the running version when they were specified with relative file name (e.g. file delete drivers.bck), this is now prohibited again.
Released on March 28, 2019.
Fixed a bug with FRAG:ABILIS and FRAG:FRF12.
Due to this bug the tunnel could be UP but all the packets discarded due to encapsulation errors.
Released on March 26, 2019.
The support of several Abilis models, cards, devices, protocols have been discontinued starting with release 8.8.0.
Prior to update to version 8.8.0 please verify that your hardware is compatible and that you do not need anymore the discontinued protocols.
All references to the removed resources, lists, etc... will be automatically removed during the configuration conversion.
Cards and interfaces
ESB and ESB2 (V24, V35, X21, E1 synchronous HDLC interfaces)
Intel 82801 (100 Mbps ethernet interface)
Intel/Dec 21143 (100 Mbps ethernet interface)
Protocols and resources
SYNC (synchronous HDLC interface)
SDLC (synchronous data link control)
HDLCT (hdlc transport via COR)
FR (frame relay)
PLE (Plink emulation)
ML (multilink)
CTIX25D (X25 over D-channel)
CTIB (B channels bundle)
CTIVSP (virtual synchronous HDLC port)
CTIPC (Permanent connections of B channels bundles and VSP)
SQ931 (Simulated Q931)
Resource subtypes
IP over Dedicated Line (replaced by IP over DSL)
IP over Dedicated Line with Abilis Back-up
IP over Multi-Links
IP over B-Channel
IP over X.25 Pvc
X25 over D-Channel
PV, X25 over Dedicated Line
PV, X25 over Dedicated Line with Abilis Back-up
PV, X25 over Multi-Links
PV, X25 over Frame Relay
PV, X25 over Frame Relay with Abilis Back-up
PV, X25 over VSP
PV, X25 over VSP with Abilis Back-up
Added resource ETHMOD to supervise and configure Abilis Ethernet modems.
The requirement for a guaranteed correct behaviour is to have ONE modem for ONE ethernet port.
In case of more modems connected via switch all modems will be visible and manageable, but very likely they won't be able to function correctly with the PPPoE or IPoE service offered by provider, which is the reason why ONE modem per port is considered the correct use.
For each ETH and ETHUSB resource present in configuration the ETHMOD resource configuration will offer a parameter to set the presence of a modem to supervise. Do not declare modem presence on resource where it is not present.
When set to PRESENT:YES the modem is probed every 10 seconds with an ARP packets, and when discovered a TELNET session is started and the supervision starts. The probing ARP packets are never interrupted to permit handling of situations when more modems are more or less intentionally present.
The diagnostics and statistics shows the modems currently connected.
The statistics also show modems not currently connected but that has been connected some time before, They are completely discarded after C S command or system restart.
The only configurable parameters are the VPI/VCI for ADSL line, while for VDSL line it's all automatic.
When enabled, system log reports changes in modems and lines states.
When enabled, SNMP traps (and via ALARM DRIVER also mails) are generated on state changes.
A set of useful debugs are available with debug command, for example to reset the modem, to view modem sophisticated statistics, and in generally to permit skilled technicians to give commands to the modem (LSN 10, 11, 12, 998, 999)
[17:06:18] ABILIS_CPX:d p ethmod RES:EthMod -------------------------------------------------------------------- Run DESCR:Ethernet_Modems_Control LOG:DST ACT:YES ethmodlog:DFT ethmodlogsize:100 - Ethernet Modems ------------------------------------------------------ RES: PRESENT: VPI: VCI: --------------------------------- Eth-1 NO 8 35 Eth-2 YES 8 35 EthUsb-2 NO 8 35 EthUsb-3 YES 8 35 [17:06:22] ABILIS_CPX:d p ethmod ? EthMod resource parameter(s): DESCR: Resource description. Max 79 chars. Spaces require double quotes (E.g. "str1 str2"). LOG: State changes log and alarm generation [NO, D, S, A, L, T, ALL] [+E] (D: Debug Log; S: System Log; A: Alarm view; L: Local audible alarm; T: SNMP traps; +E: Extended Log of state changes, see ref. manual) ACT: Operation activation [NO, YES] ethmodlog: ETHMOD log events filter at system startup [ERR, INFO, DBG] or [DFT, FULL], where: - ERR, INFO, DBG filters can be joined using ',' (comma); - DFT: means ERR and INFO events; - FULL: means every type of event. ethmodlogsize: ETHMOD Log size [20..1000 Kibyte] ---------- Ethernet Modems ---------------------------------------------------- RES: Ethernet resource [Eth-xxx, EthUsb-xxx] <Read Only> PRESENT: Modem presence [NO, YES] VPI: ATM/ADSL Virtual Path Identifier [0..255] VCI: ATM/ADSL Virtual Channel Identifier [32..65535} [17:06:25] ABILIS_CPX:d d ethmod RES:EthMod -------------------------------------------------------------------- Ethernet_Modems_Control STATE:ACTIVE - Ethernet Modems ------------------------------------------------------ Res: ModSt: LineSt: Mode: Prof: SpDown: SpUp: ------------------------------------------------------------------------ Eth-2 UP UP VDSL2 Annex B 12a 88.740 M 60.015 M ------------------------------------------------------------------------ EthUsb-3 UP UP ADSL2+ Annex A - 27.439 M 1.291 M ------------------------------------------------------------------------ [17:06:29] ABILIS_CPX:d de ethmod RES:EthMod -------------------------------------------------------------------- Ethernet_Modems_Control STATE:ACTIVE - Ethernet Modems ------------------------------------------------------ Res: ModSt: LineSt: Mode: Prof: SpDown: SpUp: ModMac: LineStDetail: Vpi: SnrDown: SnrUp: Vci: AttDown: AttUp: ------------------------------------------------------------------------ Eth-2 UP UP VDSL2 Annex B 12a 88.740 M 60.015 M 52-54-4D-00-00-A3 Showtime 8 11.4 dB 9.4 dB 35 0.0 dB 0.0 dB ------------------------------------------------------------------------ EthUsb-3 UP UP ADSL2+ Annex A - 27.439 M 1.291 M 52-54-4D-00-00-54 Showtime 8 8.7 dB 6.1 dB 35 0.0 dB 3.0 dB ------------------------------------------------------------------------ [17:06:32] ABILIS_CPX:d s ethmod RES:EthMod -------------------------------------------------------------------- Ethernet_Modems_Control --- Cleared 0 days 00:01:16 ago, on 26/03/2019 at 17:05:22 ------------- ------------------------------------------------------------------------ RES:Eth-2 MAC:52-54-4D-00-00-A3 ModSt:UP -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---| LINE-DOWN | 0| |MODEM-DISC | 0| | LINE-UP | 1| |MODEM-CONN | 1| | ------------------------------------------------------------------------ RES:EthUsb-3 MAC:52-54-4D-00-00-54 ModSt:UP -----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---| LINE-DOWN | 0| |MODEM-DISC | 0| | LINE-UP | 1| |MODEM-CONN | 1| | ------------------------------------------------------------------------ [17:06:38] ABILIS_CPX:d l | ethmod 26/03/2019 17:05:21 [00629] I: EthMod-1 ST:RD 26/03/2019 17:05:21 [00630] I: EthMod-1 RES:Eth-2 MAC:52-54-4D-00-00-A3 M:UP L:UP 26/03/2019 17:05:21 [00639] I: EthMod-1 RES:Eth-2 MAC:52-54-4D-00-00-A3 RX/TX:88.740/60.015 M 26/03/2019 17:05:28 [00630] I: EthMod-1 RES:EthUsb-3 MAC:52-54-4D-00-00-54 M:dn L:n/a 26/03/2019 17:05:28 [00630] I: EthMod-1 RES:EthUsb-3 MAC:52-54-4D-00-00-54 M:UP L:UP 26/03/2019 17:05:28 [00639] I: EthMod-1 RES:EthUsb-3 MAC:52-54-4D-00-00-54 RX/TX:27.439/1.291 M [17:15:57] ABILIS_CPX:
[17:15:57] ABILIS_CPX:debug reS:ethmod RES:EthMod -------------------------------------------------------------------- Ethernet_Modems_Control BufferLength:64512 Date/Time:26/03/2019 17:20:14 TraceTime:892947 Usage: LSN:0 == This help LSN:1 == Complete sessions debug LSN:2 == Info for sessions currently in use -------------------------------- LSN:3 == Session info LSN:3 CMD:nnn == Session info for session 'nnn' LSN:4 == TCP windows info LSN:4 CMD:nnn == TCP windows info for session 'nnn' LSN:5 == Modem management events LSN:6 == Modem statistics LSN:7 == Timer info LSN:7 CMD:nnn == Timer info for session 'nnn' -------------------------------- LSN:8 == LOG of all late ARP responses LSN:8 CMD:<res> == LOG of late ARP responses filtered by RES -------------------------------- LSN:10 CMD:<res>,"<cmd>" == Arbitrary command execution by RES, be careful! CMD:<mac>,"<cmd>" == Arbitrary command execution by MAC, be careful! LSN:11 CMD:<res> == Execute "adsl info --show" by RES CMD:<mac> == Execute "adsl info --show" by MAC LSN:12 CMD:<res> == Execute "adsl info --stats" by RES CMD:<mac> == Execute "adsl info --stats" by MAC -------------------------------- LSN:998 CMD:<res> == Execute "restoredefault" by RES CMD:<mac> == Execute "restoredefault" by MAC LSN:999 CMD:<res> == Execute "reboot" by RES CMD:<mac> == Execute "reboot" by MAC [17:20:14] ABILIS_CPX:
Redesigned and reimplemented TCP driver providing the following improvements:
Reduced number of per-session thread from 10 to 1.
Introduced support for tcp window scaling.
Overall performance improvement.
Introduced the possibility for the applications to provide their own transmit and receive buffers, thus allowing per-session and per-application window sizes. This feature is not used yet and therefore the tcpwin: parameter value is still common for all sessions, but we expect this feature will be used soon in next versions.
Fixed handling of zero window resume, it is faster now.
Improved handling of fast retransmission.
Improved tcp diagnostics with the addition of filters and most frequently desired views.
[19:04:54] ABILIS_CPX:d d tcp ? D D [RES:]Tcp Display diagnostics of OPENED Tcp connections D DE [RES:]Tcp Display diagnostics of all Tcp connections D D[E] [RES:]Tcp filter:val [filter:val] Display diagnostics of Tcp connections matching the specified filters Allowed filters: ID: Connection identifier [0..1023] This filter is alternative to all the others. LOC: Local IP address [x.x.x.x] and/or TCP port [0..65535] in the format x.x.x.x:nnnnn or x.x.x.x or nnnnn. REM: Remote IP address [x.x.x.x] and/or TCP port [0..65535] in the format x.x.x.x:nnnnn or x.x.x.x or nnnnn. LISTEN [-C] Shows connections in LISTEN TCP/IP state. -C shows count of each local port. CLOSED [-C] Shows connections in CLOSED TCP/IP state. -C shows count of closed connections. ESTABLISHED Shows connections in ESTABLISHED TCP/IP state. [19:05:16] ABILIS_CPX: [19:05:16] ABILIS_CPX:d d tcp RES:Tcp ----------------------------------------------------------------------- Transmission_Control_Protocol STATE:READY CUR-SESNUM:143 CUR-ESTAB:16 - TCP Connections ---------------------------------------------------------------- ID TOP-State TCP/IP-State LocAdd-LocPort RemAdd-RemPort Resource ---------------------------------------------------------------------------------- 17 CONNECTED ESTABLISHED 192.168.000.232-80 192.168.020.100-46792 Http 18 CONNECTED ESTABLISHED 192.168.000.232-10638 192.168.020.254-80 Opc 38 CONNECTED ESTABLISHED 192.168.000.232-80 192.168.020.100-46816 Http 41 CONNECTED ESTABLISHED 192.168.000.232-80 192.168.020.100-46822 Http 44 CONNECTED ESTABLISHED 192.168.000.232-80 192.168.000.015-60138 Http 59 READY TIME-WAIT 192.168.000.232-80 192.168.020.100-46668 Http 92 CONNECTED ESTABLISHED 192.168.000.232-32184 192.168.000.221-41414 Vs 96 CONNECTED ESTABLISHED 192.168.000.232-32697 192.168.000.221-41415 Vs 106 CONNECTED ESTABLISHED 192.168.000.232-1404 192.168.000.222-41414 Vs 108 CONNECTED ESTABLISHED 192.168.000.232-2430 192.168.000.227-41414 Vs 109 CONNECTED ESTABLISHED 192.168.000.232-2943 192.168.000.228-41414 Vs 110 CONNECTED ESTABLISHED 192.168.000.232-2060 192.168.000.116-39146 Acnt 115 CONNECTED ESTABLISHED 192.168.000.232-3969 192.168.000.228-41415 Vs 116 CONNECTED ESTABLISHED 192.168.000.232-4482 192.168.000.222-41415 Vs 117 CONNECTED ESTABLISHED 192.168.000.232-23 192.168.000.004-26194 Telnet 118 CONNECTED ESTABLISHED 192.168.000.232-5508 192.168.000.227-41415 Vs 141 CONNECTED ESTABLISHED 192.168.000.232-80 192.168.002.028-56437 Http [19:05:53] ABILIS_CPX: [19:05:53] ABILIS_CPX:d d tcp listen -c RES:Tcp ----------------------------------------------------------------------- Transmission_Control_Protocol ------------------------------------------------------------------------ TCP/IP-State LocAdd-LocPort Count ------------------------------------------------------------------------ LISTEN 000.000.000.000-21 5 LISTEN 000.000.000.000-22 6 LISTEN 000.000.000.000-23 5 LISTEN 000.000.000.000-25 8 LISTEN 000.000.000.000-80 35 LISTEN 000.000.000.000-443 40 LISTEN 000.000.000.000-2060 4 [19:07:06] ABILIS_CPX:
Restructured configuration and diagnostics, added CTRL-RES parameter.
[17:22:03] ABILIS_MASTER:d vrrp ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ID: [NAME:] IPRES: VRID: INIT: PRIO: PREEMPT: ADV: AUTH: AUTH-DATA: IP1: HIDE1: DEP-RES: IP2: HIDE2: CTRL-RES: IP3: HIDE3: IP4: HIDE4: ------------------------------------------------------------------------------- 0 Ip-1 130 BACKUP 100 YES 1 NO 192.168.000.204 NO # ------------------------------------------------------------------------------- [17:22:05] ABILIS_MASTER:d vrrp ? D VRRP Display all VRRP Router entries D VRRP filter:val [filter:val] Display any VRRP Router entries matching the specified filters Allowed filters: ID: VRRP Router identifier [0..15] <Optional> NAME: Name of the VRRP Router. From 0 up to 32 ASCII printable characters. <Optional> VRRP Router entry parameter(s): NAME: Name of the VRRP Router. Max 32 ASCII characters. Space not allowed. Note: it is displayed only when not empty. IPRES: IP resource [#, Ip-1..Ip-999] The couple 'IPRES' and 'VRID' must be unique among the table. VRID: Virtual Router Identifier [#, 1..255] The couple 'IPRES' and 'VRID' must be unique among the table. INIT: Initial State of the VRRP Router [BACKUP, MASTER] PRIO: Virtual Router Priority [1..254] PREEMPT: Enable/disable Preempt Mode [NO, YES] ADV: Advertisement Interval [1..100 sec] AUTH: Authentication method [NO, PASSWORD, AH] AUTH-DATA: Authentication key. Max 8 ASCII printable characters. IP1: 1st router IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] IP2: 2nd router IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] IP3: 3rd router IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] IP4: 4th router IP address [#, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] HIDE1: Hide IP1 in RIP and OSPF updates [NO, YES] HIDE2: Hide IP2 in RIP and OSPF updates [NO, YES] HIDE3: Hide IP3 in RIP and OSPF updates [NO, YES] HIDE4: Hide IP4 in RIP and OSPF updates [NO, YES] DEP-RES: VRRP Router dependency IP resources. # or up to 4 IpRes [Ip-nnn] joined using ',' (comma). CTRL-RES: VRRP Router controlled IP resources. # or up to 4 IpRes or IpRes ranges [Ip-nnn or Ip-nnn:nnn] joined using ',' (comma). The controlled IpRes must be unique amonng VRRP routers. Currently supported only subtypes PPP and AIPT2. [17:22:07] ABILIS_MASTER:
Added the possibility to control IpRes of PPP and AIPT2 subtype.
Thanks to this new feature it is possible to enable PPP (and consequently Poecli) and AIPT2 resources in the Abilis which is currently MASTER and leave them disabled in the Abilis currently BACKUP.
When the BACKUP becomes MASTER it will enable the desired PPP or AIPT2 resources.
See below a simplified example where Ip-101 is a PPP/POECLI and is controlled by the master/backup state of Ip-1 LAN interface.
MASTER Abilis, currently in MASTER state, Ip-101 is enabled and UP. [17:14:57] ABILIS_MASTER:d vrrp ------------------------------------------------------------------------------- ID: [NAME:] IPRES: VRID: INIT: PRIO: PREEMPT: ADV: AUTH: AUTH-DATA: IP1: HIDE1: DEP-RES: IP2: HIDE2: CTRL-RES: IP3: HIDE3: IP4: HIDE4: ------------------------------------------------------------------------------- 0 Ip-1 130 BACKUP 200 YES 1 NO 192.168.000.204 NO # # NO Ip-101 ------------------------------------------------------------------------------- [17:14:59] ABILIS_MASTER:d d vrrp RES:Vrrp ---------------------------------------------------------------------- Virtual_Router_Redundancy_Protocol STATE:ACTIVE VRRP-NUM:1 - Virtual Routers diagnostics: ----------------------------------------- Id: Name: Init: Prio: Preempt: IpRes: VRid: State: Time: Auth: Adv: Dep-State: Dep-Res: Ctrl-State: Ctrl-Res: ------------------------------------------------------------------------ 0 BACKUP 200 YES Ip-1 130 MASTER 28/03/2019 14:19:01 NO 1 - UP Ip-101 ------------------------------------------------------------------------ [17:15:05] ABILIS_MASTER:d d ip-101 RES:Ip-101 - IP over PPP (PPP) ------------------------------------------------ STATE:UP LINK-STATE:LINKREADY VRRP-CTRL-STATE:UP CUR-IPADD:010.000.002.001 CUR-MASK:255.255.255.255 OUTBUF:250 S-OUTBUF:1250 CUR-OUTSP:N/A OUTSP-TOUT:N/A INBUF:0 S-INBUF:0 CUR-INSP:N/A INSP-TOUT:N/A SPL-OVERHEAD:PPPoE,ETH - PPP ------------------------------------------------------------------ STATE:UP LCP-PH:NETWORK IPCP-PH:NETWORK LINK:CONNECTED-TO LCP-ST:OPENED IPCP-ST:OPENED CUR-MTU:1492 CUR-MRU:1492 LOC-IP:010.000.002.001/32 LOC-USER: REM-IP:010.000.001.001/32 REM-USER: [17:15:10] ABILIS_MASTER:
BACKUP Abilis, currently in BACKUP state, Ip-101 is disabled. [17:18:17] ABILIS_BACKUP:d vrrp ------------------------------------------------------------------------------- ID: [NAME:] IPRES: VRID: INIT: PRIO: PREEMPT: ADV: AUTH: AUTH-DATA: IP1: HIDE1: DEP-RES: IP2: HIDE2: CTRL-RES: IP3: HIDE3: IP4: HIDE4: ------------------------------------------------------------------------------- 0 Ip-1 130 BACKUP 100 YES 1 NO 192.168.000.204 NO # # NO Ip-101 ------------------------------------------------------------------------------- [17:18:22] ABILIS_BACKUP:d d vrrp RES:Vrrp ---------------------------------------------------------------------- Virtual_Router_Redundancy_Protocol STATE:ACTIVE VRRP-NUM:1 - Virtual Routers diagnostics: ----------------------------------------- Id: Name: Init: Prio: Preempt: IpRes: VRid: State: Time: Auth: Adv: Dep-State: Dep-Res: Ctrl-State: Ctrl-Res: ------------------------------------------------------------------------ 0 BACKUP 100 YES Ip-1 130 BACKUP 28/03/2019 17:15:23 NO 1 - DOWN Ip-101 ------------------------------------------------------------------------ [17:18:25] ABILIS_BACKUP:d d ip-101 RES:Ip-101 - IP over PPP (PPP) ------------------------------------------------ STATE:DOWN LINK-STATE:LINKDOWN VRRP-CTRL-STATE:DOWN CUR-IPADD:N/A CUR-MASK:N/A OUTBUF:250 S-OUTBUF:1250 CUR-OUTSP:N/A OUTSP-TOUT:N/A INBUF:0 S-INBUF:0 CUR-INSP:N/A INSP-TOUT:N/A SPL-OVERHEAD:PPPoE,ETH - PPP ------------------------------------------------------------------ STATE:WAITING LCP-PH:DEAD IPCP-PH:DEAD LINK:READY LCP-ST:INITIAL IPCP-ST:INITIAL CUR-MTU:N/A CUR-MRU:N/A LOC-IP:000.000.000.000 LOC-USER: REM-IP:000.000.000.000 REM-USER: [17:18:43] ABILIS_BACKUP:
Largely improved IPBAN service:
Increase max-items from 3000 to 10000, new default 3000.
Mail parameters now default to SYS (inherited from SYS-MAIL-xxxx of D G)
Increased FIND-TIME default from 10 to 1440 minutes and BAN-TIME from 10 to 10080 minutes. This is because the nowadays attach schemes uses attempts with large delays.
Changed default action from BLOCK to MAIL.
The reason is that the former default BLOCK (current BAN), was not effective due to the short FIND-TIME and BAN-TIME, otoh the new FIND-TIME and BAN-TIME have a much larger impact and therefore their activation must be carefully done.
Also note that configuration created prior to 8.0.0 had default ACTION:NONE, and since many configurations are converted it is also possible that they have ACTION:NONE in configuration.
Added WHITE-LIST:PrivateIpAdd as default value, to be able to always access Abilis from private addresses (192.168.x.x, 172.16-31.x.x, 10.x.x.x)
When configuration is converted from previous versions, if values were still the default ones they will be converted to the new values.
Added ALERTED state. It appears when MAIL without BAN action is used. In this situation an IP address that would be suited for ban is instead just alerted and signalled via mail.
Differently from previous IPBAN implementation now every query during the BANNED condition restarts the BAN-TIME, in this way if the attacker continue the connection attempts it will remain banned.
Here is new IPBAN:
[17:30:45] ABILIS_CPX:d ipban max-items:3000 WDIR:C:\APP\IPBAN\ - IPBAN Mail ------------------------------------------------------------------ MAIL-FROM:SYS (abilis@abilis_cpx_) MAIL-TO:SYS () MAIL-TO-LIST:SYS (#) MAIL-BODY:SYS (STANDARD) MAIL-INTERVAL:3 - IPBAN service defaults ------------------------------------------------------ ACTION:MAIL MAX-FAIL:10 FIND-TIME:1440 BAN-TIME:10080 WHITE-LIST:PrivateIpAdd - IPBAN individual services --------------------------------------------------- ---------+------------+-----------+------------+-----------+------------------- RES: | ACTION: | MAX-FAIL: | FIND-TIME: | BAN-TIME: | WHITE-LIST: ---------+------------+-----------+------------+-----------+------------------- Ssh | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- Telnet | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- CtiSip | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- CtiIax | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- CtiVo | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- Http | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- Ftp | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- Smtp | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- Pop3 | DFT | DFT | DFT | DFT | DFT ---------+------------+-----------+------------+-----------+------------------- [17:30:48] ABILIS_CPX:d ipban ? D IPBAN [[RES:]val] Display IPBAN configuration D IPBAN ALERTED [[RES:]val] Display currently alerted IP addresses D IPBAN BANNED [[RES:]val] Display currently banned IP addresses D IPBAN FOUND [[RES:]val] Display currently found IP addresses RES: Resource type [Telnet, Ssh, CtiSip, CtiIax, Smtp, <Optional> Pop3, Http, Ftp] IPBAN parameters: max-items: Maximal number of simultaneously maneageable IP addresses [1000..10000] WDIR: Directory where IPBAN data file is saved. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 64 chars. Spaces require double quotes (E.g. "C:\My dir\"). MAIL-FROM: E-mail sender [SYS, AUTO, e-mail] - SYS : use System General 'SYS-MAIL-FROM'. - AUTO : a fixed value is used (e.g. ipban@<cp-prompt>). - e-mail : max 128 ASCII characters. Space not allowed. MAIL-TO: E-mail recipients [SYS, empty, e-mail] - SYS : use System General 'SYS-MAIL-TO'. - empty : e-mails are not sent. - e-mail : max 128 ASCII characters. Space not allowed. Multiple recipients must be separated by ',' (comma). MAIL-TO-LIST: E-mail recipients list [SYS, #, TXT list name] - SYS : use System General 'SYS-MAIL-TO-LIST'. MAIL-BODY: E-mail body type [SYS, STANDARD, SMS-LIKE] - SYS : use System General 'SYS-MAIL-BODY'. MAIL-INTERVAL: Minimal interval between notification e-mails [NO, 1..65534 min.] ACTION: Action done when failure limit is reached [NONE, BAN, MAIL] Values can be joined using ',' (comma). MAX-FAIL: Consecutive failures within FIND-TIME that triggers the ACTION [1..255] FIND-TIME: Time interval for counting the consecutive failures [1..10080 min.] BAN-TIME: Duration of the banning [NOMAX, 1..43200 min.] WHITE-LIST: IP addresses that bypass the IPBAN control [#, IP/IR/RU/MR list name] IPBAN service parameters: ACTION: Action done when failure limit is reached [DFT, NONE, BAN, MAIL] Values can be joined using ',' (comma). MAX-FAIL: Consecutive failures within FIND-TIME that triggers the ACTION [DFT, 1..255] FIND-TIME: Time interval for counting the consecutive failures [DFT, 1..10080 min.] BAN-TIME: Duration of the bannig [DFT, NOMAX, 1..43200 min.] WHITE-LIST: IP addresses that bypass the IPBAN control [DFT, #, IP/IR/RU/MR list name] [18:20:58] ABILIS_CPX:
[18:22:50] ABILIS_CPX:d d ipban -----------+----------+ MAX-ITEMS | 3000| CUR-FREE | 2510| CUR-USED | 490| PEAK-USED | 490| OVERFLOW | 0| STATE | NORMAL| -----------+----------+ -----------+-----------+-----------+-----------+ RES: | FOUND | ALERTED | BANNED | -----------+-----------+-----------+-----------+ Ssh | 144| 0| 333| Telnet | 0| 0| 0| CtiSip | 0| 0| 0| CtiIax | 0| 0| 0| CtiVo | 0| 0| 0| Http | 0| 0| 0| Ftp | 0| 0| 0| Smtp | 0| 0| 0| Pop3 | 0| 0| 0| -----------+-----------+-----------+-----------+ TOTAL | 144| 0| 333| -----------+-----------+-----------+-----------+ [18:22:53] ABILIS_CPX:
[18:22:53] ABILIS_CPX:d ipban found ---------+---------------+-----------+-------------+--------------+ | | Failures | Find time |Remaining time| RES | IP | (cur/max) | (min) | (mm:ss) | ---------+---------------+-----------+-------------+--------------+ Ssh 001.192.121.236 1/6 1440 509:13 Ssh 002.101.090.228 1/6 1440 81:45 ... Ssh 216.126.231.139 1/6 1440 1295:32 Ssh 218.061.030.008 1/6 1440 720:31 Ssh 219.135.157.133 1/6 1440 202:09 Ssh 219.151.045.029 1/6 1440 601:55 ---------+---------------+-----------+-------------+--------------+ Found IP addresses:144 [18:23:13] ABILIS_CPX:d ipban alerted ---------+---------------+----------+--------------+--------------+-----------+ | |Alert time|Remaining time| Elapsed time | Queries | RES | IP | (min) | (mm:ss) | (mm:ss) | | ---------+---------------+----------+--------------+--------------+-----------+ *** NO ALERTED IP ADDRESSES *** [18:23:20] ABILIS_CPX:d ipban banned ---------+---------------+----------+--------------+--------------+-----------+ | | Ban time |Remaining time| Elapsed time | Queries | RES | IP | (min) | (mm:ss) | (mm:ss) | | ---------+---------------+----------+--------------+--------------+-----------+ Ssh 001.053.252.162 10080 6565:14 11587:18 31 Ssh 203.230.077.132 10080 8924:57 1155:14 5 ... Ssh 218.060.028.126 10080 7266:47 2813:23 5 Ssh 218.092.000.194 10080 5670:53 4676:56 2670 Ssh 218.092.000.203 10080 5395:38 5060:07 4335 Ssh 218.092.001.130 10080 6453:20 7989:16 4452 Ssh 218.146.168.239 10080 7597:09 13640:20 36 Ssh 219.150.098.002 10080 1977:37 19876:59 7 Ssh 221.160.100.014 10080 8103:03 11934:23 26 Ssh 222.184.072.066 10080 5318:14 4761:56 5 ---------+---------------+----------+--------------+--------------+-----------+ Banned IP addresses:333 [18:23:24] ABILIS_CPX:
Made resource controllable by VRRP.
Largely improved throughput performances thanks to a redesign of the internal UDP interface.
As example, in Abilis base-D (Celeron 1.6 Ghz) without ciphering and compression, the maximal throughput improved from about 500 Mbit/sec to about 830 Mbit/sec using two paths in load balancing.
Largely improved throughput performances thanks to a redesign of the internal UDP interface.
As example, in Abilis base-D (Celeron 1.6 Ghz) without ciphering and compression, the maximal throughput improved from about 350 Mbit/sec to about 700 Mbit/sec using PATH:SINGLE.
Reduced CPU consumption thanks to a redesign of the internal UDP interface.
Removed TCP transport (partial implementation and commonly not required). SIP can use only UDP now.
Due to this removal the user parameter SIP-PROT: has been removed too.
At system boot it is possible that certain internal mails are generated when the network connectivity is not available yet, and thus such mails are placed to the deferred queue for later attempt, typically several minutes after the connectivity is available.
With this new feature the retry is faster (every 30 sec) during the first 10 minutes after boot, thus speeding up the delivery of such initially deferred mails.
Bugfixes in DJ/MJ handling, see bugfix section.
Added parameters DJ/MJ to be used for non-AP-VOIP calls.
Renamed AP-HDPA-DJ/MJ to AP-MOBILE-DJ/MJ.
Renamed link evaluator parameters.
Improved help.
[17:43:54] ABILIS_CPX:d p ctivo RES:CtiVo - Not Saved (SAVE CONF) --------------------------------------------- ------------------------------------------------------------------------ DESCR:CTI_Virtual_Office LOG:NO ACT:YES sesnum:20 volog:DFT vologsize:200 CTIP-TYPE:USER PS-NUM:# CB-DELAY:5 CB-NRTY:1 CB-NUM:# CB-CGO-NUM:# OUTDIAL-DIGIT:SYS (0) CB-AUTO-CDO:# DJ:0 MJ:80 CB-AUTO-CDO-TOUT:2 wdir:C:\APP\VO\ - AP Data Channel Settings --------------------------------------------- ap-channels:10 ap-udp-locport:48484 AP-TOS:0-D AP-IPSRC:* AP-IPSRCLIST:# AP-AUTH-TOUT:20 AP-CONN-TOUT:20 AP-PS-TOUT:20 AP-DTMF-LEN:200 AP-DTMF-SILENCE:100 AP-NOTIFY-HOST:apnotify.abilis.net - AP provisioning ------------------------------------------------------ AP-WIFI-DJ:100 AP-MOBILE-DJ:100 AP-WIFI-MJ:350 AP-MOBILE-MJ:350 AP-CHAT-TLS:NO AP-CHAT-CHECK:10 AP-VOIP-CODERS:G.711,Spirit,G.729A - AP Link Evaluator thresholds to disable VoIP ------------------------- AP-MAX-JITTER:200 AP-AVG-JITTER:100 AP-MAX-PCK-LOSS:5 AP-MAX-JITTER-COUNT:1 AP-AVG-RTT:500 [17:43:58] ABILIS_CPX:d p ctivo ? CtiVo resource parameter(s): DESCR: Resource description. Max 79 chars. Spaces require double quotes (E.g. "str1 str2"). LOG: State changes log and alarm generation [NO, D, S, A, L, T, ALL] [+E] (D: Debug Log; S: System Log; A: Alarm view; L: Local audible alarm; T: SNMP traps; +E: Extended Log of state changes, see ref. manual) ACT: Operation activation [NO, YES] sesnum: Maximum number of simultaneous CTIVO connections toward CTIR [1..255] volog: CtiVo log events filter at system startup [ERR, INFO, DBG] or [DFT, FULL], where: - ERR, INFO, DBG filters can be joined using ',' (comma). - DFT: means ERR and INFO events; - FULL: means every type of event. vologsize: CtiVo log size [20..2000 Kibyte] CTIP-TYPE: CTIP type assigned to CTIVO driver [USER, NET-PRIVATE, NET-PUBLIC] PS-NUM: System default PostSelection number. # or max 20 digits ['0'..'9'] optionally preceded by TON [u, i, n, o, s, h, c] and/or NP [x, e, d, t, l, p] attributes. When #, the parameter is not used. Omitted TON is set it to 'u', omitted NP is set to 'x'. The number will be normalized to 'i' (International) TON, therefore the resulting number length depends from configured International/National prefixes and Country code. Valid E.164 numbers are limited to a maximum of 15 digits. See also HELP ISDN ATTRIBUTES. CB-NUM: System default Callback number. # or max 20 digits ['0'..'9'] optionally preceded by TON [u, i, n, o, s, h, c] and/or NP [x, e, d, t, l, p] attributes. When #, the parameter is not used. Omitted TON is set it to 'u', omitted NP is set to 'x'. The number will be normalized to 'i' (International) TON, therefore the resulting number length depends from configured International/National prefixes and Country code. Valid E.164 numbers are limited to a maximum of 15 digits. See also HELP ISDN ATTRIBUTES. CB-DELAY: Call Back delay [0..60 s] CB-NRTY: Number of Call Back attempts [0..5] CB-CGO-NUM: System default calling number used to perform the callback call. # or max 20 digits ['0'..'9'] optionally preceded by TON [u, i, n, o, s, h, c] and/or NP [x, e, d, t, l, p] and/or PI [a, r, m, q] and/or SI [y, v, w, z] attributes. When #, the parameter is not used. See also HELP ISDN ATTRIBUTES. CB-AUTO-CDO: Blind Callback. This number is automatically called if the callback call goes active and the no DTMF are received within CB-AUTO-CDO-TOUT: seconds. It is also called if the first DTMF received is #. # or max 20 digits ['0'..'9'] optionally preceded by TON [u, i, n, o, s, h, c] and/or NP [x, e, d, t, l, p] attributes. When #, the parameter is not used. Omitted TON is set it to 'u', omitted NP is set to 'x'. See also HELP ISDN ATTRIBUTES. CB-AUTO-CDO-TOUT: Blind Callback. Timeout for DTMF reception after which CB-AUTO-CDO is automatically called [0..10 s] OUTDIAL-DIGIT: This is the prefix required to make external calls. It is passed to Abilisphone for the proper handling of address books, it is also used by CTIVO to contact user at USER-NUM. SYS or empty to disable or max 6 digits ['0'..'9']. When SYS the actual value is taken from OUTDIAL-DIGIT parameter of CTISYS and shown between brackets. DJ: Default jitter buffer for not-AP-VoIP calls [0..1000 ms] MJ: Maximum jitter buffer for not-AP-VoIP calls [0..1000 ms] wdir: Working directory. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\"). ---------- AP Data Channel Settings ------------------------------------------- ap-channels: Maximum number of simultaneous Abilisphone data connections [0..255] ap-udp-locport: Local UDP port for AbilisPhone data connections [1..65535] AP-TOS: TOS or DS field for all AbilisPhone packets: - p-t: PRECEDENCE-TOS, 'p' [0..7], 't' [N, D, T, R, C] - bbbbbb: DS value bit by bit, 'b' [0, 1] AP-IPSRC: Allowed AbilisPhone client's IP address. [*, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] AP-IPSRCLIST: List of further allowed AbilisPhone client's IP addresses [#, IP/IR/RU/MR listname] AP-AUTH-TOUT: Timeout for an unknown AbilisPhone account to authenticate itself [2..255 s] AP-CONN-TOUT: Timeout to check remote connectivity [2..255 s] AP-PS-TOUT: Timeout for a requested postselection to be performed to reach directly the final endpoint [2..255 s] AP-DTMF-LEN: Duration of a DTMF played on DTMF request [40..1000 ms] AP-DTMF-SILENCE: Duration of silence after played DTMF [40..1000 ms] AP-NOTIFY-HOST: The hostname of the notification service to wake up smartphones with abilisphone installed and allow them to receive a voip call or other call infos. FQDN name of max 64 characters in the range ['0'..'9', 'a'..'z', '-', '.' ], optionally followed by a port value [1..65535], separated by colon (E.g. host.net.dom:80 or nn.ddd.com). FQDN name is forced to lower case. ---------- AP provisioning ---------------------------------------------------- AP-WIFI-DJ: Default jitter buffer for VoIP calls in WiFi [0..1000 ms] AP-WIFI-MJ: Maximum jitter buffer for VoIP calls in WiFi [0..1000 ms] AP-MOBILE-DJ: Default jitter buffer for VoIP calls in 3G/4G data [0..1000 ms] AP-MOBILE-MJ: Maximum jitter buffer for VoIP calls in 3G/4G data [0..1000 ms] AP-CHAT-TLS: CHAT server requires TLS [NO, YES] AP-CHAT-CHECK: Interval to force CHAT message download [0..240 min] AP-VOIP-CODERS: VOIP coders [G.711, Spirit, G.729A, G.711A, G.711u]. Values can be joined using ',' (comma). The position in the list defines the preference order. The rightmost value is the one with the lowest preference. ---------- AP Link Evaluator thresholds to disable VoIP ----------------------- AP-MAX-JITTER: Maximum jitter threshold [0..1000 ms] AP-MAX-JITTER-COUNT: Count of AP-MAX-JITTER to disable VoIP [1..255] AP-AVG-JITTER: Average jitter threshold to disable VoIP [0..1000 ms] AP-AVG-RTT: Average Round Trip Time threshold to disable VoIP [0..2000 ms] AP-MAX-PCK-LOSS: Percentage of lost packets to disable VoIP [0..100 %] [17:46:02] ABILIS_CPX:
NAT: value dimtable:1000 is converted to dimtable:2500.
CTIVO: added DJ:0 MJ:80.
IPBAN:
When MAIL-xxx parameters have default values of 8.7 they are converted to default values of 8.8
Value max-items:1000 is converted to max-items:3000
If ACTION, MAX-FAIL, FIND-TIME, BAN-TIME , WHITE LIST have default value of 8.7 they are converted to default values of 8.8.
The END-OF-LIFE resources are automatically removed with all their references.
All bug fix up to 8.7.7 are included in 8.8.0.
Fixed handling of DJ/MJ when VOIP is used for calls to AP.
Added parameters DJ/MJ to be used for non-AP-VOIP calls.
A fixed value 100/250 was improperly used preventing any possibility of using smaller DJ/MJ values in optimal situations.
Fixed jitter buffer handling.
If audio was delivered from CTIR to CELLBOXC/CELLKEY during the initial dial/alert phase the audio was kept inside the jitter buffer up to the MJ value, causing a persistent MJ delay once the connection went active.
This situation was frequent when AtoC + AtoV connections were used for virtual office callback, but it was possible also in other cases like CtoC and StoV, when V was a CELLBOX/CELLKEY.
Now the packets are timely used, and when state is changed to ACTIVE the jitter buffer is also reset.
Modified the response to out-of-dialog OPTIONS method with 'Max-Forwards:0' to normal '405 Method Not Allowed' instead of wrong '483 Too Many Hops' one.
Added protection against missing Audio Parameters IE since it caused an exception and restart.
It happened when trying to send a SIP call to CtiSlink.
Added protection against missing Audio Parameters IE since it caused an exception and restart.
It happened when trying to send a IAX call to CtiSlink.
Fixed handling of terminate request handling.
In some uncommon cases a bug could be triggered leaving PPP in an inconsistent state, and impossible to reconnect until a INIT command is used.
Fixed a bug that caused to ignore PADT if the Access Concentrator reuses the same session identifier multiple times.
Fixed a bug that caused the missed update of HIDE: filed in the IPR table after INIT command (it worked only for IpRes subtype PPP).
It has been discovered that FRAG:ABILIS and FRAG:FRF12 has a bug in encapsulation and fragmentation handling. The bug is fixed in 8.8.1.
Copyright © Abilis